Crucial Exams
Exams
CompTIA
CompTIA
CompTIA
A+ 220-1201 (V15)
CompTIA
A+ 220-1202 (V15)
CompTIA
Security+ SY0-701 (V7)
CompTIA
Network+ N10-009 (V9)
CompTIA
Tech+ FC0-U71 (V6)
CompTIA
CySA+ CS0-003 (V3)
CompTIA
Data+ DA0-001 (V1)
CompTIA
Data+ DA0-002 (V2)
CompTIA
Linux+ XK0-006 (V8)
CompTIA
PenTest+ PT0-003 (V3)
CompTIA
Cloud+ CV0-004 (V4)
CompTIA
Server+ SK0-005
CompTIA
Linux+ XK0-005 (v7)
CompTIA
DataX DY0-001 (V1)
CompTIA
SecurityX CAS-005 (V5)
CompTIA
CloudNetX CNX-001
CompTIA
DataSys+ DS0-001
CompTIA
SecAI+ CY0-001
Cisco
Cisco
Cisco
CCNA 200-301
Cisco
CCNA Cybersecurity 200-201 CCNACBR
Cisco
CCNP Enterprise 350-401 ENCOR
Cisco
CCST Cybersecurity 100-160
Cisco
CCST IT Support 100-140
Cisco
CCST Networking 100-150
AWS
AWS
AWS
Cloud Practitioner CLF-C02
AWS
Certified AI Practitioner AIF-C01
AWS
Certified CloudOps Engineer Associate SOA-C03
AWS
Certified Data Engineer Associate DEA-C01
AWS
Certified Developer Associate DVA-C02
AWS
Certified Solutions Architect Associate SAA-C03
AWS
Certified Solutions Architect Professional SAP-C02
AWS
Certified Security Specialty SCS-C03
AWS
DevOps Engineer Professional DOP-C02
AWS
Machine Learning Engineer Associate MLA-C01
Microsoft
Microsoft
Microsoft
365 Fundamentals MS-900
Microsoft
Azure Fundamentals AZ-900
Microsoft
Azure Data Fundamentals DP-900
Microsoft
Azure AI Fundamentals AI-900
Microsoft
Security, Compliance, and Identity Fundamentals SC-900
Microsoft
Azure Developer Associate AZ-204
Microsoft
Azure Security Engineer Associate AZ-500
Microsoft
Azure AI Engineer Associate AI-102
Microsoft
Fabric Data Engineer Associate DP-700
Microsoft
Azure Administrator Associate AZ-104
Microsoft
Security Operations Analyst Associate SC-200
Microsoft
365 Administrator Expert MS-102
Microsoft
DevOps Engineer Expert AZ-400
Microsoft
Power BI Data Analyst
Microsoft
365 Endpoint Administrator Associate MD-102
Microsoft
Azure Solutions Architect Expert AZ-305
Microsoft
365 Certified: Copilot and Agent Administration Fundamentals AB-900
ISC2
ISC2
ISC2
CISSP
ISC2
Certified Cloud Security Professional (CCSP)
ISC2
Certified in Cybersecurity (CC)
ISC2
Certified Secure Software Lifecycle Professional (CSSLP)
ISC2
Governance, Risk and Compliance (CGRC)
ISC2
Systems Security Certified Practitioner (SSCP)
Project Management
Project Management
CompTIA Project+ PK0-005 (V5)
CAPM
Project Management
Professional
PgMP
PRINCE2 7 Foundation
PRINCE2 7 Practitioner
Medical and Nursing
Medical and Nursing
AAMA CMA
BCEN CEN
BCEN CFRN
NCLEX RN
Law and Legal
Law and Legal
Multistate Bar Examination
Multistate Professional Responsibility Exam
Tableau
Tableau
Tableau
Desktop Foundations
EC-Council
EC-Council
Certified Ethical Hacker (CEH)
GCP
GCP
GCP
Associate Cloud Engineer
GCP
Cloud Digital Leader
GCP
Professional Cloud Architect
GCP
Professional Cloud Security Engineer
GCP
Professional Data Engineer
PeopleCert
PeopleCert
ITIL 4 Foundation
Vote for New Exams
AI
Instructor
Vouchers
Discount Vouchers
Educators
App
Pricing
Choose your Package
IT & Cybersecurity
Bar Prep
Nursing and Medical Assistants
Project Management
More
Search
Research & Articles
For Educators
Plans & Pricing
Hero Discounts
Partner Discounts
Contact Us
🚀 Pointless Certs!
Login
Sign Up
Leaderboards
Toggle Theme
December
+
New Practice Questions
CompTIA Security+ SY0-701 (V7)
+163 Questions
A multinational corporation with operations in several countries is working to ensure compliance with global data protection regulations. What is the most appropriate action for the company to take in order to maintain compliance with the diverse set of regulations concerning user data privacy?
View
A mid-sized online retailer recently suffered a data breach, and investigators found it had ignored several data-protection regulations. The incident has been widely reported in the media. Which of the following organizational aspects is most likely to be immediately and directly affected?
View
A technology firm headquartered in the United States with no previous international presence is strategizing for expansion into European and Asian markets. Which action is MOST critical for aligning the firm's security practices with external international requirements?
View
A corporation requires a comprehensive assessment of their security posture to uncover potential attack vectors and to test their incident response effectiveness. They require a simulation that not only uncovers initial entry points but also reveals lateral movement and privilege escalation possibilities within their network. Which service should they procure?
View
A company is reviewing measures to enhance the security of its server room, which is located in a building shared with other tenants. Recent security audits suggest the need for better controls to prevent unauthorized physical access. Which of the following options would best enhance the security of the server room?
View
Which of the following best describes the purpose of establishing business continuity procedures within an organization?
View
A security analyst is reviewing the security posture of a manufacturing plant's Industrial Control System (ICS). The system is considered highly critical and is physically isolated from the company's main IT network. Which of the following represents the MOST appropriate security principle to apply when establishing a baseline for this ICS?
View
A security administrator wants to enforce a control that automatically requires users to change their passwords every 60 days to limit how long any single credential can remain valid. Which password-policy term describes this practice of expiring credentials after a defined period of time?
View
A security analyst is reviewing endpoint logs from the company's new EDR solution. The analyst notices a high volume of failed login attempts against a single user account, all originating from the same IP address. This activity is immediately followed by a single successful login from that same IP address. Which type of attack does this pattern MOST likely indicate?
View
A company's publicly accessible blog has been defaced with political slogans and messages. These unauthorized alterations have not resulted in any financial demand, data theft, or additional malfunctions within the company's IT infrastructure. Which type of threat actor is MOST likely to be responsible for this incident?
View
Your company is deploying a new set of servers acquired from a hardware provider. What is the BEST initial step to ensure these devices do not introduce vulnerabilities into the company's network?
View
An organization's network has been compromised with software that appeared legitimate but has provided attackers with unauthorized access. Which of the following BEST describes the type of malware used in this scenario?
View
Which social engineering attack is most effectively combated by implementing strong organizational verification procedures and training employees to confirm requests through multi-channel verifications?
View
An employee in the finance department received a signed email from a senior executive's company email address. The email instructed the employee to urgently wire a substantial sum of money to an overseas account for a confidential deal. Which of the following best describes the type of attack that the finance employee might be encountering?
View
Your company has a strict requirement for monitoring network traffic without introducing any additional latency or potential points of failure within the data path. Which type of security device deployment would best suit the company's needs?
View
Which of the following is the BEST deployment option for a company looking to enhance the security of their web applications by monitoring and potentially blocking SQL injection attacks and cross-site scripting attempts?
View
Which of the following best describes a snapshot in the context of data backups?
View
A web hosting company is expanding its services to support high-traffic websites. The company needs to ensure that the resources are evenly distributed across servers to manage dynamic loads effectively. Which solution should the company primarily consider implementing to address this requirement?
View
Your organization is setting up a secondary site to ensure business continuity in case of a disaster. Which type of site provides a balance between cost and swiftness of recovery by having infrastructure ready, but not active production servers until needed?
View
As a security architect, you are evaluating the implementation of network appliances that should be primarily utilized for the identification of malfeasance occurring within the internal company network. In this scenario, which of the following solutions strategically placed within the network would best suit the continuous observation and timely reporting of anomalous activities without actively interfering with data flow?
View
Which technology should an organization implement to provide its mobile workforce with the most secure method of accessing the internal network, ensuring data is encrypted while traversing public networks?
View
A security administrator is finalizing a resiliency plan for a server room that houses several critical systems. The primary requirement is to prevent data corruption by allowing the servers to shut down gracefully in the event of a sudden, complete power outage. Which of the following solutions should the administrator implement to BEST meet this specific requirement?
View
When considering high availability in a security architecture, what term is used to describe the ability of a system to handle a growing amount of work by adding resources to the system?
View
An employee in your organization has been consistently leaving his workstation unlocked when stepping away for short breaks. This behavior might expose the company to security threats. As part of security awareness practices, how should this issue be best addressed to prevent potential unintentional insider threats?
View
When conducting a risk analysis, what term describes the probability that a given threat will exploit a particular vulnerability within an organization's security environment?
View
Your organization is assessing a potential security incident that could impact the confidentiality of client data. The security team needs to evaluate the probability and impact of the incident occurring to prioritize their response. What information is MOST crucial for assessing the probability of this security incident happening?
View
During a penetration test, what term best describes an environment where the tester has no prior knowledge of the target system or network?
View
Which of the following is the BEST approach to ensure ongoing compliance and security posture of a third-party vendor post-contract signing?
View
A company is planning to hire an external firm to conduct a security assessment of its IT environment. Given the nature of the assessment being independent, which of the following options would BEST ensure an impartial and unbiased review of the company's security posture?
View
During a weekly IT governance meeting, the operations manager notes that multiple unplanned configuration tweaks made by junior administrators have caused intermittent outages on the company's ERP servers. Senior leadership wants a formal procedure that requires documenting every proposed modification, obtaining approvals, scheduling implementation windows, and verifying rollback plans so that future updates occur in a consistent, auditable, and low-risk manner. Which type of procedure should the security team recommend to meet this requirement?
View
During an annual review of security policies, a company discovered that multiple incidents related to data leakage were a result of employees accidentally sending proprietary information to external contacts. Which of the following would be the BEST approach to mitigate this type of unintentional data loss?
View
A user in the European Union has contacted a company's privacy officer and formally requested the removal of all their personal data from the company's marketing systems. The user wants to ensure their data is no longer processed or stored. Which fundamental data privacy right is the user exercising in this scenario?
View
A company's web application is vulnerable to an attack in which unauthorized commands are sent from a user that the application trusts. Which of the following is the BEST mitigation technique to prevent this vulnerability?
View
When securing a wireless network, which of the following is important for preventing unauthorized access and ensuring that only authenticated users can connect?
View
An employee in the finance department received an email with a spreadsheet attachment claiming to contain urgent budget corrections required by their manager. However, the spreadsheet is actually a file-based threat designed to compromise the user's system. What is the BEST action the employee should take to mitigate this threat?
View
Which of the following cryptographic attacks specifically involves finding two different inputs that produce the same hash output?
View
An organization's sensitive financial data was recently exfiltrated in a targeted cyber attack. Following an investigation, it was determined that an employee inadvertently installed a keylogger on their workstation after falling for a spear-phishing email that appeared to come from the company's CEO. Based on this scenario, what is the MOST probable motivation behind this attack?
View
During a security assessment, you identified that an employee's desktop application for managing customer data allows for executing arbitrary database queries by modifying inputs within the application. This vulnerability can be exploited by attackers to manipulate or exfiltrate sensitive data from the company database. Which specific type of vulnerability does this scenario describe?
View
A member of the finance team receives an urgent phone call from an individual claiming to be from the company's bank. The caller alleges that the company's account has been flagged for suspicious activity and insists that the employee must provide their login credentials immediately to verify their identity and secure the account. Which type of attack is being attempted?
View
Which password attack technique involves attempting access with a set of commonly used passwords on multiple user accounts to avoid account lockout policies?
View
During a routine security audit in your organization, it was discovered that an employee from the research and development department has been transmitting confidential product designs to a competitor. Which type of threat actor is most likely involved in this scenario?
View
A company is enhancing its disaster recovery strategies to improve its ability to maintain continuity of operations after a catastrophic system failure. Considering the importance of being able to resume mission-critical activities swiftly and efficiently, which of the following options should be the company's MAIN focus?
View
A company wants to ensure that its online service remains operational and accessible in the event of a single data center going offline due to a natural disaster. From the options below, select the BEST strategy that aligns most closely with ensuring resilience and recovery capabilities in their security architecture.
View
A company's industrial control system (ICS) network is air-gapped from the corporate network and the internet to protect critical infrastructure. A security audit is being conducted to identify potential weaknesses. Which of the following represents the MOST significant risk of malware being introduced to the air-gapped ICS network?
View
As a network architect, you have been asked to design a network infrastructure for a financial services provider that requires extremely high levels of security due to the sensitive nature of the data being processed. The client also demands that certain systems must remain operational and isolated even in the event of a catastrophic network failure. Which of the following solutions would BEST meet these requirements?
View
A security analyst is reviewing the organization's risk dashboard during a monthly governance meeting. The dashboard displays several quantitative metrics designed to act as early-warning signals whenever exposure to specific threats could jeopardize the company's operational continuity or long-term strategic objectives. Which term best describes these early-warning metrics?
View
You are the security manager for a company that is currently undergoing its annual compliance check for a new data protection regulation. The auditors have requested evidence of ongoing compliance monitoring activities. Which of the following would BEST demonstrate the company's commitment to compliance monitoring?
View
During a security governance workshop, a company is mapping roles to responsibilities for its new payroll application and the underlying database. According to best practices for systems and data governance, which role is responsible for approving and overseeing the development, maintenance, use, and security controls of these assets?
View
Your company's data center experienced a critical server failure that disrupted operations for the e-commerce platform. As part of the business continuity plan, what metric should be used to determine the maximum tolerable duration of the disruption before significant losses occur?
View
Your organization operates in the healthcare industry in the United States, and is planning to deploy a new patient management system. Which of the following is the MOST APPLICABLE approach to ensure compliance with industry-specific security requirements?
View
A corporation has determined that the likelihood of a data breach in their system is once every five years. The estimated financial damage from a single breach event is $3 million. As the Security Analyst tasked with calculating the Annualized Loss Expectancy (ALE) for the data breach risk, which of the following correctly calculates the ALE?
View
A junior security administrator has been tasked with recommending solutions to prevent unauthorized individuals from physically entering a company's new sensitive data center. The administrator is considering options such as biometric scanners, mantraps, and security guards. Which category of security controls do these solutions fall under?
View
A security administrator needs to deploy an Intrusion Detection System (IDS) on a critical network segment. The primary requirement is that the appliance must only observe traffic for analysis and reporting. It should not introduce any latency or become a point of failure for the live traffic. Which device attribute is required for this deployment?
View
A corporate network administrator is configuring access control on the switches to allow only authorized devices to connect to the LAN. The administrator wants to dynamically assign VLANs based on user identity and prevent unauthorized network access at the port level. Which of the following should be implemented?
View
A company is deploying a Bring Your Own Device (BYOD) policy and is concerned about securing corporate data on employees' personal smartphones. Which of the following is the BEST endpoint protection measure to address this specific concern?
View
As an IT security manager for a retail company, you receive reports about a phishing campaign targeting your employees via text messages, which claim to be from the IT department. The messages request immediate confirmation of account details to prevent account deactivation. Which of the following represents the threat vector used in this scenario?
View
An attacker is attempting to impersonate a trusted entity by presenting a fabricated network packet that appears to be part of an ongoing communication. Which kind of attack does this scenario best describe?
View
During a security audit, you discover that an employee has been tricked into giving away sensitive information via a phone call with a person posing as IT support. Which type of social engineering attack does this scenario best describe?
View
An organization has just deployed a new network infrastructure device and assigned a systems administrator to ensure it is secured. What is the BEST initial action the systems administrator should take to mitigate the risk of unauthorized access due to common credential attacks?
View
An organization's network has been infected with a software that propagates itself across computers, encrypting files and demanding payment for the decryption key. Which of the following BEST describes this type of malicious code?
View
Which mobile device vulnerability occurs when a smartphone user installs an app from a source other than the platform's official app store, thereby bypassing the built-in security screening provided by the operating system?
View
An organization is subject to strict data-sovereignty regulations that require all personal data collected from citizens to remain within national borders. Which of the following security controls BEST helps the organization meet this requirement?
View
During a business-impact analysis of the company's data center, you discover that the organization can tolerate only a few seconds of downtime if utility power fails. Which of the following controls will keep the servers running long enough for either a graceful shutdown or for the facility's generator to take over?
View
Which of the following is the BEST method to protect credit card information in a database while still allowing for customer data analysis?
View
An organization needs to provide its expanding remote workforce with secure access to internal corporate resources from the public internet. A security architect has been asked to recommend the BEST solution that encrypts traffic from remote users to the company's data center, effectively minimizing the attack surface. Which of the following should the architect recommend?
View
Your organization is deploying a network security monitoring solution to increase visibility into potential malicious activity. The network team must choose between an active inline security device and a passive tap/monitor configuration. Given management's requirement to avoid interrupting network traffic unless absolutely necessary, which approach best satisfies this criterion?
View
A company's IT department is implementing a new web application that will store sensitive customer information. As part of the design, they need to ensure appropriate user access to data within the application. Which of the following methods is MOST effective in restricting access to the data based on a user's role within the company?
View
During a security review, an engineer recommends placing a research lab's file server on a network segment that has absolutely no wired or wireless links to any other network, including the internet. Which term best describes this type of physically isolated environment?
View
A security consultant is helping an organization to enhance the detection capabilities of unauthorized activities within its internal network. The organization's security strategy includes the deployment of Network Intrusion Detection Systems (NIDS) but also emphasizes minimizing the impact on network performance. Which deployment strategy should the consultant recommend?
View
A cybersecurity analyst needs to create a document that provides employees with non-mandatory recommendations and best practices for securely configuring their home Wi-Fi networks for remote work. The document is intended to be advisory rather than a set of strict, enforceable rules. Which of the following governance documents should the analyst create?
View
Which statement BEST describes the overall scope of a Business Continuity Plan (BCP)?
View
A medium-sized healthcare organization has performed a risk analysis and discovered that the potential financial impact of breaches to patient data is very high. The organization has a limited budget and cannot implement all the recommended security controls. The Chief Information Security Officer (CISO) must decide which risks to prioritize. Which risk management strategy should the CISO adopt for those risks that cannot be fully mitigated due to budget constraints?
View
A third-party vendor's adherence to local and regional compliance regulations is not a necessary consideration during the vendor selection process.
View
When establishing an effective security governance framework for an organization, which of the following is MOST essential to ensure alignment with business objectives and risk management strategies?
View
A company's leadership has mandated the implementation of stronger controls around password management to improve security posture. As part of this initiative, the CISO is revising the company's password policy. Which of the following changes to the password policy BEST aligns with effective security governance practices?
View
ABC Tech Corporation is considering outsourcing their customer support services to XYZ Support Inc. As part of the vetting process, which of the following is the most appropriate action to ensure due diligence and care is exercised in selecting a third-party vendor?
View
As an IT manager, you discover that the company forces users to change their passwords every 90 days. According to current NIST guidance, which single update would best strengthen security while reducing user frustration?
View
As a security analyst in a large organization, you are responsible for establishing a secure baseline configuration for new Windows and Linux servers being deployed in the data center. What is the primary reason for creating this secure baseline?
View
Which of the following best describes a guideline for creating strong passwords that can help reduce the risk of unauthorized access?
View
An organization has noticed an unusual amount of traffic to a legacy server. Upon investigation, it was discovered that a service account has been used to elevate permissions and install unauthorized software. Which of the following should be the FIRST step in the incident response process to handle this situation?
View
Your company is preparing to conduct a penetration test on a new network-based application. To ensure that the scope and actions of the test are clearly understood and agreed upon, what document should your security team review and adhere to before beginning the testing activities?
View
After a security incident that involved data exfiltration, which type of documentation should be generated to summarize the event's details, impact, methods of detection, response actions, and recommendations for future prevention?
View
A security administrator is rolling out multifactor authentication (MFA) to secure remote VPN connections. The goal is to implement the "something you have" factor in a way that provides stronger protection than passwords or SMS-based codes. Which of the following options BEST satisfies this requirement?
View
As part of the vendor selection process for a new data storage provider, you must gauge the vendor's security posture and compliance. Which document will be most effective in providing standardized queries to the vendors about their security controls and practices?
View
A security team is deploying a secure email gateway (SEG) at the network perimeter. Which of the following BEST describes the primary function the SEG provides to enhance the organization's security posture?
View
An organization has deployed a Unified Threat Management (UTM) device to consolidate multiple security functions. While reviewing security logs, it is noted that a specific alert keeps recurring, and it has been determined to be a false positive. To improve the efficiency of security operations, what should be done to handle this situation without compromising the actual threat detection capability of the UTM?
View
A remote sales team currently authenticates to the corporate VPN with usernames and passwords. To reduce the risk of credential theft, the security architect wants to add a second factor that falls into the "something you are" category of authentication factors. Which of the following solutions would satisfy this requirement?
View
A medium-sized organization is expanding rapidly and requires a solution to streamline the creation and management of user accounts across multiple services, including email, cloud storage, and internal databases. As the security operations manager, you decide to implement a tool to automate these repetitive tasks. Which of the following solutions would be the MOST appropriate to achieve this objective?
View
Your organization has just finalized an incident-response playbook for suspected data breaches. During a tabletop exercise, a junior analyst asks where to look in the document to determine who is responsible for tasks such as notifying management, containing affected systems, and coordinating with legal counsel. Which section of the playbook should the analyst consult first to identify these assignments?
View
The administrative (native) VLAN on a switch should be left as VLAN 1 for security best practices.
View
A company's email server has a known vulnerability that is being actively exploited in the wild. Based on reports, the vulnerability has been exploited in an average of two companies per month over the last year. Given this information, what is the Annualized Rate of Occurrence (ARO) for potential exploits of this vulnerability in the company's email server?
View
Your organization is implementing a new policy that requires the decommissioning of server hardware after a defined operational lifetime to reduce risks from aging infrastructure. As part of the asset management team, which policy update is most critical to ensure that hardware disposal remains aligned with security best practices?
View
During onboarding of a new cloud-based email-filtering service, the security team sends the provider a standardized questionnaire that asks about encryption methods, access controls, incident-response procedures, and compliance certifications. In the context of third-party risk management, what is the **primary** purpose of issuing this questionnaire?
View
A company is about to enter into an agreement with a cloud service provider. Which of the following should the company primarily focus on to ensure timely and effective remediation of service interruptions?
View
Within an organization's information security governance framework, what is the **primary** responsibility of a security or risk committee?
View
As part of a comprehensive risk management process, your organization is conducting a qualitative risk analysis. The team must evaluate potential threats to the confidential client information stored in your database. Which approach best captures the concerns of various stakeholders, including customer service, IT, and executive management, towards the risks associated with the stored client information?
View
An organization wants to strengthen its security governance framework. Management decides to perform an internal self-assessment before scheduling any external audits. From the perspective of security compliance, what is the primary objective of performing this internal self-assessment?
View
A network security analyst suspects an ongoing exploitation of a system vulnerability. In order to capture and analyze the traffic for forensic investigation, the analyst plans to use a packet capturing tool. What is the primary benefit of performing a packet capture in this scenario?
View
A company is implementing a new mobile device policy that allows employees to use their personal smartphones to access corporate email and calendar services. However, they must ensure the security of corporate data when communicating over cellular networks. Which of the following is the BEST method to secure these communications?
View
A security analyst is reviewing a report from a recent vulnerability scan that identified over 200 issues across various systems, including web servers, databases, and network switches. To manage the remediation process effectively, the analyst groups the vulnerabilities based on common characteristics, such as the type of weakness (e.g., SQL injection, cross-site scripting) and the affected technology stack. What is this process of categorizing vulnerabilities called?
View
A company wants to minimize the exposure of sensitive customer credit card data within its e-commerce environment. Which of the following data protection strategies would BEST reduce the risk of credit card data breaches while maintaining the ability to perform transactional operations?
View
An organization has experienced a security incident involving an advanced persistent threat (APT) that has bypassed existing security controls and established a foothold on the network. As part of the incident response activities, what is the MOST appropriate immediate action to take once the threat is confirmed?
View
A security administrator is tasked with selecting an authentication framework that can be deployed on both a new WPA3-Enterprise Wi-Fi network and several legacy PPP dial-up links. The solution must allow the company to swap among smart-card logons, one-time passwords, or certificate-based credentials without changing the underlying transport. Which authentication framework satisfies these requirements?
View
Your organization has just received a report from an independent security researcher, who claims to have discovered a vulnerability in one of your web applications. The researcher has provided detailed steps to reproduce the issue. What is the most appropriate initial response to this situation that aligns with responsible disclosure practices?
View
During a security audit, an administrator needs to ensure that only company-approved laptops can connect to the office's wired switches. Which network technology should be configured on each switch port so a user or device must successfully authenticate before any LAN or WLAN traffic is permitted?
View
Which of the following best describes the process of sanitization in asset disposal?
View
A healthcare organization relies on specialized equipment that operates on a legacy system which cannot be patched due to vendor abandonment. To maintain the highest level of security, what should be the organization's FIRST step in mitigating the risks associated with the inability to patch this system?
View
During a recent audit of security logs, an analyst discovers that certain log entries are sporadically missing over the past month. Understanding the importance of logs for detecting and troubleshooting anomalies, which of the following is the BEST explanation for the missing logs?
View
A network administrator at a small business is concerned that sudden power outages could cause data corruption on their main file server. The business needs a solution that provides enough time to shut the server down gracefully during an outage. Which of the following devices should be implemented to address this concern?
View
Your organization is handling sensitive government contracts and must ensure that information related to these projects is guarded against unauthorized physical access. In accordance with data classification policies, which of the following is the BEST way to handle such data?
View
When configuring a security device so that, if the device itself fails, it will block all traffic rather than let it pass, which failure mode should you select?
View
Your company has a policy that requires all stored user passwords to be protected. Which method would be MOST appropriate to use when storing these passwords to maintain security while allowing user authentication to continue to work effectively?
View
Your organization is exploring the option of migrating some services to the cloud while maintaining critical systems onsite due to their sensitive nature. As the IT Security Specialist, you've been asked to assess the security considerations for the on-premises systems. Which of the following is a primary security advantage of retaining critical systems on-premises?
View
Which of the following best describes the purpose of replication in a security architecture context?
View
A security administrator is configuring a new web application firewall (WAF) to protect a critical web server. The administrator's primary goal is to prevent any potential security breach, even if the WAF itself malfunctions or loses power. Which failure mode should be configured to ensure the server remains protected by blocking all traffic in the event of a WAF failure?
View
As a security architect, your company is expanding into new markets and is now subject to different regional regulations regarding data sovereignty. You must ensure that customer information never leaves the required legal borders. Which of the following methods is the MOST effective for meeting these data-sovereignty requirements?
View
A security architect is creating a resilience plan for a new hybrid cloud deployment. The architect has noted that ensuring patch availability from all third-party vendors is a critical consideration. What is the primary security-related justification for this emphasis on patch availability?
View
An organization is refactoring several customer-facing applications into microservices that will run on the same Linux host. The security architect proposes deploying each microservice in its own container instead of separate virtual machines. From a security perspective, what is the main advantage this approach provides?
View
A security analyst reviews a report on a recent cyber attack against a major government contractor. The attack was extremely sophisticated, persistent, and used custom-built malware that required a large team and significant funding to develop. The primary motive appears to be espionage. Which threat actor is MOST likely responsible for this attack?
View
Which term describes the requirement to control access to data based on the physical location of the user accessing the data or the location of the data processing?
View
Which type of malware is specifically designed to gain unauthorized access, hide its presence from users and system processes, and often maintain continued privileged, root-level access to the operating system?
View
During a routine security audit, the administrator discovers that two different archived log files produce the *exact* same SHA-1 hash value, even though their contents differ. Which type of cryptographic attack does this finding most likely indicate?
View
As a system administrator for a medium-sized corporation, you notice an unusual email being circulated within the company. The email in question appears to be from the CEO requesting urgent wire transfers to a new vendor due to an alleged internal system audit. What immediate action should you take to mitigate the risks?
View
A company has recently deployed a new IoT device in their network. During the security assessment, it was found that the device is still using default credentials. Which of the following actions is the BEST immediate step to mitigate the potential exploitation of this device?
View
An employee of a financial institution receives a text message prompting them to urgently verify their login credentials due to suspicious account activities by clicking on a link provided in the message. The employee was not expecting any such communication and finds the request unusual. To best describe this situation, which of the following terms is most applicable?
View
During a routine audit, your security team has discovered an unauthorized active directory tool being used by the marketing department to synchronize contact information across platforms. The team suspects that this is a case of Shadow IT. What is the PRIMARY risk associated with this discovery?
View
An employee in your organization received a call from an individual claiming to be from the IT department. The caller stated they were conducting routine security checks and needed the employee's username and password to ensure his account is secure. The caller is exceptionally polite and knowledgeable about company protocols. Which type of social engineering attack is MOST likely occurring?
View
An organization plans to engage a third-party vendor to offload the maintenance of a non-core business application, intending to reduce its burden of patch management and system upgrades. To ensure the organizational risk is appropriately managed, which of the following is the BEST approach?
View
An e-commerce company suddenly experiences severe website slowdowns during a holiday sale. The security analyst observes millions of connection requests per second originating from thousands of unrelated IP addresses worldwide, quickly saturating the site's bandwidth and preventing legitimate customers from loading pages. Which type of network attack is most likely in progress?
View
Your company is in the process of expanding its operations into a new country. As the security architect, you are tasked with ensuring compliance with data handling regulations specific to the new location. Which of the following strategies should be your primary focus to maintain adherence to data sovereignty requirements concerning the storage and processing of customer data?
View
A company's web server has become unreachable. Network analysis reveals a massive influx of traffic from thousands of geographically dispersed IP addresses, far exceeding normal levels. Legitimate users are unable to access the company's website. Which type of network attack does this scenario describe?
View
Your organization relies on a variety of hardware components from multiple vendors to maintain its data center operations. Recently, a widespread vulnerability was discovered in the supply chain affecting a specific model of server motherboards used in your data center. What is the most effective initial action to mitigate the risk associated with this vulnerability?
View
Your organization has recently implemented a new policy to ensure that all employees' workstations receive the latest security patches. As the IT Security Specialist, you are tasked with enforcing this policy. Which of the following hardening techniques would best ensure that all workstations are kept up-to-date with the latest security patches?
View
In a Zero Trust model, which component focuses on deciding who or what may connect to specific resources, based on compliance with the organization's security policies?
View
An IT security manager has noticed a recent uptick in confidential information being leaked through casual conversations on the company's authorized instant messaging (IM) platform. While reviewing the IM security policies, what should the manager implement to reduce the risk of data leakage through IM chats?
View
Which process is used to identify the difference between the current security measures and the desired state of security within an organization?
View
A security professional is assessing the network infrastructure of a company and discovers that wireless access points are broadcasting an open network without any form of encryption. What is the BEST action to improve the security posture regarding this finding?
View
A company's security team is implementing various encryption strategies to protect the organization's data at rest. If they need to ensure the confidentiality of entire drives on employees' laptops which could be easily stolen or lost, which encryption method would be most appropriate?
View
An organization is still using several workstations that run an operating system whose vendor ended support last year. Which of the following security concerns is MOST directly associated with continuing to operate this unsupported system?
View
During an audit, inspectors discovered that maintenance personnel without the required security clearance were routinely allowed into a secure data center. Which security control should be strengthened to prevent this unauthorized entry?
View
When a digital certificate needs to be invalidated prior to its expiration, which of the following is updated to indicate that this certificate should no longer be trusted?
View
A financial organization's security team has detected a significant increase in phishing attempts against its employees. In response to this threat, the team has decided to employ a mechanism that verifies the identity of email senders and checks if the emails are from trusted sources before reaching the employees. Which type of security control is the team MOST likely implementing?
View
A systems administrator has just implemented a new feature into the company's web application. The following week, a security patch is released for the software version that was used to develop the feature. What action should the administrator take to keep the application current while minimizing risk to service stability?
View
A security analyst is revising their company's security strategy to better protect its network. The analyst has been tasked with implementing a solution that can actively identify and log security breaches in real-time. Which of the following controls would best fulfill this requirement?
View
Which of the following physical security measures is primarily used to monitor and record activity for later review?
View
Which of the following statements best describes symmetric encryption, as opposed to asymmetric encryption, in a cryptographic system?
View
Which type of security control is primarily used to identify unauthorized access or activities on a network?
View
A financial company has decided to implement an additional security layer for accessing its internal customer database system to ensure that only authenticated and authorized employees can view sensitive customer information. The system now requires an access code from a hardware token in addition to the username and password. This change primarily strengthens which element of AAA?
View
As the Chief Information Security Officer (CISO) at a growing fintech company, you are overseeing the implementation of various security measures to safeguard your organization's confidential financial data. After analyzing potential threats, you decide to implement a security control that will ensure real-time surveillance and alerting in the event of unauthorized access attempts to your data stores. Which type of security control best aligns with this requirement?
View
During a security audit, you discover that the user-account table in a legacy application stores only the SHA-256 hash of each password. You want to lessen the chance that two users with the same password will create an identical stored value and to render rainbow-table attacks impractical. Which additional technique should you apply to each password before hashing it?
View
An organization's security policy states that the company must be able to access an employee's encrypted files if the employee is unavailable or forgets their encryption key password. Which of the following cryptographic concepts should be implemented to meet this requirement?
View
An organization publishes an acceptable-use policy that outlines how employees may access and utilize company resources. Which type of security control does this policy represent?
View
Which document should describe the formal steps employees must follow to request, review, approve, and record changes to an organization's information systems?
View
Which of the following best describes the primary purpose of an Acceptable Use Policy (AUP) in an organization?
View
Which type of policy specifies the proper use of IT resources, including computers, networks, and data within an organization?
View
During an organization's security policy review meeting, it was observed that there is currently no formal policy pertaining to the acceptable use of organizational assets and network resources. As part of establishing robust security governance within the company, which of the following policies should be proposed and implemented first to address this issue?
View
A company's change management procedure requires that any modifications to the IT infrastructure undergo a review process. Before final approval, which document should primarily guide the decision on whether the change is in line with organizational security policies and standards?
View
A network administrator notices that an employee is using a significant amount of internet bandwidth by streaming high-definition videos for personal entertainment during work hours. This activity is slowing down the network for other users who are performing business-critical tasks. Which of the following policies should the administrator consult to determine if this is a violation and what the appropriate response should be?
View
A security manager is establishing a formal security program. The manager needs to create a high-level document that defines the organization's security goals and mandates the creation of more detailed documents, such as a Disaster Recovery Plan and an Incident Response Plan. Which of the following governance documents should the manager create FIRST to serve this purpose?
View
Which of the following BEST describes how an organization should manage security risk associated with a third-party vendor after the contract has been signed?
View
An organization is assembling its enterprise risk register. Which of the following elements should be documented for each listed risk so the team receives an early warning when the likelihood or impact of that risk begins to increase?
View
Which of the following best describes how often an organization should review its information security policies to ensure they remain effective over time?
View
During an audit of the company's security governance, it is noted that there is no formal process for adding and removing user access when employees join or leave the company. As a security professional, which of the following would BEST address this deficiency?
View
Loading...
Loading...
Loading...
Let's get started
Create an account or sign in to access our study materials.
We'll email you a magic code for a password-free sign in. Or you can sign in using a login provider below.
OR
Continue with Google
Continue with Apple
Continue with Facebook
Continue with LinkedIn
Continue with Discord
Continue with Amazon
