A SOC operator is receiving continuous alerts from multiple Linux systems indicating that unsuccessful SSH
attempts to a functional user ID have been attempted on each one of them in a short period of time. Which of
the following BEST explains this behavior?


A. Rainbow table attack
B. Password spraying
C. Logic bomb
D. Malware bot

A company is receiving emails with links to phishing sites that look very similar to the company's own website
address and content. Which of the following is the BEST way for the company to mitigate this attack?


A. Create a honeynet to trap attackers who access the VPN with credentials obtained by phishing.
B. Generate a list of domains similar to the company's own and implement a DNS sinkhole for each.
C. Disable POP and IMAP on all Internet-facing email servers and implement SMTPS.
D. Use an automated tool to flood the phishing websites with fake usernames and passwords.

Which of the following control types would be BEST to use in an accounting department to reduce losses from
fraudulent transactions?


A. Recovery
B. Deterrent
C. Corrective
D. Detective

After multiple on premises security solutions were migrated to the cloud, the incident response time increased.
The analysts are spending a long time trying to trace information on different cloud consoles and correlating
data in different formats. Which of the following can be used to optimize the incident response time?


A. CASB
B. VPC
C. SWG
D. CMS

A company is considering transitioning to the cloud. The company employs individuals from various locations
around the world. The company does not want to increase its on premises infrastructure blueprint and only
wants to pay for additional compute power required. Which of the following solutions would BEST meet the
needs of the company?


A. Private cloud
B. Hybrid environment
C. Managed security service provider
D. Hot backup site

An attacker was eavesdropping on a user who was shopping online. The attacker was able to spoof the IP
address associated with the shopping site. Later, the user received an email regarding the credit card
statement with unusual purchases. Which of the following attacks took place?


A. On-path attack
B. Protocol poisoning
C. Domain hijacking
D. Bluejacking

A company recently experienced a significant data loss when proprietary information was leaked to a
competitor. The company took special precautions by using proper labels; however, email filter logs do not
have any record of the incident. An investigation confirmed the corporate network was not breached, but
documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage.
Which of the following is the BEST remediation for this data leak?


A. User training
B. CASB
C. MDM
D. DLP

An organization wants to implement a biometric system with the highest likelihood that an unauthorized user will
be denied access. Which of the following should the organization use to compare biometric solutions?


A. FRR
B. Difficulty of use
C. Cost
D. FAR
E. CER

During a trial, a judge determined evidence gathered from a hard drive was not admissible. Which of the
following BEST explains this reasoning?


A. The forensic investigator forgot to run a checksum on the disk image after creation.
B. The chain of custody form did not note time zone offsets between transportation regions.
C. The computer was turned off, and a RAM image could not be taken at the same time.
D. The hard drive was not properly kept in an antistatic bag when it was moved.

An organization maintains several environments in which patches are developed and tested before being
deployed to an operational status. Which of the following is the environment in which patches will be deployed
just prior to being put into an operational status?


A. Development
B. Test
C. Production
D. Staging