Winter Sale- Special Discount Limited Time 65% Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

CompTIA SY0-601 CompTIA Security+ Exam 2021 Exam Practice Test

Page: 1 / 91
Total 911 questions

CompTIA Security+ Exam 2021 Questions and Answers

Question 1

A security analyst is tasked with defining the “something you are“ factor of the company’s MFA settings. Which of the following is BEST to use to complete the configuration?

Options:

A.

Gait analysis

B.

Vein

C.

Soft token

D.

HMAC-based, one-time password

Question 2

Users are presented with a banner upon each login to a workstation. The banner mentions that users are not entitled to any reasonable expectation of privacy and access is for authorized personnel only.

In order to proceed past that banner. users must click the OK button. Which of the following is this an example of?

Options:

A.

AUP

B.

NDA

C.

SLA

D.

MOU

Question 3

Which of the following techniques eliminates the use of rainbow tables for password cracking?

Options:

A.

Hashing

B.

Tokenization

C.

Asymmetric encryption

D.

Salting

Question 4

A company wants to build a new website to sell products online. The website will host a storefront application that will allow visitors to add products to a shopping cart and pay for the products using a credit card. Which of the following protocols would be the MOST secure to implement?

Options:

A.

SSL

B.

FTP

C.

SNMP

D.

TLS

Question 5

Which of the following is a risk that is specifically associated with hosting applications in the public cloud?

Options:

A.

Unsecured root accounts

B.

Zero—day

C.

Shared tenancy

D.

Insider threat

Question 6

Which of the following controls is used to make an organization initially aware of a data compromise?

Options:

A.

Protective

B.

Preventative

C.

Corrective

D.

Detective

Question 7

A company's security team received notice of a critical vulnerability affecting a high-profile device within the web infrastructure. The vendor patch was just made available online but has not yet been regression tested in development environments. In the interim, firewall rules were implemented to reduce the access to the interface affected by the vulnerability. Which of the following controls does this scenario describe?

Options:

A.

Deterrent

B.

Compensating

C.

Detective

D.

Preventive

Question 8

A company recently experienced an inside attack using a corporate machine that resulted in data compromise. Analysis indicated an unauthorized change to the software circumvented technological protection measures, The analyst was tasked with determining the best method to ensure the integrity of the systems remains intact and local and remote boot attestation can take place. Which of the following would provide the BEST solution?

Options:

A.

HIPS

B.

Flm

C.

TPM

D.

DLP

Question 9

An attacker has successfully exfiltrated several non-salted password hashes from an online system. Given the logs below:

Which of the following BEST describes the type of password attack the attacker is performing?

Options:

A.

Dictionary

B.

Pass-the-hash

C.

Brute-force

D.

Password spraying

Question 10

Which of the following is an effective tool to stop or prevent the exfiltration of data from a network?

Options:

A.

DLP

B.

NIDS

C.

TPM

D.

FDE

Question 11

A security manager has tasked the security operations center with locating all web servers that respond to an unsecure protocol. Which of the following commands could an analyst run to find requested servers?

Options:

A.

nslookup 10.10.10.0

B.

nmap -p 80 10.10.10.0/24

C.

pathping 10.10.10.0 -p 80

D.

no -1 -p 80

Question 12

An audit Identified Pll being utilized In the development environment of a critical application. The Chief Privacy Officer (CPO) Is adamant that this data must be removed; however, the developers are concerned that without real data they cannot perform functionality tests and search for specific data. Which of the following should a security professional implement to BEST satisfy both the CPO's and the development team's requirements?

Options:

A.

Data anonymlzallon

B.

Data encryption

C.

Data masking

D.

Data tokenization

Question 13

A major political party experienced a server breach. The hacker then publicly posted stolen internal communications concerning campaign strategies to give the opposition party an advantage. Which of the following BEST describes these threat actors?

Options:

A.

Semi-authorized hackers

B.

State actors

C.

Script kiddies

D.

Advanced persistent threats

Question 14

The president of a regional bank likes to frequently provide SOC tours to potential investors. Which of the following policies BEST reduces the risk of malicious activity occurring after a tour?

Options:

A.

Password complexity

B.

Acceptable use

C.

Access control

D.

Clean desk

Question 15

A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?

Options:

A.

Default system configuration

B.

Unsecure protocols

C.

Lack of vendor support

D.

Weak encryption

Question 16

A security analyst is receiving several alerts per user and is trying to determine If various logins are malicious. The security analyst would like to create a baseline of normal operations and reduce noise. Which of the following actions should the security analyst perform?

Options:

A.

Adjust the data flow from authentication sources to the SIEM.

B.

Disable email alerting and review the SIEM directly.

C.

Adjust the sensitivity levels of the SIEM correlation engine.

D.

Utilize behavioral analysis to enable the SIEM's learning mode.

Question 17

Which of the following is used to ensure that evidence is admissible in legal proceedings when it is collected and provided to the authorities?

Options:

A.

Chain of custody

B.

Legal hold

C.

Event log

D.

Artifacts

Question 18

Which of the following is a security best practice that ensures the integrity of aggregated log files within a SIEM?

Options:

A.

Set up hashing on the source log file servers that complies with local regulatory requirements,

B.

Back up the aggregated log files at least two times a day or as stated by local regulatory requirements.

C.

Write protect the aggregated log files and move them to an isolated server with limited access.

D.

Back up the source log files and archive them for at least six years or in accordance with local regulatory requirements.

Question 19

Which of the following BEST describes when an organization utilizes a ready-to-use application from a cloud provider?

Options:

A.

laaS

B.

SaaS

C.

Paas

D.

XaaS

Question 20

An organization just implemented a new security system. Local laws state that citizens must be notified prior to encountering the detection mechanism to deter malicious activities. Which of the following is being implemented?

Options:

A.

Proximity cards with guards

B.

Fence with electricity

C.

Drones with alarms

D.

Motion sensors with signage

Question 21

A cyber-security administrator is using an enterprise firewall. The administrator created some rules, but now Seems to be unresponsive. All connections being dropped by the firewall. Which of the following would be the BEST option to remove the rules?

Options:

A.

# iptables -t mangle -x

B.

# iptables -f

C.

# iptables -z

D.

# iptables -p input -j drop

Question 22

Which of the following control types fixes a previously identified issue and mitigates a risk?

Options:

A.

Detective

B.

Corrective

C.

Preventative

D.

Finalized

Question 23

Which of the following prevents an employee from seeing a colleague who is visiting an inappropriate website?

Options:

A.

Job rotation policy

B.

NDA

C.

AUP

D.

Separation Of duties policy

Question 24

A administrator needs to allow mobéle BYOD devices to access network resources, As the devices are not enrolled to the domain and do not have policies applied to them, which of the

following are best practces for authentication and infrastructure security? (Select TWO)

Options:

A.

Create a new network for the mobile devices and block the commurycaton to the intemal network and servers

B.

Use a captive portal for user authentication

C.

Authenticate users using OAuth for more resiliency.

D.

Implement SSO and allow communication to the intemal network.

E.

Use the existing network and allow communscation to the internal network and servers

F.

Use a new and updated RADIUS server to mamntain the best solution

Question 25

Which of the following is the purpose of a risk register?

Options:

A.

To define the level or risk using probability and likelihood

B.

To register the risk with the required regulatory agencies

C.

To identify the risk, the risk owner, and the risk measures

D.

To formally log the type of risk mitigation strategy the organization is using

Question 26

After consulting with the Chief Risk Officer (CRO). a manager decides to acquire cybersecurity insurance for the company Which of the following risk management strategies is the manager adopting?

Options:

A.

Risk acceptance

B.

Risk avoidance

C.

Risk transference

D.

Risk mitigation

Question 27

A cybersecurity administrator is using iptables as an enterprise firewall. The administrator created some rules, but the network now seems to be unresponsive All connections are being dropped by the firewall. Which of the following would be the BEST option to remove the rules?

Options:

A.

# iptables -t mangle -X

B.

# iptables –F

C.

# iptables -Z

D.

# iptables -P INPUT -j DROP

Question 28

Which of the following control sets should a well-written BCP include? (Select THREE)

Options:

A.

Preventive

B.

Detective

C.

Deterrent

D.

Corrective

E.

Compensating

F.

Physical

G.

Recovery

Question 29

An application owner has requested access for an external application to upload data from the central internal website without providing credentials at any point. Which of the following authentication methods should be configured to allow this type of integration access?

Options:

A.

OAuth

B.

SSO

C.

TACACS+

D.

Kerberos

Question 30

A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would BEST detect the

presence of a rootkit in the future?

Options:

A.

FDE

B.

NIDS

C.

EDR

D.

DLP

Question 31

Local guidelines require that all information systems meet a minimum-security baseline to be compliant.

Which of the following can security administrators use to assess their system configurations against the baseline?

Options:

A.

SOAR playbook

B.

Security control matrix

C.

Risk management framework

D.

Benchmarks

Question 32

uring an investigation, a security manager receives notification from local authorities that company proprietary data was found on a former employee's home computer. The former employee's

corporate workstation has since been repurposed, and the data on the hard drive has been overwritten. Which of the following would BEST provide the security manager with enough details to

determine when the data was removed from the company network?

Options:

A.

Properly configured hosts with security logging

B.

Properly configured endpoint security tool with alerting

C.

Properly configured SIEM with retention policies

D.

Properly configured USB blocker with encryption

Question 33

In which of the following common use cases would steganography be employed?

Options:

A.

Obfuscation

B.

Integrity

C.

Non-repudiation

D.

Blockchain

Question 34

A network engineer notices the VPN concentrator overloaded and crashes on days when there are a lot of remote workers. Senior management has placed greater importance on the availability of VPN resources for the remote workers than the security of the end users’ traffic. Which of the following would be BEST to solve this issue?

Options:

A.

iPSec

B.

Always On

C.

Split tunneling

D.

L2TP

Question 35

Which of the following incident response steps involves actions to protect critical systems while maintaining business operations?

Options:

A.

Investigation

B.

Containment

C.

Recovery

D.

Lessons learned

Question 36

A company's Chief Information Office (CIO) is meeting with the Chief Information Security Officer (CISO) to plan some activities to enhance the skill levels of the company's developers. Which of the following would be MOST suitable for training the developers'?

Options:

A.

A capture-the-flag competition

B.

A phishing simulation

C.

Physical security training

D.

Baste awareness training

Question 37

A systems administrator needs to install the same X.509 certificate on multiple servers. Which of the following should the administrator use?

Options:

A.

Key escrow

B.

A self-signed certificate

C.

Certificate chaining

D.

An extended validation certificate

Question 38

A Chief Security Office's (CSO's) key priorities are to improve preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks. Which of the following would BEST meet the CSO's objectives?

Options:

A.

Use email-filtering software and centralized account management, patch high-risk systems, and restrict administration privileges on fileshares.

B.

Purchase cyber insurance from a reputable provider to reduce expenses during an incident.

C.

Invest in end-user awareness training to change the long-term culture and behavior of staff and executives, reducing the organization's susceptibility to phishing attacks.

D.

Implement application whitelisting and centralized event-log management, and perform regular testing and validation of full backups.

Question 39

A security engineer needs to implement an MDM solution that complies with the corporate mobile device policy. The policy states that in order for mobile users to access corporate resources on their devices the following requirements must be met:

• Mobile device OSs must be patched up to the latest release

• A screen lock must be enabled (passcode or biometric)

• Corporate data must be removed if the device is reported lost or stolen

Which of the following controls should the security engineer configure? (Select TWO)

Options:

A.

Containerization

B.

Storage segmentation

C.

Posturing

D.

Remote wipe

E.

Full-device encryption

F.

Geofencing

Question 40

While reviewing the wireless router, a systems administrator of a small business determines someone is spoofing the MAC address of an authorized device.

Given the table below:

Which of the following should be the administrator's NEXT step to detect if there is a rague system without impacting availability?

Options:

A.

Conduct a ping sweep.

B.

Physically check each system.

C.

Deny Internet access to the "UNKNOWN" hostname.

D.

Apply MAC filtering.

Question 41

Which of the following would cause a Chief information Security Officer the MOST concer regarding newly installed Internet-accessible 4K surveillance cameras?

An inability to monitor 100% of every facility could expose the company to unnecessary risk.

B. The cameras could be compromised if not patched in a timely manner.

C. Physical security at the facility may not protect the cameras from theft.

D. Exported videos may take up excessive space on the file servers.

Options:

Question 42

hich of the following is the BEST method for ensuring non-repudiation?

Options:

A.

SSO

B.

Digital certificate

C.

Token

D.

SSH key

Question 43

A cybersecurity department purchased o new PAM solution. The team is planning to randomize the service account credentials of the Windows server first. Which of the following would be the BEST method to increase the security on the Linux server?

Options:

A.

Randomize the shared credentials

B.

Use only guest accounts to connect.

C.

Use SSH keys and remove generic passwords

D.

Remove all user accounts.

Question 44

An analyst needs to set up a method for securely transferring files between systems. One of the requirements is to authenticate the IP header and the payload. Which of the following services would BEST meet the criteria?

Options:

A.

TLS

B.

PFS

C.

ESP

D.

AH

Question 45

A company is setting up a web server on the Internet that will utilize both encrypted and unencrypted web-browsing protocols. A security engineer runs a port scan against the server from the Internet and sees the following output:

Which of the following steps would be best for the security engineer to take NEXT?

Options:

A.

Allow DNS access from the internet.

B.

Block SMTP access from the Internet

C.

Block HTTPS access from the Internet

D.

Block SSH access from the Internet.

Question 46

A network administrator has been asked to design a solution to improve a company's security posture The administrator is given the following, requirements?

• The solution must be inline in the network

• The solution must be able to block known malicious traffic

• The solution must be able to stop network-based attacks

Which of the following should the network administrator implement to BEST meet these requirements?

Options:

A.

HIDS

B.

NIDS

C.

HIPS

D.

NIPS

Question 47

Whiten of the folowing BEST describes the MFA atiribute tha requires6 calback on a predefined landline?

Options:

A.

Something you exchibl

B.

Something you can do

C.

Someone you krcear

D.

Somnewehere pou are

Question 48

A financial nstitution wauid like to stare its customer data in a coud but still allaw the data ta he accessed and manipulated while encrypted. Doing so would prevent the claud servine provider from heing adle ta decipher the data due ta its sensitivity. The financial institutan is not concernec about computational averheads and slow speeds, Which of the follawing cryotographic techniques would BEST meet the requirement?

Options:

A.

Asymmatric

B.

Symmetric

C.

Homeomorphic

D.

Ephemeral

Question 49

A security administrator has noticed unusual activity occurring between different global instances and workloads and needs to identify the source of the unusual

traffic. Which of the following log sources would be BEST to show the source of the unusual traffic?

Options:

A.

HIDS

B.

UEBA

C.

CASB

D.

VPC

Question 50

Several large orders of merchandise were recently purchased on an e-commerce company's website. The totals for each of the transactions were negative values, resulting in credits on the customers?

accounts. Which of the following should be implemented to prevent similar situations in the future?

Options:

A.

Ensure input validation is in place to prevent the use of invalid characters and values.

B.

Calculate all possible values to be added together and ensure the use of the proper integer in the code.

C.

Configure the web application firewall to look for and block session replay attacks.

D.

Make sure transactions that are submitted within very short time periods are prevented from being processed.

Question 51

A systoms administrator needs to instal the seme X.509 certificate on multiple servers. Which of the following should the administrator use?

Options:

A.

Key escrow

B.

Asself-signed certificate

C.

Cerificate chaining

D.

An extended validation certificate

Question 52

A recent security assessment revealed that an actor explolied a vuinerable workstation willvin an organization and has persisted on the network for several months. The organization realizes the need to reassess Its seourlty

strategy for mitigating risks within the perimeter Which of the following solutions woukl BEST support the organization's strategy?

Options:

A.

FIM

B.

OOP

C.

EOR

D.

DUT

Question 53

After installing a Windows server, a cybersecurity administrator needs to harden it, following security best practices. Which of the following will achieve the administrator's goal? (Select TWO).

Options:

A.

Disabling guest accounts

B.

Disabling service accounts

C.

Enabling network sharing

D.

Disabling NetBIOS over TCP/IP

E.

Storing LAN manager hash values

F.

Enabling NTLM

Question 54

Which of the following is the correct order of volatility from MOST to LEAST volatile? >

Options:

A.

Memory, temporary filesystems, routing tables, disk, network storage

B.

Cache, memory, temporary filesystems, disk, archival media

C.

Memory, disk, temporary filesystems, cache, archival media

D.

Cache, disk, temporary filesystems, network storage, archival media

Question 55

An organization recently recovered from a data breach. During the root cause analysis, the organization determined the source of the breach to be a personal cell phone that had been reported lost. Which of the following

solutions should the organization implement to reduce the likelihood of future data breaches?

Options:

A.

MDM

B.

MAM

C.

VDI

D.

DLP

Question 56

A external forensics investigator has been hired to investigate a data breach at a large enterprise with numerous assets. It is known that the breach started in the DMZ and moved to the sensitive information, generating multiple logs as the attacker traversed through the network. Which of the following will BEST assist with this investigation?

Options:

A.

Perform e@ vulnerability scan to identify the weak spots.

B.

Use a packet analyzer to investigate the NetFlow traffic

C.

Check the SIEM to review the correlated logs.

D.

Require access to the routers to view current sessions,

Question 57

An incident, which is affecting dozens of systems, involves malware that reaches out to an Internet service for rules and updates. The IP addresses for the

Internet host appear to be different in each case. The organization would like to determine a common IoC to support response and recovery actions. Which of

the following sources of information would BEST support this solution?

Options:

A.

Web log files

B.

Browser cache

C.

DNS query logs

D.

Antivirus

Question 58

A security administrator needs to inspect in-transit files on the enterprise network to search for Pll, credit card data, and classification words. Which of the following would be the BEST to use?

Options:

A.

IDS solution

B.

EDR solution

C.

HIPS software solution

D.

Network DLP solution

Question 59

An information security officer at a credit card transaction company is conducting a framework-mapping exercise with the internal controls. The company recently established a new office in Europe. To which of the following frameworks should the security officer map the existing controls? (Select TWO).

A Iso

B. PCI DSS

C. soc

D.. GDPR

E. CSA

F. NIST

Options:

Question 60

An organization plans to transition the intrusion detection and prevention techniques on a critical subnet to an anomaly-based system. Which of the following does the organization

need to determine for this to be successful?

Options:

A.

The baseline

B.

The endpoint configurations

C.

The adversary behavior profiles

D.

The IPS signatures

Question 61

A ecurily analyst b concemed alout iratic initiated to he dark web fom the corporate LAN. Which of the folowing motworks should he analyst monior?

Options:

A.

SFTP

B.

AS

C.

Tor

D.

LoC

Question 62

Whichppf the following will MOST likely cause machine-learning and Al-enabled systems to operate with unintended consequences?

Options:

A.

Stored procedures

B.

Buffer overflows

C.

Data bias

D.

Code reuse

Question 63

Joe, a security analyst, recently performed a network discovery to fully understand his organization's electronic footprint from a "public" perspective. Joe ran a set of commands and received the following output:

Which of the following can be determined about the organization's public presence and security posture? (Select TWO).

Options:

A.

Joe used Whois to produce this output.

B.

Joe used cURL to produce this output.

C.

Joe used Wireshark to produce this output.

D.

The organization has adequate information available in public registration.

E.

The organization has too much information available in public registration.

F.

The organization has too little information available in public registration.

Question 64

A Chief Security Officer (CSO) was notified that a customer was able to access confidential internal company files on a commonly used file-sharing service. The

file-sharing service is the same one used by company staff as one of its approved third-party applications. After further investigation, the security team

determines the sharing of confidential files was accidental and not malicious. However, the CSO wants to implement changes to minimize this type of incident

from reoccurring but does not want to impact existing business processes. Which of the following would BEST meet the CSO's objectives?

Options:

A.

DLP

B.

SWG

C.

CASB

D.

Virtual network segmentation

E; Container security

Question 65

A customer called a company's security team to report that all invoices the customer has received over the last five days from the company appear to have fraudulent banking details. An investigation

into the matter reveals the following

* The manager of the accounts payable department is using the same password across multiple external websites and the corporate account.

* One of the websites the manager used recently experienced a data breach

* The manager's corporate email account was successfully accessed in the last fve days by an IP address located in a foreign country

Which of the following attacks has MOST hkely been used to compromise the manager's corporate account?

A Remote access Trojan

B. Brute-force

C. Oicbonary

D. Credential stuffing

E. Password spraying

Options:

Question 66

An analyst is trying to identify insecure services that are running on the internal network. After performing a port scan, the analyst identifies that a server has

sont insecure services enabled on default ports. Which of the following BEST describes the services that are currently running and the secure alternatives for

replacing them? (Select THREE).

Options:

A.

SFTP, FTPS

B.

SNMPv2, SNMPv3

C.

HTTP, HTTPS

D.

TEIP, FIP

E.

SNMPv1, SNMPv2

F.

Telnet, SSH

G.

TLS, SSL

Question 67

The website http://companywebsite.com requires users to provide personal information including security responses, for

registration. which of the following would MOST likely cause a date breach?

Options:

A.

LACK OF INPUT VALIDATION

B.

OPEN PERMISSIONS

C.

UNSCECURE PROTOCOL

D.

MISSING PATCHES

Question 68

A security administrator is trying to determine whether a server is vulnerable to a range of attacks. After using a tool, the administrator obtains the following output:

Which of the following attacks was successfully implemented based on the output?

Options:

A.

Memory leak

B.

Race conditions

C.

SQL injection

D.

Directory traversal

Question 69

A SOC is implementing an insider-threat-detection program. The primary concern is that users may be accessing confidential data without authorization. Which of the following should be deployed to detect a potential insider

threat?

Options:

A.

honeyfile

B.

ADMZ

C.

DLP

D.

File integrity monitoring

Question 70

While reviewing pcap data, a network security analyst is able to locate plaintext usernames and passwords being sent from workstations to network witches. Which of the following is the security analyst MOST likely observing?

Options:

A.

SNMP traps

B.

A Telnet session

C.

An SSH connection

D.

SFTP traffic

Question 71

A company is implementing a new SIEM to log and send alerts whenever malicious activity is blocked by its antivirus and web content filters. Which of the following is the primary use case for this scenario?

Options:

A.

Implementation of preventive controls

B.

Implementation of detective controls

C.

Implementation of deterrent controls

D.

Implementation of corrective controls

Question 72

Ahelp desk technician receives an email from the Chief Information Officer (C/O) asking for documents. The technician knows the CIO is on vacation for a few weeks. Which of the following should the technician do to validate the authenticity of the email?

Options:

A.

Check the metadata in the email header of the received path in reverse order to follaw the email’s path.

B.

Hover the mouse over the CIO's email address to verify the email address.

C.

Look at the metadata in the email header and verify the "From." line matches the CIO's email address.

D.

Forward the email to the CIO and ask if the CIO sent the email requesting the documents.

Question 73

An analyst is working on an email security incident in which the target opened an attachment containing a worm. The analyst wants to implement mitigation techniques to prevent further spread. Which of the following is the BEST course of action for the analyst to take?

Options:

A.

Apply a DLP solution.

B.

Implement network segmentation

C.

Utilize email content filtering,

D.

isolate the infected attachment.

Question 74

A scurity analyst must enforce policies to harden an MDM infrastructure. The requirements are as follows:

* Ensure mobile devices can be tracked and wiped.

* Confirm mobile devices are encrypted.

Which of the following should the analyst enable on all the devices to meet these requirements?

Options:

A.

A Geofencing

B.

Biometric authentication

C.

Geolocation

D.

Geotagging

Question 75

Which of the following environments utilizes dummy data and is MOST likely to be installed locally on a system that allows code to be assessed directly and modified easily with each build?

Options:

A.

Production

B.

Test

C.

Staging

D.

Development

Question 76

An organization wants seamless authentication to its applications. Which of the following should the organization employ to meet this requirement?

Options:

A.

SOAP

B.

SAML

C.

SSO

D.

Kerberos

Question 77

A customer has reported that an organization's website displayed an image of a smiley (ace rather than the expected web page for a short time two days earlier. A security analyst reviews log tries and sees the following around the lime of the incident:

Which of the following is MOST likely occurring?

Options:

A.

Invalid trust chain

B.

Domain hijacking

C.

DNS poisoning

D.

URL redirection

Question 78

A bad actor tries to persuade someone to provide financial information over the phone in order to gain access to funds. Which of the following types of attacks does this scenario describe?

Options:

A.

Vishing

B.

Phishing

C.

Spear phishing

D.

Whaling

Question 79

A company recenty experienced an attack during which its main website was Girected to the attacker's web server, allowing the attacker to harvest credentials trom unsuspecting customers, Which of the following should the

company implement lo prevent this type of attack from occurring In the future?

Options:

A.

PSec

B.

SSL/TLS

C.

ONSSEC

D.

SMIME

Question 80

it a current private key is compromised, which of the following would ensure it cannot be used to decrypt ail historical data?

Options:

A.

Pertect forward secrecy

B.

Eiliptic-curve cryptography

C.

Key stretching

D.

Homomorphic encryption

Question 81

Which of the following describes a maintenance metric that measures the average time required to troubleshoot and restore failed equipment?

Options:

A.

RTO

B.

MTBF

C.

MTTR

D.

RPO

Question 82

Which of the following conditions impacts data sovereignty?

Options:

A.

Rights management

B.

Criminal investigations

C.

Healthcare data

D.

Intemational operations

Question 83

Aconbgany uses a drone for precise perimeter and boundary monitoring. Which of the following should be MOST conceming to the company?

Options:

A.

Privacy

B.

Cloud storage of telemetry data

C.

GPS spoofing

D.

Weather events

Question 84

ir security team received a report of copyright infringement from the IP space of the corporate network. The report provided a precise time stamp for the incident as well as the name of the copyrighted file“sThe analyst has been tasked with determining the infringing source machine and instructed to implement measures to prevent such incidents from occurring again. Which of the following is MOST capable of accomplishing both tasks?

Options:

A.

HIDS

B.

Allow list

C.

TPM

D.

NGFW

Question 85

A security analyst notices several attacks are being blocked by the NIPS but does not see anything on the boundary firewall logs. The attack seems to have been thwarted Which of the following resiliency techniques was applied to the network to prevent this attack?

Options:

A.

NIC Teaming

B.

Port mirroring

C.

Defense in depth

D.

High availability

E.

Geographic dispersal

Question 86

A securily analysl has receved several reporls of an issue on an inlemal web application. Users state they are having to provide their credentials brice to log in. The analyst checks with he application team and noles Unis is not an expected bohavier. After looking at several lags, the analysi deciies to in some commands on the gateway and obtains the following output:

Which of the following BEST describes the attack the company is experiencing?

Options:

A.

MAC fleoding

B.

URL redirection

C.

ARP paisoning

D.

DNS hijacking

Question 87

Atocompany wants to modify its current backup strategy to modity its current backup strategy to minenize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategy

Options:

A.

Incremental backups followed by differential backups

B.

Full backups followed by incremental backups

C.

Delta backups followed by differental backups

D.

Incremental backups followed by delta backups

E.

Full backup followed by different backups

Question 88

A security engineer is installing a WéAF io protect the company's website from malicious wed requests over SSL, Which of the following is needed io meet the objective?

A, A ere proxy

B.A Geeryption certificate

C. A gpill-tunnel VPN

D. Load-balanced servere

Options:

Question 89

Which of the following uses six initial steps that provide basic control over system security by including hardware and software inventory, vulnerability management, and continuous monitoring to minimize risk in all network environments?

Options:

A.

ISO 27701

B.

The Center for Internet Security

C.

SSAE SOC 2

D.

NIST Risk Management Framework

Question 90

A company recently expenenced an attack dunng which #5 main website was directed to the atacker’s web server, allowing the attacker to harvest credentials from unsuspecting customers. Vhich of the following snould the company Implement to prevent this type of attack from accurting in the future?

Options:

A.

IPSec

B.

SSL/TLS

C.

DNSSEC

D.

S/MIME

Question 91

A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned tf servers in the company's DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN. Which of the following TCP ports should be blocked for all external inbound connections to the DMZ as a workaround to protect the servers? (Select TWO).

Options:

A.

135

B.

139

C.

143

D.

161

E.

443

F.

445

Question 92

A cybersecurity administrator needs to implement a Layer 7 security control on a network and block potential attacks. Which of the following can block an attack at Layer 7? (Select TWO).

Options:

A.

HIDS

B.

NIPS

C.

HSM

D.

WAF

E.

NAC

F.

NIDS

G.

Stateless firewall

Question 93

A tax organization is working on a solution to validate the online submission of documents The solution should be earned on a portable USB device that should be inserted on any computer that is transmitting a transaction securely. Which of the following is the BEST certificate for these requirements?

Options:

A.

User certificate

B.

Self-signed certificate

C.

Computer certificate

D.

Root certificate

Question 94

Which of the following is the BEST example of a cost-effective physical control to enforce a USB removable media restriction policy?

Options:

A.

Putting security/antitamper tape over USB ports logging the port numbers and regularly inspecting the ports

B.

Implementing a GPO that will restrict access to authorized USB removable media and regularly verifying that it is enforced

C.

Placing systems into locked key-controlled containers with no access to the USB ports

D.

Installing an endpoint agent to detect connectivity of USB and removable media

Question 95

A company is looking to migrate some servers to the cloud to minimize its technology footprint. The company has 100 databases that are on premises. Which of the following solutions will require the LEAST management and support from the company?

Options:

A.

SaaS

B.

IaaS

C.

PaaS

D.

SDN

Question 96

A technician enables full disk encryption on a laptop that will be taken on a business tnp. Which of the following does this process BEST protect?

Options:

A.

Data in transit

B.

Data in processing

C.

Data at rest

D.

Data tokenization

Question 97

During a recent incident an external attacker was able to exploit an SMB vulnerability over the internet. Which of the following action items should a security analyst perform FIRST to prevent this from occurring again?

Options:

A.

Check for any recent SMB CVEs

B.

Install AV on the affected server

C.

Block unneeded TCP 445 connections

D.

Deploy a NIDS in the affected subnet

Question 98

An amusement park is implementing a btomelnc system that validates customers' fingerpnnts to ensure they are not sharing tickets The park's owner values customers above all and would prefer customers' convenience over security For this reason which of the following features should the security team prioritize FIRST?

Options:

A.

Low FAR

B.

Low efficacy

C.

Low FRR

D.

Low CER

Question 99

A company is providing security awareness training regarding the importance of not forwarding social media messages from unverified sources. Which of the following risks would this training help to prevent?

Options:

A.

Hoaxes

B.

SPIMs

C.

Identity fraud

D.

Credential harvesting

Question 100

The Chief Information Security Officer wants to prevent exfiltration of sensitive information from employee cell phones when using public USB power charging stations. Which of the following would be the BEST solution to Implement?

Options:

A.

DLP

B.

USB data blocker

C.

USB OTG

D.

Disabling USB ports

Question 101

After a recent security breach a security analyst reports that several admimstratrve usemames and passwords are being sent via cieartext across the network to access network devices over prot 23 Which of the following should be implemented so all credentials sent over the network are encrypted when remotely accessing and configunng network devices?

Options:

A.

SSH

B.

SNMPv3

C.

SFTP

D.

Telnet

E.

FTP

Question 102

A penetration tester was able to compromise an internal server and is now trying to pivot the current session in a network lateral movement Which of the following tools if available on the server, will provide the MOST useful information for the next assessment step?

Options:

A.

Autopsy

B.

Cuckoo

C.

Memdump

D.

Nmap

Question 103

Certain users are reporting their accounts are being used to send unauthorized emails and conduct suspicious activities After further investigation, a security analyst notices the following

• All users share workstations throughout the day

• Endpoint protection was disabled on several workstations throughout the network.

• Travel times on logins from the affected users are impossible

• Sensitive data is being uploaded to external sites

• All usee account passwords were forced lo be reset and the issue continued

Which of the following attacks is being used to compromise the user accounts?

Options:

A.

Brute-force

B.

Keylogger

C.

Dictionary

D.

Rainbow

Question 104

Which of the following statements BEST describes zero-day exploits'?

Options:

A.

When a zero-day exploit is discovered, the system cannot be protected by any means

B.

Zero-day exploits have their own scoring category in CVSS

C.

A zero-day exploit is initially undetectable and no patch for it exists

D.

Discovering zero-day exploits is always performed via bug bounty programs

Question 105

Which biometric error would allow an unauthorized user to access a system?

Options:

A.

False acceptance

B.

False entrance

C.

False rejection

D.

False denial

Question 106

A company needs to validate its updated incident response plan using a real-world scenario that will test decision points and relevant incident response actions without interrupting daily operations. Which of the following would BEST meet the company's requirements?

Options:

A.

Red-team exercise

B.

Capture-the-flag exercise

C.

Tabletop exercise

D.

Phishing exercise

Question 107

An organization discovered files with proprietary financial data have been deleted. The files have been recovered from backup but every time the Chief Financial Officer logs in to the file server, the same files are deleted again No other users are experiencing this issue. Which of the following types of malware is MOST likely causing this behavior?

Options:

A.

Logic bomb

B.

Crypto malware

C.

Spyware

D.

Remote access Trojan

Question 108

A security engineer was assigned to implement a solution to prevent attackers from gaining access by pretending to be authorized users. Which of the following technologies meets the requirement?

Options:

A.

SSO

B.

IDS

C.

MFA

D.

TPM

Question 109

Security analysts are conducting an investigation of an attack that occurred inside the organization’s network. An attacker was able to connect network traffic between workstation throughout the network. The analysts review the following logs:

The layer 2 address table has hundred of entries similar to the ones above. Which of the following attacks has MOST likely occurred?

Options:

A.

SQL injection

B.

DNS spoofing

C.

MAC flooding

D.

ARP poisoning

Question 110

An employee received a word processing file that was delivered as an email attachment The subject line and email content enticed the employee to open the attachment. Which of the following attack vectors BEST matches this malware?

Options:

A.

Embedded Python code

B.

Macro-enabled file

C.

Bash scripting

D.

Credential-harvesting website

Question 111

Which of the following documents provides expectations at a technical level for quality, availability, and responsibilities?

Options:

A.

EOL

B.

SLA

C.

MOU

D.

EOSL

Question 112

Which of the following provides a calculated value for known vulnerabilities so organizations can prioritize mitigation steps?

Options:

A.

CVSS

B.

SIEM

C.

SOAR

D.

CVE

Question 113

The SOC for a large MSSP is meeting to discuss the lessons learned from a recent incident that took much too long to resolve This type of incident has become more common in recent weeks and is consuming large amounts of the analysts' time due to manual tasks being performed Which of the following solutions should the SOC consider to BEST improve its response time?

Options:

A.

Configure a NIDS appliance using a Switched Port Analyzer

B.

Collect OSINT and catalog the artifacts in a central repository

C.

Implement a SOAR with customizable playbooks

D.

Install a SIEM with community-driven threat intelligence

Question 114

A security analyst was called to investigate a file received directly from a hardware manufacturer. The analyst is trying to determine whether odified in transit before installation on the user's computer. Which of the following can be used to safely assess the file?

Options:

A.

Check the hash of the installation file

B.

Match the file names

C.

Verify the URL download location

D.

Verify the code-signing certificate

Question 115

While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is alerted to a subsequent token reuse moments later on a different service using the same single sign-on method. Which of the following would BEST detect a malicious actor?

Options:

A.

Utilizing SIEM correlation engines

B.

Deploying Netflow at the network border

C.

Disabling session tokens for all sites

D.

Deploying a WAF for the web server

Question 116

The technology department at a large global company is expanding its Wi-Fi network infrastructure at the headquarters building Which of the following should be closely coordinated between the technology, cybersecurity, and physical security departments?

Options:

A.

Authentication protocol

B.

Encryption type

C.

WAP placement

D.

VPN configuration

Question 117

The compliance team requires an annual recertification of privileged and non-privileged user access. However, multiple users who left the company six months ago still have access. Which of the following would have prevented this compliance violation?

Options:

A.

Account audits

B.

AUP

C.

Password reuse

D.

SSO

Question 118

Which of the following incident response steps occurs before containment?

Options:

A.

Eradication

B.

Recovery

C.

Lessons learned

D.

Identification

Question 119

Which of the following should customers who are involved with Ul developer agreements be concerned with when considering the use of these products on highly sensitive projects?

Options:

A.

Weak configurations

B.

Integration activities

C.

Unsecure user accounts

D.

Outsourced code development

Question 120

An application owner reports suspicious activity on an internal financial application from various internal users within the past 14 days. A security analyst notices the following:

•Financial transactions were occurring during irregular time frames and outside of business hours by unauthorized users.

•Internal users in question were changing their passwords frequently during that time period.

•A jump box that several domain administrator users use to connect to remote devices was recently compromised.

•The authentication method used in the environment is NTLM.

Which of the following types of attacks is MOST likely being used to gain unauthorized access?

Options:

A.

Pass-the-hash

B.

Brute-force

C.

Directory traversal

D.

Replay

Question 121

During an investigation, the incident response team discovers that multiple administrator accounts were suspected of being compromised. The host audit logs indicate a repeated brute-force attack on a single administrator account followed by suspicious logins from unfamiliar geographic locations. Which of the following data sources would be BEST to use to assess the accounts impacted by this attack?

Options:

A.

User behavior analytics

B.

Dump files

C.

Bandwidth monitors

D.

Protocol analyzer output

Question 122

A systems analyst determines the source of a high number of connections to a web server that were initiated by ten different IP addresses that belong to a network block in a specific country. Which of the following techniques will the systems analyst MOST likely implement to address this issue?

Options:

A.

Content filter

B.

SIEM

C.

Firewall rules

D.

DLP

Question 123

Which of the following BEST describes the team that acts as a referee during a penetration-testing exercise?

Options:

A.

White team

B.

Purple team

C.

Green team

D.

Blue team

E.

Red team

Question 124

A security engineer is hardening existing solutions to reduce application vulnerabilities. Which of the following solutions should the engineer implement FIRST? (Select TWO)

Options:

A.

Auto-update

B.

HTTP headers

C.

Secure cookies

D.

Third-party updates

E.

Full disk encryption

F.

Sandboxing

G.

Hardware encryption

Question 125

A security engineer is reviewing the logs from a SAML application that is configured to use MFA, during this review the engineer notices a high volume of successful logins that did not require MFA from users who were traveling internationally. The application, which can be accessed without a VPB, has a policy that allows time-based tokens to be generated. Users who changed locations should be required to reauthenticate but have been Which of the following statements BEST explains the issue?

Options:

A.

OpenID is mandatory to make the MFA requirements work

B.

An incorrect browser has been detected by the SAML application

C.

The access device has a trusted certificate installed that is overwriting the session token

D.

The user’s IP address is changing between logins, bur the application is not invalidating the token

Question 126

A Chief Information Security Officer (CISO) is evaluating (he dangers involved in deploying a new ERP system tor the company. The CISO categorizes the system, selects the controls mat apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system Which of the following is the CISO using to evaluate Hie environment for this new ERP system?

Options:

A.

The Diamond Model of Intrusion Analysis

B.

CIS Critical Security Controls

C.

NIST Risk Management Framevtoik

D.

ISO 27002

Question 127

A security analyst has been tasked with creating a new WiFi network for the company. The requirements received by the analyst are as follows:

•Must be able to differentiate between users connected to WiFi

•The encryption keys need to change routinely without interrupting the users or forcing reauthentication

•Must be able to integrate with RADIUS

•Must not have any open SSIDs

Which of the following options BEST accommodates these requirements?

Options:

A.

WPA2-Enterprise

B.

WPA3-PSK

C.

802.11n

D.

WPS

Question 128

A Chief Information Officer is concerned about employees using company-issued laptops lo steal data when accessing network shares. Which of the following should the company Implement?

Options:

A.

DLP

B.

CASB

C.

HIDS

D.

EDR

E.

UEFI

Question 129

A security analyst needs to implement an MDM solution for BYOD users that willallow the company to retain control over company emails residing on the devices andlimit data exfiltration that might occur if the devices are lost or stolen.Which of the following would BEST meet these requirements? (Select TWO).

Options:

A.

Full-device encryption

B.

Network usage rules

C.

Geofencing

D.

Containerization

E.

Application whitelisting

F.

Remote control

Question 130

A Chief information Officer is concemed about employees using company-issued laptops to steal dala when accessing network shares Which of the following should the company implement?

Options:

A.

DLP

B.

CASB

C.

HIDS

D.

EDR

E.

UEFI

Question 131

Which of the following environments typically hosts the current version configurations and code, compares user-story responses and workflow, and uses a modified version of actual data for testing?

Options:

A.

Development

B.

Staging

C.

Production

D.

Test

Question 132

Which of the following Is the BEST reason to maintain a functional and effective asset management policy that aids in ensuring the security of an organization?

Options:

A.

To provide data to quantify risk based on the organization's systems

B.

To keep all software and hardware fully patched for known vulnerabilities

C.

To only allow approved, organization-owned devices onto the business network

D.

To standardize by selecting one laptop model for all users in the organization

Question 133

Which of the following authentication methods is considered to be the LEAST secure?

Options:

A.

TOTP

B.

SMS

C.

HOTP

D.

Token key

Question 134

An attacker replaces a digitally signed document with another version that goes unnoticed Upon reviewing the document's contents the author notices some additional verbiage that was not originally in the document but cannot validate an integrity issue. Which of the following attacks was used?

Options:

A.

Cryptomalware

B.

Hash substitution

C.

Collision

D.

Phishing

Question 135

Which of the following roles would MOST likely have direct access to the senior management team?

Options:

A.

Data custodian

B.

Data owner

C.

Data protection officer

D.

Data controller

Question 136

While troubleshooting a service disruption on a mission-critical server, a technician discovered the user account that was configured to run automated processes was disabled because the user's password failed to meet password complexity requirements. Which of the following would be the BEST solution to securely prevent future issues?

Options:

A.

Using an administrator account to run the processes and disabling the account when it is not in use

B.

Implementing a shared account the team can use to run automated processes

C.

Configuring a service account to run the processes

D.

Removing the password complexity requirements for the user account

Page: 1 / 91
Total 911 questions