Questions for the 212-82 were updated on : Dec 01 ,2025
Jane Is a newly appointed Chief Financial Officer at BigTech Corp. Within a week, she receives an
email from a sender posing as the company’s CEO. instructing her to make an urgent wire transfer.
Suspicious. Jane decides to verify the request's authenticity. She receives another email from the
same sender, now attaching a seemingly scanned Image of the CEO's handwritten note.
Simultaneously, she gets a call from an 'IT support' representative, instructing her to click on the
attached image to download a 'security patch'. Concerned. Jane must determine which social
engineering tactics she encountered.
D
Explanation:
Jane encountered a combination of social engineering tactics:
Spear Phishing:
CEO Impersonation Email: The initial email and the follow-up with the scanned image of the CEO's
handwritten note are examples of spear phishing, where attackers target specific individuals with
tailored messages to gain their trust and extract sensitive information.
Vishing:
'IT Support' Call: The phone call from the supposed 'IT support' representative asking Jane to
download a 'security patch' is a form of vishing (voice phishing). This tactic involves using phone calls
to trick victims into revealing sensitive information or performing actions that compromise security.
Reference:
Social Engineering Techniques: SANS Institute Reading Room
Phishing and Vishing Explained: Norton Security
A government agency's confidential Information is leaked to the public, causing significant
embarrassment and damage to its reputation. The leaked data includes sensitive documents related
to military operations and diplomatic communications. Considering the scenario, which threat actor
group is typically employed by governments to penetrate and gather top-secret information from
other government or military organizations?
C
Explanation:
In the scenario where a government agency's confidential information is leaked, the most likely
threat actor group involved would be state-sponsored hackers:
Motivation:
National Interests: State-sponsored hackers are typically employed by governments to pursue
national interests, which often include espionage, stealing sensitive information, and undermining
the operations of other states.
Capabilities:
Advanced Techniques: These groups possess advanced capabilities and resources, making them
highly effective in penetrating secure systems and exfiltrating valuable data.
Examples:
Historical Incidents: Numerous incidents, such as the attacks attributed to APT groups like APT28
(Fancy Bear) and APT29 (Cozy Bear), have been linked to state-sponsored actors targeting
government and military organizations.
Reference:
FireEye APT Groups: FireEye Threat Intelligence
Mandiant M-Trends Report: Mandiant
GlobalTech, a multinational tech conglomerate, has been operating across 50 countries for the past
two decades. Recently, it faced a significant data breach that affected Its reputation and bottom line.
As a result, the board of directors decided to overhaul its existing corporate strategy, with a
pronounced focus on enhancing its Information Security Governance. The company believes that a
robust governance structure would not only prevent future breaches but would also align with its
long-term business objectives of expansion and dominance in the tech market. It has called upon
several third-party consultants to pitch an optimal strategy for the conglomerate's unique position.
Which strategy best aligns with GlobalTech's requirement?
C
Explanation:
For GlobalTech, the optimal strategy to enhance information security governance and align with
long-term business objectives involves:
Integrated Governance Framework:
Security Integration: Embed security considerations into all business decisions and processes. This
ensures that security is a fundamental aspect of the company’s operations and strategic planning.
Comprehensive Policies: Develop and enforce comprehensive security policies that cover all aspects
of information security, including data protection, access controls, and incident response.
Executive Support:
Board-Level Commitment: Ensure that the board of directors and executive management are
committed to and support the information security governance framework. This top-down approach
is crucial for effective implementation and adherence.
Regular Reviews and Audits:
Continuous Improvement: Conduct regular security audits and reviews to assess the effectiveness of
the governance framework and identify areas for improvement.
Security Culture:
Awareness and Training: Foster a culture of security awareness across the organization through
regular training and awareness programs.
Reference:
ISO/IEC 27014:2013 Information Security Governance: ISO Standards
NIST Cybersecurity Framework:
NIST CSF
You are the cybersecurity lead for an International financial institution. Your organization offers
online banking services to millions of customers globally, and you have recently migrated your core
banking system to a hybrid cloud environment to enhance scalability and cost efficiencies.
One evening, after a routine system patch, there is a surge in server-side request forgery (SSRF)
alerts from your web application firewall(WAF). Simultaneously, your intrusion detection system
(IDS) flags possible attempts to interact with cloud metadata services from your application layer,
which could expose sensitive cloud configuration details and API keys. This Is a clear Indication that
attackers might be trying to leverage the SSRF vulnerability to breach your cloud infrastructure.
Considering the critical nature of your services and the high stakes involved, how should you proceed
to tackle this imminent threat while ensuring minimal disruption to your banking customers?
C
Explanation:
In response to the SSRF alerts and potential breach attempts flagged by your IDS, the immediate
priority is to contain the threat while maintaining the integrity of your services. Here’s a step-by-step
approach:
Isolation and Containment:
Isolate Affected Servers: Disconnect the affected cloud servers from the network to prevent further
unauthorized access or data exfiltration.
Redirect Traffic: Redirect incoming traffic to backup servers that are not compromised to ensure that
online banking services remain available to customers.
Deep-Dive Analysis:
Cloud-Native Security Tools: Utilize cloud-native security tools provided by your cloud service
provider (such as AWS GuardDuty, Azure Security Center, or Google Cloud Security Command Center)
to conduct a thorough investigation of the suspicious activities.
Examine Network Logs: Analyze network logs to identify the attack vectors and understand the scope
of the attack.
Coordinate with Cloud Provider:
Joint Response: Inform your cloud service provider about the incident to collaborate on identifying
and mitigating the vulnerability. Cloud providers often have additional tools and expertise that can
be leveraged during a security incident.
Remediation:
Patch and Harden Systems: Once the root cause is identified, apply necessary patches and harden the
security posture of your cloud infrastructure to prevent similar attacks in the future.
Communication:
Internal Stakeholders: Keep internal stakeholders, including the executive team and legal
department, informed about the incident and the steps being taken to address it.
Reference:
NIST Computer Security Incident Handling Guide:
NIST SP 800-61r2
AWS Security Best Practices:
AWS Documentation
CyberX, an acclaimed cybersecurity firm with a diverse clientele ranging from financial institutions to
healthcare providers, has been approached by NexusCorp. NexusCorp, a global supply chain giant,
seeks assistance in drafting a new security policy after a series of cyber-attacks that highlighted
vulnerabilities in its existing protocols. While NexusCorp uses state-of-the-art technology, its security
policies have not kept pace. It needs a policy that acknowledges its complex organizational structure,
vast geographic spread, and diversity in employee tech proficiency.
Which should be CyberX’s primary consideration in this scenario?
B
Explanation:
Inclusion of Diverse Perspectives:
Involving stakeholders in policy formulation ensures that the security policy considers the diverse
needs and perspectives of different departments and employees across NexusCorp’s complex
organizational structure.
Reference: NIST SP 800-53, Security and Privacy Controls for Information Systems and Organizations.
Alignment with Organizational Goals:
Stakeholder involvement ensures that the security policies align with the overall goals and
operational requirements of the organization, promoting better adherence and implementation.
Reference: ISO/IEC 27001, Information Security Management Systems.
Enhanced Policy Effectiveness:
Policies developed with input from various stakeholders are more likely to address the specific risks
and challenges faced by the organization, enhancing their effectiveness.
Reference: COBIT 5, Framework for Governance and Management of Enterprise IT.
Employee Buy-In:
Engaging stakeholders, including employees at different levels, fosters a sense of ownership and
commitment to the security policies, improving compliance and reducing resistance.
Reference: "Security Policies and Procedures: Principles and Practices" by Syngress.
Given NexusCorp’s complex structure and diverse workforce, stakeholder involvement in policy
formulation is the primary consideration to ensure the development of effective and comprehensive
security policies.
NexaBank, a prestigious banking institution, houses its primary data center in Houston, Texas. The
data center is essential as It holds sensitive customer Information and processes millions of
transactions daily. The bank, while confident about its cybersecurity measures, has concerns
regarding the physical threats given Houston's susceptibility to natural disasters, especially
hurricanes. The management understands that a natural disaster could disrupt services or, worse,
compromise customer dat
a. The bank Is now weighing options to enhance its physical security controls to account for such
external threats.
For NexaBank's data center In Houston, which is the most critical physical security control it should
consider implementing?
B
Explanation:
Risk of Natural Disasters:
Given Houston's susceptibility to hurricanes and flooding, the most critical physical security control
for NexaBank's data center is to implement flood-resistant barriers and drainage systems.
Reference: FEMA’s Guidelines for Floodproofing Non-Residential Structures.
Protecting Infrastructure:
Flood-resistant barriers and effective drainage systems protect the data center's infrastructure from
water damage, ensuring the continuity of operations and the safety of sensitive data.
Reference: NIST SP 800-34, Contingency Planning Guide for Federal Information Systems.
Minimizing Downtime:
By preventing water ingress, these measures help minimize downtime and potential data loss caused
by flooding, which is crucial for maintaining banking operations.
Reference: ISO 22301, Business Continuity Management Systems.
Complementary Measures:
While other measures (e.g., armed security personnel, CCTV) are important, they do not address the
primary threat of natural disasters in Houston.
Reference: SANS Institute’s Physical Security Essentials.
Given the specific threat of flooding and hurricanes, flood-resistant barriers and drainage systems are
the most critical physical security controls for NexaBank's data center.
Hotel Grande offers luxury accommodations and emphasizes top-notch service for its guests. One
such service is secure, high-speed Wi-FI access In every room. The hotel wishes to deploy an
authentication method that would give individual guests a seamless experience without
compromising security. This method should ideally provide a balance between convenience and
strong security. Which of the following should Hotel Grande use?
C
Explanation:
Strong Security:
EAP-TLS provides strong security by using certificate-based authentication. This ensures that both the
client and server are authenticated before a connection is established.
Reference: RFC 5216, The EAP-TLS Authentication Protocol.
Seamless User Experience:
Once the certificates are installed, the authentication process is seamless for the user, providing a
balance between strong security and convenience.
Reference: NIST SP 800-120, Recommendation for EAP Methods Used in Wireless Network Access
Authentication.
Mitigating Risks:
EAP-TLS mitigates risks associated with weaker authentication methods, such as Pre-Shared Keys
(PSKs), which can be shared or stolen.
Reference: IEEE 802.1X, Port-Based Network Access Control.
Deployment and Management:
Although initial deployment and certificate management require effort, the long-term security
benefits and user convenience outweigh the initial setup challenges.
Reference: ISO/IEC 27033-1:2015, Information Technology - Network Security.
Given the need for a balance between security and convenience, EAP-TLS is the best authentication
method for Hotel Grande's Wi-Fi access.
NovusCorp, a leading healthcare provider, had meticulously designed its BC and DR plans, ensuring
every potential risk was covered. Recently, its primary data center experienced a catastrophic flood.
It swiftly activated its DR plan, transferring operations to its secondary data center. But within 24
hours, the provider faced an unforeseen challenge: the secondary data center began to receive a
huge, unprecedented amount of data requests, causing system overloads and disruptions. This
situation was not a part of the provider's initial risk assessment. In the face of this predicament, what
should NovusCorp's immediate course of action be to ensure business continuity?
C
Explanation:
Engaging a cloud-based data storage provider allows NovusCorp to manage the sudden influx of data
requests without overloading the secondary data center. Cloud providers can quickly scale resources
to meet demand.
Reference: NIST SP 800-146, Cloud Computing Synopsis and Recommendations.
Business Continuity:
Cloud services provide a flexible and reliable solution to maintain business continuity. They offer
robust disaster recovery options and can be integrated with existing DR plans.
Reference: ISO/IEC 27017, Code of Practice for Information Security Controls Based on ISO/IEC 27002
for Cloud Services.
Temporary Overflow Solution:
Using cloud storage as a temporary solution ensures that critical operations continue without
interruption while the primary data center is restored.
Reference: ENISA’s Guidelines on Cloud Security.
Cost and Time Efficiency:
Cloud-based solutions can be implemented quickly and cost-effectively compared to upgrading the
secondary data center's infrastructure or other complex solutions.
Reference: "The Economics of Cloud Computing" by Bill Williams.
Given the unexpected load on the secondary data center, engaging a cloud-based data storage
provider is the most effective immediate action to ensure business continuity.
GlobalTech, a multinational corporation with over 10.000employees, has seen a surge in mobile
device usage among its workforce. The IT department Is tasked with deploying a robust mobile
security management solution that caters not only to the security of data but also provides flexibility
in device choices and keeps administrative overhead low. Which of the following would be the best
solution for GlobalTech?
C
Explanation:
Unified Endpoint Management (UEM) Overview:
UEM solutions provide comprehensive management for a wide range of endpoints, including mobile
devices, desktops, laptops, and even IoT devices. They integrate Mobile Device Management (MDM)
and Mobile Application Management (MAM) functionalities.
Reference: Gartner's Magic Quadrant for Unified Endpoint Management Tools.
Security and Flexibility:
UEM ensures robust security by enforcing consistent security policies across all devices. It supports
various platforms (iOS, Android, Windows, macOS), offering flexibility in device choices for
employees.
Reference: NIST SP 800-124, Guidelines for Managing the Security of Mobile Devices in the
Enterprise.
Low Administrative Overhead:
By consolidating management under a single platform, UEM reduces the administrative burden. IT
departments can deploy, manage, and monitor devices through a unified interface.
Reference: Forrester’s Total Economic Impact™ of UEM.
Data Protection:
UEM solutions provide advanced data protection features such as remote wipe, encryption, and
secure access controls, ensuring the security of corporate data on mobile devices.
Reference: ISO/IEC 27001, Information Security Management.
Given GlobalTech's need for robust security, flexibility in device choices, and low administrative
overhead, Unified Endpoint Management (UEM) is the most suitable solution.
A disgruntled employee transferred highly confidential tender data of upcoming projects as an
encoded text. You are assigned to decode the text file snitch.txt located in the Downloads folder of
the Attacker Machined and determine the value of the greenfarm project in dollars. Hint 1: All the
cryptography tools are located at "Z:\CCT-Tools\CCT Module 14 Cryptography". Hint 2: If required,
you can use sniffer@123 as the password to decode the file. (Practical Question)
D
Explanation:
Decoding the Text File:
Use cryptographic tools located at Z:\CCT-Tools\CCT Module 14 Cryptography to decode the text file
snitch.txt found in the Downloads folder. The provided password sniffer@123 will be used if
required.
Reference: "Cryptography and Network Security" by William Stallings.
Using Decryption Tools:
Employ the appropriate decryption tool from the provided directory to decode the text file and
extract the information about the greenfarm project.
Extracting the Project Value:
After decoding, the content of the file reveals that the value of the greenfarm project is 75000
dollars.
The decoded value of the greenfarm project is 75000 dollars.
You are investigating a data leakage incident where an insider is suspected of using image
steganography to send sensitive information to a competitor. You have also recovered a VeraCrypt
volume file S3cr3t from the suspect. The VeraCrypt volume file is available In the Pictures folder of
the Attacker Machined. Your task Is to mount the VeraCrypt volume, find an image file, and recover
the secret code concealed in the file. Enter the code as the answer. Hint: If required, use sniffer@123
as the password to mount the VeraCrypt volume file. (Practical Question)
B
Explanation:
Mounting the VeraCrypt Volume:
Use VeraCrypt to mount the volume file S3cr3t located in the Pictures folder. The provided password
sniffer@123 is required to mount the volume.
Reference: VeraCrypt User Guide.
Locating the Image File:
After mounting the volume, browse through the files to locate the image file that may contain the
secret code through steganography.
Extracting the Secret Code:
Use steganography tools to analyze the image file and extract the hidden secret code. Tools such as
Stegsolve or Steghide can be used for this purpose.
Reference: "Practical Cryptography" by Niels Ferguson.
Recovering the Code:
The extracted secret code from the image file is H364F9F4FD3H.
The recovered secret code from the image file is H364F9F4FD3H.
FinTech Corp, a financial services software provider, handles millions of transactions daily. To address
recent breaches In other organizations. It Is reevaluating Its data security controls. It specifically
needs a control that will not only provide real-time protection against threats but also assist in
achieving compliance with global financial regulations. The company's primary goal is to safeguard
sensitive transactional data without impeding system performance. Which of the following controls
would be the most suitable for FinTech Corp's objectives?
C
Explanation:
Anomaly-Based Intrusion Detection Systems (IDS):
Anomaly-based IDS monitor network traffic and system activities for unusual patterns that may
indicate malicious behavior. They are effective in identifying unknown threats by detecting
deviations from the established baseline of normal activities.
Reference: NIST SP 800-94, Guide to Intrusion Detection and Prevention Systems (IDPS).
Real-Time Threat Detection:
These systems provide real-time protection by continuously analyzing network traffic and system
behaviors, allowing for immediate detection and response to potential threats.
Reference: "Intrusion Detection and Prevention Systems" by Carl Endorf.
Compliance with Regulations:
Anomaly-based IDS assist in achieving compliance with global financial regulations by providing
detailed logs and reports of detected anomalies, which are essential for regulatory audits and
incident response.
Reference: ISO/IEC 27002:2013, Information technology — Security techniques — Code of practice
for information security controls.
Minimal Performance Impact:
Unlike some other security controls, anomaly-based IDS are designed to operate with minimal
impact on system performance, ensuring that the transactional data flow remains efficient while
being protected.
Reference: SANS Institute's "Network Intrusion Detection and Prevention Systems (IDPS) Basics."
Given FinTech Corp's need for real-time protection and compliance without impeding performance,
anomaly-based IDS is the most suitable control.
A global financial services firm Is revising its cybersecurity policies to comply with a diverse range of
international regulatory frameworks and laws. The firm operates across multiple continents, each
with distinct legal requirements concerning data protection, privacy, and cybersecurity. As part of
their compliance strategy, they are evaluating various regulatory frameworks to determine which
ones are most critical to their operations. Given the firm's international scope and the nature of its
services, which of the following regulatory frameworks should be prioritized for compliance?
C
Explanation:
GDPR Overview:
The General Data Protection Regulation (GDPR) is a comprehensive data protection law in the
European Union that sets out requirements for companies and organizations on collecting, storing,
and managing personal data.
Reference: GDPR Regulation (EU) 2016/679.
Global Impact:
GDPR applies to any organization that processes the personal data of EU residents, regardless of
where the organization is based. This makes it critical for global firms to comply with GDPR when
operating in or serving clients from the EU.
Reference: Article 3 of the GDPR - Territorial Scope.
Compliance Requirements:
GDPR requires strict compliance measures, including data protection by design, data protection
impact assessments (DPIAs), appointing a Data Protection Officer (DPO), and ensuring data subjects'
rights.
Reference: Articles 25, 35, and 37 of the GDPR.
Penalties for Non-Compliance:
Non-compliance with GDPR can result in significant fines, up to €20 million or 4% of the annual
global turnover, whichever is higher.
Reference: Article 83 of the GDPR.
Given the firm's international scope and the critical nature of complying with stringent data
protection laws in the EU, prioritizing GDPR compliance is essential.
An international bank recently discovered a security breach in its transaction processing system. The
breach involved a sophisticated malware that not only bypassed the standard antivirus software but
also remained undetected by the intrusion detection systems for months. The malware was
programmed to intermittently alter transaction values and transfer small amounts to a foreign
account, making detection challenging due to the subtlety of its actions. After a thorough
investigation, cybersecurity experts identified the nature of this malware. Which of the following
best describes the type of malware used in this breach?
D
Explanation:
Definition of Rootkit:
A rootkit is a type of malicious software designed to provide continued privileged access to a
computer while actively hiding its presence. Rootkits can be installed at the hardware, firmware, or
software level of a system.
Reference: "Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats" by Alex
Matrosov.
Sophisticated Stealth Mechanisms:
Rootkits often employ sophisticated techniques to remain undetected by traditional security
measures, such as antivirus software and intrusion detection systems.
Reference: "The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System" by Bill
Blunden.
Manipulating System Processes:
Rootkits can deeply embed themselves in the system, allowing them to manipulate system
processes, such as altering transaction values and transferring funds without detection.
Reference: NIST SP 800-83, Guide to Malware Incident Prevention and Handling.
Impact on Financial Systems:
In the context of the bank's transaction processing system, the rootkit's ability to alter transaction
values intermittently and subtly makes it difficult to detect, thus causing financial losses over time.
Reference: SANS Institute's "Understanding Rootkits and How to Defend Against Them."
Given the description of the malware's behavior, a rootkit best fits the type of malware used in this
security breach.
TechTYendz. a leading tech company, is moving towards the final stages of developing a new cloud-
based web application aimed at real-time data processing for financial transactions. Given the
criticality of data and the high user volume expected. TechTYendz's security team is keen on
employing rigorous application security testing techniques. The team decides to carry out a series of
tests using tools that can best mimic potential real-world attacks on the application. The team's main
concern Is to detect vulnerabilities In the system, including those stemming from configuration
errors, software bugs, and faulty APIs. The security experts have shortlisted four testing tools and
techniques. Which of the following would be the MOST comprehensive method to ensure a thorough
assessment of the application's security?
C
Explanation:
For comprehensive application security testing, combining Static Application Security Testing (SAST)
and Dynamic Application Security Testing (DAST) provides the best coverage:
Static Application Security Testing (SAST):
Source Code Analysis: Scans the source code to identify vulnerabilities such as code injection, buffer
overflows, and insecure APIs.
Early Detection: Allows developers to fix vulnerabilities early in the development lifecycle.
Dynamic Application Security Testing (DAST):
Runtime Analysis: Tests the running application for vulnerabilities, including issues related to
configuration, authentication, and authorization.
Real-World Attacks: Simulates real-world attacks to identify how the application behaves under
different threat scenarios.
Combined Approach:
Holistic Security: Using both SAST and DAST provides a thorough security assessment, covering both
code-level and runtime vulnerabilities.
Comprehensive Coverage: Ensures that both internal code issues and external attack vectors are
addressed.
Reference:
OWASP Guide on SAST and DAST: OWASP
NIST Application Security Guidelines:
NIST SP 800-53