An organization is concerned about hackers potentially entering a facility and plugging in a remotely accessible
Kali Linux box. Which of the following should be the first lines of defense against such an attack? (Choose two.)


A. MAC filtering
B. Zero trust segmentation
C. Network access control
D. Access control vestibules
E. Guards
F. Bollards

Which of the following will provide the BEST physical security countermeasures to stop intruders? (Choose
two.)


A. Alarms
B. Signage
C. Lighting
D. Access control vestibules
E. Fencing
F. Sensors

Which of the following social engineering attacks BEST describes an email that is primarily intended to mislead
recipients into forwarding the email to others?


A. Hoaxing
B. Pharming
C. Watering-hole
D. Phishing

Which of the following scenarios BEST describes a risk reduction technique?


A. A security control objective cannot be met through a technical change, so the company purchases
insurance and is no longer concerned about losses from data breaches.

B. A security control objective cannot be met through a technical change, so the company implements a policy
to train users on a more secure method of operation.

C. A security control objective cannot be met through a technical change, so the company performs regular
audits to determine if violations have occurred.

D. A security control objective cannot be met through a technical change, so the Chief Information Officer
decides to sign off on the risk.

An organization has expanded its operations by opening a remote office. The new office is fully furnished with
office resources to support up to 50 employees working on any given day. Which of the following VPN solutions
would BEST support the new office?


A. Always-on
B. Remote access
C. Site-to-site
D. Full tunnel

If a current private key is compromised, which of the following would ensure it cannot be used to decrypt all
historical data?


A. Perfect forward secrecy
B. Elliptic-curve cryptography
C. Key stretching
D. Homomorphic encryption

Which of the following secure application development concepts aims to block verbose error messages from
being shown in a user's interface?


A. OWASP
B. Obfuscation/camouflage
C. Test environment
D. Prevention of information exposure

An organization would like to remediate the risk associated with its cloud service provider not meeting its
advertised 99.999% availability metrics. Which of the following should the organization consult for the exact
requirements for the cloud provider?


A. SLA
B. BPA
C. NDA
D. MOU

A company is launching a website in a different country in order to capture user information that a marketing
business can use. The company itself will not be using the information. Which of the following roles is the
company assuming?


A. Data owner
B. Data processor
C. Data steward
D. Data collector

A security analyst is reviewing logs on a server and observes the following output:

Which of the following is the security analyst observing?

A. A rainbow table attack
B. A password-spraying attack
C. A dictionary attack
D. A keylogger attack