Dive into practice questions
Question 1
A data privacy officer is reviewing the data classification guide and would like to ensure the proper encryption methods are enforced for each of the following classification levels:
| Classification level | Data elements |
| High | first name, last name, address, phone number, Intellectual Property |
| Med | IP, system names |
| Low | internal marketing material and product demos |
Which of the following should be recommended for each classification level?
A.
| Classification level | |
| High | encryption at rest, encryption in transit |
| Med | encryption in transit, encryption in use |
| Low | encryption at rest, encryption in transit |
B.
| Classification level | |
| High | encryption in transit, encryption in use |
| Med | encryption in transit |
| Low | encryption at rest, encryption in use |
C.
| Classification level | |
| High | encryption at rest, encryption in transit, encryption in use |
| Med | encryption at rest, encryption in transit |
| Low | encryption at rest |
D.
| Classification level | |
| High | encryption in transit |
| Med | encryption at rest, encryption in use |
| Low | encryption at rest |
Question 2
A manufacturer is developing new firmware for some products and will utilize measured boot for all firmware. Which of the following best explains this approach?
A. Each firmware update can be validated by the stored TPM values.
B. There is assurance that the firmware loading process has not been tampered with.
C. Only firmware that has been signed by the manufacturer will be loaded.
D. Specific configurations will be enforced when device software is loaded.
Question 3
A chief information security officer assigns a team to create malicious communications for a social engineering campaign. The purpose of this campaign is to determine the number of employees who might be susceptible to social engineering attacks.
| Department | Click rate |
| Sales | 31% |
| Marketing | 42% |
| Operations | 71% |
| Finance | 82% |
Which of the following training modules would reduce click rates in the future?
A. Phishing
B. Whaling
C. Smishing
D. Tailgating
Question 4
A security engineer is performing threat modeling for an AI training architecture. The architecture implements a CI/CD pipeline to train a new AI model on a fixed schedule with live data from a back-end storage location. The engineer wants to use a threat-modeling activity to focus on the threat as it moves through the CI/CD pipeline to the production environment. Which of the following is the most appropriate action for the engineer to take?
A. Identify trust boundaries.
B. Execute automated code reviews.
C. Map to OWASP Top 10.
D. Document data flows.
Question 5
A systems administrator works with engineers to process and address vulnerabilities as a result of continuous scanning activities. The primary challenge faced by the administrator is differentiating between valid and invalid findings. Which of the following would the systems administrator most likely verify is properly configured?
A. Report retention time
B. Scanning credentials
C. Exploit definitions
D. Testing cadence
Question 6
A company that provides kiosk workstations wants to improve the workstations' security implementation. The company is concerned that attackers can take control of the workstations during the boot process and change the flow of the data. Which of the following solutions best addresses the concerns?
A. Setting controls to allow only specific operating systems
B. Removing any unused connection ports
C. Allowing only digitally signed modules to load
D. Creating bootloader passwords
Question 7
A security engineer wants to reduce the attack surface of a public-facing containerized application. Which of the following will best reduce the application's privilege escalation attack surface?
A. Implementing the following commands in the Dockerfile:
RUN echo user:x:1000:1000:user:/home/user:/dev/null > / etc/passwd
B. Installing an EDR on the container's host, with reporting configured to log to a centralized SIEM, and implementing the following alerting rule:
IF PROCESS_USER==root ALERT_TYPE==critical
C. Designing a multicontainer solution, with one set of containers that runs the main application, and another set of containers that performs automatic remediation by replacing compromised containers or disabling compromised accounts
D. Running the container in an isolated network and placing a load balancer in a public-facing network. Adding the following ACL to the load balancer:
PERMIT HTTPS from 0.0.0.0.0/0 port 443
Question 8
A water treatment plant uses specialized systems to control the balance of chemicals prior to adding them to the public water supply. The treatment plant has already isolated the system from both the internet and the company network. Which of the following additional controls is the best way to reduce the risk of a successful attack?
A. Implementing two-person control procedures
B. Developing insider threat training
C. Storing the chemicals behind locked doors
D. Maintaining calibration of the chemical sensor system
Question 9
A company wants to use IoT devices to manage and monitor thermostats at all facilities. The thermostats must receive vendor security updates and limit access to other devices within the organization. Which of the following best addresses the company's requirements?
A. Only allowing internet access to a set of specific domains
B. Operating IoT devices on a separate network with no access to other devices internally
C. Only allowing operation for IoT devices during a specified time window
D. Configuring IoT devices to always allow automatic updates
Question 10
A security operation analyst is reviewing the following log entries for suspicious activity:
Mar 23 18:14:23 <192.168.12.4>[564218]:failed password attempt for 'admin' from 104.18.16.28
Mar 23 18:14:43 <192.168.12.4>[564218]:failed password attempt for 'admin' from 104.18.16.29
Mar 23 18:15:13 <192.168.12.4>[564218]:failed password attempt for 'guest' from 104.18.16.29
Mar 23 18:15:35 <192.168.12.4>[564218]:failed password attempt for 'guest' from 104.18.16.28
Mar 23 18:16:21 <192.168.12.4>[564218]:failed password attempt for 'root' from 104.18.16.29
Mar 23 18:16:53 <192.168.12.4>[564218]:failed password attempt for 'root' from 104.18.16.28
Mar 24 18:16:56 <192.168.12.4>[564218]:password auth success for 'root' from 192.168.12.56
Mar 24 18:18:23 <192.168.12.4>[564218]:exit after auth('root'):exited normally
Mar 24 19:18:55 <192.168.12.4>[564218]:password auth success for 'root' from 104.18.16.28
Which of the following should the analyst do first?
A. Perform a vulnerability scan on server 192.168.12.4.
B. Search OSINT on the external IP 104.18.16.29.
C. Review host 192.168.12.56 for malicious software.
D. Disable the guest account on the host 192.168.12.4.
Answer key
Question 1: C (High: encryption at rest, encryption in transit, encryption in use; Med: encryption at rest, encryption in transit; Low: encryption at rest)
Question 10: C (Review host 192.168.12.56 for malicious software)