1. A cybersecurity consultant found common vulnerabilities across the following services used by multiple servers at an organization: VPN, SSH, and HTTPS. Whichof the following is the MOST likely reason for the discovered vulnerabilities?

A) Vulnerable implementation of PEAP
B) Weak level of encryption entropy
C) Common initialization vector
D) Vulnerable version of OpenSSL
E) Leaked PKI private key


2. Which of the following systems would be at the GREATEST risk of compromise if found to have an open vulnerability associated with perfect forward secrecy?

A) VPN concentrators
B) SIEM
C) Virtual hosts
D) Layer 2 switches
E) Endpoints


3. After analyzing and correlating activity from multiple sensors, the security analyst has determined a group from a high-risk country is responsible for a sophisticatedbreach of the company network and continuous administration of targeted attacks for the past three months. Until now, the attacks went unnoticed. This is anexample of:

A) malicious insider threat.
B) privilege escalation.
C) spear phishing.
D) advanced persistent threat.



4. An organization wants to harden its web servers. As part of this goal, leadership has directed that vulnerability scans be performed, and the security team shouldremediate the servers according to industry best practices. The team has already chosen a vulnerability scanner and performed the necessary scans, and now theteam needs to prioritize the fixes. Which of the following would help to prioritize the vulnerabilities for remediation in accordance with industry best practices?

A) ITIL
B) OpenVAS
C) CVSS
D) Qualys
E) SLA


5. Which of the following commands would a security analyst use to make a copy of an image for forensics use?

A) rm
B) touch
C) dd
D) wget