A security analyst is working on a project to implement a solution that monitors network communications and
provides alerts when abnormal behavior is detected. Which of the following is the security analyst MOST likely
implementing?


A. Vulnerability scans
B. User behavior analysis
C. Security orchestration, automation, and response
D. Threat hunting

An organization is building backup server rooms in geographically diverse locations. The Chief Information
Security Officer implemented a requirement on the project that states the new hardware cannot be susceptible
to the same vulnerabilities in the existing server room. Which of the following should the systems engineer
consider?


A. Purchasing hardware from different vendors
B. Migrating workloads to public cloud infrastructure
C. Implementing a robust patch management solution
D. Designing new detective security controls

An organization has developed an application that needs a patch to fix a critical vulnerability. In which of the
following environments should the patch be deployed LAST?


A. Test
B. Staging
C. Development
D. Production

A cloud service provider has created an environment where customers can connect existing local networks to
the cloud for additional computing resources and block internal HR applications from reaching the cloud. Which
of the following cloud models is being used?


A. Public
B. Community
C. Hybrid
D. Private

Which of the following is the FIRST environment in which proper, secure coding should be practiced?


A. Stage
B. Development
C. Production
D. Test

A recent security breach exploited software vulnerabilities in the firewall and within the network management
solution. Which of the following will MOST likely be used to identify when the breach occurred through each
device?


A. SIEM correlation dashboards
B. Firewall syslog event logs
C. Network management solution login audit logs
D. Bandwidth monitors and interface sensors

During an incident response, an analyst applied rules to all inbound traffic on the border firewall and
implemented ACLs on each critical server. Following an investigation, the company realizes it is still vulnerable
because outbound traffic is not restricted, and the adversary is able to maintain a presence in the network. In
which of the following stages of the Cyber Kill Chain is the adversary currently operating?


A. Reconnaissance
B. Command and control
C. Actions on objective
D. Exploitation

A security analyst has identified malware spreading through the corporate network and has activated the
CSIRT. Which of the following should the analyst do NEXT?


A. Review how the malware was introduced to the network.
B. Attempt to quarantine all infected hosts to limit further spread.
C. Create help desk tickets to get infected systems reimaged.
D. Update all endpoint antivirus solutions with the latest updates.

An organization discovered files with proprietary financial data have been deleted. The files have been
recovered from backup, but every time the Chief Financial Officer logs in to the file server, the same files are
deleted again. No other users are experiencing this issue. Which of the following types of malware is MOST
likely causing this behavior?


A. Logic bomb
B. Cryptomalware
C. Spyware
D. Remote access Trojan

Which of the following organizations sets frameworks and controls for optimal security configuration on
systems?


A. ISO
B. GDPR
C. PCI DSS
D. NIST