process?End-to-end encryption, creation, and the destruction of mail accountsVendor selection and RFP/RFQSecuring all virtual environments that handle emailData provisioning and processing while in transit and at rest169 Evan's cyber-company has officially grown out of its startup phase, and his team is tasked with creating a pre-disaster preparation plan that will sustain the business should a disaster, natural or human-made, occur. Which of the following is the most important?Offsite backupsCopies of the BDRMaintaining a warm siteChain of command
170 Christopher is a web developer. He built a web form for customers to fill out and respond to the company via a web page. What is the first thing that a developer should do to prevent this page from becoming a security risk?SQLiInput validationCross-site request forgeryFuzzing
171 Marketing has put in a request for web-based meeting software with a third-party vendor. The software programs that you, a security analyst, have reviewed requires user registration and installation, and that user has to share their data as well as their desktop. To ensure that information is secure, which of the following controls is best?Disallow the software; avoid the risk.Hire a third-party organization to perform the risk analysis, and based on outcomes, allow or disallow the software.Log and record every single web-based meeting.After evaluating several providers, ensure acceptable risk and that the read-write desktop mode can be prevented.
172 With the rise of malware spread with removable media, your company wrote an amendment to include a ban of all flashcards and memory drives. They pose a threat due to all but which of the following?Physical sizeTransportabilityStorage capacityBeing cheap and easy to use
173 A server holding sensitive financial records is running out of room. You are the information security manager and data storage falls under your purview. What is the best option?Use first in, first out (FIFO).Compress and archive the oldest data.Move the data to the cloud.Add disk space in a RAID configuration.
174 A situation that affects the CIA triad of an IT asset can include an internal and external risk source. A breach of physical security and theft of data can be instigated by_________________.untrusted insiders or trusted outsiderstrusted insiders or untrusted outsidershidden costsservice deterioration
175 During what phase of eDiscovery will you determine what digital data and documents should be collected for possible analysis and review?ProcessingIdentificationCollectionCuration
176 You are a small company administrator hosting multiple virtualized client servers on a single host. You are told to add a new host to create a cluster. The new hardware and OS will be different, but the underlying technology will be compatible. Both hosts will be sharing the same storage. What goal are you trying to accomplish?Increased availabilityIncreased confidentialityIncreased integrityIncreased certification
177 Good data management includes which of the following?Data quality procedures, verification and validation, adherence to agreed-upon data management, and an ongoing data audit to monitor the use and integrity of existing dataCost, due care and due diligence, privacy, liability, and existing lawDetermining the impact the information has on the mission of the organization, understanding the cost of information, and determining who in the organization or outside of it has a need for the informationEnsuring the longevity of data and their reuse for multiple purposes, facilitating the interoperability of datasets, and increasing data sharing
178 Bob is implementing a new RAID configuration needed for redundancy in the event of disk failure. What security goal is Bob trying to accomplish?AvailabilityIntegrityConfidentialityDisclosure
179 You are monitoring your IT environment to detect techniques like credential dumping. Credential dumping is extracting usernames and passwords from a computer to then pass those credentials to other machines on a network. Where are the credentials stored on a Windows machine?In the SAMIn PSEXECIn Documents and SettingsIn WUTemp
180 Jennie and her team are developing security policies, and they are currently working on a policy regarding password management. Which of these is not important?Account lockoutTraining users to create complex easy-to-remember passwords and not use the same password over againPreventing users from using personal information in a password, such as their birthday or their spouse's nameStoring passwords securely in a password manager application
181 Keith's organization wants to move a vital company process to the cloud. He is tasked with conducting a risk analysis to minimize the risk of hosting email in the cloud. What is the best path forward?All logins must be done over an encrypted channel and obtain an NDA and SLA from the cloud provider.Remind all users not to write down their passwords.Make sure that the OLA covers more than just operations.Require data classification.
182 What is a major security concern associated with IoT?Lack of encryptionUse of hard-coded passwordsLack of firmware supportAll of the above
183 Your company is recovering from a data breach. The breach was not deep but raised the security awareness profile of upper management. Realizing they have gaps in access control, upper management approved the purchase of password manager software for the organization. What else do you suggest they institute for end users?2FAPassword isolationDisaster recoveryIDR
184 Which of the following access control principles should you implement to create a system of checks and balances on employees with heightened privileged access?Rotation of dutiesNeed to knowMandatory access controlSeparation of duties
185 Your penetration testers' report shows that they obtained the credentials of specific user accounts through social engineering and phishing campaigns. Once on the organization's network, the penetration testers used these credentials to bypass access controls and to gain access to remote systems. In one case, they were able to switch from a user-level account to an administrator-level account. What is this type of attack called?XSRFPassword mitigationToken theftPrivilege escalation
186 You have an application that performs authentication, which makes checking for session management, brute forcing, and password complexity appropriate. What else might you check for?SQLiRansomwarePrivilege escalationStatic analysis
187 As the senior security architect, you create a security policy and standards that instruct employees to use strong passwords. You find that employees are still using weak passwords. Revising the procedures for creating strong passwords, which of these are you least likely to require for employees?Change your password every 90 days.Use a combination of numbers, letters, uppercase and lowercase letters, and special characters.Use a minimum number of characters.Use a Merriam-Webster dictionary.
188 You just accepted a CISO position for a small customer service business, and your first priority is to increase security and accessibility for current software-as-a-service (SaaS) applications. The applications are configured to use passwords. What do you implement first?Deploy password managers for all employees.Deploy password managers for only the employees who use the SaaS tool.Create a VPN between your organization and the SaaS provider.Implement a system for time-based, one-time passwords.
189 The collaboration tool that your company uses follows a username and password login model. If one of your employee's credentials are compromised, it could give attackers access to financial information, intellectual property, or client information. How would you mitigate this type of risk with a collaboration tool?Strict password guidelinesOnly use HTTPSRestrict usage to VPNDisable SSO
190 Wayne is a security manager for a small organization. He has evaluated several different types of access controls. Which of these are easiest for an attacker to bypass?FingerprintPasswordIris scanCAC card
191 What is FIM when it comes to obtaining access to networks?Fighting insidious malwareFederated identity managementForest integration modulesFact investigative modifications
192 If Domain A trusts Domain B and Domain B
