1.Question 1A hacker gained access to a network through malicious email attachments. Which one of these is important when talking about methods that allow a hacker to gain this access? 1 pointAn ACLAn attack surfaceA 0-dayAn attack vector2.Question 2Which of these host-based firewall rules help to permit network access from a Virtual Private Network (VPN) subnet? 1 pointSecure Shell (SSH)Access Control Lists (ACLs)Active DirectoryGroup Policy Objects (GPOs)3.Question 3A network security analyst received an alert about a potential malware threat on a user’s computer. What can the analyst review to get detailed information about this compromise? Select all that apply. 1 pointFull disk encryption (FDE)Logs Binary whitelisting softwareSecurity Information and Event Management (SIEM) system 4.Question 4Which of these plays an important role in keeping attack traffic off your systems and helps to protect users? Select all that apply. 1 pointAntivirus softwareFull disk encryption (FDE)Multiple Attack VectorsAntimalware measures5.Question 5What can provide resilience against data theft, and can prevent an attacker from stealing confidential information from a hard drive that was stolen? 1 pointKey escrow Full disk encryption (FDE)OS upgrades Software patch management 6.Question 6What is the purpose of installing updates on your computer? Select all that apply. 1 pointUpdating addresses security vulnerabilitiesUpdating improves performance and stabilityUpdating helps block all unwanted trafficUpdating adds new features7.Question 7How can software management tools like Microsoft SCCM help an IT professional manage a fleet of systems? Select all that apply 1 pointForce update installation after a specified deadlineDetect and prevent malware on managed devices Analyze installed software across multiple computersConfirm update installation 8.Question 8What is the best way to avoid personal, one-off software installation requests? 1 pointAn application honor code policyA clear application whitelist policyA strict no-installation policyAn accept-all application policy9.Question 9While antivirus software operates using a ______, binary whitelisting software uses a whitelist instead. 1 pointSecure listBlacklistGreylist Whitelist 10.Question 10Why is it important to disable unnecessary components of software and systems?1 pointLess complexity means less vulnerability. Less complexity means less time required. Less complexity means less expensive. Less complexity means less work..

1.Question 1Fill in the blank: Cybersecurity aims to protect networks, devices, people, and data from _____ or unauthorized access. 1 pointchanging business prioritiescriminal exploitationpoor financial managementmarket shifts2.Question 2Which of the following tasks are typically responsibilities of entry-level security analysts? Select all that apply.1 pointExamining in-house security issuesCreating organizational policiesInstalling prevention softwareProtecting computer and network systems3.Question 3An employee receives an email that they believe to be legitimate. They click on a compromised link within the email. What type of internal threat does this scenario describe?1 pointIntentionalAccidentalOperationalAbusive4.Question 4What is identity theft?1 pointA data breach that affects an entire organizationStealing personal information to commit fraud while impersonating a victimFailing to maintain and secure user, customer, and vendor dataTrying to gain access to an organization’s private networks5.Question 5Fill in the blank: An organization that is in regulatory compliance is likely to _____ fines.1 pointencounterincuravoidrectify6.Question 6Which of the following proficiencies are examples of technical skills? Select two answers.1 pointApplying computer forensicsAutomating tasks with programmingPrioritizing collaborationCommunicating with employees7.Question 7Fill in the blank: Security information and _____ management (SIEM) tools enable security professionals to identify and analyze threats, risks, and vulnerabilities. 1 pointeventemergencyenterpriseemployer8.Question 8A security professional receives an alert about an unknown user accessing a system within their organization. They attempt to identify, analyze, and preserve the associated criminal evidence. What security task does this scenario describe?1 pointComputer forensicsSoftware upgradesProgramming with codeResolving error messages9.Question 9Which of the following statements accurately describe personally identifiable information (PII) and sensitive personally identifiable information (SPII)? Select all that apply.1 pointPII is any information used to infer an individual’s identity.Only SPII is vulnerable to identity theft.An example of SPII is someone’s biometric data.An example of PII is someone’s phone number.

1.Question 1Which of the following threats are examples of malware? Select two answers.1 pointError messagesWormsVirusesBugs2.Question 2Fill in the blank: The _____ spread globally within a couple of months due to users inserting a disk into their computers that was meant to track illegal copies of medical software. 1 pointBrain virusMorris wormLoveLetter attackEquifax breach3.Question 3Fill in the blank: Social engineering is a manipulation technique that exploits _____ error to gain access to private information.1 pointhumannetworkcomputercoding4.Question 4A security professional is asked to teach employees how to avoid inadvertently revealing sensitive data. What type of training should they conduct?1 pointTraining about social engineeringTraining about security architectureTraining about network optimizationTraining about business continuity5.Question 5Which of the following tasks are part of the security and risk management domain? Select all that apply.1 pointBusiness continuityComplianceSecuring physical assetsDefining security goals and objectives6.Question 6Which of the following tasks may be part of the security architecture and engineering domain? Select all that apply.1 pointEnsuring that effective systems and processes are in placeConfiguring a firewallValidating the identities of employeesSecuring hardware7.Question 7A security professional is ensuring proper storage, maintenance, and retention of their organization’s data. Which domain does this scenario describe?1 pointSecurity operationsAsset securityCommunication and network securitySecurity assessment and testing8.Question 8Which of the following tasks may be part of the security assessment and testing domain? Select all that apply.1 pointCollecting and analyzing dataAuditing user permissionsSecuring physical networks and wireless communicationsConducting security audits9.Question 9Which domain involves keeping data secure by ensuring users follow established policies to control and manage physical assets?1 pointCommunication and network securityIdentity and access managementSecurity assessment and testingSecurity and risk management10.Question 10Which domain involves conducting investigations and implementing preventive measures?1 pointSecurity operations Security and risk managementIdentity and access managementAsset security

Which of the following attacks can be launched by a malicious user either through a web page or email a. Phishing attacks b. Virus Attacks c. Spyware d. All of the above

.Question 8Which domain involves conducting, collecting, and analyzing data, as well as conducting security audits to monitor for risks, threats, and vulnerabilities?1 pointCommunication and network securitySecurity and risk managementIdentity and access managementSecurity assessment and testing

Which of the following types of network security ensures that potential attackers cannot infiltrate your network?Question 64Answera.Both Network Access Control and Virtual Private Networkb.Firewallc.Network Access Controld.Virtual Private Network