A penetration tester is brought on site to conduct a full attack simulation at a hospital. The penetration tester
notices a WAP that is hanging from the drop ceiling by its cabling and is reachable. Which of the following
recommendations would the penetration tester MOST likely make given this observation?


A. Employ a general contractor to replace the drop-ceiling tiles.
B. Place the network cabling inside a secure conduit.
C. Secure the access point and cabling inside the drop ceiling.
D. Utilize only access points that have internal antennas

Which of the following concepts BEST describes tracking and documenting changes to software and managing
access to files and systems?


A. Version control
B. Continuous monitoring
C. Stored procedures
D. Automation

A security analyst is reviewing the following output from a system:

Which of the following is MOST likely being observed?

A. ARP poisoning
B. Man in the middle
C. Denial of service
D. DNS poisoning

A user reports constant lag and performance issues with the wireless network when working at a local coffee shop. A security analyst walks the user through an installation of Wireshark and gets a five-minute pcap to analyze. The analyst observes the following output:

Which of the following attacks does the analyst MOST likely see in this packet capture?

A. Session replay
B. Evil twin
C. Bluejacking
D. ARP poisoning

A recent phishing campaign resulted in several compromised user accounts. The security incident response
team has been tasked with reducing the manual labor of filtering through all the phishing emails as they arrive
and blocking the sender's email address, along with other time-consuming mitigation actions. Which of the
following can be configured to streamline those tasks?


A. SOAR playbook
B. MDM policy
C. Firewall rules
D. URL filter
E. SIEM data collection

A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are
currently available to resolve the issue. The security administrator is concerned that servers in the company's
perimeter network will be vulnerable to external attack; however, the administrator cannot disable the service
on the servers, as SMB is used by a number of internal systems and applications on the LAN. Which of the
following TCP ports should be blocked for all external inbound connections to the perimeter network as a
workaround to protect the servers? (Choose two.)


A. 135
B. 139
C. 143
D. 161
E. 443
F. 445

A worldwide manufacturing company has been experiencing email account compromises. In one incident, a
user logged in from the corporate office in France, but then seconds later, the same user account attempted a
login from Brazil. Which of the following account policies would BEST prevent this type of attack?


A. Network location
B. Impossible travel time
C. Geolocation
D. Geofencing

Which of the following is MOST likely to contain ranked and ordered information on the likelihood and potential
impact of catastrophic events that may affect business processes and systems, while also highlighting the
residual risks that need to be managed after mitigating controls have been implemented?


A. An RTO report
B. A risk register
C. A business impact analysis
D. An asset value register
E. A disaster recovery plan

Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data
processors?


A. SSAE SOC 2
B. PCI DSS
C. GDPR
D. ISO 31000

The new Chief Information Security Officer at a company has asked the security team to implement stronger
user account policies. The new policies require:
Users to choose a password unique to their last ten passwords
Users to not log in from certain high-risk countries
Which of the following should the security team implement? (Choose two.)


A. Password complexity
B. Password history
C. Geolocation
D. Geofencing
E. Geotagging
F. Password reuse