Black Friday Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

ExamsBrite Dumps

CompTIA Security+ Exam 2023 Question and Answers

CompTIA Security+ Exam 2023

Last Update Dec 2, 2024
Total Questions : 1063

We are offering FREE SY0-601 CompTIA exam questions. All you do is to just go and sign up. Give your details, prepare SY0-601 free exam questions and then go for complete pool of CompTIA Security+ Exam 2023 test questions that will help you more.

SY0-601 pdf

SY0-601 PDF

$36.75  $104.99
SY0-601 Engine

SY0-601 Testing Engine

$43.75  $124.99
SY0-601 PDF + Engine

SY0-601 PDF + Testing Engine

$57.75  $164.99
Questions 1

A security analyst has received several reports of an issue on an internal web application. Users state they are having to provide their credentials twice to log in. The analyst checks with the application team and notes this is not an expected behavior. After looking at several logs, the analyst decides to run some commands on the gateway and obtains the following output:

Which of the following BEST describes the attack the company is experiencing?

Options:

A.  

MAC flooding

B.  

URL redirection

C.  

ARP poisoning

D.  

DNS hijacking

Discussion 0
Questions 2

Which of the following authentication methods sends out a unique password to be used within a specific number of seconds?

Options:

A.  

TOTP

B.  

Biometrics

C.  

Kerberos

D.  

LDAP

Discussion 0
Questions 3

A security analyst is responding to an alert from the SIEM. The alert states that malware was discovered on a host and was not automatically deleted. Which of the following would be BEST for the analyst to perform?

Options:

A.  

Add a deny-all rule to that host in the network ACL

B.  

Implement a network-wide scan for other instances of the malware.

C.  

Quarantine the host from other parts of the network

D.  

Revoke the client's network access certificates

Discussion 0
Questions 4

A grocery store is expressing security and reliability concerns regarding the on-site backup strategy currently being performed by locally attached disks. The main concerns are the physical security of the backup media and the durability of the data stored on these devices Which of the following is a cost-effective approach to address these concerns?

Options:

A.  

Enhance resiliency by adding a hardware RAID.

B.  

Move data to a tape library and store the tapes off-site

C.  

Install a local network-attached storage.

D.  

Migrate to a cloud backup solution

Discussion 0
Questions 5

If a current private key is compromised, which of the following would ensure it cannot be used to decrypt ail historical data?

Options:

A.  

Perfect forward secrecy

B.  

Elliptic-curve cryptography

C.  

Key stretching

D.  

Homomorphic encryption

Discussion 0
Questions 6

Which of the following isa risk that is specifically associated with hesting applications iin the public cloud?

Options:

A.  

Unsecured root accounts

B.  

Zero day

C.  

Shared tenancy

D.  

Insider threat

Discussion 0
Questions 7

Which of the following environments typically hosts the current version configurations and code, compares user-story responses and workflow, and uses a modified version of actual data for testing?

Options:

A.  

Development

B.  

Staging

C.  

Production

D.  

Test

Discussion 0
Questions 8

An employee received multiple messages on a mobile device. The messages instructing the employee to pair the device to an unknown device. Which of the following BEST describes What a malicious person might be doing to cause this issue to occur?

Options:

A.  

Jamming

B.  

Bluesnarfing

C.  

Evil twin

D.  

Rogue access point

Discussion 0
Questions 9

Employees at a company are receiving unsolicited text messages on their corporate cell phones. The unsolicited text messages contain a password reset Link. Which of the attacks is being used to target the company?

Options:

A.  

Phishing

B.  

Vishing

C.  

Smishing

D.  

Spam

Discussion 0
Questions 10

A company reduced the area utilized in its datacenter by creating virtual networking through automation and by creating provisioning routes and rules through scripting. Which of the following does this example describe?

Options:

A.  

laC

B.  

MSSP

C.  

Containers

D.  

SaaS

Discussion 0
Questions 11

The Chief Executive Officer announced a new partnership with a strategic vendor and asked the Chief Information Security Officer to federate user digital identities using SAML-based protocols. Which of the following will this enable?

Options:

A.  

SSO

B.  

MFA

C.  

PKI

D.  

OLP

Discussion 0
Questions 12

As part of annual audit requirements, the security team performed a review of exceptions to the company policy that allows specific users the ability to use USB storage devices on their laptops The review yielded the following results.

• The exception process and policy have been correctly followed by the majority of users

• A small number of users did not create tickets for the requests but were granted access

• All access had been approved by supervisors.

• Valid requests for the access sporadically occurred across multiple departments.

• Access, in most cases, had not been removed when it was no longer needed

Which of the following should the company do to ensure that appropriate access is not disrupted but unneeded access is removed in a reasonable time frame?

Options:

A.  

Create an automated, monthly attestation process that removes access if an employee's supervisor denies the approval

B.  

Remove access for all employees and only allow new access to be granted if the employee's supervisor approves the request

C.  

Perform a quarterly audit of all user accounts that have been granted access and verify the exceptions with the management team

D.  

Implement a ticketing system that tracks each request and generates reports listing which employees actively use USB storage devices

Discussion 0
Questions 13

A security assessment found that several embedded systems are running unsecure protocols. These Systems were purchased two years ago and the company that developed them is no longer in business Which of the following constraints BEST describes the reason the findings cannot be remediated?

Options:

A.  

inability to authenticate

B.  

Implied trust

C.  

Lack of computing power

D.  

Unavailable patch

Discussion 0
Questions 14

A Chief Information Security Officer (CISO) is evaluating (he dangers involved in deploying a new ERP system tor the company. The CISO categorizes the system, selects the controls mat apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system Which of the following is the CISO using to evaluate Hie environment for this new ERP system?

Options:

A.  

The Diamond Model of Intrusion Analysis

B.  

CIS Critical Security Controls

C.  

NIST Risk Management Framevtoik

D.  

ISO 27002

Discussion 0
Questions 15

A new plug-and-play storage device was installed on a PC in the corporate environment. Which of the following safeguards will BEST help to protect the PC from malicious files on the storage device?

Options:

A.  

Change the default settings on the PC.

B.  

Define the PC firewall rules to limit access.

C.  

Encrypt the disk on the storage device.

D.  

Plug the storage device in to the UPS

Discussion 0
Questions 16

A security analyst reviews a company’s authentication logs and notices multiple authentication failures. The authentication failures are from different usernames that share the same source IP address. Which of the password attacks is MOST likely happening?

Options:

A.  

Dictionary

B.  

Rainbow table

C.  

Spraying

D.  

Brute-force

Discussion 0
Questions 17

The compliance team requires an annual recertification of privileged and non-privileged user access. However, multiple users who left the company six months ago still have access. Which of the following would have prevented this compliance violation?

Options:

A.  

Account audits

B.  

AUP

C.  

Password reuse

D.  

SSO

Discussion 0
Questions 18

A security team suspects that the cause of recent power consumption overloads is the unauthorized use of empty power outlets in the network rack Which of the following options will mitigate this issue without compromising the number of outlets available?

Options:

A.  

Adding a new UPS dedicated to the rack

B.  

Installing a managed PDU

C.  

Using only a dual power supplies unit

D.  

Increasing power generator capacity

Discussion 0
Questions 19

A developer is building a new portal to deliver single-pane-of-glass management capabilities to customers with multiple firewalls. To Improve the user experience, the developer wants to implement an authentication and authorization standard that uses security tokens that contain assertions to pass user Information between nodes. Which of the following roles should the developer configure to meet these requirements? (Select TWO).

Options:

A.  

Identity processor

B.  

Service requestor

C.  

Identity provider

D.  

Service provider

E.  

Tokenized resource

F.  

Notarized referral

Discussion 0
Questions 20

Which of the following conditions impacts data sovereignty?

Options:

A.  

Rights management

B.  

Criminal investigations

C.  

Healthcare data

D.  

International operations

Discussion 0
Questions 21

An attacker replaces a digitally signed document with another version that goes unnoticed Upon reviewing the document's contents the author notices some additional verbiage that was not originally in the document but cannot validate an integrity issue. Which of the following attacks was used?

Options:

A.  

Cryptomalware

B.  

Hash substitution

C.  

Collision

D.  

Phishing

Discussion 0
Questions 22

A security analyst is reviewing the vulnerability scan report for a web server following an incident. The vulnerability that was used to exploit the server is present in historical vulnerability scan reports, and a patch is available for the vulnerability. Which of the following is the MOST likely cause?

Options:

A.  

Security patches were uninstalled due to user impact.

B.  

An adversary altered the vulnerability scan reports

C.  

A zero-day vulnerability was used to exploit the web server

D.  

The scan reported a false negative for the vulnerability

Discussion 0
Questions 23

A network analyst is investigating compromised corporate information. The analyst leads to a theory that network traffic was intercepted before being transmitted to the internet. The following output was captured on an internal host:

Based on the IoCS, which of the following was the MOST likely attack used to compromise the network communication?

Options:

A.  

Denial of service

B.  

ARP poisoning

C.  

Command injection

D.  

MAC flooding

Discussion 0
Questions 24

After a hardware incident, an unplanned emergency maintenance activity was conducted to rectify the issue. Multiple alerts were generated on the SIEM during this period of time. Which of the following BEST explains what happened?

Options:

A.  

The unexpected traffic correlated against multiple rules, generating multiple alerts.

B.  

Multiple alerts were generated due to an attack occurring at the same time.

C.  

An error in the correlation rules triggered multiple alerts.

D.  

The SIEM was unable to correlate the rules, triggering the alerts.

Discussion 0
Questions 25

A security engineer is reviewing the logs from a SAML application that is configured to use MFA, during this review the engineer notices a high volume of successful logins that did not require MFA from users who were traveling internationally. The application, which can be accessed without a VPB, has a policy that allows time-based tokens to be generated. Users who changed locations should be required to reauthenticate but have been Which of the following statements BEST explains the issue?

Options:

A.  

OpenID is mandatory to make the MFA requirements work

B.  

An incorrect browser has been detected by the SAML application

C.  

The access device has a trusted certificate installed that is overwriting the session token

D.  

The user’s IP address is changing between logins, bur the application is not invalidating the token

Discussion 0
Questions 26

Which of the following environments would MOST likely be used to assess the execution of component parts of a system at both the hardware and software levels and to measure performance characteristics?

Options:

A.  

Test

B.  

Staging

C.  

Development

D.  

Production

Discussion 0
Questions 27

As part of a company's ongoing SOC maturation process, the company wants to implement a method to share cyberthreat intelligence data with outside security partners. Which of the following will the company MOST likely implement?

Options:

A.  

TAXII

B.  

TLP

C.  

TTP

D.  

STIX

Discussion 0
Questions 28

A global company is experiencing unauthorized logging due to credential theft and account lockouts caused by brute-force attacks. The company is considering implementing a third-party identity provider to help mitigate these attacks. Which of the following would be the BEST control for the company to require from prospective vendors?

Options:

A.  

IP restrictions

B.  

Multifactor authentication

C.  

A banned password list

D.  

A complex password policy

Discussion 0
Questions 29

A company recently decided to allow its employees to use their personally owned devices for tasks like checking email and messaging via mobile applications. The company would like to use MDM, but employees are concerned about the loss of personal data. Which of the following should the IT department implement to BEST protect the company against company data loss while still addressing the employees’ concerns?

Options:

A.  

Enable the remote-wiping option in the MDM software in case the phone is stolen.

B.  

Configure the MDM software to enforce the use of PINs to access the phone.

C.  

Configure MDM for FDE without enabling the lock screen.

D.  

Perform a factory reset on the phone before installing the company's applications.

Discussion 0
Questions 30

A network analyst is setting up a wireless access point for a home office in a remote, rural location. The requirement is that users need to connect to the access point securely but do not want to have to remember passwords Which of the following should the network analyst enable to meet the requirement?

Options:

A.  

MAC address filtering

B.  

802.1X

C.  

Captive portal

D.  

WPS

Discussion 0
Questions 31

Which of the following environments utilizes dummy data and is MOST likely to be installed locally on a system that allows code to be assessed directly and modified easily with each build?

Options:

A.  

Production

B.  

Test

C.  

Staging

D.  

Development

Discussion 0
Questions 32

A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?

Options:

A.  

Default system configuration

B.  

Unsecure protocols

C.  

Lack of vendor support

D.  

Weak encryption

Discussion 0
Questions 33

A security analyst must enforce policies to harden an MDM infrastructure. The requirements are as follows:

* Ensure mobile devices can be tracked and wiped.

* Confirm mobile devices are encrypted.

Which of the following should the analyst enable on all the devices to meet these requirements?

Options:

A.  

A Geofencing

B.  

Biometric authentication

C.  

Geolocation

D.  

Geotagging

Discussion 0
Questions 34

A security architect is implementing a new email architecture for a company. Due to security concerns, the Chief Information Security Officer would like the new architecture to support email encryption, as well as provide for digital signatures. Which of the following should the architect implement?

Options:

A.  

TOP

B.  

IMAP

C.  

HTTPS

D.  

S/MIME

Discussion 0
Questions 35

Which of the following environment utilizes dummy data and is MOST to be installed locally on a system that allows to be assessed directly and modified easily wit each build?

Options:

A.  

Production

B.  

Test

C.  

Staging

D.  

Development

Discussion 0
Questions 36

The following are the logs of a successful attack.

Which of the following controls would be BEST to use to prevent such a breach in the future?

Options:

A.  

Password history

B.  

Account expiration

C.  

Password complexity

D.  

Account lockout

Discussion 0
Questions 37

After gaining access to a dual-homed (i.e.. wired and wireless) multifunction device by exploiting a vulnerability in the device's firmware, a penetration tester then gains shell access on another networked asset This technique is an example of:

Options:

A.  

privilege escalation

B.  

footprinting

C.  

persistence

D.  

pivoting.

Discussion 0
Questions 38

one of the attendees starts to notice delays in the connection. and the HTTPS site requests are reverting to HTTP. Which of the following BEST describes what is happening?

Options:

A.  

Birthday collision on the certificate key

B.  

DNS hacking to reroute traffic

C.  

Brute force to the access point

D.  

A SSL/TLS downgrade

Discussion 0
Questions 39

A security researcher is tracking an adversary by noting its attacks and techniques based on its capabilities, infrastructure, and victims. Which of the following is the researcher MOST likely using?

Options:

A.  

The Diamond Model of Intrusion Analysis

B.  

The Cyber Kill Chain

C.  

The MITRE CVE database

D.  

The incident response process

Discussion 0
Questions 40

A cybersecurity administrator needs to allow mobile BYOD devices to access network resources. As the devices are not enrolled to the domain and do not have policies applied to them, which of the following are best practices for authentication and infrastructure security? (Select TWO).

Options:

A.  

Create a new network for the mobile devices and block the communication to the internal network and servers

B.  

Use a captive portal for user authentication.

C.  

Authenticate users using OAuth for more resiliency

D.  

Implement SSO and allow communication to the internal network

E.  

Use the existing network and allow communication to the internal network and servers.

F.  

Use a new and updated RADIUS server to maintain the best solution

Discussion 0
Questions 41

A junior security analyst is reviewing web server logs and identifies the following pattern in the log file:

Which ol the following types of attacks is being attempted and how can it be mitigated?

Options:

A.  

XSS. mplement a SIEM

B.  

CSRF. implement an IPS

C.  

Directory traversal implement a WAF

D.  

SQL infection, mplement an IDS

Discussion 0
Questions 42

An organization is concerned about hackers potentially entering a facility and plugging in a remotely accessible Kali Linux box. Which of the following should be the first lines of defense against such an attack? (Select TWO)

Options:

A.  

MAC filtering

B.  

Zero trust segmentation

C.  

Network access control

D.  

Access control vestibules

E.  

Guards

F.  

Bollards

Discussion 0
Questions 43

A systems administrator set up a perimeter firewall but continues to notice suspicious connections between internal endpoints. Which of the following should be set up in order to mitigate the threat posed by the suspicious activity?

Options:

A.  

Host-based firewall

B.  

Web application firewall

C.  

Access control list

D.  

Application allow list

Discussion 0
Questions 44

While considering the organization's cloud-adoption strategy, the Chief Information Security Officer sets a goal to outsource patching of firmware, operating systems, and applications to the chosen cloud vendor. Which of the following best meets this goal?

Options:

A.  

Community cloud

B.  

PaaS

C.  

Containerization

D.  

Private cloud

E.  

SaaS

F.  

laaS

Discussion 0
Questions 45

A spoofed identity was detected for a digital certificate. Which of the following are the type of unidentified key and the certificate that could be in use on the company domain?

Options:

A.  

Private key and root certificate

B.  

Public key and expired certificate

C.  

Private key and self-signed certificate

D.  

Public key and wildcard certificate

Discussion 0
Questions 46

A company is implementing a vendor's security tool in the cloud. The security director does not want to manage users and passwords specific to this tool but would rather utilize the company's standard user directory. Which of the following should the company implement?

Options:

A.  

802.1X

B.  

SAML

C.  

RADIUS

D.  

CHAP

Discussion 0
Questions 47

The Chief Information Security Officer of an organization needs to ensure recovery from ransomware would likely occur within the organization's agreed-upon RPOs and RTOs. Which of the following backup scenarios would best ensure recovery?

Options:

A.  

Hourly differential backups stored on a local SAN array

B.  

Daily full backups stored on premises in magnetic offline media

C.  

Daily differential backups maintained by a third-party cloud provider

D.  

Weekly full backups with daily incremental stored on a NAS drive

Discussion 0
Questions 48

An analyst examines the web server logs after a compromise and finds the following:

Which of the following most likely indicates a successful attack on server credentials?

Options:

A.  

GET https://comptia.org/robots.txt HTTP/1.1 200

B.  

GET https://comptia.org/../../../Windows/win.ini HTTP/1.1 404

C.  

GET HTTP/1.1 200 https://comptia.org/../../../etc/passwd

D.  

GET https://comptia.org/./.../../etc/hosts HTTP/1.1 404

Discussion 0
Questions 49

A growing company would like to enhance the ability of its security operations center to detect threats but reduce the amount of manual work required for the security analysts Which of the following would best enable the reduction in manual work?

Options:

A.  

SOAR

B.  

SIEM

C.  

MDM

D.  

DLP

Discussion 0
Questions 50

Which of the following best describes the process of adding a secret value to extend the length of stored passwords?

Options:

A.  

Hashing

B.  

Quantum communications

C.  

Salting

D.  

Perfect forward secrecy

Discussion 0
Questions 51

A company would like to implement a secure process for managing headless servers remotely Which of the following should the company most likely implement?

Options:

A.  

SSH

B.  

HTTPS

C.  

FTPS

D.  

LDAPS

Discussion 0
Questions 52

Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?

Options:

A.  

Prepara

B.  

Recovery

C.  

Lessons learned

D.  

Analysis

Discussion 0
Questions 53

An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Select two).

Options:

A.  

Typosquatting

B.  

Phishing

C.  

Impersonation

D.  

Vishing

E.  

Smishing

F.  

Misinformation

Discussion 0
Questions 54

An organization would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network. Which of the following should the administrator use to accomplish this goal?

Options:

A.  

Segmentation

B.  

Isolation

C.  

Patching

D.  

Encryption

Discussion 0
Questions 55

Which of the following agreement types defines the time frame in which a vendor needs to respond?

Options:

A.  

SOW

B.  

SLA

C.  

MOA

D.  

MOU

Discussion 0
Questions 56

Which of the following permits consistent automated deployment rather than manual provisioning of data centers?

Options:

A.  

Transit gateway

B.  

Private cloud

C.  

Containerization

D.  

Infrastructure as code

Discussion 0
Questions 57

An organization has too many variations of a single operating system and needs to standardize the arrangement prior to pushing the system image to users. Which of the following should the organization implement first?

Options:

A.  

Standard naming convention

B.  

Hashing

C.  

Network diagrams

D.  

Baseline configuration

Discussion 0
Questions 58

A security administrator needs to improve the security at an entry kiosk. Currently, employees enter an employee number and PIN at a PC to enter the building.

Which of the following is the best solution to improve security at the entry kiosk?

Options:

A.  

Single sign. On

B.  

Smart card

C.  

Password

D.  

Challenge questions

Discussion 0
Questions 59

A prospective customer is interested in seeing the type of data that can be retrieved when a customer uses a company's services. An engineer at the company sends the following documentation before reviewing it:

The prospective customer is concerned Which of the following will best resoive the concern?

Options:

A.  

Data sanitation

B.  

Software updates

C.  

Log aggregation

D.  

CASB

Discussion 0
Questions 60

A security audit of an organization revealed that most of the IT staff members have domain administrator credentials and do not change the passwords regularly. Which of the following solutions should the security team propose to resolve the findings in the most complete way?

Options:

A.  

Creating group policies to enforce password rotation on domain administrator credentials

B.  

Reviewing the domain administrator group, removing all unnecessary administrators, and rotating all passwords

C.  

Integrating the domain administrator's group with an IdP and requiring SSO with MFA for all access

D.  

Securing domain administrator credentials in a PAM vault and controlling access with role-based access control

Discussion 0
Questions 61

A security manager is implementing UFA and patch management. Which of the following would best describe the control Type and category? (Select two).

Options:

A.  

Physical

B.  

Managerial

C.  

Detective

D.  

Administrative

E.  

Preventative

F.  

Technical

Discussion 0
Questions 62

Which of the following security concepts is accomplished with the installation of a RADIUS server?

Options:

A.  

CIA

B.  

AAA

C.  

ACL

D.  

PEM

Discussion 0
Questions 63

Which of the following best describes why the SMS OTP authentication method is more risky to implement than the TOTP method?

Options:

A.  

The SMS OTP method requires an end user to have an active mobile telephone service and SIM card.

B.  

Generally, SMS OTP codes are valid for up to 15 minutes, while the TOTP time frame is 30 to 60 seconds.

C.  

The SMS OTP is more likely to be intercepted and lead to unauthorized disclosure of the code than the TOTP

method.

D.  

The algorithm used to generate an SMS OTP code is weaker than the one used to generate a TOTP code.

Discussion 0
Questions 64

A security department wants to conduct an exercise that will make many experimental changes to the main virtual server. After the exercise is completed, the IT director would like to be able to roll back to the state prior to the exercise. Which of the following backup types will allow for the fastest rollback?

Options:

A.  

Incremental

B.  

Snapshot

C.  

Full

D.  

Differential

Discussion 0
Questions 65

Which of the following is the most effective way to protect an application server running software that is no longer supported from network threats?

Options:

A.  

Air gap

B.  

Barricade

C.  

Port security

D.  

Screened subnet

Discussion 0
Questions 66

Which of the following is most likely to include a SCADA system?

Options:

A.  

Water treatment plant

B.  

Surveillance system

C.  

Smart watch

D.  

Wi-Fi-enabled thermostat

Discussion 0
Questions 67

A municipality implements an loT device discovery scanner and finds a legacy controller for a critical internal utility SCADA service that is running firmware with multiple vulnerabilities. Unfortunately, the controller cannot be upgraded, and a replacement for it is not available for at least a year. Which of the following is the best action to take to mitigate the risk posed by this controller in the meantime?

Options:

A.  

Isolate the controller from the rest of the network and constrain connectivity.

B.  

Remove the controller from the network altogether.

C.  

Quarantine the controller in a VLAN used for device patching from the internet

D.  

Configure the internet firewall to deny any internet access to or from the controller.

Discussion 0
Questions 68

A security analyst is responding to a malware incident at a company. The malware connects to a command-and-control server on the internet in order to function. Which of the following should the security analyst implement first?

Options:

A.  

Network segmentation

B.  

IP-based firewall rules

C.  

Mobile device management

D.  

Content filter

Discussion 0
Questions 69

Earlier in the week, the CSIRT was alerted to a cyber-incident. The CSIRT is now interacting with the affected systems in an attempt to stop further damage. Which of the following best describes this phase of the incident response process?

Options:

A.  

Preparation

B.  

Containment

C.  

Recovery

D.  

Eradication

Discussion 0
Questions 70

Which of the following is the most important security concern when using legacy systems to provide production service?

Options:

A.  

Instability

B.  

Lack of vendor support

C.  

Loss of availability

D.  

Use of insecure protocols

Discussion 0
Questions 71

A security analyst is investigating a workstation that is suspected of outbound communication to a command-and-control server. During the investigation, the analyst discovered that logs on the endpoint were deleted. Which of the following logs would the analyst most likely look at next?

Options:

A.  

IPS

B.  

Firewall

C.  

ACL

D.  

Windows security

Discussion 0
Questions 72

Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?

Options:

A.  

Insider

B.  

Unskilled attacker

C.  

Nation-state

D.  

Hacktivist

Discussion 0
Questions 73

A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these requirements?

Options:

A.  

Serverless framework

B.  

Type 1 hypervisor

C.  

SD-WAN

D.  

SDN

Discussion 0
Questions 74

A security analyst finds that a user's name appears in a database entry at a time when the user was on vacation. The security analyst reviews the following logs from the authentication server that is being used by the database:

Which of the following can the security analyst conclude based on the review?

Options:

A.  

A brute-force attack occurred.

B.  

A rainbow table uncovered the password.

C.  

Technical controls did not block the reuse of a password.

D.  

An attacker used password spraying.

Discussion 0
Questions 75

While performing digital forensics, which of the following is considered the most volatile and should have the contents collected first?

Options:

A.  

Hard drive

B.  

RAM

C.  

SSD

D.  

Temporary files

Discussion 0
Questions 76

A penetration-testing firm is working with a local community bank to create a proposal that best fits the needs of the bank. The bank's information security manager would like the penetration test to resemble a real attack scenario, but it cannot afford the hours required by the penetration-testing firm. Which of the following would best address the bank's desired scenario and budget?

Options:

A.  

Engage the penetration-testing firm's red-team services to fully mimic possible attackers.

B.  

Give the penetration tester data diagrams of core banking applications in a known-environment test.

C.  

Limit the scope of the penetration test to only the system that is used for teller workstations.

D.  

Provide limited networking details in a partially known-environment test to reduce reconnaissance efforts.

Discussion 0
Questions 77

An organization wants to reduce the likelihood that a data breach could result in reputational. financial, or regulatory consequences. The organization needs an enterprise-wide solution that does not require new technology or specialized roles Which of the following describes the best way to achieve these goals?

Options:

A.  

Developing a process where sensitive data is converted to non-sensitive values such as a token

B.  

Masking identifiable information so the data cannot be traced back to a specific user

C.  

Incorporating the principle of data minimization throughout business processes

D.  

Requiring users and customers to consent to the processing of their information

Discussion 0
Questions 78

An organization with high security needs is concerned about unauthorized exfiltration of data via Wi-Fi from within a secure facility. Which of the following security controls should the company

implement?

Options:

A.  

Air-gapped network

B.  

Faraday cage

C.  

Screened subnet

D.  

802.1X certificates

Discussion 0
Questions 79

A security analyst locates a potentially malicious video file on a server and needs to identify both the creation date and the file's creator. Which of the following actions would most likely give the security analyst the information required?

Options:

A.  

Obtain the file's SHA-256 hash.

B.  

Use hexdump on the file's contents.

C.  

Check endpoint logs.

D.  

Query the file's metadata.

Discussion 0
Questions 80

The CIRT is reviewing an incident that involved a human resources recruiter exfiltrating sensitive company data. The CIRT found that the recruiter was able to use HTTP over port 53 to upload documents to a web server. Which of the following security infrastructure devices could have identified and blocked this activity?

Options:

A.  

WAP utilizing SSL decryption

B.  

NGFW utilizing application inspection

C.  

UTM utilizing a threat feed

D.  

SD-WAN utilizing IPSec

Discussion 0
Questions 81

A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee's corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?

Options:

A.  

Application

B.  

IPS/IDS

C.  

Network

D.  

Endpoint

Discussion 0
Questions 82

A vendor needs to remotely and securely transfer files from one server to another using the command line. Which of the following protocols should be implemented to allow for this type of access? (Select two).

Options:

A.  

SSH

B.  

SNMP

C.  

RDP

D.  

S/MIME

E.  

SMTP

F.  

SFTP

Discussion 0
Questions 83

Malware spread across a company's network after an employee visited a compromised industry blog. Which of the following best describes this type of attack?

Options:

A.  

Impersonation

B.  

Disinformation

C.  

Watering-hole

D.  

Smishing

Discussion 0
Questions 84

A company is decommissioning its physical servers and replacing them with an architecture that will reduce the number of individual operating systems. Which of the following strategies should the company use to achieve this security requirement?

Options:

A.  

Microservices

B.  

Containerization

C.  

Virtualization

D.  

Infrastructure as code

Discussion 0
Questions 85

A systems administrator notices that one of the systems critical for processing customer transactions is running an end-of-life operating system. Which of the following techniques would increase enterprise security?

Options:

A.  

Installing HIDS on the system

B.  

Placing the system in an isolated VLAN

C.  

Decommissioning the system

D.  

Encrypting the system's hard drive

Discussion 0
Questions 86

An administrator identifies some locations on the third floor of the building that have a poor wireless signal. Multiple users confirm the incident and report it is not an isolated event. Which of the following should the administrator use to find the areas with a poor or nonexistent wireless signal?

Options:

A.  

Heat map

B.  

Agentless scanning

C.  

Wardriving

D.  

Embedded systems

Discussion 0
Questions 87

The Chief Information Security Officer (CISO) wants a product manager to include the following tasks as part of the deployment plans:

• Delete test accounts

• Delete test data

• Share administrative passwords securely during the transition to production.

Which of the following concepts will best enable the product manager to incorporate these tasks?

Options:

A.  

Secrets management

B.  

Network segmentation

C.  

Data classification

D.  

Access reviews

Discussion 0
Questions 88

recovery sites is the best option?

Options:

A.  

Hot

B.  

Cold

C.  

Warm

D.  

Geographically dispersed

Discussion 0
Questions 89

Which of the following describes how applications are built, configured, and deployed?

Options:

A.  

Provisioning

B.  

Continuous validation

C.  

Compiler

D.  

Normalization

Discussion 0
Questions 90

An organization recently updated its security policy to include the following statement:

Regular expressions are included in source code to remove special characters such as and? from variables set

by forms in a web application.

Which of the following best explains the security technique the organization adopted by making this addition to the policy?

Options:

A.  

Identify embedded keys

B.  

Code debugging

C.  

Input validation

D.  

Static code analysis

Discussion 0
Questions 91

A local business When of the following best describes a legal hold?

Options:

A.  

It occurs during litigabon and requires retention of both electronic and physical documents.

B It occurs during a risk assessment and requires retention of risk-related documents.

B.  

It occurs during incident recovery and requires retention of electronic documents

C.  

It occurs during a business impact analysis and requires retention of documents categorized as personally identifiable information

Discussion 0
Questions 92

Which of the following methods can be used to detect attackers who have successfully infiltrated a network? (Select two).

Options:

A.  

Tokenization

B.  

CI/CD

C.  

Honeypots

D.  

Threat modeling

E.  

DNS sinkhole

F.  

Data obfuscation

Discussion 0
Questions 93

Which of the following is the best resource to consult for information on the most common application exploitation methods?

Options:

A.  

OWASP

B.  

k STIX

C.  

OVAL

D.  

Threat intelligence feed

E.  

Common Vulnerabilities and Exposures

Discussion 0
Questions 94

Which of the following best ensures minimal downtime and data loss for organizations with critical computing equipment located in earthquake-prone areas?

Options:

A.  

Generators and UPS

B.  

Off-site replication

C.  

Redundant cold sites

D.  

High availability networking

Discussion 0
Questions 95

A company hired an external consultant to assist with required system upgrades to a critical business application. A systems administrator needs to secure the consultant's access without sharing passwords to critical systems. Which of the following solutions should most likely be utilized?

Options:

A.  

TACACS+

B.  

SAML

C.  

An SSO platform

D.  

Role-based access control

E.  

PAM software

Discussion 0
Questions 96

In order to strengthen a password and prevent a hacker from cracking it, a random string of 36 characters was added to the password. Which of the following best describes this technique?

Options:

A.  

Key stretching

B.  

Tokenization

C.  

Data masking

D.  

Salting

Discussion 0
Questions 97

Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included. Which of the following best describes how the controls should be set up?

Options:

A.  

Remote access points should fail closed.

B.  

Logging controls should fail open.

C.  

Safety controls should fail open.

D.  

Logical security controls should fail closed.

Discussion 0
Questions 98

A security administrator analyzes server logs and sees multiple lines of the following format:

The administrator is concerned about whether the request is valid. Which of the following attacks should the administrator evaluate?

Options:

A.  

DLL injection

B.  

XML injection

C.  

SQL injection

D.  

LDAP injection

Discussion 0
Questions 99

Which of the following risks can be mitigated by HTTP headers?

Options:

A.  

SQLi

B.  

xss

C.  

DoS

D.  

SSL

Discussion 0
Questions 100

A company would like to implement a network security solution to inspect traffic on the network and generate an alert when specific traffic patterns are observed. The solution should never block legitimate network traffic. Which of the following will the company most likely implement?

Options:

A.  

NIDS

B.  

HIPS

C.  

ACLs

D.  

WAF

Discussion 0
Questions 101

Which of the following alert types is the most likely to be ignored over time?

Options:

A.  

True positive

B.  

True negative

C.  

False positive

D.  

False negative

Discussion 0
Questions 102

The management team notices that new accounts that are set up manually do not always have correct access or permissions. Which of the following automation techniques should a systems administrator use to streamline account creation?

Options:

A.  

Guard rail script

B.  

Ticketing workflow

C.  

Escalation script

D.  

User provisioning script

Discussion 0
Questions 103

A systems administrator would like to set up a system that will make it difficult or impossible to deny that someone has performed an action. Which of the following is the administrator trying to accomplish?

Options:

A.  

Non-repudiation

B.  

Adaptive identity

C.  

Security zones

D.  

Deception and disruption

Discussion 0
Questions 104

Which of the following is classified as high availability in a cloud environment?

Options:

A.  

Access broker

B.  

Cloud HSM

C.  

WAF

D.  

Load balancer

Discussion 0
Questions 105

An external vendor recently visited a company's headquarters for a presentation. Following the visit, a member of the hosting team found a file that the external vendor left behind on a server. The file contained detailed architecture information and code snippets. Which of the following data types best describes this file?

Options:

A.  

Government

B.  

Public

C.  

Proprietary

D.  

Critical

Discussion 0
Questions 106

An organization implemented cloud-managed IP cameras to monitor building entry points and sensitive areas. The service provider enables direct TCP'IP connection to stream live video footage from each camera. The organization wants to ensure this stream is encrypted and authenticated Which of the following protocols should be implemented to best meet this objective?

Options:

A.  

SSH

B.  

SRTP

C.  

S/MIME

D.  

PPTP

Discussion 0
Questions 107

A user is trying unsuccessfully to send images via SMS. The user downloaded the images from a corporate email account on a work phone. Which of the following policies is preventing the user from completing this action?

Options:

A.  

Application management

B.  

Content management

C.  

Containerization

D.  

Full disk encryption

Discussion 0
Questions 108

A company is concerned about individuals driving a car into the building to gain access. Which of the following security controls would work BEST to prevent this from happening?

Options:

A.  

Bollard

B.  

Camera

C.  

Alarms

D.  

Signage

E.  

Access control vestibule

Discussion 0
Questions 109

A company a "right to forgotten" request To legally comply, the company must remove data related to the requester from its systems. Which Of the following Company most likely complying with?

Options:

A.  

NIST CSF

B.  

GDPR

C.  

PCI OSS

D.  

ISO 27001

Discussion 0
Questions 110

An organization recently completed a security control assessment The organization determined some controls did not meet the existing security measures. Additional mitigations are needed to lessen the risk of the non-complaint controls. Which of the following best describes these

mitigations?

Options:

A.  

Corrective

B.  

Compensating

C.  

Deterrent

D.  

Technical

Discussion 0
Questions 111

Leveraging the information supplied below, complete the CSR for the server to set up TLS (HTTPS)

• Hostname: ws01

• Domain: comptia.org

• IPv4: 10.1.9.50

• IPV4: 10.2.10.50

• Root: home.aspx

• DNS CNAME:homesite.

Instructions:

Drag the various data points to the correct locations within the CSR. Extension criteria belong in the let hand column and values belong in the corresponding row in the right hand column.

Options:

Discussion 0
Questions 112

An organization's Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained Which of the following roles would MOST likely include these responsibilities?

Options:

A.  

Data protection officer

B.  

Data owner

C.  

Backup administrator

D.  

Data custodian

E.  

Internal auditor

Discussion 0
Questions 113

The alert indicates an attacker entered thousands of characters into the text box of a web form. The web form was intended for legitimate customers to enter their phone numbers. Which of the attacks has most likely occurred?

Options:

A.  

Privilege escalation

B.  

Buffer overflow

C.  

Resource exhaustion

D.  

Cross-site scripting

Discussion 0
Questions 114

An IT manager is estimating the mobile device budget for the upcoming year. Over the last five years, the number of devices that were replaced due to loss, damage, or theft steadily increased by 10%. Which of the following would best describe the estimated number of devices to be replaced next year?

Options:

A.  

SLA

B.  

ARO

C.  

RPO

D.  

SLE

Discussion 0
Questions 115

An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled. Which of the following can be

used to accomplish this task?

Options:

A.  

Application allow list

B.  

Load balancer

C.  

Host-based firewall

D.  

VPN

Discussion 0
Questions 116

Multiple beaconing activities to a malicious domain have been observed. The malicious domain is hosting malware from various endpoints on the network. Which of the following

technologies would be best to correlate the activities between the different endpoints?

Options:

A.  

Firewall

B.  

SIEM

C.  

IPS

D.  

Protocol analyzer

Discussion 0
Questions 117

Sales team members have been receiving threatening voicemail messages and have reported these incidents to the IT security team. Which of the following would be MOST appropriate for the IT security team to analyze?

Options:

A.  

Access control

B.  

Syslog

C.  

Session Initiation Protocol traffic logs

D.  

Application logs

Discussion 0
Questions 118

Which of the following describes where an attacker can purchase DDoS or ransomware services?

Options:

A.  

Threat intelligence

B.  

Open-source intelligence

C.  

Vulnerability database

D.  

Dark web

Discussion 0
Questions 119

A major manufacturing company updated its internal infrastructure and just started to allow OAuth application to access corporate data Data leakage is being reported Which of following most likely caused the issue?

Options:

A.  

Privilege creep

B.  

Unmodified default

C.  

TLS

D.  

Improper patch management

Discussion 0
Questions 120

Stakeholders at an organisation must be kept aware of any incidents and receive updates on status changes as they occur Which of the following Plans would fulfill this requirement?

Options:

A.  

Communication plan

B.  

Disaster recovery plan

C.  

Business continuity plan

D.  

Risk plan

Discussion 0
Questions 121

A security administrator examines the ARP table of an access switch and sees the following output:

Which of the following is a potential threat that is occurring on this access switch?

Options:

A.  

DDoSonFa02 port

B.  

MAG flooding on Fa0/2 port

C.  

ARP poisoning on Fa0/1 port

D.  

DNS poisoning on port Fa0/1

Discussion 0
Questions 122

An organization recently released a zero-trust policy that will enforce who is able to remotely access certain data. Authenticated users who access the data must have a need to know, depending on their level of permissions.

Which of the following is the first step the organization should take when implementing the policy?

Options:

A.  

Determine a quality CASB solution.

B.  

Configure the DLP policies by user groups.

C.  

Implement agentless NAC on boundary devices.

D.  

Classify all data on the file servers.

Discussion 0
Questions 123

A security analyst reviews web server logs and finds the following string

gallerys?file—. ./../../../../. . / . ./etc/passwd

Which of the following attacks was performed against the web server?

Options:

A.  

Directory traversal

B.  

CSRF

C.  

Pass the hash

D.  

SQL injection

Discussion 0
Questions 124

An analyst is working on an investigation with multiple alerts for multiple hosts. The hosts are showing signs of being compromised by a fast-spreading worm. Which of the following should be the next step in order to stop the spread?

Options:

A.  

Disconnect every host from the network.

B.  

Run an AV scan on the entire

C.  

Scan the hosts that show signs of

D.  

Place all known-infected hosts on an isolated network

Discussion 0
Questions 125

Which of the following best describes the situation where a successfully onboarded employee who is using a fingerprint reader is denied access at the company's mam gate?

Options:

A.  

Crossover error rate

B.  

False match raw

C.  

False rejection

D.  

False positive

Discussion 0
Questions 126

A network administrator needs to determine the sequence of a server farm's logs. Which of the following should the administrator consider? (Select two).

Options:

A.  

Chain of custody

B.  

Tags

C.  

Reports

D.  

Time stamps

E.  

Hash values

F.  

Time offset

Discussion 0
Questions 127

Which of the following can be used by an authentication application to validate a user's credentials without the need to store the actual sensitive data? 

Options:

A.  

Salt string

B.  

Private Key

C.  

Password hash

D.  

Cipher stream

Discussion 0
Questions 128

An organization needs to implement more stringent controls over administrator/root credentials and service accounts. Requirements for the project include:

* Check-in/checkout of credentials

* The ability to use but not know the password

* Automated password changes

* Logging of access to credentials

Which of the following solutions would meet the requirements?

Options:

A.  

OAuth 2.0

B.  

Secure Enclave

C.  

A privileged access management system

D.  

An OpenID Connect authentication system

Discussion 0
Questions 129

Which of the following should a Chief Information Security Officer consider using to take advantage of industry standard guidelines?

Options:

A.  

SSAE SOC 2

B.  

GDPR

C.  

PCI DSS

D.  

NIST CSF

Discussion 0
Questions 130

Which Of the following security controls can be used to prevent multiple from using a unique card swipe and being admitted to a entrance?

Options:

A.  

Visitor logs

B.  

Faraday cages

C.  

Access control vestibules

D.  

Motion detection sensors

Discussion 0
Questions 131

A security team suspects that the cause of recent power consumption overloads is the unauthorized use of empty power outlets in the network rack. Which of the following options will mitigate this issue without compromising the number of outlets

available?

Options:

A.  

Adding a new UPS dedicated to the rack

B.  

Installing a managed PDU

C.  

Using only a dual power supplies unit

D.  

Increasing power generator capacity

Discussion 0
Questions 132

A company is switching to a remote work model for all employees. All company and employee resources will be in the cloud. Employees must use their personal computers to access the cloud computing environment. The company will manage the operating system. Which of the following deployment models is the company implementing?

Options:

A.  

CYOD

B.  

MDM

C.  

COPE

D.  

VDI

Discussion 0
Questions 133

Which of the following is a solution that can be used to stop a disgruntled employee from copying confidential data to a USB drive?

Options:

A.  

DLP

B.  

TLS

C.  

AV

D.  

IDS

Discussion 0
Questions 134

Which of the following would provide guidelines on how to label new network devices as part of the initial configuration?

Options:

A.  

IP schema

B.  

Application baseline configuration

C.  

Standard naming convention policy

D.  

Wireless LAN and network perimeter diagram

Discussion 0
Questions 135

A security investigation revealed mat malicious software was installed on a server using a server administrator credentials. During the investigation the server administrator explained that Telnet was regularly used to log in. Which of the blowing most likely occurred?

Options:

A.  

A spraying attack was used to determine which credentials to use

B.  

A packet capture tool was used to steal the password

C.  

A remote-access Trojan was used to install the malware

D.  

A directory attack was used to log in as the server administrator

Discussion 0
Questions 136

A company is developing a new initiative to reduce insider threats. Which of the following should the company focus on to make the greatest impact?

Options:

A.  

Social media analysis

B.  

Least privilege

C.  

Nondisclosure agreements

D.  

Mandatory vacation

Discussion 0
Questions 137

Which of the following measures the average time that equipment will operate before it breaks?

Options:

A.  

SLE

B.  

MTBF

C.  

RTO

D.  

ARO

Discussion 0
Questions 138

A company was recently breached. Part of the company's new cybersecurity strategy is to centralize the logs from all security devices. Which of the following components forwards the logs to a central source?

Options:

A.  

Log enrichment

B.  

Log queue

C.  

Log parser

D.  

Log collector

Discussion 0
Questions 139

A network-connected magnetic resonance imaging (MRI) scanner at a hospital is controlled and operated by an outdated and unsupported specialized Windows OS. Which of the following

is most likely preventing the IT manager at the hospital from upgrading the specialized OS?

Options:

A.  

The time needed for the MRI vendor to upgrade the system would negatively impact patients.

B.  

The MRI vendor does not support newer versions of the OS.

C.  

Changing the OS breaches a support SLA with the MRI vendor.

D.  

The IT team does not have the budget required to upgrade the MRI scanner.

Discussion 0
Questions 140

A security administrator performs weekly vulnerability scans on all cloud assets and provides a detailed report. Which of the following describes the administrator's activities?

Options:

A.  

Continuous deployment

B.  

Continuous integration

C.  

Continuous validation

D.  

Continuous monitoring

Discussion 0
Questions 141

A network security manager wants to implement periodic events that will test the security team's preparedness for incidents in a controlled and scripted manner, Which of the following concepts describes this scenario?

Options:

A.  

Red-team exercise

B.  

Business continuity plan testing

C.  

Tabletop exercise

D.  

Functional exercise

Discussion 0
Questions 142

A company would like to move to the cloud. The company wants to prioritize control and security over cost and ease of management. Which of the following cloud models would best suit this company's priorities?

Options:

A.  

Public

B.  

Hybrid

C.  

Community

D.  

Private

Discussion 0
Questions 143

A software developer used open-source libraries to streamline development. Which of the following is the greatest risk when using this approach?

Options:

A.  

Unsecure root accounts

B.  

Lack of vendor support

C.  

Password complexity

D.  

Default settings

Discussion 0
Questions 144

A large bank with two geographically dispersed data centers Is concerned about major power disruptions at Both locations. Every day each location experiences very brief outages thai last (or a few seconds. However, during the summer a high risk of intentional under-voltage events that could last up to an hour exists, particularly at one of the locations near an industrial smelter. Which of the following is the BEST solution to reduce the risk of data loss?

Options:

A.  

Dual supply

B.  

Generator

C.  

PDU

D.  

Dally backups

Discussion 0
Questions 145

A security administrator needs to provide secure access to internal networks for external partners The administrator has given the PSK and other parameters to the third-party security administrator. Which of the following is being used to establish this connection?

Options:

A.  

Kerberos

B.  

SSL/TLS

C.  

IPSec

D.  

SSH

Discussion 0
Questions 146

A network administrator needs to determine Ihe sequence of a server farm's logs. Which of the following should the administrator consider? (Select TWO).

Options:

A.  

Chain of custody

B.  

Tags

C.  

Reports

D.  

Time stamps

E.  

Hash values

F.  

Time offset

Discussion 0
Questions 147

A company has numerous employees who store PHI data locally on devices. The Chief Information Officer wants to implement a solution to reduce external exposure of PHI but not affect the business.

The first step the IT team should perform is to deploy a DLP solution:

Options:

A.  

for only data in transit.

B.  

for only data at reset.

C.  

in blocking mode.

D.  

in monitoring mode.

Discussion 0
Questions 148

An air traffic controller receives a change in flight plan for an morning aircraft over the phone. The air traffic controller compares the change to what

appears on radar and determines the information to be false. As a result, the air traffic controller is able to prevent an incident from occurring. Which of the following is this scenario an example of?

Options:

A.  

Mobile hijacking

B.  

Vishing

C.  

Unsecure VoIP protocols

D.  

SPIM attack

Discussion 0
Questions 149

A security manager is attempting to meet multiple security objectives in the next fiscal year. The security manager has proposed the purchase of the following four items:

Vendor A:

1- Firewall

1-12 switch

Vendor B:

1- Firewall

1-12 switch

Which of the following security objectives is the security manager attempting to meet? (Select two).

Options:

A.  

Simplified patch management

B.  

Scalability

C.  

Zero-day attack tolerance

D.  

Multipath

E.  

Replication

F.  

Redundancy

Discussion 0
Questions 150

A company is focused on reducing risks from removable media threats. Due to certain primary applications, removable media cannot be entirely prohibited at this time. Which of the following best describes the company's approach?

Options:

A.  

Compensating controls

B.  

Directive control

C.  

Mitigating controls

D.  

Physical security controls

Discussion 0
Questions 151

A candidate attempts to go to but accidentally visits http://comptiia.org. The malicious website looks exactly like the legitimate website. Which of the following best describes this type of attack?

Options:

A.  

Reconnaissance

B.  

Impersonation

C.  

Typosquatting

D.  

Watering-hole

Discussion 0
Questions 152

Unauthorized devices have been detected on the internal network. The devices’ locations were traced to Ether ports located in conference rooms. Which of the following would be the best technical controls to implement to prevent these devices from accessing the internal network?

Options:

A.  

NAC

B.  

DLP

C.  

IDS

D.  

MFA

Discussion 0
Questions 153

Given the following snippet of Python code:

Which of the following types of malware MOST likely contains this snippet?

Options:

A.  

Logic bomb

B.  

Keylogger

C.  

Backdoor

D.  

Ransomware

Discussion 0
Questions 154

A security team will be outsourcing several key functions to a third party and will require that:

• Several of the functions will carry an audit burden.

• Attestations will be performed several times a year.

• Reports will be generated on a monthly basis.

Which of the following BEST describes the document that is used to define these requirements and stipulate how and when they are performed by the third party?

Options:

A.  

MOU

B.  

AUP

C.  

SLA

D.  

MSA

Discussion 0
Questions 155

A contractor overhears a customer recite their credit card number during a confidential phone call. The credit card Information is later used for a fraudulent transaction. Which of the following social engineering techniques describes this scenario?

Options:

A.  

Shoulder surfing

B.  

Watering hole

C.  

Vishing

D.  

Tailgating

Discussion 0
Questions 156

Which of the following processes would most likely help an organization that has conducted an incident response exercise to improve performance and identify challenges?

Options:

A.  

Lessons learned

B.  

Identification

C.  

Simulation

D.  

Containment

Discussion 0
Questions 157

Which Of the following control types is patch management classified under?

Options:

A.  

Deterrent

B.  

Physical

C.  

Corrective

D.  

Detective

Discussion 0
Questions 158

A company recently completed the transition from data centers to the cloud. Which of the following solutions will best enable the company to detect security threats in applications that run in isolated environments within the cloud environment?

Options:

A.  

Security groups

B.  

Container security

C.  

Virtual networks

D.  

Segmentation

Discussion 0
Questions 159

Which of the following security design features can an development team to analyze the deletion eoting Of data sets the copy?

Options:

A.  

Stored procedures

B.  

Code reuse

C.  

Version control

D.  

Continunus

Discussion 0
Questions 160

An employee used a corporate mobile device during a vacation Multiple contacts were modified in the device vacation Which of the following method did attacker to insert the contacts without having 'Physical access to device?

Options:

A.  

Jamming

B.  

BluJacking

C.  

Disassoaatm

D.  

Evil twin

Discussion 0
Questions 161

An incident has occurred in the production environment.

Analyze the command outputs and identify the type of compromise.

Options:

Discussion 0
Questions 162

A security administrator is seeking a solution to prevent unauthorized access to the internal network. Which of the following security solutions should the administrator choose?

Options:

A.  

MAC filtering

B.  

Anti-malware

C.  

Translation gateway

D.  

VPN

Discussion 0
Questions 163

A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the companVs mobile

application. After reviewing the back-end server logs, the security analyst finds the following entries

Which of the following is the most likely cause of the security control bypass?

Options:

A.  

IP address allow list

B.  

user-agent spoofing

C.  

WAF bypass

D.  

Referrer manipulation

Discussion 0
Questions 164

A retail store has a business requirement to deploy a kiosk computer In an open area The kiosk computer's operating system has been hardened and tested. A security engineer IS concerned that

someone could use removable media to install a rootkit Mich of the should the security engineer configure to BEST protect the kiosk computer?

Options:

A.  

Measured boot

B.  

Boot attestation

C.  

UEFI

D.  

EDR

Discussion 0
Questions 165

A security engineer is concerned the strategy for detection on endpoints is too heavily dependent on previously defined attacks. The engineer wants a tool that can monitor for changes to key files and network traffic for the device. Which of the following tools should the engineer select?

Options:

A.  

HIDS

B.  

AV

C.  

NGF-W

D.  

DLP

Discussion 0
Questions 166

A company is moving to new location. The systems administrator has provided the following server room requirements to the facilities staff:

  • Consistent power levels in case of brownouts or voltage spikes
  • A minimum of 30 minutes runtime following a power outage
  • Ability to trigger graceful shutdowns of critical systems

Which of the following would BEST meet the requirements?

Options:

A.  

Maintaining a standby, gas-powered generator

B.  

Using large surge suppressors on computer equipment

C.  

Configuring managed PDUs to monitor power levels

D.  

Deploying an appropriately sized, network-connected UPS device

Discussion 0
Questions 167

Which of the following describes software on network hardware that needs to be updated on a rou-tine basis to help address possible vulnerabilities?

Options:

A.  

Vendor management

B.  

Application programming interface

C.  

Vanishing

D.  

Encryption strength

E.  

Firmware

Discussion 0
Questions 168

The management team has requested that the security team implement 802.1X into the existing wireless network setup. The following requirements must be met:

• Minimal interruption to the end user

• Mutual certificate validation

Which of the following authentication protocols would meet these requirements?

Options:

A.  

EAP-FAST

B.  

PSK

C.  

EAP-TTLS

D.  

EAP-TLS

Discussion 0
Questions 169

A company needs to enhance Its ability to maintain a scalable cloud Infrastructure. The Infrastructure needs to handle the unpredictable loads on the company's web application. Which of the following

cloud concepts would BEST these requirements?

Options:

A.  

SaaS

B.  

VDI

C.  

Containers

D.  

Microservices

Discussion 0
Questions 170

A security engineer updated an application on company workstations. The application was running before the update, but it is no longer launching successfully. Which of the following most likely needs to be updated?

Options:

A.  

Blocklist

B.  

Deny list

C.  

Quarantine list

D.  

Approved fist

Discussion 0
Questions 171

A systems analyst determines the source of a high number of connections to a web server that were initiated by ten different IP addresses that belong to a network block in a specific country. Which of the following techniques will the systems analyst MOST likely implement to address this issue?

Options:

A.  

Content filter

B.  

SIEM

C.  

Firewall rules

D.  

DLP

Discussion 0
Questions 172

A company was compromised, and a security analyst discovered the attacker was able to get access to a service account. The following logs were discovered during the investigation:

Which of the following MOST likely would have prevented the attacker from learning the service account name?

Options:

A.  

Race condition testing

B.  

Proper error handling

C.  

Forward web server logs to a SIEM

D.  

Input sanitization

Discussion 0
Questions 173

A large enterprise has moved all its data to the cloud behind strong authentication and encryption. A sales director recently had a

laptop stolen, and later, enterprise data was found to have been compromised from a local database. Which of the following was the

MOST likely cause?

Options:

A.  

Shadow IT

B.  

Credential stuffing

C.  

SQL injection

D.  

Man in the browser

E.  

Bluejacking

Discussion 0
Questions 174

An organization's Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained. Which of the following roles would MOST likely include these responsibilities?

Options:

A.  

Data protection officer

B.  

Data owner

C.  

Backup administrator

D.  

Data custodian

E.  

Internal auditor

Discussion 0
Questions 175

Which of the following BEST describes the team that acts as a referee during a penetration-testing exercise?

Options:

A.  

White team

B.  

Purple team

C.  

Green team

D.  

Blue team

E.  

Red team

Discussion 0
Questions 176

A company wants to modify its current backup strategy to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategy

Options:

A.  

Incremental backups followed by differential backups

B.  

Full backups followed by incremental backups

C.  

Delta backups followed by differential backups

D.  

Incremental backups followed by delta backups

E.  

Full backup followed by different backups

Discussion 0
Questions 177

A security researcher has alerted an organization that its sensitive user data was found for sale on a website. Which of the following should the organization use to inform the affected parties?

Options:

A.  

An incident response plan

B.  

A communications plan

C.  

A business continuity plan

D.  

A disaster recovery plan

Discussion 0
Questions 178

Which of the following BEST describes data streams that are compiled through artificial intelligence that provides insight on current cyberintrusions, phishing, and other malicious cyberactivity?

Options:

A.  

Intelligence fusion

B.  

Review reports

C.  

Log reviews

D.  

Threat feeds

Discussion 0
Questions 179

A Chief Information Officer is concerned about employees using company-issued laptops lo steal data when accessing network shares. Which of the following should the company Implement?

Options:

A.  

DLP

B.  

CASB

C.  

HIDS

D.  

EDR

E.  

UEFI

Discussion 0
Questions 180

An organization would like to remediate the risk associated with its cloud service provider not meeting its advertised 99.999% availability metrics. Which of the following should the organization consult for the exact requirements for the cloud provider?

Options:

A.  

SLA

B.  

BPA

C.  

NDA

D.  

MOU

Discussion 0
Questions 181

A security analyst needs to implement an MDM solution for BYOD users that will allow the company to retain control over company emails residing on the devices and limit data exfiltration that might occur if the devices are lost or stolen.Which of the following would BEST meet these requirements? (Select TWO).

Options:

A.  

Full-device encryption

B.  

Network usage rules

C.  

Geofencing

D.  

Containerization

E.  

Application whitelisting

F.  

Remote control

Discussion 0
Questions 182

Which of the following biometric authentication methods is the MOST accurate?

Options:

A.  

Gait

B.  

Retina

C.  

Signature

D.  

Voice

Discussion 0
Questions 183

During an incident a company CIRT determine it is necessary to observe the continued network-based transaction between a callback domain and the malware running on an enterprise PC. Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?

Options:

A.  

Physical move the PC to a separate internet pint of presence

B.  

Create and apply micro segmentation rules.

C.  

Emulate the malware in a heavily monitored DM Z segment.

D.  

Apply network blacklisting rules for the adversary domain

Discussion 0
Questions 184

A security researcher has alerted an organization that its sensitive user data was found for sale on a website. Which of the following should the organization use to inform the affected parties?

Options:

A.  

A An incident response plan

B.  

A communications plan

C.  

A business continuity plan

D.  

A disaster recovery plan

Discussion 0
Questions 185

A new security engineer has started hardening systems. One of the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability to use SCP to transfer files to the NAS, even through the data is still viewable from the user’s PCs. Which of the following is the most likely cause of this issue?

Options:

A.  

TFTP was disabled on the local hosts

B.  

SSH was turned off instead of modifying the configuration file

C.  

Remote login was disabled in the networkd.config instead of using the sshd.conf

D.  

Network services are no longer running on the NAS

Discussion 0
Questions 186

A company recently experienced an attack during which its main website was Directed to the attacker's web server, allowing the attacker to harvest credentials from unsuspecting customers, Which of the following should the

company implement to prevent this type of attack from occurring In the future?

Options:

A.  

IPsec

B.  

SSL/TLS

C.  

ONSSEC

D.  

SMIME

Discussion 0
Questions 187

A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?

Options:

A.  

Default system configuration

B.  

Unsecure protocols

C.  

Lack of vendor support

D.  

Weak encryption

Discussion 0
Questions 188

Which of the following cryptographic concepts would a security engineer utilize while implementing non-repudiation? (Select TWO)

Options:

A.  

Block cipher

B.  

Hashing

C.  

Private key

D.  

Perfect forward secrecy

E.  

Salting

F.  

Symmetric keys

Discussion 0
Questions 189

An organization recently acquired an ISO 27001 certification. Which of the following would MOST likely be considered a benefit of this certification?

Options:

A.  

It allows for the sharing of digital forensics data across organizations

B.  

It provides insurance in case of a data breach

C.  

It provides complimentary training and certification resources to IT security staff.

D.  

It certifies the organization can work with foreign entities that require a security clearance

E.  

It assures customers that the organization meets security standards

Discussion 0
Questions 190

Which of the following would produce the closet experience of responding to an actual incident response scenario?

Options:

A.  

Lessons learned

B.  

Simulation

C.  

Walk-through

D.  

Tabletop

Discussion 0
Questions 191

Which of the following controls would provide the BEST protection against tailgating?

Options:

A.  

Access control vestibule

B.  

Closed-circuit television

C.  

Proximity card reader

D.  

Faraday cage

Discussion 0
Questions 192

As part of the building process for a web application, the compliance team requires that all PKI certificates are rotated annually and can only contain wildcards at the secondary subdomain level. Which of the following certificate properties will meet these requirements?

Options:

A.  

HTTPS://.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022

B.  

HTTPS://app1.comptia.org, Valid from April 10 00:00:00 2021-April 8 12:00:00 2022

C.  

HTTPS:// app1.comptia.org, Valid from April 10 00:00:00 2021-April 8 12:00:00 2022

D.  

HTTPS://.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00

Discussion 0
Questions 193

A financial institution would like to store its customer data in the cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution Is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would best meet the requirement?

Options:

A.  

Asymmetric

B.  

Symmetric

C.  

Homomorphic

D.  

Ephemeral

Discussion 0
Questions 194

A network administrator has been alerted that web pages are experiencing long load times After determining it is not a routing or DNS issue the administrator logs in to the router, runs a command, and receives the following output:

CPU 0 percent busy, from 300 sec ago

1 sec ave: 99 percent busy

5 sec ave: 97 percent busy

1 min ave: 83 percent busy

Which of the following is The router experiencing?

Options:

A.  

DDoS attack

B.  

Memory leak

C.  

Buffer overflow

D.  

Resource exhaustion

Discussion 0
Questions 195

A company's help desk has received calls about the wireless network being down and users being unable to connect to it. The network administrator says all access pcints are up and running. One of the help desk technicians notices the affected users are working in a near the parking Jot Which Of the following IS the most likely reason for the outage?

Options:

A.  

Someone near the is jamming the signal.

B.  

A user has set up a rogue access point near building.

C.  

Someone set up an evil twin access Print in the affected area.

D.  

The APS in the affected area have been from the network

Discussion 0
Questions 196

Which of the following is a primary security concern for a company setting up a BYOD program?

Options:

A.  

End of life

B.  

Buffer overflow

C.  

VM escape

D.  

Jailbreaking

Discussion 0
Questions 197

During an assessment, a systems administrator found several hosts running FTP and decided to immediately block FTP communications at the firewall. Which of the following describes the

greatest risk associated with using FTP?

Options:

A.  

Private data can be leaked

B.  

FTP is prohibited by internal policy.

C.  

Users can upload personal files

D.  

Credentials are sent in cleartext.

Discussion 0
Questions 198

Which of the following cloud models provides clients with servers, storage, and networks but nothing else?

Options:

A.  

SaaS

B.  

PaaS

C.  

laaS

D.  

DaaS

Discussion 0
Questions 199

A security analyst needs to implement security features across smartphones. laptops, and tablets. Which of the following would be the most effective across heterogeneous platforms?

Options:

A.  

Enforcing encryption

B.  

Deploying GPOs

C.  

Removing administrative permissions

D.  

Applying MDM software

Discussion 0
Questions 200

Which of the following supplies non-repudiation during a forensics investigation?

Options:

A.  

Dumping volatile memory contents first

B.  

Duplicating a drive with dd

C.  

a SHA 2 signature of a drive image

D.  

Logging everyone in contact with evidence

E.  

Encrypting sensitive data

Discussion 0
Questions 201

An information security officer at a credit card transaction company is conducting a framework-mapping exercise with the internal controls. The company recently established a new office in Europe. To which of the following frameworks should the security officer map the existing controls' (Select two).

Options:

A.  

ISO

B.  

PCI DSS

C.  

SOC

D.  

GDPR

E.  

CSA

F.  

NIST

Discussion 0
Questions 202

A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

Options:

A.  

Testing input validation on the user input fields

B.  

Performing code signing on company-developed software

C.  

Performing static code analysis on the software

D.  

Ensuring secure cookies are used

Discussion 0
Questions 203

During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the ‘company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user's intranet account? (Select two).

Options:

A.  

Federation

B.  

Identity proofing

C.  

Password complexity

D.  

Default password changes

E.  

Password manager

F.  

Open authentication

Discussion 0
Questions 204

A security analyst discovers that a company's username and password database were posted on an internet forum. The usernames and passwords are stored in plaintext. Which of the following would mitigate the damage done by this type of data exfiltration in the future?

Options:

A.  

Create DLP controls that prevent documents from leaving the network.

B.  

Implement salting and hashing.

C.  

Configure the web content filter to block access to the forum.

D.  

Increase password complexity requirements.

Discussion 0
Questions 205

A company's help desk received several AV alerts indicating Mimikatz attempted to run on the remote systems Several users also reported that the new company flash drives they picked up in the break room only have 512KB of storage Which of the following is most likely the cause?

Options:

A.  

The GPO prevents the use of flash drives, which triggers a false positive AV indication and restricts the drives to only 512KB of storage

B.  

The new flash drives need a driver that is being blocked by the AV software because the flash drives are not on the application's allow list, temporarily restricting the drives to 512KB of storage.

C.  

The new flash drives are incorrectly partitioned, and the systems are automatically trying to use an unapproved application to repartition the drives.

D.  

The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials from memory.

Discussion 0
Questions 206

Which Of the following best ensures minimal downtime for organizations vÄh crit-ical computing equipment located in earthquake-prone areas?

Options:

A.  

Generators and UPS

B.  

Off-site replication

C.  

Additional warm site

D.  

Local

Discussion 0
Questions 207

Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer's Pll?

Options:

A.  

SCAP

B.  

NetFlow

C.  

Antivirus

D.  

DLP

Discussion 0
Questions 208

Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).

Options:

A.  

Alarm

B.  

Signage

C.  

Lighting

D.  

Access control vestibules

E.  

Fencing

F.  

Sensors

Discussion 0
Questions 209

A security architect is required to deploy to conference rooms some workstations that will allow sensitive data to be displayed on large screens. Due to the nature of the data, it cannot be stored in the conference rooms. The file share is located in a local data center. Which of the following should the security architect recommend to best meet the requirement?

Options:

A.  

Fog computing and KVMs

B.  

VDI and thin clients

C.  

Private cloud and DLP

D.  

Full drive encryption and thick clients

Discussion 0
Questions 210

A web architect would like to move a company's website presence to the cloud. One of the management team's key concerns is resiliency in case a cloud provider's data center or network connection goes down. Which of the following should the web architect consider to address this concern?

Options:

A.  

Containers

B.  

Virtual private cloud

C.  

Segmentation

D.  

Availability zones

Discussion 0
Questions 211

A security analyst is hardening a network infrastructure The analyst is given the following requirements

• Preserve the use of public IP addresses assigned to equipment on the core router

• Enable "in transport" encryption protection to the web server with the strongest ciphers.

Which of the following should the analyst implement to meet these requirements? (Select two).

Options:

A.  

Configure VLANs on the core router

B.  

Configure NAT on the core router.

C.  

Configure BGP on the core router

D.  

Enable AES encryption on the web server

E.  

Enable 3DES encryption on the web server

F.  

Enable TLSv2 encryption on the web server

Discussion 0
Questions 212

A company recently experienced a significant data loss when proprietary information was leaked to a competitor. The company took special precautions by using proper labels; however, email filter logs do not have any record of the incident. An investigation confirmed the corporate network was not breached, but documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage. Which of the following is the best mitigation strategy to prevent this from happening in the future?

Options:

A.  

User training

B.  

CAsB

C.  

MDM

D.  

EDR

Discussion 0
Questions 213

An audit report indicates multiple suspicious attempts to access company resources were made. These attempts were not detected by the company. Which of the following would be the best solution to implement on the company's network?

Options:

A.  

Intrusion prevention system

B.  

Proxy server

C.  

Jump server

D.  

Security zones

Discussion 0
Questions 214

An annual information security assessment has revealed that several OS-level configurations are not in compliance due to outdated hardening standards the company is using. Which of the following would be best to use to update and reconfigure the OS-level security configurations?

Options:

A.  

CIS benchmarks

B.  

GDPR guidance

C.  

Regional regulations

D.  

ISO 27001 standards

Discussion 0
Questions 215

An organization routes all of its traffic through a VPN Most users are remote and connect into a corporate data center that houses confidential information There is a firewall at the internet border, followed by a DLP appliance, the VPN server and the data center itself Which of the following is the weakest design element?

Options:

A.  

The DLP appliance should be integrated into a NGFW.

B.  

Split-tunnel connections can negatively impact the DLP appliance's performance.

C.  

Encrypted VPN traffic will not be inspected when entering or leaving the network.

D.  

Adding two hops in the VPN tunnel may slow down remote connections

Discussion 0
Questions 216

A security analyst is taking part in an evaluation process that analyzes and categorizes threat actors Of real-world events in order to improve the incident response team's process. Which Of the following is the analyst most likely participating in?

Options:

A.  

MITRE ATT&CK

B.  

Walk-through

C.  

Red team

D.  

Purple team-I

E.  

TAXI

Discussion 0
Questions 217

A security engineer is setting up passwordless authentication for the first time.

INSTRUCTIONS

Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Discussion 0
Questions 218

To reduce and limit software and infrastructure costs the Chief Information Officer has requested to move email services to the cloud. The cloud provider and the organization must have secunty controls to protect sensitive data Which of the following cloud services would best accommodate the request?

Options:

A.  

laaS

B.  

PaaS

C.  

DaaS

D.  

SaaS

Discussion 0
Questions 219

An organization is repairing damage after an incident. Which Of the following controls is being implemented?

Options:

A.  

Detective

B.  

Preventive

C.  

Corrective

D.  

Compensating

Discussion 0
Questions 220

A company wants to deploy decoy systems alongside production systems in order to entice threat actors and to learn more about attackers. Which of the follow r 3 best describes these systems?

Options:

A.  

DNS sinkholes

B.  

Honey pots

C.  

Virtual machines

D.  

Neural networks

Discussion 0
Questions 221

A company needs to centralize its logs to create a baseline and have visibility on its security events Which of the following technologies will accomplish this objective?

Options:

A.  

Security information and event management

B.  

A web application firewall

C.  

A vulnerability scanner

D.  

A next-generation firewall

Discussion 0
Questions 222

Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.

INSTRUCTIONS

Not all attacks and remediation actions will be used.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Discussion 0
Questions 223

A security analyst is looking for a solution to help communicate to the leadership team the seventy levels of the organization's vulnerabilities. Which of the following would best meet this need?

Options:

A.  

CVE

B.  

SIEM

C.  

SOAR

D.  

CVSS

Discussion 0
Questions 224

Which of the following is most likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented?

Options:

A.  

An RTO report

B.  

A risk register

C.  

A business impact analysis

D.  

An asset value register

E.  

A disaster recovery plan

Discussion 0
Questions 225

An audit identified Pll being utilized in the development environment of a crit-ical application. The Chief Privacy Officer (CPO) is adamant that this data must be removed: however, the developers are concerned that without real data they cannot perform functionality tests and search for specific data. Which of the following should a security professional implement to best satisfy both the CPOs and the development team's requirements?

Options:

A.  

Data purge

B.  

Data encryption

C.  

Data masking

D.  

Data tokenization

Discussion 0
Questions 226

Two organizations are discussing a possible merger Both Organizations Chief Fi-nancial Officers would like to safely share payroll data with each Other to de-termine if the pay scales for different roles are similar at both organizations Which Of the following techniques would be best to protect employee data while allowing the companies to successfully share this information?

Options:

A.  

Pseudo-anonymization

B.  

Tokenization

C.  

Data masking

D.  

Encryption

Discussion 0
Questions 227

Which of the following roles is responsible for defining the protection type and Classification type for a given set of files?

Options:

A.  

General counsel

B.  

Data owner

C.  

Risk manager

D.  

Chief Information Officer

Discussion 0
Questions 228

A company wants the ability to restrict web access and monitor the websites that employees visit, Which Of the following would best meet these requirements?

Options:

A.  

Internet Proxy

B.  

VPN

C.  

WAF

D.  

Firewall

Discussion 0
Questions 229

An annual information security has revealed that several OS-level configurations are not in compliance due to Outdated hardening standards the company is using Which Of the following would be best to use to update and reconfigure the OS.level security configurations?

Options:

A.  

CIS benchmarks

B.  

GDPR guidance

C.  

Regional regulations

D.  

ISO 27001 standards

Discussion 0
Questions 230

Which of the following would be the best resource for a software developer who is looking to improve secure coding practices for web applications?

Options:

A.  

OWASP

B.  

Vulnerability scan results

C.  

NIST CSF

D.  

Third-party libraries

Discussion 0
Questions 231

During a security incident the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9 A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network. Which of the following fulfills this request?

Options:

A.  

access-list inbound deny ip source 0.0.0.0/0 destination 10.1.4.9/32

B.  

access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0

C.  

access-list inbound permit ip source 10.1.4.9/32 destination 0.0.0.0/0

D.  

access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32

Discussion 0
Questions 232

A security engineer is building a file transfer solution to send files to a business partner. The users would like to drop off the files in a specific directory and have the server send the file to the business partner. The connection to the business partner is over the internet and needs to be secure. Which of the following can be used?

Options:

A.  

SMIME

B.  

LDAPS

C.  

SSH

D.  

SRTP

Discussion 0
Questions 233

Which of the following is constantly scanned by internet bots and has the highest risk of attack in the case of the default configurations?

Options:

A.  

Wearable sensors

B.  

Raspberry Pi

C.  

Surveillance systems

D.  

Real-time operating systems

Discussion 0
Questions 234

A company wants to build a new website to sell products online. The website wd I host a storefront application that allow visitors to add products to a shopping cart and pay for products using a credit card. which Of the following protocols •would be most secure to implement?

Options:

A.  

SSL

B.  

SFTP

C.  

SNMP

D.  

TLS

Discussion 0
Questions 235

Which of the following best reduces the security risks introduced when running systems that have expired vendor support and lack an immediate replacement?

Options:

A.  

Implement proper network access restrictions.

B.  

Initiate a bug bounty program.

C.  

Classify the system as shadow IT.

D.  

Increase the frequency of vulnerability scans.

Discussion 0
Questions 236

A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?

Options:

A.  

DDoS

B.  

Privilege escalation

C.  

DNS poisoning

D.  

Buffer overflow

Discussion 0
Questions 237

During a recent security assessment, a vulnerability was found in a common OS. The OS vendor was unaware of the issue and promised to release a patch within the next quarter. Which of the following best describes this type of vulnerability?

Options:

A.  

Legacy operating system

B.  

Weak configuration

C.  

Zero day

D.  

Supply chain

Discussion 0
Questions 238

Which of the following automation use cases would best enhance the security posture Of an organi-zation by rapidly updating permissions when employees leave a company Or change job roles inter-nally?

Options:

A.  

Provisioning resources

B.  

Disabling access

C.  

APIs

D.  

Escalating permission requests

Discussion 0
Questions 239

An organization has hired a security analyst to perform a penetration test The analyst captures 1Gb worth of inbound network traffic to the server and transfers the pcap back to the machine for

analysis. Which of the following tools should the analyst use to further review the pcap?

Options:

A.  

Nmap

B.  

CURL

C.  

Neat

D.  

Wireshark

Discussion 0
Questions 240

A security analyst discovers that one of the web APIs is being abused by an unknown third party. Logs indicate that the third party is attempting to manipulate the parameters being passed to the API endpoint. Which of the following solutions would best help to protect against the attack?

Options:

A.  

DLP

B.  

SIEM

C.  

NIDS

D.  

WAF

Discussion 0
Questions 241

A company has installed badge readers for building access but is finding unau-thorized individuals roaming the hallways Of the following is the most likely cause?

Options:

A.  

Shoulder surfing

B.  

Phishing

C.  

Tailgating

D.  

Identity fraud

Discussion 0
Questions 242

A manufacturing company has several one-off legacy information systems that cannot be migrated to a newer OS due to software compatibility issues. The OSs are still supported by the vendor but the industrial software is no longer supported The Chief Information Security Officer has created a resiliency plan for these systems that will allow OS patches to be installed in a non-production environment, white also creating backups of the systems for recovery. Which of the following resiliency techniques will provide these capabilities?

Options:

A.  

Redundancy

B.  

RAID 1+5

C.  

Virtual machines

D.  

Full backups

Discussion 0
Questions 243

A user received an SMS on a mobile phone that asked for bank details. Which of the following social engineering techniques was used in this case?

Options:

A.  

SPIM

B.  

Vishing

C.  

Spear phishing

D.  

Smishing

Discussion 0
Questions 244

Which of the following terms should be included in a contract to help a company monitor the ongo-ing security maturity Of a new vendor?

Options:

A.  

A right-to-audit clause allowing for annual security audits

B.  

Requirements for event logs to kept for a minimum of 30 days

C.  

Integration of threat intelligence in the companys AV

D.  

A data-breach clause requiring disclosure of significant data loss

Discussion 0
Questions 245

You are security administrator investigating a potential infection on a network.

Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.

Options:

Discussion 0
Questions 246

Which Of the following is a primary security concern for a setting up a BYOD program?

Options:

A.  

End of life

B.  

Buffer overflow

C.  

VM escape

D.  

Jailbreaking

Discussion 0
Questions 247

Security analysts notice a server login from a user who has been on vacation for two weeks, The an-alysts confirm that the user did not log in to the system while on vacation After reviewing packet capture the analysts notice the following:

Which of the following occurred?

Options:

A.  

A buffer overflow was exploited to gain unauthorized access.

B.  

The user's account was con-promised, and an attacker changed the login credentials.

C.  

An attacker used a pass-the-hash attack to gain access.

D.  

An insider threat with username logged in to the account.

Discussion 0
Questions 248

A security architect is designing a remote access solution for a business partner. The business partner needs to access one Linux server at the company. The business partner wants to avid managing a password for authentication and additional software installation. Which of the following should the architect recommend?

Options:

A.  

Soft token

B.  

Smart card

C.  

CSR

D.  

SSH key

Discussion 0
Questions 249

A company wants to deploy PKI on its internet-facing website The applications that are currently deployed are

• www company.com (mam website)

• contact us company com (for locating a nearby location)

• quotes company.com (for requesting a price quote)

The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store company com Which of the following certificate types would best meet the requirements?

Options:

A.  

SAN

B.  

Wildcard

C.  

Extended validation

D.  

Self-signed

Discussion 0
Questions 250

A systems administrator is required to enforce MFA for corporate email account access, relying on the possession factor. Which of the following authentication methods should the systems administrator choose? (Select two).

Options:

A.  

passphrase

B.  

Time-based one-time password

C.  

Facial recognition

D.  

Retina scan

E.  

Hardware token

F.  

Fingerprints

Discussion 0
Questions 251

An analyst is working on an email security incident in which the target opened an attachment containing a worm. The analyst wants to Implement mitigation techniques to prevent further spread. Which of the following is the best course of action for the analyst to take?

Options:

A.  

Apply a DLP solution.

B.  

Implement network segmentation.

C.  

Utilize email content filtering.

D.  

Isolate the infected attachment.

Discussion 0
Questions 252

A report delivered to the Chief Information Security Officer (CISO) shows that some user credentials could be exfiltrated. The report also indicates that users tend to choose the same credentials on different systems and applications. Which of the following policies should the CISO use to prevent someone from using the exfiltrated credentials?

Options:

A.  

MFA

B.  

Lockout

C.  

Time-based logins

D.  

Password history

Discussion 0
Questions 253

A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly Which of the following technologies should the IT manager use when implementing MFA?

Options:

A.  

One-time passwords

B.  

Email tokens

C.  

Push notifications

D.  

Hardware authentication

Discussion 0
Questions 254

A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption.

Which of the following best describes this step?

Options:

A.  

Capacity planning

B.  

Redundancy

C.  

Geographic dispersion

D.  

Tabletop exercise

Discussion 0
Questions 255

An organization is building a new headquarters and has placed fake cameras around the building in an attempt to discourage potential intruders. Which of the following kinds of controls describes this security method?

Options:

A.  

Detective

B.  

Deterrent

C.  

Directive

D.  

Corrective

Discussion 0
Questions 256

A web server has been compromised due to a ransomware attack. Further Investigation reveals the ransomware has been in the server for the past 72 hours. The systems administrator needs to get the services back up as soon as possible. Which of the following should the administrator use to restore services to a secure state?

Options:

A.  

The last incremental backup that was conducted 72 hours ago

B.  

The last known-good configuration stored by the operating system

C.  

The last full backup that was conducted seven days ago

D.  

The baseline OS configuration

Discussion 0
Questions 257

A security analyst has been tasked with ensuring all programs that are deployed into the enterprise have been assessed in a runtime environment Any critical issues found in the program must be sent back to the developer for verification and remediation. Which of the following lost describes the type of assessment taking place?

Options:

A.  

Input validation

B.  

Dynamic code analysis

C.  

Fuzzing

D.  

Manual code review

Discussion 0
Questions 258

The Chief Information Security Officer (CISO) of a bank recently updated the incident response policy. The CISO is concerned that members of the incident response team do not understand their roles. The bank wants to test the policy but with the least amount of resources or impact. Which of the following BEST meets the requirements?

Options:

A.  

Warm-site failover

B.  

Tabletop walk-through

C.  

Parallel path testing

D.  

Full outage simulation

Discussion 0
Questions 259

A security engineer is implementing FDE for all laptops in an organization. Which of the following are the most important for the engineer to consider as part of the planning process? (Select two).

Options:

A.  

Key escrow

B.  

TPM presence

C.  

Digital signatures

D.  

Data tokenization

E.  

Public key management

F.  

Certificate authority linking

Discussion 0
Questions 260

A user's login credentials were recently compromised During the investigation, the security analyst determined the user input credentials into a pop-up window when prompted to confirm the username and password However the trusted website does not use a pop-up for entering user colonials Which of the following attacks occurred?

Options:

A.  

Cross-site scripting

B.  

SOL injection

C.  

DNS poisoning

D.  

Certificate forgery

Discussion 0
Questions 261

A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?

Options:

A.  

Accept

B.  

Transfer

C.  

Mitigate

D.  

Avoid

Discussion 0
Questions 262

A security administrator is performing an audit on a stand-alone UNIX server, and the following message is immediately displayed:

(Error 13) : /etc/shadow: Permission denied.

Which of the following best describes the type of tool that is being used?

Options:

A.  

Pass-the-hash monitor

B.  

File integrity monitor

C.  

Forensic analysis

D.  

Password cracker

Discussion 0
Questions 263

Which of the following is used to quantitatively measure the criticality of a vulnerability?

Options:

A.  

CVE

B.  

CVSS

C.  

CIA

D.  

CERT

Discussion 0
Questions 264

A company is designing the layout of a new data center so it will have an optimal environmental temperature Which of the following must be included? (Select two).

Options:

A.  

An air gap

B.  

A cold aisle

C.  

Removable doors

D.  

A hot aisle

E.  

An loT thermostat

F.  

A humidity monitor

Discussion 0
Questions 265

When implementing automation with loT devices, which of the following should be considered first to keep the network secure?

Options:

A.  

Z-Wave compatibility

B.  

Network range

C.  

Zigbee configuration

D.  

Communication protocols

Discussion 0
Questions 266

Which of the following would be best suited for constantly changing environments?

Options:

A.  

RTOS

B.  

Containers

C.  

Embedded systems

D.  

SCADA

Discussion 0
Questions 267

Employees in the research and development business unit receive extensive training 10 ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day-to-day work activities?

Options:

A.  

Encrypted

B.  

Intellectual property

C.  

Critical

D.  

Data in transit

Discussion 0
Questions 268

A security analyst has been reading about a newly discovered cyberattack from a known threat actor Which of the following would best support the analyst's review of the tactics, techniques, and protocols the throat actor was observed using in previous campaigns?

Options:

A.  

Security research publications

B.  

The MITRE ATT4CK framework

C.  

The Diamond Model of Intrusion Analysis

D.  

The Cyber Kill Cham

Discussion 0
Questions 269

An organization is having difficulty correlating events from its individual AV. EDR. DLP. SWG. WAF, MDM. HIPS, and CASB systems. Which of the following is the best way to improve the situation?

Options:

A.  

Remove expensive systems that generate few alerts.

B.  

Modify the systems to alert only on critical issues.

C.  

Utilize a SIEM to centralize logs and dashboards.

D.  

Implement a new syslog/NetFlow appliance.

Discussion 0
Questions 270

A large industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the company's security manager notices the generator's IP is sending packets to an internal file server's IP. Which of the following mitigations would be best for the security manager to implement while maintaining alerting capabilities?

Options:

A.  

Segmentation

B.  

Firewall allow list

C.  

Containment

D.  

Isolation

Discussion 0
Questions 271

Which of the following is a hardware-specific vulnerability?

Options:

A.  

Firmware version

B.  

Buffer overflow

C.  

SQL injection

D.  

Cross-site scripting

Discussion 0
Questions 272

A help desk technician receives a phone call from someone claiming to be a part of the organization's cybersecurity incident response team. The caller asks the technician to verify the network's internal firewall IP address. Which of the following is the technician's best course of action?

Options:

A.  

Direct the caller to stop by the help desk in person and hang up declining any further requests from the caller.

B.  

Ask for the caller's name, verify the person's identity in the email directory, and provide the requested information over the phone.

C.  

Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization's cybersecurity officer.

D.  

Request the caller send an email for identity verification and provide the requested information via email to the caller.

Discussion 0
Questions 273

A wet-known organization has been experiencing attacks from APTs. The organization is concerned that custom malware is being created and emailed into the company or installed on USB stocks that are dropped in parking lots. Which of the following is the best defense against this scenario?

Options:

A.  

Configuring signature-based antivirus to update every 30 minutes

B.  

Enforcing S/MIME for email and automatically encrypting USB drives upon assertion

C.  

Implementing application execution in a sandbox for unknown software

D.  

Fuzzing new files for vulnerabilities if they are not digitally signed

Discussion 0
Questions 274

A security analyst was asked to evaluate a potential attack that occurred on a publicly accessible section of the company's website. The malicious actor posted an entry in an attempt to trick users into clicking the following:

Which of the following was most likely observed?

Options:

A.  

DLL injection

B.  

Session replay

C.  

SQLi

D.  

xss

Discussion 0
Questions 275

An organization is concerned about intellectual property theft by employees who leave the organization Which of the following should the organization most likely implement?

Options:

A.  

CBT

B.  

NDA

C.  

MOU

D.  

AUP

Discussion 0
Questions 276

An internet company has created a new collaboration application. To expand the user base, the company wants to implement an option that allows users to log in to the application with the

credentials of her popular websites. Which of the following should the company implement?

Options:

A.  

SSO

B.  

CHAP

C.  

802.1X

D.  

OpenlD

Discussion 0
Questions 277

During a recent penetration test, a tester plugged a laptop into an Ethernet port in an unoccupied conference room and obtained a valid IP address. Which of the following would have best prevented this avenue of attack?

Options:

A.  

Enabling MAC address filtering

B.  

Moving printers inside a firewall

C.  

Implementing 802.IX

D.  

Using network port security

Discussion 0
Questions 278

A company wants to reconfigure an existing wireless infrastructure. The company needs to ensure the projected WAP placement will provide proper signal strength to all workstations. Which of the following should the company use to best fulfill the requirements?

Options:

A.  

Network diagram

B.  

WPS

C.  

802.1X

D.  

Heat map

Discussion 0
Questions 279

Which of the following requirements apply to a CYOD policy? (Select two).

Options:

A.  

The company should support only one model of phone.

B.  

The user can request to customize the device.

C.  

The company retains ownership of the phone.

D.  

The end users can supply their own personal devices.

E.  

Personal applications cannot be loaded on the phone.

F.  

Employee-owned devices must run antivirus.

Discussion 0
Questions 280

Which of the following security controls is used to isolate a section of the network and its externally available resources from the internal corporate network in order to reduce the number of possible attacks?

Options:

A.  

Faraday cages

B.  

Air gap

C.  

Vaulting

D.  

Proximity readers

Discussion 0
Questions 281

Which of the following is the most common data loss path for an air-gapped network?

Options:

A.  

Bastion host

B.  

Unsecured Bluetooth

C.  

Unpatched OS

D.  

Removable devices

Discussion 0
Questions 282

Which of the following is best to use when determining the severity of a vulnerability?

Options:

A.  

CVE

B.  

OSINT

C.  

SOAR

D.  

CVSS

Discussion 0
Questions 283

All security analysts' workstations at a company have network access to a critical server VLAN. The information security manager wants to further enhance the controls by requiring that all access to the secure VLAN be authorized only from a given single location. Which of the following will the information security manager most likely implement?

Options:

A.  

A forward proxy server

B.  

A jump server

C.  

A reverse proxy server

D.  

A stateful firewall server

Discussion 0
Questions 284

Historically, a company has had issues with users plugging in personally owned removable media devices into corporate computers. As a result, the threat of malware incidents is almost

constant. Which of the following would best help prevent the malware from being installed on the computers?

Options:

A.  

AUP

B.  

NGFW

C.  

DLP

D.  

EDR

Discussion 0
Questions 285

Which of the following examples would be best mitigated by input sanitization?

Options:

A.  

B.  

nmap -p- 10.11.1.130

C.  

Email message: "Click this link to get your free gift card."

D.  

Browser message: "Your connection is not private

Discussion 0
Questions 286

Which of the following is an algorithm performed to verify that data has not been modified?

Options:

A.  

Hash

B.  

Code check

C.  

Encryption

D.  

Checksum

Discussion 0
Questions 287

Which of the following is the BEST action to foster a consistent and auditable incident response process?

Options:

A.  

Incent new hires to constantly update the document with external knowledge.

B.  

Publish the document in a central repository that is easily accessible to the organization.

C.  

Restrict eligibility to comment on the process to subject matter experts of each IT silo.

D.  

Rotate CIRT members to foster a shared responsibility model in the organization

Discussion 0
Questions 288

A external forensics investigator has been hired to investigate a data breach at a large enterprise with numerous assets. It is known that the breach started in the perimeter network and moved to the sensitive information, generating multiple logs as the attacker traversed through the network. Which of the following will best assist with this investigation?

Options:

A.  

Perform a vulnerability scan to identify the weak spots.

B.  

Use a packet analyzer to investigate the NetFlow traffic.

C.  

Check the SIEM to review the correlated logs.

D.  

Require access to the routers to view current sessions

Discussion 0
Questions 289

An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10 50 10.25

Which of the following firewall ACLs will accomplish this goal?

Options:

A.  

Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port S3

Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port S3

B.  

Access list outbound permit 0.0.0.0/0 10.50.10.2S/32 port S3

Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

C.  

Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53

Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53

D.  

Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port S3

Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port S3

Discussion 0
Questions 290

A security analyst discovers that a large number of employee credentials had been stolen and were being sold on the dark web. The analyst investigates and discovers that some hourly employee credentials were compromised, but salaried employee credentials were not affected.

Most employees clocked in and out while they were inside the building using one of the kiosks connected to the network. However, some clocked out and recorded their time after leaving to go home. Only those who clocked in and out while inside the building had credentials stolen. Each of the kiosks are on different floors, and there are multiple routers, since the business segments environments for certain business functions.

Hourly employees are required to use a website called acmetimekeeping.com to clock in and out. This website is accessible from the internet. Which of the following is the most likely reason for this compromise?

Options:

A.  

A brute-force attack was used against the time-keeping website to scan for common passwords.

B.  

A malicious actor compromised the time-keeping website with malicious code using an unpatched vulnerability on the site, stealing the credentials.

C.  

The internal DNS servers were poisoned and were redirecting acmetimekeeping.com to a malicious domain that intercepted the credentials and then passed them through to the real site.

D.  

ARP poisoning affected the machines in the building and caused the kiosks to send a copy of all the submitted credentials to a malicious machine.

Discussion 0
Questions 291

An analyst is concerned about data leaks and wants to restrict access to internet services to authorized users only. The analyst also wants to control the actions each user can perform on each service. Which of the following would be the best technology for the analyst to consider implementing?

Options:

A.  

DLP

B.  

VPC

C.  

CASB

D.  

Content filtering

Discussion 0
Questions 292

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO's report?

Options:

A.  

Insider threat

B.  

Hacktivist

C.  

Nation-state

D.  

Organized crime

Discussion 0
Questions 293

An analyst is trying to identify insecure services that are running on the internal network. After performing a port scan, the analyst identifies that a server has some insecure services enabled on default ports. Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them? (Select THREE).

Options:

A.  

SFTP, FTPS

B.  

SNMPv2, SNMPv3

C.  

HTTP, HTTPS

D.  

TFTP, FTP

E.  

SNMPW1, SNMPv2

F.  

Telnet, SSH

G.  

TLS, SSL

Discussion 0
Questions 294

A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system Which of the following would detect this behavior?

Options:

A.  

Implementing encryption

B.  

Monitoring outbound traffic

C.  

Using default settings

D.  

Closing all open ports

Discussion 0
Questions 295

An incident response technician collected a mobile device during an investigation. Which of the following should the technician do to maintain chain of custody?

Options:

A.  

Document the collection and require a sign-off when possession changes.

B.  

Lock the device in a safe or other secure location to prevent theft or alteration.

C.  

Place the device in a Faraday cage to prevent corruption of the data.

D.  

Record the collection in a block chain-protected public ledger.

Discussion 0
Questions 296

A host was infected with malware. During the incident response. Joe, a user, reported that he did not receive any emails with links, but he had been browsing the internet all day. Which of the following would most likely show where the malware originated?

Options:

A.  

The DNS logs

B.  

The web server logs

C.  

The SIP traffic logs

D.  

The SNMP logs

Discussion 0
Questions 297

Which of the following is the correct order of volatility from most to least volatile?

Options:

A.  

Memory, temporary filesystems. routing tables, disk, network storage

B.  

Cache, memory, temporary filesystems. disk, archival media

C.  

Memory, disk, temporary filesystems. cache, archival media

D.  

Cache, disk, temporary filesystems. network storage, archival media

Discussion 0
Questions 298

Local guidelines require that all information systems meet a minimum security baseline to be compliant Which of the following can security administrators use to assess their system configurations against the baseline?

Options:

A.  

SOAR playbook

B.  

Security control matrix

C.  

Risk management framework

D.  

Benchmarks

Discussion 0
Questions 299

During an incident, an EDR system detects an increase in the number of encrypted outbound connections from multiple hosts. A firewall is also reporting an increase in outbound connections that use random high ports. An

analyst plans to review the correlated logs to find the source of the incident. Which of the following tools will best assist the analyst?

Options:

A.  

A vulnerability scanner

B.  

A NGFW

C.  

The Windows Event Viewer

D.  

A SIEM

Discussion 0
Questions 300

The most recent vulnerability scan flagged the domain controller with a critical vulnerability. The systems administrator researched the vulnerability and discovered the domain controller

does not run the associated application with the vulnerability. Which of the following steps should the administrator take next?

Options:

A.  

Ensure the scan engine is configured correctly.

B.  

Apply a patch to the domain controller.

C.  

Research the CVE.

D.  

Document this as a false positive.

Discussion 0
Questions 301

Adding a value to the end of a password to create a different password hash is called:

Options:

A.  

salting.

B.  

key stretching.

C.  

steganography.

D.  

MD5 checksum.

Discussion 0
Questions 302

A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?

Options:

A.  

A worm is propagating across the network.

B.  

Data is being exfiltrated.

C.  

A logic bomb is deleting data.

D.  

Ransomware is encrypting files.

Discussion 0
Questions 303

An administrator reviewed the log files after a recent ransomware attack on a company's system and discovered vulnerabilities that resulted in the loss of a database server. The administrator applied a patch to the server to resolve the CVE score. Which of the following controls did the administrator use?

Options:

A.  

Corrective

B.  

Deterrent

C.  

Compensating

D.  

Directive

Discussion 0
Questions 304

A security engineer needs to recommend a solution to defend against malicious actors misusing protocols and being allowed through network defenses. Which of the following will the engineer most likely recommended?

Options:

A.  

A content filter

B.  

AWAF

C.  

A next-generation firewall

D.  

An IDS

Discussion 0
Questions 305

Which of the following would be most effective to contain a rapidly spreading attack that is affecting a large number of organizations?

Options:

A.  

Machine learning

B.  

DNS sinkhole

C.  

Blocklist

D.  

Honey pot

Discussion 0
Questions 306

Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

Options:

A.  

Disaster recovery plan

B.  

Incident response procedure

C.  

Business continuity plan

D.  

Change management procedure

Discussion 0
Questions 307

A Chief Security Officer (CSO) is concerned that cloud-based services are not adequately protected from advanced threats and malware. The CSO believes there is a high risk that a data breach could occur in the near future due to the lack of detective and preventive controls Which of the following should be implemented to best address the CSO's concerns? (Select two).

Options:

A.  

AWAF

B.  

A CASB

C.  

An NG-SWG

D.  

Segmentation

E.  

Encryption

F.  

Containenzation

Discussion 0
Questions 308

A hosting provider needs to prove that its security controls have been in place over the last six months and have sufficiently protected customer data. Which of the following would provide the best proof that the hosting provider has met the requirements?

Options:

A.  

NIST CSF

B.  

SOC 2 Type 2 report

C.  

CIS Top 20 compliance reports

D.  

Vulnerability report

Discussion 0
Questions 309

A manufacturing organization wants to control and monitor access from the internal business network to the segregated production network, while ensuring minimal exposure of the production network to devices. Which of the following solutions would best accomplish this goal?

Options:

A.  

Proxy server

B.  

NGFW

C.  

WAF

D.  

Jump server

Discussion 0
Questions 310

Several users have opened tickets with the help desk. The help desk has reassigned the tickets to a security analyst for further review. The security analyst reviews the following metrics:

Which of the following is most likely the result of the security analyst's review?

Options:

A.  

The ISP is dropping outbound connections.

B.  

The user of the Sales-PC fell for a phishing attack.

C.  

Corporate PCs have been turned into a botnet.

D.  

An on-path attack is taking place between PCs and the router.

Discussion 0
Questions 311

A company is planning a disaster recovery site and needs to ensure that a single natural disaster would not result in the complete loss of regulated backup data. Which of the following should the company consider?

Options:

A.  

Geographic dispersion

B.  

Platform diversity

C.  

Hot site

D.  

Load balancing

Discussion 0
Questions 312

An incident analyst finds several image files on a hard disk. The image files may contain geolocation coordinates. Which of the following best describes the type of information the analyst is trying to extract from the image files?

Options:

A.  

Log data

B.  

Metadata

C.  

Encrypted data

D.  

Sensitive data

Discussion 0
Questions 313

A software company adopted the following processes before releasing software to production

• Peer review

• Static code scanning

• Signing

A considerable number of vulnerabilities are still being detected when code is executed on production Which of the following security tools can improve vulnerability detection on this environment?

Options:

A.  

File integrity monitoring for the source code

B.  

Dynamic code analysis tool

C.  

Encrypted code repository

D.  

Endpoint detection and response solution

Discussion 0
Questions 314

Security analysts are conducting an investigation of an attack that occurred inside the organization's network. An attacker was able to coiled network traffic between workstations throughout the network The analysts review the following logs:

The Layer 2 address table has hundreds of entries similar to the ones above Which of the following attacks has most likely occurred?

Options:

A.  

SQL injection

B.  

DNS spoofing

C.  

MAC flooding

D.  

ARP poisoning

Discussion 0
Questions 315

An employee finds a USB flash drive labeled "Salary Info" in an office parking lot. The employee picks up the USB flash drive, goes into the office, and plugs it into a laptop. Later, a technician inspects the laptop and realizes it has been compromised by malware. Which of the following types of social engineering attacks has occurred?

Options:

A.  

Smishing

B.  

Baiting

C.  

Tailgating

D.  

Pretexting

Discussion 0
Questions 316

A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task?

Options:

A.  

Off-the-shelf software

B.  

Orchestration

C.  

Baseline

D.  

Policy enforcement

Discussion 0
Questions 317

An organization is building backup server rooms in geographically diverse locations. The Chief Information Secure implemented a requirement on the project that states the new hardware cannot be susceptible to the same vulned existing server room. Which of the following should the systems engineer consider?

Options:

A.  

Purchasing hardware from different vendors

B.  

Migrating workloads to public cloud infrastructure

C.  

Implementing a robust patch management solution

D.  

Designing new detective security controls

Discussion 0
Questions 318

Developers are writing code and merging it into shared repositories several times a day. where it is tested automatically. Which of the following concepts does this best represent?

Options:

A.  

Functional testing

B.  

Stored procedures

C.  

Elasticity

D.  

Continuous Integration

Discussion 0