A penetration test is conducted without prior knowledge of the internal systems or network. What type of test is this?

A company maintains a list of identified risks, their likelihood, potential impact, and mitigation strategies. This document is known as a:

Which of the following MOST likely occurs during a security awareness training program?

A company fails a compliance audit and is fined for violating privacy regulations. This situation illustrates which aspect of compliance?

A threat actor uses a social engineering call pretending to be IT support and tricks a user into revealing login credentials. Which attack vector is used? 

Which of the following BEST describes attestation in a security audit context?

A vendor’s contract requires an annual review of their security posture, including penetration testing and results sharing. This requirement is part of:

A company’s board sets the maximum level of risk the organization is willing to accept when pursuing new business. What is this called?

A security manager presents to executives that risk of ransomware could cause $2M in downtime losses. This discussion falls under which process?

A company defines that employees must change passwords every 90 days and that passwords must be 12 characters long. What type of document defines these requirements?

A security team creates a document describing how to respond to malware infections step-by-step. What type of document is this?

An investigator collects volatile memory data before imaging the hard drive of a compromised workstation. Why is this order important?

An incident response team is reviewing logs and system memory to identify how an attacker gained access. Which phase of incident response are they performing?

A company uses a Python script to automatically quarantine devices that trigger IDS alerts. This process exemplifies which concept?

A SOC analyst notices repeated failed logins on an administrator account from multiple IP addresses. What should the analyst do FIRST?

A vulnerability scan identifies missing patches on 10 servers. The administrator applies the patches and reruns the scan to confirm remediation. Which phase of the vulnerability management process is this?

During asset disposal, a technician uses a degausser to wipe old hard drives before recycling. This process supports which principle?

A company wants to detect and block malware on endpoints in real time while correlating alerts across multiple hosts. Which solution BEST meets this need?

A mobile device management (MDM) policy requires users to unlock their phones using both a PIN and fingerprint. What type of control is this?

Which of the following BEST describes hardening a server?

A security administrator applies baseline configurations to all new laptops before deployment. What is the PRIMARY goal of this process?

A company’s web application is hosted across multiple load-balanced servers in different regions to ensure continuous access even during outages. This configuration represents:

Infrastructure as Code (IaC) provides which main security benefit?

During a power outage, a company’s servers stay operational for 20 minutes using an uninterruptible power supply (UPS). This technology primarily supports:

A data classification policy labels certain information as “Confidential.” Which of the following should accompany that label?

A company replicates its database server to a secondary site every hour in case of disaster. This is an example of:

Encrypting stored medical records to comply with HIPAA primarily protects which data state?

Which of the following BEST supports the principle of least functionality in a cloud server environment?

A manufacturing plant wants to prevent attackers from manipulating robotic arms connected to the network. Which architecture model is most relevant?

Which of the following BEST describes an advantage of virtualization from a security perspective?

A company decides to migrate its internal web servers to Amazon Web Services. This is an example of which architecture model?

Developers are required to apply security patches within seven days of release. This policy primarily helps mitigate which type of issue?

A company deploys VLANs to separate its development, production, and testing environments. Which mitigation technique is this an example of?

An attacker uses password spray tactics across many accounts, trying “Welcome123” as the password. Which mitigation would be most effective?

A criminal physically attaches a rogue access point inside an office building to intercept network traffic. What type of attack is this?

An unpatched web server allows attackers to perform SQL injection. Which vulnerability category does this fall under?

An attacker inserts malicious code into an open-source library later imported into production software. What type of attack is this?

A phishing email includes a malicious attachment that executes ransomware when opened. Which threat vector was used?

An employee accidentally installs unauthorized cloud storage software that syncs company files automatically. What type of threat does this represent?

A financially motivated cybercriminal group gains access to a retailer’s payment processing system and sells the data on the dark web. Which type of threat actor is this?

During change management, which process ensures that changes made by multiple engineers don’t overwrite each other’s work?

Which of the following technologies MOST aligns with deception/disruption strategies?

A company wants to store certificates and manage revocation lists. Which cryptographic solution should it implement?

A hash function is primarily used to:

A company creates a “back-out plan” before installing a major system update. This is most closely related to which change management element?

What is the primary purpose of Zero Trust architecture?

Which of the following BEST represents non-repudiation?

A company enforces the principle of least privilege by ensuring users only have the permissions necessary to perform their duties. This directly supports which aspect of the CIA triad?

An organization uses CCTV cameras to monitor data center entrances. What type of control is this?

Which of the following best describes a preventive security control?