A web server has been compromised due to a ransomware attack. Further investigation reveals the
ransomware has been in the server for the past 72 hours. The systems administrator needs to get the services
back up as soon as possible. Which of the following should the administrator use to restore services to a
secure state?


A. The last incremental backup that was conducted 72 hours ago
B. The last known-good configuration
C. The last full backup that was conducted seven days ago
D. The baseline OS configuration

A user's account is constantly being locked out. Upon further review, a security analyst found the following in the SIEM:

Which of the following describes what is occurring?

A. An attacker is utilizing a password-spraying attack against the account.
B. An attacker is utilizing a dictionary attack against the account.
C. An attacker is utilizing a brute-force attack against the account.
D. An attacker is utilizing a rainbow table attack against the account.

Which of the following processes will eliminate data using a method that will allow the storage device to be
reused after the process is complete?


A. Pulverizing
B. Overwriting
C. Shredding
D. Degaussing

A security analyst is tasked with defining the "something you are" factor of the company's MFA settings. Which
of the following is BEST to use to complete the configuration?


A. Gait analysis
B. Vein
C. Soft token
D. HMAC-based, one-time password

A company is moving its retail website to a public cloud provider. The company wants to tokenize credit card
data but not allow the cloud provider to see the stored credit card information. Which of the following would
BEST meet these objectives?


A. WAF
B. CASB
C. VPN
D. TLS

Which of the following is a policy that provides a greater depth and breadth of knowledge across an
organization?


A. Asset management policy
B. Separation of duties policy
C. Acceptable use policy
D. Job rotation policy

A systems engineer wants to leverage a cloud-based architecture with low latency between network-connected
devices that also reduces the bandwidth that is required by performing analytics directly on the endpoints.
Which of the following would BEST meet the requirements? (Choose two.)


A. Private cloud
B. SaaS
C. Hybrid cloud
D. IaaS
E. DRaaS
F. Fog computing

Which of the following BEST describes the process of documenting who has access to evidence?


A. Order of volatility
B. Chain of custody
C. Non-repudiation
D. Admissibility

Which of the following is a known security risk associated with data archives that contain financial information?


A. Data can become a liability if archived longer than required by regulatory guidance.
B. Data must be archived off-site to avoid breaches and meet business requirements.
C. Companies are prohibited from providing archived data to e-discovery requests.
D. Unencrypted archives should be preserved as long as possible and encrypted.

A security analyst is reviewing the vulnerability scan report for a web server following an incident. The
vulnerability that was used to exploit the server is present in historical vulnerability scan reports, and a patch is
available for the vulnerability. Which of the following is the MOST likely cause?


A. Security patches were uninstalled due to user impact.
B. An adversary altered the vulnerability scan reports
C. A zero-day vulnerability was used to exploit the web server
D. The scan reported a false negative for the vulnerability