The management team notices that new accounts that are set up manually do not always have

correct access or permissions.

Which of the following automation techniques should a systems administrator use to streamline
account creation?
A. Guard rail script
B. Ticketing workflow
C. Escalation script
D. User provisioning script

Which of the following automation use cases would best enhance the security posture of an
organization by rapidly updating permissions when employees leave a company?
A. Provisioning resources
B. Disabling access
C. Reviewing change approvals
D. Escalating permission requests
An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will
have access to the administrator console of the help desk software. Which of the following security
techniques is the IT manager setting up?
A. Hardening
B. Employee monitoring
C. Configuration enforcement
D. Least privilege

Which of the following security concepts is the best reason for permissions on a human resources
fileshare to follow the principle of least privilege?
A. Integrity
B. Availability
C. Confidentiality
D. Non-repudiation
A systems administrator is working on a defense-in-depth strategy and needs to restrict activity from
employees after hours. Which of the following should the systems administrator implement?
A. Role-based restrictions
B. Attribute-based restrictions
C. Mandatory restrictions
D. Time-of-day restrictions
During the onboarding process, an employee needs to create a password for an intranet account. The
password must include ten characters, numbers, and letters, and two special characters. Once the
password is created, the company will grant the employee access to other company-owned websites
based on the intranet profile. Which of the following access management concepts is the company
most likely using to safeguard intranet accounts and grant access to multiple sites based on a user's
intranet account? (Select two).
A. Federation
B. Identity proofing
C. Password complexity
D. Default password changes
E. Password manager
F. Open authentication

An engineer moved to another team and is unable to access the new team's shared folders while still
being able to access the shared folders from the former team. After opening a ticket, the engineer
discovers that the account was never moved to the new group. Which of the following access
controls is most likely causing the lack of access?
A. Role-based
B. Discretionary
C. Time of day
D. Least privilege
 A technician needs to apply a high-priority patch to a production system. Which of the following
steps should be taken first?
A. Air gap the system.
B. Move the system to a different network segment.
C. Create a change control request.
D. Apply the patch to the system.

Which of the following has been implemented when a host-based firewall on a legacy Linux system
allows connections from only specific internal IP addresses?
A. Compensating control
B. Network segmentation
C. Transfer of risk
D. SNMP traps
An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound
DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the
following firewall ACLs will accomplish this goal?
A. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53
Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port 53
B. Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53
Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
C. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53
Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53
D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53
Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

Which of the following is the most common data loss path for an air-gapped network?
A. Bastion host
B. Unsecured Bluetooth
C. Unpatched OS
D. Removable devices
A company would like to provide employees with computers that do not have access to the internet
in order to prevent information from being leaked to an online forum. Which of the following would
be best for the systems administrator to implement?
A. Air gap
B. Jump server
C. Logical segmentation
D. Virtualization
An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser
versions with well-known exploits. Which of the following security solutions should be configured to
best provide the ability to monitor and block these known signature-based attacks?
A. ACL
B. DLP
C. IDS
D. IPS

Which of the following is used to protect a computer from viruses, malware, and Trojans being
installed and moving laterally across the network?
A. IDS
B. ACL
C. EDR
D. NAC
The CIRT is reviewing an incident that involved a human resources recruiter exfiltration sensitive
company data. The CIRT found that the recruiter was able to use HTTP over port 53 to upload documents to a
web server. Which of the following security infrastructure devices could have identified and blocked this
activity?
A. WAF utilizing SSL decryption
B. NGFW utilizing application inspection
C. UTM utilizing a threat feed
D. SD-WAN utilizing IPSec

A security engineer needs to configure an NGFW to minimize the impact of the increasing number of
various traffic types during attacks. Which of the following types of rules is the engineer the most
likely to configure?
A. Signature-based
B. Behavioral-based
C. URL-based
D. Agent-based
Which of the following can best protect against an employee inadvertently installing malware on a
company system?
A. Host-based firewall
B. System isolation
C. Least privilege
D. Application allow list

Which of the following would be the best way to block unknown programs from executing?
A. Access control list
B. Application allow list.
C. Host-based firewall
D. DLP solution
A company prevented direct access from the database administrators’ workstations to the network
segment that contains database servers. Which of the following should a database administrator use
to access the database servers?
A. Jump server
B. RADIUS
C. HSM
D. Load balancer

A security consultant needs secure, remote access to a client environment. Which of the following
should the security consultant most likely use to gain access?
A. EAP
B. DHCP
C. IPSec
D. NAT
The local administrator account for a company's VPN appliance was unexpectedly used to log in to
the remote management interface. Which of the following would have most likely prevented this
from happening'?
A. Using least privilege
B. Changing the default password
C. Assigning individual user IDs
D. Reviewing logs more frequently

A technician wants to improve the situational and environmental awareness of existing users as they
transition from remote to in-office work. Which of the following is the best option?
A. Send out periodic security reminders.
B. Update the content of new hire documentation.
C. Modify the content of recurring training.
D Implement a phishing campaign
A company tested and validated the effectiveness of network security appliances within the
corporate network. The IDS detected a high rate of SQL injection attacks against the company's
servers, and the company's perimeter firewall is at capacity. Which of the following would be the
best action to maintain security and reduce the traffic to the perimeter firewall?

A. Set the appliance to IPS mode and place it in front of the company firewall.
B. Convert the firewall to a WAF and use IPSec tunnels to increase throughput.
C. Set the firewall to fail open if it is overloaded with traffic and send alerts to the SIEM.
D. Configure the firewall to perform deep packet inspection and monitor TLS traffic