Which of the following statements BEST describes zero-day exploits?


A. When a zero-day exploit is discovered, the system cannot be protected by any means.
B. Zero-day exploits have their own scoring category in CVSS.
C. A zero-day exploit is initially undetectable, and no patch for it exists.
D. Discovering zero-day exploits is always performed via bug bounty programs.

Which of the following will increase cryptographic security?


A. High data entropy
B. Algorithms that require less computing power
C. Longer key longevity
D. Hashing

A security analyst is receiving numerous alerts reporting that the response time of an internet-facing application has been degraded. However, the internal network performance was not degraded. Which of the following MOST likely explains this behavior?


A. DNS poisoning
B. MAC flooding
C. DDoS attack
D. ARP poisoning

A company is providing security awareness training regarding the importance of not forwarding social media messages from unverified sources. Which of the following risks would this training help to prevent?


A. Hoaxes
B. SPIMs
C. Identity fraud
D. Credential harvesting

The Chief Information Security Officer (CISO) requested a report on potential areas of improvement following a security incident. Which of the following incident response processes is the CISO requesting?


A. Lessons learned
B. Preparation
C. Detection
D. Containment
E. Root cause analysis

A security analyst wants to reference a standard to develop a risk management program. Which of the following is the BEST source for the analyst to use?


A. SSAE SOC 2
B. ISO 31000
C. NIST CSF
D. GDPR

A security analyst receives an alert from the company's SIEM that anomalous activity is coming from a local source IP address of 192.168.34.26. The Chief Information Security Officer asks the analyst to block the originating source. Several days later, another employee opens an internal ticket stating that vulnerability scans are no longer being performed properly. The IP address the employee provides is 192.168.34.26. Which of the following describes this type of alert?


A. True negative
B. True positive
C. False positive
D. False negative

An organization has decided to purchase an insurance policy because a risk assessment determined that the cost to remediate the risk is greater than the five-year cost of the insurance policy. The organization is enabling risk:


A. avoidance.
B. acceptance.
C. mitigation.
D. transference.

A security analyst is concerned about critical vulnerabilities that have been detected on some applications running inside containers. Which of the following is the BEST remediation strategy?


A. Update the base container Image and redeploy the environment.
B. Include the containers in the regular patching schedule for servers.
C. Patch each running container individually and test the application.
D. Update the host in which the containers are running.

Which of the following would detect intrusions at the perimeter of an airport?


A. Signage
B. Fencing
C. Motion sensors
D. Lighting
E. Bollards