1)​ A security technician observes that the data cente’s server racks are accessible to all

employees, posing a risk to critical infrastructure. What is the most appropriate

physical control to mitigate the risk?
a)​ Implement a network intrusion detection system
b)​ install locks on the server rack doors <-
c)​ update the antivirus software on the servers
d)​ conduct a risk assessment of the data center
2)​ A security professional notices an unusual pattern of outgoing traffic from a server
hosting sensitive data. The traffic suggests potential data exfiltration. What technical
control should be implemented IMMIDIATELY to best address this issue?
a)​ install a firewall to monitor and control incoming and outgoing network
traffic <-
b)​ conduct security awareness training for employees
c)​ implement biometric access controls to the server room
d)​ review and update the company’s security policies
3)​ The company has faced several instances of tailgating, where unauthorized
individuals gain access by following employees into restricted areas. Which deterrent
control would be most effective in reducing the occurrence of tailgating?
a)​ install more surveillance cameras at all entry points <-
b)​ implement stricter password policies
c)​ conduct regular security audits of the access control systems
d)​ set up a software based IPS
4)​ A smartphone user wants to access features not available in the standard operating
system. What method would enable this?
a)​ exploiting database vulnerabilities
b)​ utilizing scripting vulnerabilities
c)​ jailbreaking <-
d)​ direct software instalation
5)​ A security professional is reviewing the security measures of a financial firm’s data
storage system to ensure it aligns with the C and I of the CIA triad. Which of the
following actions would BEST ensure adherence of the C and I?
a)​ encrypting stored data <-
b)​ implementing a firewall
c)​ regularly updating sofware
d)​ conducting background checks on employees
6)​ A security professional is tasked with identifying the discrepancies between the
current security posture and the desired state of security in their organization. Which
process should the security professional undertake to identify these discrepancies?
a)​ risk assessment
b)​ gap analysis <-
c)​ penetration testing
d)​ compliance auditing
7)​ A security professional is enhancing the physical security measures of a corporate
building located in a busy downtown area, with a focus on mitigating vehicle-based
threats. Which physical security measure is most suitable for protecting the building
against potential vehicle ramming attacks while allowing pedestrian access?
a)​ installing video surveillance cameras around the building perimeter
b)​ implementing an access control vestibule at the main entrance
 c)​ erecting bollards along the building’s street-facing side <-
d)​ enhancing the lighting around the building’s entrance
8)​ A security technician is proposing the implementation of a new firewall system in their
organization. The proposal includes significant changes to the current network
infrastructure. Before implementing the new firewall system, what is the first step the
security technician should do before installing the new system?
a)​ conducting an impact analysis of the new system on current operations
b)​ obtaining formal approval for the project from senior management
c)​ scheduling a maintenance window for the implementation
d)​ preparing a backout plan in case the implementation fails <-
i)​ -> Comentário: a correta é a letra B. Eu cheguei a imaginar que
era ela, mas pensei que se já estivesse no estágio de
implementação, já teria passado pela aprovação… Da mesma
forma, a letra A já teria acontecido, já que a própria questão fala
que “teria alterações significantes”...
9)​ Which of the following teams combines both offensive and defensive testing of a
company’s network?
a)​ Red
b)​ White
c)​ Blue <-
d)​ Purple
i)​ Correta é purple team
10)​What should a security analysis do to ensure evidence is handled correctly?
a)​ chain of custody <-
b)​ collection
c)​ hand over
d)​ storage
11)​Two security professionals are setting up a secure communication channel between
their organizations. They need a secure way to establish a shared secret key for
symmetric encryption. Which method should they use to securely exchange the
symmetric key?
a)​ public key infrastructure (PKI) for key exchange
b)​ directly sending the symmetric key over email
c)​ using asymmetric algorithm such as Diffie-Hellman
d)​ encrypting the key using symmetric encryption and then sending it <-
i)​ Correta é letra C - acabei ficando na dúvida e achando que era
pegadinha pq citava Diffie-Hellman - atenção Às “obviedades”
12)​A security professional is responsible for securely storing user passwords in a
database. They need a method to protect the passwords from being exposed in case
of a breach. What technique should the security professional use to safeguard user
passwords in the database?
a)​ digital signatures
b)​ hashing <-
c)​ file permission
d)​ blockchain
13)​A security professional is managing a network with multiple SSL/TLS-secured
devices. They need a mechanism to promptly revoke the trust of a compromised
 certificate across all devices. What technology should the professional use to
maintain a list of revoked certificates that can be checked by clients?
a)​ self-signed certificate
b)​ certificate signing request (CSR)
c)​ certificate revocation list (CRL) <-
d)​ third-party certificate
14)​A security technician has noticed unusual behavior from an employee who has
access to sensitive customer data. The employee’s actions are suspicious, indicating
potential malicious intent. What type of threat actor is the employee most likely
categorized as?
a)​ organized crime
b)​ nation-state
c)​ hacktivist
d)​ insider threat <-
15)​What type of cyber-attack occurs when employees of a company is tricked by a fake
website that looks legitimate?
a)​ identity theft
b)​ misinformation
c)​ watering-hole <-
d)​ spear phishing
16)​To quickly address a security vulnerability found in the firmware of IoT devices, what
is the most effective action?
a)​ conducting a risk analysis
b)​ patching <-
c)​ network restructuring
d)​ device upgradation
17)​A security professional has noticed an increase in phone calls to employees, where
the callers pose as IT support staff and request sensitive information such as login
credentials. Which technique is most lokely being used to deceive employees
through phone calls?
a)​ typoswatting
b)​ watering hole
c)​ vishing <-
d)​ whaling
18)​To identify the creator and creation date of a suspicious file found on a server, what
should a security analyst check?
a)​ file’s hash value
b)​ network activity logs
c)​ server access logs
d)​ file’s metadata <-
19)​A security professional is responsible for managing the virtualized infrastructure of a
large organization. They have heard about the concept of “Virtual Machine (VM)
escape” and its potential secutiry implications. What does the term “Virtual Machine
(VM) escape” refer to in the context of virtualization security?
a)​ The process of migrating a virtual machine from one host to another
b)​ a security breach where a malicious actor gains control of the hist
system from within a virtual machine <-
c)​ the practice of cloning virtual machines for backup purposes
 d)​ the deployment of virtual machines across multiple physical hosts for load
balancing
20)​An organization wants to enhance its security measures to prevent employees from
inadvertently installing harmful applications. What is the most effective strategy?
a)​ regular malware scan
b)​ vpn implementation
c)​ implementing an application allow list <-
d)​ user control access
21)​A security technician notices that a piece of malware is rapidly spreading through the
organization’s network resources, creating copies of itself and consuming network
resources. What type of malware attack is described in the scenario, and what is its
primary characteristic?
a)​ the scenario describes a worm attack known for its ability do
self-replicate <-
b)​ the scenario describes a trojan attack known for its deceptive appearance
c)​ the scenario describes spyware known for its rapid spread through networks
d)​ the scenario describes a logic bomb attack known for consuming network
resources
22)​A security engineer notices that several logs from critical network devices, such as
firewalls and intrusion detection systems, are missing for a period of several hours,
during which a security incident may have occurred. What should the security
engineer do to address it?
a)​ missing logs indicate that the network devices were not generating any log
data during that time, and there is no cause for concern
b)​ missing logs can be a sign of a security incident or a potential breach of
the logging system. The security engineer should investigate the cause
of the missing logs and take corrective actions <-
c)​ the missing logs are a result of log rotation, and the security engineers should
configure longer log retention periods
d)​ the published documentation regarding log storage is accurate and no action
is required
23)​A security administrator is responsible for securing servers in a data center. They
implement a security measure to control incoming and outgoing network traffic on
each server to protect against unauthorized access and network-based attacks. What
hardening technique is the security administrator primarily implementing to enhance
server security in this scenario?
a)​ default password changes
b)​ host-based firewall <-
c)​ encryption
d)​ removal of unnecessary software
24)​What is the primary characteristic of an on-premises architecture model for hosting
server and data?
a)​ reliance on third-party cloud providers
b)​ geographic distribution of resources <-
c)​ hosting servers and data within physical facilities
d)​ use of serverless computing
i)​ Resposta correta: letra C - faz sentido
25)​A security technician is responsible for implementing threat detection mechanisms in
an ICS used for managing a city’s water treatment plant. Which threat detection
mechanism is essential for monitoring and alerting on suspicious activities in an ICS
environment such as a water treatment plant?
a)​ email filtering
b)​ antivirus software
c)​ intrusion detection system (IDS) <-
d)​ mobile device management (MDM)
26)​An organization requires a way to monitor changes in its network environment. Which
system should be implemented?
a)​ firewall
b)​ intrusion prevention system <-
c)​ network access control
d)​ file integrity monitoring
i)​ fiquei irritado por ter errado essa, pq eu pensei muito na letra D (a
correta), mas eu pensei “está falando de mudanças na rede” e não
em “mudanças em arquivos”. Fica óbvio que, muitas vezes, existem
algumas pequenas pegadinhas. Acompanhar mudanças no ambiente
de rede me pareceu, depois da análise, ser mais uma coisa de uma
IPS e não de um monitor de integridade de ARQUIVOS.
27)​To enhance network security, what change should a security analyst recommend if a
remote desktop service is accessible from the internet?
a)​ implementing stronger encryption
b)​ setting up a VPN and firewall restrictions <-
c)​ changing default port configurations
d)​ increasing password complexity
28)​A large e-commerce plataform wants to ensure uninterruped service even during
peak shopping seasons. Which approach should the security professional
recommend to achieve high availability?
a)​ load balancing <-
b)​ hot site
c)​ geographic spreading
d)​ continuity of operations (inicialmente achei que era essa, pq fala, a meu ver,
do “princípio da continuidade das operações”, mas se é para o servidor
funcionar SEMPRE, mesmo em grandes acessos, os ‘canais’ precisam ser
balanceados para que nenhum servidor trave.)
29)​A company wants to ensure that only authorized devices can connect to the switch
ports. What security measure should they deploy on the switch to achieve this?
a)​ intrusion detection system (IDS)
b)​ network access control (NAC) <-
c)​ secure sockets layer (SSL)
d)​ virtual local area network (VLAN)
30)​A security technician is conducting a code review for a software development project.
They want to identify and mitigate potential vulnerabilities in the application’s source
code. What technique should the security technician employ to identify and mitigate
security vulnerabilities in the source code?
a)​ implement input validation <-
b)​ use secure cookies
 c)​ perform static code analysis
d)​ apply code signing
i)​ Correta é a letra C - preciso de explicações mais detalhadas sobre
isso rs - se possível, usando termos em inglês e tal, pq vou fazer a
prova em inglês
31)​A security professional is responsible for maintaining an accurate inventory of
software licences within an organization. They discover that some software licences
have expired, but the software is still in use. What action should the security
professional take to address the issue of expired software licenses being used?
a)​ implement data retention policies for the expired licenses <-
b)​ schedule the destruction of the software with expired licenses
c)​ initiate the acquisition/procurement process for new software licenses
d)​ disable the software
i)​ Correta - letra C. Que raiva… eu tava na letra C, mas pensei que,
talvez, primeiro seria importante essa questão de retenção dos dados
para DEPOIS iniciar o processo de aquisição da nova licensa…
32)​In a penetration testing engagement, what document typically outlines the estimated
time required for the test?
a)​ NDA
b)​ SLA
c)​ BPA
d)​ SOW <-
i)​ DETALHE: preciso urgente estudar os acrônimos…
33)​A security technician is tasked with identifying and responding to security alerts
generated by the organization’s systems and applications. Which tool or technology
should the security technician rely on to receive real-time security alerts from
systems and applications?
a)​ security content automation protocol (SCAP)
b)​ antivirus software
c)​ secutiry information and event management (SIEM) <-
d)​ archiving tools
34)​What are the best ways to ensure only authorized personnel can access a secure
research facility (select two)?
a)​ perimeter fencing
b)​ CCTV monitoring
c)​ badge access system <-
d)​ controlled access vestibule <-
e)​ visitor sign-in log
f)​ motion detectors
35)​A security technician needs to ensure that privileged users have temporary and
limited access to sensitive systems when necessary. What privileged access
management tool or concept should the security technician implement to grant
privileged users temporary and limited access to sensitive systems?
a)​ tokenization
b)​ biometric
c)​ password managers
d)​ just-in-time permissions <-
36)​A security technician is implementing automation to scale the organization’s
infrastructure in a secure manner during peak usage periods. What benefit of
automation and orchestration?
a)​ standard infrastructure configurations
b)​ cost reduction
c)​ scaling in a secure manner <-
d)​ employee retention
i)​ Correta: letra C - não pensei que isso poderia reduzir custos, mas é
interessante - Quero que vc me fale um pouco mais sobre isso.
37)​A security professional is investigating a suspected security breach in the
organization’s web application. What type of log data source is most likely to contain
information about user actions, errors, and events related to the web application?
a)​ vulnerability scans
b)​ application logs <-
c)​ endpoint logs
d)​ dashboards
38)​What is most likely to be used in a company to document risks, assign responsible
parties, and define thresholds?
a)​ Definition of risk tolerance
b)​ process of risk transfer
c)​ maintenance of a risk register

🙁
d)​ conducting a risk analysis <-
i)​ Correta: letra C
39)​A secutiry professional notices that an unauthorized device has been used to copy
the signals from legitimate RFID tags, allowing unauthorized access to a secure
area. What type of physical attack is described in the scenario, and how does it
work?
a)​ environmental attack <-
b)​ brute force attack
c)​ cloning attack
d)​ social engineering
i)​ Correta: letra C. Eu pensei nela, clonar as tags, mas pensei que isso
seria também um ataque “de ambiente”, pq o atacante nem precisaria
estar dentro da empresa, mas próximo, usando algum tipo de
captador de radiofrequência, sei lá.
40)​A security technician discovers that an attacker has gained access to a network and
positioned themselves in a way that allows them to intercept and manipulate network
traffic. What type of attack is described in the scenario, and how is the attacker
positioned?
a)​ the scenario describes a malicious code attack targeting network devices
b)​ the scenario describes an on-path attack <- (é o MITM)
c)​ the scenario describes a rootkit installed on a server
d)​ the scenario describes a security professional conducting a penetration test
41)​An organization enforces mobile devices management (MDM) policies to secure and
manage employee-owned smartphones and tables used for work. In the context of
mobile device security, what is the organization primarily achieving when enforcing
mobile device management (MDM) policies for employee-owned smartphones and
tablets?
 a)​ secure data destruction
b)​ data encryption
c)​ endpoint security <-
d)​ risk acceptance
42)​What type of reconnaissance activity is a security professional primarily engaged in
when gathering information about potential vulnerabilities on the organization’s
external network by reviewing job posting or message boards about the
organization?
a)​ passive reconnaissance <-
b)​ active reconnaissance
c)​ defensive penetration testing
d)​ known evironment testing
43)​An organization implements MFA for its employees’ access to sensitive systems and
resources. What security measure is the organization primarily implementing when
implementing MFA?
a)​ threat analysis
b)​ user authentication <-
c)​ security awareness training
d)​ access control
i)​ Nota: se estou correto, MFA tem a ver com “multiple factor
authentication”, portanto, tem a ver com autenticação do usuário
44)​A security technician analyzes network traffic logs to identify patterns indicative of a
potential distributed denial-of-service (DDoS) attack. In the context of threat detection
and analysis, what action is the security technician primarily taking when analyzing
network traffic logs to identify patterns indicative of a potential DDoS attack?
a)​ intrusion prevention
b)​ threat hunting <-
c)​ risk assessment
d)​ risk mitigation
45)​An organization enforces mobile device encryption policies to ensure that data stored
on employees’ smartphones and tablets is protected from unauthorized access in
case of device loss or theft. What security measure is the organization primarily
implementing by enforcing mobile device encryption policies?
a)​ data integrity
b)​ data confidentiality
c)​ data availability
d)​ data authentication <-
i)​ Correta: letra B - fiquei muito na dúvida entre as duas, mas pela
explicação fez sentido: confidentiality vai impedir que a pessoa não
autorizada veja os dados (que estão criptografados) - mas pensei em
authentication, pq a pessoa não autorizada, não conseguiria
autenticar, por exemplo, na VPN ou algo assim e não veria os dados,
maybe…
46)​A security technician is responsible for designing the network infrastructure of a
critical government agency. They need to ensure that certain sensitive systems are
physically isolated from the rest of the network to prevent unauthorized access.
Which network design technique should the security technician implement to achieve
physical isolation of sensitive systems?
 a)​ logical segmentation
b)​ software-defined networking (SDN)
c)​ virtualization
d)​ air-gapped <-
i)​ NOTA: logical não é physical, software-defined não tem a ver (na
minha visão rs), virtualization não é physical… Mas, para garantir,
como eu nunca tinha lido “air-grapped” pesquisei a definição básica e,
BUM, é essa a resposta. Eu fui pela exclusão, mas agora tenho
certeza. Isolamento físico pode ser chamado de air-gapped.
47)​A bank requires all of its vendors to implement measures to prevent data loss on
stolen laptops. Which strategy is the bank demanding?
a)​ disk encryption <-
b)​ data permission
c)​ information categorization
d)​ access right limitations
48)​To ensure software code authenticity in a development environment, which method
should a software develpment manager implement?
a)​ regular code reviews
b)​ dynamic application security testing
c)​ code signing <-
d)​ implementing agile methodologies
49)​In a corporate network, the IT department wants to implement a solution that divides
the network based on security requirements. What mitigations technique is the IT
department planning to implement to enhance network security in this scenario?
a)​ least privilege
b)​ patching
c)​ segmentation <-
d)​ encryption
50)​Security protocols in a cloud data center are under review to guarantee the protection
of the safety of the data center staff. Which of the following best illustrates the
appropriate setup for these security controls?
a)​ external gateway access points should fail closed
b)​ data access logs should fail open
c)​ fire safety mechanisms should fail open <-
d)​ user authentication systems should fail closed
i)​ NOTA: chutei absurdamente pq não entendi muito bem a questão,
mas pensei: se é cloud e quer proteger o data center staff, deve ser
alguma coisa física, portanto, fire safety faria sentido. A dúvida maior
foi quanto ao termo “fail open” e “fail closed”