QUESTION 49
Which of the following would BEST identify and remediate a data-loss event in an enterprise using third-party, web-based services and file-sharing platforms?

QUESTION 50
A security analyst is hardening a network infrastructure. The analyst is given the following requirements:
– Preserve the use of public IP addresses assigned to equipment on the
core router.
– Enable “in transport `encryption protection to the web server with
the strongest ciphers.
Which of the following should the analyst implement to meet these requirements? (Select TWO).

QUESTION 51
An attacker was easily able to log in to a company’s security camera by performing a baste online search for a setup guide for that particular camera brand and model.
Which of the following BEST describes the configurations the attacker exploited?

QUESTION 52
When selecting a technical solution for identity management, an architect chooses to go from an in-house to a third-party SaaS provider. Which of the following risk management strategies is this an example of?

QUESTION 53
During an incident response, a security analyst observes the following log entry on the web server.

Which of the following BEST describes the type of attack the analyst is experience?

QUESTION 54
Per company security policy, IT staff members are required to have separate credentials to perform administrative functions using just-in-time permissions.
Which of the following solutions is the company Implementing?

QUESTION 55
A user recently entered a username and password into a recruiting application website that had been forged to look like the legitimate site Upon investigation, a security analyst the identifies the following:
* The legitimate websites IP address is 10.1.1.20 and eRecruit local resolves to the IP
* The forged website’s IP address appears to be 10.2.12.99. based on NetFtow records
* AH three at the organization’s DNS servers show the website correctly resolves to the legitimate IP
* DNS query logs show one of the three DNS servers returned a result of 10.2.12.99 (cached) at the approximate time of the suspected compromise.
Which of the following MOST likely occurred?

QUESTION 56
Developers are about to release a financial application, but the number of fields on the forms that could be abused by an attacker is troubling.
Which of the following techniques should be used to address this vulnerability?

QUESTION 57
A security engineer is setting up passwordless authentication for the first time.
INSTRUCTIONS
Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

QUESTION 58
A cybersecurity administrator needs to allow mobile BYOD devices to access network resources.
As the devices are not enrolled to the domain and do not have policies applied to them, which of the following are best practices for authentication and infrastructure security? (Select TWO).

QUESTION 59
Which of the following environments minimizes end user disruption and is MOST likely to be used to assess the impacts of any database migrations or major system changes by using the final version of the code in an operationally representative environment?

QUESTION 60
While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is alerted to a subsequent token reuse moments later on a different service using the same single sign-on method.
Which of the following would BEST detect a malicious actor?

QUESTION 61
A company’s Chief Information Security Officer (CISO) recently warned the security manager that the company’s Chief Executive Officer (CEO) is planning to publish a controversial option article in a national newspaper, which may result in new cyberattacks Which of the following would be BEST for the security manager to use in a threat mode?

QUESTION 62
A security analyst is configuring a large number of new company-issued laptops. The analyst received the following requirements:
* The devices will be used internationally by staff who travel extensively.
* Occasional personal use is acceptable due to the travel requirements.
* Users must be able to install and configure sanctioned programs and productivity suites.
* The devices must be encrypted
* The devices must be capable of operating in low-bandwidth environments.
Which of the following would provide the GREATEST benefit to the security posture of the devices?

QUESTION 63
A security researching is tracking an adversary by noting its attack and techniques based on its capabilities, infrastructure, and victims. Which of the following is the researcher MOST likely using?

QUESTION 64
An analyst visits an internet forum looking for information about a tool. The analyst finds a threat that appears to contain relevant information. One of the posts says the following:

Which of the following BEST describes the attack that was attempted against the forum readers?

QUESTION 65
A security analyst sees the following log output while reviewing web logs:

Which of the following mitigation strategies would be BEST to prevent this attack from being successful?

QUESTION 66
During an investigation, a security manager receives notification from local authorities mat company proprietary data was found on a former employees home computer, The former employee’s corporate workstation has since been repurposed, and the data on the hard drive has been overwritten Which of the following would BEST provide the security manager with enough details to determine when the data was removed from the company network?

QUESTION 67
Acritical file server is being upgraded and the systems administrator must determine which RAID level the new server will need to achieve parity and handle two simultaneous disk failures. Which of the following RAID levels meets this requirements?

QUESTION 68
Users at organization have been installing programs from the internet on their workstations without first proper authorization. The organization maintains a portal from which users can install standardized programs. However, some users have administrative access on their workstations to enable legacy programs to function property. Which of the following should the security administrator consider implementing to address this issue?

QUESTION 69
Which of the following should be put in place when negotiating with a new vendor about the timeliness of the response to a significant outage or incident?

QUESTION 70
A network administrator needs to build out a new datacenter, with a focus on resiliency and uptime. Which of the following would BEST meet this objective? (Choose two.)

QUESTION 71
A grocery store is expressing security and reliability concerns regarding the on-site backup strategy currently being performed by locally attached disks. The main concerns are the physical security of the backup media and the durability of the data stored on these devices.
Which of the following is a cost-effective approach to address these concerns?