Which of the following policies would help an organization identify and mitigate potential single points of failure in the company’s IT/security operations? A. Least privilege B. Awareness training C. Separation of duties D. Mandatory vacation

An organization has implemented a two-step verification process to protect user access to data that is stored in the cloud. Each employee now uses an email address or mobile number to receive a code to access the data. Which of the following authentication methods did the organization implement? A. Token key B. Static code C. […]

Which of the following explains why a vulnerability scan might return a false positive? A. The scan is performed at a time of day when the vulnerability does not exist. B. The test is performed against the wrong host. C. The signature matches the product but not the version information. D. The hosts are evaluated […]

A company recently experienced a security incident in which its domain controllers were the target of a DoS attack. In which of the following steps should technicians connect domain controllers to the network and begin authenticating users again? A. Preparation B. Identification C. Containment D. Eradication E. Recovery F. Lessons learned

A company uses an enterprise desktop imaging solution to manage deployment of its desktop computers. Desktop computer users are only permitted to use software that is part of the baseline image. Which of the following technical solutions was MOST likely deployed by the company to ensure only known-good software can be installed on corporate desktops? […]

Ann, a security administrator, has been instructed to perform fuzz-based testing on the company’s applications. Which of the following best describes what she will do? A. Enter random or invalid data into the application in an attempt to cause it to fault B. Work with the developers to eliminate horizontal privilege escalation opportunities C. Test […]

When performing data acquisition on a workstation, which of the following should be captured based on memory volatility? (Choose two.) A. USB-attached hard disk B. Swap/pagefile C. Mounted network storage D. ROM E. RAM

A user suspects someone has been accessing a home network without permission by spoofing the MAC address of an authorized system. While attempting to determine if an authorized user is logged into the home network, the user reviews the wireless router, which shows the following table for systems that are currently on the home network. […]

An organization finds that most help desk calls are regarding account lockout due to a variety of applications running on different systems. Management is looking for a solution to reduce the number of account lockouts while improving security. Which of the following is the BEST solution for this organization? A. Create multiple application accounts for […]

A security consultant discovers that an organization is using the PCL protocol to print documents, utilizing the default driver and print settings. Which of the following is the MOST likely risk in this situation? A. An attacker can access and change the printer configuration. B. SNMP data leaving the printer will not be properly encrypted. […]