Winter Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Free and Premium CompTIA SY0-601 Dumps Questions Answers

Page: 1 / 80
Total 1063 questions

CompTIA Security+ Exam 2023 Questions and Answers

Question 1

A security analyst reviews web server logs and notices the following line:

104.35. 45.53 -

[22/May/2020:07 : 00:58 +0100] "GET . UNION ALL SELECT

user login, user _ pass, user email from wp users—— HTTP/I.I" 200 1072

Which of the following vulnerabilities is the attacker trying to exploit?

Options:

A.

SSRF

B.

CSRF

C.

xss

D.

SQLi

Buy Now
Question 2

A cybersecurity analyst needs to adopt controls to properly track and log user actions to an individual. Which of the following should the analyst implement?

Options:

A.

Non-repudiation

B.

Baseline configurations

C.

MFA

D.

DLP

Question 3

A security team suspects that the cause of recent power consumption overloads is the unauthorized use of empty power outlets in the network rack. Which of the following options will mitigate this issue without compromising the number of outlets

available?

Options:

A.

Adding a new UPS dedicated to the rack

B.

Installing a managed PDU

C.

Using only a dual power supplies unit

D.

Increasing power generator capacity

Question 4

Which of the following is a solution that can be used to stop a disgruntled employee from copying confidential data to a USB drive?

Options:

A.

DLP

B.

TLS

C.

AV

D.

IDS

Question 5

A company was recently breached. Part of the company's new cybersecurity strategy is to centralize the logs from all security devices. Which of the following components forwards the logs to a central source?

Options:

A.

Log enrichment

B.

Log queue

C.

Log parser

D.

Log collector

Question 6

A security analyst is reviewing packet capture data from a compromised host On the In the packet capture. analyst locates packets that contain large of text, Which Of following is most likely installed on compromised host?

Options:

A.

Keylogger

B.

Spyware

C.

Torjan

D.

Ransomware

Question 7

An employee used a corporate mobile device during a vacation Multiple contacts were modified in the device vacation Which of the following method did attacker to insert the contacts without having 'Physical access to device?

Options:

A.

Jamming

B.

BluJacking

C.

Disassoaatm

D.

Evil twin

Question 8

Which of the following best describes a tool used by an organization to identi-fy, log, and track any potential risks and corresponding risk information?

Options:

A.

Quantitative risk assessment

B.

Risk register

C.

Risk control assessment

D.

Risk matrix

Question 9

A security analyst is reviewing computer logs because a host was compromised by malware After the computer was infected it displayed an error screen and shut down. Which of the following should the analyst review first to determine more information?

Options:

A.

Dump file

B.

System log

C.

Web application log

D.

Security too

Question 10

An organization wants to secure a LAN/WLAN so users can authenticate and transport data securely. The solution needs to prevent on-path attacks and evil twin attacks. Which of the following will best meet the organization's need?

Options:

A.

MFA

B.

802.1X

C.

WPA2

D.

TACACS

Question 11

Sales team members have been receiving threatening voicemail messages and have reported these incidents to the IT security team. Which of the following would be MOST appropriate for the IT security team to analyze?

Options:

A.

Access control

B.

Syslog

C.

Session Initiation Protocol traffic logs

D.

Application logs

Question 12

A digital forensics team at a large company is investigating a case in which malicious code was downloaded over an HTTPS connection and was running in memory, but was never committed to disk. Which of the following techniques should the team use to obtain a sample of the malware binary?

Options:

A.

pcap reassembly

B.

SSD snapshot

C.

Image volatile memory

D.

Extract from checksums

Question 13

A company needs to enhance Its ability to maintain a scalable cloud Infrastructure. The Infrastructure needs to handle the unpredictable loads on the company's web application. Which of the following

cloud concepts would BEST these requirements?

Options:

A.

SaaS

B.

VDI

C.

Containers

D.

Microservices

Question 14

An organization recently completed a security control assessment The organization determined some controls did not meet the existing security measures. Additional mitigations are needed to lessen the risk of the non-complaint controls. Which of the following best describes these

mitigations?

Options:

A.

Corrective

B.

Compensating

C.

Deterrent

D.

Technical

Question 15

A police department is using the cloud to share information city officials Which of the cloud models describes this scenario?

Options:

A.

Hybrid

B.

private

C.

pubic

D.

Community

Question 16

A user is trying to upload a tax document, which the corporate finance department requested, but a security program IS prohibiting the upload A security analyst determines the file contains Pll, Which of

the following steps can the analyst take to correct this issue?

Options:

A.

Create a URL filter with an exception for the destination website.

B.

Add a firewall rule to the outbound proxy to allow file uploads

C.

Issue a new device certificate to the user's workstation.

D.

Modify the exception list on the DLP to allow the upload

Question 17

A desktop computer was recently stolen from a desk located in the lobby of an office building. Which of the following would be the best way to secure a replacement computer and deter future theft?

Options:

A.

Installing proximity card readers on all entryway doors

B.

Deploying motion sensor cameras in the lobby

C.

Encrypting the hard drive on the new desktop

D.

Using cable locks on the hardware

Question 18

A company has numerous employees who store PHI data locally on devices. The Chief Information Officer wants to implement a solution to reduce external exposure of PHI but not affect the business.

The first step the IT team should perform is to deploy a DLP solution:

Options:

A.

for only data in transit.

B.

for only data at reset.

C.

in blocking mode.

D.

in monitoring mode.

Question 19

A new security engineer has started hardening systems. One of the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability to use SCP to transfer files to the NAS, even though the data is still viewable from the users' PCs. Which of the following is the MOST likely cause of this issue?

Options:

A.

TFTP was disabled on the local hosts

B.

SSH was turned off instead of modifying the configuration file

C.

Remote login was disabled in the networkd.conf instead of using the sshd.conf.

D.

Network services are no longer running on the NAS.

Question 20

An organization needs to implement more stringent controls over administrator/root credentials and service accounts. Requirements for the project include:

* Check-in/checkout of credentials

* The ability to use but not know the password

* Automated password changes

* Logging of access to credentials

Which of the following solutions would meet the requirements?

Options:

A.

OAuth 2.0

B.

Secure Enclave

C.

A privileged access management system

D.

An OpenID Connect authentication system

Question 21

A security administrator Installed a new web server. The administrator did this to Increase the capacity (or an application due to resource exhaustion on another server. Which o( the following algorithms should the administrator use to split the number of the connections on each server In half?

Options:

A.

Weighted response

B.

Round-robin

C.

Least connection

D.

Weighted least connection

Question 22

The new Chief Information Security Officer at a company has asked the security learn to implement stronger user account policies. The new policies require:

• Users to choose a password unique to their last ten passwords

• Users to not log in from certain high-risk countries

Which of the following should the security team implement? (Select two).

Options:

A.

Password complexity

B.

Password history

C.

Geolocation

D.

Geospatial

E.

Geotagging

F.

Password reuse

Question 23

A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator most likely use to confirm the suspicions?

Options:

A.

Nmap

B.

Wireshark

C.

Autopsy

D.

DNSEnum

Question 24

A new security engineer has started hardening systems. One o( the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability lo use SCP to transfer files to the NAS, even though the data is still viewable from the users' PCs. Which of the following is the MOST likely cause of this issue?

Options:

A.

TFTP was disabled on the local hosts.

B.

SSH was turned off instead of modifying the configuration file.

C.

Remote login was disabled in the networkd.conf instead of using the sshd. conf.

D.

Network services are no longer running on the NAS

Question 25

Which of the following would a security analyst use to determine if other companies in the same sector have seen similar malicious activity against their systems?

Options:

A.

Vulnerability scanner

B.

Open-source intelligence

C.

Packet capture

D.

Threat feeds

Question 26

An attacker is targeting a company. The attacker notices that the company’s employees frequently access a particular website. The attacker decides to infect the website with malware and hopes the employees’ devices will also become infected. Which of the following techniques is the attacker using?

Options:

A.

Watering-hole attack

B.

Pretexting

C.

Typosquatting

D.

Impersonation

Question 27

A security team will be outsourcing several key functions to a third party and will require that:

• Several of the functions will carry an audit burden.

• Attestations will be performed several times a year.

• Reports will be generated on a monthly basis.

Which of the following BEST describes the document that is used to define these requirements and stipulate how and when they are performed by the third party?

Options:

A.

MOU

B.

AUP

C.

SLA

D.

MSA

Question 28

A company is focused on reducing risks from removable media threats. Due to certain primary applications, removable media cannot be entirely prohibited at this time. Which of the following best describes the company's approach?

Options:

A.

Compensating controls

B.

Directive control

C.

Mitigating controls

D.

Physical security controls

Question 29

A user's laptop constantly disconnects from the Wi-Fi network. Once the laptop reconnects, the user can reach the internet but cannot access shared folders or other network resources. Which of the following types of attacks is the user MOST likely experiencing?

Options:

A.

Bluejacking

B.

Jamming

C.

Rogue access point

D.

Evil twin

Question 30

A network security manager wants to implement periodic events that will test the security team's preparedness for incidents in a controlled and scripted manner, Which of the following concepts describes this scenario?

Options:

A.

Red-team exercise

B.

Business continuity plan testing

C.

Tabletop exercise

D.

Functional exercise

Question 31

The alert indicates an attacker entered thousands of characters into the text box of a web form. The web form was intended for legitimate customers to enter their phone numbers. Which of the attacks has most likely occurred?

Options:

A.

Privilege escalation

B.

Buffer overflow

C.

Resource exhaustion

D.

Cross-site scripting

Question 32

Which of the following measures the average time that equipment will operate before it breaks?

Options:

A.

SLE

B.

MTBF

C.

RTO

D.

ARO

Question 33

An organization is concerned about hackers potentially entering a facility and plugging in a remotely accessible Kali Linux box. Which of the following should be the first lines of defense against such an attack? (Select TWO).

Options:

A.

MAC filtering

B.

Zero trust segmentation

C.

Network access control

D.

Access control vestibules

E.

Guards

F.

Bollards.

Question 34

A data cento has experienced an increase in under-voltage events Mowing electrical grid maintenance outside the facility These events are leading to occasional losses of system availability Which of the following would be the most cost-effective solution for the data center 10 implement''

Options:

A.

Uninterruptible power supplies with battery backup

B.

Managed power distribution units lo track these events

C.

A generator to ensure consistent, normalized power delivery

D.

Dual power supplies to distribute the load more evenly

Question 35

A software developer used open-source libraries to streamline development. Which of the following is the greatest risk when using this approach?

Options:

A.

Unsecure root accounts

B.

Lack of vendor support

C.

Password complexity

D.

Default settings

Question 36

A major manufacturing company updated its internal infrastructure and just started to allow OAuth application to access corporate data Data leakage is being reported Which of following most likely caused the issue?

Options:

A.

Privilege creep

B.

Unmodified default

C.

TLS

D.

Improper patch management

Question 37

A security analyst is investigating network issues between a workstation and a company server. The workstation and server occasionally experience service disruptions, and employees are forced to

reconnect to the server. In addition, some reports indicate sensitive information is being leaked from the server to the public.

The workstation IP address is 192.168.1.103, and the server IP address is 192.168.1.101.

The analyst runs arp -a On a separate workstation and obtains the following results:

Which of the following is most likely occurring?

Options:

A.

Evil twin attack

B.

Domain hijacking attack

C.

On-path attack

D.

MAC flooding attack

Question 38

The management team has requested that the security team implement 802.1X into the existing wireless network setup. The following requirements must be met:

• Minimal interruption to the end user

• Mutual certificate validation

Which of the following authentication protocols would meet these requirements?

Options:

A.

EAP-FAST

B.

PSK

C.

EAP-TTLS

D.

EAP-TLS

Question 39

A company completed a vulnerability scan. The scan found malware on several systems that were running older versions of Windows. Which of the following is MOST likely the cause of the malware infection?

Options:

A.

Open permissions

B.

Improper or weak patch management

C.

Unsecure root accounts

D.

Default settings

Question 40

Which of the following describes software on network hardware that needs to be updated on a rou-tine basis to help address possible vulnerabilities?

Options:

A.

Vendor management

B.

Application programming interface

C.

Vanishing

D.

Encryption strength

E.

Firmware

Question 41

A company recently completed the transition from data centers to the cloud. Which of the following solutions will best enable the company to detect security threats in applications that run in isolated environments within the cloud environment?

Options:

A.

Security groups

B.

Container security

C.

Virtual networks

D.

Segmentation

Question 42

A systems engineer thinks a business system has been compromised and is being used to exfiltrated data to a competitor The engineer contacts the CSIRT The CSIRT tells the engineer to immediately disconnect the network cable and to not do anything else Which of the following is the most likely reason for this request?

Options:

A.

The CSIRT thinks an insider threat is attacking the network

B.

Outages of business-critical systems cost too much money

C.

The CSIRT does not consider the systems engineer to be trustworthy

D.

Memory contents including fileles malware are lost when the power is turned off

Question 43

Which of the following can reduce vulnerabilities by avoiding code reuse?

Options:

A.

Memory management

B.

Stored procedures

C.

Normalization

D.

Code obfuscation

Question 44

A small, local company experienced a ransomware attack. The company has one web-facing server and a few workstations. Everything is behind an ISP firewall. A single web-facing server

is set up on the router to forward all ports so that the server is viewable from the internet. The company uses an older version of third-party software to manage the website. The assets

were never patched. Which of the following should be done to prevent an attack like this from happening again? (Select three).

Options:

A.

Install DLP software to prevent data loss.

B.

Use the latest version of software.

C.

Install a SIEM device.

D.

Implement MDM.

E.

Implement a screened subnet for the web server.

F.

Install an endpoint security solution.

G.

Update the website certificate and revoke the existing ones.

Question 45

Users report access to an application from an internal workstation is still unavailable to a specific server, even after a recent firewall rule implementation that was requested for this access. ICMP traffic is successful between the two devices. Which of the following tools should the security analyst use to help identify if the traffic is being blocked?

Options:

A.

nmap

B.

tracert

C.

ping

D.

ssh

Question 46

An employee received an email with an unusual file attachment named Updates . Lnk. A security analysts reverse engineering what the fle does and finds that executes the folowing script:

C:\Windows \System32\WindowsPowerShell\vl.0\powershell.exe -URI -OutFile $env:TEMP\autoupdate.dll;Start-Process rundll32.exe $env:TEMP\autoupdate.dll

Which of the following BEST describes what the analyst found?

Options:

A.

A Powershell code is performing a DLL injection.

B.

A PowerShell code is displaying a picture.

C.

A PowerShell code is configuring environmental variables.

D.

A PowerShell code is changing Windows Update settings.

Question 47

A security engineer is concerned the strategy for detection on endpoints is too heavily dependent on previously defined attacks. The engineer wants a tool that can monitor for changes to key files and network traffic for the device. Which of the following tools should the engineer select?

Options:

A.

HIDS

B.

AV

C.

NGF-W

D.

DLP

Question 48

A company is switching to a remote work model for all employees. All company and employee resources will be in the cloud. Employees must use their personal computers to access the cloud computing environment. The company will manage the operating system. Which of the following deployment models is the company implementing?

Options:

A.

CYOD

B.

MDM

C.

COPE

D.

VDI

Question 49

A security analyst needs to recommend a solution that will allow current Active Directory accounts and groups to be used for access controls on both network and remote-access devices. Which of the

following should the analyst recommend? (Select two).

Options:

A.

TACACS+

B.

RADIUS

C.

OAuth

D.

OpenlD

E.

Kerberos

F.

CHAP

Question 50

A global pandemic is forcing a private organization to close some business units and reduce staffing at others. Which of the following would be best to help the organization's executives determine their next course of action?

Options:

A.

An incident response plan

B.

A communication plan

C.

A disaster recovery plan

D.

A business continuity plan

Question 51

A network administrator needs to determine Ihe sequence of a server farm's logs. Which of the following should the administrator consider? (Select TWO).

Options:

A.

Chain of custody

B.

Tags

C.

Reports

D.

Time stamps

E.

Hash values

F.

Time offset

Question 52

An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled. Which of the following can be

used to accomplish this task?

Options:

A.

Application allow list

B.

Load balancer

C.

Host-based firewall

D.

VPN

Question 53

A penetration tester was able to compromise a host using previously captured network traffic. Which of the following is the result of this action?

Options:

A.

Integer overflow

B.

Race condition

C.

Memory leak

D.

Replay attack

Question 54

A security engineer is investigating a penetration test report that states the company website is vulnerable to a web application attack. While checking the web logs from the time of the test, the engineer notices several invalid web form submissions using an unusual address: "SELECT * FROM customername”. Which of the following is most likely being attempted?

Options:

A.

Directory traversal

B.

SQL injection

C.

Privilege escalation

D.

Cross-site scripting

Question 55

Security analysts have noticed the network becomes flooded with malicious packets at specific times of the day. Which of the following should the analysts use to investigate this issue?

Options:

A.

Web metadata

B.

Bandwidth monitors

C.

System files

D.

Correlation dashboards

Question 56

A security administrator examines the ARP table of an access switch and sees the following output:

Which of the following is a potential threat that is occurring on this access switch?

Options:

A.

DDoSonFa02 port

B.

MAG flooding on Fa0/2 port

C.

ARP poisoning on Fa0/1 port

D.

DNS poisoning on port Fa0/1

Question 57

A security operations center wants to implement a solution that can execute files to test for malicious activity. The solution should provide a report of the files' activity against known threats.

Which of the following should the security operations center implement?

Options:

A.

theHarvester

B.

Nessus

C.

Cuckoo

D.

Sn1per

Question 58

A web server log contains two million lines. A security analyst wants to obtain the next 500 lines starting from line 4,600. Which of the following commands will help the security analyst to achieve this objective?

Options:

A.

cat webserver.log | head -4600 | tail +500 |

B.

cat webserver.log | tail -1995400 | tail -500 |

C.

cat webserver.log | tail -4600 | head -500 |

D.

cat webserver.log | head -5100 | tail -500 |

Question 59

Which of the following describes where an attacker can purchase DDoS or ransomware services?

Options:

A.

Threat intelligence

B.

Open-source intelligence

C.

Vulnerability database

D.

Dark web

Question 60

An organization recently released a software assurance policy that requires developers to run code scans each night on the repository. After the first night, the security team alerted the developers that more than 2,000 findings were reported and need to

be addressed. Which of the following is the MOST likely cause for the high number of findings?

Options:

A.

The vulnerability scanner was not properly configured and generated a high number of false positives

B.

Third-party libraries have been loaded into the repository and should be removed from the codebase.

C.

The vulnerability scanner found several memory leaks during runtime, causing duplicate reports for the same issue.

D.

The vulnerability scanner was not loaded with the correct benchmarks and needs to be updated.

Question 61

Which of the following can be used to detect a hacker who is stealing company data over port 80?

Options:

A.

Web application scan

B.

Threat intelligence

C.

Log aggregation

D.

Packet capture

Question 62

Stakeholders at an organisation must be kept aware of any incidents and receive updates on status changes as they occur Which of the following Plans would fulfill this requirement?

Options:

A.

Communication plan

B.

Disaster recovery plan

C.

Business continuity plan

D.

Risk plan

Question 63

A security team discovered a large number of company-issued devices with non-work-related software installed. Which of the following policies would most likely contain language that would prohibit this activity?

Options:

A.

NDA

B.

BPA

C.

AUP

D.

SLA

Question 64

A security administrator recently used an internal CA to issue a certificate to a public application. A user tries to reach the application but receives a message stating, “Your connection is not private." Which of the following is the best way to fix this issue?

Options:

A.

Ignore the warning and continue to use the application normally.

B.

Install the certificate on each endpoint that needs to use the application.

C.

Send the new certificate to the users to install on their browsers.

D.

Send a CSR to a known CA and install the signed certificate on the application's server.

Question 65

The SIEM at an organization has detected suspicious traffic coming a workstation in its internal network. An analyst in the SOC the workstation and discovers malware that is associated with a botnet is installed on the device A review of the logs on the workstation reveals that the privileges of the local account were escalated to a local administrator. To which of the following groups should the analyst report this real-world event?

Options:

A.

The NOC team

B.

The vulnerability management team

C.

The CIRT

D.

The read team

Question 66

Which of the following environments can be stood up in a short period of time, utilizes either dummy data or actual data, and is used to demonstrate and model system capabilities and functionality for a fixed, agreed-upon

duration of time?

Options:

A.

PoC

B.

Production

C.

Test

D.

Development

Question 67

A Chief Information Officer is concerned about employees using company-issued laptops to steal data when accessing network shares. Which of the following should the company implement?

Options:

A.

DLP

B.

CASB

C.

HIDS

D.

EDR

E.

UEFI

Question 68

An organization recently acquired an ISO 27001 certification. Which of the following would MOST likely be considered a benefit of this certification?

Options:

A.

It allows for the sharing of digital forensics data across organizations

B.

It provides insurance in case of a data breach

C.

It provides complimentary training and certification resources to IT security staff.

D.

It certifies the organization can work with foreign entities that require a security clearance

E.

It assures customers that the organization meets security standards

Question 69

After gaining access to a dual-homed (i.e.. wired and wireless) multifunction device by exploiting a vulnerability in the device's firmware, a penetration tester then gains shell access on another networked asset This technique is an example of:

Options:

A.

privilege escalation

B.

footprinting

C.

persistence

D.

pivoting.

Question 70

The compliance team requires an annual recertification of privileged and non-privileged user access. However, multiple users who left the company six months ago still have access. Which of the following would have prevented this compliance violation?

Options:

A.

Account audits

B.

AUP

C.

Password reuse

D.

SSO

Question 71

A security analyst reviews a company’s authentication logs and notices multiple authentication failures. The authentication failures are from different usernames that share the same source IP address. Which of the password attacks is MOST likely happening?

Options:

A.

Dictionary

B.

Rainbow table

C.

Spraying

D.

Brute-force

Question 72

A security analyst has received several reports of an issue on an internal web application. Users state they are having to provide their credentials twice to log in. The analyst checks with the application team and notes this is not an expected behavior. After looking at several logs, the analyst decides to run some commands on the gateway and obtains the following output:

Which of the following BEST describes the attack the company is experiencing?

Options:

A.

MAC flooding

B.

URL redirection

C.

ARP poisoning

D.

DNS hijacking

Question 73

Which of the following environments typically hosts the current version configurations and code, compares user-story responses and workflow, and uses a modified version of actual data for testing?

Options:

A.

Development

B.

Staging

C.

Production

D.

Test

Question 74

An organization would like to remediate the risk associated with its cloud service provider not meeting its advertised 99.999% availability metrics. Which of the following should the organization consult for the exact requirements for the cloud provider?

Options:

A.

SLA

B.

BPA

C.

NDA

D.

MOU

Question 75

During an investigation, the incident response team discovers that multiple administrator accounts were suspected of being compromised. The host audit logs indicate a repeated brute-force attack on a single administrator account followed by suspicious logins from unfamiliar geographic locations. Which of the following data sources would be BEST to use to assess the accounts impacted by this attack?

Options:

A.

User behavior analytics

B.

Dump files

C.

Bandwidth monitors

D.

Protocol analyzer output

Question 76

A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?

Options:

A.

Default system configuration

B.

Unsecure protocols

C.

Lack of vendor support

D.

Weak encryption

Question 77

A security administrator is working on a solution to protect passwords stored in a database against rainbow table attacks Which of the following should the administrator consider?

Options:

A.

Hashing

B.

Salting

C.

Lightweight cryptography

D.

Steganography

Question 78

A user reports trouble using a corporate laptop. The laptop freezes and responds slowly when writing documents and the mouse pointer occasional disappears.

The task list shows the following results

Which of the following is MOST likely the issue?

Options:

A.

RAT

B.

PUP

C.

Spyware

D.

Keylogger

Question 79

A Chief Information Officer receives an email stating a database will be encrypted within 24 hours unless a payment of $20,000 is credited to the account mentioned In the email. This BEST describes a scenario related to:

Options:

A.

whaling.

B.

smishing.

C.

spear phishing

D.

vishing

Question 80

When planning to build a virtual environment, an administrator need to achieve the following,

•Establish polices in Limit who can create new VMs

•Allocate resources according to actual utilization‘

•Require justification for requests outside of the standard requirements.

•Create standardized categories based on size and resource requirements

Which of the following is the administrator MOST likely trying to do?

Options:

A.

Implement IaaS replication

B.

Product against VM escape

C.

Deploy a PaaS

D.

Avoid VM sprawl

Question 81

Developers are writing code and merging it into shared repositories several times a day, where it is tested automatically. Which of the following concepts does this BEST represent?

Options:

A.

Functional testing

B.

Stored procedures

C.

Elasticity

D.

Continuous integration

Question 82

A company reduced the area utilized in its datacenter by creating virtual networking through automation and by creating provisioning routes and rules through scripting. Which of the following does this example describe?

Options:

A.

laC

B.

MSSP

C.

Containers

D.

SaaS

Question 83

During an incident, a company's CIRT determines it is necessary to observe the continued network-based transactions between a callback domain and the malware running on an enterprise PC. Which

of the following techniques would be BEST to enable this activity while reducing the nsk of lateral spread and the risk that the adversary would notice any changes?

Options:

A.

Physically move the PC to a separate Internet point of presence.

B.

Create and apply microsegmentation rules,

C.

Emulate the malware in a heavily monitored DMZ segment

D.

Apply network blacklisting rules for the adversary domain

Question 84

Which of the following BEST describes data streams that are compiled through artificial intelligence that provides insight on current cyberintrusions, phishing, and other malicious cyberactivity?

Options:

A.

Intelligence fusion

B.

Review reports

C.

Log reviews

D.

Threat feeds

Question 85

Which of the following environment utilizes dummy data and is MOST to be installed locally on a system that allows to be assessed directly and modified easily wit each build?

Options:

A.

Production

B.

Test

C.

Staging

D.

Development

Question 86

A security analyst has been tasked with creating a new WiFi network for the company. The requirements received by the analyst are as follows:

•Must be able to differentiate between users connected to WiFi

•The encryption keys need to change routinely without interrupting the users or forcing reauthentication

•Must be able to integrate with RADIUS

•Must not have any open SSIDs

Which of the following options BEST accommodates these requirements?

Options:

A.

WPA2-Enterprise

B.

WPA3-PSK

C.

802.11n

D.

WPS

Question 87

A company wants to modify its current backup strategy to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategy

Options:

A.

Incremental backups followed by differential backups

B.

Full backups followed by incremental backups

C.

Delta backups followed by differential backups

D.

Incremental backups followed by delta backups

E.

Full backup followed by different backups

Question 88

A help desk technician receives an email from the Chief Information Officer (C/O) asking for documents. The technician knows the CIO is on vacation for a few weeks. Which of the following should the technician do to validate the authenticity of the email?

Options:

A.

Check the metadata in the email header of the received path in reverse order to follow the email’s path.

B.

Hover the mouse over the CIO's email address to verify the email address.

C.

Look at the metadata in the email header and verify the "From." line matches the CIO's email address.

D.

Forward the email to the CIO and ask if the CIO sent the email requesting the documents.

Question 89

A company acquired several other small companies The company thai acquired the others is transitioning network services to the cloud The company wants to make sure that performance and security remain intact Which of the following BEST meets both requirements?

Options:

A.

High availability

B.

Application security

C.

Segmentation

D.

Integration and auditing

Question 90

A company recently experienced an attack during which its main website was Directed to the attacker's web server, allowing the attacker to harvest credentials from unsuspecting customers, Which of the following should the

company implement to prevent this type of attack from occurring In the future?

Options:

A.

IPsec

B.

SSL/TLS

C.

ONSSEC

D.

SMIME

Question 91

After a hardware incident, an unplanned emergency maintenance activity was conducted to rectify the issue. Multiple alerts were generated on the SIEM during this period of time. Which of the following BEST explains what happened?

Options:

A.

The unexpected traffic correlated against multiple rules, generating multiple alerts.

B.

Multiple alerts were generated due to an attack occurring at the same time.

C.

An error in the correlation rules triggered multiple alerts.

D.

The SIEM was unable to correlate the rules, triggering the alerts.

Question 92

An attacker replaces a digitally signed document with another version that goes unnoticed Upon reviewing the document's contents the author notices some additional verbiage that was not originally in the document but cannot validate an integrity issue. Which of the following attacks was used?

Options:

A.

Cryptomalware

B.

Hash substitution

C.

Collision

D.

Phishing

Question 93

Which of the following environments would MOST likely be used to assess the execution of component parts of a system at both the hardware and software levels and to measure performance characteristics?

Options:

A.

Test

B.

Staging

C.

Development

D.

Production

Question 94

A store receives reports that shoppers’ credit card information is being stolen. Upon further analysis, those same shoppers also withdrew money from an ATM in that store.

The attackers are using the targeted shoppers’ credit card information to make online purchases. Which of the following attacks is the MOST probable cause?

Options:

A.

Identity theft

B.

RFID cloning

C.

Shoulder surfing

D.

Card skimming

Question 95

After a WiFi scan of a local office was conducted, an unknown wireless signal was identified Upon investigation, an unknown Raspberry Pi device was found connected to an Ethernet port using a single connection. Which of the following BEST describes the purpose of this device?

Options:

A.

loT sensor

B.

Evil twin

C.

Rogue access point

D.

On-path attack

Question 96

A new security engineer has started hardening systems. One of the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability to use SCP to transfer files to the NAS, even through the data is still viewable from the user’s PCs. Which of the following is the most likely cause of this issue?

Options:

A.

TFTP was disabled on the local hosts

B.

SSH was turned off instead of modifying the configuration file

C.

Remote login was disabled in the networkd.config instead of using the sshd.conf

D.

Network services are no longer running on the NAS

Question 97

A company is concerned about individuals dnvmg a car into the building to gam access Which of the following security controls would work BEST to prevent this from happening?

Options:

A.

Bollard

B.

Camera

C.

Alarms

D.

Signage

E.

Access control vestibule

Question 98

Which of the following would be BEST for a technician to review to determine the total risk an organization can bear when assessing a "cloud-first" adoption strategy?

Options:

A.

Risk matrix

B.

Risk tolerance

C.

Risk register

D.

Risk appetite

Question 99

Which of the technologies is used to actively monitor for specific file types being transmitted on the network?

Options:

A.

File integrity monitoring

B.

Honeynets

C.

Tcpreplay

D.

Data loss prevention

Question 100

During an incident a company CIRT determine it is necessary to observe the continued network-based transaction between a callback domain and the malware running on an enterprise PC. Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?

Options:

A.

Physical move the PC to a separate internet pint of presence

B.

Create and apply micro segmentation rules.

C.

Emulate the malware in a heavily monitored DM Z segment.

D.

Apply network blacklisting rules for the adversary domain

Question 101

A security analyst is investigating a phishing email that contains a malicious document directed to the company's Chief Executive Officer (CEO). Which of the following should the analyst perform to understand the threat and retrieve possible IoCs?

Options:

A.

Run a vulnerability scan against the CEOs computer to find possible vulnerabilities

B.

Install a sandbox to run the malicious payload in a safe environment

C.

Perform a traceroute to identify the communication path

D.

Use netstat to check whether communication has been made with a remote host

Question 102

A Chief Information Security Officer (CISO) is evaluating (he dangers involved in deploying a new ERP system tor the company. The CISO categorizes the system, selects the controls mat apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system Which of the following is the CISO using to evaluate Hie environment for this new ERP system?

Options:

A.

The Diamond Model of Intrusion Analysis

B.

CIS Critical Security Controls

C.

NIST Risk Management Framevtoik

D.

ISO 27002

Question 103

A security administrator is setting up a SIEM to help monitor for notable events across the enterprise. Which of the following control types does this BEST represent?

Options:

A.

Preventive

B.

Compensating

C.

Corrective

D.

Detective

Question 104

A grocery store is expressing security and reliability concerns regarding the on-site backup strategy currently being performed by locally attached disks. The main concerns are the physical security of the backup media and the durability of the data stored on these devices Which of the following is a cost-effective approach to address these concerns?

Options:

A.

Enhance resiliency by adding a hardware RAID.

B.

Move data to a tape library and store the tapes off-site

C.

Install a local network-attached storage.

D.

Migrate to a cloud backup solution

Question 105

A company would like to set up a secure way to transfer data between users via their mobile phones The company's top pnonty is utilizing technology that requires users to be in as close proximity as possible to each other. Which of the following connection methods would BEST fulfill this need?

Options:

A.

Cellular

B.

NFC

C.

Wi-Fi

D.

Bluetooth

Question 106

A security engineer is hardening existing solutions to reduce application vulnerabilities. Which of the following solutions should the engineer implement FIRST? (Select TWO)

Options:

A.

Auto-update

B.

HTTP headers

C.

Secure cookies

D.

Third-party updates

E.

Full disk encryption

F.

Sandboxing

G.

Hardware encryption

Question 107

The Chief Executive Officer announced a new partnership with a strategic vendor and asked the Chief Information Security Officer to federate user digital identities using SAML-based protocols. Which of the following will this enable?

Options:

A.

SSO

B.

MFA

C.

PKI

D.

OLP

Question 108

During a security assessment, a security finds a file with overly permissive permissions. Which of the following tools will allow the analyst to reduce the permission for the existing users and groups and remove the set-user-ID from the file?

Options:

A.

1s

B.

chflags

C.

chmod

D.

lsof

E.

setuid

Question 109

An application owner reports suspicious activity on an internal financial application from various internal users within the past 14 days. A security analyst notices the following:

•Financial transactions were occurring during irregular time frames and outside of business hours by unauthorized users.

•Internal users in question were changing their passwords frequently during that time period.

•A jump box that several domain administrator users use to connect to remote devices was recently compromised.

•The authentication method used in the environment is NTLM.

Which of the following types of attacks is MOST likely being used to gain unauthorized access?

Options:

A.

Pass-the-hash

B.

Brute-force

C.

Directory traversal

D.

Replay

Question 110

An employee's company account was used in a data breach Interviews with the employee revealed:

• The employee was able to avoid changing passwords by using a previous password again.

• The account was accessed from a hostile, foreign nation, but the employee has never traveled to any other countries.

Which of the following can be implemented to prevent these issues from reoccuring? (Select TWO)

Options:

A.

Geographic dispersal

B.

Password complexity

C.

Password history

D.

Geotagging

E.

Password lockout

F.

Geofencing

Question 111

A security analyst wants to verify that a client-server (non-web) application is sending encrypted traffic. Which of the following should the analyst use?

Options:

A.

openssl

B.

hping

C.

netcat

D.

tcpdump

Question 112

Which of the following environments utilizes dummy data and is MOST likely to be installed locally on a system that allows code to be assessed directly and modified easily with each build?

Options:

A.

Production

B.

Test

C.

Staging

D.

Development

Question 113

The Chief Information Security Officer wants to pilot a new adaptive, user-based authentication method. The concept Includes granting logical access based on physical location and proximity. Which of the following Is the BEST solution for the pilot?

Options:

A.

Geofencing

B.

Self-sovereign identification

C.

PKl certificates

D.

SSO

Question 114

The Chief information Security Officer has directed the security and networking team to retire the use of shared passwords on routers and switches. Which of the following choices BEST meets the requirements?

Options:

A.

SAML

B.

TACACS+

C.

Password vaults

D.

OAuth

Question 115

A security manager needs to assess the security posture of one of the organization's vendors. The contract with the vendor does not allow for auditing of the vendor's security controls. Which of (he following should the manager request to complete the assessment?

Options:

A.

A service-level agreement

B.

A business partnership agreement

C.

A SOC 2 Type 2 report

D.

A memorandum of understanding

Question 116

A large enterprise has moved all its data to the cloud behind strong authentication and encryption. A sales director recently had a

laptop stolen, and later, enterprise data was found to have been compromised from a local database. Which of the following was the

MOST likely cause?

Options:

A.

Shadow IT

B.

Credential stuffing

C.

SQL injection

D.

Man in the browser

E.

Bluejacking

Question 117

A security engineer needs to create a network segment that can be used for servers thal require connections from untrusted networks. Which of the following should the engineer implement?

Options:

A.

An air gap

B.

A hot site

C.

A VUAN

D.

A screened subnet

Question 118

Per company security policy, IT staff members are required to have separate credentials to perform administrative functions using just-in-time permissions. Which of the following solutions is the company Implementing?

Options:

A.

Privileged access management

B.

SSO

C.

RADIUS

D.

Attribute-based access control

Question 119

Remote workers in an organization use company-provided laptops with locally installed applications and locally stored data Users can store data on a remote server using an encrypted connection. The organization discovered data stored on a laptop had been made available to the public Which of the following security solutions would mitigate the risk of future data disclosures?

Options:

A.

FDE

B.

TPM

C.

HIDS

D.

VPN

Question 120

A new plug-and-play storage device was installed on a PC in the corporate environment. Which of the following safeguards will BEST help to protect the PC from malicious files on the storage device?

Options:

A.

Change the default settings on the PC.

B.

Define the PC firewall rules to limit access.

C.

Encrypt the disk on the storage device.

D.

Plug the storage device in to the UPS

Question 121

The following are the logs of a successful attack.

Which of the following controls would be BEST to use to prevent such a breach in the future?

Options:

A.

Password history

B.

Account expiration

C.

Password complexity

D.

Account lockout

Question 122

The help desk has received calls from users in multiple locations who are unable to access core network services The network team has identified and turned off the network switches using remote commands. Which of the following actions should the network team take NEXT?

Options:

A.

Disconnect all external network connections from the firewall

B.

Send response teams to the network switch locations to perform updates

C.

Turn on all the network switches by using the centralized management software

D.

Initiate the organization's incident response plan.

Question 123

A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirement?

Options:

A.

Asymmetric

B.

Symmetric

C.

Homomorphic

D.

Ephemeral

Question 124

A security analyst is reviewing the vulnerability scan report for a web server following an incident. The vulnerability that was used to exploit the server is present in historical vulnerability scan reports, and a patch is available for the vulnerability. Which of the following is the MOST likely cause?

Options:

A.

Security patches were uninstalled due to user impact.

B.

An adversary altered the vulnerability scan reports

C.

A zero-day vulnerability was used to exploit the web server

D.

The scan reported a false negative for the vulnerability

Question 125

The Chief Information Security Officer (CISO) has decided to reorganize security staff to concentrate on incident response and to outsource outbound Internet URL categorization and filtering to an outside company. Additionally, the CISO would like this solution to provide the same protections even when a company laptop or mobile device is away from a home office. Which of the following should the CISO choose?

Options:

A.

CASB

B.

Next-generation SWG

C.

NGFW

D.

Web-application firewall

Question 126

An analyst Is generating a security report for the management team. Security guidelines recommend disabling all listening unencrypted services. Given this output from Nmap:

Which of the following should the analyst recommend to disable?

Options:

A.

21/tcp

B.

22/tcp

C.

23/tcp

D.

443/tcp

Question 127

A security researcher is using an adversary's infrastructure and TTPs and creating a named group to track those targeted Which of the following is the researcher MOST likely using?

Options:

A.

The Cyber Kill Chain

B.

The incident response process

C.

The Diamond Model of Intrusion Analysis

D.

MITRE ATT&CK

Question 128

Which of the following controls would be the MOST cost-effective and time-efficient to deter intrusions at the perimeter of a restricted, remote military training area?

(Select TWO).

Options:

A.

Barricades

B.

Thermal sensors

C.

Drones

D.

Signage

E.

Motion sensors

F.

Guards

G.

Bollards

Question 129

When decommissioning physical hardware that contains Pll. a financial institution requires that a third-party recycling company wipe and destroy the hard drives, and document the process. Which of the following best describes this procedure?

Options:

A.

Certification

B.

Data retention

C.

Destruction

D.

Sanitization

Question 130

A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these requirements?

Options:

A.

Serverless framework

B.

Type 1 hypervisor

C.

SD-WAN

D.

SDN

Question 131

A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring?

Options:

A.

Encryption at rest

B.

Masking

C.

Data classification

D.

Permission restrictions

Question 132

An organization hired a third party to test its internal server environment for any exploitable vulnerabilities and to gain privileged access. The tester compromised several servers, and the organization was unable to detect any of the compromises. Which of the following actions would be best for the company to take to address these findings?

Options:

A.

Implement a SIEM to correlate logs from multiple sources looking for alterable incidents.

B.

Configure IDS capabilities on the internet firewall to alert on the particular exploits used by the tester.

C.

Set up NetFlow on all data center switches connected to the servers.

D.

Deploy FIM agents on all servers in the environment.

Question 133

Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?

Options:

A.

To track the status of patching installations

B.

To find shadow IT cloud deployments

C.

To continuously the monitor hardware inventory

D.

To hunt for active attackers in the network

Question 134

An analyst is providing feedback on an incident that involved an unauthorized zone transfer and an on-path attack in a corporate network. The analyst's recommendation is to implement secure DNS. Which of the following would be the most beneficial result of this action?

Options:

A.

Ensuring that data has not been modified in transit

B.

Providing redundancy in the event of a server failure

C.

Preventing unauthenticated clients access to the server

D.

Allowing for IPv6-enabled hosts to leverage the server

Question 135

A systems administrator notices that one of the systems critical for processing customer transactions is running an end-of-life operating system. Which of the following techniques would increase enterprise security?

Options:

A.

Installing HIDS on the system

B.

Placing the system in an isolated VLAN

C.

Decommissioning the system

D.

Encrypting the system's hard drive

Question 136

A systems administrator set up a perimeter firewall but continues to notice suspicious connections between internal endpoints. Which of the following should be set up in order to mitigate the threat posed by the suspicious activity?

Options:

A.

Host-based firewall

B.

Web application firewall

C.

Access control list

D.

Application allow list

Question 137

A company is providing security awareness training regarding the importance of not forwarding social media messages from unverified sources. Which of the following risks would this training help to prevent?

Options:

A.

Hoaxes

B.

SPIMs

C.

Identity fraud

D.

Credential harvesting

Question 138

Which of the following utilizes public and private keys to secure data?

Options:

A.

Password hash

B.

Block cipher

C.

Asymmetric encryption

D.

Steganography

Question 139

An organization recently updated its security policy to include the following statement:

Regular expressions are included in source code to remove special characters such as and? from variables set

by forms in a web application.

Which of the following best explains the security technique the organization adopted by making this addition to the policy?

Options:

A.

Identify embedded keys

B.

Code debugging

C.

Input validation

D.

Static code analysis

Question 140

During the past year, an organization has experienced several intellectual property leaks by an unidentified source. Which of the following risk management policies will help the company identify the source of this issue?

Options:

A.

Requiring all personnel to sign an acceptable use policy

B.

Implementing mandatory vacations

C.

Conducting criminal background checks

D.

Applying data retention standards to all databases

Question 141

During a recent company safety stand-down, the cyber-awareness team gave a presentation on the importance of cyber hygiene. One topic the team covered was best practices for printing centers. Which of the following describes an attack method that relates to printing centers?

Options:

A.

Whaling

B.

Credential harvesting

C.

Prepending

D.

Dumpster diving

Question 142

A security analyst at an organization observed several user logins from outside the organization's network The analyst determined that these logins were not performed by individuals within the organization Which of the following recommendations would reduce the likelihood of future attacks? (Select two).

Options:

A.

Disciplinary actions for users

B.

Conditional access policies

C.

More regular account audits

D.

implementation of additional authentication factors

E.

Enforcement of content filtering policies

F.

A review of user account permissions

Question 143

A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis. Which of the following types of controls is the company setting up?

Options:

A.

Corrective

B.

Preventive

C.

Detective

D.

Deterrent

Question 144

Users are reporting performance issues from a specific application server A security administrator notices that user traffic is being intermittently denied depending on which load balancer the traffic is originating from Which of the following types of log files should be used to capture this information?

Options:

A.

Session traffic

B.

Syslog data

C.

Security events

D.

DNS responses

E.

Authentication

Question 145

Which of the following security concepts is accomplished with the installation of a RADIUS server?

Options:

A.

CIA

B.

AAA

C.

ACL

D.

PEM

Question 146

A governance, risk, and compliance team created a report that notes the existence of a chlorine processing facility two miles from one of the company offices. Which of the following describes this type of documentation?

Options:

A.

Site risk assessment

B.

Environmental impact report

C.

Disaster recovery plan

D.

Physical risk register

Question 147

A company's security policy stales that only the production servers should have bidirectional internet access Which of the following needs to be configured to comply with this policy?

Options:

A.

Firewall rule

B.

DLP policy

C.

MDM server

D.

URL filter

Question 148

A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks. SIEM alerts have not yet been configured. Which of the following best describes what the security analyst should do to identify this behavior?

Options:

A.

Digital forensics

B.

E-discovery

C.

Incident response

D.

Threat hunting

Question 149

An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given all the developer's documentation about the internal architecture. Which of the following best represents the type of testing that will occur?

Options:

A.

Bug bounty

B.

White-box

C.

Black-box

D.

Gray-box

Question 150

A website user is locked out of an account after clicking an email link and visiting a different website. Web server logs show the user’s password was changed, even though the user did not change the password. Which of the following is the most likely cause?

Options:

A.

Cross-site request forgery

B.

Directory traversal

C.

ARP poisoning

D.

SQL injection

Question 151

A security analyst finds that a user's name appears in a database entry at a time when the user was on vacation. The security analyst reviews the following logs from the authentication server that is being used by the database:

Which of the following can the security analyst conclude based on the review?

Options:

A.

A brute-force attack occurred.

B.

A rainbow table uncovered the password.

C.

Technical controls did not block the reuse of a password.

D.

An attacker used password spraying.

Question 152

A certificate vendor notified a company that recently invalidated certificates may need to be updated. Which of the following mechanisms should a security administrator use to determine whether the certificates installed on the company's machines need to be updated?

Options:

A.

SCEP

B.

OCSP

C.

CSR

D.

CRL

Question 153

A system^ administrator performs a quick scan of an organization's domain controller and finds the following:

Which of the following vulnerabilities does this output represent?

Options:

A.

Unnecessary open ports

B.

Insecure protocols

C.

Misconfigured firewall

D.

Weak user permissions

Question 154

A company would like to implement a daily backup solution. The backup will be stored on a NAS appliance, and capacity is not a limiting factor. Which of the following will the company most likely implement to ensure complete restoration?

Options:

A.

Full

B.

Incremental

C.

Snapshot

D.

Differential

Question 155

An audit identified Pll being utilized in the development environment of a critical application The Chief Privacy Officer (CPO) is adamant that this data must be removed; however, the developers state that they require real data to perform developmental and functionality tests. Which of the following should a security professional implement to best satisfy both the CPO's and the development team's requirements?

Options:

A.

Data purge

B.

Data encryption

C.

Data masking

D.

Data totalization

Question 156

An analyst examines the web server logs after a compromise and finds the following:

Which of the following most likely indicates a successful attack on server credentials?

Question 157

A company executive experienced a security issue at an airport Photos taken during a strategy meeting were stolen when the executive used a free smartphone-charging station. Which of the following can be used to prevent this from occurring in the future?

Options:

A.

Cable locks

B.

Screened subnets

C.

Faraday cages

D.

Data blockers

Question 158

Various stakeholders are meeting to discuss their hypothetical roles and responsibilities in a specific situation, such as a security incident or major disaster. Which of the following best describes this meeting?

Options:

A.

Penetration test

B.

Continuity of operations planning

C.

Tabletop exercise

D.

Simulation

Question 159

An employee in the accounting department receives an email containing a demand for payment for services performed by a vendor. However, the vendor is not in the vendor management database. Which of the following is this scenario an example of?

Options:

A.

Pretexting

B.

Impersonation

C.

Ransomware

D.

Invoice scam

Question 160

Which of the following is the most likely way a rogue device was allowed to connect'?

Options:

A.

A user performed a MAC cloning attack with a personal device.

B.

A DHCP failure caused an incorrect IP address to be distributed.

C.

An administrator bypassed the security controls for testing.

D.

DNS hijacking let an attacker intercept the captive portal traffic.

Question 161

During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?

Options:

A.

Analysis

B.

Lessons learned

C.

Detection

D.

Containment

Question 162

A penetration-testing firm is working with a local community bank to create a proposal that best fits the needs of the bank. The bank's information security manager would like the penetration test to resemble a real attack scenario, but it cannot afford the hours required by the penetration-testing firm. Which of the following would best address the bank's desired scenario and budget?

Options:

A.

Engage the penetration-testing firm's red-team services to fully mimic possible attackers.

B.

Give the penetration tester data diagrams of core banking applications in a known-environment test.

C.

Limit the scope of the penetration test to only the system that is used for teller workstations.

D.

Provide limited networking details in a partially known-environment test to reduce reconnaissance efforts.

Question 163

Which of the following security program audits includes a comprehensive evaluation of the security controls in place at an organization over a six- to 12-month time period?

Options:

A.

NIST CSF

B.

SOC 2 Type II

C.

ISO 27001

D.

PCI DSS

Question 164

Which of the following enables the use of an input field to run commands that can view or manipulate data?

Options:

A.

Cross-site scripting

B.

Side loading

C.

Buffer overflow

D.

SQL injection

Question 165

Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?

Options:

A.

Configure all systems to log scheduled tasks.

B.

Collect and monitor all traffic exiting the network.

C.

Block traffic based on known malicious signatures.

D.

Install endpoint management software on all systems

Question 166

A security engineer is installing an IPS to block signature-based attacks in the environment. Which of the following modes will best accomplish this task?

Options:

A.

Monitor

B.

Sensor

C.

Audit

D.

Active

Question 167

experienced railed log-in attempts when authenticating from the same IP address:

184.168.131.241 - userA - failed authentication

184.168.131.241 - userA - failed authentication

184.168.131.241 - userB - failed authentication

184.168.131.241 - userB - failed authentication

184.168.131.241 - userC - failed authentication

184.168.131.241 - userC - failed authentication

Which of the following most likely describes the attack that took place?

Options:

A.

Spraying

B.

Brute-force

C.

Dictionary

D.

Rainbow table

Question 168

A security administrator would like to protect data on employees' laptops. Which of the following encryption techniques should the security administrator use?

Options:

A.

Partition

B.

Asymmetric

C.

Full disk

D.

Database

Question 169

An organization implemented cloud-managed IP cameras to monitor building entry points and sensitive areas. The service provider enables direct TCP/IP connection to stream live video footage from each camera. The organization wants to ensure this stream is encrypted and authenticated. Which of the following protocols should be implemented to best meet this objective?

Options:

A.

SSH

B.

SRTP

C.

S/MIME

D.

PPTP

Question 170

An organization with high security needs is concerned about unauthorized exfiltration of data via Wi-Fi from within a secure facility. Which of the following security controls should the company

implement?

Options:

A.

Air-gapped network

B.

Faraday cage

C.

Screened subnet

D.

802.1X certificates

Question 171

A security department wants to conduct an exercise that will make many experimental changes to the main virtual server. After the exercise is completed, the IT director would like to be able to roll back to the state prior to the exercise. Which of the following backup types will allow for the fastest rollback?

Options:

A.

Incremental

B.

Snapshot

C.

Full

D.

Differential

Question 172

An organization has too many variations of a single operating system and needs to standardize the arrangement prior to pushing the system image to users. Which of the following should the organization implement first?

Options:

A.

Standard naming convention

B.

Hashing

C.

Network diagrams

D.

Baseline configuration

Question 173

Which of the following is the best reason to complete an audit in a banking environment?

Options:

A.

Regulatory requirement

B.

Organizational change

C.

Self-assessment requirement

D.

Service-level requirement

Question 174

The management team notices that new accounts that are set up manually do not always have correct access or permissions. Which of the following automation techniques should a systems administrator use to streamline account creation?

Options:

A.

Guard rail script

B.

Ticketing workflow

C.

Escalation script

D.

User provisioning script

Question 175

After a web server was migrated to a cloud environment, user access to that server was Wocked Ever though an on-premises firewall configuration has been modified to reflect the cloud infrastructure, users are still experiencing access issues. Which of the following most likely needs to be configured?

Options:

A.

Security group

B.

Load balancer pool

C.

Resource allocation

D.

Storage permissions

Question 176

A systems administrator wants to add a second factor to the single sign-on portal that the organization uses. Currently, only a username and password are required. Which of the following should the administrator implement to best meet this requirement?

Options:

A.

Personal verification questions

B.

Software-based TOTP

C.

Log-in image checks

D.

Secondary PIN code

Question 177

A systems administrator at a healthcare organization is setting up a server to securely store patient data. Which of the following must be ensured when storing PHI?

Options:

A.

Authorization

B.

Availability

C.

Confidentiality

D.

Integrity

Question 178

Which of the following methods can be used to detect attackers who have successfully infiltrated a network? (Select two).

Options:

A.

Tokenization

B.

CI/CD

C.

Honeypots

D.

Threat modeling

E.

DNS sinkhole

F.

Data obfuscation

Question 179

An incident response team for a media streaming provider is investigating a data exfiltration event of licensed video content that was able to circumvent advanced monitoring analytics The team has identified the following:

1 The analytics use machine learning with classifiers to label network data transfers.

2. Transfers labeled as "authenticated media stream’’ are permitted to egress, all ethers are interrupted/dropped

3. The most recent attempt was erroneously labeled as an "authenticated media stream."

4. An earlier attempt from the same threat actor was unsuccessful and labeled as "unauthorized media transfer."

5. The PCAP from the most recent event looks identical with the exception of a few bytes that had been modified

Which of the following moil likely occurred?

Options:

A.

Susceptibilities in the classifier enabled counter-AI techniques.

B.

Data used to train the model before deployment had been tainted

C.

An implant in the hardware supply chain went undetected

D.

The threat actor established a middle position and redirected the transfer

Question 180

Which of the following can be used to identify potential attacker activities without affecting production servers?

Options:

A.

Honeypot

B.

Video surveillance

C.

Zero Trust

D.

Geofencing

Question 181

Which of the following best describes a threat actor who is attempting to use commands found on a public code repository?

Options:

A.

Script kiddie

B.

State actor

C.

Insider threat

D.

Competitor espionage

Question 182

recovery sites is the best option?

Options:

A.

Hot

B.

Cold

C.

Warm

D.

Geographically dispersed

Question 183

A penetration tester begins an engagement by performing port and service scans against the client environment according to the rules of engagement. Which of the following reconnaissance types is the tester performing?

Options:

A.

Active

B.

Passive

C.

Defensive

D.

Offensive

Question 184

Which of the following best describes a social engineering attack that uses a targeted electronic messaging campaign aimed at a Chief Executive Officer?

Options:

A.

Whaling

B.

Spear phishing

C.

Impersonation

D.

Identity fraud

Question 185

A systems administrator would like to set up a system that will make it difficult or impossible to deny that someone has performed an action. Which of the following is the administrator trying to accomplish?

Options:

A.

Non-repudiation

B.

Adaptive identity

C.

Security zones

D.

Deception and disruption

Question 186

Which of the following environments utilizes a subset of customer data and is most likely to be used to assess the impacts of major system upgrades and demonstrate system features?

Options:

A.

Development

B.

b Test

C.

Production

D.

Staging

Question 187

An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?

Options:

A.

Exception

B.

Segmentation

C.

Risk transfer

D.

Compensating controls

Question 188

Which of the following is most likely associated with introducing vulnerabilities on a corporate network by the deployment of unapproved software?

Options:

A.

Hacktivists

B.

Script kiddies

C.

Competitors

D.

Shadow IT

Question 189

Which of the following best describes the process of adding a secret value to extend the length of stored passwords?

Options:

A.

Hashing

B.

Quantum communications

C.

Salting

D.

Perfect forward secrecy

Question 190

An organization wants to ensure the integrity of compiled binaries in the production environment. Which of the following security measures would best support this objective?

Options:

A.

Input validation

B.

Code signing

C.

SQL injection

D.

Static analysis

Question 191

A growing company would like to enhance the ability of its security operations center to detect threats but reduce the amount of manual work required for the security analysts Which of the following would best enable the reduction in manual work?

Options:

A.

SOAR

B.

SIEM

C.

MDM

D.

DLP

Question 192

Since a recent upgrade to a WLAN infrastructure, several mobile users have been unable to access the internet from the lobby. The networking team performs a heat map survey of the building and finds several WAPs in the area The WAPs are using similar frequencies with high power settings. Which of the following installation considerations should the security team evaluate next?

Options:

A.

Channel overlap

B.

Encryption type

C.

New WLAN deployment

D.

WAP placement

Question 193

A user enters a password to log in to a workstation and is then prompted to enter an authentication code Which of the following MFA factors or attributes are being utilized in the authentication process? {Select two).

Options:

A.

Something you know

B.

Something you have

C.

Somewhere you are

D.

Someone you know

E.

Something you are

F.

Something you can do

Question 194

A security analyst is currently addressing an active cyber incident. The analyst has been able to identify affected devices that are running a malicious application with a unique hash. Which of the following is the next step according to the incident response process?

Options:

A.

Recovery

B.

Lessons learned

C.

Containment

D.

Preparation

Question 195

A web architect would like to move a company's website presence to the cloud. One of the management team's key concerns is resiliency in case a cloud provider's data center or network connection goes down. Which of the following should the web architect consider to address this concern?

Options:

A.

Containers

B.

Virtual private cloud

C.

Segmentation

D.

Availability zones

Question 196

An audit identified Pll being utilized in the development environment of a crit-ical application. The Chief Privacy Officer (CPO) is adamant that this data must be removed: however, the developers are concerned that without real data they cannot perform functionality tests and search for specific data. Which of the following should a security professional implement to best satisfy both the CPOs and the development team's requirements?

Options:

A.

Data purge

B.

Data encryption

C.

Data masking

D.

Data tokenization

Question 197

As part of the building process for a web application, the compliance team requires that all PKI certificates are rotated annually and can only contain wildcards at the secondary subdomain level. Which of the following certificate properties will meet these requirements?

Options:

A.

HTTPS://*.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022

B.

HTTPS://app1.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022

C.

HTTPS://*.app1.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022

D.

HTTPS://".comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2023

Question 198

A financial institution would like to store its customer data in the cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution Is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would best meet the requirement?

Options:

A.

Asymmetric

B.

Symmetric

C.

Homomorphic

D.

Ephemeral

Question 199

Which of the following will increase cryptographic security?

Options:

A.

High data entropy

B.

Algorithms that require less computing power

C.

Longer key longevity

D.

Hashing

Question 200

An analyst is working on an email security incident in which the target opened an attachment containing a worm. The analyst wants to Implement mitigation techniques to prevent further spread. Which of the following is the best course of action for the analyst to take?

Options:

A.

Apply a DLP solution.

B.

Implement network segmentation.

C.

Utilize email content filtering.

D.

Isolate the infected attachment.

Question 201

Law enforcement officials sent a company a notification that states electronically stored information and paper documents cannot be destroyed. Which of the following explains this process?

Options:

A.

Data breach notification

B.

Accountability

C.

Legal hold

D.

Chain of custody

Question 202

A security analyst is taking part in an evaluation process that analyzes and categorizes threat actors Of real-world events in order to improve the incident response team's process. Which Of the following is the analyst most likely participating in?

Options:

A.

MITRE ATT&CK

B.

Walk-through

C.

Red team

D.

Purple team-I

E.

TAXI

Question 203

A security engineer obtained the following output from a threat intelligence source that recently performed an attack on the company's server:

Which of the following best describes this kind of attack?

Options:

A.

Directory traversal

B.

SQL injection

C.

API

D.

Request forgery

Question 204

After multiple on-premises security solutions were migrated to the cloud, the incident response time increased The analysts are spending a long time trying to trace information on different cloud consoles and correlating data in different formats. Which of the following can be used to optimize the incident response time?

Options:

A.

CASB

B.

VPC

C.

SWG

D.

CMS

Question 205

Which Of the following is the best method for ensuring non-repudiation?

Options:

A.

SSO

B.

Digital certificate

C.

Token

D.

SSH key

Question 206

A security analyst receives an alert from the company's S1EM that anomalous activity is coming from a local source IP address of 192 168 34.26 The Chief Information Security Officer asks the analyst to block the originating source Several days later another employee opens an internal ticket stating that vulnerability scans are no longer being performed property. The IP address the employee provides is 192 168.34 26. Which of the following describes this type of alert?

Options:

A.

True positive

B.

True negative

C.

False positive

D.

False negative

Question 207

Which of the following is constantly scanned by internet bots and has the highest risk of attack in the case of the default configurations?

Options:

A.

Wearable sensors

B.

Raspberry Pi

C.

Surveillance systems

D.

Real-time operating systems

Question 208

Which of the following is a primary security concern for a company setting up a BYOD program?

Options:

A.

End of life

B.

Buffer overflow

C.

VM escape

D.

Jailbreaking

Question 209

An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft. Which of the following would be the most acceptable?

Options:

A.

SED

B.

HSM

C.

DLP

D.

TPM

Question 210

A local server recently crashed, and the team is attempting to restore the server from a backup. During the restore process, the team notices the file size of each daily backup is large and will run out of space at the current rate.

The current solution appears to do a full backup every night. Which of the following would use the least amount of storage space for backups?

Options:

A.

A weekly, incremental backup with daily differential backups

B.

A weekly, full backup with daily snapshot backups

C.

A weekly, full backup with daily differential backups

D.

A weekly, full backup with daily incremental backups

Question 211

A malicious actor recently penetrated a company's network and moved laterally to the data center Upon investigation a forensics firm wants to know what was in the memory on the compromised server Which of the following files should be given to the forensics firm?

Options:

A.

Security

B.

Application

C.

Dump

D.

Syslog

Question 212

A network engineer is troubleshooting wireless network connectivity issues that were reported by users The issues are occurring only in the section of the building that is closest to the parking lot. Users are intermittently experiencing slow speeds when accessing websites and are unable to connect to network drives. The issues appear to increase when laptop users return to their desks after using their devices in other areas of the building There have also been reports of users being required to enter their credentials on web pages in order to gain access to them Which of the following is the most likely cause of this issue?

Options:

A.

An external access point is engaging in an evil-Twin attack

B.

The signal on the WAP needs to be increased in that section of the building

C.

The certificates have expired on the devices and need to be reinstalled

D.

The users in that section of the building are on a VLAN that is being blocked by the firewall

Question 213

During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the ‘company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user's intranet account? (Select two).

Options:

A.

Federation

B.

Identity proofing

C.

Password complexity

D.

Default password changes

E.

Password manager

F.

Open authentication

Question 214

A government organization is developing an advanced Al defense system. Develop-ers are using information collected from third-party providers Analysts are no-ticing inconsistencies in the expected powers Of then learning and attribute the Outcome to a recent attack on one of the suppliers. Which of the following IS the most likely reason for the inaccuracy of the system?

Options:

A.

Improper algorithms security

B.

Tainted training data

C.

virus

D.

Cryptomalware

Question 215

A newly purchased corporate WAP needs to be configured in the MOST secure manner possible.

INSTRUCTIONS

Please click on the below items on the network diagram and configure them accordingly:

  • WAP
  • DHCP Server
  • AAA Server
  • Wireless Controller
  • LDAP Server

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Question 216

During a recent security assessment, a vulnerability was found in a common OS. The OS vendor was unaware of the issue and promised to release a patch within the next quarter. Which of the following best describes this type of vulnerability?

Options:

A.

Legacy operating system

B.

Weak configuration

C.

Zero day

D.

Supply chain

Question 217

An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Select two).

Options:

A.

Application

B.

Authentication

C.

Error

D.

Network

E.

Firewall

F.

System

Question 218

You are security administrator investigating a potential infection on a network.

Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.

Options:

Question 219

A technician is setting up a new firewall on a network segment to allow web traffic to the internet while hardening the network. After the firewall is configured, users receive errors stating the website could not be located. Which of the following would best correct the issue?

Options:

A.

Setting an explicit deny to all traffic using port 80 instead of 443

B.

Moving the implicit deny from the bottom of the rule set to the top

C.

Configuring the first line in the rule set to allow all traffic

D.

Ensuring that port 53 has been explicitly allowed in the rule set

Question 220

A cyber security administrator is using iptables as an enterprise firewall. The administrator created some rules, but the network now seems to be unresponsive. All connections are being dropped by the firewall Which of the following would be the best option to remove the rules?

Options:

A.

# iptables -t mangle -X

B.

# iptables -F

C.

# iptables -2

D.

# iptables -P INPUT -j DROP

Question 221

Which of the following describes the exploitation of an interactive process to gain access to restricted areas?

Options:

A.

Persistence

B.

Port scanning

C.

Privilege escalation

D.

Pharming

Question 222

Two organizations are discussing a possible merger Both Organizations Chief Fi-nancial Officers would like to safely share payroll data with each Other to de-termine if the pay scales for different roles are similar at both organizations Which Of the following techniques would be best to protect employee data while allowing the companies to successfully share this information?

Options:

A.

Pseudo-anonymization

B.

Tokenization

C.

Data masking

D.

Encryption

Question 223

An organization has hired a security analyst to perform a penetration test The analyst captures 1Gb worth of inbound network traffic to the server and transfers the pcap back to the machine for

analysis. Which of the following tools should the analyst use to further review the pcap?

Options:

A.

Nmap

B.

CURL

C.

Neat

D.

Wireshark

Question 224

Which of the following is most likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented?

Options:

A.

An RTO report

B.

A risk register

C.

A business impact analysis

D.

An asset value register

E.

A disaster recovery plan

Question 225

During a security incident the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9 A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network. Which of the following fulfills this request?

Options:

A.

access-list inbound deny ip source 0.0.0.0/0 destination 10.1.4.9/32

B.

access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0

C.

access-list inbound permit ip source 10.1.4.9/32 destination 0.0.0.0/0

D.

access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32

Question 226

A security engineer is building a file transfer solution to send files to a business partner. The users would like to drop off the files in a specific directory and have the server send the file to the business partner. The connection to the business partner is over the internet and needs to be secure. Which of the following can be used?

Options:

A.

SMIME

B.

LDAPS

C.

SSH

D.

SRTP

Question 227

A security architect is required to deploy to conference rooms some workstations that will allow sensitive data to be displayed on large screens. Due to the nature of the data, it cannot be stored in the conference rooms. The file share is located in a local data center. Which of the following should the security architect recommend to best meet the requirement?

Options:

A.

Fog computing and KVMs

B.

VDI and thin clients

C.

Private cloud and DLP

D.

Full drive encryption and thick clients

Question 228

Which of the following supplies non-repudiation during a forensics investigation?

Options:

A.

Dumping volatile memory contents first

B.

Duplicating a drive with dd

C.

a SHA 2 signature of a drive image

D.

Logging everyone in contact with evidence

E.

Encrypting sensitive data

Question 229

Which of the following can best protect against an employee inadvertently installing malware on a company system?

Options:

A.

Host-based firewall

B.

System isolation

C.

Least privilege

D.

Application allow list

Question 230

Which of the following are common VoIP-associated vulnerabilities? (Select two).

Options:

A.

SPIM

B.

Vishing

C.

VLAN hopping

D.

Phishing

E.

DHCP snooping

F.

Tailgating

Question 231

An audit report indicates multiple suspicious attempts to access company resources were made. These attempts were not detected by the company. Which of the following would be the best solution to implement on the company's network?

Options:

A.

Intrusion prevention system

B.

Proxy server

C.

Jump server

D.

Security zones

Question 232

A company recently experienced a significant data loss when proprietary information was leaked to a competitor. The company took special precautions by using proper labels; however, email filter logs do not have any record of the incident. An investigation confirmed the corporate network was not breached, but documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage. Which of the following is the best mitigation strategy to prevent this from happening in the future?

Options:

A.

User training

B.

CAsB

C.

MDM

D.

EDR

Question 233

An annual information security has revealed that several OS-level configurations are not in compliance due to Outdated hardening standards the company is using Which Of the following would be best to use to update and reconfigure the OS.level security configurations?

Options:

A.

CIS benchmarks

B.

GDPR guidance

C.

Regional regulations

D.

ISO 27001 standards

Question 234

A company recently suffered a breach in which an attacker was able to access the internal mail servers and directly access several user inboxes. A large number of email messages were later posted online. Which of the following would bast prevent email contents from being released should another breach occur?

Options:

A.

Implement S/MIME to encrypt the emails at rest.

B.

Enable full disk encryption on the mail servers.

C.

Use digital certificates when accessing email via the web.

D.

Configure web traffic to only use TLS-enabled channels.

Question 235

A company has installed badge readers for building access but is finding unau-thorized individuals roaming the hallways Of the following is the most likely cause?

Options:

A.

Shoulder surfing

B.

Phishing

C.

Tailgating

D.

Identity fraud

Question 236

While troubleshooting a firewall configuration, a technician determines that a "deny any" policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable. Which of the following actions would prevent this issue?

Options:

A.

Documenting the new policy in a change request and submitting the request to change management

B.

Testing the policy in a non-production environment before enabling the policy in the production network

C.

Disabling any intrusion prevention signatures on the "deny any" policy prior to enabling the new policy

D.

Including an "allow any" policy above the "deny any" policy

Question 237

Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.

INSTRUCTIONS

Not all attacks and remediation actions will be used.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Question 238

A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

Options:

A.

Testing input validation on the user input fields

B.

Performing code signing on company-developed software

C.

Performing static code analysis on the software

D.

Ensuring secure cookies are used

Question 239

A network administrator has been alerted that web pages are experiencing long load times After determining it is not a routing or DNS issue the administrator logs in to the router, runs a command, and receives the following output:

CPU 0 percent busy, from 300 sec ago

1 sec ave: 99 percent busy

5 sec ave: 97 percent busy

1 min ave: 83 percent busy

Which of the following is The router experiencing?

Options:

A.

DDoS attack

B.

Memory leak

C.

Buffer overflow

D.

Resource exhaustion

Question 240

An information security officer at a credit card transaction company is conducting a framework-mapping exercise with the internal controls. The company recently established a new office in Europe. To which of the following frameworks should the security officer map the existing controls' (Select two).

Options:

A.

ISO

B.

PCI DSS

C.

SOC

D.

GDPR

E.

CSA

F.

NIST

Question 241

Which of the following automation use cases would best enhance the security posture Of an organi-zation by rapidly updating permissions when employees leave a company Or change job roles inter-nally?

Options:

A.

Provisioning resources

B.

Disabling access

C.

APIs

D.

Escalating permission requests

Question 242

A company's help desk has received calls about the wireless network being down and users being unable to connect to it The network administrator says all access points are up and running One of the help desk technicians notices the affected users are working in a building near the parking lot. Which of the following is the most likely reason for the outage?

Options:

A.

Someone near the building is jamming the signal

B.

A user has set up a rogue access point near the building

C.

Someone set up an evil twin access point in the affected area.

D.

The APs in the affected area have been unplugged from the network

Question 243

Which of the following best describes configuring devices to log to a centralized, off-site location for possible future reference?

Options:

A.

Log aggregation

B.

DLP

C.

Archiving

D.

SCAP

Question 244

A user downloaded an extension for a browser, and the user's device later became infected. The analyst who Is Investigating the Incident saw various logs where the attacker was hiding activity by deleting data. The following was observed running:

New-Partition -DiskNumber 2 -UseMaximumSize -AssignDriveLetter C| Format-Volume -Driveletter C - FileSystemLabel "New"-FileSystem NTFS - Full -Force -Confirm:$false

Which of the following is the malware using to execute the attack?

Options:

A.

PowerShell

B.

Python

C.

Bash

D.

Macros

Question 245

A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?

Options:

A.

DDoS

B.

Privilege escalation

C.

DNS poisoning

D.

Buffer overflow

Question 246

Which of the following best reduces the security risks introduced when running systems that have expired vendor support and lack an immediate replacement?

Options:

A.

Implement proper network access restrictions.

B.

Initiate a bug bounty program.

C.

Classify the system as shadow IT.

D.

Increase the frequency of vulnerability scans.

Question 247

A customer called a company's security team to report that all invoices the customer has received over the last five days from the company appear to have fraudulent banking details. An investigation into the matter reveals the following

• The manager of the accounts payable department is using the same password across multiple external websites and the corporate account

• One of the websites the manager used recently experienced a data breach.

• The manager's corporate email account was successfully accessed in the last five days by an IP address located in a foreign country.

Which of the following attacks has most likely been used to compromise the manager's corporate account?

Options:

A.

Remote access Trojan

B.

Brute-force

C.

Dictionary

D.

Credential stuffing

E.

Password spraying

Question 248

A security analyst needs to implement security features across smartphones. laptops, and tablets. Which of the following would be the most effective across heterogeneous platforms?

Options:

A.

Enforcing encryption

B.

Deploying GPOs

C.

Removing administrative permissions

D.

Applying MDM software

Question 249

A manufacturing company has several one-off legacy information systems that cannot be migrated to a newer OS due to software compatibility issues. The OSs are still supported by the vendor but the industrial software is no longer supported The Chief Information Security Officer has created a resiliency plan for these systems that will allow OS patches to be installed in a non-production environment, white also creating backups of the systems for recovery. Which of the following resiliency techniques will provide these capabilities?

Options:

A.

Redundancy

B.

RAID 1+5

C.

Virtual machines

D.

Full backups

Question 250

A security analyst is looking for a solution to help communicate to the leadership team the seventy levels of the organization's vulnerabilities. Which of the following would best meet this need?

Options:

A.

CVE

B.

SIEM

C.

SOAR

D.

CVSS

Question 251

Which of the following terms should be included in a contract to help a company monitor the ongo-ing security maturity Of a new vendor?

Options:

A.

A right-to-audit clause allowing for annual security audits

B.

Requirements for event logs to kept for a minimum of 30 days

C.

Integration of threat intelligence in the companys AV

D.

A data-breach clause requiring disclosure of significant data loss

Question 252

An organization is repairing damage after an incident. Which Of the following controls is being implemented?

Options:

A.

Detective

B.

Preventive

C.

Corrective

D.

Compensating

Question 253

A user received an SMS on a mobile phone that asked for bank details. Which of the following social engineering techniques was used in this case?

Options:

A.

SPIM

B.

Vishing

C.

Spear phishing

D.

Smishing

Question 254

A report delivered to the Chief Information Security Officer (CISO) shows that some user credentials could be exfiltrated. The report also indicates that users tend to choose the same credentials on different systems and applications. Which of the following policies should the CISO use to prevent someone from using the exfiltrated credentials?

Options:

A.

MFA

B.

Lockout

C.

Time-based logins

D.

Password history

Question 255

An annual information security assessment has revealed that several OS-level configurations are not in compliance due to outdated hardening standards the company is using. Which of the following would be best to use to update and reconfigure the OS-level security configurations?

Options:

A.

CIS benchmarks

B.

GDPR guidance

C.

Regional regulations

D.

ISO 27001 standards

Question 256

Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).

Options:

A.

Alarm

B.

Signage

C.

Lighting

D.

Access control vestibules

E.

Fencing

F.

Sensors

Question 257

An internet company has created a new collaboration application. To expand the user base, the company wants to implement an option that allows users to log in to the application with the credentials of other popular websites. Which of the following should the company implement?

Options:

A.

SSO

B.

CHAP

C.

802.1X

D.

OpenlD

Question 258

After reviewing the following vulnerability scanning report:

server:192.168.14.6

Service: Telnet Port: 23 Protocol: TCP Status: Open Severity: High

Vulnerability: Use of an insecure network protocol

A security analyst performs the following test

nmap -p 23 192.1€8.14. € --script telnet-encryption

PORT STATE SERVICE REASON

23/tcp open telnet syn-ack

I telnet encryption:

| Telnet server supports encryption

Which of the following would the security analyst conclude for this reported vulnerability7?

Options:

A.

It is a false positive.

B.

A rescan is required.

C.

It is considered noise.

D.

Compensating controls exist

Question 259

Server administrators want to configure a cloud solution so that computing memory and processor usage are maximized most efficiently across a number of virtual servers. They also need to avoid potential denial-of-service situations caused by availability. Which of the following should administrators configure to maximize system availability while efficiently utilizing available computing power?

Options:

A.

Dynamic resource allocation

B.

High availability

C.

Segmentation

D.

Container security

Question 260

An IT security team is concerned about the confidentiality of documents left unattended in MFPs. Which of the following should the security team do to mitigate the situation?

Options:

A.

Educate users about the importance of paper shredder devices.

B.

Deploy an authentication factor that requires in-person action before printing.

C.

Install a software client in every computer authorized to use the MFPs.

D.

Update the management software to utilize encryption.

Question 261

A security analyst reviews web server logs and notices the following lines:

104.35.45.53 - - [22/May/2020:06:57:31 +0100] "GET /show_file.php file=%2e%2e%2f%2e%2e%2fetc%2fpasswd HTTP/1.1" 200 11705

" "

104.35.45.53 -- [22/May/2020:07:00:58 +0100] "GET /show_file.php

file=%2e%2e%2f%2e%2e%2fetc%2fsudoers HTTP/1.1" 200 23713

" "

Which of the following vulnerabilities has the attacker exploited? (Select TWO).

Options:

A.

Race condition

B.

LFI

C.

Pass the hash

D.

XSS

E.

RFI

F.

Directory traversal

Question 262

Following a prolonged data center outage that affected web-based sales, a company has decided to move its operations to a private cloud solution The security team has received the following requirements

• There must be visibility into how teams are using cloud-based services

• The company must be able to identity when data related to payment cards is being sent to the cloud

• Data must be available regardless of the end user's geographic location

• Administrators need a single pane-of-glass view into traffic and trends

Which of the following should the security analyst recommend?

Options:

A.

Create firewall rules to restrict traffic to other cloud service providers

B.

Install a DLP solution to monitor data in transit

C.

Implement a CASB solution

D.

Configure a web-based content filter

Question 263

An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?

Options:

A.

Smishing

B.

Phishing

C.

Impersonating

D.

Vishing

Question 264

A malicious actor compromised an entire cluster by exploiting a zero-day vulnerability in a unique container. The malicious actor then engaged in a lateral movement and compromised other containers and the host system. Which of the following container security practices has the GREATEST chance of preventing this attack from reoccurring?

Options:

A.

Deploying an IPS with updated signatures in line with the container cluster

B.

Implementing automatic scalability for containers exposed to the internet

C.

Updating the environment by using images with the tag: latest

D.

Executing containers using unprivileged credentials

Question 265

Which of the following is most likely to include a SCADA system?

  • Water treatment plant

  • Surveillance system

  • Smart watch

Options:

A.

Wi-Fi-enabled thermostat

Question 266

A security analyst is reviewing the following command-line output:

Internet address Physical address Type

192.168.1.1 aa-bb-cc-00-11-22 dynamic

192.168. aa-bb-cc-00-11-22 dynamic

192.168.1.3 aa-bb-cc-00-11-22 dynamic

192.168.1.4 aa-bb-cc-00-11-22 dynamic

192.168.1.5 aa-bb-cc-00-11-22 dynamic

--output omitted---

192.168.1.251 aa-bb-cc-00-11-22 dynamic

192.168.1.252 aa-bb-cc-00-11-22 dynamic

192.168.1.253 aa-bb-cc-00-11-22 dynamic

192.168.1.254 aa-bb-cc-00-11-22 dynamic

192.168.1.255 ff-ff-ff-ff-ff-ff static

Which of the following is the analyst observing?

Options:

A.

ICMP spoofing

B.

URL redirection

C.

MAC address cloning

D.

DNS poisoning

Question 267

A systems administrator is auditing all company servers to ensure they meet the minimum security baseline While auditing a Linux server the systems administrator observes the /etc/ahadow file has permissions beyond the baseline recommendation. Which of the following commands should the systems administrator use to resolve this issue?

Options:

A.

chmod

B.

grep

C.

dd

D.

passwd

Question 268

During a recent penetration test, a tester plugged a laptop into an Ethernet port in an unoccupied conference room and obtained a valid IP address. Which of the following would have best prevented this avenue of attack?

Options:

A.

Enabling MAC address filtering

B.

Moving printers inside a firewall

C.

Implementing 802.IX

D.

Using network port security

Question 269

A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering. Which of the following teams will conduct this assessment activity?

Options:

A.

White

B.

Purple

C.

Blue

D.

Red

Question 270

An attacker is trying to gain access by installing malware on a website that is known to be visited by the target victims. Which of the following is the attacker most likely attempting?

Options:

A.

A spear-phishing attach

B.

A watering-hole attack

C.

Typo squatting

D.

A phishing attack

Question 271

A worldwide manufacturing company has been experiencing email account compromises. In one incident, a user logged in from the corporate office in France, but then seconds later, the same user account attempted a login from Brazil. Which of the following account policies would best prevent this type of attack?

Options:

A.

Network location

B.

Impossible travel time

C.

Geolocation

D.

Geofencing

Question 272

Which of the following describes the reason root cause analysis should be conducted as part of incident response?

Options:

A.

To gather loCs for the investigation

B.

To discover which systems have been affected

C.

To eradicate any trace of malware on the network

D.

To prevent future incidents of the same nature

Question 273

A security analyst is creating baselines for the server team to follow when hardening new devices for deployment. Which of the following best describes what the analyst is creating?

Options:

A.

Change management procedure

B.

Information security policy

C.

Cybersecurity framework

D.

Secure configuration guide

Question 274

A systems administrator needs to set up a secure, cloud-based file transfer environment between two data centers. Which of the following architecture models would meet this requirement?

Options:

A.

FTP

B.

HSM

C.

SDN

D.

PKI

Question 275

A company is designing the layout of a new data center so it will have an optimal environmental temperature Which of the following must be included? (Select two).

Options:

A.

An air gap

B.

A cold aisle

C.

Removable doors

D.

A hot aisle

E.

An loT thermostat

F.

A humidity monitor

Question 276

A security analyst is looking for a way to categorize and share a threat actor's TTPs with colleagues at a partner organization. Which of the following would be the best method to achieve this goal?

Options:

A.

Releasing the lessons-learned report

B.

Using the MITRE ATT&CK framework

C.

Sharing the CVE IDs used in attacks

D.

Sending relevant log files and pcaps

Question 277

A company would like to provide flexibility for employees on device preference. However, the company is concerned about supporting too many different types of hardware. Which of the following deployment models will provide the needed flexibility with the greatest amount of control and security over company data and infrastructure?

Options:

A.

BYOD

B.

JVDI

C.

COPE

D.

CYOD

Question 278

A security engineer must deploy two wireless routers in an office suite Other tenants in the office building should not be able to connect to this wireless network Which of the following protocols should the engineer implement to ensure the strongest encryption?

Options:

A.

WPS

B.

WPA2

C.

WAP

D.

HTTPS

Question 279

A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?

Options:

A.

Default credentials

B.

Non-segmented network

C.

Supply chain vendor

D.

Vulnerable software

Question 280

The application development teams have been asked to answer the following questions:

  • Does this application receive patches from an external source?
  • Does this application contain open-source code?
  • Is this application accessible by external users?
  • Does this application meet the corporate password standard?

Which of the following are these questions part of?

Options:

A.

Risk control self-assessment

B.

Risk management strategy

C.

Risk acceptance

D.

Risk matrix

Question 281

The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, including during a pandemic or crisis. However, the CEO is concerned that

some staff members may take advantage of the flexibility and work from high-risk countries while on holiday or outsource work to a third-party organization in another country. The Chief Information Officer believes the company

can implement some basic controls to mitigate the majority of the risk. Which of the following would be best to mitigate the CEO's concerns? (Select two).

Options:

A.

Geolocation

B.

Time-of-day restrictions

C.

Certificates

D.

Tokens

E.

Geotagging

F.

Role-based access controls

Question 282

Local guidelines require that all information systems meet a minimum security baseline to be compliant Which of the following can security administrators use to assess their system configurations against the baseline?

Options:

A.

SOAR playbook

B.

Security control matrix

C.

Risk management framework

D.

Benchmarks

Question 283

A security administrator is performing an audit on a stand-alone UNIX server, and the following message is immediately displayed:

(Error 13) : /etc/shadow: Permission denied.

Which of the following best describes the type of tool that is being used?

Options:

A.

Pass-the-hash monitor

B.

File integrity monitor

C.

Forensic analysis

D.

Password cracker

Question 284

A security engineer is implementing FDE for all laptops in an organization. Which of the following are the most important for the engineer to consider as part of the planning process? (Select two).

Options:

A.

Key escrow

B.

TPM presence

C.

Digital signatures

D.

Data tokenization

E.

Public key management

F.

Certificate authority linking

Question 285

An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10 50 10.25

Which of the following firewall ACLs will accomplish this goal?

Options:

A.

Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port S3

Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port S3

B.

Access list outbound permit 0.0.0.0/0 10.50.10.2S/32 port S3

Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

C.

Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53

Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53

D.

Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port S3

Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port S3

Question 286

An incident response technician collected a mobile device during an investigation. Which of the following should the technician do to maintain chain of custody?

Options:

A.

Document the collection and require a sign-off when possession changes.

B.

Lock the device in a safe or other secure location to prevent theft or alteration.

C.

Place the device in a Faraday cage to prevent corruption of the data.

D.

Record the collection in a block chain-protected public ledger.

Question 287

A dynamic application vulnerability scan identified that code injection could be performed using a web form. Which of the following will be the best remediation to prevent this vulnerability?

Options:

A.

Implement input validations

B.

Deploy UFA

C.

Utilize a WAF

D.

Conjure HIPS

Question 288

A company deployed a Wi-Fi access point in a public area and wants to harden the configuration to make it more secure. After performing an assessment, an analyst identifies that the access point is configured to use WPA3, AES, WPS, and RADIUS. Which of the following should the analyst disable to enhance the access point security?

Options:

A.

WPA3

B.

AES

C.

RADIUS

D.

WPS

Question 289

A security analyst discovers several jpg photos from a cellular phone during a forensics investigation involving a compromised system The analyst runs a forensics tool to gather file metadata Which of the following would be part of the images if all the metadata is still intact?

Options:

A.

The GSS location

B.

When the file was deleted

C.

The total number of print jobs

D.

The number of copies made

Question 290

Which of the following test describes the risk that is present once mitigations are applied?

Options:

A.

Control risk

B.

Residual risk

C.

Inherent risk

D.

Risk awareness

Question 291

Developers are writing code and merging it into shared repositories several times a day. where it is tested automatically. Which of the following concepts does this best represent?

Options:

A.

Functional testing

B.

Stored procedures

C.

Elasticity

D.

Continuous Integration

Question 292

A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area. Which of the following would most likely have prevented this breach?

Options:

A.

A firewall

B.

A device pin

C.

A USB data blocker

D.

Biometrics

Question 293

A manufacturing organization wants to control and monitor access from the internal business network to the segregated production network, while ensuring minimal exposure of the production network to devices. Which of the following solutions would best accomplish this goal?

Options:

A.

Proxy server

B.

NGFW

C.

WAF

D.

Jump server

Question 294

A systems administrator set up an automated process that checks for vulnerabilities across the entire environment every morning. Which of the following activities is the systems administrator conducting?

Options:

A.

Scanning

B.

Alerting

C.

Reporting

D.

Archiving

Question 295

An organization is concerned about intellectual property theft by employees who leave the organization Which of the following should the organization most likely implement?

Options:

A.

CBT

B.

NDA

C.

MOU

D.

AUP

Question 296

A cybersecurity analyst reviews the log files from a web server end sees a series of files that indicate a directory traversal attack has occurred Which of the following is the analyst most likely seeing?

Options:

A.

B.

C.

D.

Question 297

An attacker is attempting to harvest user credentials on a client's website. A security analyst notices multiple attempts of random usernames and passwords. When the analyst types in a random username and password, the logon screen displays the following message:

The username you entered does not exist.

Which of the following should the analyst recommend be enabled?

Options:

A.

Input validation

B.

Obfuscation

C.

Error handling

D.

Username lockout

Question 298

Which of the following incident response activities ensures evidence is properly handled?

Options:

A.

E-discovery

B.

Chain of custody

C.

Legal hold

D- Preservation

Question 299

Which of the following agreements defines response time, escalation points, and performance metrics?

Options:

A.

BPA

B.

MOA

C.

NDA

D.

SLA

Question 300

All security analysts' workstations at a company have network access to a critical server VLAN. The information security manager wants to further enhance the controls by requiring that all access to the secure VLAN be authorized only from a given single location. Which of the following will the information security manager most likely implement?

Options:

A.

A forward proxy server

B.

A jump server

C.

A reverse proxy server

D.

A stateful firewall server

Question 301

A company located in an area prone to hurricanes is developing a disaster recovery plan and looking at site considerations that allow the company to quickly continue operations. Which of the following is the best type of site for this company?

Options:

A.

Cold

B.

Tertiary

C.

Warm

D.

Hot

Question 302

An organization is having difficulty correlating events from its individual AV. EDR. DLP. SWG. WAF, MDM. HIPS, and CASB systems. Which of the following is the best way to improve the situation?

Options:

A.

Remove expensive systems that generate few alerts.

B.

Modify the systems to alert only on critical issues.

C.

Utilize a SIEM to centralize logs and dashboards.

D.

Implement a new syslog/NetFlow appliance.

Question 303

Which of the following is the most common data loss path for an air-gapped network?

Options:

A.

Bastion host

B.

Unsecured Bluetooth

C.

Unpatched OS

D.

Removable devices

Question 304

An organization purchased and configured spare devices for all critical network infrastructure. Which of the following best describes the organization's reason for these actions?

Options:

A.

Software-defined networking

B.

Scalability

C.

High availability

D.

Decentralization

Question 305

A Chief Executive Officer's (CEO) personal information was stolen in a social-engineering attack. Which of the following sources would reveal if the CEO's personal information is for sale?

Options:

A.

Automated information sharing

B.

Open-source intelligence

C.

The dark web

D.

Vulnerability databases

Question 306

Which of the following is a hardware-specific vulnerability?

Options:

A.

Firmware version

B.

Buffer overflow

C.

SQL injection

D.

Cross-site scripting

Question 307

A security administrator received an alert for a user account with the following log activity:

Which of the following best describes the trigger for the alert the administrator received?

Options:

A.

Number of failed log-in attempts

B.

Geolocation

C.

Impossible travel time

D.

Time-based log-in attempt

Question 308

Which of the following practices would be best to prevent an insider from introducing malicious code into a company’s development process?

Options:

A.

Code scanning for vulnerabilities

B.

Open-source component usage

C.

Quality assurance testing

D.

Peer review and approval

Question 309

A security analyst is reviewing SIEM logs during an ongoing attack and notices the following:

php? f=/etc/passwd

.42F..42F.. $2Fetct2Fshadow

http: //company.com/../../../ ../etc/passwd

Which of the following best describes the type of attack?

Options:

A.

SQLi

B.

CSRF

C.

API attacks

D.

Directory traversal

Question 310

Which of the following is performed to gain a better understanding of how specific devices are set up by identifying the arrangement of settings?

Options:

A.

Log analysis

B.

Credentialed scan

C.

Configuration review

D.

Web application scan

E.

Network scan

Question 311

Which of the following components can be used to consolidate and forward inbound internet traffic to multiple cloud environments though a single firewall?

Options:

A.

Transit gateway

B.

Cloud hot site

C.

Edge computing

D.

DNS sinkhole

Question 312

Which of the following is an algorithm performed to verify that data has not been modified?

Options:

A.

Hash

B.

Code check

C.

Encryption

D.

Checksum

Question 313

A security analyst it investigating an incident to determine what an attacker was able to do on a compromised Laptop. The analyst reviews the following SIEM log:

Which of the following describes the method that was used to compromise the laptop?

Options:

A.

An attacker was able to move laterally from PC 1 to PC2 using a pass-the-hash attach

B.

An attacker was able to bypass the application approve list by emailing a spreadsheet. attachment with an embedded PowerShell in the file.

C.

An attacker was able to install malware to the CAasdf234 folder and use it to gain administrator rights and launch Outlook

D.

An attacker was able to phish user credentials successfully from an Outlook user profile

Question 314

A wet-known organization has been experiencing attacks from APTs. The organization is concerned that custom malware is being created and emailed into the company or installed on USB stocks that are dropped in parking lots. Which of the following is the best defense against this scenario?

Options:

A.

Configuring signature-based antivirus to update every 30 minutes

B.

Enforcing S/MIME for email and automatically encrypting USB drives upon assertion

C.

Implementing application execution in a sandbox for unknown software

D.

Fuzzing new files for vulnerabilities if they are not digitally signed

Question 315

An organization relies on third-party videoconferencing to conduct daily business. Recent security changes now require all remote workers to utilize a VPN to corporate resources Which of the following would best maintain high-quality videoconferencing while minimizing latency when connected to the VPN?

Options:

A.

Using geographic diversity lo have VPN terminators closer to end users

B.

Utilizing split tunneling so only traffic for corporate resources is encrypted

C.

Purchasing higher bandwidth connections to meet the increased demand

D.

Configuring OoS properly on the VPN accelerators

Question 316

A company wants to ensure that all employees in a given department are trained on each job role to help with employee burnout and continuity of business operations in the event an employee leaves the company. Which of the following should the company implement?

Options:

A.

Separation of duties

B.

Job rotation

C.

Mandatory vacations

D.

Least privilege

Question 317

A network manager wants to protect the company's VPN by multifactor authentication that uses:

• Something you know

• Something you have

• Somewhere you are

Which of the following would accomplish the manager's goal?

Options:

A.

Domain name, PKI, GeoIP lookup

B.

VPN IP address, company ID, partner site

C.

Password, authentication token, thumbprint

D.

Company URL, TLS certificate, home address

Question 318

Which of the following would be most effective to contain a rapidly spreading attack that is affecting a large number of organizations?

Options:

A.

Machine learning

B.

DNS sinkhole

C.

Blocklist

D.

Honey pot

Exam Detail
Vendor: CompTIA
Certification: CompTIA Security+
Exam Code: SY0-601
Last Update: Nov 21, 2024
SY0-601 Question Answers
Page: 1 / 80
Total 1063 questions