After segmenting the network, the network manager wants to control the traffic between the segments. Which
of the following should the manager use to control the network traffic?


A. A perimeter network
B. A VPN
C. A VLAN
D. An ACL

An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or
data theft. Which of the following would be the MOST acceptable?


A. SED
B. HSM
C. DLP
D. TPM

The manager who is responsible for a data set has asked a security engineer to apply encryption to the data on
a hard disk. The security engineer is an example of a __________.


A. data controller.
B. data owner.
C. data custodian.
D. data processor.

A company recently experienced a data breach and the source was determined to be an executive who was
charging a phone in a public area. Which of the following would MOST likely have prevented this breach?


A. A firewall
B. A device pin
C. A USB data blocker
D. Biometrics

The compliance team requires an annual recertification of privileged and non-privileged user access. However,
multiple users who left the company six months ago still have access. Which of the following would have
prevented this compliance violation?


A. Account audits
B. AUP
C. Password reuse
D. SSO

A company wants to modify its current backup strategy to minimize the number of backups that would need to
be restored in case of data loss. Which of the following would be the BEST backup strategy to implement?


A. Incremental backups followed by differential backups
B. Full backups followed by incremental backups
C. Delta backups followed by differential backups
D. Incremental backups followed by delta backups
E. Full backups followed by differential backups

A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company
information on user devices. Which of the following solutions would BEST support the policy?


A. Mobile device management
B. Full-device encryption
C. Remote wipe
D. Biometrics

A new plug-and-play storage device was installed on a PC in the corporate environment. Which of the following
safeguards will BEST help to protect the PC from malicious files on the storage device?


A. Change the default settings on the PC.
B. Define the PC firewall rules to limit access.
C. Encrypt the disk on the storage device.
D. Plug the storage device in to the UPS.

A company has a flat network that is deployed in the cloud. Security policy states that all production and
development servers must be segmented. Which of the following should be used to design the network to meet
the security requirements?


A. CASB
B. VPC
C. Perimeter network
D. WAF

During a security incident investigation, an analyst consults the company's SIEM and sees an event concerning
high traffic to a known, malicious command-and-control server. The analyst would like to determine the number
of company workstations that may be impacted by this issue. Which of the following can provide this
information?


A. WAF logs
B. DNS logs
C. System logs
D. Application logs