Summer Sale Discount Flat 70% Offer - Ends in 0d 00h 00m 00s - Coupon code: 70diswrap

CompTIA SY0-701 Dumps

Page: 1 / 89
Total 887 questions

CompTIA Security+ Exam 2026 Questions and Answers

Question 1

An IT team rolls out a new management application that uses a randomly generated MFA token sent to the administrator’s phone. Despite this new MFA precaution, there is a security breach of the same software. Which of the following describes this kind of attack?

Options:

A.

Smishing

B.

Typosquatting

C.

Espionage

D.

Pretexting

Question 2

Which of the following methods to secure credit card data is best to use when a requirement is to see only the last four numbers on a credit card?

Options:

A.

Encryption

B.

Hashing

C.

Masking

D.

Tokenization

Question 3

An engineer moved to another team and is unable to access the new team ' s shared folders while still being able to access the shared folders from the former team. After opening a ticket, the engineer discovers that the account was never moved to the new group. Which of the following access controls is most likely causing the lack of access? 1  

Options:

A.

Role-based

B.

Discretionary

C.

Time of day

D.

Least privilege

Question 4

A security analyst reviews logs and finds a large number of malicious requests that have caused performance issues on the company ' s site. Which of the following would have most likely prevented this attack?

Options:

A.

IPSec

B.

TLS

C.

SDN

D.

WAF

Question 5

A security team created a document that details the order in which critical systems should be through back online after a major outage. Which of the following documents did the team create?

Options:

A.

Communication plan

B.

Incident response plan

C.

Data retention policy

D.

Disaster recovery plan

Question 6

When trying to access an internal website, an employee reports that a prompt displays, stating that the site is insecure. Which of the following certificate types is the site most likely using?

Options:

A.

Wildcard

B.

Root of trust

C.

Third-party

D.

Self-signed

Question 7

To which of the following security categories does an EDR solution belong?

Options:

A.

Physical

B.

Operational

C.

Managerial

D.

Technical

Question 8

An important patch for a critical application has just been released, and a systems administrator is identifying all of the systems requiring the patch. Which of the following must be maintained in order to ensure that all systems requiring the patch are updated?

Options:

A.

Asset inventory

B.

Network enumeration

C.

Data certification

D.

Procurement process

Question 9

After a series of account compromises and credential misuse, a company hires a security manager to develop a security program. Which of the following steps should the security manager take first to increase security awareness?

Options:

A.

Evaluate tools that identify risky behavior and distribute reports on the findings.

B.

Send quarterly newsletters that explain the importance of password management.

C.

Develop phishing campaigns and notify the management team of any successes.

D.

Update policies and handbooks to ensure all employees are informed of the new procedures.

Question 10

A security engineer configured a remote access VPN. The remote access VPN allows end users to connect to the network by using an agent that is installed on the endpoint, which establishes an encrypted tunnel. Which of the following protocols did the engineer most likely implement?

Options:

A.

GRE

B.

IPSec

C.

SD-WAN

D.

EAP

Question 11

Which of the following outlines the configuration, maintenance, and security roles between a cloud service provider and the customer?

Options:

A.

Service-level agreement

B.

Responsibility matrix

C.

Memorandum of understanding

D.

Non-disclosure agreement

Question 12

A company discovers suspicious transactions that were entered into the company ' s database and attached to a user account that was created as a trap for malicious activity. Which of the following is the user account an example of?

Options:

A.

Honeytoken

B.

Honeynet

C.

Honeypot

D.

Honeyfile

Question 13

An organization experiences a suspected data breach that affects sensitive client information. The incident response team must preserve logs, server images, and email communications related to the breach. Which of the following best describes this course of action?

Options:

A.

Maintaining the chain of custody

B.

Performing root cause analysis

C.

Enforcing a legal hold

D.

Conducting a containment activity

Question 14

A security analyst is creating the first draft of a network diagram for the company ' s new customer-facing payment application that will be hosted by a third-party cloud service

provider.

as

as

Options:

Question 15

A business received a small grant to migrate its infrastructure to an off-premises solution. Which of the following should be considered first?

Options:

A.

Security of cloud providers

B.

Cost of implementation

C.

Ability of engineers

D.

Security of architecture

Question 16

Which of the following best explains a concern with OS-based vulnerabilities?

Options:

A.

An exploit would give an attacker access to system functions that span multiple applications.

B.

The OS vendor ' s patch cycle is not frequent enough to mitigate the large number of threats.

C.

Most users trust the core operating system features and may not notice if the system has been compromised.

D.

Exploitation of an operating system vulnerability is typically easier than any other vulnerability.

Question 17

Which of the following Is a common, passive reconnaissance technique employed by penetration testers in the early phases of an engagement?

Options:

A.

Open-source intelligence

B.

Port scanning

C.

Pivoting

D.

Exploit validation

Question 18

A few weeks after deploying additional email servers, a company begins to receive complaints that messages are going into recipients’ spam folders. Which of the following needs to be updated?

Options:

A.

CNAME

B.

SMTP

C.

DLP

D.

SPF

Question 19

Which of the following vulnerabilities is exploited when an attacker overwrites a register with a malicious address?

Options:

A.

VM escape

B.

SQL injection

C.

Buffer overflow

D.

Race condition

Question 20

A security analyst is monitoring logs from the organization ' s SIEM and identifies logs related to one of their salespeople:

Time | IP address | Location | EmpID | App | Status

14:02 | 72.45.38.27 | Atlanta | 25687 | VPN | Success

14:04 | 72.45.38.27 | Atlanta | 25687 | Email | Failure

14:07 | 58.67.47.48 | Beijing | 25687 | VPN | Success

14:15 | 72.45.38.27 | Atlanta | 25687 | Teams | Success

Which of the following is being displayed in the logs?

Options:

A.

Impossible travel

B.

SMTP replay

C.

Directory traversal

D.

Cross-site request forgery

Question 21

Alerts from email protection systems and MSSPs must be entered into an IT service management system and assigned to the security team. Which of the following should an organization implement to enable this functionality?

Options:

A.

Automated compliance monitoring

B.

Automated ticket creation

C.

Automated vulnerability scans

D.

Automated indicator sharing

Question 22

An organization is leveraging a VPN between its headquarters and a branch location. Which of the following is the VPN protecting?

Options:

A.

Data in use

B.

Data in transit

C.

Geographic restrictions

D.

Data sovereignty

Question 23

A systems administrator set up a perimeter firewall but continues to notice suspicious connections between internal endpoints. Which of the following should be set up in order to mitigate the threat posed by the suspicious activity?

Options:

A.

Host-based firewall

B.

Web application firewall

C.

Access control list

D.

Application allow list

Question 24

Which of the following would be best suited for constantly changing environments?

Options:

A.

RTOS

B.

Containers

C.

Embedded systems

D.

SCADA

Question 25

A new employee logs in to the email system for the first time and notices a message from human resources about onboarding. The employee hovers over a few of the links within the email and discovers that the links do not correspond to links associated with the company. Which of the following attack vectors is most likely being used?

Options:

A.

Business email

B.

Social engineering

C.

Unsecured network

D.

Default credentials

Question 26

A security analyst sees an increase of vulnerabilities on workstations after a deployment of a company group policy. Which of the following vulnerability types will the analyst most likely find on the workstations?

Options:

A.

Misconfiguration

B.

Zero-day

C.

Malicious update

D.

Supply chain

Question 27

A security architect wants to prevent employees from receiving malicious attachments by email. Which of the following functions should the chosen solution do?

Options:

A.

Apply IP address reputation data.

B.

Tap and monitor the email feed.

C.

Scan email traffic inline.

D.

Check SPF records.

Question 28

An IT administrator needs to ensure data retention standards are implemented on an enterprise application. Which of the following describes the administrator ' s role?

Options:

A.

Processor

B.

Custodian

C.

Privacy officer

D.

Owner

Question 29

Which of the following is the best way to provide secure remote access for employees while minimizing the exposure of a company ' s internal network?

Options:

A.

VPN

B.

LDAP

C.

FTP

D.

RADIUS

Question 30

An accounting clerk sent money to an attacker ' s bank account after receiving fraudulent instructions over the phone to use a new account. Which of the following would most likely prevent this activity in the future?

Options:

A.

Standardizing security incident reporting

B.

Executing regular phishing campaigns

C.

Implementing insider threat detection measures

D.

Updating processes for sending wire transfers

Question 31

An attacker uses XSS to compromise a web server. Which of the following solutions could have been used to prevent this attack?

Options:

A.

NGFW

B.

UTM

C.

WAF

D.

NAC

Question 32

Which of the following best explains the role of compensating controls?

Options:

A.

Reducing the attack surface by isolating vulnerable components within a segmented environment

B.

Providing an alternative security measure when standard remediation is not feasible

C.

Delaying remediation timelines by replacing affected systems in a maintenance window

D.

Remediating software flaws by modifying source code to remove insecure functions

Question 33

Which of the following solutions would most likely be used in the financial industry to mask sensitive data?

Options:

A.

Tokenization

B.

Hashing

C.

Salting

D.

Steganography

Question 34

Which of the following technologies assists in passively verifying the expired status of a digital certificate?

Options:

A.

OCSP

B.

CRL

C.

TPM

D.

CSR

Question 35

The help desk receives multiple calls that machines with an outdated OS version are running slowly. Several users are seeing virus detection alerts. Which of the following mitigation techniques should be reviewed first?

Options:

A.

Patching

B.

Segmentation

C.

Monitoring

D.

Isolation

Question 36

An administrator installs an SSL certificate on a new system. During testing, errors indicate that the certificate is not trusted. The administrator has verified with the issuing CA and has validated the private key. Which of the following should the administrator check for next?

Options:

A.

If the wildcard certificate is configured

B.

If the certificate signing request is valid

C.

If the root certificate is installed

D.

If the public key is configured

Question 37

Which of the following are the most important considerations when encrypting data? (Select two).

Options:

A.

Obfuscation

B.

Algorithms

C.

Data masking

D.

Key length

E.

Tokenization

F.

Salting

Question 38

Which of the following is the most likely motivation for a company administrator to look at an employee ' s personal information in a database?

Options:

A.

Ideological differences

B.

General curiosity

C.

Gain influence

D.

Intellectual property

Question 39

An external security assessment report indicates a high click rate on suspicious emails. The Chief Intelligence Security Officer (CISO) must reduce this behavior. Which of the following should the CISO do first?

Options:

A.

Update the acceptable use policy.

B.

Deploy a password management solution.

C.

Issue warning letters to affected users.

D.

Implement a phishing awareness campaign.

Question 40

A company is in the process of cutting jobs to manage costs. The Chief Information Security Officer is concerned about the increased risk of an insider threat. Which of the following will most likely help the security awareness team address this potential threat?

Options:

A.

Immediately disable the accounts of staff who are likely to be terminated.

B.

Train supervisors to identify and manage disgruntled employees.

C.

Configure DLP to monitor staff who will be terminated.

D.

Raise awareness for business leaders on social engineering techniques.

Question 41

Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer’s PII?

Options:

A.

SCAP

B.

Net Flow

C.

Antivirus

D.

DLP

Question 42

A company processes and stores sensitive data on its own systems. Which of the following steps should the company take first to ensure compliance with privacy regulations?

Options:

A.

Implement access controls and encryption.

B.

Develop and provide training on data protection policies.

C.

Create incident response and disaster recovery plans.

D.

Purchase and install security software.

Question 43

Which of the following would most likely be used by attackers to perform credential harvesting?

Options:

A.

Social engineering

B.

Supply chain compromise

C.

Third-party software

D.

Rainbow table

Question 44

An organization has learned that its data is being exchanged on the dark web. The CIO

has requested that you investigate and implement the most secure solution to protect employee accounts.

INSTRUCTIONS

Review the data to identify weak security practices and provide the most appropriate

security solution to meet the CIO ' s requirements.

as

Options:

Question 45

Prior to implementing a design change, the change must go through multiple steps to ensure that it does not cause any security issues. Which of the following is most likely to be one of those steps?

Options:

A.

Management review

B.

Load testing

C.

Maintenance notifications

D.

Procedure updates

Question 46

Which of the following digital forensics activities would a security team perform when responding to legal requests in a pending investigation?

Options:

A.

E-discovery

B.

User provisioning

C.

Firewall log export

D.

Root cause analysis

Question 47

An organization plans to increase security controls for devices that connect to its internal network. The additional security control must perform port-based authentication as part of the connection process. Which of the following should the organization implement?

Options:

A.

EDR

B.

SASE

C.

802.1X

D.

WPA3

Question 48

A systems administrator is auditing all company servers to ensure. They meet the minimum security baseline While auditing a Linux server, the systems administrator observes the /etc/shadow file has permissions beyond the baseline recommendation. Which of the following commands should the systems administrator use to resolve this issue?

Options:

A.

chmod

B.

grep

C.

dd

D.

passwd

Question 49

An organization wants to deploy software in a container environment to increase security. Which of the following will limit the organization ' s ability to achieve this goal?

Options:

A.

Regulatory compliance

B.

Patch availability

C.

Kernel version

D.

Monolithic code

Question 50

Which of the following uses proprietary controls and is designed to function in harsh environments over many years with limited remote access management?

Options:

A.

ICS

B.

Microservers

C.

Containers

D.

IoT

Question 51

Which of the following allows an exploit to go undetected by the operating system?

Options:

A.

Firmware vulnerabilities

B.

Side loading

C.

Memory injection

D.

Encrypted payloads

Question 52

A security engineer is implementing FDE for all laptops in an organization. Which of the following are the most important for the engineer to consider as part of the planning process? (Select two).

Options:

A.

Key escrow

B.

TPM presence

C.

Digital signatures

D.

Data tokenization

E.

Public key management

F.

Certificate authority linking

Question 53

A security analyst receives an alert that an employee has clicked on a phishing email and exposed their credentials. Which of the following should the analyst do?

Options:

A.

Notify all employees about the phishing attack and instruct them to avoid suspicious emails.

B.

Wait for confirmation from the employee before making any changes to the account.

C.

Reimage the employee ' s workstation to ensure no malware is present.

D.

Lock the employee ' s account to prevent further unauthorized access.

Question 54

A business provides long-term cold storage services to banks that are required to follow regulator-imposed data retention guidelines. Banks that use these services require that data is disposed of in a specific manner at the conclusion of the regulatory threshold for data retention. Which of the following aspects of data management is the most important to the bank in the destruction of this data?

Options:

A.

Encryption

B.

Classification

C.

Certification

D.

Procurement

Question 55

A company experiences a data loss event due to a stolen laptop. In order to prevent future similar events, a security analyst must implement a scalable solution to ensure all data on company laptops remains secure in the event of theft or loss. Which of the following should the analyst do next?

Options:

A.

Configure the HSM for each device and store recovery keys centrally.

B.

Implement LAPS to ensure secure password rotation for administrative accounts.

C.

Use an MDM platform to manage the devices and force security configurations.

D.

Ensure that each laptop has the secure enclave properly initialized in the BIOS.

Question 56

Which of the following should a company use to provide proof of external network security testing?

Options:

A.

Business impact analysis

B.

Supply chain analysis

C.

Vulnerability assessment

D.

Third-party attestation

Question 57

A security engineer needs to analyze the implications of moving proprietary company data from a local server to a public cloud storage service. Which of the following actions should the engineer take first?

Options:

A.

Create an architecture diagram of cloud storage solutions.

B.

Migrate sample data to the cloud to run security tests.

C.

Agree on data classification labels with stakeholders.

D.

Make a backup of the data on cloud-neutral storage.

Question 58

An organization is evaluating new regulatory requirements associated with the implementation of corrective controls on a group of interconnected financial systems. Which of the following is the most likely reason for the new requirement?

Options:

A.

To defend against insider threats altering banking details

B.

To ensure that errors are not passed to other systems

C.

To allow for business insurance to be purchased

D.

To prevent unauthorized changes to financial data

Question 59

Which of the following is a reason an organization should use different CSPs for a critical financial application?

Options:

A.

Application overhead can be better load balanced across multiple providers.

B.

Platform diversity reduces the likelihood of losing access to resources.

C.

Parallel processing allows continued operations while deploying time-critical security updates.

D.

Selection of a hot site minimizes downtime and helps the organization meet its RTO.

Question 60

An IT security team is concerned about the confidentiality of documents left unattended in MFPs. Which of the following should the security team do to mitigate the situation?

Options:

A.

Educate users about the importance of paper shredder devices.

B.

Deploy an authentication factor that requires ln-person action before printing.

C.

Install a software client m every computer authorized to use the MFPs.

D.

Update the management software to utilize encryption.

Question 61

Which of the following objectives is best achieved by a tabletop exercise?

Options:

A.

Familiarizing participants with the incident response process

B.

Deciding red and blue team rules of engagement

C.

Quickly determining the impact of an actual security breach

D.

Conducting multiple security investigations in parallel

Question 62

A company asks a vendor to help its internal red team with a penetration test without providing too much detail about the infrastructure. Which of the following penetration testing methods does this scenario describe?

Options:

A.

Passive reconnaissance

B.

Partially-known environment

C.

Integrated testing

D.

Defensive testing

Question 63

An organization is implementing a COPE mobile device management policy. Which of the following should the organization include in the COPE policy? (Select two).

Options:

A.

Remote wiping of the device

B.

Data encryption

C.

Requiring passwords with eight characters

D.

Data usage caps

E.

Employee data ownership

F.

Personal application store access

Question 64

A security analyst is reviewing logs to identify the destination of command-and-control traffic originating from a compromised device within the on-premises network. Which of the following is the best log to review?

Options:

A.

IDS

B.

Antivirus

C.

Firewall

D.

Application

Question 65

Which of the following explains how to determine the global regulations that data is subject to regardless of the country where the data is stored?

Options:

A.

Geographic dispersion

B.

Data sovereignty

C.

Geographic restrictions

D.

Data segmentation

Question 66

A network administrator wants to ensure that network traffic is highly secure while in transit. Which of the following actions best describes the actions the network administrator should take?

Options:

A.

Ensure that NAC is enforced on all network segments, and confirm that firewalls have updated policies to block unauthorized traffic.

B.

Ensure only TLS and other encrypted protocols are selected for use on the network, and only permit authorized traffic via secure protocols.

C.

Configure the perimeter IPS to block inbound HTTPS directory traversal traffic, and verify that signatures are updated on a daily basis.

D.

Ensure the EDR software monitors for unauthorized applications that could be used by threat actors, and configure alerts for the security team.

Question 67

A systems administrator receives an alert that a company ' s internal file server is very slow and is only working intermittently. The systems administrator reviews the server management software and finds the following information about the server:

as

Which of the following indicators most likely triggered this alert?

Options:

A.

Concurrent session usage

B.

Network saturation

C.

Account lockout

D.

Resource consumption

Question 68

Which of the following would be the greatest concern for a company that is aware of the consequences of non-compliance with government regulations?

Options:

A.

Right to be forgotten

B.

Sanctions

C.

External compliance reporting

D.

Attestation

Question 69

Which of the following best describe why a process would require a two-person integrity security control?

Options:

A.

To Increase the chance that the activity will be completed in half of the time the process would take only one user to complete

B.

To permit two users from another department to observe the activity that is being performed by an authorized user

C.

To reduce the risk that the procedures are performed incorrectly or by an unauthorized user

D.

To allow one person to perform the activity while being recorded on the CCTV camera

Question 70

Which of the following considerations is the most important for an organization to evaluate as it establishes and maintains a data privacy program?

Options:

A.

Reporting structure for the data privacy officer

B.

Request process for data subject access

C.

Role as controller or processor

D.

Physical location of the company

Question 71

An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Choose two.)

Options:

A.

Typosquatting

B.

Phishing

C.

Impersonation

D.

Vishing

E.

Smishing

F.

Misinformation

Question 72

Which of the following mitigation techniques would a security analyst most likely use to avoid bloatware on devices?

Options:

A.

Disabled ports/protocols

B.

Application allow list

C.

Default password changes

D.

Access control permissions

Question 73

An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?

Options:

A.

Exception

B.

Segmentation

C.

Risk transfer

D.

Compensating controls

Question 74

An attacker submits a request containing unexpected characters in an attempt to gain unauthorized access to information within the underlying systems. Which of the following best describes this attack?

Options:

A.

Side loading

B.

Target of evaluation

C.

Resource reuse

D.

SQL injection

Question 75

A security administrator recently reset local passwords and the following values were recorded in the system:

as

Which of the following in the security administrator most likely protecting against?

Options:

A.

Account sharing

B.

Weak password complexity

C.

Pass-the-hash attacks

D.

Password compromise

Question 76

A few weeks after deploying additional email servers, employees complain that messages are being marked as spam. Which needs to be updated?

Options:

A.

CNAME

B.

SMTP

C.

DLP

D.

SPF

Question 77

A company is currently utilizing usernames and passwords, and it wants to integrate an MFA method that is seamless, can Integrate easily into a user ' s workflow, and can utilize employee-owned devices. Which of the following will meet these requirements?

Options:

A.

Push notifications

B.

Phone call

C.

Smart card

D.

Offline backup codes

Question 78

Which of the following techniques would attract the attention of a malicious attacker in an insider threat scenario?

Options:

A.

Creating a false text file in /docs/salaries

B.

Setting weak passwords in /etc/shadow

C.

Scheduling vulnerable jobs in /etc/crontab

D.

Adding a fake account to /etc/passwd

Question 79

A company’s web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?

Options:

A.

encryption=off\

D.

:443

Question 80

Which of the following security measures is required when using a cloud-based platform for loT management?

Options:

A.

Encrypted connection

B.

Federated identity

C.

Firewall

D.

Single sign-on

Question 81

Various company stakeholders meet to discuss roles and responsibilities in the event of a security breach that would affect offshore offices. Which of the following is this an example of?

Options:

A.

Tabletop exercise

B.

Penetration test

C.

Geographic dispersion

D.

Incident response

Question 82

An administrator must replace an expired SSL certificate. Which of the following does the administrator need to create the new SSL certificate?

Options:

A.

CSR

B.

OCSP

C.

Key

D.

CRL

Question 83

A security professional discovers a folder containing an employee ' s personal information on the enterprise ' s shared drive. Which of the following best describes the data type the securityprofessional should use to identify organizational policies and standards concerning the storage of employees ' personal information?

Options:

A.

Legal

B.

Financial

C.

Privacy

D.

Intellectual property

Question 84

Which of the following is most likely to be used as a just-in-time reference document within a security operations center?

Options:

A.

Change management policy

B.

Risk profile

C.

Playbook

D.

SIEM profile

Question 85

Which of the following steps in the risk management process involves establishing the scope and potential risks involved with a project?

Options:

A.

Risk mitigation

B.

Risk identification

C.

Risk treatment

D.

Risk monitoring and review

Question 86

A systems administrator is redesigning now devices will perform network authentication. The following requirements need to be met:

• An existing Internal certificate must be used.

• Wired and wireless networks must be supported

• Any unapproved device should be Isolated in a quarantine subnet

• Approved devices should be updated before accessing resources

Which of the following would best meet the requirements?

Options:

A.

802.IX

B.

EAP

C.

RADIUS

D.

WPA2

Question 87

A company must ensure that log searches are conducted in the shortest time frame. Which of the following should the company do to maintain logs in live storage for 90 days?

Options:

A.

Conduct deduplication.

B.

Conduct archiving.

C.

Apply aggregation.

D.

Apply compression.

Question 88

Which of the following best describes the concept of information being stored outside of its country of origin while still being subject to the laws and requirements of the country of origin?

Options:

A.

Data sovereignty

B.

Geolocation

C.

Intellectual property

D.

Geographic restrictions

Question 89

Which vulnerability is most likely mitigated by setting up an MDM platform?

Options:

A.

TPM

B.

Buffer overflow

C.

Jailbreaking

D.

SQL injection

Question 90

A user needs to complete training at After manually entering the URL, the user sees that the accessed website is noticeably different from the standard company website. Which of the following is the most likely explanation for the difference?

Options:

A.

Cross-site scripting

B.

Pretexting

C.

Typosquatting

D.

Vishing

Question 91

The Chief Information Security Officer (CISO) requires that new servers include hardware-level memory encryption. Which of the following data states does the CISO want to protect?

Options:

A.

Data in use

B.

Data at rest

C.

Data in transit

D.

Data sovereignty

Question 92

Which of the following is prevented by proper data sanitization?

Options:

A.

Hackers ' ability to obtain data from used hard drives

B.

Devices reaching end-of-life and losing support

C.

Disclosure of sensitive data through incorrect classification

D.

Incorrect inventory data leading to a laptop shortage

Question 93

Which of the following explains how regular patching helps mitigate risks when securing an enterprise environment?

Options:

A.

It improves server performance by reducing software bugs.

B.

It addresses known software vulnerabilities before they are exploited.

C.

It eliminates the need for firewalls and intrusion detection.

D.

It removes the need for antivirus tools.

Question 94

Which of the following security threats aims to compromise a website that multiple employees frequently visit?

Options:

A.

Supply chain

B.

Typosquatting

C.

Watering hole

D.

Impersonation

Question 95

An organization has a new regulatory requirement to implement corrective controls on a financial system. Which of the following is the most likely reason for the new requirement?

Options:

A.

To defend against insider threats altering banking details

B.

To ensure that errors are not passed to other systems

C.

To allow for business insurance to be purchased

D.

To prevent unauthorized changes to financial data

Question 96

A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?

Options:

A.

Enumeration

B.

Sanitization

C.

Destruction

D.

Inventory

Question 97

A vendor needs to remotely and securely transfer files from one server to another using the command line. Which of the following protocols should be Implemented to allow for this type of access? (Select two).

Options:

A.

SSH

B.

SNMP

C.

RDP

D.

S/MIME

E.

SMTP

F.

SFTP

Question 98

A security analyst receives an alert from a corporate endpoint used by employees to issue visitor badges. The alert contains the following details:

Which of the following best describes the indicator that triggered the alert?

Options:

A.

Blocked content

B.

Brute-force attack

C.

Concurrent session usage

D.

Account lockout

Question 99

An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned. one of the batch jobs talked and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring?

Options:

A.

Job rotation

B.

Retention

C.

Outsourcing

D.

Separation of duties

Question 100

A manufacturing organization receives the results from a penetration test. According to the results, legacy devices that are critical to continued business function display vulnerabilities. The devices have minimal vendor support and should be segmented and monitored closely. Which of the following devices were most likely identified?

Options:

A.

Workstations

B.

Embedded systems

C.

Core router

D.

DNS server

Question 101

Which of the following best explains the benefit of using asymmetric encryption?

Options:

A.

It provides mutual authentication by using identical keys for both encryption and decryption.

B.

It uses a shared secret key to reduce the number of keys needed.

C.

It allows faster encryption and decryption than symmetric methods.

D.

It enables secure data exchanges without requiring both parties to share a private key.

Question 102

A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware?

Options:

A.

A thorough analysis of the supply chain

B.

A legally enforceable corporate acquisition policy

C.

A right to audit clause in vendor contracts and SOWs

D.

An in-depth penetration test of all suppliers and vendors

Question 103

The Chief Information Security Officer wants to discuss options for a disaster recovery site that allows the business to resume operations as quickly as possible. Which of the following solutions meets this requirement?

Options:

A.

Hot site

B.

Cold site

C.

Geographic dispersion

D.

Warm site

Question 104

An attacker used XSS to compromise a web server. Which of the following solutions could have been used to prevent this attack?

Options:

A.

NGFW

B.

UTM

C.

WAF

D.

NAC

Question 105

A hacker gained access to a system via a phishing attempt that was a direct result of a user clicking a suspicious link. The link laterally deployed ransomware, which laid dormant for multiple weeks, across the network. Which of the following would have mitigated the spread?

Options:

A.

IPS

B.

IDS

C.

WAF

D.

UAT

Question 106

An organization has been experiencing issues with deleted network share data and improperly assigned permissions. Which of the following would best help track and remediate these issues?

Options:

A.

DLP

B.

EDR

C.

FIM

D.

ACL

Question 107

Which of the following best describe the benefits of a microservices architecture when compared to a monolithic architecture? (Select two).

Options:

A.

Easter debugging of the system

B.

Reduced cost of ownership of the system

C.

Improved scalability of the system

D.

Increased compartmentalization of the system

E.

Stronger authentication of the system

F.

Reduced complexity of the system

Question 108

Which of the following security controls would best guard a payroll system against insider manipulation threats?

Options:

A.

Compensating

B.

Deterrent

C.

Detective

D.

Corrective

Question 109

An alert references attacks associated with a zero-day exploit. An analyst places a bastion host in the network to reduce the risk of the exploit. Which of the following types of controls is the analyst implementing?

Options:

A.

Compensating

B.

Detective

C.

Operational

D.

Physical

Question 110

Which of the following best describes the main difference between an MOU and an SOW?

Options:

A.

An MOU is usually not legally binding, while an SOW is usually legally binding about outcomes.

B.

An MOU identifies engagement details, while an SOW specifies who will engage.

C.

An MOU requires signatures from both parties, while an SOW only requires a signature from the service provider.

D.

An MOU is typically very detailed about tasks, while an SOW is typically high-level.

Question 111

A systems administrator needs to encrypt all data on employee laptops. Which of the following encryption levels should be implemented?

Options:

A.

Volume

B.

Partition

C.

Full disk

D.

File

Question 112

A network manager wants to protect the company ' s VPN by implementing multifactor authentication that uses:

. Something you know

. Something you have

. Something you are

Which of the following would accomplish the manager ' s goal?

Options:

A.

Domain name, PKI, GeolP lookup

B.

VPN IP address, company ID, facial structure

C.

Password, authentication token, thumbprint

D.

Company URL, TLS certificate, home address

Question 113

Which of the following is an example of change management?

Options:

A.

Implementing an update after a board grants approval

B.

Setting a new password for a user

C.

Performing a penetration test before deploying a patch

D.

Auditing all system equipment before sending the list to the Chief Executive Officer

Question 114

A new corporate policy requires all staff to use multifactor authentication to access company resources. Which of the following can be utilized to set up this form of identity and access management? (Select two)

Options:

A.

Authentication tokens

B.

Least privilege

C.

Biometrics

D.

LDAP

E.

Password vaulting

F.

SAML

Question 115

A user sends an email that includes a digital signature for validation. Which of the following security concepts would ensure that a user cannot deny that they sent the email?

Options:

A.

Non-repudiation

B.

Confidentiality

C.

Integrity

D.

Authentication

Question 116

An administrator must implement a solution that provides security and network connectivity between two companies. Which of the following infrastructure solutions is the best for this purpose?

Options:

A.

UTM

B.

VPN

C.

NAC

D.

NGFW

Question 117

During a recent log review, an analyst found evidence of successful injection attacks. Which of the following will best address this issue?

Options:

A.

Authentication

B.

Secure cookies

C.

Static code analysis

D.

Input validation

Question 118

Which of the following is the most relevant reason a DPO would develop a data inventory?

Options:

A.

To manage data storage requirements better

B.

To determine the impact in the event of a breach

C.

To extend the length of time data can be retained

D.

To automate the reduction of duplicated data

Question 119

An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?

Options:

A.

Smishing

B.

Disinformation

C.

Impersonating

D.

Whaling

Question 120

Which of the following is a prerequisite for a DLP solution?

Options:

A.

Data destruction

B.

Data sanitization

C.

Data classification

D.

Data masking

Question 121

Which of the following vulnerabilities would likely be mitigated by setting up an MDM platform?

Options:

A.

TPM

B.

Buffer overflow

C.

Jailbreaking

D.

SQL injection

Question 122

Which of the following would be most useful in determining whether the long-term cost to transfer a risk is less than the impact of the risk?

Options:

A.

ARO

B.

RTO

C.

RPO

D.

ALE

E.

SLE

Question 123

A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks.

Which of the following analysis elements did the company most likely use in making this decision?

Options:

A.

IMTTR

B.

RTO

C.

ARO

D.

MTBF

Question 124

During a routine audit, an analyst discovers that a department at a high school uses a simulation program that was not properly vetted before deployment. Which of the following threats is this an example of?

Options:

Question 125

A security engineer receives reports of unauthorized devices on the organization ' s network. Which of the following best describes a secure and effective way to mitigate the risks?

Options:

A.

Deploy a NAC solution to block wireless connections until devices can be verified against the baseline configuration.

B.

Set the NAC solution to only accept handshakes initiated from a static set of IP addresses.

C.

Configure a NAC solution to enforce 802.1X authentication with device certificates and implement endpoint security checks.

D.

Implement a NAC solution that redirects all devices to the guest Wi-Fi for holding until a security analyst can validate the security compliance.

Question 126

Which of the following is used to quantitatively measure the criticality of a vulnerability?

Options:

A.

CVE

B.

CVSS

C.

CIA

D.

CERT

Question 127

A software developer released a new application and is distributing application files via the developer’s website. Which of the following should the developer post on the website to allow users to verify the integrity of the downloaded files?

Options:

A.

Hashes

B.

Certificates

C.

Algorithms

D.

Salting

Question 128

Which of the following should a technician perform to verify the integrity of a file transferred from one device to another?

Options:

A.

Authentication

B.

Obfuscation

C.

Hashing

D.

Encryption

Question 129

Which of the following log sources best detects port scan activity?

Options:

A.

Firewall

B.

Proxy

C.

Endpoint

D.

NetFlow

Question 130

Which of the following control types involves restricting IP connectivity to a router ' s web management interface to protect it from being exploited by a vulnerability?

Options:

A.

Corrective

B.

Physical

C.

Preventive

D.

Managerial

Question 131

The Chief Information Security Officer wants to put security measures in place to protect PlI. The organization needs to use its existing labeling and classification system to accomplish this goal. Which of the following would most likely be configured to meet the requirements?

Options:

A.

Tokenization

B.

S/MIME

C.

DLP

D.

MFA

Question 132

Employees are missing features on company-provided tablets, affecting productivity. Management demands resolution in 48 hours. Which is the best solution?

Options:

A.

EDR

B.

COPE

C.

MDM

D.

FDE

Question 133

Which of the following should a security analyst consider when prioritizing remediation efforts against known vulnerabilities?

Options:

A.

The impact of reporting to executive management

B.

The overall organizational risk tolerance

C.

Information gathered from open sources

D.

The source of the reported risk

Question 134

An organization plans to expand its operations internationally and needs to keep data at the new location secure. The organization wants to use the most secure architecture model possible. Which of the following models offers the highest level of security?

Options:

A.

Cloud-based

B.

Peer-to-peer

C.

On-premises

D.

Hybrid

Question 135

The private key for a website was stolen, and a new certificate has been issued. Which of the following needs to be updated next?

Options:

A.

SCEP

B.

CRL

C.

OCSP

D.

CSR

Question 136

After a recent ransomware attack on a company ' s system, an administrator reviewed the log files. Which of the following control types did the administrator use?

Options:

A.

Compensating

B.

Detective

C.

Preventive

D.

Corrective

Question 137

Which of the following should be deployed on an externally facing web server in order to establish an encrypted connection?

Options:

A.

Public key

B.

Private Key

C.

Asymmetric key

D.

Symmetric key

Question 138

Which of the following is a type of vulnerability that refers to the unauthorized installation of applications on a device through means other than the official application store?

Options:

A.

Cross-site scripting

B.

Buffer overflow

C.

Jailbreaking

D.

Side loading

Question 139

A company is developing a critical system for the government and storing project information on a fileshare. Which of the following describes how this data will most likely be classified? (Select two).

Options:

A.

Private

B.

Confidential

C.

Public

D.

Operational

E.

Urgent

F.

Restricted

Question 140

An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?

Options:

A.

Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port 53

B.

Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

C.

Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53

D.

Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

Question 141

Which of the following would be the best way to block unknown programs from executing?

Options:

A.

Access control list

B.

Application allow list.

C.

Host-based firewall

D.

DLP solution

Question 142

A company wants to reduce the time and expense associated with code deployment. Which of the following technologies should the company utilize?

Options:

A.

Serverless architecture

B.

Thin clients

C.

Private cloud

D.

Virtual machines

Question 143

Which of the following would be the best way to handle a critical business application that is running on a legacy server?

Options:

A.

Segmentation

B.

Isolation

C.

Hardening

D.

Decommissioning

Question 144

A systems administrator needs to ensure the secure communication of sensitive data within the organization ' s private cloud. Which of the following is the best choice for the administrator to implement?

Options:

A.

IPSec

B.

SHA-1

C.

RSA

D.

TGT

Question 145

A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture?

Options:

A.

Patch availability

B.

Product software compatibility

C.

Ease of recovery

D.

Cost of replacement

Question 146

A security analyst reviews domain activity logs and notices the following:

as

Which of the following is the best explanation for what the security analyst has discovered?

Options:

A.

The user jsmith ' s account has been locked out.

B.

A keylogger is installed on [smith ' s workstation

C.

An attacker is attempting to brute force ismith ' s account.

D.

Ransomware has been deployed in the domain.

Question 147

A security analyst locates a potentially malicious video file on a server and needs to identify both the creation date and the file ' s creator. Which of the following actions would most likely give the security analyst the information required?

Options:

A.

Obtain the file ' s SHA-256 hash.

B.

Use hexdump on the file ' s contents.

C.

Check endpoint logs.

D.

Query the file ' s metadata.

Question 148

A company that has a large IT operation is looking to better control, standardize, and lower the time required to build new servers. Which of the following architectures will best achieve the company’s objectives?

Options:

A.

IoT

B.

IaC

C.

PaaS

D.

ICS

Question 149

A store is setting up wireless access for their employees. Management wants to limit the number of access points while ensuring all areas of the store are covered. Which of the following tools will help management determine the number of access points needed?

Options:

A.

Signal locator

B.

WPA3

C.

Heat map

D.

Site survey

Question 150

An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a “page not found” error message. Which of the following types of social engineering attacks occurred?

Options:

A.

Brand impersonation

B.

Pretexting

C.

Typosquatting

D.

Phishing

Question 151

An administrator is estimating the cost associated with an attack that could result in the replacement of a physical server. Which of the following processes is the administrator performing?

Options:

A.

Quantitative risk analysis

B.

Disaster recovery test

C.

Physical security controls review

D.

Threat modeling

Question 152

A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?

Options:

A.

A worm is propagating across the network.

B.

Data is being exfiltrated.

C.

A logic bomb is deleting data.

D.

Ransomware is encrypting files.

Question 153

A systems administrator just purchased multiple network devices. Which of the following should the systems administrator perform to prevent attackers from accessing the devices by using publicly available information?

Options:

A.

Install endpoint protection

B.

Disable ports/protocols

C.

Change default passwords

D.

Remove unnecessary software

Question 154

An administrator is installing an SSL certificate on a new system. During testing, errors indicate that the certificate is not trusted. The administrator has verified with the issuing CA and has validated the private key. Which of the following should the administrator check for next?

Options:

A.

If the wildcard certificate is configured

B.

If the certificate signing request is valid

C.

If the root certificate is installed

D.

If the public key is configured

Question 155

The Chief Information Security Officer gives the security community the opportunity to report vulnerabilities on the organization’s public-facing assets. Which of the following does this scenario best describe?

Options:

A.

Bug bounty

B.

Red teaming

C.

Open-source intelligence

D.

Third-party information sharing

Question 156

An employee asks a security analyst to scan a suspicious email that contains a link to a file on a file-sharing site. The analyst determines that the file is safe after downloading and scanning the file with antivirus software. When the employee opens the file, their device is infected with ransomware. Which of the following steps should the analyst have taken?

Options:

A.

Review the file in a code editor.

B.

Monitor the file connections with netstat.

C.

Execute the file in a sandbox.

D.

Retrieve the file hash and check with OSINT.

Question 157

A company ' s website is Company. com Attackers purchased the domain company.com Which of the following types of attacks describes this example?

Options:

A.

Typosquatting

B.

Brand Impersonation

C.

On-path

D.

Watering-hole

Question 158

Which of the following would be the best way to test resiliency in the event of a primary power failure?

Options:

A.

Parallel processing

B.

Tabletop exercise

C.

Simulation testing

D.

Production failover

Question 159

A security analyst needs to propose a remediation plan ' or each item in a risk register. The item with the highest priority requires employees to have separate logins for SaaS solutions and different password complexity requirements for each solution. Which of the following implementation plans will most likely resolve this security issue?

Options:

A.

Creating a unified password complexity standard

B.

Integrating each SaaS solution with the Identity provider

C.

Securing access to each SaaS by using a single wildcard certificate

D.

Configuring geofencing on each SaaS solution

Question 160

An organization maintains intellectual property that it wants to protect. Which of the following concepts would be most beneficial to add to the company ' s security awareness training program?

Options:

A.

Insider threat detection

B.

Simulated threats

C.

Phishing awareness

D.

Business continuity planning

Question 161

A company ' s antivirus solution is effective in blocking malware but often has false positives. The security team has spent a significant amount of time on investigations but cannot determine a root cause. The company is looking for a heuristic solution. Which of the following should replace the antivirus solution?

Options:

A.

SIEM

B.

EDR

C.

DLP

D.

IDS

Question 162

After completing an annual external penetration test, a company receives the following guidance:

Decommission two unused web servers currently exposed to the internet.

Close 18 open and unused ports found on their existing production web servers.

Remove company email addresses and contact info from public domain registration records.

Which of the following does this represent?

Options:

A.

Attack surface reduction

B.

Vulnerability assessment

C.

Tabletop exercise

D.

Business impact analysis

Question 163

A bank set up a new server that contains customers ' Pll. Which of the following should the bank use to make sure the sensitive data is not modified?

Options:

A.

Full disk encryption

B.

Network access control

C.

File integrity monitoring

D.

User behavior analytics

Question 164

Which of the following best describes why me SMS DIP authentication method is more risky to implement than the TOTP method?

Options:

A.

The SMS OTP method requires an end user to have an active mobile telephone service and SIM card.

B.

Generally. SMS OTP codes are valid for up to 15 minutes while the TOTP time frame is 30 to 60 seconds

C.

The SMS OTP is more likely to be intercepted and lead to unauthorized disclosure of the code than the TOTP method.

D.

The algorithm used to generate on SMS OTP code is weaker than the one used to generate a TOTP code

Question 165

While reviewing logs, a security administrator identifies the following code:

< script > function(send_info) < /script >

Which of the following best describes the vulnerability being exploited?

Options:

A.

XSS

B.

SQLi

C.

DDoS

D.

CSRF

Question 166

An administrator discovers a cross-site scripting vulnerability on a company website. Which of the following will most likely remediate the issue?

Options:

A.

Input validation

B.

NGFW

C.

Vulnerability scan

D.

WAF

Question 167

A Chief Information Officer wants to ensure that network devices cannot connect to the public internet or the local network to directly perform firmware updates. The IT team must manually perform the update process by using a portable device. Which of the following architecture types best fits this description?

Options:

A.

Microservices

B.

Air-gapped

C.

Software-defined networking

D.

Serverless

Question 168

Which of the following is a common data removal option for companies that want to wipe sensitive data from hard drives in a repeatable manner but allow the hard drives to be reused?

Options:

A.

Sanitization

B.

Formatting

C.

Degaussing

D.

Defragmentation

Question 169

The executive management team is mandating the company develop a disaster recovery plan. The cost must be kept to a minimum, and the money to fund additional internet connections is not available. Which of the following would be the best option?

Options:

A.

Hot site

B.

Cold site

C.

Failover site

D.

Warm site

Question 170

An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out?

Options:

A.

Compromise

B.

Retention

C.

Analysis

D.

Transfer

E.

Inventory

Question 171

A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?

Options:

A.

Clustering servers

B.

Geographic dispersion

C.

Load balancers

D.

Off-site backups

Question 172

Which of the following is the best safeguard to protect against an extended power failure?

Options:

A.

Off-site backups

B.

Batteries

C.

Uninterruptible power supplies

D.

Generators

Question 173

Which of the following most accurately describes the order in which a security engineer should implement secure baselines?

Options:

A.

Deploy, maintain, establish

B.

Establish, maintain, deploy

C.

Establish, deploy, maintain

D.

Deploy, establish, maintain

Question 174

A security analyst is investigating an alert that was produced by endpoint protection software. The analyst determines this event was a false positive triggered by an employee who attempted to download a file. Which of the following is the most likely reason the download was blocked?

Options:

A.

A misconfiguration in the endpoint protection software

B.

A zero-day vulnerability in the file

C.

A supply chain attack on the endpoint protection vendor

D.

Incorrect file permissions

Question 175

A Chief Information Security Officer is developing procedures to guide detective and corrective activities associated with common threats, including phishing, social engineering, and business email compromise. Which of the following documents will be most relevant to revise as part of this process?

Options:

A.

SDLC

B.

IRP

C.

BCP

D.

AUP

Question 176

While updating the security awareness training, a security analyst wants to address issues created if vendors ' email accounts are compromised. Which of the following recommendations should the security analyst include in the training?

Options:

A.

Refrain from clicking on images included in emails from new vendors.

B.

Delete emails from unknown service provider partners.

C.

Require that invoices be sent as attachments.

D.

Be alert to unexpected requests from familiar email addresses.

Question 177

Which of the following are the best for hardening end-user devices? (Selecttwo)

Options:

A.

Full disk encryption

B.

Group-level permissions

C.

Account lockout

D.

Endpoint protection

E.

Proxy server

F.

Segmentation

Question 178

After multiple phishing simulations, the Chief Security Officer announces a new program that incentivizes employees to not click phishing links in the upcoming quarter. Which of the following security awareness execution techniques does this represent?

Options:

Question 179

A company plans to secure its systems by:

Preventing users from sending sensitive data over corporate email

Restricting access to potentially harmful websites

Which of the following features should the company set up? (Select two).

Options:

A.

DLP software

B.

DNS filtering

C.

File integrity monitoring

D.

Stateful firewall

Question 180

A network security analyst monitors the network’s IDS, which has flagged unusual activity. The IDS has detected multiple login attempts to a database server within a short period. These attempts come from various IP addresses that are not normally recognized by the network’s usual traffic patterns. Each attempt uses the same username and password. Based on the following log output (corrected formatting for readability):

2025-04-10 14:22:01.4532 — Source IP: 192.168.15.101 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:02.1122 — Source IP: 192.168.15.102 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:02.7835 — Source IP: 192.168.15.103 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:03.5637 — Source IP: 192.168.15.104 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:04.9474 — Source IP: 192.168.15.105 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:05.5673 — Source IP: 192.168.15.106 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:06.1573 — Source IP: 192.168.15.107 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:07.7462 — Source IP: 192.168.15.108 — Status: Failed — User: JDoe — Action: Login Attempt

Which of the following types of network attacks is most likely occurring?

Options:

A.

Cross-site scripting

B.

Credential replay

C.

Distributed denial of service

D.

SQL injection

Question 181

After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network. Which of the following is the most appropriate to disable?

Options:

A.

Console access

B.

Routing protocols

C.

VLANs

D.

Web-based administration

Question 182

A small business initially plans to open common communications ports (21, 22, 25, 80, 443) on its firewall to allow broad access to its screened subnet. However, their security consultant advises against this action. Which of the following security principles is the consultant addressing?

Options:

A.

Secure access service edge

B.

Attack surface

C.

Least privilege

D.

Separation of duties

Question 183

A company prevented direct access from the database administrators’ workstations to the network segment that contains database servers. Which of the following should a database administrator use to access the database servers?

Options:

A.

Jump server

B.

RADIUS

C.

HSM

D.

Load balancer

Question 184

A penetration test identifies that an SMBvl Is enabled on multiple servers across an organization. The organization wants to remediate this vulnerability in the most efficient way possible. Which of the following should the organization use for this purpose?

Options:

A.

GPO

B.

ACL

C.

SFTP

D.

DLP

Question 185

Which of the following is an example of a data protection strategy that uses tokenization?

Options:

A.

Encrypting databases containing sensitive data

B.

Replacing sensitive data with surrogate values

C.

Removing sensitive data from production systems

D.

Hashing sensitive data in critical systems

Question 186

Which of the following should be used to prevent changes to system-level data?

Options:

A.

NIDS

B.

DLP

C.

NAC

Question 187

Which of the following roles, according to the shared responsibility model, is responsible for securing the company’s database in an IaaS model for a cloud environment?

Options:

A.

Client

B.

Third-party vendor

C.

Cloud provider

D.

DBA

Question 188

After a company was compromised, customers initiated a lawsuit. The company ' s attorneys have requested that the security team initiate a legal hold in response to the lawsuit. Which of the following describes the action the security team will most likely be required to take?

Options:

A.

Retain the emails between the security team and affected customers for 30 days.

B.

Retain any communications related to the security breach until further notice.

C.

Retain any communications between security members during the breach response.

D.

Retain all emails from the company to affected customers for an indefinite period of time.

Question 189

Sine© a recent upgrade (o a WLAN infrastructure, several mobile users have been unable to access the internet from the lobby. The networking team performs a heat map survey of the building and finds several WAPs in the area. The WAPs are using similar frequencies with high power settings. Which of the following installation considerations should the security team evaluate next?

Options:

A.

Channel overlap

B.

Encryption type

C.

New WLAN deployment

D.

WAP placement

Question 190

Cadets speaking a foreign language are using company phone numbers to make unsolicited phone calls lo a partner organization. A security analyst validates through phone system logs that the calls are occurring and the numbers are not being spoofed. Which of the following is the most likely explanation?

Options:

A.

The executive team is traveling internationally and trying to avoid roaming charges

B.

The company ' s SIP server security settings are weak.

C.

Disgruntled employees are making calls to the partner organization.

D.

The service provider has assigned multiple companies the same numbers

Question 191

An organization implemented cloud-managed IP cameras to monitor building entry points and sensitive areas. The service provider enables direct TCP/IP connection to stream live video footage from each camera. The organization wants to ensure this stream is encrypted and authenticated. Which of the following protocols should be implemented to best meet this objective?

Options:

A.

SSH

B.

SRTP

C.

S/MIME

D.

PPTP

Question 192

Which of the following best describes a common use of OSINT?

Options:

A.

Monitoring internal systems and network traffic to detect abnormal behavior

B.

Installing and configuring security patches to fix known vulnerabilities

C.

Collecting information from public platforms to find possible security exposures

D.

Encrypting sensitive company data and storing it securely in the cloud

Question 193

Which of the following actors attacking an organization is the most likely to be motivated by personal beliefs?

Options:

A.

Nation-state

B.

Organized crime

C.

Hacktvist

D.

Insider threat

Question 194

A company wants to minimize the chance of its outgoing marketing emails getting flagged as spam. The company decides to list the email servers on the proper DNS record. Which of the following protocols should the company apply next?

Options:

A.

DMARC

B.

DLP

C.

DKIM

D.

SPF

Question 195

Which of the following should an organization focus on the most when making decisions about vulnerability prioritization?

Options:

A.

Exposure factor

B.

CVSS

C.

CVE

D.

Industry impact

Question 196

Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?

Options:

A.

To track the status of patch installations

B.

To find shadow IT cloud deployments

C.

To continuously monitor hardware inventory

D.

To hunt for active attackers in the network

Question 197

A security manager wants to reduce the number of steps required to identify and contain basic threats. Which of the following will help achieve this goal?

Options:

A.

SOAR

B.

SIEM

C.

DMARC

D.

NIDS

Question 198

A company processes a large volume of business-to-business transactions and prioritizes data confidentiality over transaction availability. The company’s firewall administrator must configure a new hardware-based firewall to replace the current one. Which of the following should the administrator do to best align with the company requirements in case a security event occurs?

Options:

A.

Ensure the firewall data plane moves to fail-closed mode.

B.

Implement a deny-all rule as the last firewall ACL rule.

C.

Prioritize business-critical application traffic through the firewall.

D.

Configure rate limiting between the firewall interfaces.

Question 199

Which of the following activities uses OSINT?

Options:

A.

Social engineering testing

B.

Data analysis of logs

C.

Collecting evidence of malicious activity

D.

Producing IOC for malicious artifacts

Question 200

Which of the following can a security director use to prioritize vulnerability patching within a company ' s IT environment?

Options:

A.

SOAR

B.

CVSS

C.

SIEM

D.

CVE

Question 201

Which of the following most securely protects data at rest?

Options:

A.

TLS 1.2

B.

AES-256

C.

Masking

D.

Salting

Question 202

A company has yearly engagements with a service provider. The general terms and conditions are the same for all engagements. The company wants to simplify the process and revisit the general terms every three years. Which of the following documents would provide the best way to set the general terms?

Options:

A.

MSA

B.

NDA

C.

MOU

D.

SLA

Question 203

Which of the following security control types does an acceptable use policy best represent?

Options:

A.

Detective

B.

Compensating

C.

Corrective

D.

Preventive

Question 204

Which of the following should be used to ensure a device is inaccessible to a network-connected resource?

Options:

A.

Disablement of unused services

B.

Web application firewall

C.

Host isolation

D.

Network-based IDS

Question 205

An administrator has identified and fingerprinted specific files that will generate an alert if an attempt is made to email these files outside of the organization. Which of the following best describes the tool the administrator is using?

Options:

A.

DLP

B.

SNMP traps

C.

SCAP

D.

IPS

Question 206

A network engineer is increasing the overall security of network devices and needs to harden the devices. Which of the following will best accomplish this task?

Options:

A.

Configuring centralized logging

B.

Generating local administrator accounts

C.

Replacing Telnet with SSH

D.

Enabling HTTP administration

Question 207

Which of the following can assist in recovering data if the decryption key is lost?

Options:

A.

CSR

B.

Salting

C.

Root of trust

D.

Escrow

Question 208

While troubleshooting an internal resource ' s poor performance for an end user, a network engineer performs a traceroute on the end device and receives the following output:

C:\User > tracert 10.100.15.20

Tracing route to [internal.resource.org] 10.100.15.20

over a maximum of 30 hops:

1 200 ms 200 ms 200 ms 10.20.10.10

2 5 ms 3 ms 3 ms 10.20.10.1

3 20 ms 20 ms 10 ms 10.25.10.10

4 10 ms 8 ms 10 ms 10.30.110.1

5 5 ms 6 ms 3 ms 10.100.15.20

The engineer performs a traceroute from a device that is not experiencing poor performance but is connected to the same port. The engineer receives the following output:

C:\Engineer > tracert 10.100.15.20

Tracing route to [internal.resource.org] 10.100.15.20

over a maximum of 30 hops:

1 5 ms 3 ms 3 ms 10.20.10.1

2 20 ms 20 ms 10 ms 10.25.10.10

3 10 ms 8 ms 10 ms 10.30.110.1

4 5 ms 6 ms 3 ms 10.100.15.20

Which of the following is most likely occurring?

Options:

A.

ARP cache poisoning

B.

On-path attack

C.

Resource exhaustion

D.

DNS spoofing

Question 209

Which of the following data protection strategies can be used to confirm file integrity?

Options:

A.

Masking

B.

Encryption

C.

Hashing

D.

Obfuscation

Question 210

A network administrator must turn off insecure protocols after a recent inspection. Which of the following best describes the vulnerability the network administrator is remediating?

Options:

A.

Device misconfigurations

B.

Sideloading

C.

Memory injection

D.

Malicious update

Question 211

A security analyst reviews web server logs and sees the following entries:

16.22.48.102 -- 26/April/2023 22:00:04.33 GET " " 200

16.22.48.102 -- 26/April/2023 22:00:07.23 GET " " 404

16.22.48.102 -- 26/April/2023 22:01:16.03 GET " " 404

16.22.48.102 -- 26/April/2023 22:03:10.25 GET " " 404

16.22.48.102 -- 26/April/2023 22:05:11.22 GET " " 404

Which of the following attacks is most likely being attempted?

Options:

A.

Denial of service

B.

Password spraying

C.

SQL injection

D.

Directory traversal

Question 212

A company has begun labeling all laptops with asset inventory stickers and associating them with employee IDs. Which of the following security benefits do these actions provide? (Choose two.)

Options:

A.

If a security incident occurs on the device, the correct employee can be notified.

B.

The security team will be able to send user awareness training to the appropriate device.

C.

Users can be mapped to their devices when configuring software MFA tokens.

D.

User-based firewall policies can be correctly targeted to the appropriate laptops.

E.

When conducting penetration testing, the security team will be able to target the desired laptops.

F.

Company data can be accounted for when the employee leaves the organization.

Question 213

A Chief Information Officer wants to ensure that network devices cannot connect to the public internet and the local network to directly perform firmware updates. The IT team must manually perform the update process by using a portable device. Which of the following architecture types best fits this description?

Options:

A.

Microservices

B.

Air-gapped

C.

Software-defined networking

D.

Serverless

Question 214

A systems administrator notices that the research and development department is not using the company VPN when accessing various company-related services and systems. Which of the following scenarios describes this activity?

Options:

A.

Espionage

B.

Data exfiltration

C.

Nation-state attack

D.

Shadow IT

Question 215

A security consultant is working with a client that wants to physically isolate its secure systems. Which of the following best describes this architecture?

Options:

A.

SDN

B.

Air gapped

C.

Containerized

D.

Highly available

Question 216

During a risk treatment exercise, an administrator discovers a risk that cannot be mitigated. Which of the following best describes this situation?

Options:

A.

Residual risk

B.

Risk appetite

C.

Reviewed risk

D.

Risk register

Question 217

A security analyst collects IOCs from a cybersecurity bulletin. Which of the following should the analyst do next to assess if an environment is compromised?

Options:

A.

Root cause analysis

B.

Threat hunting

C.

Tabletop exercise

D.

Penetration test

Question 218

A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors. Which of the following should the systems administrator use?

Options:

A.

Packet captures

B.

Vulnerability scans

C.

Metadata

D.

Dashboard

Question 219

Which of the following definitions best describes the concept of log co-relation?

Options:

A.

Combining relevant logs from multiple sources into ono location

B.

Searching end processing, data to identify patterns of malicious activity

C.

Making a record of the events that occur in the system

D.

Analyzing the log files of the system components

Question 220

Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked.

Which of the following changes would allow users to access the site?

Options:

A.

Creating a firewall rule to allow HTTPS traffic

B.

Configuring the IPS to allow shopping

C.

Tuning the DLP rule that detects credit card data

D.

Updating the categorization in the content filter

Question 221

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO ' s report?

Options:

A.

Insider threat

B.

Hacktivist

C.

Nation-state

D.

Organized crime

Question 222

An employee decides to collect PII data from the company ' s system for personal use. The employee compresses the data into a single encrypted file before sending the file to their personal email. The security department becomes aware of the attempted misuse and blocks the attachment from leaving the corporate environment. Which of the following types of employee training would most likely reduce the occurrence of this type of issue?

(Select two).

Options:

A.

Privacy legislation

B.

Social engineering

C.

Risk management

D.

Company compliance

E.

Phishing

F.

Remote work

Question 223

A company recently decided to allow employees to work remotely. The company wants to protect us data without using a VPN. Which of the following technologies should the company Implement?

Options:

A.

Secure web gateway

B.

Virtual private cloud end point

C.

Deep packet Inspection

D.

Next-gene ration firewall

Question 224

A security practitioner completes a vulnerability assessment on a company ' s network and finds several vulnerabilities, which the operations team remediates. Which of the following should be done next?

Options:

A.

Conduct an audit.

B.

Initiate a penetration test.

C.

Rescan the network.

D.

Submit a report.

Question 225

Which of the following actions best addresses a vulnerability found on a company ' s web server?

Options:

A.

Patching

B.

Segmentation

C.

Decommissioning

D.

Monitoring

Question 226

Which of the following best explains the use of a policy engine in a Zero Trust environment?

Options:

A.

It is used by a central server to apply default permissions across a range of network and computing resources.

B.

It is used to make access control decisions without inheriting permission decisions from prior events.

C.

It is used to dynamically assign user permissions based on a user ' s identity and previous activity.

D.

It is used when user roles are unknown and the organization wants to leverage ML to control access.

Question 227

A security analyst determines that a security breach will have a financial impact of $15,000 and is expected to occur twice within a three-year period. Which of the following is the ALE for this risk?

Options:

A.

$7,500

B.

$10,000

C.

$15,000

D.

$30,000

Question 228

A security analyst reviews firewall configurations and finds that firewalls are configured to fail-open mode in the event of a crash. Which of the following describes the security risk associated with this configuration?

Options:

A.

There may be increased latency during failover.

B.

Authentication tokens may be invalidated during an outage.

C.

Traffic will bypass inspection during a failure.

D.

All encrypted traffic will be blocked during an outage.

Question 229

Employees sign an agreement that restricts specific activities when leaving the company. Violating the agreement can result in legal consequences. Which of the following agreements does this best describe?

Options:

A.

SLA

B.

BPA

C.

NDA

D.

MOA

Question 230

The security team at a large global company needs to reduce the cost of storing data used for performing investigations. Which of the following types of data should have its retention length reduced?

Options:

A.

Packet capture

B.

Endpoint logs

C.

OS security logs

D.

Vulnerability scan

Question 231

You are security administrator investigating a potential infection on a network.

Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.

as

as

as

as

as

as

as

Options:

Question 232

While troubleshooting a firewall configuration, a technician determines that a “deny any” policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable.

Which of the following actions would prevent this issue?

Options:

A.

Documenting the new policy in a change request and submitting the request to change management

B.

Testing the policy in a non-production environment before enabling the policy in the production network

C.

Disabling any intrusion prevention signatures on the ' deny any* policy prior to enabling the new policy

D.

Including an ' allow any1 policy above the ' deny any* policy

Question 233

Which of the following risk management strategies is being used when a Chief Information Security Officer ignores known vulnerabilities identified during a risk assessment?

Options:

A.

Transfer

B.

Avoid

C.

Mitigate

D.

Accept

Question 234

After reviewing the following vulnerability scanning report:

Server:192.168.14.6

Service: Telnet

Port: 23 Protocol: TCP

Status: Open Severity: High

Vulnerability: Use of an insecure network protocol

A security analyst performs the following test:

nmap -p 23 192.168.14.6 —script telnet-encryption

PORT STATE SERVICE REASON

23/tcp open telnet syn-ack

I telnet encryption:

| _ Telnet server supports encryption

Which of the following would the security analyst conclude for this reported vulnerability?

Options:

A.

It is a false positive.

B.

A rescan is required.

C.

It is considered noise.

D.

Compensating controls exist.

Question 235

While considering the organization ' s cloud-adoption strategy, the Chief Information Security Officer sets a goal to outsource patching of firmware, operating systems, and applications to the chosen cloud vendor. Which of the following best meets this goal?

Options:

A.

Community cloud

B.

PaaS

C.

Containerization

D.

Private cloud

E.

SaaS

F.

laaS

Question 236

Which of the following describes a situation where a user is authorized before being authenticated?

Options:

A.

Privilege escalation

B.

Race condition

C.

Tailgating

D.

Impersonation

Question 237

Which of the following risk analysis attributes measures the chance that a vulnerability will be exploited?

Options:

A.

Exposure factor

B.

Impact

C.

Severity

D.

Likelihood

Question 238

Which of the following is a social engineering attack in which a bad actor impersonates a web URL?

Options:

A.

Pretexting

B.

Misinformation

C.

Typosquatting

D.

Watering-hole

Question 239

Which of the following enables the use of an input field to run commands that can view or manipulate data?

Options:

A.

Cross-site scripting

B.

Side loading

C.

Buffer overflow

D.

SQL injection

Question 240

A company processes a large volume of business-to-business transactions and prioritizes data confidentiality over transaction availability. The company ' s firewall administrator must configure a new hardware-based firewall to replace the current one. Which of the following should the administrator do to best align with the company requirements in case a security event occurs?

Options:

A.

Ensure the firewall data plane moves to fail-closed mode.

B.

Implement a deny-all rule as the last firewall ACL rule.

C.

Prioritize business-critical application traffic through the firewall.

D.

Configure rate limiting between the firewall interfaces.

Question 241

A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?

Options:

A.

Accept

B.

Transfer

C.

Mitigate

D.

Avoid

Question 242

A group of developers has a shared backup account to access the source code repository. Which of the following is the best way to secure the backup account if there is an SSO failure?

Options:

A.

RAS

B.

EAP

C.

SAML

D.

PAM

Question 243

Which of the following describes the reason for using an MDM solution to prevent jailbreaking?

Options:

A.

To secure end-of-life devices from incompatible firmware updates

B.

To avoid hypervisor attacks through VM escape

C.

To eliminate buffer overflows at the application layer

D.

To prevent users from changing the OS of mobile devices

Question 244

Which of the following is a feature of a next-generation SIEM system?

Options:

A.

Virus signatures

B.

Automated response actions

C.

Security agent deployment

D.

Vulnerability scanning

Question 245

A security analyst estimates that a small security incident will cost $10,000 and will occur twice per year. The analyst recommends a budget of $20,000 for next year. Which of the following does the $10,000 represent?

Options:

A.

ARO

B.

SLE

C.

ALE

D.

RPO

Question 246

An administrator has configured a quarantine subnet for all guest devices that connect to the network. Which of the following would be best for the security team to configure on the MDM before allowing access to corporate resources?

Options:

A.

Device fingerprinting

B.

Compliance attestation

C.

NAC

D.

802.1X

Question 247

Which of the following is the stage in an investigation when forensic images are obtained?

Options:

A.

Acquisition

B.

Preservation

C.

Reporting

D.

E-discovery

Question 248

Visitors to a secured facility are required to check in with a photo ID and enter the facility through an access control vestibule Which of the following but describes this form of security control?

Options:

A.

Physical

B.

Managerial

C.

Technical

D.

Operational

Question 249

Which of the following strategies should an organization use to efficiently manage and analyze multiple types of logs?

Options:

A.

Deploy a SIEM solution

B.

Create custom scripts to aggregate and analyze logs

C.

Implement EDR technology

D.

Install a unified threat management appliance

Question 250

A security team must help secure a company site after attackers defaced it. The site must be available to a wide range of countries over a secure protocol, but access from known malicious networks should be blocked. Which of the following will best secure the site?

Options:

A.

Next-generation firewall

B.

Reverse proxy

C.

IPSec gateway

D.

Access control server

Question 251

Which of the following technologies can achieve microsegmentation?

Options:

A.

Next-generation firewalls

B.

Software-defined networking

C.

Embedded systems

D.

Air-gapped

Question 252

A security analyst created a fake account and saved the password in a non-readily accessible directory in a spreadsheet. An alert was also configured to notify the security team if the spreadsheet is opened. Which of the following best describes the deception method being deployed?

Options:

A.

Honeypot

B.

Honey account

C.

Honeytoken

D.

Honeynet

Question 253

A company evaluates several options that would allow employees to have remote access to the network. The security team wants to ensure the solution includes AAA to comply with internal security policies. Which of the following should the security team recommend?

Options:

A.

IPSec with RADIUS

B.

RDP connection with LDAPS

C.

Web proxy for all remote traffic

D.

Jump server with 802.1X

Question 254

Which of the following attacks primarily targets insecure networks?

Options:

A.

Evil twin

B.

Impersonation

C.

Watering hole

D.

Pretexting

Question 255

Which of the following is a primary security concern for a company setting up a BYOD program?

Options:

A.

End of life

B.

Buffer overflow

C.

VM escape

D.

Jailbreaking

Question 256

Which of the following is the most important element when defining effective security governance?

Options:

A.

Discovering and documenting external considerations

B.

Developing procedures for employee onboarding and offboarding

C.

Assigning roles and responsibilities for owners, controllers, and custodians

D.

Defining and monitoring change management procedures

Question 257

In order to maintain system stability, a company ' s software developers cannot merge updates into the code base without supervisor approval. Which of the following is the best description of this practice?

Options:

A.

Separation of duties

B.

Change management

C.

Vulnerability remediation

D.

Collusion prevention

Question 258

An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. Which of the following types of infections is present on the systems?

Options:

A.

Virus

B.

Trojan

C.

Spyware

D.

Ransomware

Question 259

A security company informs its customers of a new vulnerability that affects web applications. The vulnerability does not have an available patch at the moment. Which of the following best describes this vulnerability?

Options:

A.

Zero-day

B.

XSS

C.

SQLi

D.

Buffer overflow

Question 260

A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?

Options:

A.

Capacity planning

B.

Redundancy

C.

Geographic dispersion

D.

Tablet exercise

Question 261

After creating a contract for IT contractors, the human resources department changed several clauses. The contract has gone through three revisions. Which of the following processes should the human resources department follow to track revisions?

Options:

A.

Version validation

B.

Version changes

C.

Version updates

D.

Version control

Question 262

An employee used a company ' s billing system to issue fraudulent checks. The administrator is looking for evidence of other occurrences of this activity. Which of the following should the administrator examine?

Options:

A.

Application logs

B.

Vulnerability scanner logs

C.

IDS/IPS logs

D.

Firewall logs

Question 263

An organization wants to ensure the integrity of compiled binaries in the production environment. Which of the following security measures would best support this objective?

Options:

A.

Input validation

B.

Code signing

C.

SQL injection

D.

Static analysis

Question 264

An administrator notices that several users are logging in from suspicious IP addresses. After speaking with the users, the administrator determines that the employees were not logging in from those IP addresses and resets the affected users’ passwords. Which of the following should the administrator implement to prevent this type of attack from succeeding in the future?

Options:

A.

Multifactor authentication

B.

Permissions assignment

C.

Access management

D.

Password complexity

Question 265

Which of the following should be used to ensure that a device is inaccessible to a network-connected resource?

Options:

A.

Disablement of unused services

B.

Web application firewall

C.

Host isolation

D.

Network-based IDS

Question 266

A company with a high-availability website is looking to harden its controls at any cost. The company wants to ensure that the site is secure by finding any possible issues. Which of the following would most likely achieve this goal?

Options:

A.

Permission restrictions

B.

Bug bounty program

C.

Vulnerability scan

D.

Reconnaissance

Page: 1 / 89
Total 887 questions