Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: suredis

CompTIA CS0-002 CompTIA CySA+ Certification Exam (CS0-002) Exam Practice Test

Demo: 75 questions
Total 506 questions

CompTIA CySA+ Certification Exam (CS0-002) Questions and Answers

Question 1

A development team uses open-source software and follows an Agile methodology with two-week sprints. Last month, the security team filed a bug for an insecure version of a common library. The DevOps team updated the library on the server, and then the security team rescanned the server to verify it was no longer vulnerable. This month, the security team found the same vulnerability on the server.

Which of the following should be done to correct the cause of the vulnerability?

Options:

A.

Deploy a WAF in front of the application.

B.

Implement a software repository management tool.

C.

Install a HIPS on the server.

D.

Instruct the developers to use input validation in the code.

Question 2

A Chief Information Security Officer (CISO) wants to upgrade an organization's security posture by improving proactive activities associated with attacks from internal and external threats.

Which of the following is the MOST proactive tool or technique that feeds incident response capabilities?

Options:

A.

Development of a hypothesis as part of threat hunting

B.

Log correlation, monitoring, and automated reporting through a SIEM platform

C.

Continuous compliance monitoring using SCAP dashboards

D.

Quarterly vulnerability scanning using credentialed scans

Question 3

An organization suspects it has had a breach, and it is trying to determine the potential impact. The organization knows the following:

  • The source of the breach is linked to an IP located in a foreign country.
  • The breach is isolated to the research and development servers.
  • The hash values of the data before and after the breach are unchanged.
  • The affected servers were regularly patched, and a recent scan showed no vulnerabilities.

Which of the following conclusions can be drawn with respect to the threat and impact? (Choose two.)

Options:

A.

The confidentiality of the data is unaffected.

B.

The threat is an APT.

C.

The source IP of the threat has been spoofed.

D.

The integrity of the data is unaffected.

E.

The threat is an insider.

Question 4

Which of the following software assessment methods would be BEST for gathering data related to an application’s availability during peak times?

Options:

A.

Security regression testing

B.

Stress testing

C.

Static analysis testing

D.

Dynamic analysis testing

E.

User acceptance testing

Question 5

A security analyst is investigating a compromised Linux server. The analyst issues the ps command and receives the following output.

Which of the following commands should the administrator run NEXT to further analyze the compromised system?

Options:

A.

strace /proc/1301

B.

rpm -V openash-server

C.

/bin/la -1 /proc/1301/exe

D.

kill -9 1301

Question 6

A security analyst at a technology solutions firm has uncovered the same vulnerabilities on a vulnerability scan for a long period of time. The vulnerabilities are on systems that are dedicated to the firm's largest client. Which of the following is MOST likely inhibiting the remediation efforts?

Options:

A.

The parties have an MOU between them that could prevent shutting down the systems

B.

There is a potential disruption of the vendor-client relationship

C.

Patches for the vulnerabilities have not been fully tested by the software vendor

D.

There is an SLA with the client that allows very little downtime

Question 7

A human resources employee sends out a mass email to all employees that contains their personnel records. A security analyst is called in to address the concern of the human resources director on how to prevent this from happening in the future.

Which of the following would be the BEST solution to recommend to the director?

Options:

A.

Install a data loss prevention system, and train human resources employees on its use. Provide PII training to all employees at the company. Encrypt PII information.

B.

Enforce encryption on all emails sent within the company. Create a PII program and policy on how to handle datA. Train all human resources employees.

C.

Train all employees. Encrypt data sent on the company network. Bring in privacy personnel to present a plan on how PII should be handled.

D.

Install specific equipment to create a human resources policy that protects PII datA. Train company employees on how to handle PII datA. Outsource all PII to another company. Send the human resources director to training for PII handling.

Question 8

A security analyst working in the SOC recently discovered Balances m which hosts visited a specific set of domains and IPs and became infected with malware. Which of the following is the MOST appropriate action to take in the situation?

Options:

A.

implement an IPS signature for the malware and update the blacklisting for the associated domains and IPs

B.

Implement an IPS signature for the malware and another signature request to Nock all the associated domains and IPs

C.

Implement a change request to the firewall setting to not allow traffic to and from the IPs and domains

D.

Implement an IPS signature for the malware and a change request to the firewall setting to not allow traffic to and from the IPs and domains

Question 9

A security analyst is building a malware analysis lab. The analyst wants to ensure malicious applications are not capable of escaping the virtual machines and pivoting to other networks.

To BEST mitigate this risk, the analyst should use.

Options:

A.

an 802.11ac wireless bridge to create an air gap.

B.

a managed switch to segment the lab into a separate VLAN.

C.

a firewall to isolate the lab network from all other networks.

D.

an unmanaged switch to segment the environments from one another.

Question 10

During an investigation, a security analyst determines suspicious activity occurred during the night shift over the weekend. Further investigation reveals the activity was initiated from an internal IP going to an external website.

Which of the following would be the MOST appropriate recommendation to prevent the activity from happening in the future?

Options:

A.

An IPS signature modification for the specific IP addresses

B.

An IDS signature modification for the specific IP addresses

C.

A firewall rule that will block port 80 traffic

D.

A firewall rule that will block traffic from the specific IP addresses

Question 11

A product manager is working with an analyst to design a new application that will perform as a data analytics platform and will be accessible via a web browser. The product manager suggests using a PaaS provider to host the application.

Which of the following is a security concern when using a PaaS solution?

Options:

A.

The use of infrastructure-as-code capabilities leads to an increased attack surface.

B.

Patching the underlying application server becomes the responsibility of the client.

C.

The application is unable to use encryption at the database level.

D.

Insecure application programming interfaces can lead to data compromise.

Question 12

Which of the following attacks can be prevented by using output encoding?

Options:

A.

Server-side request forgery

B.

Cross-site scripting

C.

SQL injection

D.

Command injection

E.

Cross-site request forgery

F.

Directory traversal

Question 13

A monthly job to install approved vendor software updates and hot fixes recently stopped working. The security team performed a vulnerability scan, which identified several hosts as having some critical OS vulnerabilities, as referenced in the common vulnerabilities and exposures (CVE) database.

Which of the following should the security team do NEXT to resolve the critical findings in the most effective manner? (Choose two.)

Options:

A.

Patch the required hosts with the correct updates and hot fixes, and rescan them for vulnerabilities.

B.

Remove the servers reported to have high and medium vulnerabilities.

C.

Tag the computers with critical findings as a business risk acceptance.

D.

Manually patch the computers on the network, as recommended on the CVE website.

E.

Harden the hosts on the network, as recommended by the NIST framework.

F.

Resolve the monthly job issues and test them before applying them to the production network.

Question 14

A security analyst has observed several incidents within an organization that are affecting one specific piece of hardware on the network. Further investigation reveals the equipment vendor previously released a patch.

Which of the following is the MOST appropriate threat classification for these incidents?

Options:

A.

Known threat

B.

Zero day

C.

Unknown threat

D.

Advanced persistent threat

Question 15

A cybersecurity analyst is contributing to a team hunt on an organization's endpoints.

Which of the following should the analyst do FIRST?

Options:

A.

Write detection logic.

B.

Establish a hypothesis.

C.

Profile the threat actors and activities.

D.

Perform a process analysis.

Question 16

A security analyst is reviewing the following log from an email security service.

Which of the following BEST describes the reason why the email was blocked?

Options:

A.

The To address is invalid.

B.

The email originated from the www.spamfilter.org URL.

C.

The IP address and the remote server name are the same.

D.

The IP address was blacklisted.

E.

The From address is invalid.

Question 17

A security manager has asked an analyst to provide feedback on the results of a penetration lest. After reviewing the results the manager requests information regarding the possible exploitation of vulnerabilities Much of the following information data points would be MOST useful for the analyst to provide to the security manager who would then communicate the risk factors to senior management? (Select TWO)

Options:

A.

Probability

B.

Adversary capability

C.

Attack vector

D.

Impact

E.

Classification

F.

Indicators of compromise

Question 18

A security analyst has discovered trial developers have installed browsers on all development servers in the company's cloud infrastructure and are using them to browse the Internet. Which of the following changes should the security analyst make to BEST protect the environment?

Options:

A.

Create a security rule that blocks Internet access in the development VPC

B.

Place a jumpbox m between the developers' workstations and the development VPC

C.

Remove the administrator profile from the developer user group in identity and access management

D.

Create an alert that is triggered when a developer installs an application on a server

Question 19

Which of me following BEST articulates the benefit of leveraging SCAP in an organization's cybersecurity analysis toolset?

Options:

A.

It automatically performs remedial configuration changes lo enterprise security services

B.

It enables standard checklist and vulnerability analysis expressions for automaton

C.

It establishes a continuous integration environment for software development operations

D.

It provides validation of suspected system vulnerabilities through workflow orchestration

Question 20

Risk management wants IT to implement a solution that will permit an analyst to intercept, execute, and analyze potentially malicious files that are downloaded from the Internet.

Which of the following would BEST provide this solution?

Options:

A.

File fingerprinting

B.

Decomposition of malware

C.

Risk evaluation

D.

Sandboxing

Question 21

A development team signed a contract that requires access to an on-premises physical server. Access must be restricted to authorized users only and cannot be connected to the Internet.

Which of the following solutions would meet this requirement?

Options:

A.

Establish a hosted SSO.

B.

Implement a CASB.

C.

Virtualize the server.

D.

Air gap the server.

Question 22

Which of the following is the use of tools to simulate the ability for an attacker to gain access to a specified network?

Options:

A.

Reverse engineering

B.

Fuzzing

C.

Penetration testing

D.

Network mapping

Question 23

As a proactive threat-hunting technique, hunters must develop situational cases based on likely attack scenarios derived from the available threat intelligence information. After forming the basis of the scenario, which of the following may the threat hunter construct to establish a framework for threat assessment?

Options:

A.

Critical asset list

B.

Threat vector

C.

Attack profile

D.

Hypothesis

Question 24

An organization is moving its infrastructure to the cloud in an effort to meet the budget and reduce staffing requirements. The organization has three environments: development, testing, and production. These environments have interdependencies but must remain relatively segmented.

Which of the following methods would BEST secure the company's infrastructure and be the simplest to manage and maintain?

Options:

A.

Create three separate cloud accounts for each environment. Configure account peering and security rules to allow access to and from each environment.

B.

Create one cloud account with one VPC for all environments. Purchase a virtual firewall and create granular security rules.

C.

Create one cloud account and three separate VPCs for each environment. Create security rules to allow access to and from each environment.

D.

Create three separate cloud accounts for each environment and a single core account for network services. Route all traffic through the core account.

Question 25

A company recently experienced a break-in whereby a number of hardware assets were stolen through unauthorized access at the back of the building. Which of the following would BEST prevent this type of theft from occurring in the future?

Options:

A.

Motion detection

B.

Perimeter fencing

C.

Monitored security cameras

D.

Badged entry

Question 26

A product security analyst has been assigned to evaluate and validate a new products security capabilities Part ot the evaluation involves reviewing design changes at specific intervals tor security deficiencies recommending changes and checking for changes at the next checkpoint Which of the following BEST defines the activity being conducted?

Options:

A.

User acceptance testing

B.

Stress testing

C.

Code review

D.

Security regression testing

Question 27

A small organization has proprietary software that is used internally. The system has not been wen maintained and cannot be updated with the rest or the environment. Which of the following is the BEST solution?

Options:

A.

virtualize the system and decommission the physical machine.

B.

Remove it from the network and require air gapping.

C.

Implement privileged access management for identity access.

D.

Implement MFA on the specific system.

Question 28

industry partners from critical infrastructure organizations were victims of attacks on their SCADA devices. The attacks used privilege escalation to gain access to SCADA administration and access management solutions would help to mitigate this risk?

Options:

A.

Multifactor authentication

B.

Manual access reviews

C.

Endpoint detection and response

D.

Role-based access control

Question 29

A company has a cluster of web servers that is critical to the business. A systems administrator installed a utility to troubleshoot an issue, and the utility caused the entire cluster to 90 offline. Which of the following solutions would work BEST prevent to this from happening again?

Options:

A.

Change management

B.

Application whitelisting

C.

Asset management

D.

Privilege management

Question 30

During a review of SIEM alerts, a securrty analyst discovers the SIEM is receiving many alerts per day from the file-integrity monitoring toot about files from a newly deployed application that should not change. Which of the following steps should the analyst complete FIRST to respond to the issue7

Options:

A.

Warn the incident response team that the server can be compromised

B.

Open a ticket informing the development team about the alerts

C.

Check if temporary files are being monitored

D.

Dismiss the alert, as the new application is still being adapted to the environment

Question 31

A security is reviewing a vulnerability scan report and notes the following finding:

As part of the detection and analysis procedures, which of the following should the analyst do NEXT?

Options:

A.

Patch or reimage the device to complete the recovery

B.

Restart the antiviruses running processes

C.

Isolate the host from the network to prevent exposure

D.

Confirm the workstation's signatures against the most current signatures.

Question 32

A security analyst is investigating a reported phishing attempt that was received by many users throughout the company The text of one of the emails is shown below:

Office 365 User.

It looks like you account has been locked out Please click this link and follow the pfompts to restore access

Regards.

Security Team

Due to the size of the company and the high storage requirements, the company does not log DNS requests or perform packet captures of network traffic, but rt does log network flow data Which of the following commands will the analyst most likely execute NEXT?

Options:

A.

telnet office365.com 25

B.

tracert 122.167.40.119

C.

curl http:// accountfix-office365.com/login. php

D.

nslookup accountfix-office365.com

Question 33

A security analyst needs to determine the best method for securing access to a top-secret datacenter Along with an access card and PIN code, which of the following additional authentication methods would be BEST to enhance the datacenter's security?

Options:

A.

Physical key

B.

Retinal scan

C.

Passphrase

D.

Fingerprint

Question 34

A company wants to configure the environment to allow passive network monitonng. To avoid disrupting the sensitive network, which of the following must be supported by the scanner's NIC to assist with the company's request?

Options:

A.

Port bridging

B.

Tunnel all mode

C.

Full-duplex mode

D.

Port mirroring

E.

Promiscuous mode

Question 35

A customer notifies a security analyst that a web application is vulnerable to information disclosure The analyst needs to indicate the seventy of the vulnerability based on its CVSS score, which the analyst needs to calculate When analyzing the vulnerability the analyst realizes that tor the attack to be successful, the Tomcat configuration file must be modified Which of the following values should the security analyst choose when evaluating the CVSS score?

Options:

A.

Network

B.

Physical

C.

Adjacent

D.

Local

Question 36

An organization has specific technical nsk mitigation configurations that must be implemented before a new server can be approved for production Several critical servers were recently deployed with the antivirus missing unnecessary ports disabled and insufficient password complexity Which of the following should the analyst recommend to prevent a recurrence of this risk exposure?

Options:

A.

Perform password-cracking attempts on all devices going into production

B.

Perform an Nmap scan on all devices before they are released to production

C.

Perform antivirus scans on all devices before they are approved for production

D.

Perform automated security controls testing of expected configurations pnor to production

Question 37

A company has alerted planning the implemented a vulnerability management procedure. However, to security maturity level is low, so there are some prerequisites to complete before risk calculation and prioritization. Which of the following should be completed FIRST?

Options:

A.

A business Impact analysis

B.

A system assessment

C.

Communication of the risk factors

D.

A risk identification process

Question 38

White reviewing incident reports from the previous night, a security analyst notices the corporate websites were defaced with po mcai propaganda. Which of the following BEST Describes this type of actor?

Options:

A.

Hacktivist

B.

Nation-state

C.

insider threat

D.

Organized crime

Question 39

While conducting a cloud assessment, a security analyst performs a Prowler scan, which generates the following within the report:

Based on the Prowler report, which of the following is the BEST recommendation?

Options:

A.

Delete CloudDev access key 1.

B.

Delete BusinessUsr access key 1.

C.

Delete access key 1.

D.

Delete access key 2.

Question 40

A help desk technician inadvertently sent the credentials of the company's CRM n clear text to an employee's personal email account. The technician then reset the employee's account using the appropriate process and the employee's corporate email, and notified the security team of the incident According to the incident response procedure, which of the following should the security team do NEXT?

Options:

A.

Contact the CRM vendor.

B.

Prepare an incident summary report.

C.

Perform postmortem data correlation.

D.

Update the incident response plan.

Question 41

A security analyst at exampte.com receives a SIEM alert for an IDS signature and reviews the associated packet capture and TCP stream:

Winch of the following actions should the security analyst lake NEXT?

Options:

A.

Review the known Apache vulnerabilities to determine if a compromise actually occurred

B.

Contact the application owner for connect example local tor additional information

C.

Mark the alert as a false positive scan coming from an approved source.

D.

Raise a request to the firewall team to block 203.0.113.15.

Question 42

During an audit several customer order forms were found to contain inconsistencies between the actual price of an item and the amount charged to the customer Further investigation narrowed the cause of the issue to manipulation of the public-facing web form used by customers to order products Which of the following would be the BEST way to locate this issue?

Options:

A.

Reduce the session timeout threshold

B.

Deploy MFA for access to the web server

C.

Implement input validation

D.

Run a static code scan

Question 43

A financial organization has offices located globally. Per the organization’s policies and procedures, all executives who conduct Business overseas must have their mobile devices checked for malicious software or evidence of tempering upon their return. The information security department oversees the process, and no executive has had a device compromised. The Chief information Security Officer wants to Implement an additional safeguard to protect the organization's data. Which of the following controls would work BEST to protect the privacy of the data if a device is stolen?

Options:

A.

Implement a mobile device wiping solution for use if a device is lost or stolen.

B.

Install a DLP solution to track data now

C.

Install an encryption solution on all mobile devices.

D.

Train employees to report a lost or stolen laptop to the security department immediately

Question 44

While monitoring the information security notification mailbox, a security analyst notices several emails were repotted as spam. Which of the following should the analyst do FIRST?

Options:

A.

Block the sender In the email gateway.

B.

Delete the email from the company's email servers.

C.

Ask the sender to stop sending messages.

D.

Review the message in a secure environment.

Question 45

A company's security team recently discovered a number of workstations that are at the end of life. The workstation vendor informs the team that the product is no longer supported and patches are no longer available The company is not prepared to cease its use of these workstations Which of the following would be the BEST method to protect these workstations from threats?

Options:

A.

Deploy whitelisting to the identified workstations to limit the attack surface

B.

Determine the system process cntcalrty and document it

C.

Isolate the workstations and air gap them when it is feasible

D.

Increase security monitoring on the workstations

Question 46

An organization wants to implement a privileged access management solution to belter manage the use ot emergency and privileged service accounts Which of the following would BEST satisfy the organization's goal?

Options:

A.

Access control lists

B.

Discretionary access controls

C.

Policy-based access controls

D.

Credential vaulting

Question 47

A business recently acquired a software company. The software company's security posture is unknown. However, based on an assessment, there are limited security controls. No significant security monitoring exists. Which of the following is the NEXT step that should be completed to obtain information about the software company's security posture?

Options:

A.

Develop an asset inventory to determine the systems within the software company

B.

Review relevant network drawings, diagrams and documentation

C.

Perform penetration tests against the software company's Internal and external networks

D.

Baseline the software company's network to determine the ports and protocols in use.

Question 48

The Chief information Officer of a large cloud software vendor reports that many employees are falling victim to phishing emails because they appear to come from other employees. Which of the following would BEST prevent this issue

Options:

A.

Induce digital signatures on messages originating within the company.

B.

Require users authenticate to the SMTP server

C.

Implement DKIM to perform authentication that will prevent this Issue.

D.

Set up an email analysis solution that looks for known malicious Iinks within the email.

Question 49

A company wants to ensure confidential data from its storage media files is sanitized so the drives cannot oe reused. Which of the following is the BEST approach?

Options:

A.

Degaussing

B.

Shredding

C.

Formatting

D.

Encrypting

Question 50

A security analyst is running a tool against an executable of an unknown source. The Input supplied by the tool to the executable program and the output from the executable are shown below:

Which of the following should the analyst report after viewing this Information?

Options:

A.

A dynamic library that is needed by the executable a missing

B.

Input can be crafted to trigger an Infection attack in the executable

C.

The toot caused a buffer overflow in the executable's memory

D.

The executable attempted to execute a malicious command

Question 51

A security analyst has discovered malware is spreading across multiple critical systems and is originating from a single workstations, which belongs to a member of the cyber-infrastructure team who has legitimate administrator credentials. An analysis of the traffic indicates the workstation swept the networking looking for vulnerable hosts to infect. Which of the following would have worked BEST to prevent the spread of this infection?

Options:

A.

Vulnerability scans of the network and proper patching.

B.

A properly configured and updated EDR solution.

C.

A honeypot used to catalog the anomalous behavior and update the IPS.

D.

Logical network segmentation and the use of jump boxes

Question 52

A forensic analyst took an image of a workstation that was involved in an incident To BEST ensure the image is not tampered with me analyst should use:

Options:

A.

hashing

B.

backup tapes

C.

a legal hold

D.

chain of custody.

Question 53

A security analyst recently used Arachni to perform a vulnerability assessment of a newly developed web application. The analyst is concerned about the following output:

Which of the following is the MOST likely reason for this vulnerability?

Options:

A.

The developer set input validation protection on the specific field of search.aspx.

B.

The developer did not set proper cross-site scripting protections in the header.

C.

The developer did not implement default protections in the web application build.

D.

The developer did not set proper cross-site request forgery protections.

Question 54

An organization is experiencing issues with emails that are being sent to external recipients Incoming emails to the organization are working fine. A security analyst receives the following screenshot ot email error from the help desk.

The analyst the checks the email server and sees many of the following messages in the logs.

Error 550 - Message rejected

Which of the following is MOST likely the issue?

Options:

A.

The DMARC queue is full

B.

SPF is failing.

C.

Port 25 is not open.

D.

The DKIM private key has expired

Question 55

In system hardening, which of the following types of vulnerability scans would work BEST to verify the scanned device meets security policies?

Options:

A.

SCAP

B.

Burp Suite

C.

OWASP ZAP

D.

Unauthenticated

Question 56

During an investigation, an analyst discovers the following rule in an executive’s email client:

IF * TO THEN mailto:

SELECT FROM ‘sent’ THEN DELETE FROM

The executive is not aware of this rule. Which of the following should the analyst do FIRST to evaluate the potential impact of this security incident?

Options:

A.

Check the server logs to evaluate which emails were sent to

B.

Use the SIEM to correlate logging events from the email server and the domain server

C.

Remove the rule from the email client and change the password

D.

Recommend that management implement SPF and DKIM

Question 57

A company recently experienced financial fraud, which included shared passwords being compromised and improper levels of access being granted The company has asked a security analyst to help

improve its controls.

Which of the following will MOST likely help the security analyst develop better controls?

Options:

A.

An evidence summarization

B.

An indicator of compromise

C.

An incident response plan

D.

A lessons-learned report

Question 58

Which of the following is MOST closely related to the concept of privacy?

Options:

A.

An individual's control over personal information

B.

A policy implementing strong identity management processes

C.

A system's ability to protect the confidentiality of sensitive information

D.

The implementation of confidentiality, integrity, and availability

Question 59

Which of the following is the BEST security practice to prevent ActiveX controls from running malicious code on a user's web application?

Options:

A.

Configuring a firewall to block traffic on ports that use ActiveX controls

B.

Adjusting the web-browser settings to block ActiveX controls

C.

Installing network-based IPS to block malicious ActiveX code

D.

Deploying HIPS to block malicious ActiveX code

Question 60

A company wants to outsource a key human-resources application service to remote employees as a SaaS-based cloud solution. The company's GREATEST concern should be the SaaS provider's:

Options:

A.

DLP procedures.

B.

logging and monitoring capabilities.

C.

data protection capabilities.

D.

SLA for system uptime.

Question 61

A company wants to reduce the cost of deploying servers to support increased network growth. The company is currently unable to keep up with the demand, so it wants to outsource the infrastructure to a cloud-based solution.

Which of the following is the GREATEST threat for the company to consider when outsourcing its infrastructure?

Options:

A.

The cloud service provider is unable to provide sufficient logging and monitoring.

B.

The cloud service provider is unable to issue sufficient documentation for configurations.

C.

The cloud service provider conducts a system backup each weekend and once a week during peak business times.

D.

The cloud service provider has an SLA for system uptime that is lower than 99 9%.

Question 62

During an incident investigation, a security analyst acquired a malicious file that was used as a backdoor but was not detected by the antivirus application. After performing a reverse-engineering procedure, the analyst found that part of the code was obfuscated to avoid signature detection. Which of the following types of instructions should the analyst use to understand how the malware was obfuscated and to help deobfuscate it?

Options:

A.

MOV

B.

ADD

C.

XOR

D.

SUB

E.

MOVL

Question 63

Clients are unable to access a company’s API to obtain pricing data. An analyst discovers sources other than

clients are scraping the API for data, which is causing the servers to exceed available resources. Which of the

following would be BEST to protect the availability of the APIs?

Options:

A.

IP whitelisting

B.

Certificate-based authentication

C.

Virtual private network

D.

Web application firewall

Question 64

A custom script currently monitors real-time logs of a SAMIL authentication server to mitigate brute-force attacks. Which of the following is a concern when moving authentication to a cloud service?

Options:

A.

Logs may contain incorrect information.

B.

SAML logging is not supported for cloud-based authentication.

C.

Access to logs may be delayed for some time.

D.

Log data may be visible to other customers.

Question 65

A critical server was compromised by malware, and all functionality was lost. Backups of this server were taken; however, management believes a logic bomb may have been injected by a rootkit. Which of the following should a security analyst perform to restore functionality quickly?

Options:

A.

Work backward, restoring each backup until the server is clean

B.

Restore the previous backup and scan with a live boot anti-malware scanner

C.

Stand up a new server and restore critical data from backups

D.

Offload the critical data to a new server and continue operations

Question 66

A security analyst needs to perform a search for connections with a suspicious IP on the network traffic. The company collects full packet captures at the Internet gateway and retains them for one week. Which of the following will enable the analyst to obtain the BEST results?

Options:

A.

tcpdump –n –r internet.pcap host

B.

strings internet.pcap | grep

C.

grep –a internet.pcap

D.

npcapd internet.pcap | grep

Question 67

A small marketing firm uses many SaaS applications that hold sensitive information The firm has discovered terminated employees are retaining access to systems for many weeks after their end date. Which of the following would BEST resolve the issue of lingering access?

Options:

A.

Configure federated authentication with SSO on cloud provider systems.

B.

Perform weekly manual reviews on system access to uncover any issues.

C.

Implement MFA on cloud-based systems.

D.

Set up a privileged access management tool that can fully manage privileged account access.

Question 68

The Chief Information Officer (CIO) for a large manufacturing organization has noticed a significant number of unknown devices with possible malware infections are on the organization's corporate network.

Which of the following would work BEST to prevent the issue?

Options:

A.

Reconfigure the NAC solution to prevent access based on a full device profile and ensure antivirus is installed.

B.

Segment the network to isolate all systems that contain highly sensitive information, such as intellectual property.

C.

Implement certificate validation on the VPN to ensure only employees with the certificate can access the company network.

D.

Update the antivirus configuration to enable behavioral and real-time analysis on all systems within the network.

Question 69

Legacy medical equipment, which contains sensitive data, cannot be patched. Which of the following is the BEST solution to improve the equipment's security posture?

Options:

A.

Move the legacy systems behind a WAF

B.

Implement an air gap for the legacy systems.

C.

Implement a VPN between the legacy systems and the local network.

D.

Place the legacy systems in the DMZ

Question 70

An organization that uses SPF has been notified emails sent via its authorized third-party partner are getting rejected A security analyst reviews the DNS entry and sees the following:

v=spf1 ip4:180.10.6.5 ip4:180.10.6.10 include:robustmail.com –all

The organization's primary mail server IP is 180.10 6.6, and the secondary mail server IP is 180.10.6.5. The organization's third-party mail provider is "Robust Mail" with the domain name robustmail.com.

Which of the following is the MOST likely reason for the rejected emails?

Options:

A.

The wrong domain name is in the SPF record.

B.

The primary and secondary email server IP addresses are out of sequence.

C.

SPF version 1 does not support third-party providers

D.

An incorrect IP version is being used.

Question 71

A company recently experienced multiple DNS DDoS attacks, and the information security analyst must provide a DDoS solution to deploy in the company's datacenter Which of the following would BEST prevent future attacks?

Options:

A.

Configure a sinkhole on the router.

B.

Buy a UTM to block the number of requests.

C.

Route the queries on the DNS server to 127.0.0.1.

D.

Call the Internet service provider to block the attack.

Question 72

An organisation is assessing risks so it can prioritize its mitigation actions. Following are the risks and their probability and impact:

Which of the following is the order of priority for risk mitigation from highest to lowest?

Options:

A.

A, B, C, D

B.

A, D, B, C

C.

B, C, A, D

D.

C, B, D, A

E.

D, A, C, B

Question 73

A proposed network architecture requires systems to be separated from each other logically based on defined risk levels. Which of the following explains the reason why an architect would set up the network this way?

Options:

A.

To complicate the network and frustrate a potential malicious attacker

B.

To reduce the number of IP addresses that are used on the network

C.

To reduce the attack surface of those systems by segmenting the network based on risk

D.

To create a design that simplifies the supporting network

Question 74

A security analyst is investigating an incident that appears to have started with SOL injection against a publicly available web application. Which of the following is the FIRST step the analyst should take to prevent future attacks?

Options:

A.

Modify the IDS rules to have a signature for SQL injection.

B.

Take the server offline to prevent continued SQL injection attacks.

C.

Create a WAF rule In block mode for SQL injection

D.

Ask the developers to implement parameterized SQL queries.

Question 75

Which of the following threat classifications would MOST likely use polymorphic code?

Options:

A.

Known threat

B.

Zero-day threat

C.

Unknown threat

D.

Advanced persistent threat

Demo: 75 questions
Total 506 questions