During a recent security assessment, a vulnerability was found in a common OS. The OS vendor was unaware
of the issue and promised to release a patch within the next quarter. Which of the following BEST describes
this type of vulnerability?


A. Legacy operating system
B. Weak configuration
C. Zero day
D. Supply chain

Which of the following documents provides guidance regarding the recommended deployment of network
security systems from the manufacturer?


A. Cloud control matrix
B. Reference architecture
C. NIST RMF
D. CIS Top 20

An organization's Chief Security Officer (CSO) wants to validate the business's involvement in the incident
response plan to ensure its validity and thoroughness. Which of the following will the CSO MOST likely use?


A. An external security assessment
B. A bug bounty program
C. A tabletop exercise
D. A red-team engagement

Which of the following holds staff accountable while escorting unauthorized personnel?


A. Locks
B. Badges
C. Cameras
D. Visitor logs

A security analyst is tasked with classifying data to be stored on company servers. Which of the following
should be classified as proprietary?


A. Customers' dates of birth
B. Customers' email addresses
C. Marketing strategies
D. Employee salaries

Which of the following supplies non-repudiation during a forensics investigation?


A. Dumping volatile memory contents first
B. Duplicating a drive with dd
C. Using a SHA-2 signature of a drive image
D. Logging everyone in contact with evidence
E. Encrypting sensitive data

A website developer is working on a new e-commerce website and has asked an information security expert for
the most appropriate way to store credit card numbers to create an easy reordering process. Which of the
following methods would BEST accomplish this goal?


A. Salting the magnetic strip information
B. Encrypting the credit card information in transit
C. Hashing the credit card numbers upon entry
D. Tokenizing the credit cards in the database

A network administrator is concerned about users being exposed to malicious content when accessing
company cloud applications. The administrator wants to be able to block access to sites based on the AUP.
The users must also be protected because many of them work from home or at remote locations, providing on-
site customer support. Which of the following should the administrator employ to meet these criteria?


A. Implement NAC.
B. Implement an SWG.
C. Implement a URL filter.
D. Implement an MDM.

During a security assessment, a security analyst finds a file with overly permissive permissions. Which of the
following tools will allow the analyst to reduce the permissions for the existing users and groups and remove the
set-user-ID bit from the file?


A. ls
B. chflags
C. chmod
D. lsof
E. setuid

Which of the following techniques eliminates the use of rainbow tables for password cracking?


A. Hashing
B. Tokenization
C. Asymmetric encryption
D. Salting