A manufacturing organization wants to control and monitor access from the internal business network to the segregated production network, while ensuring minimal exposure of the production network to devices. Which of the following solutions would best accomplish this goal?


A. Proxy server
B. NGFW
C. WAF
D. Jump server

A company recently experienced a significant data loss when proprietary information was leaked to a competitor. The company took special precautions by using proper labels; however, email filter logs do not have any record of the incident. An investigation confirmed the corporate network was not breached, but documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage.
Which of the following is the best mitigation strategy to prevent this from happening in the future?


A. User training
B. CASB
C. MDM
D. EDR

During an engagement, penetration testers left USB keys that contained specially crafted malware in the company's parking lot. A couple days later, the malware contacted the command-and-control server, giving the penetration testers unauthorized access to the company endpoints. Which of the following will most likely be a recommendation in the engagement report?


A. Conduct an awareness campaign on the usage of removable media.
B. Issue a user guidance program focused on vishing campaigns.
C. Implement more complex password management practices.
D. Establish a procedure on identifying and reporting suspicious messages.

Which of the following should a security administrator adhere to when setting up a new set of firewall rules?


A. Disaster recovery plan
B. Incident response procedure
C. Business continuity plan
D. Change management procedure

An organization that is located in a flood zone is MOST likely to document the concerns associated with the restoration of IT operations in a:


A. business continuity plan.
B. communications plan.
C. disaster recovery plan.
D. continuity of operations plan.

An organization has hired a security analyst to perform a penetration test. The analyst captures 1Gb worth of inbound network traffic to the server and transfers the pcap back to the machine for analysis. Which of the following tools should the analyst use to further review the pcap?


A. Nmap
B. cURL
C. Netcat
D. Wireshark

A security analyst is reviewing the following attack log output:

Which of the following types of attacks does this MOST likely represent?

A. Rainbow table
B. Brute-force
C. Password-spraying
D. Dictionary

A network administrator is setting up wireless access points in all the conference rooms and wants to authenticate devices using PKI. Which of the following should the administrator configure?


A. A captive portal
B. PSK
C. 802.1X
D. WPS

After a ransomware attack, a forensics company needs to review a cryptocurrency transaction between the victim and the attacker. Which of the following will the company MOST likely review to trace this transaction?


A. The public ledger
B. The NetFlow data
C. A checksum
D. The event log

A company has drafted an insider-threat policy that prohibits the use of external storage devices. Which of the following would BEST protect the company from data exfiltration via removable media?


A. Monitoring large data transfer transactions in the firewall logs
B. Developing mandatory training to educate employees about the removable media policy
C. Implementing a group policy to block user access to system files
D. Blocking removable-media devices and write capabilities using a host-based security tool