لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
A recently discovered zero-day exploit utilizes an unknown vulnerability in the SMB network protocol to rapidly infect computers. Once infected, computers are encrypted and held for ransom. Which of the following would BEST prevent this attack from reoccurring?
A. Configure the perimeter firewall to deny inbound external connections to SMB ports
B. Ensure endpoint detection and response systems are alerting on suspicious SMB connections
C. Deny unauthenticated users access to shared network folders
D. Verify computers are set to install monthly operating system, updates automatically
عرض الإجابة
اجابة صحيحة: C
السؤال #2
A Chief Security Office's (CSO's) key priorities are to improve preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks. Which of the following would BEST meet the CSO's objectives?
A. Use email-filtering software and centralized account management, patch high-risk systems, and restrict administration privileges on fileshares
B. Purchase cyber insurance from a reputable provider to reduce expenses during an incident
C. Invest in end-user awareness training to change the long-term culture and behavior of staff and executives, reducing the organization's susceptibility to phishing attacks
D. Implement application whitelisting and centralized event-log management, and perform regular testing and validation of full backups
عرض الإجابة
اجابة صحيحة: B
السؤال #3
An auditor is performing an assessment of a security appliance with an embedded OS that was vulnerable during the last two assessments. Which of the following BEST explains the appliance’s vulnerable state?
A. The system was configured with weak default security settings
B. The device uses weak encryption ciphers
C. The vendor has not supplied a patch for the appliance
D. The appliance requires administrative credentials for the assessment
عرض الإجابة
اجابة صحيحة: C
السؤال #4
A smart retail business has a local store and a newly established and growing online storefront. A recent storm caused a power outage to the business and the local ISP, resulting in several hours of lost sales and delayed order processing. The business owner now needs to ensure two things: * Protection from power outages * Always-available connectivity In case of an outage The owner has decided to implement battery backups for the computer equipment Which of the following would BEST fulfill the owner's seco
A. Lease a point-to-point circuit to provide dedicated access
B. Connect the business router to its own dedicated UPS
C. Purchase services from a cloud provider for high availability
D. Replace the business's wired network with a wireless network
عرض الإجابة
اجابة صحيحة: D
السؤال #5
The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, incident during a pandemic or crisis, However, the CEO is concerned that some staff members may take advantage of the of the flexibility and work from high-risk countries while on holidays work to a third-party organization in another country. The Chief information Officer (CIO) believes the company can implement some basic to mitigate the majority of the ris
A. Geolocation
B. Time-of-day restrictions
C. Certificates
D. Tokens
E. Geotagging
F. Role-based access controls
عرض الإجابة
اجابة صحيحة: B
السؤال #6
Which of the following describes the ability of code to target a hypervisor from inside
A. Fog computing
B. VM escape
C. Software-defined networking
D. Image forgery
E. Container breakout
عرض الإجابة
اجابة صحيحة: D
السؤال #7
In which of the following situations would it be BEST to use a detective control type for mitigation?
A. A company implemented a network load balancer to ensure 99
B. A company designed a backup solution to increase the chances of restoring services in case of a natural disaster
C. A company purchased an application-level firewall to isolate traffic between the accounting department and the information technology department
D. A company purchased an IPS system, but after reviewing the requirements, the appliance was supposed to monitor, not block, any traffic
E. A company purchased liability insurance for flood protection on all capital assets
عرض الإجابة
اجابة صحيحة: AC
السؤال #8
A security analyst is looking for a solution to help communicate to the leadership team the seventy levels of the organization’s vulnerabilities. Which of the following would BEST meet this need?
A. CVE
B. SIEM
C. SOAR
D. CVSS
عرض الإجابة
اجابة صحيحة: A
السؤال #9
An organization that is located in a flood zone is MOST likely to document the concerns associated with the restoration of IT operation in a:
A. business continuity plan
B. communications plan
C. disaster recovery plan
D. continuity of operations plan
عرض الإجابة
اجابة صحيحة: C
السؤال #10
A security analyst has received an alert about being sent via email. The analyst’s Chief information Security Officer (CISO) has made it clear that PII must be handle with extreme care From which of the following did the alert MOST likely originate?
A. S/MIME
B. DLP
C. IMAP
D. HIDS
عرض الإجابة
اجابة صحيحة: D
السؤال #11
While checking logs, a security engineer notices a number of end users suddenly downloading files with the .t ar.gz extension. Closer examination of the files reveals they are PE32 files. The end users state they did not initiate any of the downloads. Further investigation reveals the end users all clicked on an external email containing an infected MHT file with an href link a week prior. Which of the following is MOST likely occurring?
A. A RAT was installed and is transferring additional exploit tools
B. The workstations are beaconing to a command-and-control server
C. A logic bomb was executed and is responsible for the data transfers
D. A fireless virus is spreading in the local network environment
عرض الإجابة
اجابة صحيحة: C
السؤال #12
A cybersecurity analyst needs to implement secure authentication to third-party websites without users’ passwords. Which of the following would be the BEST way to achieve this objective?
A. OAuth
B. SSO
C. SAML
D. PAP
عرض الإجابة
اجابة صحيحة: BE
السؤال #13
A company wants to deploy PKI on its Internet-facing website. The applications that are currently deployed are: www.company.com (main website) contactus.company.com (for locating a nearby location) quotes.company.com (for requesting a price quote) The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store.company.com. Which of the following certificate types would BEST meet the requirem
A. SAN
B. Wildcard
C. Extended validation
D. Self-signed
عرض الإجابة
اجابة صحيحة: AB
السؤال #14
A security analyst needs to be proactive in understand the types of attacks that could potentially target the company's execute. Which of the following intelligence sources should to security analyst review?
A. Vulnerability feeds
B. Trusted automated exchange of indicator information
C. Structured threat information expression
D. Industry information-sharing and collaboration groups
عرض الإجابة
اجابة صحيحة: B
السؤال #15
A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery?
A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis
B. Restrict administrative privileges and patch ail systems and applications
C. Rebuild all workstations and install new antivirus software
D. Implement application whitelisting and perform user application hardening
عرض الإجابة
اجابة صحيحة: C
السؤال #16
A security analyst needs to implement an MDM solution for BYOD users that will allow the company to retain control over company emails residing on the devices and limit data exfiltration that might occur if the devices are lost or stolen. Which of the following would BEST meet these requirements? (Select TWO).
A. Full-device encryption
B. Network usage rules
C. Geofencing
D. Containerization
E. Application whitelisting
F. Remote control
عرض الإجابة
اجابة صحيحة: B

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: