Practice Exam B

Performance-Based Questions
Practice Exam B
Multiple Choice Questions
B6. A security administrator has performed an audit of the organization’s production web servers, and
the results have identified banner information leakage, web services running from a privileged account,
and inconsistencies with SSL certificates. Which of the following would be the BEST way to resolve these
issues?
❍ A. Server hardening ❍ C. Enable HTTPS
❍ B. Multi-factor authentication ❍ D. Run operating system updates

B7. A shipping company stores information in small regional warehouses around the country. The
company keeps an IPS online at each warehouse to watch for suspicious traffic patterns. Which of the
following would BEST describe the security control used at the warehouse?
❍ A. Administrative ❍ C. Physical
❍ B. Compensating ❍ D. Detective

B8. The Vice President of Sales has asked the IT team to create daily backups of the sales data. The Vice
President is an example of a:
❍ A. Data owner ❍ C. Data steward
❍ B. Data protection officer ❍ D. Data processor

B9. A security engineer is preparing to conduct a penetration test. Part of the preparation involves
reading through social media posts for information about a third-party website. Which of the following
describes this practice?
❍ A. Partially known environment ❍ C. Exfiltration
❍ B. OSINT ❍ D. Active footprinting

B10. A company would like to automate their response when a virus is detected on company devices.
Which of the following would be the BEST way to implement this function?
❍ A. Active footprinting ❍ C. Vulnerability scan
❍ B. IaaS ❍ D. SOAR

B11. A user in the accounting department has received an email from the CEO requesting payment for a
recently purchased tablet. However, there doesn't appear to be a purchase order associated with this
request. Which of the following would be the MOST likely attack associated with this email?
❍ A. Spear phishing ❍ C. Invoice scam
❍ B. Watering hole attack ❍ D. Credential harvesting

B12. A company has been informed of a hypervisor vulnerability that could allow users on one virtual
machine to access resources on another virtual machine. Which of the following would BEST describe
this vulnerability?
❍ A. Containerization ❍ C. SDN
❍ B. Service integration ❍ D. VM escape
B13. While working from home, users are attending a project meeting over a web conference. When
typing in the meeting link, the browser is unexpectedly directed to a different website than the web
conference. Users in the office do not have any issues accessing the conference site. Which of the
following would be the MOST likely reason for this issue?
❍ A. Bluejacking ❍ C. DDoS
❍ B. Wireless disassociation ❍ D. DNS poisoning

B14. A company is launching a new internal application that will not start until a username and
password is entered and a smart card is plugged into the computer. Which of the following BEST
describes this process?
❍ A. Federation ❍ C. Authentication
❍ B. Accounting ❍ D. Authorization

B15. An online retailer is planning a penetration test as part of their PCI DSS validation. A third-party
organization will be performing the test, and the online retailer has provided the Internet-facing IP
addresses for their public web servers but no other details. What penetration testing methodology is the
online retailer using?
❍ A. Known environment ❍ C. Partially known environment
❍ B. Passive footprinting ❍ D. Ping scan

B16. A manufacturing company makes radar used by commercial and military organizations. A recently
proposed policy change would allow the use of mobile devices inside the facility. Which of the following
would be the MOST significant security issue associated with this change in policy?
❍ A. Unauthorized software on rooted devices ❍ C. Out of date mobile operating systems
❍ B. Remote access clients on the mobile ❍ D. Photo and video use
devices

B17. A company is designing an application that will have a high demand and will require significant
computing resources during the summer. During the winter, there will be little to no application use and
resource use should be minimal. Which of these characteristics BEST describe this application
requirement?
❍ A. Availability ❍ C. Imaging
❍ B. Orchestration ❍ D. Elasticity

B18. Vala, a security analyst, has received an alert from her IPS regarding active exploit attempts from
the Internet. Which of the following would provide detailed information about these exploit attempts?
❍ A. Netstat ❍ C. Nessus
❍ B. Nmap ❍ D. Wireshark
B19. A user in the accounting department would like to send a spreadsheet with sensitive information to
a list of thirdparty vendors. Which of the following could be used to transfer this spreadsheet to the
vendors?
❍ A. SNMPv3 ❍ C. DNSSEC
❍ B. SRTP ❍ D. FTPS

B20. A system administrator would like to segment the network to give the marketing, accounting, and
manufacturing departments their own private network. The network communication between
departments would be restricted for additional security. Which of the following should be configured on
this network?
❍ A. VPN ❍ C. VLAN
❍ B. RBAC ❍ D. NAT

B21. A technician at an MSP has been asked to manage devices on third-party private network. The
technician needs command line access to internal routers, switches, and firewalls. Which of the
following would provide the necessary access?
❍ A. HSM ❍ C. NAC
❍ B. Jump server ❍ D. Air gap

B22. A transportation company is installing new wireless access points in their corporate offices. The
manufacturer estimates that the access points will operate an average of 100,000 hours before a
hardware-related outage. Which of the following describes this estimate?
❍ A. MTTR ❍ C. RTO
❍ B. RPO ❍ D. MTBF

B23. A security administrator has been asked to create a policy that would prevent access to a secure
area of the network. All users who are not physically located in the corporate headquarters building
would be prevented from accessing this area. Which of these should the administrator use?
❍ A. WAF ❍ C. Geofencing
❍ B. VPN ❍ D. Proxy

B24. Which of the following would be considered multifactor authentication?

❍ A. PIN and fingerprint ❍ C. Username, password, and email address
❍ B. USB token and smart card ❍ D. Face scan and voiceprint

B25. Sam, a security administrator, is configuring the authentication process used by technicians when
logging into a router. Instead of using accounts that are local to the router, Sam would like to pass all
login requests to a centralized database. Which of the following would be the BEST way to implement
this requirement?
❍ A. PAP ❍ C. IPsec
❍ B. RADIUS ❍ D. MS-CHAP
B26. A recent audit has determined that many IT department accounts have been granted Administrator
access. The audit recommends replacing these permissions with limited access rights. Which of the
following would BEST describe this policy?
❍ A. Separation of duties ❍ C. Least privilege
❍ B. Offboarding ❍ D. Discretionary Access Control

B27. A recent security audit has discovered email addresses and passwords located in a packet capture.
Which of the following did the audit identify?
❍ A. Weak encryption ❍ C. Insecure protocols
❍ B. Improper patch management ❍ D. Open ports

B28. A company has connected their wireless access points and have enabled WPS. Which of the
following security issues would be associated with this configuration?
❍ A. Brute force ❍ C. Cryptographic vulnerability
❍ B. Client hijacking ❍ D. Spoofing

B29. An organization has traditionally purchased insurance to cover a ransomware attack, but the costs
of maintaining the policy have increased above the acceptable budget. The company has now decided to
cancel the insurance policies and deal with ransomware issues internally. Which of the following would
best describe this action?
❍ A. Mitigation ❍ C. Transference
❍ B. Acceptance ❍ D. Risk-avoidance

B30. Which of these threat actors would be the MOST likely to deface a website to promote a political
agenda?
❍ A. Organized crime ❍ C. Hacktivist
❍ B. Nation state ❍ D. Competitor

B31. An IPS report shows a series of exploit attempts were made against externally facing web servers.
The system administrator of the web servers has identified a number of unusual log entries on each
system. Which of the following would be the NEXT step in the incident response process?
❍ A. Check the IPS logs for any other potential ❍ C. Disable any breached user accounts
attacks ❍ D. Disconnect the web servers from the
❍ B. Create a plan for removing malware from network
the web servers

B32. A security administrator is viewing the logs on a laptop in the shipping and receiving department
and identifies these events:
8:55:30 AM | D:\Downloads\ChangeLog-5.0.4.scr | Quarantine Success
9:22:54 AM | C:\Program Files\Photo Viewer\ViewerBase.dll | Quarantine Failure
9:44:05 AM | C:\Sales\Sample32.dat | Quarantine Success
Which of the following would BEST describe the circumstances surrounding these events?
❍ A. The antivirus application identified three ❍ C. A host-based whitelist has blocked two
viruses and quarantined two viruses applications from executing
❍ B. The host-based firewall blocked two traffic ❍ D. A network-based IPS has identified two
flows known vulnerabilities

B33. In the past, an organization has relied on the curated Apple App Store to avoid the issues
associated with malware and insecure applications. However, the IT department has discovered an
iPhone in the shipping department that includes applications that are not available on the Apple App
Store. How did the shipping department user install these apps on their mobile device?
❍ A. Sideloading ❍ C. OTA updates
❍ B. MMS install ❍ D. Tethering

B34. A security administrator is designing a storage array that would maintain an exact replica of all data
without striping. The array needs to operate normally if a single drive was to fail. Which of the following
would be the BEST choice for this storage system?
❍ A. RAID 1 ❍ C. RAID 0
❍ B. RAID 5 ❍ D. RAID 10

B35. A transportation company has moved their reservation system to a cloud-based infrastructure. The
security manager would like to monitor data transfers, identify potential threats, and ensure that all
data transfers are encrypted. Which of the following would be the BEST choice for these requirements?
❍ A. VPN ❍ C. NGFW
❍ B. CASB ❍ D. DLP

B36. Which of the following control types is associated with a bollard?

❍ A. Physical ❍ C. Detective
❍ B. Corrective ❍ D. Compensating

B37. Jack, a hacker, has identified a number of devices on a corporate network that use the username of
“admin” and the password of “admin.” Which vulnerability describes this situation?
❍ A. Improper error handling ❍ C. Weak cipher suite
❍ B. Default configuration ❍ D. NULL pointer dereference

B38. A security administrator attends an annual industry convention with other security professionals
from around the world. Which of the following attacks would be MOST likely in this situation?
❍ A. Smishing ❍ C. Impersonation
❍ B. Supply chain ❍ D. Watering hole

B39. A transportation company headquarters is located in an area with frequent power surges and
outages. The security administrator is concerned about the potential for downtime and hardware
failures. Which of the following would provide the most protection against these issues? Select TWO.
❍ A. UPS ❍ C. Incremental backups
❍ B. NIC teaming ❍ D. Port aggregation
❍ E. Load balancing ❍ F. Dual power supplies

B40. An organization has developed an in-house mobile device app for order processing. The developers
would like the app to identify revoked server certificates without sending any traffic over the corporate
Internet connection. Which of the following MUST be configured to allow this functionality?
❍ A. CSR ❍ C. Key escrow
❍ B. OCSP stapling ❍ D. Hierarchical CA

B41. Sam, a security administrator, is configuring an IPsec tunnel to a remote site. Which protocol
should she enable to protect all of the data traversing the VPN tunnel?
❍ A. AH ❍ C. ESP
❍ B. Diffie-Hellman ❍ D. SHA-2

B42. A Linux administrator has received a ticket complaining of response issues with a database server.
After connecting to the server, the administrator views this information: Filesystem Size Used Avail Use
% Mounted on /dev/xvda1 158G 158G 0 100% /
Which of the following would BEST describe this information?
❍ A. Buffer overflow ❍ C. SQL injection
❍ B. Resource exhaustion ❍ D. Race condition

B43. Which of the following would limit the type of information a company can collect from their
customers?
❍ A. Minimization ❍ C. Anonymization
❍ B. Tokenization ❍ D. Masking

B44. A security administrator has identified a DoS attack against the company’s web server from an IPv4
address on the Internet. Which of the following security tools would provide additional details about the
attacker’s location? (Select TWO)
❍ A. tracert ❍ D. ipconfig
❍ B. arp ❍ E. dig
❍ C. ping ❍ F. netcat

B45. A hacker is planning an attack on a large corporation. Which of the following would provide the
attacker with details about the company’s domain names and IP addresses?
❍ A. Information sharing center ❍ C. Automated indicator sharing
❍ B. Vulnerability databases ❍ D. Open-source intelligence

B46. A security administrator is designing a network to be PCI DSS compliant. Which of the following
would be the BEST choice to provide this compliance?
❍ A. Implement RAID for all storage systems ❍ C. DNS should be available on redundant
❍ B. Connect a UPS to all servers servers
❍ D. Perform regular audits and vulnerability
scans
B47. A security administrator would like to test a server to see if a specific vulnerability exists. Which of
the following would be the BEST choice for this task?
❍ A. FTK Imager ❍ C. Metasploit
❍ B. Autopsy ❍ D. Netcat

B48. A company has rolled out a new application that requires the use of a hardware-based token
generator. Which of the following would be the BEST description of this access feature?
❍ A. Something you know ❍ C. Something you are
❍ B. Something you do ❍ D. Something you have

B49. A company has signed an SLA with an Internet service provider. Which of the following would BEST
describe the content of this SLA?
❍ A. The customer will connect to partner ❍ C. The customer applications use HTTPS over
locations over an IPsec tunnel tcp/443
❍ B. The service provider will provide 99.999% ❍ D. Customer application use will be busiest
uptime on the 15th of each month

B50. An attacker has created many social media accounts and is posting information in an attempt to get
the attention of the media. Which of the following would BEST describe this attack?
❍ A. On-path ❍ C. Influence campaign
❍ B. Watering hole ❍ D. Phishing

B51. Which of the following would be the BEST way to protect credit card account information when
performing real-time purchase authorizations?
❍ A. Masking ❍ C. Tokenization
❍ B. DLP ❍ D. NGFW

B52. The network design of an online women's apparel company includes a primary data center in the
United States and secondary data centers in London and Tokyo. Customers place orders online via
HTTPS to servers at the closest data center, and these orders and customer profiles are then centrally
stored in the United States data center. The connections between all data centers use Internet links with
IPsec tunnels. Fulfillment requests are sent from the United States data center to shipping locations in
the customer’s country. Which of the following should be the CIO’s MOST significant security concern
with this existing network design?
❍ A. IPsec connects data centers over public ❍ C. Customer information is transferred
Internet links between countries
❍ B. Fulfillment requests are shipped within the ❍ D. The data centers are located
customer’s country geographically distant from each other
B53. A government transport service has installed access points that support WPA3. Which of the
following technologies would provide enhanced security for PSK while using WPA3?
❍ A. 802.1X ❍ C. WEP
❍ B. SAE ❍ D. WPS

B54. A security administrator has found a keylogger installed alongside an update of accounting
software. Which of the following would prevent the transmission of the collected logs?
❍ A. Prevent the installation of all software ❍ C. Install host-based anti-virus software
❍ B. Block all unknown outbound network ❍ D. Scan all incoming email attachments at the
traffic at the Internet firewall email gateway

B55. A user in the marketing department is unable to connect to the wireless network. After
authenticating with a username and password, the user receives this message: The AP is configured with
WPA3 encryption and 802.1X authentication.
-- -- --
The connection attempt could not be completed. The Credentials provided by the server could not be
validated. Radius Server: radius.example.com
Root CA: Example.com Internal CA Root Certificate
-- -- --
Which of the following is the MOST likely reason for this login issue?
❍ A. The user’s computer is in the incorrect ❍ D. The user is in a location with an
VLAN insufficient wireless signal
❍ B. The RADIUS server is not responding ❍ E. The client computer does not have the
❍ C. The user’s computer does not support proper certificate installed
WPA3 encryption

B56. A security administrator has created a new policy that prohibits the use of MD5 hashes due to
collision problems. Which of the following describes the reason for this new policy?
❍ A. Two different messages have different ❍ C. Two identical messages have the same
hashes hash
❍ B. The original message can be derived from ❍ D. Two different messages share the same
the hash hash

B57. Jack, a security administrator, has been tasked with hardening all of the internal web servers to
prevent on-path attacks and to protect the application traffic from protocol analysis. These
requirements should be implemented without changing the configuration on the client systems. Which
of the following should Jack include in his project plan? (Select TWO)
❍ A. Add DNSSEC records on the internal DNS ❍ C. Use IPsec for client connections
servers ❍ D. Create a web server certificate and sign it
❍ B. Use HTTPS over port 443 for all server with the internal CA
communication ❍ E. Require FTPS for all file transfers
B58. A security administrator has identified the installation of a RAT on a database server and has
quarantined the system. Which of the following should be followed to ensure that the integrity of the
evidence is maintained?
❍ A. Perfect forward secrecy ❍ C. Chain of custody
❍ B. Non-repudiation ❍ D. Legal hold

B59. Which of the following would be the BEST option for application testing in an environment that is
completely separated from the production network?
❍ A. Virtualization ❍ C. Cloud computing
❍ B. VLANs ❍ D. Air gap

B60. To process the company payroll, a manager logs into a third-party browser-based application and
enters the hours worked for each employee. The financial transfers and physical check mailings are all
provided by the third-party company. The manager does not maintain any servers or virtual machines
within his company. Which of the following would BEST describe this application model?
❍ A. PaaS ❍ C. SaaS
❍ B. Private ❍ D. IaaS

B61. Which of the following BEST describes the modification of application source code that removes
white space, shortens variable names, and rearranges the text into a compact format?
❍ A. Confusion ❍ C. Encryption
❍ B. Obfuscation ❍ D. Diffusion

B62. Which of the following vulnerabilities would be the MOST significant security concern when
protecting against a competitor?
❍ A. Data center access with only one ❍ C. Employee VPN access uses a weak
authentication method encryption cipher
❍ B. Spoofing of internal IP addresses when ❍ D. Lack of patch updates on an Internet-
accessing an intranet server facing database server

B63. A third-party vulnerability scan reports that a company's web server software version is susceptible
to a memory leak vulnerability. Which of the following would be the expected result if this vulnerability
was exploited?
❍ A. DDoS ❍ C. Unauthorized system access
❍ B. Data theft ❍ D. Rootkit installation

B64. Which of the following would be the BEST way to determine if files have been modified after the
forensics data acquisition process has occurred?
❍ A. Use a tamper seal on all storage devices ❍ C. Create an image of each storage device for
❍ B. Create a hash of the data future comparison
❍ D. Take screenshots of file directories with
file sizes
❍ A. Length ❍ C. Reuse
B65. A system
❍ B. Lockout administrator is implementing a password ❍policy that would require letters, numbers, and
D. Complexity
special characters to be included in every password. Which of the following controls MUST be in place to
enforce this of
B66. Which password policy?
the following applies scientific principles to provide a post-event analysis of an intrusion?
❍ A. MITRE ATT&CK framework ❍ C. Diamond model
❍ B. ISO 27701 ❍ D. NIST RMF

B67. Which of the following would be the MOST likely result of plaintext application communication?
❍ A. Buffer overflow ❍ C. Resource exhaustion
❍ B. Replay attack ❍ D. Directory traversal

B68. Daniel, a system administrator, believes that certain configuration files on a Linux server have been
modified from their original state. Daniel has reverted the configurations to their original state, but he
would like to be notified if they are changed again. Which of the following would be the BEST way to
provide this functionality?
❍ A. HIPS ❍ C. Application allow list
❍ B. File integrity check ❍ D. WAF

B69. A security administrator is updating the network infrastructure to support 802.1X authentication.
Which of the following would be the BEST choice for this configuration?
❍ A. LDAP ❍ C. SNMPv3
❍ B. HTTPS ❍ D. MS-CHAP

B70. Your company owns a purpose-built appliance that doesn’t provide any access to the operating
system and doesn't provide a method to upgrade the firmware. Which of the following describes this
appliance?
❍ A. End-of-life ❍ C. Improper input handling
❍ B. Weak configuration ❍ D. Embedded system

B71. Last month, a finance company disposed of seven-yearold printed customer account summaries
that were no longer required for auditing purposes. A recent online search has now found that images
of these documents are available as downloadable torrents. Which of the following would MOST likely
have prevented this information breach?
❍ A. Pulping ❍ C. NDA
❍ B. Degaussing ❍ D. Fenced garbage disposal areas

B72. A security manager believes that an employee is using their laptop to circumvent the corporate
Internet security controls through the use of a cellular hotspot. Which of the following could be used to
validate this belief? (Select TWO)
❍ A. HIPS ❍ D. Host-based firewall logs
❍ B. UTM appliance logs ❍ E. Next-generation firewall logs
❍ C. Web application firewall events
B73. An application developer is creating a mobile device app that will include extensive encryption and
decryption. Which of the following technologies would be the BEST choice for this app?
❍ A. AES ❍ C. Diffie-Hellman
❍ B. Elliptic curve ❍ D. PGP

B74. Which of the following would be a common result of a successful vulnerability scan?
❍ A. A list of usernames and password hashes ❍ C. A copy of image files from a private file
from a server share
❍ B. A list of Microsoft patches that have not ❍ D. The BIOS configuration of a server
been applied to a server

B75. A security administrator is researching an issue with conference room users at a remote site. When
connected to the wireless network, users receive an IP address that is not part of the corporate
addressing scheme. Communication over this network also appears to have slower performance than
the wireless connections elsewhere in the building. Which of the following would be the MOST likely
reason for these issues?
❍ A. Rogue access point ❍ C. DDoS
❍ B. Domain hijack ❍ D. MAC flooding

B76. A company has identified a compromised server, and the security team would like to know if an
attacker has used this device to move between systems. Which of the following would be the BEST way
to provide this information?
❍ A. DNS server logs ❍ C. NetFlow logs
❍ B. Penetration test ❍ D. Email header

B77. A system administrator has protected a set of system backups with an encryption key. The system
administrator used the same key when restoring files from this backup. Which of the following would
BEST describe this encryption type?
❍ A. Asymmetric ❍ C. Symmetric
❍ B. Key escrow ❍ D. Out-of-band key exchange

B78. A new malware variant takes advantage of a vulnerability in a popular email client. Once installed,
the malware forwards all email attachments containing credit card information to an external email
address. Which of the following would limit the scope of this attack?
❍ A. Enable MFA on the email client ❍ C. Require users to enable the VPN when
❍ B. Scan outgoing traffic with DLP using email
❍ D. Update the list of malicious URLs in the
firewall
B79. An organization has identified a security breach and has removed the affected servers from the
network. Which of the following is the NEXT step in the IR process?
❍ A. Eradication ❍ D. Identification
❍ B. Preparation ❍ E. Containment
❍ C. Recovery

B80. A manager of the accounting department would like to minimize the opportunity for
embezzlement and fraud from any of the current accounting team employees. Which of these policies
should the manager use to avoid these issues?
❍ A. Background checks ❍ C. Mandatory vacations
❍ B. Clean desk policy ❍ D. Acceptable use policy

B81. Which of the following would be the MAIN reasons why a system administrator would use a TPM
when configuring full disk encryption? (Select TWO)
❍ A. Allows the encryption of multiple volumes ❍ D. Protects against EMI leakage
❍ B. Uses burned-in cryptographic keys ❍ E. Includes built-in protections against brute-
❍ C. Stores certificates in a hardware security force attacks
module

B82. A security administrator would like to create an access control where each file or folder is assigned
a security clearance level, such as “confidential” or “secret.” The security administrator would then
assign a maximum security level to each user. What type of access control would be used in this
network?
❍ A. Mandatory ❍ C. Discretionary
❍ B. Rule-based ❍ D. Role-based

B83. Cameron, a security administrator, is reviewing a report that shows a number of devices on internal
networks attempting to connect with servers in the data center network. Which of the following security
controls should Cameron add to prevent internal systems from accessing data center devices?
❍ A. VPN ❍ C. NAT
❍ B. IPS ❍ D. ACL

B84. A financial services company is headquartered in an area with a high occurrence of tropical storms
and hurricanes. Which of the following would be MOST important when restoring services disabled by a
storm?
❍ A. Disaster recovery plan ❍ C. Communication plan
❍ B. Stakeholder management ❍ D. Retention policies

B85. A user in the mail room has reported an overall slowdown of his shipping management software.
An anti-virus scan did not identify any issues, but a more thorough malware scan identified a kernel
driver that was not part of the original operating system installation. Which of the following malware
was installed on this system?
❍ A. Rootkit ❍ B. RAT
❍ C. Bot ❍ E. Keylogger
❍ D. Ransomware

B86. A virus scanner has identified a macro virus in a word processing file attached to an email. Which of
the following information could be obtained from the metadata of this file?
❍ A. IPS signature name and number ❍ C. Date and time when the file was created
❍ B. Operating system version ❍ D. Alert disposition

B87. If a person is entering a data center facility, they must check-in before they are allowed to move
further into the building. People who are leaving must be formally checked-out before they are able to
exit the building. Which of the following would BEST facilitate this process?
❍ A. Access control vestibule ❍ C. Faraday cage
❍ B. Air gap ❍ D. Protected distribution

B88. A security administrator has discovered that an employee has been exfiltrating confidential
company information by embedding the data within image files and emailing the images to a third-
party. Which of the following would best describe this activity?
❍ A. Digital signatures ❍ C. Block cipher
❍ B. Steganography ❍ D. Perfect forward secrecy

B89. A security engineer is running a vulnerability scan on their own workstation. The scanning software
is using the engineers account access to perform all scans. What type of scan is running?
❍ A. Unknown environment ❍ C. Credentialed
❍ B. Passive ❍ D. Agile

B90. Which of the following would be the best way to describe the estimated number of laptops that
might be stolen in a fiscal year?
❍ A. ALE ❍ C. ARO
❍ B. SLE ❍ D. MTTR