Two organizations plan to collaborate on the evaluation of new SIEM solutions for their respective companies.
A combined effort from both organizations' SOC teams would speed up the effort. Which of the following can
be written to document this agreement?


A. MOU
B. ISA
C. SLA
D. NDA

While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is
alerted to a subsequent token reuse moments later on a different service using the same single sign-on
method. Which of the following would BEST detect a malicious actor?


A. Utilizing SIEM correlation engines
B. Deploying Netflow at the network border
C. Disabling session tokens for all sites
D. Deploying a WAF for the web server

Due to unexpected circumstances, an IT company must vacate its main office, forcing all operations to
alternate, off-site locations. Which of the following will the company MOST likely reference for guidance during
this change?


A. The business continuity plan
B. The retention policy
C. The disaster recovery plan
D. The incident response plan

Which of the following BEST reduces the security risks introduced when running systems that have expired
vendor support and lack an immediate replacement?


A. Implement proper network access restrictions.
B. Initiate a bug bounty program.
C. Classify the system as shadow IT.
D. Increase the frequency of vulnerability scans.

A systems administrator is troubleshooting a server's connection to an internal web server. The administrator
needs to determine the correct ports to use. Which of the following tools BEST shows which ports on the web
server are in a listening state?


A. ipconfig
B. ssh
C. ping
D. netstat

Which of the following is assured when a user signs an email using a private key?


A. Non-repudiation
B. Confidentiality
C. Availability
D. Authentication

The Chief Information Security Officer (CISO) has requested that a third-party vendor provide supporting
documents that show proper controls are in place to protect customer data. Which of the following would be
BEST for the third-party vendor to provide to the CISO?


A. GDPR compliance attestation
B. Cloud Security Alliance materials
C. SOC 2 Type 2 report
D. NIST RMF workbooks

A security engineer was assigned to implement a solution to prevent attackers from gaining access by
pretending to be authorized users. Which of the following technologies meets the requirement?


A. SSO
B. IDS
C. MFA
D. TPM

Digital signatures use asymmetric encryption. This means the message is encrypted with:


A. the sender's private key and decrypted with the sender's public key.
B. the sender's public key and decrypted with the sender's private key.
C. the sender's private key and decrypted with the recipient's public key.
D. the sender's public key and decrypted with the recipient's private key.

A DBA reports that several production server hard drives were wiped over the weekend. The DBA also reports
that several Linux servers were unavailable due to system files being deleted unexpectedly. A security analyst
verified that software was configured to delete data deliberately from those servers. No backdoors to any
servers were found. Which of the following attacks was MOST likely used to cause the data loss?


A. Logic bomb
B. Ransomware
C. Fileless virus
D. Remote access Trojans
E. Rootkit