Confidentiality - Data should be accessed and read by authorized users only

Integrity - Data should never be altered or compromised

Availability - Only Legitimate requests should be allowed to access data

Actions in Order
1. Containment
2. Isolation
3. Quarantine
4. Treatment

Which classification of security alert is the greatest threat to an organization because it

represents undetected explicit
False positive

You are working with the senior administration team to identify which risks are
acceptable
Which phrase of risk management are you in?
Determining a risk profile

You work for a community health care organization that uses an electronic health record
(FHR) system. You need to implement the physical and technical safeguards required
by HIMAA
Which two approach should you use to verify that the FHR system is compliant with
those safeguards? (Choose 2)
IT auditing
Penetration Testing

What is the purpose of a hypervisor?

It creates and runs virtual machines
Move each cybersecurity tool from the list on the left to the correct location on the
Vulnerability Management Process diagram on the right.
Discover – Nessus Scanner, CVSS
Prioritize – Nmap
Remediate – Patch Management Software, Windows Auto update

What does hashing provide for data communication?

Data Integrity

While conducting a risk evaluation at your company, you identify risks that are related to
the web server located in the office. The risks include hardware and software failure as
well as web service interruption caused by cyberattacks. You recommend purchasing
insurance and a maintenance contract to help mitigate the risks.
Risk transfer

You are a security technician. You just completed a full scan of a Windows 10 PC.
Where should you go to view the scan result?
Windows Security

Which activity by an adversary is an example of an exploit that is attempting to gain

user credentials?
Sending an email with a link to a fictitious web portal login page

You need to allow employees to access your company’s secure network from their
homes
Which type of security should you implement?
VPN
Move each Windows host log type from the list on the left to the correct description on
the right.
Contain events that are received from programs running on the device –
Application Logs
Record information about software installation and operating system update –
Setup Logs
List events generated by the operation of hardware, drivers, and processes –
System Logs
Record the success or failure of audit policy events – Security Logs

You are a security analyst. You are reviewing output from the SIEM. You notice an alert
concerning malicious files detected the IDS. After reviewing the user device, and
posture information, you determine that it is a valid incident.
What should you do next?
Update the documentation to include the new alert information.

Customers of an online shopping store are complaining that they cannot visit the
website. As an IT technician, you restart the website. After 30 minutes, the website
crashers again. You suspect the website has experienced a cyber attack.
Which type of cybersecurity threat should you investigate?
Denial of Service

Move the appropriate control measures from the list on the left to the correct
descriptions on the right. You may use each control measure once, more than once, or
not at all
Discover unwanted events – Detective Measures
Avert an occurrence of an event – Preventive Measure
Restore a system after an event – Corrective Measure

Which data type is protected through hard disk encryption?

Data at rest
After an administrator an operating system update on a laptop, the laptop user can no
longer print to their wireless printer.
What should solve the issue?
Install a new device driver for the wireless printer

A corporation hires a group of experienced cyber criminals to create a prolonged and in-
depth presence on the network of a computer. This presence will allow the corporation
to steal or sabotage sensitive data from their computer.
Which type of attack does this scenario describe?
APT

Which two basic metrics should be taken into consideration when assigning a severity
to a vulnerability during an assessment?
The impacts that an exploit of the vulnerability will have on the organization
The time involved in choosing replacement software to replace older systems

Which two private IPv4 addresses would be blocked on the internet to prevent security
and performance issues?
[Link]
[Link]

Which activity is an example of active reconnaissance performed during a penetration

test?
Performing an Nmap port scan on the LAN to determine types of connected
devices and open ports

You need to transfer configuration files to a router across an unsecured network.

Which protocol should you use to encrypt the files in transit?
TFTP
What are two disadvantages of public vulnerability databases?
It can take a long time for reported vulnerabilities to be investigated and
approved for addition to the databases.
It is costly for intelligence analysts to document and submit newly discovered
vulnerabilities.

Move each cybersecurity term from the list on the left to the correct description on the
right.
People, property, data - Asset
An action that causes a negative impact - Risk
The potential for loss, damage, or destruction - Threat
A weakness that potentially exposes organizations to cyber attacks - Vulnerability

For each statement, select True if the statement adheres to the cybersecurity code of
ethics or False if it does not.
A security analyst may user a disgruntled employee's network credentials to
monitor behavior – True
A security analyst may access employee data on a company server if authorized.
– True
A security analyst may share sensitive data with unauthorized users. – False

What enables the network security team to keep track of the operating systems
versions, security updates, and patches on end users' devices?
Asset management

The employees in the accounting department of a company receive an email about the
latest federal accounting regulations. This email contains a hyperlink to register for a
webinar that provides the latest updates on financial transaction security. The webinar is
hosted by a government agency. As a security officer, you notice that the hyperlink
points to an unknown party.
Spear phishing
Several staff members are experiencing unexplained computer crashes and many
unwanted pop-up messages. Which two actions should you take immediately to
address the problem without impacting the data?
Deploy a policy to install and automatically update antivirus and anti-malware
software.
Scan affected workstations and remove malware.

What are two natural disasters that would cause a company to implement a disaster
recovery plan?
Volcanic Eruptions
Floods

Your home network seems to have slowed down considerably. You look at the home
router GUI and notice that an unknown host is attached to the network. What should
you do to prevent this specific host from attaching to the network again?
Implement MAC address filtering.

Move each NIST Incident Response Lifecycle phase from the list on the left to the
correct description on the right.
Mitigates the impact of the incident - Containment, Eradication, and Recovery
Reports the cause and cost of the incident and the steps to prevent future
incidents – Post-Incident activity
Evaluates incident indicators to determine whether they are legitimate attacks
and alerts the organization of the incidents - Detection and Analysis
Establishes an incident response capability to ensure that organizational assets
are sufficiently secure – Preparation

In order to do online banking, you enter a strong password and then enter the 5-digit
code sent to you on your smartphone. Which type of authentication does this situation
describe?
Multifactor
Which wireless encryption technology requires AES to secure home wireless networks?
WPA2

Which command displays both the configured DNS server information and the IP
address resolution for a URL?
nslookup

A system on your network is experiencing slower than usual response times. In order to
gather information about the status of the system, you issue the netstat - I command to
display all the TCP ports that are in the Listening state. What does the Listening state
indicate about these ports?
The ports are open on the system and are waiting for connections.

You need to filter the websites that are available to employees on the company network.
Which type of device should you deploy?
Proxy server

A security analyst discovers that a hacker was able to gain root access to an enterprise
Linux server. The hacker accessed the server as a guest, used a program to bypass the
root password, and then killed essential server processes as the root user. Which type
of endpoint attack is this?
Privilege scalation

Your organization's SIEM system alerts you that users are connecting to an unusual
URL. You need to determine whether the URL is malicious and what type of threat it
represents. What should you do?
Submit the URL to a threat intelligence portal for analysis

Move each framework from the list on the left to the correct purpose on the right.
Protects the personal information of members of the European Union - GDPR
Protects the healthcare information of individuals - HIPAA
Protects the credit card information of individuals - PCI-DSS
Protects the educational records of individuals - FISMA
Protects information about individuals that is stored be federal agencies – FERPA

A cybersecurity analyst is investigating an unknown executable file discovered on a

Linux desktop computer. The analyst enters the following command in the terminal: ls -l
What is the purpose of this command?
To display the file permissions and ownership of the executable file

Several employees complain that the company intranet site is no longer accepting their
login information. You attempt to connect by using the URL and notice some
misspellings on the site. When you connect by using the IP address, the site functions
normally. What should you do?
Verify the accuracy of the entry for the site in the local DNS server

You work for a community health care organization that uses an electronic health record
(EHR) system. You have implemented the physical and technical safeguards required
by HIPAA. You need to prove that the EHR system is compliant with those safeguards.
Which two approaches should you use to verify the system is compliant?
IT Auditing
Security awareness training

You are monitoring the syslog server and observe that the DNS server is sending
messages with a Warning severity. What do these messages indicate about the
operation of the DNS server?
A condition exists that will cause errors in the future if the issue is not fixed

What should you create to prevent spoofing on the internal network?

A NAT rule