Ann, a customer, received a notification from her mortgage company stating her PII may be shared with
partners, affiliates, and associates to maintain day-to-day business operations. Which of the following
documents did Ann receive?


A. An annual privacy notice
B. A non-disclosure agreement
C. A privileged-user agreement
D. A memorandum of understanding

Which of the following would be the BEST resource for a software developer who is looking to improve secure
coding practices for web applications?


A. OWASP
B. Vulnerability scan results
C. NIST CSF
D. Third-party libraries

Which of the following BEST describes data streams that are compiled through artificial intelligence that
provides insight on current cyberintrusions, phishing, and other malicious cyberactivity?


A. Intelligence fusion
B. Review reports
C. Log reviews
D. Threat feeds

A security team discovered a large number of company-issued devices with non-work-related software
installed. Which of the following policies would MOST likely contain language that would prohibit this activity?


A. NDA
B. BPA
C. AUP
D. SLA

A security administrator needs to block a TCP connection using the corporate firewall. Because this connection
is potentially a threat, the administrator does not want to send back an RST. Which of the following actions in
the firewall rule would work BEST?


A. Drop
B. Reject
C. Log alert
D. Permit

Which of the following is an example of risk avoidance?


A. Installing security updates directly in production to expedite vulnerability fixes
B. Buying insurance to prepare for financial loss associated with exploits
C. Not installing new software to prevent compatibility errors
D. Not taking preventive measures to stop the theft of equipment

The technology department at a large global company is expanding its Wi-Fi network infrastructure at the
headquarters building. Which of the following should be closely coordinated between the technology,
cybersecurity, and physical security departments? Select 1


A. Authentication protocol
B. Encryption type
C. WAP placement
D. VPN configuration

Which of the following can reduce vulnerabilities by avoiding code reuse?


A. Memory management
B. Stored procedures
C. Normalization
D. Code obfuscation

Which of the following involves the inclusion of code in the main codebase as soon as it is written?


A. Continuous monitoring
B. Continuous deployment
C. Continuous validation
D. Continuous integration

A security analyst notices that specific files are being deleted each time a systems administrator is on vacation.
Which of the following BEST describes the type of malware that is running?


A. Fileless virus
B. Logic bomb
C. Keylogger
D. Ransomware