601 Missed
Which of the following is the MOST likely reason for securing an air-gapped laboratory HVAC system? A. To avoid data leakage B. To protect surveillance logs C. To ensure availability D. To facilitate third-party access
A to avoid data leakage
DDoS attacks are causing an overload on the cluster of cloud servers. A security architect is researching alternatives to make the cloud environment respond to load fluctuation in a cost-effective way. Which of the following options BEST fulfills the architect's requirements? A. An orchestration solution that can adjust scalability of cloud assets B. Use of multipath by adding more connections to cloud storage C. Cloud assets replicated on geographically distributed regions D. An on-site backup that is displayed and only used when the load increases Reveal Solution Discussion 15
A An orchestration solution that can adjust scalability of cloud assets
After multiple on premises security solutions were migrated to the cloud, the incident response time increased. The analysts are spending a long time trying to trace information on different cloud consoles and correlating data in different formats. Which of the following can be used to optimize the incident response time? A. CASB B. VPC C. SWG D. CMS
A CASB - Cloud Access Security Broker
Server administrators want to configure a cloud solution so that computing memory and processor usage is maximized most efficiently across a number of virtual servers. They also need to avoid potential denial-of-service situations caused by availability. Which of the following should administrators configure to maximize system availability while efficiently utilizing available computing power? A. Dynamic resource allocation B. High availability C. Segmentation D. Container security
A Dynamic Resource Allocation
A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator MOST likely use to confirm the suspicions? A. Nmap B. Wireshark C. Autopsy D. DNSEnum
A NMAP
After a recent external audit, the compliance team provided a list of several non-compliant, in-scope hosts that were not encrypting cardholder data at rest. Which of the following compliance frameworks would address the compliance team's GREATEST concern? A. PCI DSS B. GDPR C. ISO 27001 D. NIST CSF
A PCI DSS
An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft. Which of the following would be the MOST acceptable? A. SED B. HSM C. DLP D. TPM
A SED
A company is looking to migrate some servers to the cloud to minimize its technology footprint. The company has a customer relationship management system on premises. Which of the following solutions will require the LEAST infrastructure and application support from the company? A. SaaS B. IaaS C. PaaS D. SDN
A SaaS
Digital signatures use asymmetric encryption. This means the message is encrypted with: A. the sender's private key and decrypted with the sender's public key. B. the sender's public key and decrypted with the sender's private key. C. the sender's private key and decrypted with the recipient's public key. D. the sender's public key and decrypted with the recipient's private key.
A The sender's private key and decrypted with the sender's public key
The database administration team is requesting guidance for a secure solution that will ensure confidentiality of cardholder data at rest only in certain fields in the database schema. The requirement is to substitute a sensitive data field with a non-sensitive field that is rendered useless if a data breach occurs. Which of the following is the BEST solution to meet the requirement? A. Tokenization B. Masking C. Full disk encryption D. Mirroring
A Tokenization
Which of the following incident response phases should the proper collection of the detected IoCs and establishment of a chain of custody be performed before? A. Containment B. Identification C. Preparation D. Recovery
A. Containment
A company is launching a website in a different country in order to capture user information that a marketing business can use. The company itself will not be using the information. Which of the following roles is the company assuming? A. Data owner B. Data processor C. Data steward D. Data collector
A. Data owner
Which of the following is a security implication of newer ICS devices that are becoming more common in corporations? A. Devices with cellular communication capabilities bypass traditional network security controls B. Many devices do not support elliptic-curve encryption algorithms due to the overhead they require C. These devices often lack privacy controls and do not meet newer compliance regulations D. Unauthorized voice and audio recording can cause loss of intellectual property
A. Devices with cellular communication capabilities bypass traditional network security controls
A security engineer is concerned about using an agent on devices that relies completely on defined known-bad signatures. The security engineer wants to implement a tool with multiple components including the ability to track, analyze, and monitor devices without reliance on definitions alone. Which of the following solutions best fits this use case? A. EDR B. DLP C. NGFW D. HIPS
A. EDR
An organization has been experiencing outages during holiday sales and needs to ensure availability of its point-of-sale systems. The IT administrator has been asked to improve both server-data fault tolerance and site availability under high consumer load. Which of the following are the best options to accomplish this objective? (Choose two.) A. Load balancing B. Incremental backups C. UPS D. RAID E. Dual power supply F. VLAN
A. Load balancing D. RAID
A security administrator, who is working for a government organization, would like to utilize classification and granular planning to secure top secret data and grant access on a need-to-know basis. Which of the following access control schemas should the administrator consider? A. Mandatory B. Rule-based C. Discretionary D. Role-based
A. Mandatory
An application owner reports suspicious activity on an internal financial application from various internal users within the past 14 days. A security analyst notices the following: • Financial transactions were occurring during irregular time frames and outside of business hours by unauthorized users. • Internal users in question were changing their passwords frequently during that time period. • A jump box that several domain administrator users use to connect to remote devices was recently compromised. • The authentication method used in the environment is NTLM. Which of the following types of attacks is most likely being used to gain unauthorized access? A. Pass-the-hash B. Brute-force C. Directory traversal D. Replay
A. Pass-the-Hash
A security analyst is reviewing the following logs: Several entries with different times 10:00:00 AM - Login rejected - usersnames - samepassword Which of the following attacks is most likely occurring? A. Password spraying B. Account forgery C. Pass-the-hash D. Brute-force
A. Password spraying
If a current private key is compromised, which of the following would ensure it cannot be used to decrypt all historical data? A. Perfect forward secrecy B. Elliptic-curve cryptography C. Key stretching D. Homomorphic encryption
A. Perfect forward secrecy
A tax organization is working on a solution to validate the online submission of documents. The solution should be carried on a portable USB device that should be inserted on any computer that is transmitting a transaction securely. Which of the following is the BEST certificate for these requirements? A. User certificate B. Self-signed certificate C. Computer certificate D. Root certificate
A. User Certificate
A security operations technician is searching the log named /var/messages for any events that were associated with a workstation with the IP address 10.1.1.1. Which of the following would provide this information? A. cat /var/messages | grep 10.1.1.1 B. grep 10.1.1.1 | cat /var/messages C. grep /var/messages | cat 10.1.1.1 D. cat 10.1.1.1 | grep /var/messages
A. cat /var/messages | grep 10.1.1.1
A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned that servers in the company's DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN. Which of the following TCP ports should be blocked for all external inbound connections to the DMZ as a workaround to protect the servers? (Choose two.) A. 135 B. 139 C. 143 D. 161 E. 443 F. 445
B 139 F 445
Which of the following is MOST likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented? A. An RTO report B. A risk register C. A business impact analysis D. An asset value register E. A disaster recovery plan
B A risk register
A company is moving its retail website to a public cloud provider. The company wants to tokenize credit card data but not allow the cloud provider to see the stored credit card information. Which of the following would BEST meet these objectives? A. WAF B. CASB C. VPN D. TLS
B CASB
Which of the following BEST describes the process of documenting who has access to evidence? A. Order of volatility B. Chain of custody C. Non-repudiation D. Admissibility
B Chain of Custody
During a security incident investigation, an analyst consults the company's SIEM and sees an event concerning high traffic to a known, malicious command-and-control server. The analyst would like to determine the number of company workstations that may be impacted by this issue. Which of the following can provide this information? A. WAF logs B. DNS logs C. System logs D. Application logs
B DNS logs
An analyst receives multiple alerts for beaconing activity for a host on the network. After analyzing the activity, the analyst observes the following activity:* A user enters comptia.org into a web browser.* The website that appears is not the comptia.org site.* The website is a malicious site from the attacker.* Users in a different office are not having this issue.Which of the following types of attacks was observed? A. On-path attack B. DNS poisoning C. Locator (URL) redirection D. Domain hijacking
B DNS poisoning
A security engineer is concerned that the strategy for detection on endpoints is too heavily dependent on previously defined attacks. The engineer would like a tool to monitor for changes to key files and network traffic on the device. Which of the following tools BEST addresses both detection and prevention? A. NIDS B. HIPS C. AV D. NGFW
B HIPS
A network administrator is concerned about users being exposed to malicious content when accessing company cloud applications. The administrator wants to be able to block access to sites based on the AUP. The users must also be protected because many of them work from home or at remote locations, providing on-site customer support. Which of the following should the administrator employ to meet these criteria? A. Implement NAC. B. Implement an SWG. C. Implement a URL filter. D. Implement an MDM.
B Implement an SWG
A security analyst discovers that a company's username and password database was posted on an Internet forum. The usernames and passwords are stored in plain text. Which of the following would mitigate the damage done by this type of data exfiltration in the future? A. Create DLP controls that prevent documents from leaving the network. B. Implement salting and hashing. C. Configure the web content filter to block access to the forum. D. Increase password complexity requirements.
B Implement salting and hashing
A user reports falling for a phishing email to an analyst. Which of the following system logs would the analyst check FIRST? A. DNS B. Message gateway C. Network D. Authentication
B Message Gateway
Which of the following documents provides guidance regarding the recommended deployment of network security systems from the manufacturer? A. Cloud control matrix B. Reference architecture C. NIST RMF D. CIS Top 20
B Reference Architecture
Which of the following in the incident response process is the BEST approach to improve the speed of the identification phase? A. Activate verbose logging in all critical assets. B. Tune monitoring in order to reduce false positive rates. C. Redirect all events to multiple syslog servers. D. Increase the number of sensors present on the environment.
B Tune monitoring in order to reduce false positive rates
A major manufacturing company updated its internal infrastructure and just recently started to allow OAuth applications to access corporate data. Data leakage is now being reported. Which of the following MOST likely caused the issue? A. Privilege creep B. Unmodified default settings C. TLS protocol vulnerabilities D. Improper patch management
B Unmodified Default Settings
A company has a flat network that is deployed in the cloud. Security policy states that all production and development servers must be segmented. Which of the following should be used to design the network to meet the security requirements? A. CASB B. VPC C. Perimeter network D. WAF
B VPC
An organization is outlining data stewardship roles and responsibilities. Which of the following employee roles would determine the purpose of data and how to process it? A. Data custodian B. Data controller C. Data protection officer D. Data processor
B. Data controller
Which of the following mitigation techniques places devices in physically or logically separated networks and leverages policies to limit the types of communications that are allowed? A. Host-based firewalls B. Access control list C. Port security D. Least privilege
B. Access Control List
Which of the following would be the best way to block unknown programs from executing? A. Access control list B. Application allow list C. Host-based firewall D. DLP solution
B. Application allow list
Security analysts have noticed the network becomes flooded with malicious packets at specific times of the day. Which of the following should the analysts use to investigate this issue? A. Web metadata B. Bandwidth monitors C. System files D. Correlation dashboards
B. Bandwidth Monitors
A cybersecurity analyst at Company A is working to establish a secure communication channel with a counterpart at Company B, which is 3,000 miles (4,828 kilometers) away. Which of the following concepts would help the analyst meet this goal in a secure manner? A. Digital signatures B. Key exchange C. Salting D. PPTP
B. Key exchange
A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate? A. Testing input validation on the user input fields B. Performing code signing on company-developed software C. Performing static code analysis on the software D. Ensuring secure cookies are used
B. Performing code signing on company-developed software
Which of the following identifies the point in time when an organization will recover data in the event of an outage? A. ALE B. RPO C. MTBF D. ARO
B. RPO
Multiple beaconing activities to a malicious domain have been observed. The malicious domain is hosting malware from various endpoints on the network. Which of the following technologies would be BEST to correlate the activities between the different endpoints? A. Firewall B. SIEM C. IPS D. Protocol analyzer
B. SIEM
A company policy requires third-party suppliers to self-report data breaches within a specific time frame. Which of the following third-party risk management policies is the company complying with? A. MOU B. SLA C. EOL D. NDA
B. SLA
A new security engineer has started hardening systems. One of the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability to use SCP to transfer files to the NAS, even though the data is still viewable from the users' PCs. Which of the following is the MOST likely cause of this issue? A. TFTP was disabled on the local hosts. B. SSH was turned off instead of modifying the configuration file. C. Remote login was disabled in the networkd.conf instead of using the sshd.conf. D. Network services are no longer running on the NAS.
B. SSH was turned off instead of modifying the configuration file.
A government organization is developing an advanced Al defense system. Developers are using information collected from third-party providers. Analysts are noticing inconsistencies in the expected progress of the Al learning and attribute the outcome to a recent attack on one of the suppliers. Which of the following is the most likely reason for the inaccuracy of the system? A. Improper algorithms security B. Tainted training data C. Fileless virus D. Cryptomalware
B. Tainted training data
A network-connected magnetic resonance imaging (MRI) scanner at a hospital is controlled and operated by an outdated and unsupported specialized Windows OS. Which of the following is MOST likely preventing the IT manager at the hospital from upgrading the specialized OS? A. The time needed for the MRI vendor to upgrade the system would negatively impact patients. B. The MRI vendor does not support newer versions of the OS. C. Changing the OS breaches a support SLA with the MRI vendor. D. The IT team does not have the budget required to upgrade the MRI scanner.
B. The MRI vendor does not support newer versions of the OS.
A systems administrator is required to enforce MFA for corporate email account access, relying on the possession factor. Which of the following authentication methods should the systems administrator choose? (Choose two.) A. Passphrase B. Time-based one-time password C. Facial recognition D. Retina scan E. Hardware token F. Fingerprints Reveal Solution
B. Time-based one-time password E. Hardware token
Which of the following is the BEST reason to maintain a functional and effective asset management policy that aids in ensuring the security of an organization? A. To provide data to quantify risk based on the organization's systems B. To keep all software and hardware fully patched for known vulnerabilities C. To only allow approved, organization-owned devices onto the business network D. To standardize by selecting one laptop model for all users in the organization
B. To keep all software and hardware fully patched for known vulnerabilities
A small, local company experienced a ransomware attack. The company has one web-facing server and a few workstations. Everything is behind an ISP firewall. A single web-facing server is set up on the router to forward all polls so that the server is viewable from the internet. The company uses an older version of third-party software to manage the website. The assets were never patched. Which of the following should be done to prevent an attack like this from happening again? (Choose three.) A. install DLP software to prevent data loss B. Use the latest version of software C. Install a SIEM device D. Implement MDM E. Implement a screened subnet for the web server F. Install an endpoint security solution G. Update the website certificate and revoke the existing ones H. Deploy additional network sensors
B. Use the latest version of software E. Implement a screened subnet for the web server F. Install an endpoint security solution
A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the company's mobile application. After reviewing the back-end server logs, the security analyst finds the following entries: entries from phone to web site - 403 errors, 302 errors, 200 errors Which of the following is the most likely cause of the security control bypass? A. IP address allow list B. User-agent spoofing C. WAF bypass D. Referrer manipulation
B. User-agent spoofing
An organization relies on third-party videoconferencing to conduct daily business. Recent security changes now require all remote workers to utilize a VPN to corporate resources. Which of the following would best maintain high-quality videoconferencing while minimizing latency when connected to the VPN? A. Using geographic diversity to have VPN terminators closer to end users B. Utilizing split tunneling so only traffic for corporate resources is encrypted C. Purchasing higher bandwidth connections to meet the increased demand D. Configuring QoS properly on the VPN accelerators
B. Utilizing split tunneling so only traffic for corporate resources is encrypted
Which of the following describes the ability of code to target a hypervisor from inside a guest OS? A. Fog computing B. VM escape C. Software-defined networking D. Image forgery E. Container breakout
B. VM escape
A penetration tester is fuzzing an application to identify where the EIP of the stack is located on memory. Which of the following attacks is the penetration tester planning to execute? A. Race-condition B. Pass-the-hash C. Buffer overflow D. XSS
C Buffer Overflow
A Chief Security Officer is looking for a solution that can reduce the occurrence of customers receiving errors from back-end infrastructure when systems go offline unexpectedly. The security architect would like the solution to help maintain session persistence. Which of the following would BEST meet the requirements? A. Reverse proxy B. NIC teaming C. Load balancer D. Forward proxy
C Load Balancer
A Chief Information Security Officer (CISO) is evaluating the dangers involved in deploying a new ERP system for the company. The CISO categorizes the system, selects the controls that apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system. Which of the following is the CISO using to evaluate the environment for this new ERP system? A. The Diamond Model of Intrusion Analysis B. CIS Critical Security Controls C. NIST Risk Management Framework D. ISO 27002
C NIST Rick Management Framework
While investigating a recent security incident, a security analyst decides to view all network connections on a particular server. Which of the following would provide the desired information? A. arp B. nslookup C. netstat D. nmap
C Netstat
A research company discovered that an unauthorized piece of software has been detected on a small number of machines in its lab. The researchers collaborate with other machines using port 445 and on the Internet using port 443. The unauthorized software is starting to be seen on additional machines outside of the lab and is making outbound communications using HTTPS and SMB. The security team has been instructed to resolve the problem as quickly as possible while causing minimal disruption to the researchers. Which of the following contains the BEST course of action in this scenario? A. Update the host firewalls to block outbound SMB. B. Place the machines with the unapproved software in containment. C. Place the unauthorized application in a blocklist. D. Implement a content filter to block the unauthorized software communication.
C Place the unauthorized application in a blocklist
A systems analyst is responsible for generating a new digital forensics chain-of-custody form. Which of the following should the analyst include in this documentation? (Choose two.) A. The order of volatility B. A CRC32 checksum C. The provenance of the artifacts D. The vendor's name E. The date and time F. A warning banner
C Provenance of the artifacts E Date and time
A security analyst has been tasked with finding the maximum amount of data loss that can occur before ongoing business operations would be impacted. Which of the following terms BEST defines this metric? A. MTTR B. RTO C. RPO D. MTBF
C RPO
Which of the following typically uses a combination of human and artificial intelligence to analyze event data and take action without intervention? A. TTP B. OSINT C. SOAR D. SIEM
C SOAR
Which of the following is a risk that is specifically associated with hosting applications in the public cloud? A. Unsecured root accounts B. Zero-day C. Shared tenancy D. Insider threat
C Shared Tenancy - Multi Tenants in the Cloud
Which of the following supplies non-repudiation during a forensics investigation? A. Dumping volatile memory contents first B. Duplicating a drive with dd C. Using a SHA-2 signature of a drive image D. Logging everyone in contact with evidence E. Encrypting sensitive data Reveal Solution Discussion 43 Previous QuestionsNext Questions
C Using a SHA-2 signature of a drive image
The technology department at a large global company is expanding its Wi-Fi network infrastructure at the headquarters building. Which of the following should be closely coordinated between the technology, cybersecurity, and physical security departments? Select 1 A. Authentication protocol B. Encryption type C. WAP placement D. VPN configuration
C WAP Placement
A business is looking for a cloud service provider that offers a la carte services, including cloud backups, VM elasticity, and secure networking. Which of the following cloud service provider types should the business engage? A. IaaS B. PaaS C. XaaS D. SaaS
C XaaS
A systems engineer wants to leverage a cloud-based architecture with low latency between network-connected devices that also reduces the bandwidth that is required by performing analytics directly on the endpoints. Which of the following would BEST meet the requirements? (Choose two.) A. Private cloud B. SaaS C. Hybrid cloud D. IaaS E. DRaaS F. Fog computing
C hybrid cloud F Fog Computing
A security analyst is reviewing logs on a server and observes the following output: Multiple attempts on admin account with differnet common words for password attempts Which of the following is the security analyst observing? A. A rainbow table attack B. A password-spraying attack C. A dictionary attack D. A keylogger attack
C. A dictionary attack
An analyst is concerned about data leaks and wants to restrict access to internet services to authorized users only. The analyst also wants to control the actions each user can perform on each service. Which of the following would be the best technology for the analyst to consider Implementing? A. DLP B. VPC C. CASB D. Content filtering
C. CASB
Which of the following control types is patch management classified under? A. Deterrent B. Physical C. Corrective D. Detective
C. Corrective
A security operations center wants to implement a solution that can execute files to test for malicious activity. The solution should provide a report of the files' activity against known threats. Which of the following should the security operations center implement? A. the Harvester B. Nessus C. Cuckoo D. Sn1per
C. Cuckoo
An audit identified PII being utilized in the development environment of a critical application. The Chief Privacy Officer (CPO) is adamant that this data must be removed; however, the developers are concerned that without real data they cannot perform functionality tests and search for specific data. Which of the following should a security professional implement to best satisfy both the CPO's and the development team's requirements? A. Data purge B. Data encryption C. Data masking D. Data tokenization
C. Data Masking
Two organizations are discussing a possible merger. Both organizations' Chief Financial Officers would like to safely share payroll data with each other to determine if the pay scales for different roles are similar at both organizations. Which of the following techniques would be best to protect employee data while allowing the companies to successfully share this information? A. Pseudo-anonymization B. Tokenization C. Data masking D. Encryption
C. Data Masking
As part of the building process for a web application, the compliance team requires that all PKI certificates are rotated annually and can only contain wildcards at the secondary subdomain level. Which of the following certificate properties will meet these requirements? A. HTTPS://*.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022 B. HTTPS://app1.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022 C. HTTPS://*.app1.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022 D. HTTPS://*.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2023
C. HTTPS://*.app1.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022
A digital forensics team at a large company is investigating a case in which malicious code was down oaded over an HTTPS connection and was running in memory, but was never committed to disk. Which of the following techniques should the team use to obtain a sample of the malware binary? A. pcap reassembly B. SSD snapshot C. Image volatile memory D. Extract from checksums
C. Image Volatile Memory
A network architect wants a server to have the ability to retain network availability even if one of the network switches it is connected to goes down. Which of the following should the architect implement on the server to achieve this goal? A. RAID B. UPS C. NIC teaming D. Load balancing
C. NIC Teaming
A security analyst is assessing a new y developed web application by testing SQL injection, CSRF, and XML injection. Which of the follow ng frameworks should the analyst consider? A. ISO B. MITRE ATT&CK C. OWASP D. NIST
C. OWASP
A security team will be outsourcing several key functions to a third party and will require that:• Several of the functions will carry an audit burden• Attestations will be performed several times a year• Reports will be generated on a monthly basisWhich of the following best describes the document that is used to define these requirements and stipulate how and when they are performed by the third party? A. MOU B. AUP C. SLA D. MSA
C. SLA
Which of the following is a security best practice that ensures the integrity of aggregated log files within a SIEM? A. Set up hashing on the source log file servers that complies with local regulatory requirements. B. Back up the aggregated log files at least two times a day or as stated by local regulatory requirements. C. Write protect the aggregated log files and move them to an isolated server with limited access. D. Back up the source log files and archive them for at least six years or in accordance with local regulatory requirements.
C. Write protect the aggregated log files and move them to an isolated server with limited access.
A security analyst is investigating a malware incident at a company. The malware is accessing a command-and-control website at www.comptia.com. All outbound Internet traffic is logged to a syslog server and stored in /logfiles/messages. Which of the following commands would be best for the analyst to use on the syslog server to search for recent traffic to the command-and-control website? A. head -500 www.comptia.com | grep /logfiles/messages B. cat /logfiles/messages | tail -500 www.comptia.com C. tail -500 /logfiles/messages | grep www.comptia.com D. grep -500 /logfiles/messages | cat www.comptia.com
C. tail -500 /logfiles/messages | grep www.comptia.com
When implementing automation with IoT devices, which of the following should be considered FIRST to keep the network secure? A. Z-Wave compatibility B. Network range C. Zigbee configuration D. Communication protocols
D Communication protocols
A security administrator is trying to determine whether a server is vulnerable to a range of attacks. http/1.0 200 Ok Content-type: text/html Server: Apache root:s9fyf983#:0:1:System Operator:/:/bin/bash daemon:*:1:1::/tmp: user1:Fi@su3FF:183:100:user:/home/users/user1:/bin/bash What Attack was implemented? A. Memory leak B. Race conditions C. SQL injection D. Directory traversal
D Directory Traversal
The help desk has received calls from users in multiple locations who are unable to access core network services. The network team has identified and turned off the network switches using remote commands. Which of the following actions should the network team take NEXT? A. Disconnect all external network connections from the firewall. B. Send response teams to the network switch locations to perform updates. C. Turn on all the network switches by using the centralized management software. D. Initiate the organization's incident response plan.
D Initate the organization's incident response plan
A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process. Which of the following methods would BEST accomplish this goal? A. Salting the magnetic strip information B. Encrypting the credit card information in transit C. Hashing the credit card numbers upon entry D. Tokenizing the credit cards in the database
D Tokenizing the credit cards in the database
A security analyst is reviewing the latest vulnerability scan report for a web server following an incident. The vulnerability report showed no concerning findings. The vulnerability that was used to exploit the server is present in historical vulnerability scan reports, and a patch is available for the vulnerability. Which of the following is the MOST likely cause? A. Security patches failed to install due to a version incompatibility. B. An adversary altered the vulnerability scan reports. C. A zero-day vulnerability was used to exploit the web server. D. The scan reported a false negative for the vulnerability.
D the scan reported a false negative for the vulnerability
Which of the following will provide the BEST physical security countermeasures to stop intruders? (Choose two.) A. Alarms B. Signage C. Lighting D. Access control vestibules E. Fencing F. Sensors
D. Access control vestibules E. Fencing
An organization is concerned about hackers potentially entering a facility and plugging in a remotely accessible Kali Linux box. Which of the following should be the first lines of defense against such an attack? (Choose two.) A. MAC filtering B. Zero trust segmentation C. Network access control D. Access control vestibules E. Guards F. Bollards
D. Access control vestibules E. Guards
Which of the following can best protect against an employee inadvertently installing malware on a company system? A. Host-based firewall B. System isolation C. Least privilege D. Application allow list
D. Application allow list
A security analyst is looking for a solution to help communicate to the leadership team the severity levels of the organization's vulnerabilities. Which of the following would BEST meet this need? A. CVE B. SIEM C. SOAR D. CVSS
D. CVSS
A police department is using the cloud to share information with city officials. Which of the following cloud models describes this scenario? A. Hybrid B. Private C. Public D. Community
D. Community
An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization? A. Exception B. Segmentation C. Risk transfer D. Compensating controls
D. Compensating Controls
A customer called a company's security team to report that all invoices the customer has received over the last five days from the company appear to have fraudulent banking details. An investigation into the matter reveals the following: • The manager of the accounts payable department is using the same password across multiple external websites and the corporate account. • One of the websites the manager used recently experienced a data breach. • The manager's corporate email account was successfully accessed in the last five days by an IP address located in a foreign country. Which of the following attacks has most likely been used to compromise the manager's corporate account? A. Remote access Trojan B. Brute-force C. Dictionary D. Credential stuffing E. Password spraying
D. Credential Stuffing
A security administrator performs weekly vulnerability scans on all cloud assets and provides a detailed report. Which of the following describes the administrator's activities? A. Continuous deployment B. Continuous integration C. Data owners D. Data processor
D. Data Processor
A systems engineer thinks a business system has been compromised and is being used to exfiltrate data to a competitor. The engineer contacts the CSIRT. The CSIRT tells the engineer to immediately disconnect the network cable and to not do anything else. Which of the following is the most likely reason for this request? A. The CSIRT thinks an insider threat is attacking the network. B. Outages of business-critical systems cost too much money. C. The CSIRT does not consider the systems engineer to be trustworthy. D. Memory contents, including fileless malware, are lost when the power is turned off.
D. Memory contents, including fileless malware, are lost when the power is turned off.
Which of the following would MOST likely be identified by a credentialed scan but would be missed by an uncredentialed scan? A. Vulnerabilities with a CVSS score greater than 6.9. B. Critical infrastructure vulnerabilities on non-IP protocols. C. CVEs related to non-Microsoft systems such as printers and switches. D. Missing patches for third-party software on Windows workstations and servers.
D. Missing patches for third-party software on Windows workstations and servers.
Which of the following provides a catalog of security and privacy controls related to the United States federal information systems? A. GDPR B. PCI DSS C. ISO 27000 D. NIST 800-53
D. NIST-800-53
A security analyst is taking part in an evaluation process that analyzes and categorizes threat actors of real-world events in order to improve the incident response team's process. Which of the following is the analyst most likely participating in? A. MITRE ATT&CK B. Walk-through C. Red team D. Purple team E. TAXII
D. Purple Team
A security analyst reviews web server logs and notices the following line: "Get >>>>>>> SELECT User_login from WP_Users Which of the following vulnerabilities is the attacker trying to exploit? A. SSRF B. CSRF C. XSS D. SQLi
D. SQLi
A company's help desk received several AV alerts indicating Mimikatz attempted to run on the remote systems. Several users also reported that the new company flash drives they picked up in the break room only have 512KB of storage. Which of the following is most likely the cause? A. The GPO prevents the use of flash drives, which triggers a false positive AV indication and restricts the drives to only 512KB of storage. B. The new flash drives need a driver that is being blocked by the AV software because the flash drives are not on the application's allow list, temporarily restricting the drives to 512KB of storage. C. The new flash drives are incorrectly partitioned, and the systems are automatically trying to use an unapproved application to repartition the drives. D. The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials from memory.
D. The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials from memory.
A security analyst discovers that one of the web APIs is being abused by an unknown third party. Logs indicate that the third party is attempting to manipulate the parameters being passed to the API endpoint. Which of the following solutions would best help to protect against the attack? A. DLP B. SIEM C. NIDS D. WAF
D. WAF
A company wants to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategy to implement? A. Incremental backups followed by differential backups B. Full backups followed by incremental backups C. Delta backups followed by differential backups D. Incremental backups followed by delta backups E. Full backups followed by differential backups
E Full Backups followed by differential backups