Which of the following is a benefit of including a risk management framework into an organization's security
approach?


A. It defines expected service levels from participating supply chain partners to ensure system outages are
remediated in a timely manner.

B. It identifies specific vendor products that have been tested and approved for use in a secure environment.
C. It provides legal assurances and remedies in the event a data breach occurs.
D. It incorporates control, development, policy, and management activities into IT operations.

Which of the following would BEST provide detective and corrective controls for thermal regulation?


A. A smoke detector
B. A fire alarm
C. An HVAC system
D. A fire suppression system
E. Guards

A help desk technician receives a phone call from someone claiming to be a part of the organization's
cybersecurity incident response team. The caller asks the technician to verify the network's internal firewall IP
Address. Which of the following is the technician's BEST course of action?


A. Direct the caller to stop by the help desk in person and hang up declining any further requests from the
caller.

B. Ask for the caller's name, verify the person's identity in the email directory, and provide the requested
information over the phone.

C. Write down the phone number of the caller if possible, the name of the person requesting the information,
hang up, and notify the organization's cybersecurity officer.

D. Request the caller send an email for identity verification and provide the requested information via email to
the caller.

A security analyst was called to investigate a file received directly from a hardware manufacturer. The analyst is
trying to determine whether the file was modified in transit before installation on the user's computer. Which of
the following can be used to safely assess the file?


A. Check the hash of the installation file.
B. Match the file names.
C. Verify the URL download location.
D. Verify the code signing certificate.

A technician enables full disk encryption on a laptop that will be taken on a business trip. Which of the following
does this process BEST protect?


A. Data in transit
B. Data in processing
C. Data at rest
D. Data tokenization

The Chief Information Security Officer directed a risk reduction in shadow IT and created a policy requiring all
unsanctioned high-risk SaaS applications to be blocked from user access. Which of the following is the BEST
security solution to reduce this risk?


A. CASB
B. VPN concentrator
C. MFA
D. VPC endpoint

An organization implemented a process that compares the settings currently configured on systems against
secure configuration guidelines in order to identify any gaps. Which of the following control types has the
organization implemented?


A. Compensating
B. Corrective
C. Preventive
D. Detective

An application developer accidentally uploaded a company's code-signing certificate private key to a public web
server. The company is concerned about malicious use of its certificate. Which of the following should the
company do FIRST?


A. Delete the private key from the repository.
B. Verify the public key is not exposed as well.
C. Update the DLP solution to check for private keys.
D. Revoke the code-signing certificate.

A security analyst generated a file named host1.pcap and shared it with a team member who is going to use
it for further incident analysis. Which of the following tools will the other team member MOST likely use to open
this file?


A. Autopsy
B. Memdump
C. FTK imager
D. Wireshark

A database administrator wants to grant access to an application that will be reading and writing data to a
database. The database is shared by other applications also used by the finance department. Which of the
following account types is MOST appropriate for this purpose?


A. Service
B. Shared
C. Generic
D. Admin