Several universities are participating in a collaborative research project and need to share compute and storage
resources. Which of the following cloud deployment strategies would BEST meet this need?


A. Community
B. Private
C. Public
D. Hybrid

Which of the following provides a calculated value for known vulnerabilities so organizations can prioritize
mitigation steps?


A. CVSS
B. SIEM
C. SOAR
D. CVE

After a recent security breach, a security analyst reports that several administrative usernames and passwords
are being sent via cleartext across the network to access network devices over port 23. Which of the following
should be implemented so all credentials sent over the network are encrypted when remotely accessing and
configuring network devices?


A. SSH
B. SNMPv3
C. SFTP
D. Telnet
E. FTP

After returning from a conference, a user's laptop has been operating slower than normal and overheating, and
the fans have been running constantly. During the diagnosis process, an unknown piece of hardware is found
connected to the laptop's motherboard. Which of the following attack vectors was exploited to install the
hardware?


A. Removable media
B. Spear phishing
C. Supply chain
D. Direct access

A security forensics analyst is examining a virtual server. The analyst wants to preserve the present state of the
virtual server, including memory contents. Which of the following backup types should be used?


A. Snapshot
B. Differential
C. Cloud
D. Full
E. Incremental

Certain users are reporting their accounts are being used to send unauthorized emails and conduct suspicious
activities. After further investigation, a security analyst notices the following:
All users share workstations throughout the day.
Endpoint protection was disabled on several workstations throughout the network.
Travel times on logins from the affected users are impossible.
Sensitive data is being uploaded to external sites.
All user account passwords were forced to be reset and the issue continued.
Which of the following attacks is being used to compromise the user accounts?


A. Brute-force
B. Keylogger
C. Dictionary
D. Rainbow

An organization is planning to roll out a new mobile device policy and issue each employee a new laptop. These
laptops would access the users' corporate operating system remotely and allow them to use the laptops for
purposes outside of their job roles. Which of the following deployment models is being utilized?


A. MDM and application management
B. BYOD and containers
C. COPE and VDI
D. CYOD and VMs

A Chief Security Officer (CSO) is concerned that cloud-based services are not adequately protected from
advanced threats and malware. The CSO believes there is a high risk that a data breach could occur in the
near future due to the lack of detective and preventive controls. Which of the following should be implemented
to BEST address the CSO's concerns? (Choose two.)


A. A WAF
B. A CASB
C. An NG-SWG
D. Segmentation
E. Encryption
F. Containerization

Which of the following terms describes a broad range of information that is sensitive to a specific organization?


A. Public
B. Top secret
C. Proprietary
D. Open-source

A security analyst has been asked by the Chief Information Security Officer to:
develop a secure method of providing centralized management of infrastructure
reduce the need to constantly replace aging end user machines
provide a consistent user desktop experience
Which of the following BEST meets these requirements?


A. BYOD
B. Mobile device management
C. VDI
D. Containerization