An organization is tuning SIEM rules based off of threat intelligence reports. Which of the following phases of
the incident response process does this scenario represent?


A. Lessons learned
B. Eradication
C. Recovery
D. Preparation

During a recent security incident at a multinational corporation a security analyst found the following logs for an account called user:

Which of the following account policies would BEST prevent attackers from logging in as user?

A. Impossible travel time
B. Geofencing
C. Time-based logins
D. Geolocation

A company is implementing BYOD and wants to ensure all users have access to the same cloud-based
services. Which of the following would BEST allow the company to meet this requirement?


A. IaaS
B. PaaS
C. MaaS
D. SaaS

A well-known organization has been experiencing attacks from APTs. The organization is concerned that
custom malware is being created and emailed into the company or installed on USB sticks that are dropped in
parking lots. Which of the following is the BEST defense against this scenario?


A. Configuring signature-based antivirus to update every 30 minutes
B. Enforcing S/MIME for email and automatically encrypting USB drives upon insertion
C. Implementing application execution in a sandbox for unknown software
D. Fuzzing new files for vulnerabilities if they are not digitally signed

Which of the following should an organization consider implementing in the event executives need to speak to
the media after a publicized data breach?


A. Incident response plan
B. Business continuity plan
C. Communication plan
D. Disaster recovery plan

A Chief Security Officer is looking for a solution that can reduce the occurrence of customers receiving errors
from back-end infrastructure when systems go offline unexpectedly. The security architect would like the
solution to help maintain session persistence. Which of the following would BEST meet the requirements?


A. Reverse proxy
B. NIC teaming
C. Load balancer
D. Forward proxy

A security administrator is trying to determine whether a server is vulnerable to a range of attacks. After using a tool, the administrator obtains the following output:

Which of the following attacks was successfully implemented based on the output?

A. Memory leak
B. Race conditions
C. SQL injection
D. Directory traversal

A security analyst has been tasked with creating a new WiFi network for the company. The requirements
received by the analyst are as follows:
Must be able to differentiate between users connected to WiFi
The encryption keys need to change routinely without interrupting the users or forcing reauthentication
Must be able to integrate with RADIUS
Must not have any open SSIDs
Which of the following options BEST accommodates these requirements?


A. WPA2-Enterprise
B. WPA3-PSK
C. 802.11n
D. WPS

Which of the following typically uses a combination of human and artificial intelligence to analyze event data
and take action without intervention?


A. TTP
B. OSINT
C. SOAR
D. SIEM

A Chief Executive Officer's (CEO) personal information was stolen in a social-engineering attack. Which of the
following sources would reveal if the CEO's personal information is for sale?


A. Automated information sharing
B. Open-source intelligence
C. The dark web
D. Vulnerability databases