A small company recently developed prototype technology for a military program. The company’s security engineer is concerned about potential theft of the newly developed, proprietary information.
Which of the following should the security engineer do to BEST manage the threats proactively?
- A. Join an information-sharing community that is relevant to the company.
- B. Leverage the MITRE ATT&CK framework to map the TTP.
- C. Use OSINT techniques to evaluate and analyze the threats.
- D. Implement a network-based intrusion detection system.
A company is looking at sending historical backups containing customer PII to a cloud service provider to save on storage costs. Which of the following is the MOST important consideration before making this decision?
- A. Availability
- B. Data sovereignty
- C. Geography
- D. Vendor lock-in
A cybersecurity analyst discovered a private key that could have been exposed.
Which of the following is the BEST way for the analyst to determine if the key has been compromised?
- A. HSTS
- B. PKI
- C. CSRs
- D. OCSP
ACSP, which wants to compete in the market, has been approaching companies in an attempt to gain business, The CSP is able to provide the same uptime as other CSPs at a markedly reduced cost. Which of the following would be the MOST significant business risk to a company that signs a contract with this CSP?
- A. Resource exhaustion
- B. Geographic location
- C. Control plane breach
- D. Vendor lock-in
A forensics investigator is analyzing an executable file extracted from storage media that was submitted for evidence. The investigator must use a tool that can identify whether the executable has indicators, which may point to the creator of the file. Which of the following should the investigator use while preserving evidence integrity?
- A. ldd
- B. bcrypt
- C. SHA-3
- D. ssdeep
- E. dcfldd
A major broadcasting company that requires continuous availability to streaming content needs to be resilient against DDoS attacks. Which of the following Is the MOST important infrastructure security design element to prevent an outage?
- A. Supporting heterogeneous architecture
- B. Leveraging content delivery network across multiple regions
- C. Ensuring cloud autoscaling is in place
- D. Scaling horizontally to handle increases in traffic
A security analyst is monitoring an organization’s IDS and DLP systems for an alert indicating files were removed from the network. The files were from the workstation of an employee who was authenticated but not authorized to access the files. Which of the following should the organization do FIRST to address this issue?
- A. Provide additional security awareness training.
- B. Disable the employee’s credentials until the issue is resolved.
- C. Ask human resources to notify the employee that sensitive files were accessed.
- D. Isolate the employee’s network segment and investigate further.
In order to authenticate employees who, call in remotely, a company’s help desk staff must be able to view partial information about employees because the full information may be considered sensitive. Which of the following solutions should be implemented to authenticate employees?
- A. Data scrubbing
- B. Field masking
- C. Encryption in transit
- D. Metadata
A systems administrator was given the following IOC to detect the presence of a malicious piece of software communicating with its command-and-control server:
POST /malicious.php –
User-Agent: Malicious Tool V 1.0
Host: www.malicious.com –
The IOC documentation suggests the URL is the only part that could change. Which of the following regular expressions would allow the systems administrator to determine if any of the company hosts are compromised, while reducing false positives?
- A. User-Agent: Malicious Tool.*
- B. www\.malicious\.com\/malicious.php
- C. Post /malicious\.php
- D. Host: [a-z]*\.malicious\.com
- E. malicious.*
A security consultant has been asked to identify a simple, secure solution for a small business with a single access point. The solution should have a single SSID and no guest access. The customer facility is located in a crowded area of town, so there is a high likelihood that several people will come into range every day. The customer has asked that the solution require low administrative overhead and be resistant to offline password attacks. Which of the following should the security consultant recommend?
- A. WPA2-Preshared Key
- B. WPA3-Enterprise
- C. WPA3-Personal
- D. WPA2-Enterprise