A desktop support technician recently installed a new document-scanning software program on a computer However, when the end user tried to launch the program, it did not
respond. Which of the following is MOST likely the cause?

A.

A new firewall rule is needed to access the application

B.

The system was quarantined for missing software updates

C.

The software was not added to the application whitelist

D.

The system was isolated from the network due to infected software

A scurity analyst must enforce policies to harden an MDM infrastructure. The requirements are as follows:

* Ensure mobile devices can be tracked and wiped.
* Confirm mobile devices are encrypted.

Which of the following should the analyst enable on all the devices to meet these requirements?

A.

Geofencing

B.

Biometric authentication

C.

Geolocation

D.

Geotagging

Which of the following represents a biometric FRR?

A.

Authorized users being denied access

B.

Users failing to enter the correct PIN

C.

The denied and authorized numbers being equal

D.

The number of unauthorized users being granted access

Which of the following holds staff accountable while escorting unauthorized personnel?

A.

Locks

B.

Badges

C.

Cameras

D.

Visitor logs

A security analyst must determine if either SSH or Telnet is being used to log in to servers. Which of the following should the analyst use?

A.

logger

B.

Metasploit

C.

tcpdump

D.

netstat

An engineer needs to deploy a security measure to identify and prevent data tampering within the enterprise. Which of the following will accomplish this goal?

A.

Antivirus

B.

IPS

C.

FTP

D.

FIM

The SIEM at an organization has detected suspicious traffic coming a workstation in its
internal network. An analyst in the SOC the workstation and discovers malware that is
associated with a botnet is installed on the device A review of the logs on the workstation
reveals that the privileges of the local account were escalated to a local administrator. To
which of the following groups should the analyst report this real-world event?

A.

The NOC team

B.

The vulnerability management team

C.

The CIRT

D.

The read team

A recent security assessment revealed that an actor exploited a vulnerable workstation
within an organization and has persisted on the network for several months. The
organization realizes the need to reassess Its security.
Strategy for mitigating risks within the perimeter Which of the following solutions would
BEST support the organization's strategy?

A.

FIM

B.

DLP

C.

EDR

D.

UTM

Which of the following terms should be included in a contract to help a company monitor
the ongoing security maturity of a new vendor?

A.

A right-to-audit clause allowing for annual security audits

B.

Requirements for event logs to be kept for a minimum of 30 days

C.

Integration of threat intelligence in the company's AV

D.

A data-breach clause requiring disclosure of significant data loss

A network administrator is concerned about users being exposed to malicious content
when accessing company cloud applications. The administrator wants to be able to block
access to sites based on
the AUP. The users must also be protected because many of them work from home or at
remote locations, providing on-site customer support. Which of the following should the
administrator employ to meet these criteria?
meet these criteria?

A.

Implement NAC.

B.

Implement an SWG.

C.

Implement a URL filter.

D.

Implement an MDM.

A security researcher is attempting to gather data on the widespread use of a Zero-day
exploit. Which of the following will the researcher MOST likely use to capture this data?

A.

A DNS sinkhole

B.

A honeypot

C.

A vulnerability scan

D.

cvss

A company has discovered unauthorized devices are using its WiFi network, and it wants
to harden the access point to improve security. Which of the following configuration should
an analyst enable to improve security? (Select Two)

A.

RADIUS

B.

PEAP

C.

WPS

D.

WEP-TKIP

E.

SSL

F.

WPA2-PSK