An attacker replaces a digitally signed document with another version that goes unnoticed. Upon reviewing the
document's contents, the author notices some additional verbiage that was not originally in the document but
cannot validate an integrity issue. Which of the following attacks was used?


A. Cryptomalware
B. Hash substitution
C. Collision
D. Phishing

While reviewing pcap data, a network security analyst is able to locate plaintext usernames and passwords
being sent from workstations to network switches. Which of the following is the security analyst MOST likely
observing?


A. SNMP traps
B. A Telnet session
C. An SSH connection
D. SFTP traffic

A vulnerability has been discovered and a known patch to address the vulnerability does not exist. Which of the
following controls works BEST until a proper fix is released?


A. Detective
B. Compensating
C. Deterrent
D. Corrective

A security administrator suspects there may be unnecessary services running on a server. Which of the
following tools will the administrator MOST likely use to confirm the suspicions?


A. Nmap
B. Wireshark
C. Autopsy
D. DNSEnum

A network engineer is troubleshooting wireless network connectivity issues that were reported by users. The
issues are occurring only in the section of the building that is closest to the parking lot. Users are intermittently
experiencing slow speeds when accessing websites and are unable to connect to network drives. The issues
appear to increase when laptop users return to their desks after using their devices in other areas of the
building. There have also been reports of users being required to enter their credentials on web pages in order
to gain access to them. Which of the following is the MOST likely cause of this issue?


A. An external access point is engaging in an evil-twin attack.
B. The signal on the WAP needs to be increased in that section of the building.
C. The certificates have expired on the devices and need to be reinstalled.
D. The users in that section of the building are on a VLAN that is being blocked by the firewall

Which of the following would be used to find the MOST common web-application vulnerabilities?


A. OWASP
B. MITRE ATT&CK
C. Cyber Kill Chain
D. SDLC

A company deployed a WiFi access point in a public area and wants to harden the configuration to make it
more secure. After performing an assessment, an analyst identifies that the access point is configured to use
WPA3, AES, WPS, and RADIUS. Which of the following should the analyst disable to enhance the access point
security?


A. WPA3
B. AES
C. RADIUS
D. WPS

Joe, an employee, receives an email stating he won the lottery. The email includes a link that requests a name,
mobile phone number, address, and date of birth be provided to confirm Joe's identity before sending him the
prize. Which of the following BEST describes this type of email?


A. Spear phishing
B. Whaling
C. Phishing
D. Vishing

A security analyst discovers that a company's username and password database was posted on an Internet
forum. The usernames and passwords are stored in plain text. Which of the following would mitigate the
damage done by this type of data exfiltration in the future?


A. Create DLP controls that prevent documents from leaving the network.
B. Implement salting and hashing.
C. Configure the web content filter to block access to the forum.
D. Increase password complexity requirements.

A security analyst is investigating an incident to determine what an attacker was able to do on a compromised laptop. The analyst reviews the following SIEM log:

Which of the following describes the method that was used to compromise the laptop?

A. An attacker was able to move laterally from PC1 to PC2 using a pass-the-hash attack.
B. An attacker was able to bypass application whitelisting by emailing a spreadsheet attachment with an
embedded PowerShell in the file.
C. An attacker was able to install malware to the C:asdf234 folder and use it to gain administrator rights and
launch Outlook.
D. An attacker was able to phish user credentials successfully from an Outlook user profile