Which of the following factors are the most important to address when formulating a training curriculum plan for a security awareness program? (Select two).

Which of the following factors are the most important to address when formulating a training curriculum plan for a security awareness program? (Select two).A . Channels by which the organization communicates with customersB . The reporting mechanisms for ethics violationsC . Threat vectors based on the industry in which the...

May 19, 2025 No Comments READ MORE +

Which of the following best addresses the risks associated with procuring counterfeit hardware?

A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware?A . A thorough analysis of the supply chainB . A legally enforceable corporate acquisition policyC . A right to audit clause in vendor contracts and SOWsD...

May 19, 2025 No Comments READ MORE +

Which of the following documents should the company provide to the client?

A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following documents should the company provide to the client?A . MSAB . SLAC . BPAD . SOWView AnswerAnswer: D Explanation: An ISOW is a document that outlines...

May 18, 2025 No Comments READ MORE +

Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?

Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?A . Risk toleranceB . Risk transferC . Risk registerD . Risk analysisView AnswerAnswer: C Explanation: A risk register is a document that records and tracks the risks associated with a project, system,...

May 18, 2025 No Comments READ MORE +

Which of the following is a primary security concern for a company setting up a BYOD program?

Which of the following is a primary security concern for a company setting up a BYOD program?A . End of lifeB . Buffer overflowC . VM escapeD . JailbreakingView AnswerAnswer: D Explanation: Jailbreaking is a primary security concern for a company setting up a BYOD (Bring Your Own Device) program....

May 18, 2025 No Comments READ MORE +

Which of the following should the hosting provider consider first?

A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations. Which of the following should the hosting provider consider first?A . Local data protection regulationsB . Risks from hackers residing in other countriesC . Impacts to existing contractual obligationsD . Time zone differences in log correlationView...

May 17, 2025 No Comments READ MORE +

Which of the following would be the best solution?

An engineer needs to find a solution that creates an added layer of security by preventing unauthorized access to internal company resources. Which of the following would be the best solution?A . RDP serverB . Jump serverC . Proxy serverD . HypervisorView AnswerAnswer: B Explanation: = A jump server is...

May 15, 2025 No Comments READ MORE +

Which of the following is required for an organization to properly manage its restore process in the event of system failure?

Which of the following is required for an organization to properly manage its restore process in the event of system failure?A . IRPB . DRPC . RPOD . SDLCView AnswerAnswer: B Explanation: A disaster recovery plan (DRP) is a set of policies and procedures that aim to restore the normal...

May 15, 2025 No Comments READ MORE +

Which of the following logs should the analyst use as a data source?

A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee’s corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst...

May 14, 2025 No Comments READ MORE +

Which of the following describes the reason root cause analysis should be conducted as part of incident response?

Which of the following describes the reason root cause analysis should be conducted as part of incident response?A . To gather loCs for the investigationB . To discover which systems have been affectedC . To eradicate any trace of malware on the networkD . To prevent future incidents of the...

May 14, 2025 No Comments READ MORE +