After downloading third-party software, a user begins receiving continuous pop-up messages stating the Windows antivirus is outdated. The user is unable to access any files or programs until the subscription is renewed with Bitcoin. Which of the following types of attacks is being executed?

A. Spyware

B. Crypto-malware

C. Adware

D. Ransomware

A company has just completed a vulnerability scan of its servers. A legacy application that monitors the HVAC system in the datacenter presents several challenges, as the application vendor is no longer in business.

Which of the following secure network architecture concepts would BEST protect the other company servers if the legacy server were to be exploited?

A. Virtualization

B. Air gap

C. VLAN

D. Extranet

A group of non-profit agencies wants to implement a cloud service to share resources with each other and minimize costs. Which of the following cloud deployment models BEST describes this type of effort?

A. Public

B. Hybrid

C. Community

D. Private

A researcher has been analyzing large data sets for the last ten months. The researcher works with colleagues from other institutions and typically connects via SSH to retrieve additional data. Historically, this setup has worked without issue, but the researcher recently started getting the following message:

Which of the following network attacks Is the researcher MOST likely experiencing?

A. MAC cloning

B. Evil twin

C. Man-in-the-middle

D. ARP poisoning

While reviewing the security controls in place for a web-based application, a security controls assessor notices that there are no password strength requirements in place. Because of this vulnerability, passwords might be easily discovered using a brute force attack. Which of the following password requirements will MOST effectively improve the security posture of the application against these attacks? (Select two)

A. Minimum complexity

B. Maximum age limit

C. Maximum length

D. Minimum length

E. Minimum age limit

F. Minimum re-use limit

A global gaming console manufacturer is launching a new gaming platform to its customers. Which of the following controls reduces the risk created by malicious gaming customers attempting to circumvent control by way of modifying consoles?

A. Firmware version control

B. Manual software upgrades

C. Vulnerability scanning

D. Automatic updates

E. Network segmentation

F. Application firewalls

Which of the following terms BEST describes an exploitable vulnerability that exists but has not been publicly disclosed yet?

A. Design weakness

B. Zero-day

C. Logic bomb

D. Trojan

Which of the following is unique to a stream cipher?

A. It encrypt 128 bytes at a time.

B. It uses AES encryption.

C. It performs bit-level encryption.

D. It is used in HTTPS.

An organization needs to integrate with a third-party cloud application. The organization has 15000 users and does not want to allow the cloud provider to query its LDAP authentication server directly. Which of the following is the BEST way for the organization to integrate with the cloud application?

A. Upload a separate list of users and passwords with a batch import.

B. Distribute hardware tokens to the users for authentication to the cloud.

C. Implement SAML with the organization's server acting as the identity provider.

D. Configure a RADIUS federation between the organization and the cloud provider.

An office manager found a folder that included documents with various types of data relating to corporate clients. The office manager notified the data included dates of birth, addresses, and phone numbers for the clients. The office manager then reported this finding to the security compliance officer. Which of the following portions of the policy would the security officer need to consult to determine if a breach has occurred?

A. Public

B. Private

C. PHI

D. PII