- All Exams Instant Download
Which of the following should be done next?
A security practitioner completes a vulnerability assessment on a company’s network and finds several vulnerabilities, which the operations team remediates. Which of the following should be done next?A . Conduct an audit.B . Initiate a penetration test.C . Rescan the network.D . Submit a report.View AnswerAnswer: C Explanation: After completing...
Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?
Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?A . Risk toleranceB . Risk transferC . Risk registerD . Risk analysisView AnswerAnswer: C Explanation: A risk register is a document that records and tracks the risks associated with a project, system,...
Which of the following options is the most appropriate?
A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?A . Testing input validation on the user input fieldsB . Performing code signing on company-developed softwareC . Performing static code analysis on the softwareD ....
Which of the following best describes the program the company is setting up?
A company is expanding its threat surface program and allowing individuals to security test the company’s internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?A . Open-source intelligenceB . Bug bountyC . Red teamD...
Which of the following types of sites is the best for this scenario?
An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?A . Real-time recoveryB . HotC . ColdD . WarmView AnswerAnswer: C Explanation: A cold...
Which of the following security techniques is the IT manager setting up?
An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?A . HardeningB . Employee monitoringC . Configuration...
Which of the following social engineering techniques are being attempted?
An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Choose two.)A . TyposquattingB . PhishingC . ImpersonationD . VishingE . SmishingF . MisinformationView AnswerAnswer: B E Explanation:...
Which of the following fulfills this request?
4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization’s network. Which of the following fulfills this request?A . access-list inbound deny ig source 0.0.0.0/0 destination 10.1.4.9/32B . access-list inbound deny ig source 10.1.4.9/32 destination 0.0.0.0/0C . access-list inbound permit ig...
Which of the following types of controls is the company setting up?
A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis. Which of the following types of controls is the company setting up?A . CorrectiveB . PreventiveC . DetectiveD . DeterrentView AnswerAnswer: C Explanation: A detective control is a...
Which of the following types of infections is present on the systems?
An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of.ryk. Which of the following types of infections is present on the systems?A . VirusB . TrojanC . SpywareD . RansomwareView AnswerAnswer: D Explanation: Ransomware is a type of...
