Which of the following is an administrative control that would be MOST effective to reduce the occurrence of
malware execution?


A. Security awareness training
B. Frequency of NIDS updates
C. Change control procedures
D. EDR reporting cycle

A security team is engaging a third-party vendor to do a penetration test of a new proprietary application prior to
its release. Which of the following documents would the third-party vendor MOST likely be required to review
and sign?


A. SLA
B. NDA
C. MOU
D. AUP

A security analyst receives a SIEM alert that someone logged in to the appadmin test account, which is only used for the early detection of attacks. The security analyst then reviews the following application log:

Which of the following can the security analyst conclude?


A. A replay attack is being conducted against the application.
B. An injection attack is being conducted against a user authentication system.
C. A service account password may have been changed, resulting in continuous failed logins within the
application.
D. A credentialed vulnerability scanner attack is testing several CVEs against the application.

An organization is moving away from the use of client-side and server-side certificates for EAP. The company
would like for the new EAP solution to have the ability to detect rogue access points. Which of the following
would accomplish these requirements?


A. PEAP
B. EAP-FAST
C. EAP-TLS
D. EAP-TTLS

An attacker is trying to gain access by installing malware on a website that is known to be visited by the target
victims. Which of the following is the attacker MOST likely attempting?


A. A spear-phishing attack
B. A watering-hole attack
C. Typo squatting
D. A phishing attack

The help desk has received calls from users in multiple locations who are unable to access core network
services. The network team has identified and turned off the network switches using remote commands. Which
of the following actions should the network team take NEXT?


A. Disconnect all external network connections from the firewall.
B. Send response teams to the network switch locations to perform updates.
C. Turn on all the network switches by using the centralized management software.
D. Initiate the organization's incident response plan.

A security analyst is reviewing the latest vulnerability scan report for a web server following an incident. The
vulnerability report showed no concerning findings. The vulnerability that was used to exploit the server is
present in historical vulnerability scan reports, and a patch is available for the vulnerability. Which of the
following is the MOST likely cause?


A. Security patches failed to install due to a version incompatibility.
B. An adversary altered the vulnerability scan reports.
C. A zero-day vulnerability was used to exploit the web server.
D. The scan resulted in a false negative for the vulnerability.

While preparing a software inventory report, a security analyst discovers an unauthorized program installed on
most of the company's servers. The program utilizes the same code signing certificate as an application
deployed to only the accounting team. After removing the unauthorized program, which of the following
mitigations should the analyst implement to BEST secure the server environment?


A. Revoke the code signing certificate used by both programs.
B. Block all unapproved file hashes from installation
C. Add the accounting application file hash to the allowed list.
D. Update the code signing certificate for the approved application.

A major manufacturing company updated its internal infrastructure and just recently started to allow OAuth
applications to access corporate data. Data leakage is now being reported. Which of the following MOST likely
caused the issue?


A. Privilege creep
B. Unmodified default settings
C. TLS protocol vulnerabilities
D. Improper patch management

A network manager is concerned that business may be negatively impacted if the firewall in its data center goes
offline. The manager would like to implement a high availability pair to:


A. decrease the mean time between failures.
B. remove the single point of failure.
C. cut down the mean time to repair.
D. reduce the recovery time objective.