Black Friday Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

CompTIA SY0-701 CompTIA Security+ Exam 2024 Exam Practice Test

Demo: 116 questions
Total 391 questions

CompTIA Security+ Exam 2024 Questions and Answers

Question 1

In which of the following scenarios is tokenization the best privacy technique 10 use?

Options:

A.

Providing pseudo-anonymization tor social media user accounts

B.

Serving as a second factor for authentication requests

C.

Enabling established customers to safely store credit card Information

D.

Masking personal information inside databases by segmenting data

Question 2

Malware spread across a company's network after an employee visited a compromised industry blog. Which of the following best describes this type of attack?

Options:

A.

Impersonation

B.

Disinformation

C.

Watering-hole

D.

Smishing

Question 3

An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned. one of the batch jobs talked and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring?

Options:

A.

Job rotation

B.

Retention

C.

Outsourcing

D.

Separation of duties

Question 4

A company needs to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary. Which of the following methods is most secure?

Options:

A.

Implementing a bastion host

B.

Deploying a perimeter network

C.

Installing a WAF

D.

Utilizing single sign-on

Question 5

Which of the following describes the reason root cause analysis should be conducted as part of incident response?

Options:

A.

To gather loCs for the investigation

B.

To discover which systems have been affected

C.

To eradicate any trace of malware on the network

D.

To prevent future incidents of the same nature

Question 6

A systems administrator is changing the password policy within an enterprise environment and wants this update implemented on all systems as quickly as possible. Which of the following operating system security measures will the administrator most likely use?

Options:

A.

Deploying PowerShell scripts

B.

Pushing GPO update

C.

Enabling PAP

D.

Updating EDR profiles

Question 7

A security administrator is addressing an issue with a legacy system that communicates data using an unencrypted protocol to transfer sensitive data to a third party. No software updates that use an encrypted protocol are available, so a compensating control is needed. Which of the following are the most appropriate for the administrator to suggest? (Select two.)

Options:

A.

Tokenization

B.

Cryptographic downgrade

C.

SSH tunneling

D.

Segmentation

E.

Patch installation

F.

Data masking

Question 8

An engineer moved to another team and is unable to access the new team's shared folders while still being able to access the shared folders from the former team. After opening a ticket, the engineer discovers that the account was never moved to the new group. Which of the following access controls is most likely causing the lack of access?

Options:

A.

Role-based

B.

Discretionary

C.

Time of day

D.

Least privilege

Question 9

A business received a small grant to migrate its infrastructure to an off-premises solution. Which of the following should be considered first?

Options:

A.

Security of cloud providers

B.

Cost of implementation

C.

Ability of engineers

D.

Security of architecture

Question 10

An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Select two).

Options:

A.

Application

B.

Authentication

C.

DHCP

D.

Network

E.

Firewall

F.

Database

Question 11

An organization has a new regulatory requirement to implement corrective controls on a financial system. Which of the following is the most likely reason for the new requirement?

Options:

A.

To defend against insider threats altering banking details

B.

To ensure that errors are not passed to other systems

C.

To allow for business insurance to be purchased

D.

To prevent unauthorized changes to financial data

Question 12

In a rush to meet an end-of-year business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective. Which of the following best describes the security engineer's response?

Options:

A.

Risk tolerance

B.

Risk acceptance

C.

Risk importance

D.

Risk appetite

Question 13

Which of the following would help ensure a security analyst is able to accurately measure the overall risk to an organization when a new vulnerability is disclosed?

Options:

A.

A full inventory of all hardware and software

B.

Documentation of system classifications

C.

A list of system owners and their departments

D.

Third-party risk assessment documentation

Question 14

A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do?

Options:

A.

Place posters around the office to raise awareness of common phishing activities.

B.

Implement email security filters to prevent phishing emails from being delivered

C.

Update the EDR policies to block automatic execution of downloaded programs.

D.

Create additional training for users to recognize the signs of phishing attempts.

Question 15

A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors. Which of the following should the systems administrator use?

Options:

A.

Packet captures

B.

Vulnerability scans

C.

Metadata

D.

Dashboard

Question 16

Which of the following is a type of vulnerability that refers to the unauthorized installation of applications on a device through means other than the official application store?

Options:

A.

Cross-site scripting

B.

Buffer overflow

C.

Jailbreaking

D.

Side loading

Question 17

An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?

Options:

A.

ACL

B.

DLP

C.

IDS

D.

IPS

Question 18

A security professional discovers a folder containing an employee's personal information on the enterprise's shared drive. Which of the following best describes the data type the security professional should use to identify organizational policies and standards concerning the storage of employees' personal information?

Options:

A.

Legal

B.

Financial

C.

Privacy

D.

Intellectual property

Question 19

Which of the following is the final step of the modem response process?

Options:

A.

Lessons learned

B.

Eradication

C.

Containment

D.

Recovery

Question 20

An administrator needs to perform server hardening before deployment. Which of the following steps should the administrator take? (Select two).

Options:

A.

Disable default accounts.

B.

Add the server to the asset inventory.

C.

Remove unnecessary services.

D.

Document default passwords.

E.

Send server logs to the SIEM.

F.

Join the server to the corporate domain.

Question 21

A company wants to track modifications to the code used to build new virtual servers. Which of the following will the company most likely deploy?

Options:

A.

Change management ticketing system

B.

Behavioral analyzer

C.

Collaboration platform

D.

Version control tool

Question 22

An organization would like to calculate the time needed to resolve a hardware issue with a server. Which of the following risk management processes describes this example?

Options:

A.

Recovery point objective

B.

Mean time between failures

C.

Recovery time objective

D.

Mean time to repair

Question 23

Company A jointly develops a product with Company B, which is located in a different country. Company A finds out that their intellectual property is being shared with unauthorized companies. Which of the following has been breached?

Options:

A.

SLA

B.

AUP

C.

SOW

D.

MOA

Question 24

Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked.

Which of the following changes would allow users to access the site?

Options:

A.

Creating a firewall rule to allow HTTPS traffic

B.

Configuring the IPS to allow shopping

C.

Tuning the DLP rule that detects credit card data

D.

Updating the categorization in the content filter

Question 25

A network administrator is working on a project to deploy a load balancer in the company's cloud environment. Which of the following fundamental security requirements does this project fulfill?

Options:

A.

Privacy

B.

Integrity

C.

Confidentiality

D.

Availability

Question 26

A systems administrator is auditing all company servers to ensure. They meet the minimum security baseline While auditing a Linux server, the systems administrator observes the /etc/shadow file has permissions beyond the baseline recommendation. Which of the following commands should the systems administrator use to resolve this issue?

Options:

A.

chmod

B.

grep

C.

dd

D.

passwd

Question 27

A company is aware of a given security risk related to a specific market segment. The business chooses not to accept responsibility and target their services to a different market segment. Which of the following describes this risk management strategy?

Options:

A.

Exemption

B.

Exception

C.

Avoid

D.

Transfer

Question 28

Which of the following allows a systems administrator to tune permissions for a file?

Options:

A.

Patching

B.

Access control list

C.

Configuration enforcement

D.

Least privilege

Question 29

An organization is developing a security program that conveys the responsibilities associated with the general operation of systems and software within the organization. Which of the following documents would most likely communicate these expectations?

Options:

A.

Business continuity plan

B.

Change management procedure

C.

Acceptable use policy

D.

Software development life cycle policy

Question 30

A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?

Options:

A.

A worm is propagating across the network.

B.

Data is being exfiltrated.

C.

A logic bomb is deleting data.

D.

Ransomware is encrypting files.

Question 31

A company is working with a vendor to perform a penetration test Which of the following includes an estimate about the number of hours required to complete the engagement?

Options:

A.

SOW

B.

BPA

C.

SLA

D.

NDA

Question 32

An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?

Options:

A.

Real-time recovery

B.

Hot

C.

Cold

D.

Warm

Question 33

A company is decommissioning its physical servers and replacing them with an architecture that will reduce the number of individual operating systems. Which of the following strategies should the company use to achieve this security requirement?

Options:

A.

Microservices

B.

Containerization

C.

Virtualization

D.

Infrastructure as code

Question 34

An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.

Which of the following best describes the user’s activity?

Options:

A.

Penetration testing

B.

Phishing campaign

C.

External audit

D.

Insider threat

Question 35

Which of the following most accurately describes the order in which a security engineer should implement secure baselines?

Options:

A.

Deploy, maintain, establish

B.

Establish, maintain, deploy

C.

Establish, deploy, maintain

D.

Deploy, establish, maintain

Question 36

An organization recently updated its security policy to include the following statement:

Regular expressions are included in source code to remove special characters such as $, |, ;. &, `, and ? from variables set by forms in a web application.

Which of the following best explains the security technique the organization adopted by making this addition to the policy?

Options:

A.

Identify embedded keys

B.

Code debugging

C.

Input validation

D.

Static code analysis

Question 37

Which of the following must be considered when designing a high-availability network? (Choose two).

Options:

A.

Ease of recovery

B.

Ability to patch

C.

Physical isolation

D.

Responsiveness

E.

Attack surface

F.

Extensible authentication

Question 38

Which of the following scenarios describes a possible business email compromise attack?

Options:

A.

An employee receives a gift card request in an email that has an executive's name in the display field of the email.

B.

Employees who open an email attachment receive messages demanding payment in order to access files.

C.

A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.

D.

An employee receives an email with a link to a phishing site that is designed to look like the company's email portal.

Question 39

A systems administrator would like to deploy a change to a production system. Which of the following must the administrator submit to demonstrate that the system can be restored to a working state in the event of a performance issue?

Options:

A.

Backout plan

B.

Impact analysis

C.

Test procedure

D.

Approval procedure

Question 40

Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.

INSTRUCTIONS

Not all attacks and remediation actions will be used.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Question 41

A company relies on open-source software libraries to build the software used by its customers. Which of the following vulnerability types would be the most difficult to remediate due to the company's reliance on open-source libraries?

Options:

A.

Buffer overflow

B.

SQL injection

C.

Cross-site scripting

D.

Zero day

Question 42

An administrator must replace an expired SSL certificate. Which of the following does the administrator need to create the new SSL certificate?

Options:

A.

CSR

B.

OCSP

C.

Key

D.

CRL

Question 43

Which of the following best describes the concept of information being stored outside of its country of origin while still being subject to the laws and requirements of the country of origin?

Options:

A.

Data sovereignty

B.

Geolocation

C.

Intellectual property

D.

Geographic restrictions

Question 44

A company’s web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?

Options:

A.

encryption=off\

B.

http://

C.

www.*.com

D.

:443

Question 45

Which of the following data roles is responsible for identifying risks and appropriate access to data?

Options:

A.

Owner

B.

Custodian

C.

Steward

D.

Controller

Question 46

While investigating a recent security breach an analyst finds that an attacker gained access by SOL infection through a company website. Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?

Options:

A.

Secure cookies

B.

Input sanitization

C.

Code signing

D.

Blocklist

Question 47

Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?

Options:

A.

Fines

B.

Audit findings

C.

Sanctions

D.

Reputation damage

Question 48

A financial institution would like to store its customer data m the cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution Is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would best meet the requirement?

Options:

A.

Asymmetric

B.

Symmetric

C.

Homomorphic

D.

Ephemeral

Question 49

A security consultant needs secure, remote access to a client environment. Which of the following should the security consultant most likely use to gain access?

Options:

A.

EAP

B.

DHCP

C.

IPSec

D.

NAT

Question 50

Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?

Options:

A.

Software as a service

B.

Infrastructure as code

C.

Internet of Things

D.

Software-defined networking

Question 51

A technician wants to improve the situational and environmental awareness of existing users as they transition from remote to in-office work. Which of the following is the best option?

Options:

A.

Send out periodic security reminders.

B.

Update the content of new hire documentation.

C.

Modify the content of recurring training.

D Implement a phishing campaign

Question 52

Which of the following factors are the most important to address when formulating a training curriculum plan for a security awareness program? (Select two).

Options:

A.

Channels by which the organization communicates with customers

B.

The reporting mechanisms for ethics violations

C.

Threat vectors based on the industry in which the organization operates

D.

Secure software development training for all personnel

E.

Cadence and duration of training events

F.

Retraining requirements for individuals who fail phishing simulations

Question 53

A hacker gained access to a system via a phishing attempt that was a direct result of a user clicking a suspicious link. The link laterally deployed ransomware, which laid dormant for multiple weeks, across the network. Which of the following would have mitigated the spread?

Options:

A.

IPS

B.

IDS

C.

WAF

D.

UAT

Question 54

Which of the following is the most likely to be included as an element of communication in a security awareness program?

Options:

A.

Reporting phishing attempts or other suspicious activities

B.

Detecting insider threats using anomalous behavior recognition

C.

Verifying information when modifying wire transfer data

D.

Performing social engineering as part of third-party penetration testing

Question 55

An administrator is Investigating an incident and discovers several users’ computers were Infected with malware after viewing files mat were shared with them. The administrator discovers no degraded performance in the infected machines and an examination of the log files does not show excessive failed logins. Which of the following attacks Is most likely the cause of the malware?

Options:

A.

Malicious flash drive

B.

Remote access Trojan

C.

Brute-forced password

D.

Cryptojacking

Question 56

An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Choose two.)

Options:

A.

Typosquatting

B.

Phishing

C.

Impersonation

D.

Vishing

E.

Smishing

F.

Misinformation

Question 57

Which of the following describes the process of concealing code or text inside a graphical image?

Options:

A.

Symmetric encryption

B.

Hashing

C.

Data masking

D.

Steganography

Question 58

A user is attempting to patch a critical system, but the patch fails to transfer. Which of the following access controls is most likely inhibiting the transfer?

Options:

A.

Attribute-based

B.

Time of day

C.

Role-based

D.

Least privilege

Question 59

A business uses Wi-Fi with content filleting enabled. An employee noticed a coworker accessed a blocked sue from a work computer and repotted the issue. While Investigating the issue, a security administrator found another device providing internet access to certain employees. Which of the following best describes the security risk?

Options:

A.

The host-based security agent Is not running on all computers.

B.

A rogue access point Is allowing users to bypass controls.

C.

Employees who have certain credentials are using a hidden SSID.

D.

A valid access point is being jammed to limit availability.

Question 60

A company is developing a critical system for the government and storing project information on a fileshare. Which of the following describes how this data will most likely be classified? (Select two).

Options:

A.

Private

B.

Confidential

C.

Public

D.

Operational

E.

Urgent

F.

Restricted

Question 61

During a recent breach, employee credentials were compromised when a service desk employee issued an MFA bypass code to an attacker who called and posed as an employee. Which of the following should be used to prevent this type of incident in the future?

Options:

A.

Hardware token MFA

B.

Biometrics

C.

Identity proofing

D.

Least privilege

Question 62

A security administrator needs a method to secure data in an environment that includes some form of checks so that the administrator can track any changes. Which of the following should the administrator set up to achieve this goal?

Options:

A.

SPF

B.

GPO

C.

NAC

D.

FIM

Question 63

Which of the following is the best way to provide secure remote access for employees while minimizing the exposure of a company's internal network?

Options:

A.

VPN

B.

LDAP

C.

FTP

D.

RADIUS

Question 64

A spoofed identity was detected for a digital certificate. Which of the following are the type of unidentified key and the certificate mat could be in use on the company domain?

Options:

A.

Private key and root certificate

B.

Public key and expired certificate

C.

Private key and self-signed certificate

D.

Public key and wildcard certificate

Question 65

A security analyst is investigating a workstation that is suspected of outbound communication to a command-and-control server. During the investigation, the analyst discovered that logs on the endpoint were deleted. Which of the following logs would the analyst most likely look at next?

Options:

A.

IPS

B.

Firewall

C.

ACL

D.

Windows security

Question 66

A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture?

Options:

A.

Patch availability

B.

Product software compatibility

C.

Ease of recovery

D.

Cost of replacement

Question 67

A company wants to get alerts when others are researching and doing reconnaissance on the company One approach would be to host a part of the Infrastructure online with known vulnerabilities that would appear to be company assets. Which of the following describes this approach?

Options:

A.

Watering hole

B.

Bug bounty

C.

DNS sinkhole

D.

Honeypot

Question 68

Which of the following should a company use to provide proof of external network security testing?

Options:

A.

Business impact analysis

B.

Supply chain analysis

C.

Vulnerability assessment

D.

Third-party attestation

Question 69

Various company stakeholders meet to discuss roles and responsibilities in the event of a security breach affecting offshore offices. Which of the following is this an example of?

Options:

A.

Tabletop exercise

B.

Penetration test

C.

Geographic dispersion

D.

Incident response

Question 70

A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops No known Indicators of compromise have been found on the network. Which of the following should the team do first to secure the environment?

Options:

A.

Contain the Impacted hosts

B.

Add the malware to the application blocklist.

C.

Segment the core database server.

D.

Implement firewall rules to block outbound beaconing

Question 71

An IT manager is increasing the security capabilities of an organization after a data classification initiative determined that sensitive data could be exfiltrated from the environment. Which of the following solutions would mitigate the risk?

Options:

A.

XDR

B.

SPF

C.

DLP

D.

DMARC

Question 72

A group of developers has a shared backup account to access the source code repository. Which of the following is the best way to secure the backup account if there is an SSO failure?

Options:

A.

RAS

B.

EAP

C.

SAML

D.

PAM

Question 73

Which of the following describes the maximum allowance of accepted risk?

Options:

A.

Risk indicator

B.

Risk level

C.

Risk score

D.

Risk threshold

Question 74

A company tested and validated the effectiveness of network security appliances within the corporate network. The IDS detected a high rate of SQL injection attacks against the company's servers, and the company's perimeter firewall is at capacity. Which of the following would be the best action to maintain security and reduce the traffic to the perimeter firewall?

Options:

A.

Set the appliance to IPS mode and place it in front of the company firewall.

B.

Convert the firewall to a WAF and use IPSec tunnels to increase throughput.

C.

Set the firewall to fail open if it is overloaded with traffic and send alerts to the SIEM.

D.

Configure the firewall to perform deep packet inspection and monitor TLS traffic.

Question 75

Which of the following describes the understanding between a company and a client about what will be provided and the accepted time needed to provide the company with the resources?

Options:

A.

SLA

B.

MOU

C.

MOA

D.

BPA

Question 76

Which of the following methods would most likely be used to identify legacy systems?

Options:

A.

Bug bounty program

B.

Vulnerability scan

C.

Package monitoring

D.

Dynamic analysis

Question 77

After reviewing the following vulnerability scanning report:

Server:192.168.14.6

Service: Telnet

Port: 23 Protocol: TCP

Status: Open Severity: High

Vulnerability: Use of an insecure network protocol

A security analyst performs the following test:

nmap -p 23 192.168.14.6 —script telnet-encryption

PORT STATE SERVICE REASON

23/tcp open telnet syn-ack

I telnet encryption:

| _ Telnet server supports encryption

Which of the following would the security analyst conclude for this reported vulnerability?

Options:

A.

It is a false positive.

B.

A rescan is required.

C.

It is considered noise.

D.

Compensating controls exist.

Question 78

A systems administrator is working on a defense-in-depth strategy and needs to restrict activity from employees after hours. Which of the following should the systems administrator implement?

Options:

A.

Role-based restrictions

B.

Attribute-based restrictions

C.

Mandatory restrictions

D.

Time-of-day restrictions

Question 79

Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

Options:

A.

Compensating control

B.

Network segmentation

C.

Transfer of risk

D.

SNMP traps

Question 80

An organization wants to limit potential impact to its log-in database in the event of a breach. Which of the following options is the security team most likely to recommend?

Options:

A.

Tokenization

B.

Hashing

C.

Obfuscation

D.

Segmentation

Question 81

Which of the following security concepts is being followed when implementing a product that offers protection against DDoS attacks?

Options:

A.

Availability

B.

Non-repudiation

C.

Integrity

D.

Confidentiality

Question 82

The application development teams have been asked to answer the following questions:

• Does this application receive patches from an external source?

• Does this application contain open-source code?

• is this application accessible by external users?

• Does this application meet the corporate password standard?

Which of the following are these questions port of?

Options:

A.

Risk control self-assessment

B.

Risk management strategy

C.

Risk acceptance

D.

Risk matrix

Question 83

Which of the following describes an executive team that is meeting in a board room and testing the company's incident response plan?

Options:

A.

Continuity of operations

B.

Capacity planning

C.

Tabletop exercise

D.

Parallel processing

Question 84

An administrator discovers that some files on a database server were recently encrypted. The administrator sees from the security logs that the data was last accessed by a domain user. Which of the following best describes the type of attack that occurred?

Options:

A.

Insider threat

B.

Social engineering

C.

Watering-hole

D.

Unauthorized attacker

Question 85

An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. Which of the following types of infections is present on the systems?

Options:

A.

Virus

B.

Trojan

C.

Spyware

D.

Ransomware

Question 86

Which of the following security concepts is accomplished with the installation of a RADIUS server?

Options:

A.

CIA

B.

AAA

C.

ACL

D.

PEM

Question 87

Which of the following threat actors would most likely deface the website of a high-profile music group?

Options:

A.

Unskilled attacker

B.

Organized crime

C.

Nation-state

D.

Insider threat

Question 88

The security team at a large global company needs to reduce the cost of storing data used for performing investigations. Which of the following types of data should have its retention length reduced?

Options:

A.

Packet capture

B.

Endpoint logs

C.

OS security logs

D.

Vulnerability scan

Question 89

After an audit, an administrator discovers all users have access to confidential data on a file server. Which of the following should the administrator use to restrict access to the data quickly?

Options:

A.

Group Policy

B.

Content filtering

C.

Data loss prevention

D.

Access control lists

Question 90

While considering the organization's cloud-adoption strategy, the Chief Information Security Officer sets a goal to outsource patching of firmware, operating systems, and applications to the chosen cloud vendor. Which of the following best meets this goal?

Options:

A.

Community cloud

B.

PaaS

C.

Containerization

D.

Private cloud

E.

SaaS

F.

laaS

Question 91

While a user reviews their email, a host gets infected by malware from an external hard drive plugged into the host. The malware steals all the user's credentials stored in the browser. Which of the following training topics should the user review to prevent this situation from reoccurring?

Options:

A.

Operational security

B.

Removable media and cables

C.

Password management

D.

Social engineering

Question 92

Which of the following topics would most likely be included within an organization's SDLC?

Options:

A.

Service-level agreements

B.

Information security policy

C.

Penetration testing methodology

D.

Branch protection requirements

Question 93

A systems administrator is configuring a site-to-site VPN between two branch offices. Some of the settings have already been configured correctly. The systems administrator has been provided the following requirements as part of completing the configuration:

• Most secure algorithms should be selected

• All traffic should be encrypted over the VPN

• A secret password will be used to authenticate the two VPN concentrators

Options:

Question 94

A security analyst receives an alert from a corporate endpoint used by employees to issue visitor badges. The alert contains the following details:

Which of the following best describes the indicator that triggered the alert?

Options:

A.

Blocked content

B.

Brute-force attack

C.

Concurrent session usage

D.

Account lockout

Question 95

A security administrator identifies an application that is storing data using MD5. Which of the following best identifies the vulnerability likely present in the application?

Options:

A.

Cryptographic

B.

Malicious update

C.

Zero day

D.

Side loading

Question 96

Which of the following most impacts an administrator's ability to address CVEs discovered on a server?

Options:

A.

Rescanning requirements

B.

Patch availability

C.

Organizational impact

D.

Risk tolerance

Question 97

During a penetration test, a vendor attempts to enter an unauthorized area using an access badge Which of the following types of tests does this represent?

Options:

A.

Defensive

B.

Passive

C.

Offensive

D.

Physical

Question 98

Which of the following are cases in which an engineer should recommend the decommissioning of a network device? (Select two).

Options:

A.

The device has been moved from a production environment to a test environment.

B.

The device is configured to use cleartext passwords.

C.

The device is moved to an isolated segment on the enterprise network.

D.

The device is moved to a different location in the enterprise.

E.

The device's encryption level cannot meet organizational standards.

F.

The device is unable to receive authorized updates.

Question 99

A company is currently utilizing usernames and passwords, and it wants to integrate an MFA method that is seamless, can Integrate easily into a user's workflow, and can utilize employee-owned devices. Which of the following will meet these requirements?

Options:

A.

Push notifications

B.

Phone call

C.

Smart card

D.

Offline backup codes

Question 100

Several employees received a fraudulent text message from someone claiming to be the Chief Executive Officer (CEO). The message stated:

“I’m in an airport right now with no access to email. I need you to buy gift cards for employee recognition awards. Please send the gift cards to following email address.”

Which of the following are the best responses to this situation? (Choose two).

Options:

A.

Cancel current employee recognition gift cards.

B.

Add a smishing exercise to the annual company training.

C.

Issue a general email warning to the company.

D.

Have the CEO change phone numbers.

E.

Conduct a forensic investigation on the CEO's phone.

F.

Implement mobile device management.

Question 101

A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware?

Options:

A.

A thorough analysis of the supply chain

B.

A legally enforceable corporate acquisition policy

C.

A right to audit clause in vendor contracts and SOWs

D.

An in-depth penetration test of all suppliers and vendors

Question 102

Which of the following should be used to ensure a device is inaccessible to a network-connected resource?

Options:

A.

Disablement of unused services

B.

Web application firewall

C.

Host isolation

D.

Network-based IDS

Question 103

The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?

Options:

A.

Shadow IT

B.

Insider threat

C.

Data exfiltration

D.

Service disruption

Question 104

Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?

Options:

A.

SIEM

B.

DLP

C.

IDS

D.

SNMP

Question 105

An important patch for a critical application has just been released, and a systems administrator is identifying all of the systems requiring the patch. Which of the following must be maintained in order to ensure that all systems requiring the patch are updated?

Options:

A.

Asset inventory

B.

Network enumeration

C.

Data certification

D.

Procurement process

Question 106

Which of the following best describes configuring devices to log to an off-site location for possible future reference?

Options:

A.

Log aggregation

B.

DLP

C.

Archiving

D.

SCAP

Question 107

A security analyst reviews domain activity logs and notices the following:

Which of the following is the best explanation for what the security analyst has discovered?

Options:

A.

The user jsmith's account has been locked out.

B.

A keylogger is installed on [smith's workstation

C.

An attacker is attempting to brute force ismith's account.

D.

Ransomware has been deployed in the domain.

Question 108

Which of the following strategies should an organization use to efficiently manage and analyze multiple types of logs?

Options:

A.

Deploy a SIEM solution

B.

Create custom scripts to aggregate and analyze logs

C.

Implement EDR technology

D.

Install a unified threat management appliance

Question 109

A company that is located in an area prone to hurricanes is developing a disaster recovery plan and looking at site considerations that allow the company to immediately continue operations. Which of the following is the best type of site for this company?

Options:

A.

Cold

B.

Tertiary

C.

Warm

D.

Hot

Question 110

A security engineer is implementing FDE for all laptops in an organization. Which of the following are the most important for the engineer to consider as part of the planning process? (Select two).

Options:

A.

Key escrow

B.

TPM presence

C.

Digital signatures

D.

Data tokenization

E.

Public key management

F.

Certificate authority linking

Question 111

Which of the following should be used to aggregate log data in order to create alerts and detect anomalous activity?

Options:

A.

SIEM

B.

WAF

C.

Network taps

D.

IDS

Question 112

A company has begun labeling all laptops with asset inventory stickers and associating them with employee IDs. Which of the following security benefits do these actions provide? (Choose two.)

Options:

A.

If a security incident occurs on the device, the correct employee can be notified.

B.

The security team will be able to send user awareness training to the appropriate device.

C.

Users can be mapped to their devices when configuring software MFA tokens.

D.

User-based firewall policies can be correctly targeted to the appropriate laptops.

E.

When conducting penetration testing, the security team will be able to target the desired laptops.

F.

Company data can be accounted for when the employee leaves the organization.

Question 113

The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?

Options:

A.

Shadow IT

B.

Insider threat

C.

Data exfiltration

D.

Service disruption

Question 114

An organization wants to ensure the integrity of compiled binaries in the production environment. Which of the following security measures would best support this objective?

Options:

A.

Input validation

B.

Code signing

C.

SQL injection

D.

Static analysis

Question 115

Which of the following would be most useful in determining whether the long-term cost to transfer a risk is less than the impact of the risk?

Options:

A.

ARO

B.

RTO

C.

RPO

D.

ALE

E.

SLE

Question 116

A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 002.1X for access control. To be allowed on the network, a device must have a Known hardware address, and a valid user name and password must be entered in a captive portal. The following is the audit report:

Which of the following is the most likely way a rogue device was allowed to connect?

Options:

A.

A user performed a MAC cloning attack with a personal device.

B.

A DMCP failure caused an incorrect IP address to be distributed

C.

An administrator bypassed the security controls for testing.

D.

DNS hijacking let an attacker intercept the captive portal traffic.

Demo: 116 questions
Total 391 questions