SY0-701 Dumps Questions – Effective Way to Get Certified

1. Which of the following techniques can be used to sanitize the data contained on a hard drive while allowing for the hard drive to be repurposed?

2. A new employee accessed an unauthorized website. An investigation found that the employee

violated the company's rules.

Which of the following did the employee violate?

3. Which of the following types of vulnerabilities is primarily caused by improper use and management of cryptographic certificates?

4. Which of the following steps in the risk management process involves establishing the scope and potential risks involved with a project?

5. Which of the following consequences would a retail chain most likely face from customers in the event the retailer is non-compliant with PCI DSS?

6. A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption.

Which of the following best describes this step?

7. The security operations center is researching an event concerning a suspicious IP address A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced faded log-In attempts when authenticating from the same IP address:





Which of the following most likely describes attack that took place?

8. One of a company's vendors sent an analyst a security bulletin that recommends a BIOS update.

Which of the following vulnerability types is being addressed by the patch?

9. An administrator is Investigating an incident and discovers several users’ computers were Infected with malware after viewing files mat were shared with them. The administrator discovers no degraded performance in the infected machines and an examination of the log files does not show excessive failed logins.

Which of the following attacks Is most likely the cause of the malware?

10. Which of the following is a common data removal option for companies that want to wipe sensitive data from hard drives in a repeatable manner but allow the hard drives to be reused?

11. A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message.

Which of the following should the analyst do?

12. An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25.

Which of the following firewall ACLs will accomplish this goal?

13. Which of the following best describe the benefits of a microservices architecture when compared to a monolithic architecture? (Select two).

14. A security analyst is prioritizing vulnerability scan results using a risk-based approach.

Which of the following is the most efficient resource for the analyst to use?

15. A bank insists all of its vendors must prevent data loss on stolen laptops.

Which of the following strategies is the bank requiring?

16. Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?

17. A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours.

Which of the following is most likely occurring?

18. An external security assessment report indicates a high click rate on suspicious emails. The Chief Intelligence Security Officer (CISO) must reduce this behavior.

Which of the following should the CISO do first?

19. An organization is looking to optimize its environment and reduce the number of patches necessary for operating systems.

Which of the following will best help to achieve this objective?

20. A new employee logs in to the email system for the first time and notices a message from human resources about onboarding. The employee hovers over a few of the links within the email and discovers that the links do not correspond to links associated with the company.

Which of the following attack vectors is most likely being used?

21. An engineer needs to ensure that a script has not been modified before it is launched.

Which of the following best provides this functionality?

22. When trying to access an internal website, an employee reports that a prompt displays, stating that the site is insecure.

Which of the following certificate types is the site most likely using?

23. Cadets speaking a foreign language are using company phone numbers to make unsolicited phone calls lo a partner organization. A security analyst validates through phone system logs that the calls are occurring and the numbers are not being spoofed.

Which of the following is the most likely explanation?

24. Which of the following should an internal auditor check for first when conducting an audit of the organization's risk management program?

25. Which of the following is best used to detect fraud by assigning employees to different roles?

26. An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website.

Which of the following should the administrator do?

27. A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 002.1X for access control. To be allowed on the network, a device must have a Known hardware address, and a valid user name and password must be entered in a captive portal.

The following is the audit report:





Which of the following is the most likely way a rogue device was allowed to connect?

28. Which of the following agreements defines response time, escalation, and performance metrics?

29. Which of the following is the most likely benefit of conducting an internal audit?

30. A security engineer is implementing FDE for all laptops in an organization.

Which of the following are the most important for the engineer to consider as part of the planning process? (Select two).

31. Which of the following cryptographic solutions protects data at rest?

32. An enterprise security team is researching a new security architecture to better protect the company's networks and applications against the latest cyberthreats. The company has a fully remote workforce. The solution should be highly redundant and enable users to connect to a VPN with an integrated, software-based firewall.

Which of the following solutions meets these requirements?

33. A company is implementing a policy to allow employees to use their personal equipment for work.

However, the company wants to ensure that only company-approved applications can be installed.

Which of the following addresses this concern?

34. A company is implementing a vendor's security tool in the cloud. The security director does not want to manage users and passwords specific to this tool but would rather utilize the company's standard user directory.

Which of the following should the company implement?

35. Which of the following should a systems administrator use to decrease the company's hardware attack surface?

36. A security analyst learns that an attack vector, used as part of a recent incident, was a well-known IoT device exploit. The analyst needs to review logs to identify the time of the initial exploit.

Which of the following logs should the analyst review first?

37. A security analyst is reviewing the security of a SaaS application that the company intends to purchase.

Which of the following documentations should the security analyst request from the SaaS application vendor?

38. Sine© a recent upgrade (o a WLAN infrastructure, several mobile users have been unable to access the internet from the lobby. The networking team performs a heat map survey of the building and finds several WAPs in the area. The WAPs are using similar frequencies with high power settings.

Which of the following installation considerations should the security team evaluate next?

39. A legal department must maintain a backup from all devices that have been shredded and recycled by a third party.

Which of the following best describes this requirement?

40. A penetration test has demonstrated that domain administrator accounts were vulnerable to pass-the-hash attacks.

Which of the following would have been the best strategy to prevent the threat actor from using domain administrator accounts?

41. Which of the following would a systems administrator follow when upgrading the firmware of an organization's router?

42. During a SQL update of a database, a temporary field that was created was replaced by an attacker in order to allow access to the system.

Which of the following best describes this type of vulnerability?

43. A security engineer is working to address the growing risks that shadow IT services are introducing to the organization. The organization has taken a cloud-first approach end does not have an on-premises IT infrastructure.

Which of the following would best secure the organization?

44. The Cruel Information Security Officer (CISO) asks a security analyst to install an OS update to a production VM that has a 99% uptime SLA. The CISO tells me analyst the installation must be done as quickly as possible.

Which of the following courses of action should the security analyst take first?

45. An administrator wants to automate an account permissions update for a large number of accounts.

Which of the following would best accomplish this task?

46. An organization is adopting cloud services at a rapid pace and now has multiple SaaS applications in use. Each application has a separate log-in. so the security team wants to reduce the number of credentials each employee must maintain.

Which of the following is the first step the security team should take?

47. An accounting clerk sent money to an attacker's bank account after receiving fraudulent instructions over the phone to use a new account.

Which of the following would most likely prevent this activity in the future?

48. A security analyst sees an increase of vulnerabilities on workstations after a deployment of a company group policy.

Which of the following vulnerability types will the analyst most likely find on the workstations?

49. A spoofed identity was detected for a digital certificate.

Which of the following are the type of unidentified key and the certificate mat could be in use on the company domain?

50. An attorney prints confidential documents to a copier in an office space near multiple workstations and a reception desk. When the attorney goes to the copier to retrieve the documents, the documents are missing.

Which of the following would best prevent this from reoccurring?

51. An organization is required to provide assurance that its controls are properly designed and operating effectively.

Which of the following reports will best achieve the objective?

52. An MSSP manages firewalls for hundreds of clients.

Which of the following tools would be most helpful to create a standard configuration template in order to improve the efficiency of firewall changes?

53. Which of the following exercises should an organization use to improve its incident response process?

54. A systems administrator is concerned users are accessing emails through a duplicate site that is not run by the company.

Which of the following is used in this scenario?

55. A vendor needs to remotely and securely transfer files from one server to another using the command line.

Which of the following protocols should be Implemented to allow for this type of access? (Select two).

56. A security administrator protects passwords by using hashing.

Which of the following best describes what the administrator is doing?

57. Visitors to a secured facility are required to check in with a photo ID and enter the facility through an access control vestibule.

Which of the following but describes this form of security control?

58. Client files can only be accessed by employees who need to know the information and have specified roles in the company.

Which of the following best describes this security concept?

59. Which of the following is the best mitigation for a zero-day vulnerability found in mission-critical production servers that must be highly available?

60. A financial institution would like to store its customer data m the cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution Is not concerned about computational overheads and slow speeds.

Which of the following cryptographic techniques would best meet the requirement?

61. A security analyst wants to better understand the behavior of users and devices in order to gain visibility into potential malicious activities. The analyst needs a control to detect when actions deviate from a common baseline.

Which of the following should the analyst use?

62. A company processes and stores sensitive data on its own systems.

Which of the following steps should the company take first to ensure compliance with privacy regulations?

63. Which of the following can be used to mitigate attacks from high-risk regions?

64. A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies.

Which of the following is the most important consideration during development?

65. An employee receives a text message from an unknown number claiming to be the company's Chief Executive Officer and asking the employee to purchase several gift cards.

Which of the following types of attacks does this describe?

66. A company prevented direct access from the database administrators’ workstations to the network segment that contains database servers.

Which of the following should a database administrator use to access the database servers?

67. A company is expanding its threat surface program and allowing individuals to security test the company’s internet-facing application. The company will compensate researchers based on the vulnerabilities discovered.

Which of the following best describes the program the company is setting up?

68. An accounting employee recently used software that was not approved by the company.

Which of the following risks does this most likely represent?

69. Which of the following is die most important security concern when using legacy systems to provide production service?

70. A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system.

Which of the following would detect this behavior?

71. In which of the following will unencrypted PLC management traffic most likely be found?

72. Which of the following Is a common, passive reconnaissance technique employed by penetration testers in the early phases of an engagement?

73. Which of the following is the act of proving to a customer that software developers are trained on secure coding?

74. A company is changing its mobile device policy.

The company has the following requirements:

Company-owned devices

Ability to harden the devices

Reduced security risk

Compatibility with company resources

Which of the following would best meet these requirements?

75. A security analyst receives an alert from a corporate endpoint used by employees to issue visitor badges. The alert contains the following details:

Which of the following best describes the indicator that triggered the alert?

76. A company discovered its data was advertised for sale on the dark web. During the initial investigation, the company determined the data was proprietary data.

Which of the following is the next step the company should take?

77. During a SQL update of a database, a temporary field used as part of the update sequence was modified by an attacker before the update completed in order to allow access to the system.

Which of the following best describes this type of vulnerability?

78. Which of the following activities is the first stage in the incident response process?

79. A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team.

Which of the following best describes the threat actor in the CISO's report?

80. A security administrator receives multiple reports about the same suspicious email.

Which of the following is the most likely reason for the malicious email's continued delivery?

81. An administrator needs to perform server hardening before deployment.

Which of the following steps should the administrator take? (Select two).

82. During a penetration test in a hypervisor, the security engineer is able to inject a malicious payload and access the host filesystem.

Which of the following best describes this vulnerability?

83. The security operations center is researching an event concerning a suspicious IP address A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced faded log-In attempts when authenticating from the same IP address:





Which of the following most likely describes attack that took place?

84. A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider.

Which of the following is a risk in the new system?

85. 45.101.121 ----- [28/Jul/2022:10:27:22 -0300] "GET /query.php?q=mp3%20players I HTTP/1.0" 200

14650

Which of the following should the analyst do first?

86. A security analyst is creating base for the server team to follow when hardening new devices for deployment.

Which of the following beet describes what the analyst is creating?

87. A company decides to purchase an insurance policy.

Which of the following risk management strategies is this company implementing?

88. A penetration tester was able to gain unauthorized access to a hypervisor platform.

Which of the following vulnerabilities was most likely exploited?

89. A company’s web filter is configured to scan the URL for strings and deny access when matches are found.

Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?

90. A company discovers suspicious transactions that were entered into the company's database and attached to a user account that was created as a trap for malicious activity.

Which of the following is the user account an example of?

91. A security engineer is installing an IPS to block signature-based attacks in the environment.

Which of the following modes will best accomplish this task?

92. 1.Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?

93. For which of the following reasons would a systems administrator leverage a 3DES hash from an installer file that is posted on a vendor's website?

94. A company is working with a vendor to perform a penetration test.

Which of the following includes an estimate about the number of hours required to complete the engagement?

95. Which of the following methods to secure data is most often used to protect data in transit?

96. An analyst is evaluating the implementation of Zero Trust principles within the data plane.

Which of the following would be most relevant for the analyst to evaluate?

97. A systems administrator receives a text message from an unknown number claiming to be the Chief Executive Officer of the company. The message states an emergency situation requires a password reset.

Which of the following threat vectors is being used?

98. A systems administrator needs to provide traveling employees with a tool that will protect company devices regardless of where they are working.

Which of the following should the administrator implement?

99. Which of the following technologies can achieve microsegmentation?

100. A systems administrator notices that the research and development department is not using the company VPN when accessing various company-related services and systems.

Which of the following scenarios describes this activity?

101. SIMULATION

An organization has learned that its data is being exchanged on the dark web. The CIO has requested that you investigate and implement the most secure solution to protect employee accounts.



INSTRUCTIONS

Review the data to identify weak security practices and provide the most appropriate security solution to meet the CIO's requirements.

102. An organization’s internet-facing website was compromised when an attacker exploited a buffer overflow.

Which of the following should the organization deploy to best protect against similar attacks in the future?

103. A security audit of an organization revealed that most of the IT staff members have domain administrator credentials and do not change the passwords regularly.

Which of the following solutions should the security learn propose to resolve the findings in the most complete way?

104. After completing an annual external penetration test, a company receives the following guidance:

Decommission two unused web servers currently exposed to the internet.

Close 18 open and unused ports found on their existing production web servers.

Remove company email addresses and contact info from public domain registration records.

Which of the following does this represent?

105. A security administrator needs to reduce the attack surface in the company's data centers.

Which of the following should the security administrator do to complete this task?

106. A systems administrator wants to use a technical solution to explicitly define file permissions for the entire team.

Which of the following should the administrator implement?

107. Which of the following best describes the concept of information being stored outside of its country of origin while still being subject to the laws and requirements of the country of origin?

108. An engineer has ensured that the switches are using the latest OS, the servers have the latest patches, and the endpoints' definitions are up to date.

Which of the following will these actions most effectively prevent?

109. HOTSPOT

You are security administrator investigating a potential infection on a network.

Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.

110. A company wants to ensure employees are allowed to copy files from a virtual desktop during the workday but are restricted during non-working hours.

Which of the following security measures should the company set up?

111. Which of the following describes the process of concealing code or text inside a graphical image?

112. Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?

113. A company wants to get alerts when others are researching and doing reconnaissance on the company One approach would be to host a part of the Infrastructure online with known vulnerabilities that would appear to be company assets.

Which of the following describes this approach?

114. To which of the following security categories does an EDR solution belong?

115. An employee clicks a malicious link in an email that appears to be from the company's Chief Executive Officer. The employee's computer is infected with ransomware that encrypts the company's files.

Which of the following is the most effective way for the company to prevent similar incidents in the future?

116. A security analyst is investigating an application server and discovers that software on the server is behaving abnormally. The software normally runs batch jobs locally and does not generate traffic, but the process is now generating outbound traffic over random high ports.

Which of the following vulnerabilities has likely been exploited in this software?

117. Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?

118. Which of the following is a preventive physical security control?

119. A certificate authority needs to post information about expired certificates.

Which of the following would accomplish this task?

120. A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users.

Which of the following would be a good use case for this task?

121. Which of the following can be used to identify potential attacker activities without affecting production servers?

122. A security analyst scans a company's public network and discovers a host is running a remote desktop that can be used to access the production network.

Which of the following changes should the security analyst recommend?

123. Which of the following is a type of vulnerability that involves inserting scripts into web-based applications in order to take control of the client's web browser?

124. The security team notices that the Always On VPN solution sometimes fails to connect. This leaves remote users unprotected because they cannot connect to the on-premises web proxy.

Which of the following changes will best provide web protection in this scenario?

125. Which of the following would be most useful in determining whether the long-term cost to transfer a risk is less than the impact of the risk?

126. Which of the following would be best suited for constantly changing environments?

127. A network engineer is increasing the overall security of network devices and needs to harden the devices.

Which of the following will best accomplish this task?

128. A Chief Security Officer signs off on a request to allow inbound SMB and RDP from the internet to a single VLAN.

Which of the following is the most likely explanation for this activity?

129. Which of the following would help ensure a security analyst is able to accurately measure the overall risk to an organization when a new vulnerability is disclosed?

130. Which of the following is used to validate a certificate when it is presented to a user?

131. Which of the following control types is AUP an example of?

132. A company is discarding a classified storage array and hires an outside vendor to complete the disposal.

Which of the following should the company request from the vendor?

133. Which of the following is a type of vulnerability that may result from outdated algorithms or keys?

134. A malicious insider from the marketing team alters records and transfers company funds to a personal account.

Which of the following methods would be the best way to secure company records in the future?

135. Which of the following best protects sensitive data in transit across a geographically dispersed Infrastructure?

136. After a series of account compromises and credential misuse, a company hires a security manager to develop a security program.

Which of the following steps should the security manager take first to increase security awareness?

137. Which of the following agreements defines response time, escalation points, and performance metrics?

138. Which of the following strategies should an organization use to efficiently manage and analyze multiple types of logs?

139. While troubleshooting a firewall configuration, a technician determines that a “deny any” policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable.

Which of the following actions would prevent this issue?

140. A network manager wants to protect the company's VPN by implementing multifactor authentication that uses:

. Something you know

. Something you have

. Something you are

Which of the following would accomplish the manager's goal?

141. Which of the following teams combines both offensive and defensive testing techniques to protect an organization's critical systems?

142. Which of the following agreement types defines the time frame in which a vendor needs to respond?

143. A security analyst reviews domain activity logs and notices the following:





Which of the following is the best explanation for what the security analyst has discovered?

144. A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops No known Indicators of compromise have been found on the network.

Which of the following should the team do first to secure the environment?

145. A security analyst locates a potentially malicious video file on a server and needs to identify both the creation date and the file's creator.

Which of the following actions would most likely give the security analyst the information required?

146. After an audit, an administrator discovers all users have access to confidential data on a file server.

Which of the following should the administrator use to restrict access to the data quickly?

147. HOTSPOT

Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.



INSTRUCTIONS

Not all attacks and remediation actions will be used.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

148. An organization needs to monitor its users' activities to prevent insider threats.

Which of the following solutions would help the organization achieve this goal?

149. A company is considering an expansion of access controls for an application that contractors and internal employees use to reduce costs.

Which of the following risk elements should the implementation team understand before granting access to the application?

150. A company's website is www. Company. com Attackers purchased the domain wwww.company.com Which of the following types of attacks describes this example?

151. A security analyst discovers that a large number of employee credentials had been stolen and were being sold on the dark web. The analyst investigates and discovers that some hourly employee credentials were compromised, but salaried employee credentials were not affected.

Most employees clocked in and out while they were Inside the building using one of the kiosks connected to the network. However, some clocked out and recorded their time after leaving to go home. Only those who clocked in and out while Inside the building had credentials stolen. Each of the kiosks are on different floors, and there are multiple routers, since the business segments environments for certain business functions.

Hourly employees are required to use a website called acmetimekeeping.com to clock in and out. This website is accessible from the internet.

Which of the following Is the most likely reason for this compromise?

152. An employee decides to collect PII data from the company's system for personal use. The employee compresses the data into a single encrypted file before sending the file to their personal email. The security department becomes aware of the attempted misuse and blocks the attachment from leaving the corporate environment.

Which of the following types of employee training would most likely reduce the occurrence of this type of issue? (Select two).

153. A company wants to update its disaster recovery plan to include a dedicated location for immediate continued operations if a catastrophic event occurs.

Which of the following options is best to include in the disaster recovery plan?

154. An employee from the accounting department logs in to a website. A desktop application automatically downloads on the employee's computer.

Which of the following has occurred?

155. A systems administrator receives the following alert from a file integrity monitoring tool:

The hash of the cmd.exe file has changed.

The systems administrator checks the OS logs and notices that no patches were applied in the last two months.

Which of the following most likely occurred?

156. A hacker gained access to a system via a phishing attempt that was a direct result of a user clicking a suspicious link. The link laterally deployed ransomware, which laid dormant for multiple weeks, across the network.

Which of the following would have mitigated the spread?

157. Two companies are in the process of merging. The companies need to decide how to standardize their information security programs.

Which of the following would best align the security programs?

158. After failing an audit twice, an organization has been ordered by a government regulatory agency to pay fines.

Which of the following caused this action?

159. Which of the following best describe a penetration test that resembles an actual external attach?

160. Which of the following security concepts is the best reason for permissions on a human resources fileshare to follow the principle of least privilege?

161. In which of the following scenarios is tokenization the best privacy technique 10 use?

162. Which of the following is a benefit of an RTO when conducting a business impact analysis?

163. Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?

164. An attacker used XSS to compromise a web server.

Which of the following solutions could have been used to prevent this attack?

165. An employee from the accounting department logs in to the website used for processing the company's payments. After logging in, a new desktop application automatically downloads on the employee's computer and causes the computer to restart.

Which of the following attacks has occurred?

166. A company has a website in a server cluster. One server is experiencing very high usage, while others are nearly unused.

Which of the following should the company configure to help distribute traffic quickly?

167. An administrator is installing an SSL certificate on a new system. During testing, errors indicate that the certificate is not trusted. The administrator has verified with the issuing CA and has validated the private key.

Which of the following should the administrator check for next?

168. A legacy device is being decommissioned and is no longer receiving updates or patches.

Which of the following describes this scenario?

169. While reviewing logs, a security administrator identifies the following code:



Which of the following best describes the vulnerability being exploited?

170. Which of the following is the most important element when defining effective security governance?

171. Which of the following factors are the most important to address when formulating a training curriculum plan for a security awareness program? (Select two).

172. A group of developers has a shared backup account to access the source code repository.

Which of the following is the best way to secure the backup account if there is an SSO failure?

173. Which of the following would be the best way to test resiliency in the event of a primary power failure?

174. Which of the following aspects of the data management life cycle is most directly impacted by local and international regulations?

175. Which of the following is an algorithm performed to verify that data has not been modified?

176. Which of the following is the best way to prevent an unauthorized user from plugging a laptop into an employee's phone network port and then using tools to scan for database servers?

177. Which of the following allows an exploit to go undetected by the operating system?

178. Which of the following would a security administrator use to comply with a secure baseline during a patch update?

179. Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked.

Which of the following changes would allow users to access the site?

180. Which of the following allows for the attribution of messages to individuals?

181. Which of the following best explains a concern with OS-based vulnerabilities?

182. A systems administrator works for a local hospital and needs to ensure patient data is protected and secure.

Which of the following data classifications should be used to secure patient data?

183. A program manager wants to ensure contract employees can only use the company’s computers Monday through Friday from 9 a.m. to 5 p.m.

Which of the following would best enforce this access control?

184. The executive management team is mandating the company develop a disaster recovery plan. The cost must be kept to a minimum, and the money to fund additional internet connections is not available.

Which of the following would be the best option?

185. Which of the following is a feature of a next-generation SIEM system?

186. A company is in the process of cutting jobs to manage costs. The Chief Information Security Officer is concerned about the increased risk of an insider threat.

Which of the following would most likely help the security awareness team address this potential threat?

187. The Chief Information Security Officer wants to put security measures in place to protect PlI. The organization needs to use its existing labeling and classification system to accomplish this goal.

Which of the following would most likely be configured to meet the requirements?

188. Which of the following is the best way to remove personal data from a social media account that is no longer being used?

189. A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring.

Which of the following strategies would best accomplish this goal?

190. Which of the following control types describes an alert from a SIEM tool?

191. A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks.

SIEM alerts have not yet been configured.

Which of the following best describes what the security analyst should do to identify this behavior?

192. An organization has a new regulatory requirement to implement corrective controls on a financial system.

Which of the following is the most likely reason for the new requirement?