Black Friday Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

ExamsBrite Dumps

CompTIA Security+ Exam 2024 Question and Answers

CompTIA Security+ Exam 2024

Last Update Dec 2, 2024
Total Questions : 391

We are offering FREE SY0-701 CompTIA exam questions. All you do is to just go and sign up. Give your details, prepare SY0-701 free exam questions and then go for complete pool of CompTIA Security+ Exam 2024 test questions that will help you more.

SY0-701 pdf

SY0-701 PDF

$36.75  $104.99
SY0-701 Engine

SY0-701 Testing Engine

$43.75  $124.99
SY0-701 PDF + Engine

SY0-701 PDF + Testing Engine

$57.75  $164.99
Questions 1

Which of the following vulnerabilities is associated with installing software outside of a manufacturer’s approved software repository?

Options:

A.  

Jailbreaking

B.  

Memory injection

C.  

Resource reuse

D.  

Side loading

Discussion 0
Questions 2

During a recent company safety stand-down, the cyber-awareness team gave a presentation on the importance of cyber hygiene. One topic the team covered was best practices for printing centers. Which of the following describes an attack method that relates to printing centers?

Options:

A.  

Whaling

B.  

Credential harvesting

C.  

Prepending

D.  

Dumpster diving

Discussion 0
Questions 3

Which of the following is used to add extra complexity before using a one-way data transformation algorithm?

Options:

A.  

Key stretching

B.  

Data masking

C.  

Steganography

D.  

Salting

Discussion 0
Questions 4

A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?

Options:

A.  

Enumeration

B.  

Sanitization

C.  

Destruction

D.  

Inventory

Discussion 0
Questions 5

A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following documents should the company provide to the client?

Options:

A.  

MSA

B.  

SLA

C.  

BPA

D.  

SOW

Discussion 0
Questions 6

Which of the following would be the greatest concern for a company that is aware of the consequences of non-compliance with government regulations?

Options:

A.  

Right to be forgotten

B.  

Sanctions

C.  

External compliance reporting

D.  

Attestation

Discussion 0
Questions 7

An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a “page not found” error message. Which of the following types of social engineering attacks occurred?

Options:

A.  

Brand impersonation

B.  

Pretexting

C.  

Typosquatting

D.  

Phishing

Discussion 0
Questions 8

A spoofed identity was detected for a digital certificate. Which of the following are the type of unidentified key and the certificate mat could be in use on the company domain?

Options:

A.  

Private key and root certificate

B.  

Public key and expired certificate

C.  

Private key and self-signed certificate

D.  

Public key and wildcard certificate

Discussion 0
Questions 9

A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do?

Options:

A.  

Place posters around the office to raise awareness of common phishing activities.

B.  

Implement email security filters to prevent phishing emails from being delivered

C.  

Update the EDR policies to block automatic execution of downloaded programs.

D.  

Create additional training for users to recognize the signs of phishing attempts.

Discussion 0
Questions 10

Which of the following is the stage in an investigation when forensic images are obtained?

Options:

A.  

Acquisition

B.  

Preservation

C.  

Reporting

D.  

E-discovery

Discussion 0
Questions 11

An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC’s memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?

Options:

A.  

Privilege escalation

B.  

Buffer overflow

C.  

SQL injection

D.  

Pass-the-hash

Discussion 0
Questions 12

Which of the following should be used to ensure an attacker is unable to read the contents of a mobile device's drive if the device is lost?

Options:

A.  

TPM

B.  

ECC

C.  

FDE

D.  

HSM

Discussion 0
Questions 13

Which of the following is best used to detect fraud by assigning employees to different roles?

Options:

A.  

Least privilege

B.  

Mandatory vacation

C.  

Separation of duties

D.  

Job rotation

Discussion 0
Questions 14

An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out?

Options:

A.  

Compromise

B.  

Retention

C.  

Analysis

D.  

Transfer

E.  

Inventory

Discussion 0
Questions 15

The Chief Information Security Officer (CISO) at a large company would like to gain an understanding of how the company's security policies compare to the requirements imposed by external regulators. Which of the following should the CISO use?

Options:

A.  

Penetration test

B.  

Internal audit

C.  

Attestation

D.  

External examination

Discussion 0
Questions 16

A systems administrator receives a text message from an unknown number claiming to be the Chief Executive Officer of the company. The message states an emergency situation requires a password reset. Which of the following threat vectors is being used?

Options:

A.  

Typosquatting

B.  

Smishing

C.  

Pretexting

D.  

Impersonation

Discussion 0
Questions 17

Which of the following should a company use to provide proof of external network security testing?

Options:

A.  

Business impact analysis

B.  

Supply chain analysis

C.  

Vulnerability assessment

D.  

Third-party attestation

Discussion 0
Questions 18

Which of the following would be used to detect an employee who is emailing a customer list to a personal account before leaving the company?

Options:

A.  

DLP

B.  

FIM

C.  

IDS

D.  

EDR

Discussion 0
Questions 19

Which of the following security concepts is being followed when implementing a product that offers protection against DDoS attacks?

Options:

A.  

Availability

B.  

Non-repudiation

C.  

Integrity

D.  

Confidentiality

Discussion 0
Questions 20

A client demands at least 99.99% uptime from a service provider's hosted security services. Which of the following documents includes the information the service provider should return to the client?

Options:

A.  

MOA

B.  

SOW

C.  

MOU

D.  

SLA

Discussion 0
Questions 21

A company wants to get alerts when others are researching and doing reconnaissance on the company One approach would be to host a part of the Infrastructure online with known vulnerabilities that would appear to be company assets. Which of the following describes this approach?

Options:

A.  

Watering hole

B.  

Bug bounty

C.  

DNS sinkhole

D.  

Honeypot

Discussion 0
Questions 22

During a security incident, the security operations team identified sustained network traffic from a malicious IP address:

10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization’s network. Which of the following fulfills this request?

Options:

A.  

access-list inbound deny ig source 0.0.0.0/0 destination 10.1.4.9/32

B.  

access-list inbound deny ig source 10.1.4.9/32 destination 0.0.0.0/0

C.  

access-list inbound permit ig source 10.1.4.9/32 destination 0.0.0.0/0

D.  

access-list inbound permit ig source 0.0.0.0/0 destination 10.1.4.9/32

Discussion 0
Questions 23

A company recently decided to allow employees to work remotely. The company wants to protect us data without using a VPN. Which of the following technologies should the company Implement?

Options:

A.  

Secure web gateway

B.  

Virtual private cloud end point

C.  

Deep packet Inspection

D.  

Next-gene ration firewall

Discussion 0
Questions 24

A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these requirements?

Options:

A.  

Serverless framework

B.  

Type 1 hvpervisor

C.  

SD-WAN

D.  

SDN

Discussion 0
Questions 25

A company most likely is developing a critical system for the government and storing project information on a fileshare. Which of the following describes how this data will be classified? (Select two).

Options:

A.  

Private

B.  

Confidential

C.  

Public

D.  

Operational

E.  

Urgent

F.  

Restricted

Discussion 0
Questions 26

A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?

Options:

A.  

Accept

B.  

Transfer

C.  

Mitigate

D.  

Avoid

Discussion 0
Questions 27

A company wants to improve the availability of its application with a solution that requires minimal effort in the event a server needs to be replaced or added. Which of the following would be the best solution to meet these objectives?

Options:

A.  

Load balancing

B.  

Fault tolerance

C.  

Proxy servers

D.  

Replication

Discussion 0
Questions 28

Which of the following describes the process of concealing code or text inside a graphical image?

Options:

A.  

Symmetric encryption

B.  

Hashing

C.  

Data masking

D.  

Steganography

Discussion 0
Questions 29

Which of the following best describes configuring devices to log to an off-site location for possible future reference?

Options:

A.  

Log aggregation

B.  

DLP

C.  

Archiving

D.  

SCAP

Discussion 0
Questions 30

Which of the following security concepts is accomplished when granting access after an individual has logged into a computer network?

Options:

A.  

Authorization

B.  

Identification

C.  

Non-repudiation

D.  

Authentication

Discussion 0
Questions 31

One of a company's vendors sent an analyst a security bulletin that recommends a BIOS update. Which of the following vulnerability types is being addressed by the patch?

Options:

A.  

Virtualization

B.  

Firmware

C.  

Application

D.  

Operating system

Discussion 0
Questions 32

A new employee logs in to the email system for the first time and notices a message from human resources about onboarding. The employee hovers over a few of the links within the email and discovers that the links do not correspond to links associated with the company. Which of the following attack vectors is most likely being used?

Options:

A.  

Business email

B.  

Social engineering

C.  

Unsecured network

D.  

Default credentials

Discussion 0
Questions 33

Which of the following is the most likely to be included as an element of communication in a security awareness program?

Options:

A.  

Reporting phishing attempts or other suspicious activities

B.  

Detecting insider threats using anomalous behavior recognition

C.  

Verifying information when modifying wire transfer data

D.  

Performing social engineering as part of third-party penetration testing

Discussion 0
Questions 34

A visitor plugs a laptop into a network jack in the lobby and is able to connect to the company's network. Which of the following should be configured on the existing network infrastructure to best prevent this activity?

Options:

A.  

Port security

B.  

Web application firewall

C.  

Transport layer security

D.  

Virtual private network

Discussion 0
Questions 35

A security engineer is implementing FDE for all laptops in an organization. Which of the following are the most important for the engineer to consider as part of the planning process? (Select two).

Options:

A.  

Key escrow

B.  

TPM presence

C.  

Digital signatures

D.  

Data tokenization

E.  

Public key management

F.  

Certificate authority linking

Discussion 0
Questions 36

While investigating a possible incident, a security analyst discovers the following log entries:

67.118.34.157 ----- [28/Jul/2022:10:26:59 -0300] "GET /query.php?q-wireless%20headphones / HTTP/1.0" 200 12737

132.18.222.103 ----[28/Jul/2022:10:27:10 -0300] "GET /query.php?q=123 INSERT INTO users VALUES('temp', 'pass123')# / HTTP/1.0" 200 935

12.45.101.121 ----- [28/Jul/2022:10:27:22 -0300] "GET /query.php?q=mp3%20players I HTTP/1.0" 200 14650

Which of the following should the analyst do first?

Options:

A.  

Implement a WAF

B.  

Disable the query .php script

C.  

Block brute-force attempts on temporary users

D.  

Check the users table for new accounts

Discussion 0
Questions 37

Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company?

Options:

A.  

Provisioning resources

B.  

Disabling access

C.  

Reviewing change approvals

D.  

Escalating permission requests

Discussion 0
Questions 38

A security analyst is investigating a workstation that is suspected of outbound communication to a command-and-control server. During the investigation, the analyst discovered that logs on the endpoint were deleted. Which of the following logs would the analyst most likely look at next?

Options:

A.  

IPS

B.  

Firewall

C.  

ACL

D.  

Windows security

Discussion 0
Questions 39

The security operations center is researching an event concerning a suspicious IP address A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced faded log-In attempts when authenticating from the same IP address:

Which of the following most likely describes attack that took place?

Options:

A.  

Spraying

B.  

Brute-force

C.  

Dictionary

D.  

Rainbow table

Discussion 0
Questions 40

A systems administrator wants to prevent users from being able to access data based on their responsibilities. The administrator also wants to apply the required access structure via a simplified format. Which of the following should the administrator apply to the site recovery resource group?

Options:

A.  

RBAC

B.  

ACL

C.  

SAML

D.  

GPO

Discussion 0
Questions 41

A security administrator is addressing an issue with a legacy system that communicates data using an unencrypted protocol to transfer sensitive data to a third party. No software updates that use an encrypted protocol are available, so a compensating control is needed. Which of the following are the most appropriate for the administrator to suggest? (Select two.)

Options:

A.  

Tokenization

B.  

Cryptographic downgrade

C.  

SSH tunneling

D.  

Segmentation

E.  

Patch installation

F.  

Data masking

Discussion 0
Questions 42

Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?

Options:

A.  

Mitigate

B.  

Accept

C.  

Transfer

D.  

Avoid

Discussion 0
Questions 43

A systems administrator creates a script that validates OS version, patch levels, and installed applications when users log in. Which of the following examples best describes the purpose of this script?

Options:

A.  

Resource scaling

B.  

Policy enumeration

C.  

Baseline enforcement

D.  

Guardrails implementation

Discussion 0
Questions 44

A group of developers has a shared backup account to access the source code repository. Which of the following is the best way to secure the backup account if there is an SSO failure?

Options:

A.  

RAS

B.  

EAP

C.  

SAML

D.  

PAM

Discussion 0
Questions 45

Which of the following must be considered when designing a high-availability network? (Choose two).

Options:

A.  

Ease of recovery

B.  

Ability to patch

C.  

Physical isolation

D.  

Responsiveness

E.  

Attack surface

F.  

Extensible authentication

Discussion 0
Questions 46

Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?

Options:

A.  

Hacktivist

B.  

Whistleblower

C.  

Organized crime

D.  

Unskilled attacker

Discussion 0
Questions 47

A systems administrator would like to deploy a change to a production system. Which of the following must the administrator submit to demonstrate that the system can be restored to a working state in the event of a performance issue?

Options:

A.  

Backout plan

B.  

Impact analysis

C.  

Test procedure

D.  

Approval procedure

Discussion 0
Questions 48

After a security incident, a systems administrator asks the company to buy a NAC platform. Which of the following attack surfaces is the systems administrator trying to protect?

    Bluetooth

Options:

A.  

Wired

B.  

NFC

C.  

SCADA

Discussion 0
Questions 49

A legacy device is being decommissioned and is no longer receiving updates or patches. Which of the following describes this scenario?

Options:

A.  

End of business

B.  

End of testing

C.  

End of support

D.  

End of life

Discussion 0
Questions 50

A company is expanding its threat surface program and allowing individuals to security test the company’s internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?

Options:

A.  

Open-source intelligence

B.  

Bug bounty

C.  

Red team

D.  

Penetration testing

Discussion 0
Questions 51

An organization wants to limit potential impact to its log-in database in the event of a breach. Which of the following options is the security team most likely to recommend?

Options:

A.  

Tokenization

B.  

Hashing

C.  

Obfuscation

D.  

Segmentation

Discussion 0
Questions 52

A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis. Which of the following types of controls is the company setting up?

Options:

A.  

Corrective

B.  

Preventive

C.  

Detective

D.  

Deterrent

Discussion 0
Questions 53

A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors. Which of the following should the systems administrator use?

Options:

A.  

Packet captures

B.  

Vulnerability scans

C.  

Metadata

D.  

Dashboard

Discussion 0
Questions 54

A network administrator is working on a project to deploy a load balancer in the company's cloud environment. Which of the following fundamental security requirements does this project fulfill?

Options:

A.  

Privacy

B.  

Integrity

C.  

Confidentiality

D.  

Availability

Discussion 0
Questions 55

An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.

Which of the following best describes the user’s activity?

Options:

A.  

Penetration testing

B.  

Phishing campaign

C.  

External audit

D.  

Insider threat

Discussion 0
Questions 56

Which of the following most impacts an administrator's ability to address CVEs discovered on a server?

Options:

A.  

Rescanning requirements

B.  

Patch availability

C.  

Organizational impact

D.  

Risk tolerance

Discussion 0
Questions 57

A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?

Options:

A.  

SSO

B.  

LEAP

C.  

MFA

D.  

PEAP

Discussion 0
Questions 58

A security manager created new documentation to use in response to various types of security incidents. Which of the following is the next step the manager should take?

Options:

A.  

Set the maximum data retention policy.

B.  

Securely store the documents on an air-gapped network.

C.  

Review the documents' data classification policy.

D.  

Conduct a tabletop exercise with the team.

Discussion 0
Questions 59

An employee in the accounting department receives an email containing a demand for payment tot services performed by a vendor However, the vendor is not in the vendor management database. Which of the following in this scenario an example of?

Options:

A.  

Pretexting

B.  

Impersonation

C.  

Ransomware

D.  

Invoice scam

Discussion 0
Questions 60

A company is planning a disaster recovery site and needs to ensure that a single natural disaster would not result in the complete loss of regulated backup data. Which of the following should the company consider?

Options:

A.  

Geographic dispersion

B.  

Platform diversity

C.  

Hot site

D.  

Load balancing

Discussion 0
Questions 61

An accounting clerk sent money to an attacker's bank account after receiving fraudulent instructions to use a new account. Which of the following would most likely prevent this activity in the future?

Options:

A.  

Standardizing security incident reporting

B.  

Executing regular phishing campaigns

C.  

Implementing insider threat detection measures

D.  

Updating processes for sending wire transfers

Discussion 0
Questions 62

A security administrator identifies an application that is storing data using MD5. Which of the following best identifies the vulnerability likely present in the application?

Options:

A.  

Cryptographic

B.  

Malicious update

C.  

Zero day

D.  

Side loading

Discussion 0
Questions 63

A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?

Options:

A.  

Logging all NetFlow traffic into a SIEM

B.  

Deploying network traffic sensors on the same subnet as the servers

C.  

Logging endpoint and OS-specific security logs

D.  

Enabling full packet capture for traffic entering and exiting the servers

Discussion 0
Questions 64

Which of the following environments utilizes a subset of customer data and is most likely to be used to assess the impacts of major system upgrades and demonstrate system features?

Options:

A.  

Development

B.  

Test

C.  

Production

D.  

Staging

Discussion 0
Questions 65

A company’s web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?

Options:

A.  

encryption=off\

B.  

http://

C.  

www.*.com

D.  

:443

Discussion 0
Questions 66

An organization is required to maintain financial data records for three years and customer data for five years. Which of the following data management policies should the organization implement?

Options:

A.  

Retention

B.  

Destruction

C.  

Inventory

D.  

Certification

Discussion 0
Questions 67

Which of the following are cases in which an engineer should recommend the decommissioning of a network device? (Select two).

Options:

A.  

The device has been moved from a production environment to a test environment.

B.  

The device is configured to use cleartext passwords.

C.  

The device is moved to an isolated segment on the enterprise network.

D.  

The device is moved to a different location in the enterprise.

E.  

The device's encryption level cannot meet organizational standards.

F.  

The device is unable to receive authorized updates.

Discussion 0
Questions 68

Which of the following should be used to aggregate log data in order to create alerts and detect anomalous activity?

Options:

A.  

SIEM

B.  

WAF

C.  

Network taps

D.  

IDS

Discussion 0
Questions 69

After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network. Which of the following is the most appropriate to disable?

Options:

A.  

Console access

B.  

Routing protocols

C.  

VLANs

D.  

Web-based administration

Discussion 0
Questions 70

Which of the following is the first step to take when creating an anomaly detection process?

Options:

A.  

Selecting events

B.  

Building a baseline

C.  

Selecting logging options

D.  

Creating an event log

Discussion 0
Questions 71

A company wants to track modifications to the code used to build new virtual servers. Which of the following will the company most likely deploy?

Options:

A.  

Change management ticketing system

B.  

Behavioral analyzer

C.  

Collaboration platform

D.  

Version control tool

Discussion 0
Questions 72

A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering.

Which of the following teams will conduct this assessment activity?

Options:

A.  

White

B.  

Purple

C.  

Blue

D.  

Red

Discussion 0
Questions 73

Which of the following can a security director use to prioritize vulnerability patching within a company's IT environment?

Options:

A.  

SOAR

B.  

CVSS

C.  

SIEM

D.  

CVE

Discussion 0
Questions 74

A systems administrator is changing the password policy within an enterprise environment and wants this update implemented on all systems as quickly as possible. Which of the following operating system security measures will the administrator most likely use?

Options:

A.  

Deploying PowerShell scripts

B.  

Pushing GPO update

C.  

Enabling PAP

D.  

Updating EDR profiles

Discussion 0
Questions 75

A newly identified network access vulnerability has been found in the OS of legacy loT devices. Which of the following would best mitigate this vulnerability quickly?

Options:

A.  

Insurance

B.  

Patching

C.  

Segmentation

D.  

Replacement

Discussion 0
Questions 76

Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?

Options:

A.  

Insider

B.  

Unskilled attacker

C.  

Nation-state

D.  

Hacktivist

Discussion 0
Questions 77

A security analyst is reviewing the following logs:

Which of the following attacks is most likely occurring?

Options:

A.  

Password spraying

B.  

Account forgery

C.  

Pass-t he-hash

D.  

Brute-force

Discussion 0
Questions 78

An organization implemented cloud-managed IP cameras to monitor building entry points and sensitive areas. The service provider enables direct TCP/IP connection to stream live video footage from each camera. The organization wants to ensure this stream is encrypted and authenticated. Which of the following protocols should be implemented to best meet this objective?

Options:

A.  

SSH

B.  

SRTP

C.  

S/MIME

D.  

PPTP

Discussion 0
Questions 79

A security team is setting up a new environment for hosting the organization's on-premises software application as a cloud-based service. Which of the following should the team ensure is in place in order for the organization to follow security best practices?

Options:

A.  

Visualization and isolation of resources

B.  

Network segmentation

C.  

Data encryption

D.  

Strong authentication policies

Discussion 0
Questions 80

Which of the following best represents an application that does not have an on-premises requirement and is accessible from anywhere?

Options:

A.  

Pass

B.  

Hybrid cloud

C.  

Private cloud

D.  

IaaS

E.  

SaaS

Discussion 0
Questions 81

Which of the following would help ensure a security analyst is able to accurately measure the overall risk to an organization when a new vulnerability is disclosed?

Options:

A.  

A full inventory of all hardware and software

B.  

Documentation of system classifications

C.  

A list of system owners and their departments

D.  

Third-party risk assessment documentation

Discussion 0
Questions 82

An organization has a new regulatory requirement to implement corrective controls on a financial system. Which of the following is the most likely reason for the new requirement?

Options:

A.  

To defend against insider threats altering banking details

B.  

To ensure that errors are not passed to other systems

C.  

To allow for business insurance to be purchased

D.  

To prevent unauthorized changes to financial data

Discussion 0
Questions 83

Which of the following best describes why me SMS DIP authentication method is more risky to implement than the TOTP method?

Options:

A.  

The SMS OTP method requires an end user to have an active mobile telephone service and SIM card.

B.  

Generally. SMS OTP codes are valid for up to 15 minutes while the TOTP time frame is 30 to 60 seconds

C.  

The SMS OTP is more likely to be intercepted and lead to unauthorized disclosure of the code than the TOTP method.

D.  

The algorithm used to generate on SMS OTP code is weaker than the one used to generate a TOTP code

Discussion 0
Questions 84

A penetration test has demonstrated that domain administrator accounts were vulnerable to pass-the-hash attacks. Which of the following would have been the best strategy to prevent the threat actor from using domain administrator accounts?

Options:

A.  

Audit each domain administrator account weekly for password compliance.

B.  

Implement a privileged access management solution.

C.  

Create IDS policies to monitor domain controller access.

D.  

Use Group Policy to enforce password expiration.

Discussion 0
Questions 85

You are security administrator investigating a potential infection on a network.

Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.

Options:

Discussion 0
Questions 86

A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?

Options:

A.  

Private

B.  

Critical

C.  

Sensitive

D.  

Public

Discussion 0
Questions 87

Which of the following is an example of a data protection strategy that uses tokenization?

Options:

A.  

Encrypting databases containing sensitive data

B.  

Replacing sensitive data with surrogate values

C.  

Removing sensitive data from production systems

D.  

Hashing sensitive data in critical systems

Discussion 0
Questions 88

Various company stakeholders meet to discuss roles and responsibilities in the event of a security breach affecting offshore offices. Which of the following is this an example of?

Options:

A.  

Tabletop exercise

B.  

Penetration test

C.  

Geographic dispersion

D.  

Incident response

Discussion 0
Questions 89

Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?

Options:

A.  

Configure all systems to log scheduled tasks.

B.  

Collect and monitor all traffic exiting the network.

C.  

Block traffic based on known malicious signatures.

D.  

Install endpoint management software on all systems.

Discussion 0
Questions 90

Which of the following is required for an organization to properly manage its restore process in the event of system failure?

Options:

A.  

IRP

B.  

DRP

C.  

RPO

D.  

SDLC

Discussion 0
Questions 91

Which of the following would be the best ways to ensure only authorized personnel can access a secure facility? (Select two).

Options:

A.  

Fencing

B.  

Video surveillance

C.  

Badge access

D.  

Access control vestibule

E.  

Sign-in sheet

F.  

Sensor

Discussion 0
Questions 92

A security engineer is working to address the growing risks that shadow IT services are introducing to the organization. The organization has taken a cloud-first approach end does not have an on-premises IT infrastructure. Which of the following would best secure the organization?

Options:

A.  

Upgrading to a next-generation firewall

B.  

Deploying an appropriate in-line CASB solution

C.  

Conducting user training on software policies

D.  

Configuring double key encryption in SaaS platforms

Discussion 0
Questions 93

Which of the following tasks is typically included in the BIA process?

Options:

A.  

Estimating the recovery time of systems

B.  

Identifying the communication strategy

C.  

Evaluating the risk management plan

D.  

Establishing the backup and recovery procedures

E.  

Developing the incident response plan

Discussion 0
Questions 94

After a recent ransomware attack on a company's system, an administrator reviewed the log files. Which of the following control types did the administrator use?

Options:

A.  

Compensating

B.  

Detective

C.  

Preventive

D.  

Corrective

Discussion 0
Questions 95

A security analyst is reviewing the source code of an application in order to identify misconfigurations and vulnerabilities. Which of the following kinds of analysis best describes this review?

Options:

A.  

Dynamic

B.  

Static

C.  

Gap

D.  

Impact

Discussion 0
Questions 96

A customer has a contract with a CSP and wants to identify which controls should be implemented in the IaaS enclave. Which of the following is most likely to contain this information?

Options:

A.  

Statement of work

B.  

Responsibility matrix

C.  

Service-level agreement

D.  

Master service agreement

Discussion 0
Questions 97

Which of the following strategies should an organization use to efficiently manage and analyze multiple types of logs?

Options:

A.  

Deploy a SIEM solution

B.  

Create custom scripts to aggregate and analyze logs

C.  

Implement EDR technology

D.  

Install a unified threat management appliance

Discussion 0
Questions 98

While considering the organization's cloud-adoption strategy, the Chief Information Security Officer sets a goal to outsource patching of firmware, operating systems, and applications to the chosen cloud vendor. Which of the following best meets this goal?

Options:

A.  

Community cloud

B.  

PaaS

C.  

Containerization

D.  

Private cloud

E.  

SaaS

F.  

laaS

Discussion 0
Questions 99

A security administrator is configuring fileshares. The administrator removed the default permissions and added permissions for only users who will need to access the fileshares as part of their job duties. Which of the following best describes why the administrator performed these actions?

Options:

A.  

Encryption standard compliance

B.  

Data replication requirements

C.  

Least privilege

D.  

Access control monitoring

Discussion 0
Questions 100

Which of the following is die most important security concern when using legacy systems to provide production service?

Options:

A.  

Instability

B.  

Lack of vendor support

C.  

Loss of availability

D.  

Use of insecure protocols

Discussion 0
Questions 101

Which of the following security controls is most likely being used when a critical legacy server is segmented into a private network?

Options:

A.  

Deterrent

B.  

Corrective

C.  

Compensating

D.  

Preventive

Discussion 0
Questions 102

Which of the following scenarios describes a possible business email compromise attack?

Options:

A.  

An employee receives a gift card request in an email that has an executive's name in the display field of the email.

B.  

Employees who open an email attachment receive messages demanding payment in order to access files.

C.  

A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.

D.  

An employee receives an email with a link to a phishing site that is designed to look like the company's email portal.

Discussion 0
Questions 103

A company's marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for securing the data while in transit and at rest. Which of the following data roles describes the customer?

Options:

A.  

Processor

B.  

Custodian

C.  

Subject

D.  

Owner

Discussion 0
Questions 104

Two companies are in the process of merging. The companies need to decide how to standardize their information security programs. Which of the following would best align the security programs?

Options:

A.  

Shared deployment of CIS baselines

B.  

Joint cybersecurity best practices

C.  

Both companies following the same CSF

D.  

Assessment of controls in a vulnerability report

Discussion 0
Questions 105

While conducting a business continuity tabletop exercise, the security team becomes concerned by potential impacts if a generator fails during failover. Which of the following is the team most likely to consider in regard to risk management activities?

Options:

A.  

RPO

B.  

ARO

C.  

BIA

D.  

MTTR

Discussion 0
Questions 106

Which of the following examples would be best mitigated by input sanitization?

Options:

A.  

B.  

nmap - 10.11.1.130

C.  

Email message: "Click this link to get your free gift card."

D.  

Browser message: "Your connection is not private."

Discussion 0
Questions 107

A security professional discovers a folder containing an employee's personal information on the enterprise's shared drive. Which of the following best describes the data type the security professional should use to identify organizational policies and standards concerning the storage of employees' personal information?

Options:

A.  

Legal

B.  

Financial

C.  

Privacy

D.  

Intellectual property

Discussion 0
Questions 108

Which of the following is the best reason to complete an audit in a banking environment?

Options:

A.  

Regulatory requirement

B.  

Organizational change

C.  

Self-assessment requirement

D.  

Service-level requirement

Discussion 0
Questions 109

A company is developing a critical system for the government and storing project information on a fileshare. Which of the following describes how this data will most likely be classified? (Select two).

Options:

A.  

Private

B.  

Confidential

C.  

Public

D.  

Operational

E.  

Urgent

F.  

Restricted

Discussion 0
Questions 110

A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture?

Options:

A.  

Patch availability

B.  

Product software compatibility

C.  

Ease of recovery

D.  

Cost of replacement

Discussion 0
Questions 111

Which of the following most accurately describes the order in which a security engineer should implement secure baselines?

Options:

A.  

Deploy, maintain, establish

B.  

Establish, maintain, deploy

C.  

Establish, deploy, maintain

D.  

Deploy, establish, maintain

Discussion 0
Questions 112

A company would like to provide employees with computers that do not have access to the internet in order to prevent information from being leaked to an online forum. Which of the following would be best for the systems administrator to implement?

Options:

A.  

Air gap

B.  

Jump server

C.  

Logical segmentation

D.  

Virtualization

Discussion 0
Questions 113

Which of the following describes the procedures a penetration tester must follow while conducting a test?

Options:

A.  

Rules of engagement

B.  

Rules of acceptance

C.  

Rules of understanding

D.  

Rules of execution

Discussion 0
Questions 114

A growing company would like to enhance the ability of its security operations center to detect threats but reduce the amount of manual work required tor the security analysts. Which of the following would best enable the reduction in manual work?

Options:

A.  

SOAR

B.  

SIEM

C.  

MDM

D.  

DLP

Discussion 0
Questions 115

An organization needs to monitor its users' activities to prevent insider threats. Which of the following solutions would help the organization achieve this goal?

Options:

A.  

Behavioral analytics

B.  

Access control lists

C.  

Identity and access management

D.  

Network intrusion detection system

Discussion 0
Questions 116

A security analyst is creating base for the server team to follow when hardening new devices for deployment. Which of the following beet describes what the analyst is creating?

Options:

A.  

Change management procedure

B.  

Information security policy

C.  

Cybersecurity framework

D.  

Secure configuration guide

Discussion 0