1. A system on your network is experiencing slower than usual response times.

In
order to gather information about the status of the system, you issue the netstat -l
command to display all of the TCP ports that are in the listing state. What does
the Listening state indicate about these ports?

A. The state of the connection on the ports is unknown.

B. The remote end disconnected and the ports are closing.
C. The ports are open on the system and are waiting for connections.
D. The ports are actively connected to another system or process.

2. Move each NIST incident Response Lifecycle phase from the list on the left to
the correct description on the right.
Note: You will receive partial credit for each correct answer.

Mitigate the impact of the incident. Preperation

Report the cause and cost of the incident Post-incident Activity

And the steps to prevent future incident

Evaluates incident indicator’s to determine Detection and Analysis

Whether they are legitimate attacks and
Alerts the organization of the incidents.

Establishes an incident response capability to Containment, Eradication and

Ensure that organizational assets are Recovery
Sufficiently secure.

3. What is the purpose of a hypervisor?

A. It creates and runs virtual machines.

B. It monitors and logs network traffic for malicious packets
C. It provides and monitors firewall services for cloud computing
D. It provides and services a gateway between users and the internet

4. What enables the network security team to keep track of the operating system
version, security updates, and patches on end user’s devices?

A. Business continuity planning

B. Asset management
C. Incident management
D. Security policies and procedures

5. What should you create to prevent spoofing of the internal network?

A. A DNS record.
B. A NAT rule
 C. A record in the host file
D. An ACL

6. Which two private IPv4 addresses would be blocked on the internet to prevent
security and performance issues? (Choose 2)
Note: You will receive partial credit for each correct selection.

A. 203.0.113.168
B. 192.168.18.189
C. 224.0.2.172
D. 172.18.100.78

7. While conducting a risk evaluation at your company, you identify risks that are
related to the web server located in the office. The risks include hardware and
software failure as well as web service interruption caused by cyber attacks. You
recommend purchasing insurance and hiring another organization to maintain the
web server to help mitigate the risks.

A. Risk reduction
B. Risk avoidance
C. Risk acceptance
D. Risk transfer

8. Move each definition from the list on the left to the correct CIA Triad term on the
right. Note: You will receive partial credit for each correct answer.

Confidentiality Data should be accessed and read by

Authorized users only.

Integrity Data should never be altered or compromised.

Availability Legitimate requests should have access to

Data at all times

9. The employees in the accounting department of a company receive an email

about the latest federal regulations. The email contains a hyperlink to register for
a webinar that provides the latest updates on financial security. The webinar is
hosted by a government agency. As a security officer, you notice that the
hyperlink points to an unknown party. Which type of cybersecurity threat should
you investigate?

A. Spear phishing
B. Smishing
C. Ransomware
D. Vishing
10. Your home network seems to have slowed down considerably. You look at the
home router GUI and notice that an unknown host is attached to the network.
What should you do to prevent this specific host from attaching to the network
again?

A. Implement MAC address filtering.

B. Create an IP access control list
C. Change the network SSID.
D. Block the host IP address.

11. Which classification of security alert is the greatest threat to an organization

because it represents undetected exploits?

A. False negative
B. False positive
C. True negative
D. True positive

12. You are working with the senior administration team to identify potential risks.
Which phase of risk management are you in?

A. Choosing risk strategies

B. Measuring residual risk
C. Mitigating risks
D. Determining a risk profile

13. A corporation hires a group of experienced cyber criminals to create a prolonged

and in-depth presence on the network of a competitor. This presence will allow
the corporation to steal or sabotage. Which type of attack does this scenario
describe?

A. Ransomware
B. Man-in-the-middle
C. APT
D. DDoS

14. You need to allow employees to access your company’s secure network from
their homes. Which type of security should you implement?

A. SNMP
B. VPN
C. BYOD
D. IDS
15. Which data type is protected through hard disk encryption?

A. Data in process
B. Data at rest
C. Data in transit
D. Data in use

16. You need to transfer configuration files to a router across an unsecured network.
Which protocol should you use to encrypt the files in transit?

A. TFTP
B. HTTP
C. SSH
D. Telnet

17. You are monitoring the syslog server and observe that the DNS server is
sending messages with a Warning severity. What do these messages indicate
about the operation of the DNS server?

A. The DNS server is unusable due to a severe malfunction and is shutting down
B. The server has a hardware error that does not require immediate attention
C. A condition exists that will cause errors in the future if the issue is not fixed.
D. An error condition is occurring that must be addressed immedidately

18. Move each cybersecurity tool from the list on the left to the correct location on
the Vulnerability Management Process diagram on the right
Note: You will receive partial credit for each correct response.

Discover --------------- Prioritize ------------ Remediate

Nmap CVSS Window Auto Update

Nessus Scanner Patch Management Software

19. You are security technician. You just completed a full scan of a Windows 10 PC.
Where should you go to view the scan result?

A. Windows Task Manager

B. Windows System Logs
C. Windows Application Logs
D. Windows Security
20. Your organization’s SIEM system alerts you that users are connecting to an
unusual URL. You need to determine whether the URL is malicious and what
type of threat it represents. What should you do?

A. Submit the URL to a threat intelligence portal for analysis

B. Ask users why they visited the website.
C. Visit the URL to determine whether the websites is legitimate
D. Block the URL by placing it on the network block list.

21. Several employees complain that the company intranet site is no longer
accepting their login information. You attempt to connect by using the URL and
notice some misspellings on the site. When you connect by using IP address the
site functions normally. What should you do?

A. Verify the accuracy of the entry for the site in the local DNS server.
B. Take the company web portal offline immediately
C. Update the web server software to the latest version
D. Restore a backup copy of the authentication database.

22. Move each worm mitigation step from the list on the left to the correct description
on the right. Note: You will receive partial credit for each correct answer.

Clean and patch infection system Treatment

Remove or block infected system

From the network Inoculation

Patch uninfected systems to deprive

The worm of more available targets Containment

Compartmentalize and segment the

Network to limit the spread of the
Worm to areas already infected Quarantine

23. Several staff members are experiencing unexplained computer crashes and
many unwanted pop-up messages. Which two actions should you take
immediately to address the problem without impacting data? ( choose 2)
Note: You will receive partial credit for each correct selection.

A. Reinstall Windows on the affected workstations

B. Deploy a policy to install and automatically update antivirus and anti-malware
software.
C. Scan affected workstations and remove malware.
D. Configure the network firewall to block malware from entering the internal
network.
24. A cybersecurity analyst is investigating an unknown executable file discovered
on a Linux desktop computer. The analyst enters the following command in the
terminal ls -l. What is the purpose of this command?

A. To display the content of a text file

B. To open a text editor
C. To display the file permission and ownership of the executable file
D. To navigate to the folder that is passed as an argument to the command.

25. Move each cybersecurity term from the list on the left to the correct description
on the right. Note: You will receive partial credit for each correct answers.

People, property, or data Asset

An action that causes a negative impact Risk

The potential for loss, damage, or destruction Threat

A weakness that potentially exposes

Organizations to cyber attacks Vulnerability

26. You need to filter the websites that are available to employees on the company
network. Which type of device should you deploy?

A. IPS
B. Proxy server
C. IDS
D. Honeypot

27. A security analyst discovers that a hacker was able to gain root access to an
enterprise Linux server. The hacker accessed the server as a guest, used a
program to bypass the root password and then killed essential processes as the
root user. Which type of endpoint attack is this?

A. Buffer overflow
B. DDoS
C. Privilege escalation
D. Brute force

28. For each statement, select True if the statement adheres to the cybersecurity
code of ethics or False if it does not. Note: You will receive partial credit for each
correct selection:

A security analyst may use a disgruntled employee

network credential to monitor behavior F
 A security analyst may access employee data
On a company server if authorized T

A security analyst may share sensitive data

With unauthorized users F

29. Which wireless encryption technology required AES to secure home wireless
network?

A. WEP
B. WPA
C. WPA2
D. TKIP

30. Which three authentication factors are valid for use in a multifactor
authentication scenario? (choose 3)

A. Something you are

B. Something you see
C. Something you know
D. Something you earn
E. Something you have
F. Somethings you do

31. Move the appropriate control measures from the list on the left to the correct
descriptions on the right. You may use each control measure once, more than
once or not at all. Note. You will receive partial for each correct answer.

Discover unwanted event Detective measures

Avert the occurrence of an event Preventive measures

Restore a system after an event Corrective measures

32. What are two natural disasters that would cause a company to implement a
disaster recovery plan? (choose 2).

A. Hazardous material spills

B. Floods
C. Nuclear contamination
D. Volcanic eruptions

33. After an administrator installs an operating system update on a laptop, the laptop
user can no longer print to their wireless printer. What should solve the issue?

A. Check for patches for wireless printers.

 B. Reinstall the same service pack.
C. Install a new device driver for the wireless printer
D. Update the firmware on the laptop

34. Which activity is an example of active reconnaissance performed during a

penetration test?

A. Using a browser to view the HTTP source code of company webpages

B. Gathering employee information from available we directories and social
media
C. Performing an Nmap port scan on the LAN to determine types of connected
devices and open ports
D. Searching the WHOIS database for the owner and technical contact
information for a domain.

35. You are reviewing company remote access procedures and notice that telnet is
being used to connect to the corporate database server to check on inventory
levels. Which two actions should you take immediately? (choose 2).

A. Force users to implement secure telnet passwords.

B. Disable telnet access on the server
C. Implement SSH access on the server
D. Reconfigure the server to only accept HTTPS connection

36. Which activity by an adversary is an example of an exploit that is attempting to

gain credentials?

A. Installing a backdoor in order to enable two-way communication with the

device
B. Sending an email with a link to a fictitious web portal login page
C. Obtaining a directory listing of files located on the web database server
D. Executing a remote port scan of all of the enterprise-registered IP addresses
not sure

37. Move each windows host log type from the list on the left to the correct
description on the right. Note: You will receive partial credit for each correct
answer.

Contain events that are received from

Programs running on the device Application logs

Record information about software

Installation and operating system updates System logs

List events generated by the operation of

Hardware, drivers, and processes Setup logs
 Record the success or failure of audit
Policy events Security logs

38. Which two basic metrics should be taken into consideration when assigning a
severity to a vulnerability during an assessment? (Choose 2)
Note: You will receive partial credit for each correct selection

A. The likelihood that an adversary can and will exploit the vulnerability
B. The impacts that an exploit of the vulnerability will have on the organization
C. The time involved n choosing replacement software to replace older systems
D. The age of the hardware running the software that contains the vulnerability

39. What are two disadvantages of public vulnerability databases? (choose 2)

Note: You will receive partial credit for each correct selection.

A. Threat actors can access the databases to learn how to vary their threats to
avoid detection.
B. Publicly available database are incompatible with most security platform
C. It can take a long time for reported vulnerabilities to be investigated ang
approved for addition to the databases
D. It is costly for intelligence analysts to document and submit newly discovered
vulnerabilities.

40. Move each framework from the list on the left to the correct purpose on the right
Note: You will receive partial credit for each correct answer.

Protects the personal information of member of

The European Union GDPR

Protect the healthcare information of individuals HIPAA

Protects the credits card information of individuals PCI-DSS

Protects the educational records of individuals FERPA

Protects information about individuals that is stored

By federal agencies FISMA

41. Which command displays both the configured DNS server information and the IP
address resolution for a URL?

A. Ping
B. Nslookup
C. Traceroute
D. Nmap
42. Customers of an online shopping store are complaining that they cannot visit the
website. As an IT technician, you restart the website. After 30 minutes, the
website crashes again. You suspect that the website has experiencing
Which type of cybersecurity threat should you investigate?

A. Spear phishing
B. Ransomware
C. Denial of service
D. Social engineering

43. You are a security analyst. You are reviewing output from the SIEM. You notice
an alert concerning malicious files detected by the IDS. After reviewing the user,
device and posture information you determine that it is a valid
What should you do next?

A. Escalate the situation immediately

B. Log the alert and watch for a second occurrence
C. Prepare notes to present at the weekly cybersecurity team meeting
D. Update the documentation to include the new alert information

44. In order to do online banking, you enter a strong password and then enter the 5-
digit code sent to you on your smartphone. Which type of authentication does
this situation describe?

A. VPN
B. Multifactor
C. AAA
D. RADIUS

45. What does hashing provide for the communication?

A. Data integrity
B. Data encryption
C. Data non-repudiation
D. Origin authentication

46. You work for a community health care organization that uses an electronic health
record (HER) system. You have implemented the physical and technical
safeguards required by HIPAA. You need to prove that the EHR system is
compliant with those safeguards. Which two approaches should you use to
verify the system is compliant? (choose 2). Note: You will receive partial credit
for each correct selection.

A. Automatic log-off implementation (doc magcuyao)

B. Penetration testing
C. Security awareness training
D. IT auditing (doc magcuyao)
DFDSFDSFDSFDSFDSFSDFSD