Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium CompTIA CAS-005 Dumps Questions Answers

Page: 1 / 14
Total 187 questions

CompTIA SecurityX Certification Exam Questions and Answers

Question 1

Emails that the marketing department is sending to customers are pomp to the customers' spam folders. The security team is investigating the issue and discovers that the certificates used by the email server were reissued, but DNS records had not been updated. Which of the following should the security team update in order to fix this issue? (Select three.)

Options:

A.

DMARC

B.

SPF

C.

DKIM

D.

DNSSEC

E.

SASC

F.

SAN

G.

SOA

Buy Now
Question 2

Users must accept the terms presented in a captive petal when connecting to a guest network. Recently, users have reported that they are unable to access the Internet after joining the network A network engineer observes the following:

• Users should be redirected to the captive portal.

• The Motive portal runs Tl. S 1 2

• Newer browser versions encounter security errors that cannot be bypassed

• Certain websites cause unexpected re directs

Which of the following mow likely explains this behavior?

Options:

A.

The TLS ciphers supported by the captive portal ate deprecated

B.

Employment of the HSTS setting is proliferating rapidly.

C.

Allowed traffic rules are causing the NIPS to drop legitimate traffic

D.

An attacker is redirecting supplicants to an evil twin WLAN.

Question 3

Company A acquired Company B and needs to determine how the acquisition will impact the attack surface of the organization as a whole. Which of the following is the best way to achieve this goal? (Select two).

Implementing DLP controls preventing sensitive data from leaving Company B's network

Options:

A.

Documenting third-party connections used by Company B

B.

Reviewing the privacy policies currently adopted by Company B

C.

Requiring data sensitivity labeling tor all files shared with Company B

D.

Forcing a password reset requiring more stringent passwords for users on Company B's network

E.

Performing an architectural review of Company B's network

Question 4

During a vulnerability assessment, a scan reveals the following finding:

Windows Server 2016 Missing hotfix KB87728 - CVSS 3.1 Score: 8.1 [High] - Affected host 172.16.15.2

Later in the review process, the remediation team marks the finding as a false positive. Which of the following is the best way to avoid this issue on future scans?

Options:

A.

Getting an up-to-date list of assets from the CMDB

B.

Performing an authenticated scan on the servers

C.

Configuring the sensor with an advanced policy for fingerprinting servers

D.

Coordinating the scan execution with the remediation team early in the process

Question 5

An engineering team determines the cost to mitigate certain risks is higher than the asset values The team must ensure the risks are prioritized appropriately. Which of the following is the best way to address the issue?

Options:

A.

Data labeling

B.

Branch protection

C.

Vulnerability assessments

D.

Purchasing insurance

Question 6

A user reports application access issues to the help desk. The help desk reviews the logs for the user:

Which of the following is most likely the reason for the issue?

Options:

A.

The user inadvertently tripped the geoblock rule in NGFW.

B.

A threat actor has compromised the user's account and attempted to log in.

C.

The user is not allowed to access the human resources system outside of business hours.

D.

The user did not attempt to connect from an approved subnet.

Question 7

An organization is developing on Al-enabled digital worker to help employees complete common tasks such as template development, editing, research, and scheduling. As part of the Al workload the organization wants to Implement guardrails within the platform. Which of the following should the company do to secure the Al environment?

Options:

A.

Limn the platform's abilities to only non-sensitive functions

B.

Enhance the training model's effectiveness.

C.

Grant the system the ability to self-govern

D.

Require end-user acknowledgement of organizational policies.

Question 8

Which of the following are risks associated with vendor lock-in? (Select two).

Options:

A.

The client can seamlessly move data.

B.

The vendor can change product offerings.

C.

The client receives a sufficient level of service.

D.

The client experiences decreased quality of service.

E.

The client can leverage a multicloud approach.

F.

The client experiences increased interoperability.

Question 9

An endpoint security engineer finds that a newly acquired company has a variety of non-standard applications running and no defined ownership for those applications. The engineer needs to find a solution that restricts malicious programs and software from running in that environment, while allowing the non-standard applications to function without interruption. Which of the following application control configurations should the engineer apply?

Options:

A.

Deny list

B.

Allow list

C.

Audit mode

D.

MAC list

Question 10

A security analyst is troubleshooting the reason a specific user is having difficulty accessing company resources The analyst reviews the following information:

Which of the following is most likely the cause of the issue?

Options:

A.

The local network access has been configured to bypass MFA requirements.

B.

A network geolocation is being misidentified by the authentication server

C.

Administrator access from an alternate location is blocked by company policy

D.

Several users have not configured their mobile devices to receive OTP codes

Question 11

An organization is implementing Zero Trust architecture A systems administrator must increase the effectiveness of the organization's context-aware access system. Which of the following is the best way to improve the effectiveness of the system?

Options:

A.

Secure zone architecture

B.

Always-on VPN

C.

Accurate asset inventory

D.

Microsegmentation

Question 12

A security analyst wants to use lessons learned from a poor incident response to reduce dwell lime in the future The analyst is using the following data points

Which of the following would the analyst most likely recommend?

Options:

A.

Adjusting the SIEM to alert on attempts to visit phishing sites

B.

Allowing TRACE method traffic to enable better log correlation

C.

Enabling alerting on all suspicious administrator behavior

D.

utilizing allow lists on the WAF for all users using GFT methods

Question 13

An organization is implementing advanced security controls associated with the execution of software applications on corporate endpoints. The organization must implement a deny-all, permit-by-exception approach to software authorization for all systems regardless of OS. Which of the following should be implemented to meet these requirements?

Options:

A.

SELinux

B.

MDM

C.

XDR

D.

Block list

E.

Atomic execution

Question 14

A security engineer must ensure that sensitive corporate information is not exposed if a company laptop is stolen. Which of the following actions best addresses this requirement?

Options:

A.

Utilizing desktop as a service for all company data and multifactor authentication

B.

Using explicit allow lists of specific IP addresses and deploying single sign-on

C.

Deploying mobile device management and requiring stronger passwords

D.

Updating security mobile reporting policies and monitoring data breaches

Question 15

A company receives reports about misconfigurations and vulnerabilities in a third-party hardware device that is part of its released products. Which of the following solutions is the best way for the company to identify possible issues at an earlier stage?

Options:

A.

Performing vulnerability tests on each device delivered by the providers

B.

Performing regular red-team exercises on the vendor production line

C.

Implementing a monitoring process for the integration between the application and the vendor appliance

D.

Implementing a proper supply chain risk management program

Question 16

A company is having issues with its vulnerability management program New devices/lPs are added and dropped regularly, making the vulnerability report inconsistent Which of the following actions should the company lake to most likely improve the vulnerability management process'

Options:

A.

Request a weekly report with all new assets deployed and decommissioned

B.

Extend the DHCP lease lime to allow the devices to remain with the same address for a longer period.

C.

Implement a shadow IT detection process to avoid rogue devices on the network

D.

Perform regular discovery scanning throughout the 11 landscape using the vulnerability management tool

Question 17

A vulnerability can on a web server identified the following:

Which of the following actions would most likely eliminate on path decryption attacks? (Select two).

Options:

A.

Disallowing cipher suites that use ephemeral modes of operation for key agreement

B.

Removing support for CBC-based key exchange and signing algorithms

C.

Adding TLS_ECDHE_ECDSA_WITH_AE3_256_GCMS_HA256

D.

Implementing HIPS rules to identify and block BEAST attack attempts

E.

Restricting cipher suites to only allow TLS_RSA_WITH_AES_128_CBC_SHA

F.

Increasing the key length to 256 for TLS_RSA_WITH_AES_128_CBC_SHA

Question 18

Which of the following best describes the challenges associated with widespread adoption of homomorphic encryption techniques?

Options:

A.

Incomplete mathematical primitives

B.

No use cases to drive adoption

C.

Quantum computers not yet capable

D.

insufficient coprocessor support

Question 19

A security engineer wants to reduce the attack surface of a public-facing containerized application Which of the following will best reduce the application's privilege escalation attack surface?

Options:

A.

Implementing the following commands in the Dockerfile:RUN echo user:x:1000:1000iuser:/home/user:/dew/null > /ete/passwd

B.

Installing an EDR on the container's host with reporting configured to log to a centralized SIFM and Implementing the followingalerting rules TF PBOCESS_USEB=rooC ALERT_TYPE=critical

C.

Designing a muiticontainer solution, with one set of containers that runs the mam application, and another set oi containers that perform automatic remediation by replacing compromised containers or disabling compromised accounts

D.

Running the container in an isolated network and placing a load balancer in a public-facing network. Adding the following ACL to the load balancer:PZRKZI HTTES from 0-0.0.0.0/0 pert 443

Question 20

A security engineer needs to review the configurations of several devices on the network to meet the following requirements:

• The PostgreSQL server must only allow connectivity in the 10.1.2.0/24

subnet.

• The SSH daemon on the database server must be configured to listen

to port 4022.

• The SSH daemon must only accept connections from a Single

workstation.

• All host-based firewalls must be disabled on all workstations.

• All devices must have the latest updates from within the past eight

days.

• All HDDs must be configured to secure data at rest.

• Cleartext services are not allowed.

• All devices must be hardened when possible.

Instructions:

Click on the various workstations and network devices to review the posture assessment results. Remediate any possible issues or indicate that no issue is found.

Click on Server A to review output data. Select commands in the appropriate tab to remediate connectivity problems to the pOSTGREsql DATABASE VIA ssh

WAP A

PC A

Laptop A

Switch A

Switch B:

Laptop B

PC B

PC C

Server A

Options:

Question 21

An organization is developing a disaster recovery plan that requires data to be backed up and available ata moment's notice. Which of the following should the organization consider first to address this requirement?

Options:

A.

Implement a change management plan to ensure systems are using the appropriate versions.

B.

Hire additional on-call staff to be deployed if an event occurs.

C.

Design an appropriate warm site for business continuity.

D.

Identify critical business processes and determine associated software and hardware requirements.

Question 22

A senior security engineer flags the following log file snippet as having likely facilitated an attacker’s lateral movement in a recent breach:

qry_source: 19.27.214.22 TCP/53

qry_dest: 199.105.22.13 TCP/53

qry_type: AXFR

| in comptia.org

------------ directoryserver1 A 10.80.8.10

------------ directoryserver2 A 10.80.8.11

------------ directoryserver3 A 10.80.8.12

------------ internal-dns A 10.80.9.1

----------- www-int A 10.80.9.3

------------ fshare A 10.80.9.4

------------ sip A 10.80.9.5

------------ msn-crit-apcs A 10.81.22.33

Which of the following solutions, if implemented, would mitigate the risk of this issue reoccurring?

Options:

A.

Disabling DNS zone transfers

B.

Restricting DNS traffic to UDP/53

C.

Implementing DNS masking on internal servers

D.

Permitting only clients from internal networks to query DNS

Question 23

A security professional is investigating a trend in vulnerability findings for newly deployed cloud systems Given the following output:

Which of the following actions would address the root cause of this issue?

Options:

A.

Automating the patching system to update base Images

B.

Recompiling the affected programs with the most current patches

C.

Disabling unused/unneeded ports on all servers

D.

Deploying a WAF with virtual patching upstream of the affected systems

Question 24

A company recently experienced an incident in which an advanced threat actor was able to shim malicious code against the hardware static of a domain controller The forensic team cryptographically validated that com the underlying firmware of the box and the operating system had not been compromised. However, the attacker was able to exfiltrate information from the server using a steganographic technique within LOAP Which of the following is me b»« way to reduce the risk oi reoccurrence?

Options:

A.

Enforcing allow lists for authorized network pons and protocols

B.

Measuring and attesting to the entire boot chum

C.

Rolling the cryptographic keys used for hardware security modules

D.

Using code signing to verify the source of OS updates

Question 25

A company's help desk is experiencing a large number of calls from the finance department slating access issues to www bank com The security operations center reviewed the following security logs:

Which of the following is most likely the cause of the issue?

Options:

A.

Recursive DNS resolution is failing

B.

The DNS record has been poisoned.

C.

DNS traffic is being sinkholed.

D.

The DNS was set up incorrectly.

Question 26

A threat hunter is identifying potentially malicious activity associated with an APT. When the threat hunter runs queries against the SIEM platform with a date range of 60 to 90 days ago, the involved account seems to be typically most active in the evenings. When the threat hunter reruns the same query with a date range of 5 to 30 days ago, the account appears to be most active in the early morning. Which of the following techniques is the threat hunter using to better understand the data?

Options:

A.

TTP-based inquiries

B.

User behavior analytics

C.

Adversary emulation

D.

OSINT analysis activities

Question 27

Which of the following key management practices ensures that an encryption key is maintained within the organization?

Options:

A.

Encrypting using a key stored in an on-premises hardware security module

B.

Encrypting using server-side encryption capabilities provided by the cloud provider

C.

Encrypting using encryption and key storage systems provided by the cloud provider

D.

Encrypting using a key escrow process for storage of the encryption key

Question 28

A software development team requires valid data for internal tests. Company regulations, however do not allow the use of this data in cleartext. Which of the following solutions best meet these requirements?

Options:

A.

Configuring data hashing

B.

Deploying tokenization

C.

Replacing data with null record

D.

Implementing data obfuscation

Question 29

A company lined an email service provider called my-email.com to deliver company emails. The company stalled having several issues during the migration. A security engineer is troubleshooting and observes the following configuration snippet:

Which of the following should the security engineer modify to fix the issue? (Select two).

Options:

A.

The email CNAME record must be changed to a type A record pointing to 192.168.111

B.

The TXT record must be Changed to "v=dmarc ip4:192.168.1.10 include:my-email.com -all"

C.

The srvo1 A record must be changed to a type CNAME record pointing to the email server

D.

The email CNAME record must be changed to a type A record pointing to 192.168.1.10

E.

The TXT record must be changed to "v=dkim ip4:l92.168.1.11 include my-email.com -ell"

F.

The TXT record must be Changed to "v=dkim ip4:192.168.1.10 include:email-all"

G.

The srv01 A record must be changed to a type CNAME record pointing to the web01 server

Question 30

A company finds logs with modified time stamps when compared to other systems. The security team decides to improve logging and auditing for incident response. Which of the following should the team do to best accomplish this goal?

Options:

A.

Integrate a file-monitoring tool with the SIEM.

B.

Change the log solution and integrate it with the existing SIEM.

C.

Implement a central logging server, allowing only log ingestion.

D.

Rotate and back up logs every 24 hours, encrypting the backups.

Question 31

A company’s internal network is experiencing a security breach, and the threat actor is still active. Due to business requirements, users in this environment are allowed to utilize multiple machines at the same time. Given the following log snippet:

Which of the following accounts should a security analyst disable to best contain the incident without impacting valid users?

Options:

A.

user-a

B.

user-b

C.

user-c

D.

user-d

Question 32

A systems administrator wants to introduce a newly released feature for an internal application. The administrate docs not want to test the feature in the production environment. Which of the following locations is the best place to test the new feature?

Options:

A.

Staging environment

B.

Testing environment

C.

CI/CO pipeline

D.

Development environment

Question 33

A senior security engineer flags me following log file snippet as hawing likely facilitated an attacker's lateral movement in a recent breach:

Which of the following solutions, if implemented, would mitigate the nsk of this issue reoccurnnp?

Options:

A.

Disabling DNS zone transfers

B.

Restricting DNS traffic to UDP'W

C.

Implementing DNS masking on internal servers

D.

Permitting only clients from internal networks to query DNS

Question 34

A security architect for a global organization with a distributed workforce recently received funding lo deploy a CASB solution Which of the following most likely explains the choice to use a proxy-based CASB?

Options:

A.

The capability to block unapproved applications and services is possible

B.

Privacy compliance obligations are bypassed when using a user-based deployment.

C.

Protecting and regularly rotating API secret keys requires a significant time commitment

D.

Corporate devices cannot receive certificates when not connected to on-premises devices

Question 35

A compliance officer is facilitating abusiness impact analysis (BIA)and wantsbusiness unit leadersto collect meaningful data. Several business unit leaders want more information about the types of data the officer needs.

Which of the following data types would be the most beneficial for the compliance officer?(Select two)

Options:

A.

Inventory details

B.

Applicable contract obligations

C.

Costs associated with downtime

D.

Network diagrams

E.

Contingency plans

F.

Critical processes

Question 36

An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of the impact. Which of the following should the organization perform next?

Options:

A.

Assess the residual risk.

B.

Update the organization's threat model.

C.

Move to the next risk in the register.

D.

Recalculate the magnitude of the impact.

Question 37

A security analyst is using data provided from a recent penetration test to calculate CVSS scores to prioritize remediation. Which of the following metric groups would the analyst need to determine to get the overall scores? (Select three).

Options:

A.

Temporal

B.

Availability

C.

Integrity

D.

Confidentiality

E.

Base

F.

Environmental

G.

Impact

Question 38

A compliance officer is reviewing the data sovereignty laws in several countries where the organization has no presence Which of the following is the most likely reason for reviewing these laws?

Options:

A.

The organization is performing due diligence of potential tax issues.

B.

The organization has been subject to legal proceedings in countries where it has a presence.

C.

The organization is concerned with new regulatory enforcement in other countries

D.

The organization has suffered brand reputation damage from incorrect media coverage

Question 39

An organization determines existing business continuity practices areinadequateto support critical internal process dependencies during a contingency event. Acompliance analystwants the Chief Information Officer (CIO) to identify the level ofresidual riskthat is acceptable to guide remediation activities. Which of the following does the CIO need to clarify?

Options:

A.

Mitigation

B.

Impact

C.

Likelihood

D.

Appetite

Question 40

A security engineer is developing a solution to meet the following requirements?

• All endpoints should be able to establish telemetry with a SIEM.

• All endpoints should be able to be integrated into the XDR platform.

• SOC services should be able to monitor the XDR platform

Which of the following should the security engineer implement to meet the requirements?

Options:

A.

CDR and central logging

B.

HIDS and vTPM

C.

WAF and syslog

D.

HIPS and host-based firewall

Question 41

An organization wants to create a threat model to identity vulnerabilities in its infrastructure. Which of the following, should be prioritized first?

Options:

A.

External-facing Infrastructure with known exploited vulnerabilities

B.

Internal infrastructure with high-seventy and Known exploited vulnerabilities

C.

External facing Infrastructure with a low risk score and no known exploited vulnerabilities

D.

External-facing infrastructure with a high risk score that can only be exploited with local access to the resource

Question 42

A company wants to invest in research capabilities with the goal to operationalize the research output. Which of the following is the best option for a security architect to recommend?

Options:

A.

Dark web monitoring

B.

Threat intelligence platform

C.

Honeypots

D.

Continuous adversary emulation

Question 43

An organization that performs real-time financial processing is implementing a new backup solution. Given the following business requirements:

    The backup solution must reduce the risk of potential backup compromise.

    The backup solution must be resilient to a ransomware attack.

    The time to restore from backups is less important than backup data integrity.

    Multiple copies of production data must be maintained.

Which of the following backup strategies best meets these requirements?

Options:

A.

Creating a secondary, immutable database and adding live data on a continuous basis

B.

Utilizing two connected storage arrays and ensuring the arrays constantly sync

C.

Enabling remote journaling on the databases to ensure real-time transactions are mirrored

D.

Setting up anti-tampering on the databases to ensure data cannot be changed unintentionally

Question 44

A company wants to install a three-tier approach to separate the web. database, and application servers A security administrator must harden the environment which of the following is the best solution?

Options:

A.

Deploying a VPN to prevent remote locations from accessing server VLANs

B.

Configuring a SASb solution to restrict users to server communication

C.

Implementing microsegmentation on the server VLANs

D.

installing a firewall and making it the network core

Question 45

A financial technology firm works collaboratively with business partners in the industry to share threat intelligence within a central platform This collaboration gives partner organizations theability to obtain and share data associated with emerging threats from a variety of adversaries Which of the following should the organization most likely leverage to facilitate this activity? (Select two).

Options:

A.

CWPP

B.

YAKA

C.

ATTACK

D.

STIX

E.

TAXII

F.

JTAG

Question 46

An organization is looking for gaps in its detection capabilities based on the APTs that may target the industry Which of the following should the security analyst use to perform threat modeling?

Options:

A.

ATT&CK

B.

OWASP

C.

CAPEC

D.

STRIDE

Question 47

An analyst reviews a SIEM and generates the following report:

OnlyHOST002is authorized for internet traffic. Which of the following statements is accurate?

Options:

A.

The VM002 host is misconfigured and needs to be revised by the network team.

B.

The HOST002 host is under attack, and a security incident should be declared.

C.

The SIEM platform is reporting multiple false positives on the alerts.

D.

The network connection activity is unusual, and a network infection is highly possible.

Question 48

A company recently experienced aransomware attack. Although the company performssystems and data backupon a schedule that aligns with itsRPO (Recovery Point Objective) requirements, thebackup administratorcould not recovercritical systems and datafrom its offline backups to meet the RPO. Eventually, the systems and data were restored with information that wassix months outside of RPO requirements.

Which of the following actions should the company take to reduce the risk of a similar attack?

Options:

A.

Encrypt and label the backup tapes with the appropriate retention schedule before they are sent to the off-site location.

B.

Implement a business continuity process that includes reverting manual business processes.

C.

Perform regular disaster recovery testing of IT and non-IT systems and processes.

D.

Carry out a tabletop exercise to update and verify the RACI matrix with IT and critical business functions.

Question 49

Embedded malware has been discovered in a popular PDF reader application and is currently being exploited in the wild. Because the supply chain was compromised, this malware is present in versions 10.0 through 10.3 of the software's official versions. The malware is not present in version 10.4.

Since the details around this malware are still emerging, the Chief Information Security Officer has asked the senior security analyst to collaborate with the IT asset inventory manager to find instances of the installed software in order to begin response activities. The asset inventory manager has asked an analyst to provide a regular expression that will identify the affected versions. The software installation entries are formatted as follows:

Reader 10.0

Reader 10.1

Reader 10.2

Reader 10.3

Reader 10.4

Which of the following regular expression entries will accurately identify all the affected versions?

Options:

A.

Reader(*)[1][0].[0-4:

B.

Reader[11[01X.f0-3'

C.

Reader( )[1][0].[0-3:

D.

Reader( )[1][0] X.[1-3:

Question 50

A security analyst discovered requests associated with IP addresses known for born legitimate 3nd bot-related traffic. Which of the following should the analyst use to determine whether the requests are malicious?

Options:

A.

User-agent string

B.

Byte length of the request

C.

Web application headers

D.

HTML encoding field

Question 51

A cybersecurity architect is reviewing the detection and monitoring capabilities for a global company that recently made multiple acquisitions. The architect discovers that the acquired companies use different vendors for detection and monitoring The architect's goal is to:

• Create a collection of use cases to help detect known threats

• Include those use cases in a centralized library for use across all of the companies

Which of the following is the best way to achieve this goal?

Options:

A.

Sigma rules

B.

Ariel Query Language

C.

UBA rules and use cases

D.

TAXII/STIX library

Question 52

Users are experiencing a variety of issues when trying to access corporate resources examples include

• Connectivity issues between local computers and file servers within branch offices

• Inability to download corporate applications on mobile endpoints wtiilc working remotely

• Certificate errors when accessing internal web applications

Which of the following actions are the most relevant when troubleshooting the reported issues? (Select two).

Options:

A.

Review VPN throughput

B.

Check IPS rules

C.

Restore static content on lite CDN.

D.

Enable secure authentication using NAC

E.

Implement advanced WAF rules.

F.

Validate MDM asset compliance

Question 53

Which of the following is the security engineer most likely doing?

Options:

A.

Assessing log in activities using geolocation to tune impossible Travel rate alerts

B.

Reporting on remote log-in activities to track team metrics

C.

Threat hunting for suspicious activity from an insider threat

D.

Baselining user behavior to support advanced analytics

Question 54

A company that relies on an COL system must keep it operating until a new solution is available Which of the following is the most secure way to meet this goal?

Options:

A.

Isolating the system and enforcing firewall rules to allow access to only required endpoints

B.

Enforcing strong credentials and improving monitoring capabilities

C.

Restricting system access to perform necessary maintenance by the IT team

D.

Placing the system in a screened subnet and blocking access from internal resources

Question 55

Audit findings indicate several user endpoints are not utilizing full disk encryption During me remediation process, a compliance analyst reviews the testing details for the endpoints and notes the endpoint device configuration does not support full disk encryption Which of the following is the most likely reason me device must be replaced'

Options:

A.

The HSM is outdated and no longer supported by the manufacturer

B.

The vTPM was not properly initialized and is corrupt.

C.

The HSM is vulnerable to common exploits and a firmware upgrade is needed

D.

The motherboard was not configured with a TPM from the OEM supplier.

E.

The HSM does not support sealing storage

Question 56

An organization has noticed an increase in phishing campaigns utilizingtyposquatting. A security analyst needs to enrich the data for commonly used domains against the domains used inphishing campaigns. The analyst uses a log forwarder to forward network logs to the SIEM. Which of the following would allow the security analyst to perform this analysis?

Options:

A.

Use acron jobto regularly update and compare domains.

B.

Create aparserthat matches domains.

C.

Develop aquerythat filters out all matching domain names.

D.

Implement adashboardon the SIEM that shows the percentage of traffic by domain.

Page: 1 / 14
Total 187 questions