Physical access to the organization's servers in the data center requires entry and exit through multiple access
points: a lobby, an access control vestibule, three doors leading to the server floor, a door to the server floor
itself, and eventually to a caged area solely for the organization's hardware. Which of the following controls is
described in this scenario?


A. Compensating
B. Deterrent
C. Preventive
D. Detective

An information security manager for an organization is completing a PCI DSS self-assessment for the first time.
Which of the following is the MOST likely reason for this type of assessment?


A. An international expansion project is currently underway.
B. Outside consultants utilize this tool to measure security maturity.
C. The organization is expecting to process credit card information.
D. A government regulator has requested this audit to be completed.

A security analyst reviews web server logs and notices the following lines:

Which of the following vulnerabilities has the attacker exploited? (Choose two.)


A. Race condition
B. LFI
C. Pass the hash
D. XSS
E. RFI
F. Directory traversal

After installing a patch on a security appliance, an organization realized a massive data exfiltration had
occurred. Which of the following BEST describes the incident?


A. Supply chain attack
B. Ransomware attack
C. Cryptographic attack
D. Password attack

A security analyst is reviewing the output of a web server log and notices a particular account is attempting to transfer large amounts of money:

Which of the following types of attacks is MOST likely being conducted?


A. SQLi
B. CSRF
C. Spear phishing
D. API

Audit logs indicate an administrative account that belongs to a security engineer has been locked out multiple
times during the day. The security engineer has been on vacation for a few days. Which of the following attacks
can the account lockout be attributed to?


A. Backdoor
B. Brute-force
C. Rootkit
D. Trojan

A company uses specially configured workstations for any work that requires administrator privileges to its Tier
0 and Tier 1 systems. The company follows a strict process to harden systems immediately upon delivery. Even
with these strict security measures in place, an incident occurred from one of the workstations. The root cause
appears to be that the SoC was tampered with or replaced. Which of the following MOST likely occurred?


A. Fileless malware
B. A downgrade attack
C. A supply-chain attack
D. A logic bomb
E. Misconfigured BIOS

A user enters a password to log in to a workstation and is then prompted to enter an authentication code.
Which of the following MFA factors or attributes are being utilized in the authentication process? (Choose two.)


A. Something you know
B. Something you have
C. Somewhere you are
D. Someone you know
E. Something you are
F. Something you can do

During a Chief Information Security Officer (CISO) convention to discuss security awareness, the attendees are
provided with a network connection to use as a resource. As the convention progresses, one of the attendees
starts to notice delays in the connection, and the HTTPS site requests are reverting to HTTP. Which of the
following BEST describes what is happening?


A. Birthday collision on the certificate key
B. DNS hijacking to reroute traffic
C. Brute force to the access point
D. A SSL/TLS downgrade

Employees at a company are receiving unsolicited text messages on their corporate cell phones. The
unsolicited text messages contain a password reset link. Which of the following attacks is being used to target
the company?


A. Phishing
B. Vishing
C. Smishing
D. Spam