A security analyst needs to implement security features across smartphones, laptops, and tablets. Which of the
following would be the MOST effective across heterogeneous platforms?


A. Enforcing encryption
B. Deploying GPOs
C. Removing administrative permissions
D. Applying MDM software

A company is working on mobile device security after a report revealed that users granted non-verified software
access to corporate data. Which of the following is the MOST effective security control to mitigate this risk?


A. Block access to application stores
B. Implement OTA updates
C. Update the BYOD policy
D. Deploy a uniform firmware

A user received an SMS on a mobile phone that asked for bank details. Which of the following social-
engineering techniques was used in this case?


A. SPIM
B. Vishing
C. Spear phishing
D. Smishing

The concept of connecting a user account across the systems of multiple enterprises is BEST known as:


A. federation.
B. a remote access policy.
C. multifactor authentication.
D. single sign-on.

A company recently decided to allow its employees to use their personally owned devices for tasks like
checking email and messaging via mobile applications. The company would like to use MDM, but employees
are concerned about the loss of personal data. Which of the following should the IT department implement to
BEST protect the company against company data loss while still addressing the employees' concerns?


A. Enable the remote-wiping option in the MDM software in case the phone is stolen.
B. Configure the MDM software to enforce the use of PINs to access the phone.
C. Configure MDM for FDE without enabling the lock screen.
D. Perform a factory reset on the phone before installing the company's applications.

While investigating a recent security incident, a security analyst decides to view all network connections on a
particular server. Which of the following would provide the desired information?


A. arp
B. nslookup
C. netstat
D. nmap

An administrator is configuring a firewall rule set for a subnet to only access DHCP, web pages, and SFTP, and
to specifically block FTP. Which of the following would BEST accomplish this goal?


A. [Permission Source Destination Port]
Allow: Any Any 80
Allow: Any Any 443
Allow: Any Any 67
Allow: Any Any 68
Allow: Any Any 22
Deny: Any Any 21
Deny: Any Any

B. [Permission Source Destination Port]
Allow: Any Any 80
Allow: Any Any 443
Allow: Any Any 67
Allow: Any Any 68
Deny: Any Any 22
Allow: Any Any 21
Deny: Any Any

C. [Permission Source Destination Port]
Allow: Any Any 80
Allow: Any Any 443
Allow: Any Any 22
Deny: Any Any 67
Deny: Any Any 68
Deny: Any Any 21
Allow: Any Any

D. [Permission Source Destination Port]
Allow: Any Any 80
Allow: Any Any 443
Deny: Any Any 67
Allow: Any Any 68
Allow: Any Any 22
Allow: Any Any 21
Allow: Any Any

A security analyst needs to produce a document that details how a security incident occurred, the steps that
were taken for recovery, and how future incidents can be avoided. During which of the following stages of the
response process will this activity take place?


A. Recovery
B. Identification
C. Lessons learned
D. Preparation

An analyst is trying to identify insecure services that are running on the internal network. After performing a port
scan, the analyst identifies that a server has some insecure services enabled on default ports. Which of the
following BEST describes the services that are currently running and the secure alternatives for replacing
them? (Choose three.)


A. SFTP, FTPS
B. SNMPv2, SNMPv3
C. HTTP, HTTPS
D. TFTP, FTP
E. SNMPv1, SNMPv2
F. Telnet, SSH
G. TLS, SSL
H. POP, IMAP
I. Login, rlogin

During an incident response process involving a laptop, a host was identified as the entry point for malware.
The management team would like to have the laptop restored and given back to the user. The cybersecurity
analyst would like to continue investigating the intrusion on the host. Which of the following would allow the
analyst to continue the investigation and also return the laptop to the user as soon as possible?


A. dd
B. memdump
C. tcpdump
D. head