Question 51
Which of the following organizations sets frameworks and controls for optimal security configuration on systems?
A. ISO
B. GDPR
C. PCI DSS
D. NIST
Question 52
An organization discovered files with proprietary financial data have been deleted. The files have been recovered from backup, but every time the Chief FinancialOfficer logs in to the file server, the same files are deleted again. No other users are experiencing this issue. Which of the following types of malware is MOST likely causing this behavior?
A. Logic bomb
B. Cryptomalware
C. Spyware
D. Remote access Trojan
Question 53
A security analyst has identified malware spreading through the corporate network and has activated the CSIRT. Which of the following should the analyst doNEXT?
A. Review how the malware was introduced to the network.
B. Attempt to quarantine all infected hosts to limit further spread.
C. Create help desk tickets to get infected systems reimaged.
D. Update all endpoint antivirus solutions with the latest updates.
Question 54
During an incident response, an analyst applied rules to all inbound traffic on the border firewall and implemented ACLs on each critical server. Following an investigation, the company realizes it is still vulnerable because outbound traffic is not restricted, and the adversary is able to maintain a presence in the network.
In which of the following stages of the Cyber Kill Chain is the adversary currently operating?
A. Reconnaissance
B. Command and control
C. Actions on objective
D. Exploitation
Question 55
A recent security breach exploited software vulnerabilities in the firewall and within the network management solution. Which of the following will MOST likely be used to identify when the breach occurred through each device?
A. SIEM correlation dashboards
B. Firewall syslog event logs
C. Network management solution login audit logs
D. Bandwidth monitors and interface sensors
Question 56
Which of the following is the FIRST environment in which proper, secure coding should be practiced?
A. Stage
B. Development
C. Production
D. Test
Question 57
A cloud service provider has created an environment where customers can connect existing local networks to the cloud for additional computing resources and block internal HR applications from reaching the cloud. Which of the following cloud models is being used?
A. Public
B. Community
C. Hybrid
D. Private
Question 58
An organization has developed an application that needs a patch to fix a critical vulnerability. In which of the following environments should the patch be deployedLAST?
A. Test
B. Staging
C. Development
D. Production
Question 59
An organization is building backup server rooms in geographically diverse locations. The Chief Information Security Officer implemented a requirement on the project that states the new hardware cannot be susceptible to the same vulnerabilities in the existing server room. Which of the following should the systems engineer consider?
A. Purchasing hardware from different vendors
B. Migrating workloads to public cloud infrastructure
C. Implementing a robust patch management solution
D. Designing new detective security controls
Question 60
A security analyst is working on a project to implement a solution that monitors network communications and provides alerts when abnormal behavior is detected.
Which of the following is the security analyst MOST likely implementing?
A. Vulnerability scans
B. User behavior analysis
C. Security orchestration, automation, and response
D. Threat hunting
