Halloween Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

CompTIA SY0-601 CompTIA Security+ Exam 2023 Exam Practice Test

Demo: 318 questions
Total 1063 questions

CompTIA Security+ Exam 2023 Questions and Answers

Question 1

A security analyst inspects the following log:

Which of the following was attempted?

Options:

A.

Command injection

B.

Buffer overflow

C.

Privilege escalation

D.

Directory traversal

Question 2

A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings indicated that a web application form field is vulnerable to cross-site scripting. Which of the following application security techniques should the security analyst recommend the developer implement to prevent this vulnerability?

Options:

A.

Secure cookies

B.

Version control

C.

Input validation

D.

Code signing

Question 3

The Chief Information Security Officer wants to put security measures in place to protect Pll. The organization needs to use its existing labeling and classification system to accomplish this goal. Which of the following would most likely be configured to meet the requirements?

Options:

A.

Tokenization

B.

S/MIME

C.

DLP

D.

MFA

Question 4

A systems administrator is redesigning how devices will perform network authentication. The following requirements need to be met:

• An existing internal certificate must be used.

• Wired and wireless networks must be supported.

• Any unapproved device should be isolated in a quarantine subnet.

• Approved devices should be updated before accessing resources.

Which of the following would best meet the requirements?

Options:

A.

802.1X

B.

EAP

C.

RADIUS

D.

WPA2

Question 5

A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 802.1X for access control. To be allowed on the network, a device must have a known hardware address, and a valid username and password must be entered in a captive portal. The following is the audit report:

Which of the following is the most likely way a rogue device was allowed to connect?

Options:

A.

A user performed a MAC cloning attack with a personal device.

B.

A DHCP failure caused an incorrect IP address to be distributed.

C.

An administrator bypassed the security controls for testing.

D.

DNS hijacking let an attacker intercept the captive portal traffic.

Question 6

An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?

Options:

A.

Real-time recovery

B.

Hot

C.

Cold

D.

Warm

Question 7

A third-party vendor is moving a particular application to the end-of-life stage at the end of the current year. Which of the following is the most critical risk if the company chooses to continue running the application?

Options:

A.

Lack of security updates

B.

Lack of new features

C.

Lack of support

D.

Lack of source code access

Question 8

An organization would like to gain actionable intelligence about real attacker techniques used against its systems. Which of the following should the organization use to best achieve this objective?

Options:

A.

Antivirus

B.

Honeypot

C.

Firewall

D.

Sensor

Question 9

Which of the following is best used to detect fraud by assigning employees to different roles?

Options:

A.

Least privilege

B.

Mandatory vacation

C.

Separation of duties

D.

Job rotation

Question 10

Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?

Options:

A.

Software as a service

B.

Infrastructure as code

C.

Internet of Things

D.

Software-defined networking

Question 11

As accounting clerk sent money to an attacker’s bank account after receiving fraudulent instructions to use a new account. Which of the following would most likely prevent this activity in the future?

Options:

A.

Standardizing security incident reporting

B.

Executing regular phishing campaigns

C.

Implementing insider threat detection measures

D.

Updating processes for sending wire transfers

Question 12

Which of the following provides guidelines for the management and reduction of information security risk?

Options:

A.

CIS

B.

NISTCSF

C.

ISO

D.

PCIDSS

Question 13

A company prevented direct access from the database administrators' workstations to the network segment that contains database servers. Which of the following should a database administrator use to access the database servers?

Options:

A.

Jump server

B.

RADIUS

C.

HSM

D.

Load balancer

Question 14

A security audit of an organization revealed that most of the IT staff members have domain administrator credentials and do not change the passwords regularly. Which of the following solutions should the security team propose to resolve the findings in the most complete way?

Options:

A.

Creating group policies to enforce password rotation on domain administrator credentials

B.

Reviewing the domain administrator group, removing all unnecessary administrators, and rotating all passwords

C.

Integrating the domain administrator's group with an IdP and requiring SSO with MFA for all access

D.

Securing domain administrator credentials in a PAM vault and controlling access with role-based access control

Question 15

While investigating a recent security breach an analyst finds that an attacker gained access by SQL injection through a company website Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?

Options:

A.

Secure cookies

B.

Input sanitization

C.

Code signing

D.

Blocklist

Question 16

Several employees received a fraudulent text message from someone claiming to be the Chief Executive Officer (CEO). The message stated:

'Tm in an airport right now with no access to email. I need you to buy gift cards for employee recognition awards. Please send the gift cards to following email address."

Which of the following are the best responses to this situation? (Select two).

Options:

A.

Cancel current employee recognition gift cards.

B.

Add a smishing exercise to the annual company training.

C.

Issue a general email warning to the company.

D.

Have the CEO change phone numbers.

E.

Conduct a forensic investigation on the CEO's phone.

F.

Implement mobile device management.

Question 17

A security team has been alerted to a flood of incoming emails that have various subject lines and are addressed to multiple email inboxes. Each email contains a URL shortener link that is redirecting to a dead domain. Which of the following is the best step for the security team to take?

Options:

A.

Create a blocklist for all subject lines.

B.

Send the dead domain to a DNS sinkhole.

C.

Quarantine all emails received and notify all employees.

D.

Block the URL shortener domain in the web proxy

Question 18

During the past year, an organization has experienced several intellectual property leaks by an unidentified source. Which of the following risk management policies will help the company identify the source of this issue?

Options:

A.

Requiring all personnel to sign an acceptable use policy

B.

Implementing mandatory vacations

C.

Conducting criminal background checks

D.

Applying data retention standards to all databases

Question 19

An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Select two).

Options:

A.

Typosquatting

B.

Phishing

C.

Impersonation

D.

Vishing

E.

Smishing

F.

Misinformation

Question 20

A company is required to perform a risk assessment on an annual basis. Which of the following types of risk assessments does this requirement describe?

Options:

A.

Continuous

B.

Ad hoc

C.

Recurring

D.

One time

Question 21

During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?

Options:

A.

Analysis

B.

Lessons learned

C.

Detection

D.

Containment

Question 22

A company wants to ensure that all devices are secured properly through the MDM solution so that, if remote wipe fails, access to the data will still be inaccessible offline. Which of the following would need to be configured?

Options:

A.

Full device encryption

B.

Geolocation

C.

Screen locks

D.

Content management

Question 23

An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?

Options:

A.

Exception

B.

Segmentation

C.

Risk transfer

D.

Compensating controls

Question 24

A company hired a security manager from outside the organization to lead security operations. Which of the following actions should the security manager perform first in this new role?

Options:

A.

Establish a security baseline.

B.

Review security policies.

C.

Adopt security benchmarks.

D.

Perform a user ID revalidation.

Question 25

An organization implemented cloud-managed IP cameras to monitor building entry points and sensitive areas. The service provider enables direct TCP/IP connection to stream live video footage from each camera. The organization wants to ensure this stream is encrypted and authenticated. Which of the following protocols should be implemented to best meet this objective?

Options:

A.

SSH

B.

SRTP

C.

S/MIME

D.

PPTP

Question 26

An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?

Options:

A.

Secured zones

B.

Subject role

C.

Adaptive identity

D.

Threat scope reduction

Question 27

A security administrator is reviewing reports about suspicious network activity occurring on a subnet Users on the network report that connectivity to various websites is intermittent. The administrator logs in to a workstation and reviews the following command output:

Which of the following best describes what is occurring on the network?

Options:

A.

ARP poisoning

B.

On-path attack

C.

URL redirection

D.

IP address conflicts

Question 28

A company uses a SaaS vendor to host its customer database. The company would like to reduce the risk of customer data exposure if the systems are breached. Which of the following risks should the company focus on to achieve this objective?

Options:

A.

Weak encryption

B.

Outsourced code development

C.

Supply chain

D.

Open ports and services

Question 29

Which of the following best describes a social engineering attack that uses a targeted electronic messaging campaign aimed at a Chief Executive Officer?

Options:

A.

Whaling

B.

Spear phishing

C.

Impersonation

D.

Identity fraud

Question 30

Two companies are in the process of merging. The companies need to decide how to standardize the

Options:

A.

Shared deployment of CIS baselines

B.

Joint cybersecurity best practices

C.

Both companies following the same CSF

D.

Assessment of controls in a vulnerably report

Question 31

A security analyst is responding to a malware incident at a company. The malware connects to a command-and-control server on the internet in order to function. Which of the following should the security analyst implement first?

Options:

A.

Network segmentation

B.

IP-based firewall rules

C.

Mobile device management

D.

Content filter

Question 32

A company hired an external consultant to assist with required system upgrades to a critical business application. A systems administrator needs to secure the consultant's access without sharing passwords to critical systems. Which of the following solutions should most likely be utilized?

Options:

A.

TACACS+

B.

SAML

C.

An SSO platform

D.

Role-based access control

E.

PAM software

Question 33

A user reports performance issues when accessing certain network fileshares The network team determines endpoint traffic is reaching one of the filestores but is being dropped on the return traffic Which of the following should be corrected to solve this issue?

Options:

A.

Host-based firewall settings

B.

Antivirus software on the host

C.

The intrusion detection system configuration

D.

The /etc/hosts file on the server

Question 34

Various stakeholders are meeting to discuss their hypothetical roles and responsibilities in a specific situation, such as a security incident or major disaster. Which of the following best describes this meeting?

Options:

A.

Penetration test

B.

Continuity of operations planning

C.

Tabletop exercise

D.

Simulation

Question 35

The Chief Information Security Officer (CISO) at a large company would like to gain an understanding of how the company’s security policies compare to the requirements imposed by external regulators. Which of the following should the CISO use?

Options:

A.

Penetration test

B.

Internal audit

C.

Attestation

D.

External examination

Question 36

Which of the following is used to describe discrete characteristics of a potential weakness that results in a seventy number?

Options:

A.

CVSS

B.

CVE

C.

CAR

D.

CERT

Question 37

A security team received the following requirements for a new BYOD program that will allow employees to use personal smartphones to access business email:

• Sensitive customer data must be safeguarded

• Documents from managed sources should not be opened in unmanaged destinations.

• Sharing of managed documents must be disabled

• Employees should not be able to download emailed images to their devices

• Personal photos and contact lists must be kept private

• IT must be able to remove data from lost/stolen devices or when an employee no longer works for the company

Which of the following are the best features to enable to meet these requirements? (Select two).

Options:

A.

Remote wipe

B.

VPN connection

C.

Biometric authentication

D.

Device location tracking

E.

Geofencing

F.

Application approve list

G.

Containerization

Question 38

An organization wants to ensure the integrity of compiled binaries in the production environment. Which of the following security measures would best support this objective?

Options:

A.

Input validation

B.

Code signing

C.

SQL injection

D.

Static analysis

Question 39

Which of the following is the final step of the incident response process?

Options:

A.

Lessons learned

B.

Eradication

C.

Containment

D.

Recovery

Question 40

Which of the following assists in training employees on the importance of cybersecurity?

Options:

A.

Phishing campaigns

B.

Acceptable use policy

C.

Employee handbook

D.

Social media analysis

Question 41

Which of the following methods to secure credit card data is best to use when a requirement is to see only the last four numbers on a credit card?

Options:

A.

Encryption

B.

Hashing

C.

Masking

D.

Tokenization

Question 42

Which of the following best explains why physical security controls are important in creating a secure environment?

Options:

A.

To prevent external actors from obtaining sensitive data for social engineering attacks

B.

To allow different networks to work together without compromising the confidentiality of data

C.

To ensure only authorized users have the ability to obtain direct access to systems or data

D.

To reduce an attacker's ability to perform low-level or easier attacks against a network

Question 43

A recent vulnerability scan revealed multiple servers have non-standard ports open for applications that are no longer in use. The security team is working to ensure all devices are patched and hardened. Which of the following would the security team perform to ensure the task is completed with minimal impact to production?

Options:

A.

Enable HIDS on all servers and endpoints.

B.

Disable unnecessary services.

C.

Configure the deny list appropriately on the NGFW.

D.

Ensure the antivirus is up to date.

Question 44

An organization wants a third-party vendor to do a penetration test that targets a specific device. The organization has provided basic information about the device. Which of the following best describes this kind of penetration test?

Options:

A.

Partially known environment

B.

Unknown environment

C.

Integrated

D.

Known environment

Question 45

Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?

Options:

A.

Prepara

B.

Recovery

C.

Lessons learned

D.

Analysis

Question 46

A security analyst is reviewing the following system command history on a computer that was recently utilized in a larger attack on the corporate infrastructure

Which of the following best describes what the analyst has discovered?

Options:

A.

A successful privilege escalation attack by a local user

B.

A user determining what level of permissions the user has

C.

A systems administrator performing routine maintenance

D.

An attempt to utilize living-off-the-land binaries

Question 47

A security analyst locates a potentially malicious video file on a server and needs to identify both the creation date and the file's creator. Which of the following actions would most likely give the security analyst the information required?

Options:

A.

Obtain the file's SHA-256 hash.

B.

Use hexdump on the file's contents.

C.

Check endpoint logs.

D.

Query the file's metadata.

Question 48

Which of the following utilizes public and private keys to secure data?

Options:

A.

Password hash

B.

Block cipher

C.

Asymmetric encryption

D.

Steganography

Question 49

After a security incident, a systems administrator asks the company to buy a NAC platform. Which of the following attack surfaces is the systems administrator trying to protect?

Options:

A.

Bluetooth

B.

Wired

C.

NFC

D.

SCADA

Question 50

A security operations center would like to be able to test and observe the behavior of new software executables for malicious activity. Which of the following should the security operations center implement?

Options:

A.

Fuzzing

B.

OS hardening

C.

Sandboxing

D.

Trusted Platform Module

Question 51

A spoofed identity was detected for a digital certificate. Which of the following are the type of unidentified key and the certificate that could be in use on the company domain?

Options:

A.

Private key and root certificate

B.

Public key and expired certificate

C.

Private key and self-signed certificate

D.

Public key and wildcard certificate

Question 52

A company is currently utilizing usernames and passwords, and it wants to integrate an MFA method that is seamless, can integrate easily into a user's workflow, and can utilize employee-owned devices. Which of the following will meet these requirements?

Options:

A.

Push notifications

B.

Phone call

C.

Smart card

D.

Offline backup codes

Question 53

An organization is concerned about hackers bypassing MFA through social engineering of phone carriers. Which of the following would most likely protect against such an attack?

Options:

A.

Receiving alerts about unusual log-in activity

B.

Receiving a six-digit code via SMS

C.

Receiving a push notification to a mobile application

D.

Receiving a phone call for automated approval

Question 54

Which of the following is used to add extra complexity before using a one-way data transformation algorithm?

Options:

A.

Key stretching

B.

Data masking

C.

Steganography

D.

Salting

Question 55

A company has begun labeling all laptops with asset inventory stickers and associating them with employee IDs. Which of the following security benefits do these actions provide? (Select two).

Options:

A.

If a security incident occurs on the device, the correct employee can be notified.

B.

The security team will be able to send user awareness training to the appropriate device.

C.

Users can be mapped to their devices when configuring software MFA tokens.

D.

User-based firewall policies can be correctly targeted to the appropriate laptops.

E.

When conducting penetration testing, the security team will be able to target the desired laptops.

F.

Company data can be accounted for when the employee leaves the organization.

Question 56

An organization's internet-facing website was compromised when an attacker exploited a buffer overflow. Which of the following should the organization deploy to best protect against similar attacks in the future?

Options:

A.

NGFW

B.

WAF

C.

TLS

D.

SD-WAN

Question 57

An analyst is reviewing an incident in which a user clicked on a link in a phishing email. Which of the following log sources would the analyst utilize to determine whether the connection was successful?

Options:

A.

Network

B.

System

C.

Application

D.

Authentication

Question 58

An organization would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network. Which of the following should the administrator use to accomplish this goal?

Options:

A.

Segmentation

B.

Isolation

C.

Patching

D.

Encryption

Question 59

Users are reporting performance issues from a specific application server A security administrator notices that user traffic is being intermittently denied depending on which load balancer the traffic is originating from Which of the following types of log files should be used to capture this information?

Options:

A.

Session traffic

B.

Syslog data

C.

Security events

D.

DNS responses

E.

Authentication

Question 60

A security analyst is working with a vendor to get a new SaaS application deployed to an enterprise. The analyst wants to ensure role-based security policies are correctly applied as users access the application. Which of the following is most likely to solve the issue?

Options:

A.

CASB

B.

AUP

C.

NG-SWG

D.

VPC endpoint

Question 61

An employee in the accounting department receives an email containing a demand for payment for services performed by a vendor. However, the vendor is not in the vendor management database. Which of the following is this scenario an example of?

Options:

A.

Pretexting

B.

Impersonation

C.

Ransomware

D.

Invoice scam

Question 62

Since a recent upgrade to a WLAN infrastructure, several mobile users have been unable to access the internet from the lobby. The networking team performs a heat map survey of the building and finds several WAPs in the area The WAPs are using similar frequencies with high power settings. Which of the following installation considerations should the security team evaluate next?

Options:

A.

Channel overlap

B.

Encryption type

C.

New WLAN deployment

D.

WAP placement

Question 63

An application server is published directly on the internet with a public IP address Which of the following should the administrator use to monitor the application traffic?

Options:

A.

WAF

B.

Content filter

C.

NAT

D.

Perimeter network

Question 64

The cybersecurity investigation team is requesting a budget increase m order to purchase and implement a commercial tool for collecting information. The information might include disk images and volatile memory from computers used by remote employees Which of the following digital forensic categories does the company want to implement?

Options:

A.

Integrity

B.

E-discovery

C.

Acquisition

D.

Non-repudiation

Question 65

A large retail store's network was breached recently. and this news was made public. The Store did not lose any intellectual property, and no customer information was stolen. Although no fines were incurred as a result, the Store lost revenue after the breach. Which of the following is the

most likely reason for this issue?

Options:

A.

Employee training

B.

Leadership changes

C.

Reputation

D.

Identity theft

Question 66

Which of the following is most likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented?

Options:

A.

An RTO report

B.

A risk register

C.

A business impact analysis

D.

An asset value register

E.

A disaster recovery plan

Question 67

A security analyst discovers that a company's username and password database were posted on an internet forum. The usernames and passwords are stored in plaintext. Which of the following would mitigate the damage done by this type of data exfiltration in the future?

Options:

A.

Create DLP controls that prevent documents from leaving the network.

B.

Implement salting and hashing.

C.

Configure the web content filter to block access to the forum.

D.

Increase password complexity requirements.

Question 68

Which of the following best describes configuring devices to log to a centralized, off-site location for possible future reference?

Options:

A.

Log aggregation

B.

DLP

C.

Archiving

D.

SCAP

Question 69

A company wants the ability to restrict web access and monitor the websites that employees visit, Which Of the following would best meet these requirements?

Options:

A.

Internet Proxy

B.

VPN

C.

WAF

D.

Firewall

Question 70

Which of the following types of controls is a turnstile?

Options:

A.

Physical

B.

Detective

C.

Corrective

D.

Technical

Question 71

Which of the following is constantly scanned by internet bots and has the highest risk of attack in the case of the default configurations?

Options:

A.

Wearable sensors

B.

Raspberry Pi

C.

Surveillance systems

D.

Real-time operating systems

Question 72

Which of the following roles is responsible for defining the protection type and Classification type for a given set of files?

Options:

A.

General counsel

B.

Data owner

C.

Risk manager

D.

Chief Information Officer

Question 73

Security analysts notice a server login from a user who has been on vacation for two weeks, The an-alysts confirm that the user did not log in to the system while on vacation After reviewing packet capture the analysts notice the following:

Which of the following occurred?

Options:

A.

A buffer overflow was exploited to gain unauthorized access.

B.

The user's account was con-promised, and an attacker changed the login credentials.

C.

An attacker used a pass-the-hash attack to gain access.

D.

An insider threat with username logged in to the account.

Question 74

A report delivered to the Chief Information Security Officer (CISO) shows that some user credentials could be exfiltrated. The report also indicates that users tend to choose the same credentials on different systems and applications. Which of the following policies should the CISO use to prevent someone from using the exfiltrated credentials?

Options:

A.

MFA

B.

Lockout

C.

Time-based logins

D.

Password history

Question 75

A research company discovered that an unauthorized piece of software has been detected on a small number of machines in its lab The researchers collaborate with other machines using port 445 and on the internet using port 443 The unau-thorized software is starting to be seen on additional machines outside of the lab and is making outbound communications using HTTPS and SMS. The security team has been instructed to resolve the issue as quickly as possible while causing minimal disruption to the researchers. Which of the following is the best course Of

action in this scenario?

Options:

A.

Update the host firewalls to block outbound Stv1B.

B.

Place the machines with the unapproved software in containment

C.

Place the unauthorized application in a Bocklist.

D.

Implement a content filter to block the unauthorized software communica-tion,

Question 76

A systems administrator is required to enforce MFA for corporate email account access, relying on the possession factor. Which of the following authentication methods should the systems administrator choose? (Select two).

Options:

A.

passphrase

B.

Time-based one-time password

C.

Facial recognition

D.

Retina scan

E.

Hardware token

F.

Fingerprints

Question 77

Which Of the following vulnerabilities is exploited an attacker Overwrite a reg-ister with a malicious address that changes the execution path?

Options:

A.

VM escape

B.

SQL injection

C.

Buffer overflow

D.

Race condition

Question 78

A company wants to deploy PKI on its internet-facing website The applications that are currently deployed are

• www company.com (mam website)

• contact us company com (for locating a nearby location)

• quotes company.com (for requesting a price quote)

The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store company com Which of the following certificate types would best meet the requirements?

Options:

A.

SAN

B.

Wildcard

C.

Extended validation

D.

Self-signed

Question 79

Which of the following supplies non-repudiation during a forensics investigation?

Options:

A.

Dumping volatile memory contents first

B.

Duplicating a drive with dd

C.

a SHA 2 signature of a drive image

D.

Logging everyone in contact with evidence

E.

Encrypting sensitive data

Question 80

Which of the following would be the best resource for a software developer who is looking to improve secure coding practices for web applications?

Options:

A.

OWASP

B.

Vulnerability scan results

C.

NIST CSF

D.

Third-party libraries

Question 81

A security analyst is concerned about traffic initiated to the dark web from the corporate LAN. Which of the following networks should the analyst monitor?

Options:

A.

SFTP

B.

AIS

C.

Tor

D.

loC

Question 82

A security professional wants to enhance the protection of a critical environment that is Used to store and manage a company's encryption keys. The selected technology should be tamper resistant. Which of the following should the security professional implement to achieve the goal?

Options:

A.

DLP

B.

HSM

C.

CA

D.

FIM

Question 83

A user received an SMS on a mobile phone that asked for bank details. Which of the following social engineering techniques was used in this case?

Options:

A.

SPIM

B.

Vishing

C.

Spear phishing

D.

Smishing

Question 84

A company is auditing the manner in which its European customers’ personal information is handled. Which of the following should the company consult?

Options:

A.

GDPR

B.

ISO

C.

NIST

D.

PCI DSS

Question 85

An organization is repairing damage after an incident. Which Of the following controls is being implemented?

Options:

A.

Detective

B.

Preventive

C.

Corrective

D.

Compensating

Question 86

A company recently suffered a breach in which an attacker was able to access the internal mail servers and directly access several user inboxes. A large number of email messages were later posted online. Which of the following would bast prevent email contents from being released should another breach occur?

Options:

A.

Implement S/MIME to encrypt the emails at rest.

B.

Enable full disk encryption on the mail servers.

C.

Use digital certificates when accessing email via the web.

D.

Configure web traffic to only use TLS-enabled channels.

Question 87

Which Of the following is the best method for ensuring non-repudiation?

Options:

A.

SSO

B.

Digital certificate

C.

Token

D.

SSH key

Question 88

A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

Options:

A.

Testing input validation on the user input fields

B.

Performing code signing on company-developed software

C.

Performing static code analysis on the software

D.

Ensuring secure cookies are used

Question 89

An organization is building a new headquarters and has placed fake cameras around the building in an attempt to discourage potential intruders. Which of the following kinds of controls describes this security method?

Options:

A.

Detective

B.

Deterrent

C.

Directive

D.

Corrective

Question 90

Which of the following threat actors is most likely to be motivated by ideology?

Options:

A.

Business competitor

B.

Hacktivist

C.

Criminal syndicate

D.

Script kiddie

E.

Disgruntled employee

Question 91

During a recent security assessment, a vulnerability was found in a common OS. The OS vendor was unaware of the issue and promised to release a patch within the next quarter. Which of the following best describes this type of vulnerability?

Options:

A.

Legacy operating system

B.

Weak configuration

C.

Zero day

D.

Supply chain

Question 92

A security analyst receives an alert from the company's S1EM that anomalous activity is coming from a local source IP address of 192 168 34.26 The Chief Information Security Officer asks the analyst to block the originating source Several days later another employee opens an internal ticket stating that vulnerability scans are no longer being performed property. The IP address the employee provides is 192 168.34 26. Which of the following describes this type of alert?

Options:

A.

True positive

B.

True negative

C.

False positive

D.

False negative

Question 93

A network manager is concerned that business may be negatively impacted if the firewall in its data center goes offline. The manager would like to implement a high availability pair to:

Options:

A.

decrease the mean time between failures.

B.

remove the single point of failure.

C.

cut down the mean time to repair

D.

reduce the recovery time objective

Question 94

A security analyst needs to implement security features across smartphones. laptops, and tablets. Which of the following would be the most effective across heterogeneous platforms?

Options:

A.

Enforcing encryption

B.

Deploying GPOs

C.

Removing administrative permissions

D.

Applying MDM software

Question 95

An annual information security assessment has revealed that several OS-level configurations are not in compliance due to outdated hardening standards the company is using. Which of the following would be best to use to update and reconfigure the OS-level security configurations?

Options:

A.

CIS benchmarks

B.

GDPR guidance

C.

Regional regulations

D.

ISO 27001 standards

Question 96

Two organizations are discussing a possible merger Both Organizations Chief Fi-nancial Officers would like to safely share payroll data with each Other to de-termine if the pay scales for different roles are similar at both organizations Which Of the following techniques would be best to protect employee data while allowing the companies to successfully share this information?

Options:

A.

Pseudo-anonymization

B.

Tokenization

C.

Data masking

D.

Encryption

Question 97

Which of the following are common VoIP-associated vulnerabilities? (Select two).

Options:

A.

SPIM

B.

Vishing

C.

VLAN hopping

D.

Phishing

E.

DHCP snooping

F.

Tailgating

Question 98

You are security administrator investigating a potential infection on a network.

Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.

Options:

Question 99

During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the ‘company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user's intranet account? (Select two).

Options:

A.

Federation

B.

Identity proofing

C.

Password complexity

D.

Default password changes

E.

Password manager

F.

Open authentication

Question 100

Which of the following would be used to find the most common web-applicalion vulnerabilities?

Options:

A.

OWASP

B.

MITRE ATT&CK

C.

Cyber Kill Chain

D.

SDLC

Question 101

To reduce and limit software and infrastructure costs the Chief Information Officer has requested to move email services to the cloud. The cloud provider and the organization must have secunty controls to protect sensitive data Which of the following cloud services would best accommodate the request?

Options:

A.

laaS

B.

PaaS

C.

DaaS

D.

SaaS

Question 102

A security analyst is currently addressing an active cyber incident. The analyst has been able to identify affected devices that are running a malicious application with a unique hash. Which of the following is the next step according to the incident response process?

Options:

A.

Recovery

B.

Lessons learned

C.

Containment

D.

Preparation

Question 103

A technician is setting up a new firewall on a network segment to allow web traffic to the internet while hardening the network. After the firewall is configured, users receive errors stating the website could not be located. Which of the following would best correct the issue?

Options:

A.

Setting an explicit deny to all traffic using port 80 instead of 443

B.

Moving the implicit deny from the bottom of the rule set to the top

C.

Configuring the first line in the rule set to allow all traffic

D.

Ensuring that port 53 has been explicitly allowed in the rule set

Question 104

A company wants to build a new website to sell products online. The website wd I host a storefront application that allow visitors to add products to a shopping cart and pay for products using a credit card. which Of the following protocols •would be most secure to implement?

Options:

A.

SSL

B.

SFTP

C.

SNMP

D.

TLS

Question 105

While troubleshooting a firewall configuration, a technician determines that a "deny any" policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable. Which of the following actions would prevent this issue?

Options:

A.

Documenting the new policy in a change request and submitting the request to change management

B.

Testing the policy in a non-production environment before enabling the policy in the production network

C.

Disabling any intrusion prevention signatures on the "deny any" policy prior to enabling the new policy

D.

Including an "allow any" policy above the "deny any" policy

Question 106

An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Select two).

Options:

A.

Application

B.

Authentication

C.

Error

D.

Network

E.

Firewall

F.

System

Question 107

Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).

Options:

A.

Alarm

B.

Signage

C.

Lighting

D.

Access control vestibules

E.

Fencing

F.

Sensors

Question 108

An organization has expanded its operations by opening a remote office. The new office is fully furnished with office resources to support up to 50 employees working on any given day. Which of the following VPN solutions would best support the new office?

Options:

A.

Always-on

B.

Remote access

C.

Site-to-site

D.

Full tunnel

Question 109

A user reports constant lag and performance issues with the wireless network when working at a local coffee shop A security analyst walks the user through an installation of Wireshark and gets a five-minute pcap to analyze. The analyst observes the following output:

Which of the following attacks does the analyst most likely see in this packet capture?

Options:

A.

Session replay

B.

Evil twin

C.

Bluejacking

D.

ARP poisoning

Question 110

A local server recently crashed, and the team is attempting to restore the server from a backup. During the restore process, the team notices the file size of each daily backup is large and will run out of space at the current rate.

The current solution appears to do a full backup every night. Which of the following would use the least amount of storage space for backups?

Options:

A.

A weekly, incremental backup with daily differential backups

B.

A weekly, full backup with daily snapshot backups

C.

A weekly, full backup with daily differential backups

D.

A weekly, full backup with daily incremental backups

Question 111

A security architect is required to deploy to conference rooms some workstations that will allow sensitive data to be displayed on large screens. Due to the nature of the data, it cannot be stored in the conference rooms. The file share is located in a local data center. Which of the following should the security architect recommend to best meet the requirement?

Options:

A.

Fog computing and KVMs

B.

VDI and thin clients

C.

Private cloud and DLP

D.

Full drive encryption and thick clients

Question 112

A cyber security administrator is using iptables as an enterprise firewall. The administrator created some rules, but the network now seems to be unresponsive. All connections are being dropped by the firewall Which of the following would be the best option to remove the rules?

Options:

A.

# iptables -t mangle -X

B.

# iptables -F

C.

# iptables -2

D.

# iptables -P INPUT -j DROP

Question 113

Which of the following automation use cases would best enhance the security posture Of an organi-zation by rapidly updating permissions when employees leave a company Or change job roles inter-nally?

Options:

A.

Provisioning resources

B.

Disabling access

C.

APIs

D.

Escalating permission requests

Question 114

Law enforcement officials sent a company a notification that states electronically stored information and paper documents cannot be destroyed. Which of the following explains this process?

Options:

A.

Data breach notification

B.

Accountability

C.

Legal hold

D.

Chain of custody

Question 115

An attack has occurred against a company.

INSTRUCTIONS

You have been tasked to do the following:

Identify the type of attack that is occurring on the network by clicking on the attacker’s tablet and reviewing the output. (Answer Area 1).

Identify which compensating controls should be implemented on the assets, in order to reduce the effectiveness of future attacks by dragging them to the correct server.

(Answer area 2) All objects will be used, but not all placeholders may be filled. Objects may only be used once.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Select and Place:

Options:

Question 116

Which of the following security concepts should an e-commerce organization apply for protection against erroneous purchases?

Options:

A.

Privacy

B.

Availability

C.

Integrity

D.

Confidentiality

Question 117

Cloud security engineers are planning to allow and deny access to specific features in order to in-crease data security. Which of the following cloud features is the most appropriate to ensure ac-cess is granted properly?

Options:

A.

API integrations

B.

Auditing

C.

Resource policies

D.

Virtual networks

Question 118

An annual information security has revealed that several OS-level configurations are not in compliance due to Outdated hardening standards the company is using Which Of the following would be best to use to update and reconfigure the OS.level security configurations?

Options:

A.

CIS benchmarks

B.

GDPR guidance

C.

Regional regulations

D.

ISO 27001 standards

Question 119

A network engineer is troubleshooting wireless network connectivity issues that were reported by users The issues are occurring only in the section of the building that is closest to the parking lot. Users are intermittently experiencing slow speeds when accessing websites and are unable to connect to network drives. The issues appear to increase when laptop users return to their desks after using their devices in other areas of the building There have also been reports of users being required to enter their credentials on web pages in order to gain access to them Which of the following is the most likely cause of this issue?

Options:

A.

An external access point is engaging in an evil-Twin attack

B.

The signal on the WAP needs to be increased in that section of the building

C.

The certificates have expired on the devices and need to be reinstalled

D.

The users in that section of the building are on a VLAN that is being blocked by the firewall

Question 120

A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption.

Which of the following best describes this step?

Options:

A.

Capacity planning

B.

Redundancy

C.

Geographic dispersion

D.

Tabletop exercise

Question 121

A security engineer is building a file transfer solution to send files to a business partner. The users would like to drop off the files in a specific directory and have the server send the file to the business partner. The connection to the business partner is over the internet and needs to be secure. Which of the following can be used?

Options:

A.

SMIME

B.

LDAPS

C.

SSH

D.

SRTP

Question 122

A company's help desk has received calls about the wireless network being down and users being unable to connect to it The network administrator says all access points are up and running One of the help desk technicians notices the affected users are working in a building near the parking lot. Which of the following is the most likely reason for the outage?

Options:

A.

Someone near the building is jamming the signal

B.

A user has set up a rogue access point near the building

C.

Someone set up an evil twin access point in the affected area.

D.

The APs in the affected area have been unplugged from the network

Question 123

An analyst is working on an email security incident in which the target opened an attachment containing a worm. The analyst wants to Implement mitigation techniques to prevent further spread. Which of the following is the best course of action for the analyst to take?

Options:

A.

Apply a DLP solution.

B.

Implement network segmentation.

C.

Utilize email content filtering.

D.

Isolate the infected attachment.

Question 124

Which Of the following best ensures minimal downtime for organizations vÄh crit-ical computing equipment located in earthquake-prone areas?

Options:

A.

Generators and UPS

B.

Off-site replication

C.

Additional warm site

D.

Local

Question 125

A security administrator needs to inspect in-transit files on the enterprise network to search for PI I credit card data, and classification words Which of the following would be the best to use?

Options:

A.

IDS solution

B.

EDR solution

C.

HIPS software solution

D.

Network DLP solution

Question 126

An audit report indicates multiple suspicious attempts to access company resources were made. These attempts were not detected by the company. Which of the following would be the best solution to implement on the company's network?

Options:

A.

Intrusion prevention system

B.

Proxy server

C.

Jump server

D.

Security zones

Question 127

A network penetration tester has successfully gained access to a target machine. Which of the following should the penetration tester do next?

Options:

A.

Clear the log files of all evidence

B.

Move laterally to another machine.

C.

Establish persistence for future use.

D.

Exploit a zero-day vulnerability.

Question 128

Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.

INSTRUCTIONS

Not all attacks and remediation actions will be used.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Question 129

During a recent penetration test, a tester plugged a laptop into an Ethernet port in an unoccupied conference room and obtained a valid IP address. Which of the following would have best prevented this avenue of attack?

Options:

A.

Enabling MAC address filtering

B.

Moving printers inside a firewall

C.

Implementing 802.IX

D.

Using network port security

Question 130

An engineer is setting up a VDI environment for a factory location, and the business wants to deploy a low-cost solution to enable users on the shop floor to log in to the VDI environment directly. Which of the following should the engineer select to meet these requirements?

Options:

A.

Laptops

B.

Containers

C.

Thin clients

D.

Workstations

Question 131

A security administrator recently reset local passwords and the following values were recorded in the system:

Which of the following is the security administrator most likely protecting against?

Options:

A.

Account sharing

B.

Weak password complexity

C.

Pass-the-hash attacks

D.

Password compromise

Question 132

A systems administrator is auditing all company servers to ensure they meet the minimum security baseline While auditing a Linux server the systems administrator observes the /etc/ahadow file has permissions beyond the baseline recommendation. Which of the following commands should the systems administrator use to resolve this issue?

Options:

A.

chmod

B.

grep

C.

dd

D.

passwd

Question 133

The concept of connecting a user account across the systems of multiple enterprises is best known as:

Options:

A.

federation

B.

a remote access policy.

C.

multifactor authentication

D.

single sign-on.

Question 134

A security analyst needs to centrally manage credentials and permissions to the company's network devices. The following security requirements must be met:

• All actions performed by the network staff must be logged.

• Per-command permissions must be possible.

• The authentication server and the devices must communicate through TCP.

Which of the following authentication protocols should the analyst choose?

Options:

A.

Kerberos

B.

CHAP

C.

TACACS+

D.

RADIUS

Question 135

A dynamic application vulnerability scan identified that code injection could be performed using a web form. Which of the following will be the best remediation to prevent this vulnerability?

Options:

A.

Implement input validations

B.

Deploy UFA

C.

Utilize a WAF

D.

Conjure HIPS

Question 136

Developers are writing code and merging it into shared repositories several times a day. where it is tested automatically. Which of the following concepts does this best represent?

Options:

A.

Functional testing

B.

Stored procedures

C.

Elasticity

D.

Continuous Integration

Question 137

Which of the following is a reason why a forensic specialist would create a plan to preserve data after an incident and prioritize the sequence for performing forensic analysis?

Options:

A.

Order of volatility

B.

Preservation of event logs

C.

Chain of custody

D.

Compliance with legal hold

Question 138

A security engineer is implementing FDE for all laptops in an organization. Which of the following are the most important for the engineer to consider as part of the planning process? (Select two).

Options:

A.

Key escrow

B.

TPM presence

C.

Digital signatures

D.

Data tokenization

E.

Public key management

F.

Certificate authority linking

Question 139

A company's legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?

Options:

A.

Data masking

B.

Encryption

C.

Geolocation policy

D.

Data sovereignty regulation

Question 140

A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks. Which of the following analysis elements did the company most likely use in making this decision?

A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks. Which of the following analysis elements did the company most likely use in making this decision?

Options:

A.

MTTR

B.

RTO

C.

ARO

D.

MTBF

Question 141

A Chief Security Officer (CSO) is concerned that cloud-based services are not adequately protected from advanced threats and malware. The CSO believes there is a high risk that a data breach could occur in the near future due to the lack of detective and preventive controls Which of the following should be implemented to best address the CSO's concerns? (Select two).

Options:

A.

AWAF

B.

A CASB

C.

An NG-SWG

D.

Segmentation

E.

Encryption

F.

Containenzation

Question 142

Which of the following exercises should an organization use to improve its incident response process?

Options:

A.

Tabletop

B.

Replication

C.

Failover

D.

Recovery

Question 143

Which of the following does an air-gapped system provide?

Options:

A.

Security through physical disconnection

B.

Security through obscurity

C.

Users with mobility

D.

Security through logical isolation

Question 144

Which of the following requirements apply to a CYOD policy? (Select two).

Options:

A.

The company should support only one model of phone.

B.

The user can request to customize the device.

C.

The company retains ownership of the phone.

D.

The end users can supply their own personal devices.

E.

Personal applications cannot be loaded on the phone.

F.

Employee-owned devices must run antivirus.

Question 145

A security analyst is reviewing SIEM logs during an ongoing attack and notices the following:

http://company.com/get php? f=/etc/passwd

http://company.com/..%2F. .42F..42F.. $2Fetct2Fshadow

http: //company.com/../../../ ../etc/passwd

Which of the following best describes the type of attack?

Options:

A.

SQLi

B.

CSRF

C.

API attacks

D.

Directory traversal

Question 146

A external forensics investigator has been hired to investigate a data breach at a large enterprise with numerous assets. It is known that the breach started in the perimeter network and moved to the sensitive information, generating multiple logs as the attacker traversed through the network. Which of the following will best assist with this investigation?

Options:

A.

Perform a vulnerability scan to identify the weak spots.

B.

Use a packet analyzer to investigate the NetFlow traffic.

C.

Check the SIEM to review the correlated logs.

D.

Require access to the routers to view current sessions

Question 147

An organization relies on third-party videoconferencing to conduct daily business. Recent security changes now require all remote workers to utilize a VPN to corporate resources Which of the following would best maintain high-quality videoconferencing while minimizing latency when connected to the VPN?

Options:

A.

Using geographic diversity lo have VPN terminators closer to end users

B.

Utilizing split tunneling so only traffic for corporate resources is encrypted

C.

Purchasing higher bandwidth connections to meet the increased demand

D.

Configuring OoS properly on the VPN accelerators

Question 148

An organization is concerned that its hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities?

Options:

A.

hping3 -S comptia.org -p 80

B.

nc -1 -v comptia.org -p 80

C.

nmap comptia.org -p 80 -sV

D.

nslookup -port=80 comptia.org

Question 149

Adding a value to the end of a password to create a different password hash is called:

Options:

A.

salting.

B.

key stretching.

C.

steganography.

D.

MD5 checksum.

Question 150

A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?

Options:

A.

A worm is propagating across the network.

B.

Data is being exfiltrated.

C.

A logic bomb is deleting data.

D.

Ransomware is encrypting files.

Question 151

A security analyst discovers several jpg photos from a cellular phone during a forensics investigation involving a compromised system The analyst runs a forensics tool to gather file metadata Which of the following would be part of the images if all the metadata is still intact?

Options:

A.

The GSS location

B.

When the file was deleted

C.

The total number of print jobs

D.

The number of copies made

Question 152

A Chief Executive Officer's (CEO) personal information was stolen in a social-engineering attack. Which of the following sources would reveal if the CEO's personal information is for sale?

Options:

A.

Automated information sharing

B.

Open-source intelligence

C.

The dark web

D.

Vulnerability databases

Question 153

An organization is building backup server rooms in geographically diverse locations. The Chief Information Secure implemented a requirement on the project that states the new hardware cannot be susceptible to the same vulned existing server room. Which of the following should the systems engineer consider?

Options:

A.

Purchasing hardware from different vendors

B.

Migrating workloads to public cloud infrastructure

C.

Implementing a robust patch management solution

D.

Designing new detective security controls

Question 154

Server administrators want to configure a cloud solution so that computing memory and processor usage are maximized most efficiently across a number of virtual servers. They also need to avoid potential denial-of-service situations caused by availability. Which of the following should administrators configure to maximize system availability while efficiently utilizing available computing power?

Options:

A.

Dynamic resource allocation

B.

High availability

C.

Segmentation

D.

Container security

Question 155

An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out?

Options:

A.

Compromise

B.

Retention

C.

Analysis

D.

Transfer

E.

Inventory

Question 156

An organization purchased and configured spare devices for all critical network infrastructure. Which of the following best describes the organization's reason for these actions?

Options:

A.

Software-defined networking

B.

Scalability

C.

High availability

D.

Decentralization

Question 157

A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task?

Options:

A.

Off-the-shelf software

B.

Orchestration

C.

Baseline

D.

Policy enforcement

Question 158

A security analyst is investigating a malware incident at a company The malware is accessing a command-and-control website at www.comptia.com . All outbound internet traffic is logged to a syslog server and stored in /logfiles/messages Which of the following commands would be best for the analyst to use on the syslog server to search for recent traffic to the command-and-control website?

Options:

A.

head -500 www. compt ia.com | grep /logfiles/messages

B.

cat /logfiles/messages I tail -500 www.comptia.com

C.

tail -500 /logfiles/messages I grep www.cornptia.com

D.

grep -500 /logfiles/messages I cat www.comptia.cctn

Question 159

An employee finds a USB flash drive labeled "Salary Info" in an office parking lot. The employee picks up the USB flash drive, goes into the office, and plugs it into a laptop. Later, a technician inspects the laptop and realizes it has been compromised by malware. Which of the following types of social engineering attacks has occurred?

Options:

A.

Smishing

B.

Baiting

C.

Tailgating

D.

Pretexting

Question 160

The most recent vulnerability scan flagged the domain controller with a critical vulnerability. The systems administrator researched the vulnerability and discovered the domain controller

does not run the associated application with the vulnerability. Which of the following steps should the administrator take next?

Options:

A.

Ensure the scan engine is configured correctly.

B.

Apply a patch to the domain controller.

C.

Research the CVE.

D.

Document this as a false positive.

Question 161

A software company adopted the following processes before releasing software to production

• Peer review

• Static code scanning

• Signing

A considerable number of vulnerabilities are still being detected when code is executed on production Which of the following security tools can improve vulnerability detection on this environment?

Options:

A.

File integrity monitoring for the source code

B.

Dynamic code analysis tool

C.

Encrypted code repository

D.

Endpoint detection and response solution

Question 162

The IT department's on-site developer has been with the team for many years. Each lime an application is released; the security team is able to identify multiple vulnerabilities Which of the Mowing would best help the team ensure the application is ready to be released to production?

Options:

A.

Limit the use of third-party libraries.

B.

Prevent data exposure queries.

C.

Obfuscate the source code

D.

Submit the application to OA before releasing it.

Question 163

The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, including during a pandemic or crisis. However, the CEO is concerned that

some staff members may take advantage of the flexibility and work from high-risk countries while on holiday or outsource work to a third-party organization in another country. The Chief Information Officer believes the company

can implement some basic controls to mitigate the majority of the risk. Which of the following would be best to mitigate the CEO's concerns? (Select two).

Options:

A.

Geolocation

B.

Time-of-day restrictions

C.

Certificates

D.

Tokens

E.

Geotagging

F.

Role-based access controls

Question 164

During an incident, an EDR system detects an increase in the number of encrypted outbound connections from multiple hosts. A firewall is also reporting an increase in outbound connections that use random high ports. An

analyst plans to review the correlated logs to find the source of the incident. Which of the following tools will best assist the analyst?

Options:

A.

A vulnerability scanner

B.

A NGFW

C.

The Windows Event Viewer

D.

A SIEM

Question 165

A privileged user at a company stole several proprietary documents from a server. The user also went into the log files and deleted all records of the incident The systems administrator has just informed investigators that other log files are available for review Which of the following did the administrator most likely configure that will assist the investigators?

Options:

A.

Memory dumps

B.

The syslog server

C.

The application logs

D.

The log retention policy

Question 166

Which of the following test helps to demonstrate integrity during a forensics investigation?

Options:

A.

Event logs

B.

Encryption

C.

Hashing

D.

Snapshots

Question 167

A company needs to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary. Which of the following methods is most secure?

Options:

A.

Implementing a bastion host

B.

Deploying a perimeter network

C.

Installing a WAF

D.

Utilizing single sign-on

Question 168

A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logon attempts to access the departed executive's accounts. Which of the following security practices would have addressed the issue?

Options:

A.

A non-disclosure agreement

B.

Least privilege

C.

An acceptable use policy

D.

Off boarding

Question 169

A security analyst reviews web server logs and notices the following lines:

104.35.45.53 - - [22/May/2020:06:57:31 +0100] "GET /show_file.php file=%2e%2e%2f%2e%2e%2fetc%2fpasswd HTTP/1.1" 200 11705

"http://www.example.com/downloadreport.php "

104.35.45.53 -- [22/May/2020:07:00:58 +0100] "GET /show_file.php

file=%2e%2e%2f%2e%2e%2fetc%2fsudoers HTTP/1.1" 200 23713

"http://www.example.com/downloadreport.php "

Which of the following vulnerabilities has the attacker exploited? (Select TWO).

Options:

A.

Race condition

B.

LFI

C.

Pass the hash

D.

XSS

E.

RFI

F.

Directory traversal

Question 170

A malicious actor compromised an entire cluster by exploiting a zero-day vulnerability in a unique container. The malicious actor then engaged in a lateral movement and compromised other containers and the host system. Which of the following container security practices has the GREATEST chance of preventing this attack from reoccurring?

Options:

A.

Deploying an IPS with updated signatures in line with the container cluster

B.

Implementing automatic scalability for containers exposed to the internet

C.

Updating the environment by using images with the tag: latest

D.

Executing containers using unprivileged credentials

Question 171

Which of the following examples would be best mitigated by input sanitization?

Options:

A.

B.

nmap -p- 10.11.1.130

C.

Email message: "Click this link to get your free gift card."

D.

Browser message: "Your connection is not private

Question 172

A company is working with a vendor to perform a penetration test. Which of the following includes an estimate about the number of hours required to complete the engagement?

Options:

A.

SOW

B.

BPA

C.

SLA

D.

NDA

Question 173

Which of the following holds staff accountable while escorting unauthorized personnel?

Options:

A.

Locks

B.

Badges

C.

Cameras

D.

Visitor logs

Question 174

Which of the following components can be used to consolidate and forward inbound internet traffic to multiple cloud environments though a single firewall?

Options:

A.

Transit gateway

B.

Cloud hot site

C.

Edge computing

D.

DNS sinkhole

Question 175

An incident analyst finds several image files on a hard disk. The image files may contain geolocation coordinates. Which of the following best describes the type of information the analyst is trying to extract from the image files?

Options:

A.

Log data

B.

Metadata

C.

Encrypted data

D.

Sensitive data

Question 176

A security analyst wants to fingerprint a web server. Which of the following tools will the security analyst MOST likely use to accomplish this task?

Options:

A.

nmap -pl-65535 192.168.0.10

B.

dig 192.168.0.10

C.

curl —head http://192.168-0.10

D.

ping 192.168.0.10

Question 177

Several users have opened tickets with the help desk. The help desk has reassigned the tickets to a security analyst for further review. The security analyst reviews the following metrics:

Which of the following is most likely the result of the security analyst's review?

Options:

A.

The ISP is dropping outbound connections.

B.

The user of the Sales-PC fell for a phishing attack.

C.

Corporate PCs have been turned into a botnet.

D.

An on-path attack is taking place between PCs and the router.

Question 178

Several universities are participating in a collaborative research project and need to share compute and storage resources. Which of the following cloud deployment strategies would best meet this need?

Options:

A.

Community

B.

Private

C.

Public

D.

Hybrid

Question 179

An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10 50 10.25

Which of the following firewall ACLs will accomplish this goal?

Options:

A.

Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port S3

Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port S3

B.

Access list outbound permit 0.0.0.0/0 10.50.10.2S/32 port S3

Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

C.

Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53

Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53

D.

Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port S3

Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port S3

Question 180

The manager who is responsible for a data set has asked a security engineer to apply encryption to the data on a hard disk. The security engineer is an example of a:

Options:

A.

data controller

B.

data owner.

C.

data custodian.

D.

data processor

Question 181

An organization is concerned that ils hosted web servers are not running the most updated version of the software. Which of the following would work best to help identify potential vulnerabilities?

Options:

A.

hping3 -S compcia.org -p 80

B.

nc -1 -v comptia.crg -p 80

C.

nmap comptia.org -p 80 -sv

D.

nslookup -port«80 comptia.org

Question 182

A company located in an area prone to hurricanes is developing a disaster recovery plan and looking at site considerations that allow the company to quickly continue operations. Which of the following is the best type of site for this company?

Options:

A.

Cold

B.

Tertiary

C.

Warm

D.

Hot

Question 183

Which of the following strategies shifts risks that are not covered in an organization's risk strategy?

Options:

A.

Risk transference

B.

Risk avoidance

C.

Risk mitigation

D.

Risk acceptance

Question 184

A threat actor used a sophisticated attack to breach a well-known ride-sharing. company. The threat actor posted on social media that this action was in response to the company's treatment of its drivers Which of the following best describes tm type of throat actor?

Options:

A.

Nation-slate

B.

Hacktivist

C.

Organized crime

D.

Shadow IT

Question 185

Which of the following describes the ability of code to target a hypervisor from inside a guest OS?

Options:

A.

Fog computing

B.

VM escape

C.

Software-defined networking

D.

Image forgery

E.

Container breakout

Question 186

Which of the following has the ability to physically verify individuals who enter and exit a restricted area?

Options:

A.

Barricade

B.

Access control vestibule

C.

Access log

D.

Gait analysis

Question 187

While checking logs, a security engineer notices a number of end users suddenly downloading files with the.tar.gz extension-Closer examination of the files reveals they are PE32 files. The end users state they did not initiate any of the downloads. Further investigation reveals the end users all clicked on an external email containing an infected MHT file with an href link a week prior. Which of the following is MOST likely occurring?

Options:

A.

A RAT was installed and is transferring additional exploit tools.

B.

The workstations are beaconing to a command-and-control server.

C.

A logic bomb was executed and is responsible for the data transfers

D.

A fileless virus is spreading in the local network environment.

Question 188

A security engineer needs to recommend a solution to defend against malicious actors misusing protocols and being allowed through network defenses. Which of the following will the engineer most likely recommended?

Options:

A.

A content filter

B.

AWAF

C.

A next-generation firewall

D.

An IDS

Question 189

A user is attempting to navigate to a website from inside the company network using a desktop. When the user types in the URL, https://www.site.com, the user is presented with a certificate mismatch warning from the browser. The user does not receive a warning when visiting http://www.anothersite.com. Which of the following BEST describes this attack?

Options:

A.

On-path

B.

Domain hijacking

C.

DNS poisoning

D.

Evil twin

Question 190

Which of the following is an administrative control that would be most effective to reduce the occurrence of malware execution?

Options:

A.

Security awareness training

B.

Frequency of NIDS updates

C.

Change control procedures

D.

EDR reporting cycle

Question 191

A security architect at a large, multinational organization is concerned about the complexities and overhead of managing multiple encryption keys securely in a multicioud provider

environment. The security architect is looking for a solution with reduced latency to allow the incorporation of the organization's existing keys and to maintain consistent, centralized control

and management regardless of the data location. Which of the following would best meet the architect's objectives?

Options:

A.

Trusted Platform Module

B.

laaS

C.

HSMaas

D.

PaaS

Question 192

A security analyst discovers that a large number of employee credentials had been stolen and were being sold on the dark web. The analyst investigates and discovers that some hourly employee credentials were compromised, but salaried employee credentials were not affected.

Most employees clocked in and out while they were inside the building using one of the kiosks connected to the network. However, some clocked out and recorded their time after leaving to go home. Only those who clocked in and out while inside the building had credentials stolen. Each of the kiosks are on different floors, and there are multiple routers, since the business segments environments for certain business functions.

Hourly employees are required to use a website called acmetimekeeping.com to clock in and out. This website is accessible from the internet. Which of the following is the most likely reason for this compromise?

Options:

A.

A brute-force attack was used against the time-keeping website to scan for common passwords.

B.

A malicious actor compromised the time-keeping website with malicious code using an unpatched vulnerability on the site, stealing the credentials.

C.

The internal DNS servers were poisoned and were redirecting acmetimekeeping.com to a malicious domain that intercepted the credentials and then passed them through to the real site.

D.

ARP poisoning affected the machines in the building and caused the kiosks to send a copy of all the submitted credentials to a malicious machine.

Question 193

A company is focused on reducing risks from removable media threats. Due to certain primary applications, removable media cannot be entirely prohibited at this time. Which of the following best describes the company's approach?

Options:

A.

Compensating controls

B.

Directive control

C.

Mitigating controls

D.

Physical security controls

Question 194

Which of the following procedures would be performed after the root cause of a security incident has been identified to help avoid future incidents from occurring?

Options:

A.

Walk-throughs

B.

Lessons learned

C.

Attack framework alignment

D.

Containment

Question 195

An engineer is using scripting to deploy a network in a cloud environment. Which the following describes this scenario?

Options:

A.

SDLC

B.

VLAN

C.

SDN

D.

SDV

Question 196

Which of the following should customers who are involved with Ul developer agreements be concerned with when considering the use of these products on highly sensitive projects?

Options:

A.

Weak configurations

B.

Integration activities

C.

Unsecure user accounts

D.

Outsourced code development

Question 197

Several users have been violating corporate security policy by accessing inappropriate Sites on corporate-issued mobile devices while off campus. The senior leadership team wants all mobile devices to be hardened with controls that:

  • Limit the sites that can be accessed

  • Only allow access to internal resources while physically on campus.

  • Restrict employees from downloading images from company email

Whip of the following controls would best address this situation? (Select two).

Options:

A.

MFA

B.

GPS tagging

C.

Biometric authentication

D.

Content management

E.

Geofencing

F.

Screen lock and PIN requirements

Question 198

A security engineer learns that a non-critical application was compromised. The most recent version of the application includes a malicious reverse proxy while the application is running. Which of the following should the engineer is to quickly contain the incident with the least amount of impact?

Options:

A.

Configure firewall rules to block malicious inbound access.

B.

Manually uninstall the update that contains the backdoor.

C.

Add the application hash to the organization's blocklist.

D.

Tum off all computers that have the application installed.

Question 199

During a recent cybersecurity audit, the auditors pointed out various types of vulnerabilities in the production area. The production area hardware runs applications that are critical to production Which of the following describes what the company should do first to lower the risk to the

Production the hardware.

Options:

A.

Back up the hardware.

B.

Apply patches.

C.

Install an antivirus solution.

D.

Add a banner page to the hardware.

Question 200

The application development team is in the final stages of developing a new healthcare application. The team has requested copies of current PHI records to perform the final testing.

Which of the following would be the best way to safeguard this information without impeding the testing process?

Options:

A.

Implementing a content filter

B.

Anonymizing the data

C.

Deploying DLP tools

D.

Installing a FIM on the application server

Question 201

Which of the following social engineering attacks best describes an email that is primarily intended to mislead recipients into forwarding the email to others?

Options:

A.

Hoaxing

B.

Pharming

C.

Watering-hole

D.

Phishing

Question 202

An email security vendor recently added a retroactive alert after discovering a phishing email had already been delivered to an inbox. Which of the following would be the best way for the security administrator to address this type of alert in the future?

Options:

A.

Utilize a SOAR playbook to remove the phishing message.

B.

Manually remove the phishing emails when alerts arrive.

C.

Delay all emails until the retroactive alerts are received.

D.

Ingest the alerts into a SIEM to correlate with delivered messages.

Question 203

A small, local company experienced a ransomware attack. The company has one web-facing server and a few workstations. Everything is behind an ISP firewall. A single web-facing server

is set up on the router to forward all ports so that the server is viewable from the internet. The company uses an older version of third-party software to manage the website. The assets

were never patched. Which of the following should be done to prevent an attack like this from happening again? (Select three).

Options:

A.

Install DLP software to prevent data loss.

B.

Use the latest version of software.

C.

Install a SIEM device.

D.

Implement MDM.

E.

Implement a screened subnet for the web server.

F.

Install an endpoint security solution.

G.

Update the website certificate and revoke the existing ones.

Question 204

A company is developing a new initiative to reduce insider threats. Which of the following should the company focus on to make the greatest impact?

Options:

A.

Social media analysis

B.

Least privilege

C.

Nondisclosure agreements

D.

Mandatory vacation

Question 205

Which of the following can be used by an authentication application to validate a user's credentials without the need to store the actual sensitive data? 

Options:

A.

Salt string

B.

Private Key

C.

Password hash

D.

Cipher stream

Question 206

A security administrator Is managing administrative access to sensitive systems with the following requirements:

• Common login accounts must not be used (or administrative duties.

• Administrative accounts must be temporal in nature.

• Each administrative account must be assigned to one specific user.

• Accounts must have complex passwords.

• Audit trails and logging must be enabled on all systems.

Which of the following solutions should the administrator deploy to meet these requirements?

Options:

A.

ABAC

B.

SAML

C.

PAM

D.

CASB

Question 207

Which of the following security design features can an development team to analyze the deletion eoting Of data sets the copy?

Options:

A.

Stored procedures

B.

Code reuse

C.

Version control

D.

Continunus

Question 208

A digital forensics team at a large company is investigating a case in which malicious code was downloaded over an HTTPS connection and was running in memory, but was never committed to disk. Which of the following techniques should the team use to obtain a sample of the malware binary?

Options:

A.

pcap reassembly

B.

SSD snapshot

C.

Image volatile memory

D.

Extract from checksums

Question 209

A candidate attempts to go to but accidentally visits http://comptiia.org. The malicious website looks exactly like the legitimate website. Which of the following best describes this type of attack?

Options:

A.

Reconnaissance

B.

Impersonation

C.

Typosquatting

D.

Watering-hole

Question 210

A security administrator is seeking a solution to prevent unauthorized access to the internal network. Which of the following security solutions should the administrator choose?

Options:

A.

MAC filtering

B.

Anti-malware

C.

Translation gateway

D.

VPN

Question 211

A security manager is attempting to meet multiple security objectives in the next fiscal year. The security manager has proposed the purchase of the following four items:

Vendor A:

1- Firewall

1-12 switch

Vendor B:

1- Firewall

1-12 switch

Which of the following security objectives is the security manager attempting to meet? (Select two).

Options:

A.

Simplified patch management

B.

Scalability

C.

Zero-day attack tolerance

D.

Multipath

E.

Replication

F.

Redundancy

Question 212

While performing a threat-hunting exercise, a security analyst sees some unusual behavior occurring in an application when a user changes the display name. The security analyst decides to perform a static code analysis and receives the following pseudocode:

Which of the following attack types best describes the root cause of the unusual behavior?

Options:

A.

Server-side request forgery

B.

Improper error handling

C.

Buffer overflow

D.

SQL injection

Question 213

A security administrator would like to ensure all cloud servers will have software preinstalled for facilitating vulnerability scanning and continuous monitoring. Which of the following concepts should the administrator utilize?

Options:

A.

Provisioning

B.

Staging

C.

Development

D.

Quality assurance

Question 214

A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the companVs mobile

application. After reviewing the back-end server logs, the security analyst finds the following entries

Which of the following is the most likely cause of the security control bypass?

Options:

A.

IP address allow list

B.

user-agent spoofing

C.

WAF bypass

D.

Referrer manipulation

Question 215

A security engineer is concerned the strategy for detection on endpoints is too heavily dependent on previously defined attacks. The engineer wants a tool that can monitor for changes to key files and network traffic for the device. Which of the following tools should the engineer select?

Options:

A.

HIDS

B.

AV

C.

NGF-W

D.

DLP

Question 216

Which of the following is a security implication of newer 1CS devices that are becoming more common in corporations?

Options:

A.

Devices with celular communication capabilities bypass traditional network security controls

B.

Many devices do not support elliptic-curve encryption algorithms due to the overhead they require.

C.

These devices often lade privacy controls and do not meet newer compliance regulations

D.

Unauthorized voice and audio recording can cause loss of intellectual property

Question 217

Security analysts have noticed the network becomes flooded with malicious packets at specific times of the day. Which of the following should the analysts use to investigate this issue?

Options:

A.

Web metadata

B.

Bandwidth monitors

C.

System files

D.

Correlation dashboards

Question 218

Physical access to the organization's servers in the data center requires entry and exit through multiple access points: a lobby, an access control vestibule, three doors leading to the server floor itself and eventually to a caged area solely for the organization's hardware. Which of the following controls is described in this scenario?

Options:

A.

Compensating

B.

Deterrent

C.

Preventive

D.

Detective

Question 219

Which of the following would be best to ensure data is saved to a location on a server, is easily scaled, and is centrally monitored?

Options:

A.

 Edge computing

B.

Microservices

C.

Containers

D.

Thin client

Question 220

A security analyst is investigating network issues between a workstation and a company server. The workstation and server occasionally experience service disruptions, and employees are forced to

reconnect to the server. In addition, some reports indicate sensitive information is being leaked from the server to the public.

The workstation IP address is 192.168.1.103, and the server IP address is 192.168.1.101.

The analyst runs arp -a On a separate workstation and obtains the following results:

Which of the following is most likely occurring?

Options:

A.

Evil twin attack

B.

Domain hijacking attack

C.

On-path attack

D.

MAC flooding attack

Question 221

A security administrator performs weekly vulnerability scans on all cloud assets and provides a detailed report. Which of the following describes the administrator's activities?

Options:

A.

Continuous deployment

B.

Continuous integration

C.

Continuous validation

D.

Continuous monitoring

Question 222

A new security engineer has started hardening systems. One o( the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability lo use SCP to transfer files to the NAS, even though the data is still viewable from the users' PCs. Which of the following is the MOST likely cause of this issue?

Options:

A.

TFTP was disabled on the local hosts.

B.

SSH was turned off instead of modifying the configuration file.

C.

Remote login was disabled in the networkd.conf instead of using the sshd. conf.

D.

Network services are no longer running on the NAS

Question 223

A major manufacturing company updated its internal infrastructure and just started to allow OAuth application to access corporate data Data leakage is being reported Which of following most likely caused the issue?

Options:

A.

Privilege creep

B.

Unmodified default

C.

TLS

D.

Improper patch management

Question 224

A network administrator needs to determine the sequence of a server farm's logs. Which of the following should the administrator consider? (Select two).

Options:

A.

Chain of custody

B.

Tags

C.

Reports

D.

Time stamps

E.

Hash values

F.

Time offset

Question 225

A company recently implemented a patch management policy; however, vulnerability scanners have still been flagging several hosts, even after the completion of the patch process. Which of the following is the most likely cause of the issue?

Options:

A.

The vendor firmware lacks support.

B.

Zero-day vulnerabilities are being discovered.

C.

Third-party applications are not being patched.

D.

Code development is being outsourced.

Question 226

A company wants to enable BYOD for checking email and reviewing documents. Many of the documents contain sensitive organizational information. Which of the following should be deployed first before allowing the use of personal devices to access company data?

Options:

A.

MDM

B.

RFID

C.

DLR

D.

SIEM

Question 227

A security team is providing input on the design of a secondary data center that has the following requirements:+ Anatural disaster at the primary site should not affect the secondary site. The secondary site should have the capability for failover during traffic surge situations.+ The secondary site must meet the same physical security requirements as the primary site. The secondary site must provide protection against power surges and outages.

Which of the following should the security team recommend? (Select two).

Options:

A.

 Coniguring replication of the web servers at the primary site to offline storage

B.

 Constructing the secondary site in a geographically disperse location

C.

 Deploying load balancers at the primary site

D.

 Installing generators

E.

 Using differential backups at the secondary site

F.

 Implementing hot and cold aisles at the secondary site

Question 228

A network security manager wants to implement periodic events that will test the security team's preparedness for incidents in a controlled and scripted manner, Which of the following concepts describes this scenario?

Options:

A.

Red-team exercise

B.

Business continuity plan testing

C.

Tabletop exercise

D.

Functional exercise

Question 229

An organization has been experiencing outages during holiday sales and needs to ensure availability of its point-of-sales systems. The IT administrator has been asked to improve both server-data fault tolerance and site availability under high consumer load. Which of the following are the best options to accomplish this objective? (Select two.)

Options:

A.

Load balancing

B.

Incremental backups

C.

UPS

D.

RAID

E.

Dual power supply

F.

VLAN

Question 230

Which ol the following is required in order (or an IDS and a WAF to be effective on HTTPS traffic?

Options:

A.

Hashing

B.

DNS sinkhole

C.

TLS inspection

D.

Data masking

Question 231

A software developer used open-source libraries to streamline development. Which of the following is the greatest risk when using this approach?

Options:

A.

Unsecure root accounts

B.

Lack of vendor support

C.

Password complexity

D.

Default settings

Question 232

A security team discovered a large number of company-issued devices with non-work-related software installed. Which of the following policies would most likely contain language that would prohibit this activity?

Options:

A.

NDA

B.

BPA

C.

AUP

D.

SLA

Question 233

A security operations technician is searching the log named /vax/messages for any events that were associated with a workstation with the IP address 10.1.1.1. Which of the following would provide this information?

Options:

A.

cat /var/messages | grep 10.1.1.1

B.

grep 10.1.1.1 | cat /var/messages

C.

grep /var/messages | cat 10.1.1.1

D.

cat 10.1.1.1 | grep /var/messages

Question 234

A data owner has been tasked with assigning proper data classifications and destruction methods for various types of data contained within the environment.

Options:

Question 235

A security team is engaging a third-party vendor to do a penetration test of a new proprietary application prior to its release. Which of the following documents would the third-party vendor

most likely be required to review and sign?

Options:

A.

SLA

B.

NDA

C.

MOU

D.

AUP

Question 236

An organization's Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained Which of the following roles would MOST likely include these responsibilities?

Options:

A.

Data protection officer

B.

Data owner

C.

Backup administrator

D.

Data custodian

E.

Internal auditor

Question 237

An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled. Which of the following can be

used to accomplish this task?

Options:

A.

Application allow list

B.

Load balancer

C.

Host-based firewall

D.

VPN

Question 238

Which of the following processes would most likely help an organization that has conducted an incident response exercise to improve performance and identify challenges?

Options:

A.

Lessons learned

B.

Identification

C.

Simulation

D.

Containment

Question 239

Which of Ihe following control types is patch management classified under?

Options:

A.

Deterrent

B.

Physical

C.

Corrective

D.

Detective

Question 240

An IT manager is estimating the mobile device budget for the upcoming year. Over the last five years, the number of devices that were replaced due to loss, damage, or theft steadily increased by 10%. Which of the following would best describe the estimated number of devices to be replaced next year?

Options:

A.

SLA

B.

ARO

C.

RPO

D.

SLE

Question 241

A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator most likely use to confirm the suspicions?

Options:

A.

Nmap

B.

Wireshark

C.

Autopsy

D.

DNSEnum

Question 242

A user's laptop constantly disconnects from the Wi-Fi network. Once the laptop reconnects, the user can reach the internet but cannot access shared folders or other network resources. Which of the following types of attacks is the user MOST likely experiencing?

Options:

A.

Bluejacking

B.

Jamming

C.

Rogue access point

D.

Evil twin

Question 243

An organization decided not to put controls in place because of the high cost of implementing the controls compared to the cost of a potential fine. Which of the following risk management strategies is the organization following?

Options:

A.

Transference

B.

Avoidance

C.

Mitigation

D.

Acceptance

Question 244

A Chief Information Security Officer (CISO) is evaluating the dangers involved in deploying a new ERP system for the company. The CISO categorizes the system, selects the controls that apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system. Which of the following is the CISO using to evaluate the environment for this new ERP system?

Options:

A.

The Diamond Model of Intrusion Analysis

B.

CIS Critical Security Controls

C.

NIST Risk Management Framework

D.

ISO 27002

Question 245

An attacker is targeting a company. The attacker notices that the company’s employees frequently access a particular website. The attacker decides to infect the website with malware and hopes the employees’ devices will also become infected. Which of the following techniques is the attacker using?

Options:

A.

Watering-hole attack

B.

Pretexting

C.

Typosquatting

D.

Impersonation

Question 246

While reviewing the /etc/shadow file, a security administrator notices files with the same values. Which of the following attacks should the administrator be concerned about?

Options:

A.

Plaintext

B.

Birthdat

C.

Brute-force

D.

Rainbow table

Question 247

A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the company’s mobile application. After reviewing the back-end server logs, the security analyst finds the following entries:

Which of the following is the most likely cause of the security control bypass?

Options:

A.

IP address allow list

B.

User-agent spoofing

C.

WAF bypass

D.

Referrer manipulation

Question 248

Audit logs indicate an administrative account that belongs to a security engineer has been locked out multiple times during the day. The security engineer has been on vacation (or a few days. Which of the following attacks can the account lockout be attributed to?

Options:

A.

Backdoor

B.

Brute-force

C.

Rootkit

D.

Trojan

Question 249

A network architect wants a server to have the ability to retain network availability even if one of the network switches it is connected to goes down. Which of the following should the architect implement on the server to achieve this goal?

Options:

A.

RAID

B.

UPS

C.

NIC teaming

D.

Load balancing

Question 250

Which of the following is a solution that can be used to stop a disgruntled employee from copying confidential data to a USB drive?

Options:

A.

DLP

B.

TLS

C.

AV

D.

IDS

Question 251

A user is trying unsuccessfully to send images via SMS. The user downloaded the images from a corporate email account on a work phone. Which of the following policies is preventing the user from completing this action?

Options:

A.

Application management

B.

Content management

C.

Containerization

D.

Full disk encryption

Question 252

A security administrator is using UDP port 514 to send a syslog through an unsecure network to the SIEM server. Which of the following is the best way for the administrator to improve the process?

Options:

A.

Change the protocol to TCP.

B.

Add LDAP authentication to the SIEM server.

C.

Use a VPN from the internal server to the SIEM and enable DLP.

D.

Add SSL/TLS encryption and use a TCP 6514 port to send logs.

Question 253

A company is concerned about individuals driving a car into the building to gain access. Which of the following security controls would work BEST to prevent this from happening?

Options:

A.

Bollard

B.

Camera

C.

Alarms

D.

Signage

E.

Access control vestibule

Question 254

Which of the following describes business units that purchase and implement scripting software without approval from an organization's technology Support staff?

Options:

A.

Shadow IT

B.

Hacktivist

C.

Insider threat

D.

script kiddie

Question 255

A security analyst is reviewing packet capture data from a compromised host On the In the packet capture. analyst locates packets that contain large of text, Which Of following is most likely installed on compromised host?

Options:

A.

Keylogger

B.

Spyware

C.

Torjan

D.

Ransomware

Question 256

A security administrator is integrating several segments onto a single network. One of the segments, which includes legacy devices, presents a significant amount of risk to the network.

Which of the following would allow users to access to the legacy devices without compromising the security of the entire network?

Options:

A.

NIDS

B.

MAC filtering

C.

Jump server

D.

IPSec

E.

NAT gateway

Question 257

A store receives reports that shoppers’ credit card information is being stolen. Upon further analysis, those same shoppers also withdrew money from an ATM in that store.

The attackers are using the targeted shoppers’ credit card information to make online purchases. Which of the following attacks is the MOST probable cause?

Options:

A.

Identity theft

B.

RFID cloning

C.

Shoulder surfing

D.

Card skimming

Question 258

Which of the following environments utilizes dummy data and is MOST likely to be installed locally on a system that allows code to be assessed directly and modified easily with each build?

Options:

A.

Production

B.

Test

C.

Staging

D.

Development

Question 259

An organization discovered a disgruntled employee exfiltrated a large amount of PII data by uploading files Which of the following controls should the organization consider to mitigate this risk?

Options:

A.

EDR

B.

Firewall

C.

HIPS

D.

DLP

Question 260

Which of the following isa risk that is specifically associated with hesting applications iin the public cloud?

Options:

A.

Unsecured root accounts

B.

Zero day

C.

Shared tenancy

D.

Insider threat

Question 261

A company reduced the area utilized in its datacenter by creating virtual networking through automation and by creating provisioning routes and rules through scripting. Which of the following does this example describe?

Options:

A.

laC

B.

MSSP

C.

Containers

D.

SaaS

Question 262

A Chief Information Security Officer (CISO) is evaluating (he dangers involved in deploying a new ERP system tor the company. The CISO categorizes the system, selects the controls mat apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system Which of the following is the CISO using to evaluate Hie environment for this new ERP system?

Options:

A.

The Diamond Model of Intrusion Analysis

B.

CIS Critical Security Controls

C.

NIST Risk Management Framevtoik

D.

ISO 27002

Question 263

A security manager needs to assess the security posture of one of the organization's vendors. The contract with the vendor does not allow for auditing of the vendor's security controls. Which of (he following should the manager request to complete the assessment?

Options:

A.

A service-level agreement

B.

A business partnership agreement

C.

A SOC 2 Type 2 report

D.

A memorandum of understanding

Question 264

Employees at a company are receiving unsolicited text messages on their corporate cell phones. The unsolicited text messages contain a password reset Link. Which of the attacks is being used to target the company?

Options:

A.

Phishing

B.

Vishing

C.

Smishing

D.

Spam

Question 265

A third party asked a user to share a public key for secure communication. Which of the following file formats should the user choose to share the key?

Options:

A.

.pfx

B.

.csr

C.

.pvk

D.

.cer

Question 266

A cybersecurity administrator needs to implement a Layer 7 security control on a network and block potential attacks. Which of the following can block an attack at Layer 7? (Select TWO).

Options:

A.

HIDS

B.

NIPS

C.

HSM

D.

WAF

E.

NAC

F.

NIDS

G.

Stateless firewall

Question 267

A user reports trouble using a corporate laptop. The laptop freezes and responds slowly when writing documents and the mouse pointer occasional disappears.

The task list shows the following results

Which of the following is MOST likely the issue?

Options:

A.

RAT

B.

PUP

C.

Spyware

D.

Keylogger

Question 268

Which of the following identifies the point in time when an organization will recover data in the event of an outage?

Options:

A.

SLA

B.

RPO

C.

MTBF

D.

ARO

Question 269

As part of the lessons-learned phase, the SOC is tasked with building methods to detect if a previous incident is happening again. Which of the following would allow the security analyst to alert the SOC if an event is reoccurring?

Options:

A.

Creating a playbook within the SOAR

B.

Implementing rules in the NGFW

C.

Updating the DLP hash database

D.

Publishing a new CRL with revoked certificates

Question 270

During a security assessment, a security finds a file with overly permissive permissions. Which of the following tools will allow the analyst to reduce the permission for the existing users and groups and remove the set-user-ID from the file?

Options:

A.

1s

B.

chflags

C.

chmod

D.

lsof

E.

setuid

Question 271

A company's public-facing website, https://www.organization.com, has an IP address of 166.18.75.6. However, over the past hour the SOC has received reports of the site 's homepage displaying incorrect information. A quick nslookup search shows hitps://;www.organization.com is pointing to 151.191.122.115. Which of the following is occurring?

Options:

A.

DoS attack

B.

ARP poisoning

C.

DNS spoofing

D.

NXDOMAIN attack

Question 272

An information security manager for an organization is completing a PCI DSS self-assessment for the first time. which of the is following MOST likely reason for this type of assessment?

Options:

A.

An international expansion project is currently underway.

B.

Outside consultants utilize this tool to measure security maturity.

C.

The organization is expecting to process credit card information.

D.

A government regulator has requested this audit to be completed

Question 273

Which of the following is the MOST secure but LEAST expensive data destruction method for data that is stored on hard drives?

Options:

A.

Pulverizing

B.

Shredding

C.

Incinerating

D.

Degaussing

Question 274

A business is looking for a cloud service provider that offers a la carte services, including cloud backups, VM elasticity, and secure networking. Which of the following cloud service provider types should business engage?

Options:

A.

A laaS

B.

PaaS

C.

XaaS

D.

SaaS

Question 275

An attacker replaces a digitally signed document with another version that goes unnoticed Upon reviewing the document's contents the author notices some additional verbiage that was not originally in the document but cannot validate an integrity issue. Which of the following attacks was used?

Options:

A.

Cryptomalware

B.

Hash substitution

C.

Collision

D.

Phishing

Question 276

After a hardware incident, an unplanned emergency maintenance activity was conducted to rectify the issue. Multiple alerts were generated on the SIEM during this period of time. Which of the following BEST explains what happened?

Options:

A.

The unexpected traffic correlated against multiple rules, generating multiple alerts.

B.

Multiple alerts were generated due to an attack occurring at the same time.

C.

An error in the correlation rules triggered multiple alerts.

D.

The SIEM was unable to correlate the rules, triggering the alerts.

Question 277

A software company is analyzing a process that detects software vulnerabilities at the earliest stage possible. The goal is to scan the source looking for unsecure practices and weaknesses before the application is deployed in a runtime environment. Which of the following would BEST assist the company with this objective?

Options:

A.

Use fuzzing testing

B.

Use a web vulnerability scanner

C.

Use static code analysis

D.

Use a penetration-testing OS

Question 278

A security incident has been resolved Which of the following BEST describes the importance of the final phase of the incident response plan?

Options:

A.

It examines and documents how well the team responded discovers what caused the incident, and determines how the incident can be avoided in the future

B.

It returns the affected systems back into production once systems have been fully patched, data restored and vulnerabilities addressed

C.

It identifies the incident and the scope of the breach how it affects the production environment, and the ingress point

D.

It contains the affected systems and disconnects them from the network, preventing further spread of the attack or breach

Question 279

A systems administrator is considering different backup solutions for the IT infrastructure. The company is looking for a solution that offers the fastest recovery time while also saving the most amount of storage used to maintain the backups. Which of the following recovery solutions would be the BEST option to meet these requirements?

Options:

A.

Snapshot

B.

Differential

C.

Full

D.

Tape

Question 280

A security analyst has been tasked with creating a new WiFi network for the company. The requirements received by the analyst are as follows:

•Must be able to differentiate between users connected to WiFi

•The encryption keys need to change routinely without interrupting the users or forcing reauthentication

•Must be able to integrate with RADIUS

•Must not have any open SSIDs

Which of the following options BEST accommodates these requirements?

Options:

A.

WPA2-Enterprise

B.

WPA3-PSK

C.

802.11n

D.

WPS

Question 281

During a Chief Information Security Officer (CISO) convention to discuss security awareness, the attendees are provided with a network connection to use as a resource. As the convention progresses, one of the attendees starts to notice delays in the connection, and the HIIPS site requests are reverting to HTTP Which of the following BEST describes what is happening?

Options:

A.

Birthday collision on the certificate key

B.

DNS hijacking to reroute traffic

C.

Brute force to the access point

D.

ASSLILS downgrade

Question 282

Which of the following should a technician consider when selecting an encryption method for data that needs to remain confidential for a specific length of time?

Options:

A.

The key length of the encryption algorithm

B.

The encryption algorithm's longevity

C.

A method of introducing entropy into key calculations

D.

The computational overhead of calculating the encryption key

Question 283

Which of the following controls would provide the BEST protection against tailgating?

Options:

A.

Access control vestibule

B.

Closed-circuit television

C.

Proximity card reader

D.

Faraday cage

Question 284

An organization recently acquired an ISO 27001 certification. Which of the following would MOST likely be considered a benefit of this certification?

Options:

A.

It allows for the sharing of digital forensics data across organizations

B.

It provides insurance in case of a data breach

C.

It provides complimentary training and certification resources to IT security staff.

D.

It certifies the organization can work with foreign entities that require a security clearance

E.

It assures customers that the organization meets security standards

Question 285

Which of the following BEST describes the method a security analyst would use to confirm a file that is downloaded from a trusted security website is not altered in transit or corrupted using a verified checksum?

Options:

A.

Hashing

B.

Salting

C.

Integrity

D.

Digital signature

Question 286

Which of the following BEST describes the team that acts as a referee during a penetration-testing exercise?

Options:

A.

White team

B.

Purple team

C.

Green team

D.

Blue team

E.

Red team

Question 287

one of the attendees starts to notice delays in the connection. and the HTTPS site requests are reverting to HTTP. Which of the following BEST describes what is happening?

Options:

A.

Birthday collision on the certificate key

B.

DNS hacking to reroute traffic

C.

Brute force to the access point

D.

A SSL/TLS downgrade

Question 288

A security analyst is investigating a phishing email that contains a malicious document directed to the company's Chief Executive Officer (CEO). Which of the following should the analyst perform to understand the threat and retrieve possible IoCs?

Options:

A.

Run a vulnerability scan against the CEOs computer to find possible vulnerabilities

B.

Install a sandbox to run the malicious payload in a safe environment

C.

Perform a traceroute to identify the communication path

D.

Use netstat to check whether communication has been made with a remote host

Question 289

An organization wants to enable built-in FDE on all laptops Which of the following should the organization ensure is Installed on all laptops?

Options:

A.

TPM

B.

CA

C.

SAML

D.

CRL

Question 290

When planning to build a virtual environment, an administrator need to achieve the following,

•Establish polices in Limit who can create new VMs

•Allocate resources according to actual utilization‘

•Require justification for requests outside of the standard requirements.

•Create standardized categories based on size and resource requirements

Which of the following is the administrator MOST likely trying to do?

Options:

A.

Implement IaaS replication

B.

Product against VM escape

C.

Deploy a PaaS

D.

Avoid VM sprawl

Question 291

The SIEM at an organization has detected suspicious traffic coming a workstation in its internal network. An analyst in the SOC the workstation and discovers malware that is associated with a botnet is installed on the device A review of the logs on the workstation reveals that the privileges of the local account were escalated to a local administrator. To which of the following groups should the analyst report this real-world event?

Options:

A.

The NOC team

B.

The vulnerability management team

C.

The CIRT

D.

The read team

Question 292

The following are the logs of a successful attack.

Which of the following controls would be BEST to use to prevent such a breach in the future?

Options:

A.

Password history

B.

Account expiration

C.

Password complexity

D.

Account lockout

Question 293

An application owner reports suspicious activity on an internal financial application from various internal users within the past 14 days. A security analyst notices the following:

•Financial transactions were occurring during irregular time frames and outside of business hours by unauthorized users.

•Internal users in question were changing their passwords frequently during that time period.

•A jump box that several domain administrator users use to connect to remote devices was recently compromised.

•The authentication method used in the environment is NTLM.

Which of the following types of attacks is MOST likely being used to gain unauthorized access?

Options:

A.

Pass-the-hash

B.

Brute-force

C.

Directory traversal

D.

Replay

Question 294

A security analyst reviews a company’s authentication logs and notices multiple authentication failures. The authentication failures are from different usernames that share the same source IP address. Which of the password attacks is MOST likely happening?

Options:

A.

Dictionary

B.

Rainbow table

C.

Spraying

D.

Brute-force

Question 295

Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in a software company’s final software releases? (Select TWO.)

Options:

A.

Unsecure protocols

B.

Use of penetration-testing utilities

C.

Weak passwords

D.

Included third-party libraries

E.

Vendors/supply chain

F.

Outdated anti-malware software

Question 296

The Chief Information Security Officer wants to pilot a new adaptive, user-based authentication method. The concept Includes granting logical access based on physical location and proximity. Which of the following Is the BEST solution for the pilot?

Options:

A.

Geofencing

B.

Self-sovereign identification

C.

PKl certificates

D.

SSO

Question 297

A security analyst notices several attacks are being blocked by the NIPS but does not see anything on the boundary firewall logs. The attack seems to have been thwarted Which of the following resiliency techniques was applied to the network to prevent this attack?

Options:

A.

NIC Teaming

B.

Port mirroring

C.

Defense in depth

D.

High availability

E.

Geographic dispersal

Question 298

A security engineer needs to create a network segment that can be used for servers thal require connections from untrusted networks. Which of the following should the engineer implement?

Options:

A.

An air gap

B.

A hot site

C.

A VUAN

D.

A screened subnet

Question 299

Which of the following in a forensic investigation should be priorities based on the order of volatility? (Select TWO).

Options:

A.

Page files

B.

Event logs

C.

RAM

D.

Cache

E.

Stored files

F.

HDD

Question 300

A company uses a drone for precise perimeter and boundary monitoring. Which of the following should be MOST concerning to the company?

Options:

A.

Privacy

B.

Cloud storage of telemetry data

C.

GPS spoofing

D.

Weather events

Question 301

Per company security policy, IT staff members are required to have separate credentials to perform administrative functions using just-in-time permissions. Which of the following solutions is the company Implementing?

Options:

A.

Privileged access management

B.

SSO

C.

RADIUS

D.

Attribute-based access control

Question 302

A security analyst reports a company policy violation in a case in which a large amount of sensitive data is being downloaded after hours from various mobile devices to an external site. Upon further investigation, the analyst notices that successful login attempts are being conducted with impossible travel times during the same time periods when the unauthorized downloads are occurring. The analyst also discovers a couple of WAPs are using the same SSID, but they have non-standard DHCP configurations and an overlapping channel. Which of the following attacks is being conducted?

Options:

A.

Evil twin

B.

Jamming

C.

DNS poisoning

D.

Bluesnarfing

E.

DDoS

Question 303

A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned tf servers in the company's DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN. Which of the following TCP ports should be blocked for all external inbound connections to the DMZ as a workaround to protect the servers? (Select TWO).

Options:

A.

135

B.

139

C.

143

D.

161

E.

443

F.

445

Question 304

A security engineer needs to build @ solution to satisfy regulatory requirements that stale certain critical servers must be accessed using MFA However, the critical servers are older and

are unable to support the addition of MFA, Which of te following will the engineer MOST likely use to achieve this objective?

Options:

A.

A forward proxy

B.

A stateful firewall

C.

A jump server

D.

A port tap

Question 305

A security engineer is reviewing the logs from a SAML application that is configured to use MFA, during this review the engineer notices a high volume of successful logins that did not require MFA from users who were traveling internationally. The application, which can be accessed without a VPB, has a policy that allows time-based tokens to be generated. Users who changed locations should be required to reauthenticate but have been Which of the following statements BEST explains the issue?

Options:

A.

OpenID is mandatory to make the MFA requirements work

B.

An incorrect browser has been detected by the SAML application

C.

The access device has a trusted certificate installed that is overwriting the session token

D.

The user’s IP address is changing between logins, bur the application is not invalidating the token

Question 306

A company would like to provide flexibility for employees on device preference. However, the company is concerned about supporting too many different types of hardware. Which of the following deployment models will provide the needed flexibility with the GREATEST amount of control and security over company data and infrastructure?

Options:

A.

BYOD

B.

VDI

C.

COPE

D.

CYOD

Question 307

Which of the following BEST describes a social-engineering attack that relies on an executive at a small business visiting a fake banking website where credit card and account details are harvested?

Options:

A.

Whaling

B.

Spam

C.

Invoice scam

D.

Pharming

Question 308

After segmenting the network, the network manager wants to control the traffic between the segments. Which of the following should the manager use to control the network traffic?

Options:

A.

A DMZ

B.

A VPN a

C.

A VLAN

D.

An ACL

Question 309

A company recently experienced an attack during which its main website was Directed to the attacker's web server, allowing the attacker to harvest credentials from unsuspecting customers, Which of the following should the

company implement to prevent this type of attack from occurring In the future?

Options:

A.

IPsec

B.

SSL/TLS

C.

ONSSEC

D.

SMIME

Question 310

A cybersecurity administrator needs to allow mobile BYOD devices to access network resources. As the devices are not enrolled to the domain and do not have policies applied to them, which of the following are best practices for authentication and infrastructure security? (Select TWO).

Options:

A.

Create a new network for the mobile devices and block the communication to the internal network and servers

B.

Use a captive portal for user authentication.

C.

Authenticate users using OAuth for more resiliency

D.

Implement SSO and allow communication to the internal network

E.

Use the existing network and allow communication to the internal network and servers.

F.

Use a new and updated RADIUS server to maintain the best solution

Question 311

Which of the following controls would be the MOST cost-effective and time-efficient to deter intrusions at the perimeter of a restricted, remote military training area?

(Select TWO).

Options:

A.

Barricades

B.

Thermal sensors

C.

Drones

D.

Signage

E.

Motion sensors

F.

Guards

G.

Bollards

Question 312

Remote workers in an organization use company-provided laptops with locally installed applications and locally stored data Users can store data on a remote server using an encrypted connection. The organization discovered data stored on a laptop had been made available to the public Which of the following security solutions would mitigate the risk of future data disclosures?

Options:

A.

FDE

B.

TPM

C.

HIDS

D.

VPN

Question 313

The Chief Executive Officer announced a new partnership with a strategic vendor and asked the Chief Information Security Officer to federate user digital identities using SAML-based protocols. Which of the following will this enable?

Options:

A.

SSO

B.

MFA

C.

PKI

D.

OLP

Question 314

Hackers recently attacked a company's network and obtained several unfavorable pictures from the Chief Executive Officer's workstation. The hackers are threatening to send the images to the press if a ransom is not paid. Which of the following is impacted the MOST?

Options:

A.

Identify theft

B.

Data loss

C.

Data exfiltration

D.

Reputation

Question 315

Which of the following must be in place before implementing a BCP?

Options:

A.

SLA

B.

AUP

C.

NDA

D.

BIA

Question 316

Which of the following cryptographic concepts would a security engineer utilize while implementing non-repudiation? (Select TWO)

Options:

A.

Block cipher

B.

Hashing

C.

Private key

D.

Perfect forward secrecy

E.

Salting

F.

Symmetric keys

Question 317

A security researcher is tracking an adversary by noting its attacks and techniques based on its capabilities, infrastructure, and victims. Which of the following is the researcher MOST likely using?

Options:

A.

The Diamond Model of Intrusion Analysis

B.

The Cyber Kill Chain

C.

The MITRE CVE database

D.

The incident response process

Question 318

The security team received a report of copyright infringement from the IP space of the corporate network. The report provided a precise time stamp for the incident as well as the name of the copyrighted files. The analyst has been tasked with determining the infringing source machine and instructed to implement measures to prevent such incidents from occurring again. Which of the following is MOST capable of accomplishing both tasks?

Options:

A.

HIDS

B.

Allow list

C.

TPM

D.

NGFW

Demo: 318 questions
Total 1063 questions