A security policy states that common words should not be used as passwords. A security auditor was able to
perform a dictionary attack against corporate credentials. Which of the following controls was being violated?


A. Password complexity
B. Password history
C. Password reuse
D. Password length

Security analysts are conducting an investigation of an attack that occurred inside the organization's network.
An attacker was able to collect network traffic between workstations throughout the network. The analysts review the following logs:

The Layer 2 address table has hundreds of entries similar to the ones above. Which of the following attacks
has MOST likely occurred?

A. SQL injection
B. DNS spoofing
C. MAC flooding
D. ARP poisoning

A company needs to validate its updated incident response plan using a real-world scenario that will test
decision points and relevant incident response actions without interrupting daily operations. Which of the
following would BEST meet the company's requirements?


A. Red-team exercise
B. Capture-the-flag exercise
C. Tabletop exercise
D. Phishing exercise

A help desk technician receives an email from the Chief Information Officer (CIO) asking for documents. The
technician knows the CIO is on vacation for a few weeks. Which of the following should the technician do to
validate the authenticity of the email?


A. Check the metadata in the email header of the received path in reverse order to follow the email's path.
B. Hover the mouse over "From:" display name to verify the email address.
C. Look at the metadata in the email header and verify the "From:" line matches the CIO's email address.
D. Forward the email to the CIO and ask if the CIO sent the email requesting the documents.

Which of the following is the MOST relevant security check to be performed before embedding third-party
libraries in developed code?


A. Check to see if the third party has resources to create dedicated development and staging environments.
B. Verify the number of companies that downloaded the third-party code and the number of contributions on
the code repository.
C. Assess existing vulnerabilities affecting the third-party code and the remediation efficiency of the libraries'
developers.
D. Read multiple penetration-testing reports for environments running software that reused the library.

A company labeled some documents with the public sensitivity classification. This means the documents can
be accessed by:


A. employees of other companies and the press.
B. all members of the department that created the documents.
C. only the company's employees and those listed in the document.
D. only the individuals listed in the documents.

A security analyst is evaluating solutions to deploy an additional layer of protection for a web application. The
goal is to allow only encrypted communications without relying on network devices. Which of the following can
be implemented?


A. HTTP security header
B. DNSSEC implementation
C. SRTP
D. S/MIME

A recent audit cited a risk involving numerous low-criticality vulnerabilities created by a web application using a
third-party library. The development staff state there are still customers using the application even though it is
end of life and it would be a substantial burden to update the application for compatibility with more secure
libraries. Which of the following would be the MOST prudent course of action?


A. Accept the risk if there is a clear road map for timely decommission.
B. Deny the risk due to the end-of-life status of the application.
C. Use containerization to segment the application from other applications to eliminate the risk.
D. Outsource the application to a third-party developer group.

A routine audit of medical billing claims revealed that several claims were submitted without the subscriber's
knowledge. A review of the audit logs for the medical billing company's system indicated a company employee
downloaded customer records and adjusted the direct deposit information to a personal bank account. Which of
the following does this action describe?


A. Insider threat
B. Social engineering
C. Third-party risk
D. Data breach

A tax organization is working on a solution to validate the online submission of documents. The solution should
be carried on a portable USB device that should be inserted on any computer that is transmitting a transaction
securely. Which of the following is the BEST certificate for these requirements?


A. User certificate
B. Self-signed certificate
C. Computer certificate
D. Root certificate