March Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

CompTIA Security+ Exam 2021 Question and Answers

CompTIA Security+ Exam 2021

Last Update Mar 29, 2024
Total Questions : 607

We are offering FREE SY0-601 CompTIA exam questions. All you do is to just go and sign up. Give your details, prepare SY0-601 free exam questions and then go for complete pool of CompTIA Security+ Exam 2021 test questions that will help you more.

SY0-601 pdf

SY0-601 PDF

$35  $99.99
SY0-601 Engine

SY0-601 Testing Engine

$42  $119.99
SY0-601 PDF + Engine

SY0-601 PDF + Testing Engine

$56  $159.99
Questions 1

An organization is outlining data stewardship roles and responsibilities. Which of the following employee roles would determine the purpose of data and how to process it?

Options:

A.  

Data custodian

B.  

Data controller

C.  

Data protection officer

D.  

Data processor

Discussion 0
Questions 2

An organization is building a new headquarters and has placed fake cameras around the building in an attempt to discourage potential intruders. Which of the following kinds of controls describes this security method?

Options:

A.  

Detective

B.  

Deterrent

C.  

Directive

D.  

Corrective

Discussion 0
Questions 3

An organization relies on third-party videoconferencing to conduct daily business. Recent security changes now require all remote workers to utilize a VPN to corporate resources Which of the following would best maintain high-quality videoconferencing while minimizing latency when connected to the VPN?

Options:

A.  

Using geographic diversity lo have VPN terminators closer to end users

B.  

Utilizing split tunneling so only traffic for corporate resources is encrypted

C.  

Purchasing higher bandwidth connections to meet the increased demand

D.  

Configuring OoS properly on the VPN accelerators

Discussion 0
Questions 4

A company is auditing the manner in which its European customers’ personal information is handled. Which of the following should the company consult?

Options:

A.  

GDPR

B.  

ISO

C.  

NIST

D.  

PCI DSS

Discussion 0
Questions 5

A security architect at a large, multinational organization is concerned about the complexities and overhead of managing multiple encryption keys securely in a multicioud provider

environment. The security architect is looking for a solution with reduced latency to allow the incorporation of the organization's existing keys and to maintain consistent, centralized control

and management regardless of the data location. Which of the following would best meet the architect's objectives?

Options:

A.  

Trusted Platform Module

B.  

laaS

C.  

HSMaas

D.  

PaaS

Discussion 0
Questions 6

A company recently experienced a significant data loss when proprietary information was leaked to a competitor. The company took special precautions by using proper labels; however, email filter logs do not have any record of the incident. An investigation confirmed the corporate network was not breached, but documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage. Which of the following is the best mitigation strategy to prevent this from happening in the future?

Options:

A.  

User training

B.  

CAsB

C.  

MDM

D.  

EDR

Discussion 0
Questions 7

During a recent penetration test, a tester plugged a laptop into an Ethernet port in an unoccupied conference room and obtained a valid IP address. Which of the following would have best prevented this avenue of attack?

Options:

A.  

Enabling MAC address filtering

B.  

Moving printers inside a firewall

C.  

Implementing 802.IX

D.  

Using network port security

Discussion 0
Questions 8

An incident response technician collected a mobile device during an investigation. Which of the following should the technician do to maintain chain of custody?

Options:

A.  

Document the collection and require a sign-off when possession changes.

B.  

Lock the device in a safe or other secure location to prevent theft or alteration.

C.  

Place the device in a Faraday cage to prevent corruption of the data.

D.  

Record the collection in a block chain-protected public ledger.

Discussion 0
Questions 9

Employees in the research and development business unit receive extensive training 10 ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day-to-day work activities?

Options:

A.  

Encrypted

B.  

Intellectual property

C.  

Critical

D.  

Data in transit

Discussion 0
Questions 10

During an incident, an EDR system detects an increase in the number of encrypted outbound connections from multiple hosts. A firewall is also reporting an increase in outbound connections that use random high ports. An

analyst plans to review the correlated logs to find the source of the incident. Which of the following tools will best assist the analyst?

Options:

A.  

A vulnerability scanner

B.  

A NGFW

C.  

The Windows Event Viewer

D.  

A SIEM

Discussion 0
Questions 11

Which of the following is a reason why a forensic specialist would create a plan to preserve data after an incident and prioritize the sequence for performing forensic analysis?

Options:

A.  

Order of volatility

B.  

Preservation of event logs

C.  

Chain of custody

D.  

Compliance with legal hold

Discussion 0
Questions 12

Which of the following holds staff accountable while escorting unauthorized personnel?

Options:

A.  

Locks

B.  

Badges

C.  

Cameras

D.  

Visitor logs

Discussion 0
Questions 13

Which of the following security controls s sed to isolate a section of the network and its externally available resources from the internal corporate network in order to reduce the number of

possible attacks?

Options:

A.  

Faraday cages

B.  

Air gap

C.  

Vaulting

D.  

Proximity readers

Discussion 0
Questions 14

Historically, a company has had issues with users plugging in personally owned removable media devices into corporate computers. As a result, the threat of malware incidents is almost

constant. Which of the following would best help prevent the malware from being installed on the computers?

Options:

A.  

AUP

B.  

NGFW

C.  

DLP

D.  

EDR

Discussion 0
Questions 15

An attacker is trying to gain access by installing malware on a website that is known to be visited by the target victims. Which of the following is the attacker most likely attempting?

Options:

A.  

A spear-phishing attach

B.  

A watering-hole attack

C.  

Typo squatting

D.  

A phishing attack

Discussion 0
Questions 16

Which of the following exercises should an organization use to improve its incident response process?

Options:

A.  

Tabletop

B.  

Replication

C.  

Failover

D.  

Recovery

Discussion 0
Questions 17

A secondly administration is trying to determine whether a server is vulnerable to a range of attacks After using a tool, the administrator obtains the following output.

Which of the following attacks was successfully implemented based on the output?

Options:

A.  

Memory leak

B.  

Race condition

C.  

SQL injection

D.  

Directory traversal

Discussion 0
Questions 18

A systems administrator set up an automated process that checks for vulnerabilities across the entire environment every morning. Which of the following activities is the systems administrator conducting?

Options:

A.  

Scanning

B.  

Alerting

C.  

Reporting

D.  

Archiving

Discussion 0
Questions 19

An organization has expanded its operations by opening a remote office. The new office is fully furnished with office resources to support up to 50 employees working on any given day. Which of the following VPN solutions would best support the new office?

Options:

A.  

Always-on

B.  

Remote access

C.  

Site-to-site

D.  

Full tunnel

Discussion 0
Questions 20

A security analyst is currently addressing an active cyber incident. The analyst has been able to identify affected devices that are running a malicious application with a unique hash. Which of the following is the next step according to the incident response process?

Options:

A.  

Recovery

B.  

Lessons learned

C.  

Containment

D.  

Preparation

Discussion 0
Questions 21

A government organization is developing an advanced Al defense system. Develop-ers are using information collected from third-party providers Analysts are no-ticing inconsistencies in the expected powers Of then learning and attribute the Outcome to a recent attack on one of the suppliers. Which of the following IS the most likely reason for the inaccuracy of the system?

Options:

A.  

Improper algorithms security

B.  

Tainted training data

C.  

virus

D.  

Cryptomalware

Discussion 0
Questions 22

Which of the following describes the ability of code to target a hypervisor from inside a guest OS?

Options:

A.  

Fog computing

B.  

VM escape

C.  

Software-defined networking

D.  

Image forgery

E.  

Container breakout

Discussion 0
Questions 23

The IT department's on-site developer has been with the team for many years. Each lime an application is released; the security team is able to identify multiple vulnerabilities Which of the Mowing would best help the team ensure the application is ready to be released to production?

Options:

A.  

Limit the use of third-party libraries.

B.  

Prevent data exposure queries.

C.  

Obfuscate the source code

D.  

Submit the application to OA before releasing it.

Discussion 0
Questions 24

A company recently suffered a breach in which an attacker was able to access the internal mail servers and directly access several user inboxes. A large number of email messages were later posted online. Which of the following would bast prevent email contents from being released should another breach occur?

Options:

A.  

Implement S/MIME to encrypt the emails at rest.

B.  

Enable full disk encryption on the mail servers.

C.  

Use digital certificates when accessing email via the web.

D.  

Configure web traffic to only use TLS-enabled channels.

Discussion 0
Questions 25

A host was infected with malware. During the incident response. Joe, a user, reported that he did not receive any emails with links, but he had been browsing the internet all day. Which of the following would most likely show where the malware originated?

Options:

A.  

The DNS logs

B.  

The web server logs

C.  

The SIP traffic logs

D.  

The SNMP logs

Discussion 0
Questions 26

A company's legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?

Options:

A.  

Data masking

B.  

Encryption

C.  

Geolocation policy

D.  

Data sovereignty regulation

Discussion 0
Questions 27

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO's report?

Options:

A.  

Insider threat

B.  

Hacktivist

C.  

Nation-state

D.  

Organized crime

Discussion 0
Questions 28

Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

Options:

A.  

Compensating control

B.  

Network segmentation

C.  

Transfer of risk

D.  

SNMP traps

Discussion 0
Questions 29

A building manager is concerned about people going in and out of the office during non-working hours. Which of the following physical security controls would provide the best solution?

Options:

A.  

Cameras

B.  

Badges

C.  

Locks

D.  

Bollards

Discussion 0
Questions 30

Local guidelines require that all information systems meet a minimum security baseline to be compliant Which of the following can security administrators use to assess their system configurations against the baseline?

Options:

A.  

SOAR playbook

B.  

Security control matrix

C.  

Risk management framework

D.  

Benchmarks

Discussion 0
Questions 31

Which of the following teams combines both offensive and defensive testing techniques to protect an organization's critical systems?

Options:

A.  

Red

B.  

Blue

C.  

Purple

D.  

Yellow

Discussion 0
Questions 32

In which of the following scenarios is tokenization the best privacy technique to use?

Options:

A.  

Providing pseudo-anonymization for social media user accounts

B.  

Serving as a second factor for authentication requests

C.  

Enabling established customers to safely store credit card information

D.  

Masking personal information inside databases by segmenting data

Discussion 0
Questions 33

A help desk technician receives a phone call from someone claiming to be a part of the organization's cybersecurity incident response team. The caller asks the technician to verify the network's internal firewall IP address. Which of the following is the technician's best course of action?

Options:

A.  

Direct the caller to stop by the help desk in person and hang up declining any further requests from the caller.

B.  

Ask for the caller's name, verify the person's identity in the email directory, and provide the requested information over the phone.

C.  

Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization's cybersecurity officer.

D.  

Request the caller send an email for identity verification and provide the requested information via email to the caller.

Discussion 0
Questions 34

An analyst is concerned about data leaks and wants to restrict access to internet services to authorized users only. The analyst also wants to control the actions each user can perform on each service. Which of the following would be the best technology for the analyst to consider implementing?

Options:

A.  

DLP

B.  

VPC

C.  

CASB

D.  

Content filtering

Discussion 0
Questions 35

An organization's corporate offices were destroyed due to a natural disaster, so the organization is now setting up offices in a temporary work space. Which of the following will the organization most likely consult?

Options:

A.  

The business continuity plan

B.  

The risk management plan

C.  

The communication plan

D.  

The incident response plan

Discussion 0
Questions 36

A privileged user at a company stole several proprietary documents from a server. The user also went into the log files and deleted all records of the incident The systems administrator has just informed investigators that other log files are available for review Which of the following did the administrator most likely configure that will assist the investigators?

Options:

A.  

Memory dumps

B.  

The syslog server

C.  

The application logs

D.  

The log retention policy

Discussion 0
Questions 37

During a recent security assessment, a vulnerability was found in a common OS. The OS vendor was unaware of the issue and promised to release a patch within the next quarter. Which of the following best describes this type of vulnerability?

Options:

A.  

Legacy operating system

B.  

Weak configuration

C.  

Zero day

D.  

Supply chain

Discussion 0
Questions 38

The application development teams have been asked to answer the following questions:

  • Does this application receive patches from an external source?
  • Does this application contain open-source code?
  • Is this application accessible by external users?
  • Does this application meet the corporate password standard?

Which of the following are these questions part of?

Options:

A.  

Risk control self-assessment

B.  

Risk management strategy

C.  

Risk acceptance

D.  

Risk matrix

Discussion 0
Questions 39

An attack has occurred against a company.

INSTRUCTIONS

You have been tasked to do the following:

Identify the type of attack that is occurring on the network by clicking on the attacker’s tablet and reviewing the output. (Answer Area 1).

Identify which compensating controls should be implemented on the assets, in order to reduce the effectiveness of future attacks by dragging them to the correct server.

(Answer area 2) All objects will be used, but not all placeholders may be filled. Objects may only be used once.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Select and Place:

Options:

Discussion 0
Questions 40

A security engineer needs to recommend a solution to defend against malicious actors misusing protocols and being allowed through network defenses. Which of the following will the engineer most likely recommended?

Options:

A.  

A content filter

B.  

AWAF

C.  

A next-generation firewall

D.  

An IDS

Discussion 0
Questions 41

Server administrators want to configure a cloud solution so that computing memory and processor usage are maximized most efficiently across a number of virtual servers. They also need to avoid potential denial-of-service situations caused by availability. Which of the following should administrators configure to maximize system availability while efficiently utilizing available computing power?

Options:

A.  

Dynamic resource allocation

B.  

High availability

C.  

Segmentation

D.  

Container security

Discussion 0
Questions 42

A company needs to centralize its logs to create a baseline and have visibility on its security events Which of the following technologies will accomplish this objective?

Options:

A.  

Security information and event management

B.  

A web application firewall

C.  

A vulnerability scanner

D.  

A next-generation firewall

Discussion 0
Questions 43

A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area. Which of the following would most likely have prevented this breach?

Options:

A.  

A firewall

B.  

A device pin

C.  

A USB data blocker

D.  

Biometrics

Discussion 0
Questions 44

A company wants to build a new website to sell products online. The website wd I host a storefront application that allow visitors to add products to a shopping cart and pay for products using a credit card. which Of the following protocols •would be most secure to implement?

Options:

A.  

SSL

B.  

SFTP

C.  

SNMP

D.  

TLS

Discussion 0
Questions 45

A security engineer must deploy two wireless routers in an office suite Other tenants in the office building should not be able to connect to this wireless network Which of the following protocols should the engineer implement to ensure the strongest encryption?

Options:

A.  

WPS

B.  

WPA2

C.  

WAP

D.  

HTTPS

Discussion 0
Questions 46

A security analyst is looking for a solution to help communicate to the leadership team the seventy levels of the organization's vulnerabilities. Which of the following would best meet this need?

Options:

A.  

CVE

B.  

SIEM

C.  

SOAR

D.  

CVSS

Discussion 0
Questions 47

Which of the following describes the exploitation of an interactive process to gain access to restricted areas?

Options:

A.  

Persistence

B.  

Port scanning

C.  

Privilege escalation

D.  

Pharming

Discussion 0
Questions 48

A security analyst has been reading about a newly discovered cyberattack from a known threat actor Which of the following would best support the analyst's review of the tactics, techniques, and protocols the throat actor was observed using in previous campaigns?

Options:

A.  

Security research publications

B.  

The MITRE ATT4CK framework

C.  

The Diamond Model of Intrusion Analysis

D.  

The Cyber Kill Cham

Discussion 0
Questions 49

An organization is concerned that ils hosted web servers are not running the most updated version of the software. Which of the following would work best to help identify potential vulnerabilities?

Options:

A.  

hping3 -S compcia.org -p 80

B.  

nc -1 -v comptia.crg -p 80

C.  

nmap comptia.org -p 80 -sv

D.  

nslookup -port«80 comptia.org

Discussion 0
Questions 50

Which Of the following vulnerabilities is exploited an attacker Overwrite a reg-ister with a malicious address that changes the execution path?

Options:

A.  

VM escape

B.  

SQL injection

C.  

Buffer overflow

D.  

Race condition

Discussion 0
Questions 51

Which of the following scenarios best describes a risk reduction technique?

Options:

A.  

A security control objective cannot be met through a technical change, so the company purchases insurance and is no longer concerned about losses from data breaches

B.  

A security control objective cannot be met through a technical change, so the company implements a pokey to train users on a more secure method of operation

C.  

A security control objective cannot be met through a technical change, so the company performs regular audits to determine it violations have occurred

D.  

A security control objective cannot be met through a technical change, so the Chief Information Officer decides to sign off on the risk.

Discussion 0
Questions 52

A company wants to deploy decoy systems alongside production systems in order to entice threat actors and to learn more about attackers. Which of the follow r 3 best describes these systems?

Options:

A.  

DNS sinkholes

B.  

Honey pots

C.  

Virtual machines

D.  

Neural networks

Discussion 0
Questions 53

Which of the following agreements defines response time, escalation points, and performance metrics?

Options:

A.  

BPA

B.  

MOA

C.  

NDA

D.  

SLA

Discussion 0
Questions 54

A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system Which of the following would detect this behavior?

Options:

A.  

Implementing encryption

B.  

Monitoring outbound traffic

C.  

Using default settings

D.  

Closing all open ports

Discussion 0
Questions 55

A company's Chief Information Security Officer (CISO) recently warned the security manager that the company's Chief Executive Officer (CEO) is planning to publish a controversial opinion article in a national newspaper, which may result in new cyberattacks. Which of the following would be best for the security manager to use in a threat model?

Options:

A.  

Hacktivists

B.  

White-hat hackers

C.  

Script kiddies

D.  

Insider threats

Discussion 0
Questions 56

A security analyst is investigating what appears to be unauthorized access to a corporate web application. The security analyst reviews the web server logs and finds the following entries:

Which of the following password attacks is taking place?

Options:

A.  

Dictionary

B.  

Brute-force

C.  

Rainbow table

D.  

Spraying

Discussion 0
Questions 57

Which of the following is a primary security concern for a company setting up a BYOD program?

Options:

A.  

End of life

B.  

Buffer overflow

C.  

VM escape

D.  

Jailbreaking

Discussion 0
Questions 58

Which Of the following best ensures minimal downtime for organizations vÄh crit-ical computing equipment located in earthquake-prone areas?

Options:

A.  

Generators and UPS

B.  

Off-site replication

C.  

Additional warm site

D.  

Local

Discussion 0
Questions 59

A network manager is concerned that business may be negatively impacted if the firewall in its data center goes offline. The manager would like to implement a high availability pair to:

Options:

A.  

decrease the mean time between failures.

B.  

remove the single point of failure.

C.  

cut down the mean time to repair

D.  

reduce the recovery time objective

Discussion 0
Questions 60

You are security administrator investigating a potential infection on a network.

Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.

Options:

Discussion 0
Questions 61

Which Of the following is the best method for ensuring non-repudiation?

Options:

A.  

SSO

B.  

Digital certificate

C.  

Token

D.  

SSH key

Discussion 0
Questions 62

An information security officer at a credit card transaction company is conducting a framework-mapping exercise with the internal controls. The company recently established a new office in Europe. To which of the following frameworks should the security officer map the existing controls' (Select two).

Options:

A.  

ISO

B.  

PCI DSS

C.  

SOC

D.  

GDPR

E.  

CSA

F.  

NIST

Discussion 0
Questions 63

Recent changes to a company's BYOD policy require all personal mobile devices to use a two-factor authentication method that is not something you know or have. Which of the following will meet this requirement?

Options:

A.  

Facial recognition

B.  

Six-digit PIN

C.  

PKI certificate

D.  

Smart card

Discussion 0
Questions 64

Which of the following automation use cases would best enhance the security posture Of an organi-zation by rapidly updating permissions when employees leave a company Or change job roles inter-nally?

Options:

A.  

Provisioning resources

B.  

Disabling access

C.  

APIs

D.  

Escalating permission requests

Discussion 0
Questions 65

An organization routes all of its traffic through a VPN Most users are remote and connect into a corporate data center that houses confidential information There is a firewall at the internet border, followed by a DLP appliance, the VPN server and the data center itself Which of the following is the weakest design element?

Options:

A.  

The DLP appliance should be integrated into a NGFW.

B.  

Split-tunnel connections can negatively impact the DLP appliance's performance.

C.  

Encrypted VPN traffic will not be inspected when entering or leaving the network.

D.  

Adding two hops in the VPN tunnel may slow down remote connections

Discussion 0
Questions 66

Which of the following environments typically hosts the current version configurations and code, compares user-story responses and workflow, and uses a modified version of actual data for testing?

Options:

A.  

Development

B.  

Staging

C.  

Production

D.  

Test

Discussion 0
Questions 67

A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

Options:

A.  

Testing input validation on the user input fields

B.  

Performing code signing on company-developed software

C.  

Performing static code analysis on the software

D.  

Ensuring secure cookies are used

Discussion 0
Questions 68

A malicious actor recently penetrated a company's network and moved laterally to the data center Upon investigation a forensics firm wants to know what was in the memory on the compromised server Which of the following files should be given to the forensics firm?

Options:

A.  

Security

B.  

Application

C.  

Dump

D.  

Syslog

Discussion 0
Questions 69

Which of the following terms should be included in a contract to help a company monitor the ongo-ing security maturity Of a new vendor?

Options:

A.  

A right-to-audit clause allowing for annual security audits

B.  

Requirements for event logs to kept for a minimum of 30 days

C.  

Integration of threat intelligence in the companys AV

D.  

A data-breach clause requiring disclosure of significant data loss

Discussion 0
Questions 70

Two organizations are discussing a possible merger Both Organizations Chief Fi-nancial Officers would like to safely share payroll data with each Other to de-termine if the pay scales for different roles are similar at both organizations Which Of the following techniques would be best to protect employee data while allowing the companies to successfully share this information?

Options:

A.  

Pseudo-anonymization

B.  

Tokenization

C.  

Data masking

D.  

Encryption

Discussion 0
Questions 71

During an assessment, a systems administrator found several hosts running FTP and decided to immediately block FTP communications at the firewall. Which of the following describes the

greatest risk associated with using FTP?

Options:

A.  

Private data can be leaked

B.  

FTP is prohibited by internal policy.

C.  

Users can upload personal files

D.  

Credentials are sent in cleartext.

Discussion 0
Questions 72

A security team suspects that the cause of recent power consumption overloads is the unauthorized use of empty power outlets in the network rack. Which of the following options will mitigate this issue without compromising the number of outlets

available?

Options:

A.  

Adding a new UPS dedicated to the rack

B.  

Installing a managed PDU

C.  

Using only a dual power supplies unit

D.  

Increasing power generator capacity

Discussion 0
Questions 73

Which of the following best describes a tool used by an organization to identi-fy, log, and track any potential risks and corresponding risk information?

Options:

A.  

Quantitative risk assessment

B.  

Risk register

C.  

Risk control assessment

D.  

Risk matrix

Discussion 0
Questions 74

After installing a patch On a security appliance. an organization realized a massive data exfiltration occurred. Which Of the following describes the incident?

Options:

A.  

Supply chain attack

B.  

Ransomware attack

C.  

Cryptographic attack

D.  

Password attack

Discussion 0
Questions 75

A user is trying to upload a tax document, which the corporate finance department requested, but a security program IS prohibiting the upload A security analyst determines the file contains Pll, Which of

the following steps can the analyst take to correct this issue?

Options:

A.  

Create a URL filter with an exception for the destination website.

B.  

Add a firewall rule to the outbound proxy to allow file uploads

C.  

Issue a new device certificate to the user's workstation.

D.  

Modify the exception list on the DLP to allow the upload

Discussion 0
Questions 76

Which of the following should customers who are involved with Ul developer agreements be concerned with when considering the use of these products on highly sensitive projects?

Options:

A.  

Weak configurations

B.  

Integration activities

C.  

Unsecure user accounts

D.  

Outsourced code development

Discussion 0
Questions 77

A systems integrator is installing a new access control system for a building. The new system will need to connect to the Company's AD server In order to validate current employees. Which of the following should the systems integrator configure to be the most secure?

Options:

A.  

HTTPS

B.  

SSH

C.  

SFTP

D.  

LDAPS

Discussion 0
Questions 78

Which of the following can be used to calculate the total loss expected per year due to a threat targeting an asset?

Options:

A.  

EF x asset value

B.  

ALE / SLE

C.  

MTBF x impact

D.  

SLE x ARO

Discussion 0
Questions 79

A security administrator is managing administrative access to sensitive systems with the following requirements:

• Common login accounts must not be used for administrative duties.

• Administrative accounts must be temporal in nature.

• Each administrative account must be assigned to one specific user.

• Accounts must have complex passwords.

" Audit trails and logging must be enabled on all systems.

Which of the following solutions should the administrator deploy to meet these requirements? (Give Explanation and References from CompTIA Security+ SY0-601 Official Text Book and Resources)

Options:

A.  

ABAC

B.  

SAML

C.  

PAM

D.  

CASB

Discussion 0
Questions 80

A company recently added a DR site and is redesigning the network. Users at the DR site are having issues browsing websites.

INSTRUCTIONS

Click on each firewall to do the following:

1. Deny cleartext web traffic

2. Ensure secure management protocols are used.

3. Resolve issues at the DR site.

The ruleset order cannot be modified due to outside constraints.

Hat any time you would like to bring back the initial state of the simulation, please dick the Reset All button.

Options:

Discussion 0
Questions 81

An engineer wants to inspect traffic to a cluster of web servers in a cloud environment Which of the following solutions should the engineer implement? (Select two).

Options:

A.  

CASB

B.  

WAF

C.  

Load balancer

D.  

VPN

E.  

TLS

F.  

DAST

Discussion 0
Questions 82

A security analyst discovers that a company's username and password database were posted on an internet forum. The usernames and passwords are stored in plaintext. Which of the following would mitigate the damage done by this type of data exfiltration in the future?

Options:

A.  

Create DLP controls that prevent documents from leaving the network.

B.  

Implement salting and hashing.

C.  

Configure the web content filter to block access to the forum.

D.  

Increase password complexity requirements.

Discussion 0
Questions 83

Which of the following is most likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented?

Options:

A.  

An RTO report

B.  

A risk register

C.  

A business impact analysis

D.  

An asset value register

E.  

A disaster recovery plan

Discussion 0
Questions 84

Which of the following cloud models provides clients with servers, storage, and networks but nothing else?

Options:

A.  

SaaS

B.  

PaaS

C.  

laaS

D.  

DaaS

Discussion 0
Questions 85

A user enters a password to log in to a workstation and is then prompted to enter an authentication code Which of the following MFA factors or attributes are being utilized in the authentication process? {Select two).

Options:

A.  

Something you know

B.  

Something you have

C.  

Somewhere you are

D.  

Someone you know

E.  

Something you are

F.  

Something you can do

Discussion 0
Questions 86

A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly Which of the following technologies should the IT manager use when implementing MFA?

Options:

A.  

One-time passwords

B.  

Email tokens

C.  

Push notifications

D.  

Hardware authentication

Discussion 0
Questions 87

Which of the following would be the best resource for a software developer who is looking to improve secure coding practices for web applications?

Options:

A.  

OWASP

B.  

Vulnerability scan results

C.  

NIST CSF

D.  

Third-party libraries

Discussion 0
Questions 88

Which of the following threat actors is most likely to be motivated by ideology?

Options:

A.  

Business competitor

B.  

Hacktivist

C.  

Criminal syndicate

D.  

Script kiddie

E.  

Disgruntled employee

Discussion 0
Questions 89

Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).

Options:

A.  

Alarm

B.  

Signage

C.  

Lighting

D.  

Access control vestibules

E.  

Fencing

F.  

Sensors

Discussion 0
Questions 90

An audit report indicates multiple suspicious attempts to access company resources were made. These attempts were not detected by the company. Which of the following would be the best solution to implement on the company's network?

Options:

A.  

Intrusion prevention system

B.  

Proxy server

C.  

Jump server

D.  

Security zones

Discussion 0
Questions 91

Security analysts notice a server login from a user who has been on vacation for two weeks, The an-alysts confirm that the user did not log in to the system while on vacation After reviewing packet capture the analysts notice the following:

Which of the following occurred?

Options:

A.  

A buffer overflow was exploited to gain unauthorized access.

B.  

The user's account was con-promised, and an attacker changed the login credentials.

C.  

An attacker used a pass-the-hash attack to gain access.

D.  

An insider threat with username logged in to the account.

Discussion 0
Questions 92

An analyst is working on an email security incident in which the target opened an attachment containing a worm. The analyst wants to Implement mitigation techniques to prevent further spread. Which of the following is the best course of action for the analyst to take?

Options:

A.  

Apply a DLP solution.

B.  

Implement network segmentation.

C.  

Utilize email content filtering.

D.  

Isolate the infected attachment.

Discussion 0
Questions 93

A global company is experiencing unauthorized logging due to credential theft and account lockouts caused by brute-force attacks. The company is considering implementing a third-party identity provider to help mitigate these attacks. Which of the following would be the BEST control for the company to require from prospective vendors?

Options:

A.  

IP restrictions

B.  

Multifactor authentication

C.  

A banned password list

D.  

A complex password policy

Discussion 0
Questions 94

A company's help desk has received calls about the wireless network being down and users being unable to connect to it. The network administrator says all access pcints are up and running. One of the help desk technicians notices the affected users are working in a near the parking Jot Which Of the following IS the most likely reason for the outage?

Options:

A.  

Someone near the is jamming the signal.

B.  

A user has set up a rogue access point near building.

C.  

Someone set up an evil twin access Print in tie affected area.

D.  

The APS in the affected area have been from the network

Discussion 0
Questions 95

A user attempts to load a web-based application, but the expected login screen does not appear A help desk analyst troubleshoots the issue by running the following command and reviewing the output on the user's PC

The help desk analyst then runs the same command on the local PC

Which of the following BEST describes the attack that is being detected?

Options:

A.  

Domain hijacking

B DNS poisoning

C MAC flooding

B.  

Evil twin

Discussion 0
Questions 96

An employee, receives an email stating he won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm employee's identity before sending him the prize. Which of the following BEST describes this type of email?

Options:

A.  

Spear phishing

B.  

Whaling

C.  

Phishing

D.  

Vishing

Discussion 0
Questions 97

A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?

Options:

A.  

Default system configuration

B.  

Unsecure protocols

C.  

Lack of vendor support

D.  

Weak encryption

Discussion 0
Questions 98

A security analyst is investigating multiple hosts that are communicating to external IP addresses during the hours of 2:00 a.m - 4:00 am. The malware has evaded detection by traditional antivirus software. Which of the following types of malware is MOST likely infecting the hosts?

Options:

A.  

A RAT

B.  

Ransomware

C.  

Polymophic

D.  

A worm

Discussion 0
Questions 99

A desktop support technician recently installed a new document-scanning software program on a computer. However, when the end user tried to launch the program, it did not respond. Which of the following is MOST likely the cause?

Options:

A.  

A new firewall rule is needed to access the application.

B.  

The system was quarantined for missing software updates.

C.  

The software was not added to the application whitelist.

D.  

The system was isolated from the network due to infected software

Discussion 0
Questions 100

A security analyst has received several reports of an issue on an internal web application. Users state they are having to provide their credentials twice to log in. The analyst checks with the application team and notes this is not an expected behavior. After looking at several logs, the analyst decides to run some commands on the gateway and obtains the following output:

Which of the following BEST describes the attack the company is experiencing?

Options:

A.  

MAC flooding

B.  

URL redirection

C.  

ARP poisoning

D.  

DNS hijacking

Discussion 0
Questions 101

A security researcher is tracking an adversary by noting its attacks and techniques based on its capabilities, infrastructure, and victims. Which of the following is the researcher MOST likely using?

Options:

A.  

The Diamond Model of Intrusion Analysis

B.  

The Cyber Kill Chain

C.  

The MITRE CVE database

D.  

The incident response process

Discussion 0
Questions 102

A Chief Information Security Officer (CISO) is evaluating (he dangers involved in deploying a new ERP system tor the company. The CISO categorizes the system, selects the controls mat apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system Which of the following is the CISO using to evaluate Hie environment for this new ERP system?

Options:

A.  

The Diamond Model of Intrusion Analysis

B.  

CIS Critical Security Controls

C.  

NIST Risk Management Framevtoik

D.  

ISO 27002

Discussion 0
Questions 103

An employee's company account was used in a data breach Interviews with the employee revealed:

• The employee was able to avoid changing passwords by using a previous password again.

• The account was accessed from a hostile, foreign nation, but the employee has never traveled to any other countries.

Which of the following can be implemented to prevent these issues from reoccuring? (Select TWO)

Options:

A.  

Geographic dispersal

B.  

Password complexity

C.  

Password history

D.  

Geotagging

E.  

Password lockout

F.  

Geofencing

Discussion 0
Questions 104

A backdoor was detected on the containerized application environment. The investigation detected that a zero-day vulnerability was introduced when the latest container image version was downloaded from a public registry. Which of the following is the BEST solution to prevent this type of incident from occurring again?

Options:

A.  

Enforce the use of a controlled trusted source of container images

B.  

Deploy an IPS solution capable of detecting signatures of attacks targeting containers

C.  

Define a vulnerability scan to assess container images before being introduced on the environment

D.  

Create a dedicated VPC for the containerized environment

Discussion 0
Questions 105

A company uses a drone for precise perimeter and boundary monitoring. Which of the following should be MOST concerning to the company?

Options:

A.  

Privacy

B.  

Cloud storage of telemetry data

C.  

GPS spoofing

D.  

Weather events

Discussion 0
Questions 106

Which of the following would be BEST for a technician to review to determine the total risk an organization can bear when assessing a "cloud-first" adoption strategy?

Options:

A.  

Risk matrix

B.  

Risk tolerance

C.  

Risk register

D.  

Risk appetite

Discussion 0
Questions 107

During a Chief Information Security Officer (CISO) convention to discuss security awareness, the attendees are provided with a network connection to use as a resource. As the convention progresses, one of the attendees starts to notice delays in the connection, and the HIIPS site requests are reverting to HTTP Which of the following BEST describes what is happening?

Options:

A.  

Birthday collision on the certificate key

B.  

DNS hijacking to reroute traffic

C.  

Brute force to the access point

D.  

ASSLILS downgrade

Discussion 0
Questions 108

Which of the following environments utilizes dummy data and is MOST likely to be installed locally on a system that allows code to be assessed directly and modified easily with each build?

Options:

A.  

Production

B.  

Test

C.  

Staging

D.  

Development

Discussion 0
Questions 109

A cybersecurity administrator needs to allow mobile BYOD devices to access network resources. As the devices are not enrolled to the domain and do not have policies applied to them, which of the following are best practices for authentication and infrastructure security? (Select TWO).

Options:

A.  

Create a new network for the mobile devices and block the communication to the internal network and servers

B.  

Use a captive portal for user authentication.

C.  

Authenticate users using OAuth for more resiliency

D.  

Implement SSO and allow communication to the internal network

E.  

Use the existing network and allow communication to the internal network and servers.

F.  

Use a new and updated RADIUS server to maintain the best solution

Discussion 0
Questions 110

The following are the logs of a successful attack.

Which of the following controls would be BEST to use to prevent such a breach in the future?

Options:

A.  

Password history

B.  

Account expiration

C.  

Password complexity

D.  

Account lockout

Discussion 0
Questions 111

Which of the following describes a maintenance metric that measures the average time required to troubleshoot and restore failed equipment?

Options:

A.  

RTO

B.  

MTBF

C.  

MTTR

D.  

RPO

Discussion 0
Questions 112

Which of the following is a physical security control that ensures only the authorized user is present when gaining access to a secured area?

Options:

A.  

A biometric scanner

B.  

A smart card reader

C.  

APKItoken

D.  

A PIN pad

Discussion 0
Questions 113

A grocery store is expressing security and reliability concerns regarding the on-site backup strategy currently being performed by locally attached disks. The main concerns are the physical security of the backup media and the durability of the data stored on these devices Which of the following is a cost-effective approach to address these concerns?

Options:

A.  

Enhance resiliency by adding a hardware RAID.

B.  

Move data to a tape library and store the tapes off-site

C.  

Install a local network-attached storage.

D.  

Migrate to a cloud backup solution

Discussion 0
Questions 114

A business is looking for a cloud service provider that offers a la carte services, including cloud backups, VM elasticity, and secure networking. Which of the following cloud service provider types should business engage?

Options:

A.  

A laaS

B.  

PaaS

C.  

XaaS

D.  

SaaS

Discussion 0
Questions 115

A Chief Information Officer is concerned about employees using company-issued laptops lo steal data when accessing network shares. Which of the following should the company Implement?

Options:

A.  

DLP

B.  

CASB

C.  

HIDS

D.  

EDR

E.  

UEFI

Discussion 0
Questions 116

Which of the following is required in order for an IDS and a WAF to be effective on HTTPS traffic?

Options:

A.  

Hashing

B.  

DNS sinkhole

C.  

TLS inspection

D.  

Data masking

Discussion 0
Questions 117

When planning to build a virtual environment, an administrator need to achieve the following,

•Establish polices in Limit who can create new VMs

•Allocate resources according to actual utilization‘

•Require justification for requests outside of the standard requirements.

•Create standardized categories based on size and resource requirements

Which of the following is the administrator MOST likely trying to do?

Options:

A.  

Implement IaaS replication

B.  

Product against VM escape

C.  

Deploy a PaaS

D.  

Avoid VM sprawl

Discussion 0
Questions 118

A systems analyst determines the source of a high number of connections to a web server that were initiated by ten different IP addresses that belong to a network block in a specific country. Which of the following techniques will the systems analyst MOST likely implement to address this issue?

Options:

A.  

Content filter

B.  

SIEM

C.  

Firewall rules

D.  

DLP

Discussion 0
Questions 119

During a forensic investigation, a security analyst discovered that the following command was run on a compromised host:

Which of the following attacks occurred?

Options:

A.  

Buffer overflow

B.  

Pass the hash

C.  

SQL injection

D.  

Replay attack

Discussion 0
Questions 120

A security engineer is installing a WAF to protect the company's website from malicious web requests over SSL. Which of the following is needed to meet the objective?

Options:

A.  

A reverse proxy

B.  

A decryption certificate

C.  

A split-tunnel VPN

D.  

Load-balanced servers

Discussion 0
Questions 121

Which of the following environments would MOST likely be used to assess the execution of component parts of a system at both the hardware and software levels and to measure performance characteristics?

Options:

A.  

Test

B.  

Staging

C.  

Development

D.  

Production

Discussion 0
Questions 122

A network analyst is investigating compromised corporate information. The analyst leads to a theory that network traffic was intercepted before being transmitted to the internet. The following output was captured on an internal host:

Based on the IoCS, which of the following was the MOST likely attack used to compromise the network communication?

Options:

A.  

Denial of service

B.  

ARP poisoning

C.  

Command injection

D.  

MAC flooding

Discussion 0
Questions 123

A security analyst is reviewing the vulnerability scan report for a web server following an incident. The vulnerability that was used to exploit the server is present in historical vulnerability scan reports, and a patch is available for the vulnerability. Which of the following is the MOST likely cause?

Options:

A.  

Security patches were uninstalled due to user impact.

B.  

An adversary altered the vulnerability scan reports

C.  

A zero-day vulnerability was used to exploit the web server

D.  

The scan reported a false negative for the vulnerability

Discussion 0
Questions 124

A security researcher is using an adversary's infrastructure and TTPs and creating a named group to track those targeted Which of the following is the researcher MOST likely using?

Options:

A.  

The Cyber Kill Chain

B.  

The incident response process

C.  

The Diamond Model of Intrusion Analysis

D.  

MITRE ATT&CK

Discussion 0
Questions 125

A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirement?

Options:

A.  

Asymmetric

B.  

Symmetric

C.  

Homomorphic

D.  

Ephemeral

Discussion 0
Questions 126

A security analyst wants to verify that a client-server (non-web) application is sending encrypted traffic. Which of the following should the analyst use?

Options:

A.  

openssl

B.  

hping

C.  

netcat

D.  

tcpdump

Discussion 0
Questions 127

As part of a company's ongoing SOC maturation process, the company wants to implement a method to share cyberthreat intelligence data with outside security partners. Which of the following will the company MOST likely implement?

Options:

A.  

TAXII

B.  

TLP

C.  

TTP

D.  

STIX

Discussion 0
Questions 128

Which of the following provides a catalog of security and privacy controls related to the United States federal information systems?

Options:

A.  

GDPR

B.  

PCI DSS

C.  

ISO 27000

D.  

NIST 800-53

Discussion 0
Questions 129

Developers are writing code and merging it into shared repositories several times a day, where it is tested automatically. Which of the following concepts does this BEST represent?

Options:

A.  

Functional testing

B.  

Stored procedures

C.  

Elasticity

D.  

Continuous integration

Discussion 0
Questions 130

Remote workers in an organization use company-provided laptops with locally installed applications and locally stored data Users can store data on a remote server using an encrypted connection. The organization discovered data stored on a laptop had been made available to the public Which of the following security solutions would mitigate the risk of future data disclosures?

Options:

A.  

FDE

B.  

TPM

C.  

HIDS

D.  

VPN

Discussion 0
Questions 131

Which of the following disaster recovery tests is the LEAST time consuming for the disaster recovery team?

Options:

A.  

Tabletop

B.  

Parallel

C.  

Full interruption

D.  

Simulation

Discussion 0
Questions 132

A Chief Information Officer is concerned about employees using company-issued laptops to steal data when accessing network shares. Which of the following should the company implement?

Options:

A.  

DLP

B.  

CASB

C.  

HIDS

D.  

EDR

E.  

UEFI

Discussion 0
Questions 133

A security engineer is reviewing the logs from a SAML application that is configured to use MFA, during this review the engineer notices a high volume of successful logins that did not require MFA from users who were traveling internationally. The application, which can be accessed without a VPB, has a policy that allows time-based tokens to be generated. Users who changed locations should be required to reauthenticate but have been Which of the following statements BEST explains the issue?

Options:

A.  

OpenID is mandatory to make the MFA requirements work

B.  

An incorrect browser has been detected by the SAML application

C.  

The access device has a trusted certificate installed that is overwriting the session token

D.  

The user’s IP address is changing between logins, bur the application is not invalidating the token

Discussion 0
Questions 134

Which of the following best describes configuring devices to log to a centralized, off-site location for possible future reference?

Options:

A.  

Log aggregation

B.  

DLP

C.  

Archiving

D.  

SCAP

Discussion 0
Questions 135

Which of the following incident response steps occurs before containment?

Options:

A.  

Eradication

B.  

Recovery

C.  

Lessons learned

D.  

Identification

Discussion 0
Questions 136

Which of the following controls would be the MOST cost-effective and time-efficient to deter intrusions at the perimeter of a restricted, remote military training area?

(Select TWO).

Options:

A.  

Barricades

B.  

Thermal sensors

C.  

Drones

D.  

Signage

E.  

Motion sensors

F.  

Guards

G.  

Bollards

Discussion 0
Questions 137

An organization recently acquired an ISO 27001 certification. Which of the following would MOST likely be considered a benefit of this certification?

Options:

A.  

It allows for the sharing of digital forensics data across organizations

B.  

It provides insurance in case of a data breach

C.  

It provides complimentary training and certification resources to IT security staff.

D.  

It certifies the organization can work with foreign entities that require a security clearance

E.  

It assures customers that the organization meets security standards

Discussion 0
Questions 138

A security analyst is using OSINT to gather information to verify whether company data is available publicly. Which of the following is the BEST application for the analyst to use?

Options:

A.  

theHarvester

B Cuckoo

B.  

Nmap

C.  

Nessus

Discussion 0
Questions 139

A company Is planning to install a guest wireless network so visitors will be able to access the Internet. The stakeholders want the network to be easy to connect to so time is not wasted during meetings. The WAPs are configured so that power levels and antennas cover only the conference rooms where visitors will attend meetings. Which of the following would BEST protect the company's Internal wireless network against visitors accessing company resources?

Options:

A.  

Configure the guest wireless network to be on a separate VLAN from the company's internal wireless network

B.  

Change the password for the guest wireless network every month.

C.  

Decrease the power levels of the access points for the guest wireless network.

D.  

Enable WPA2 using 802.1X for logging on to the guest wireless network.

Discussion 0
Questions 140

A data owner has been tasked with assigning proper data classifications and destruction methods for various types of data contained within the environment.

Options:

Discussion 0
Questions 141

A network administrator needs to determine the sequence of a server farm's logs. Which of the following should the administrator consider? (Select two).

Options:

A.  

Chain of custody

B.  

Tags

C.  

Reports

D.  

Time stamps

E.  

Hash values

F.  

Time offset

Discussion 0
Questions 142

A systems analyst is responsible for generating a new digital forensics chain -of- custody form Which of the following should the analyst include in this documentation? (Select two).

Options:

A.  

The order of volatility

B.  

A forensics NDA

C.  

The provenance of the artifacts

D.  

The vendor's name

E.  

The date and time

F.  

A warning banner

Discussion 0
Questions 143

Which of the following is a security implication of newer 1CS devices that are becoming more common in corporations?

Options:

A.  

Devices with celular communication capabilities bypass traditional network security controls

B.  

Many devices do not support elliptic-curve encryption algorithms due to the overhead they require.

C.  

These devices often lade privacy controls and do not meet newer compliance regulations

D.  

Unauthorized voice and audio recording can cause loss of intellectual property

Discussion 0
Questions 144

Which of the following describes software on network hardware that needs to be updated on a rou-tine basis to help address possible vulnerabilities?

Options:

A.  

Vendor management

B.  

Application programming interface

C.  

Vanishing

D.  

Encryption strength

E.  

Firmware

Discussion 0
Questions 145

A company is developing a new initiative to reduce insider threats. Which of the following should the company focus on to make the greatest impact?

Options:

A.  

Social media analysis

B.  

Least privilege

C.  

Nondisclosure agreements

D.  

Mandatory vacation

Discussion 0
Questions 146

An IT manager is estimating the mobile device budget for the upcoming year. Over the last five years, the number of devices that were replaced due to loss, damage, or theft steadily increased by 10%. Which of the following would best describe the estimated number of devices to be replaced next year?

Options:

A.  

SLA

B.  

ARO

C.  

RPO

D.  

SLE

Discussion 0
Questions 147

A retail store has a business requirement to deploy a kiosk computer In an open area The kiosk computer's operating system has been hardened and tested. A security engineer IS concerned that

someone could use removable media to install a rootkit Mich of the should the security engineer configure to BEST protect the kiosk computer?

Options:

A.  

Measured boot

B.  

Boot attestation

C.  

UEFI

D.  

EDR

Discussion 0
Questions 148

Which of the following secure application development concepts aims to block verbose error messages from being shown in a user’s interface?

Options:

A.  

OWASP

B.  

Obfuscation/camouflage

C.  

Test environment

D.  

Prevent of information exposure

Discussion 0
Questions 149

Which of the following would be best to ensure data is saved to a location on a server, is easily scaled, and is centrally monitored?

Options:

A.  

 Edge computing

B.  

Microservices

C.  

Containers

D.  

Thin client

Discussion 0
Questions 150

Which of the following is the correct order of evidence from most to least volatile in forensic analysis?

Options:

A.  

Memory, disk, temporary filesystems, CPU cache

B.  

CPU cache, memory, disk, temporary filesystems

C.  

CPU cache, memory, temporary filesystems, disk

D.  

CPU cache, temporary filesystems, memory, disk

Discussion 0
Questions 151

An attacker is using a method to hide data inside of benign files in order to exfiltrate confidential data. Which of the following is the attacker most likely using?

Options:

A.  

Base64 encoding

B.  

Steganography

C.  

Data encryption

D.  

Perfect forward secrecy

Discussion 0
Questions 152

A company recently upgraded its authentication infrastructure and now has more computing power. Which of the following should the company consider using to ensure user credentials are

being transmitted and stored more securely?

Options:

A.  

Blockchain

B.  

Salting

C.  

Quantum

D.  

Digital signature

Discussion 0
Questions 153

A security analyst is assisting a team of developers with best practices for coding. The security analyst would like to defend against the use of SQL injection attacks. Which of the following should the security analyst recommend first?

Options:

A.  

Tokenization

B.  

Input validation

C.  

Code signing

D.  

Secure cookies

Discussion 0
Questions 154

A company wants to enable BYOD for checking email and reviewing documents. Many of the documents contain sensitive organizational information. Which of the following should be deployed first before allowing the use of personal devices to access company data?

Options:

A.  

MDM

B.  

RFID

C.  

DLR

D.  

SIEM

Discussion 0
Questions 155

Which of the following can be used by an authentication application to validate a user's credentials without the need to store the actual sensitive data? 

Options:

A.  

Salt string

B.  

Private Key

C.  

Password hash

D.  

Cipher stream

Discussion 0
Questions 156

A desktop computer was recently stolen from a desk located in the lobby of an office building. Which of the following would be the best way to secure a replacement computer and deter future theft?

Options:

A.  

Installing proximity card readers on all entryway doors

B.  

Deploying motion sensor cameras in the lobby

C.  

Encrypting the hard drive on the new desktop

D.  

Using cable locks on the hardware

Discussion 0
Questions 157

Which of the following can be used to detect a hacker who is stealing company data over port 80?

Options:

A.  

Web application scan

B.  

Threat intelligence

C.  

Log aggregation

D.  

Packet capture

Discussion 0
Questions 158

An organization decided not to put controls in place because of the high cost of implementing the controls compared to the cost of a potential fine. Which of the following risk management strategies is the organization following?

Options:

A.  

Transference

B.  

Avoidance

C.  

Mitigation

D.  

Acceptance

Discussion 0
Questions 159

Which of the following would most likely include language prohibiting end users from accessing personal email from a company device?

Options:

A.  

SLA

B.  

BPA

C.  

NDA

D.  

AUP

Discussion 0
Questions 160

Which of the following models offers third-party-hosted, on-demand computing resources that can be shared with multiple organizations over the internet?

Options:

A.  

Public cloud

B.  

Hybrid cloud

C.  

Community cloud

D.  

Private cloud

Discussion 0
Questions 161

A company is enhancing the security of the wireless network and needs to ensure only employees with a valid certificate can authenticate to the network. Which of the following should the

company implement?

Options:

A.  

PEAP

B.  

PSK

C.  

WPA3

D.  

WPS

Discussion 0
Questions 162

A network-connected magnetic resonance imaging (MRI) scanner at a hospital is controlled and operated by an outdated and unsupported specialized Windows OS. Which of the following

is most likely preventing the IT manager at the hospital from upgrading the specialized OS?

Options:

A.  

The time needed for the MRI vendor to upgrade the system would negatively impact patients.

B.  

The MRI vendor does not support newer versions of the OS.

C.  

Changing the OS breaches a support SLA with the MRI vendor.

D.  

The IT team does not have the budget required to upgrade the MRI scanner.

Discussion 0
Questions 163

A security team is engaging a third-party vendor to do a penetration test of a new proprietary application prior to its release. Which of the following documents would the third-party vendor

most likely be required to review and sign?

Options:

A.  

SLA

B.  

NDA

C.  

MOU

D.  

AUP

Discussion 0
Questions 164

A company has numerous employees who store PHI data locally on devices. The Chief Information Officer wants to implement a solution to reduce external exposure of PHI but not affect the business.

The first step the IT team should perform is to deploy a DLP solution:

Options:

A.  

for only data in transit.

B.  

for only data at reset.

C.  

in blocking mode.

D.  

in monitoring mode.

Discussion 0
Questions 165

Which of the following would provide guidelines on how to label new network devices as part of the initial configuration?

Options:

A.  

IP schema

B.  

Application baseline configuration

C.  

Standard naming convention policy

D.  

Wireless LAN and network perimeter diagram

Discussion 0
Questions 166

A cybersecurity analyst at Company A is working to establish a secure communication channel with a counter part at Company B, which is 3,000 miles (4.828 kilometers) away. Which of the following concepts would help the analyst meet this goal m a secure manner?

Options:

A.  

Digital signatures

B.  

Key exchange

C.  

Salting

D.  

PPTP

Discussion 0
Questions 167

Which of the following best describes the situation where a successfully onboarded employee who is using a fingerprint reader is denied access at the company's mam gate?

Options:

A.  

Crossover error rate

B.  

False match raw

C.  

False rejection

D.  

False positive

Discussion 0
Questions 168

A security engineer is concerned the strategy for detection on endpoints is too heavily dependent on previously defined attacks. The engineer wants a tool that can monitor for changes to key files and network traffic for the device. Which of the following tools should the engineer select?

Options:

A.  

HIDS

B.  

AV

C.  

NGF-W

D.  

DLP

Discussion 0
Questions 169

Multiple beaconing activities to a malicious domain have been observed. The malicious domain is hosting malware from various endpoints on the network. Which of the following

technologies would be best to correlate the activities between the different endpoints?

Options:

A.  

Firewall

B.  

SIEM

C.  

IPS

D.  

Protocol analyzer

Discussion 0
Questions 170

An organization recently released a zero-trust policy that will enforce who is able to remotely access certain data. Authenticated users who access the data must have a need to know, depending on their level of permissions.

Which of the following is the first step the organization should take when implementing the policy?

Options:

A.  

Determine a quality CASB solution.

B.  

Configure the DLP policies by user groups.

C.  

Implement agentless NAC on boundary devices.

D.  

Classify all data on the file servers.

Discussion 0
Questions 171

A small, local company experienced a ransomware attack. The company has one web-facing server and a few workstations. Everything is behind an ISP firewall. A single web-facing server

is set up on the router to forward all ports so that the server is viewable from the internet. The company uses an older version of third-party software to manage the website. The assets

were never patched. Which of the following should be done to prevent an attack like this from happening again? (Select three).

Options:

A.  

Install DLP software to prevent data loss.

B.  

Use the latest version of software.

C.  

Install a SIEM device.

D.  

Implement MDM.

E.  

Implement a screened subnet for the web server.

F.  

Install an endpoint security solution.

G.  

Update the website certificate and revoke the existing ones.

Discussion 0
Questions 172

A security administrator installed a new web server. The administrator did this to increase the capacity for an application due to resource exhaustion on another server. Which of the

following algorithms should the administrator use to split the number of the connections on each server in half?

Options:

A.  

Weighted response

B.  

Round-robin

C.  

Least connection

D.  

Weighted least connection

Discussion 0
Questions 173

A company policy requires third-party suppliers to self-report data breaches within a specific time frame. Which of the following third-party risk management policies is the company complying with?

Options:

A.  

MOU

B.  

SLA

C.  

EOL

D.  

NDA

Discussion 0
Questions 174

Which of the following is the correct order of volatility from most to least volatile?

Options:

A.  

Memory, temporary filesystems. routing tables, disk, network storage

B.  

Cache, memory, temporary filesystems. disk, archival media

C.  

Memory, disk, temporary filesystems. cache, archival media

D.  

Cache, disk, temporary filesystems. network storage, archival media

Discussion 0
Questions 175

A wet-known organization has been experiencing attacks from APTs. The organization is concerned that custom malware is being created and emailed into the company or installed on USB stocks that are dropped in parking lots. Which of the following is the best defense against this scenario?

Options:

A.  

Configuring signature-based antivirus to update every 30 minutes

B.  

Enforcing S/MIME for email and automatically encrypting USB drives upon assertion

C.  

Implementing application execution in a sandbox for unknown software

D.  

Fuzzing new files for vulnerabilities if they are not digitally signed

Discussion 0
Questions 176

Which of the following is used to validate a certificate when it is presented to a user?

Options:

A.  

OCSP

B.  

CSR

C.  

CA

D.  

CRC

Discussion 0
Questions 177

Which of the following scenarios describes a possible business email compromise attack?

Options:

A.  

An employee receives a gift card request m an email that has an executive's name m the display held to the email

B.  

Employees who open an email attachment receive messages demanding payment m order to access files

C.  

A service desk employee receives an email from the HR director asking for log-in credentials lo a cloud administrator account

D.  

An employee receives an email with a link to a phishing site that is designed to look like the company's email portal.

Discussion 0
Questions 178

A user's login credentials were recently compromised During the investigation, the security analyst determined the user input credentials into a pop-up window when prompted to confirm the username and password However the trusted website does not use a pop-up for entering user colonials Which of the following attacks occurred?

Options:

A.  

Cross-site scripting

B.  

SOL injection

C.  

DNS poisoning

D.  

Certificate forgery

Discussion 0
Questions 179

A systems administrator is auditing all company servers to ensure they meet the minimum security baseline While auditing a Linux server the systems administrator observes the /etc/ahadow file has permissions beyond the baseline recommendation. Which of the following commands should the systems administrator use to resolve this issue?

Options:

A.  

chmod

B.  

grep

C.  

dd

D.  

passwd

Discussion 0
Questions 180

The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, including during a pandemic or crisis. However, the CEO is concerned that

some staff members may take advantage of the flexibility and work from high-risk countries while on holiday or outsource work to a third-party organization in another country. The Chief Information Officer believes the company

can implement some basic controls to mitigate the majority of the risk. Which of the following would be best to mitigate the CEO's concerns? (Select two).

Options:

A.  

Geolocation

B.  

Time-of-day restrictions

C.  

Certificates

D.  

Tokens

E.  

Geotagging

F.  

Role-based access controls

Discussion 0