Comptia-4
B. Implement salting and hashing.
302- A security analyst discovers that a company's username and password database was posted on an Internet forum. The usernames and passwords are stored in plain text. Which of the following would mitigate the damage done by this type of data exfiltration in the future? A. Create DLP controls that prevent documents from leaving the network. B. Implement salting and hashing. C. Configure the web content filter to block access to the forum. D. Increase password complexity requirements.
C. Phishing
303- Joe, an employee, receives an email stating he won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm Joe's identity before sending him the prize. Which of the following BEST describes this type of email? A. Spear phishing B. Whaling C. Phishing D. Vishing
D. WPS
304- A company deployed a WiFi access point in a public area and wants to harden the configuration to make it more secure. After performing an assessment, an analyst identifies that the access point is configured to use WPA3, AES, WPS, and RADIUS. Which of the following should the analyst disable to enhance the access point security? A. WPA3 B. AES C. RADIUS D. WPS
A. OWASP
305- Which of the following would be used to find the MOST common web-application vulnerabilities? A. OWASP B. MITRE ATT&CK C. Cyber Kill Chain D. SDLC
A. An external access point is engaging in an evil-twin attack.
306- A network engineer is troubleshooting wireless network connectivity issues that were reported by users. The issues are occurring only in the section of the building that is closest to the parking lot. Users are intermittently experiencing slow speeds when accessing websites and are unable to connect to network drives. The issues appear to increase when laptop users return to their desks after using their devices in other areas of the building. There have also been reports of users being required to enter their credentials on web pages in order to gain access to them. Which of the following is the MOST likely cause of this issue? A. An external access point is engaging in an evil-twin attack. B. The signal on the WAP needs to be increased in that section of the building. C. The certificates have expired on the devices and need to be reinstalled. D. The users in that section of the building are on a VLAN that is being blocked by the firewall
A. Nmap
307- A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator MOST likely use to confirm the suspicions? A. Nmap B. Wireshark C. Autopsy D. DNSEnum
(B). Implement different backups every Sunday at 8:00 and nightly incremental backups at 8:00 p.m
308- A company has limited storage available and online presence that can not for more than four hours. Which of the following backup methodologies should the company implement to allow for the FASTEST database restore time In the event of a failure, which being maindful of the limited available storage space? (A). Implement fulltape backup every Sunday at 8:00 p.m and perform nightly tape rotations. (B). Implement different backups every Sunday at 8:00 and nightly incremental backups at 8:00 p.m (C). Implement nightly full backups every Sunday at 8:00 p.m (D). Implement full backups every Sunday at 8:00 p.m and nightly differential backups at 8:00
(A). Staging
309- Which of the following environments minimizes end-user disruption and is MOST likely to be used to assess the impacts of any database migrations or major system changes by using the final version of the code? (A). Staging (B). Test (C). Production (D). Development
(D). Implement application whitelisting and centralized event-log management, and perform regular testing and validation of full backups.
310- A Chief Security Office's (CSO's) key priorities are to improve preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks. Which of the following would BEST meet the CSO's objectives? (A). Use email-filtering software and centralized account management, patch high-risk systems, and restrict administration privileges on fileshares. (B). Purchase cyber insurance from a reputable provider to reduce expenses during an incident. (C). Invest in end-user awareness training to change the long-term culture and behavior of staff and executives, reducing the organization's susceptibility to phishing attacks. (D). Implement application whitelisting and centralized event-log management, and perform regular testing and validation of full backups.
(B). Access control vestibule
311- Enterprising a secure area requires passing through two doors, both of which require someone who is already inside to initiate access. Which of the following types of physical security controls does this describe? (A). Cameras (B). Access control vestibule (C). Sensors (D). Guards (E). B: Faraday cage
(B). Installing a managed PDU
312- A security team suspects that the cause of recent power consumption overloads is the unauthorized use of empty power outlets in the network rack Which of the following options will mitigate this issue without compromising the number of outlets available? (A). Adding a new UPS dedicated to the rack (B). Installing a managed PDU (C). Using only a dual power supplies unit (D). Increasing power generator capacity
(A). Honeyfile
313- A SOC is implementing an insider-threat-detection program. The primary concern is that users may be accessing confidential data without authorization. Which of the following should be deployed to detect a potential insider threat? (A). Honeyfile (B). ADMZ (C). DLP (D). File integrity monitoring
(B). The user's laptop was quarantined because it missed the latest path update.
314- A remote user recently took a two-week vacation abroad and brought along a corporate- owned laptop. Upon returning to work, the user has been unable to connect the laptop to the VPN. Which of the following is the MOST likely reason for the user's inability to connect the laptop to the VPN? (A). Due to foreign travel, the user's laptop was isolated from the network. (B). The user's laptop was quarantined because it missed the latest path update. (C). The VPN client was blacklisted. (D). The user's account was put on a legal hold
(A). Apply the patches to systems in a testing environment then to systems in a staging environment, and finally to production systems.
315- Which of the following describes the BEST approach for deploying application patches? (A). Apply the patches to systems in a testing environment then to systems in a staging environment, and finally to production systems. (B). Test the patches in a staging environment, develop against them in the development environment, and then apply them to the production systems (C). Test the patches m a test environment apply them to the production systems and then apply them to a staging environment (D). Apply the patches to the production systems apply them in a staging environment, and then test all of them in a testing environment
(D). Phishing campaign
316- A security administrator wants to implement a program that tests a user's ability to recognize attacks over the organization's email system Which of the following would be BEST suited for this task? (A). Social media analysis (B). Annual information security training (C). Gamification (D). Phishing campaign
(A). Perform a site survey (D). Scan for rogue access points
317- A network engineer has been asked to investigate why several wireless barcode scanners and wireless computers in a warehouse have intermittent connectivity to the shipping server. The barcode scanners and computers are all on forklift trucks and move around the warehouse during their regular use. Which of the following should the engineer do to determine the issue? (Choose two.) (A). Perform a site survey (B). Deploy an FTK Imager (C). Create a heat map (D). Scan for rogue access points (E). Upgrade the security protocols
B. SSL/TLS
318- A company recently experienced an attack during which its main website was directed to the attacker's web server, allowing the attacker to harvest credentials from unsuspecting customers. Which of the following should the company implement to prevent this type of attack from occurring in the future? A. IPSec B. SSL/TLS C. DNSSEC D. S/MIME
(A). OAuth
319- An application owner has requested access for an external application to upload data from the central internal website without providing credentials at any point. Which of the following authentication methods should be configured to allow this type of integration access? (A). OAuth (B). SSO (C). TACACS+ (D). Kerberos
(C). Write down the phone number of the caller if possible, the name of the person requesting the information hang up. and notify the organization's cybersecurity officer
320- A help desk technician receives a phone call from someone claiming to be a part of the organization's cybersecurity modem response team. The caller asks the technician to verify the network's internal firewall IP address. Which of the following is the technician's BEST course of action? (A). Direct the caller to stop by the help desk in person and hang up declining any further requests from the caller (B). Ask for the callers name, verify the persons identity in the email directory and provide the requested information over the phone (C). Write down the phone number of the caller if possible, the name of the person requesting the information hang up. and notify the organization's cybersecurity officer (D). Request the caller send an email for identity verification and provide the requested information via email to the caller
(C). Encrypted VPN traffic will not be inspected when entering or leaving the network
321- An organization routes all of its traffic through a VPN Most users are remote and connect into a corporate datacenter that houses confidential information. There is a firewall at the Internet border followed by a DIP appliance, the VPN server and the datacenter itself. Which of the following is the WEAKEST design element? (A). The DLP appliance should be integrated into a NGFW. (B). Split-tunnel connections can negatively impact the DLP appliance's performance (C). Encrypted VPN traffic will not be inspected when entering or leaving the network (D). Adding two hops in the VPN tunnel may slow down remote connections
(A). Snapshot
322- A systems administrator is considering different backup solutions for the IT infrastructure. The company is looking for a solution that offers the fastest recovery time while also saving the most amount of storage used to maintain the backups. Which of the following recovery solutions would be the BEST option to meet these requirements? (A). Snapshot (B). Differential (C). Full (D). Tape
(B). Containment
323- Which of the following incident response steps involves actions to protect critical systems while maintaining business operations? (A). Investigation (B). Containment (C). Recovery (D). Lessons learned
(C). A supply-chain attack
324- A company uses specially configured workstations for any work that requires administrator privileges to its Tier 0 and Tier 1 systems. The company follows a strict process to harden systems immediately upon delivery. Even with these strict security measures in place, an incident occurred from one of the workstations. The root cause appears to be that the SoC was tampered with or replaced. Which of the following MOST likely occurred? (A). Fileless malware (B). A downgrade attack (C). A supply-chain attack (D). A logic bomb (E). Misconfigured BIOS
(B). NFC
325- A company would like to set up a secure way to transfer data between users via their mobile phones The company's top priority is utilizing technology that requires users to be in as close proximity as possible to each other. Which of the following connection methods would BEST fulfill this need? (A). Cellular (B). NFC (C). Wi-Fi (D). Bluetooth
(A). Configure DLP solution
326- A major clothing company recently lost of large of priority information. The security officer must find a solution to ensure this never happens again. Which of the following is the BEST technician implementation to present this from happeing again? (A). Configure DLP solution (B). Disable peer-topeer sharing (C). Enable role-based access controls. (D). Mandsha job rotation. (E). Implement content filters
D. ldap-server host 10.10.2.2 enable-ssl
327- An engineer is configuring AAA authentication on a Cisco MDS 9000 Series Switch. The LDAP server is located under the IP 10.10.2.2. The data sent to the LDAP server should be encrypted. Which command should be used to meet these requirements? A. ldap-server 10.10.2.2 port 443 B. ldap-server 10.10.2.2 key SSL_KEY C. ldap-server host 10.10.2.2 key SSL_KEY D. ldap-server host 10.10.2.2 enable-ssl
(A). The vulnerability scan output
328- An analyst has determined that a server was not patched and an external actor exfiltrated data on port 139. Which of the following sources should the analyst review to BEST ascertain how the incident could have been prevented? (A). The vulnerability scan output (B). The security logs (C). The baseline report (D). The correlation of events
(A). 802.1X utilizing the current PKI infrastructure
329- A network administrator at a large organization is reviewing methods to improve the security of the wired LAN. Any security improvement must be centrally managed and allow corporate owned devices to have access to the intranet but limit others to internet access only, Which of the following should the administrator recommend? (A). 802.1X utilizing the current PKI infrastructure (B). SSO to authenticate corporate users (C). MAC address filtering with ACLS on the router (D). PAM for user account management
(C). MTRE ATT$CK
330- A security analyst is preparing a threat for an upcoming internal penetration test. The analyst needs to identify a method for determining the tactics, techniques, and procedures of a threat against the organization's network. Which of the following will the analyst MOST likely use to accomplish the objective? (A). A table exercise (B). NST CSF (C). MTRE ATT$CK (D). OWASP
(C). WAP placement
331- The technology department at a large global company is expanding its Wi-Fi network infrastructure at the headquarters building. Which of the following should be closely coordinated between the technology, cybersecurity, and physical security departments? (A). Authentication protocol (B). Encryption type (C). WAP placement (D). VPN configuration
(A). TPM
332- An organization wants to enable built-in FDE on all laptops. Which of the following should the organization ensure is Installed on all laptops? (A). TPM (B). CA (C). SAML (D). CRL
(A). The examiner does not have administrative privileges to the system
333- A forensics examiner is attempting to dump password cached in the physical memory of a live system but keeps receiving an error message. Which of the following BEST describes the cause of the error? (A). The examiner does not have administrative privileges to the system (B). The system must be taken offline before a snapshot can be created (C). Checksum mismatches are invalidating the disk image (D). The swap file needs to be unlocked before it can be accessed
(D). Install a captive portal
334- A network engineer needs to build a solution that will allow guests at the company's headquarters to access the Internet via WiFi. This solution should not allow access to the internal corporate network, but it should require guests to sign off on the acceptable use policy before accessing the Internet. Which of the following should the engineer employ to meet these requirements? (A). Implement open PSK on the APs (B). Deploy a WAF (C). Configure WIPS on the APs (D). Install a captive portal
(D). Somewhere you are
335- Which of the following BEST describes the MFA attribute that requires a callback on a predefined landline? (A). Something you exhibit (B). Something you can do (C). Someone you know (D). Somewhere you are
(A). Data encryption
336- Which of the following provides the BEST protection for sensitive information and data stored in cloud-based services but still allows for full functionality and searchability of data within the cloud- based services? (A). Data encryption (B). Data masking (C). Anonymization (D). Tokenization
(C). RADIUS
337- A security engineer needs to select a primary authentication source for use with a client application. The application requires the user to log in with a username, password, and, when needed, a challenge response. Which of the following solutions BEST meets this requirement? (A). PSK (B). LDAP (C). RADIUS (D). PAP
(C). Separation of duties
338- Which of the following policies would help an organization identify and mitigate potential single points of failure in the company's IT/security operations? (A). Least privilege (B). Awareness training (C). Separation of duties (D). Mandatory vacation
(B). DNS poisoning
339- A user attempts to load a web-based application, but the expected login screen does not appear. A help desk analyst troubleshoots the issue by running the following command and reviewing the output on the user's PC The help desk analyst then runs the same command on the local PC -one more picture Which of the following BEST describes the attack that is being detected? (A). Domain hijacking (B). DNS poisoning (C). MAC flooding (D). Evil twin
(D). Block SSH access from the Internet.
340- A company is setting up a web server on the Internet that will utilize both encrypted and unencrypted web-browsing protocols. A security engineer runs a port scan against the server from the Internet and sees the following output: Which of the following steps would be best for the security engineer to take NEXT? (A). Allow DNS access from the internet. (B). Block SMTP access from the Internet (C). Block HTTPS access from the Internet (D). Block SSH access from the Internet.
(C). Conduct a site survey.
341- A new company wants to avoid channel interference when building a WLAN. The company needs to know the radio frequency behavior, identify dead zones, and determine the best place for access points. Which of the following should be done FIRST? (A). Configure heat maps. (B). Utilize captive portals. (C). Conduct a site survey. (D). Install Wi-Fi analyzers.
(C). Implement a heuristic behavior-detection solution.
342- Joe, a user at a company, clicked an email link led to a website that infected his workstation. Joe, was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and It has continues to evade detection. Which of the following should administrator implement to protect the environment from this malware? (A). Install a definition-based antivirus. (B). Implement an IDS/IPS (C). Implement a heuristic behavior-detection solution. (D). Implement CASB to protect the network shares.
(C). A privileged access management system
343- An organization needs to implement more stringent controls over administrator/root credentials and service accounts. Requirements for the project include: Check-in/checkout of credentials The ability to use but not know the password Automated password changes Logging of access to credentials Which of the following solutions would meet the requirements? (A). OAuth 2.0 (B). Secure Enclave (C). A privileged access management system (D). An OpenID Connect authentication system
(C). Site-to-site
344- An organization has expanded its operations by opening a remote office. The new office is fully furnished with office resources to support up to 50 employees working on any given day. Which of the following VPN solutions would BEST support the new office? (A). Always On (B). Remote access (C). Site-to-site (D). Full tunnel
(A). Transference
345- In which of the following risk management strategies would cybersecurity insurance be used? (A). Transference (B). Avoidance (C). Acceptance (D). Mitigation
(C). Password-spraying
346- A security analyst is reviewing the following attack log output: Which of the following types of attacks does this MOST likely represent? (A). Rainbow table (B). Brute-force (C). Password-spraying (D). Dictionary
(B). ESP
347- A security analyst receives the configuration of a current VPN profile and notices the authentication is only applied to the IP datagram portion of the packet. Which of the following should the analyst implement to authenticate the entire packet? (A). AH (B). ESP (C). SRTP (D). LDAP
(A). Access control vestibule
348- Which of the following controls would provide the BEST protection against tailgating? (A). Access control vestibule (B). Closed-circuit television (C). Proximity card reader (D). Faraday cage
B. White-box
349- An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given all the developer's documentation about the internal architecture. Which of the following BEST represents the type of testing that will occur? A. Bug bounty B. White-box C. Black-box D. Gray-box
(A). Privilege escalation
350- After a phishing scam for a user's credentials, the red team was able to craft a payload to deploy on a server. The attack allowed the installation of malicious software that initiates a new remote session. Which of the following types of attacks has occurred? (A). Privilege escalation (B). Session replay (C). Application programming interface (D). Directory traversal
(D). Included third-party libraries (E). Vendors/supply chain
351- Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in a software company's final software releases? (Select TWO.) (A). Unsecure protocols (B). Use of penetration-testing utilities (C). Weak passwords (D). Included third-party libraries (E). Vendors/supply chain (F). Outdated anti-malware software
(A). Shadow IT
352- Which of the following refers to applications and systems that are used within an organization without consent or approval? (A). Shadow IT (B). OSINT (C). Dark web (D). Insider threats
(D). A log analysis
353- A company recently moved sensitive videos between on-premises. Company-owned websites. The company then learned the videos had been uploaded and shared to the internet. Which of the following would MOST likely allow the company to find the cause? (A). Checksums (B). Watermarks (C). Oder of volatility (D). A log analysis (E). A right-to-audit clause
(B). Mandatory vacation
354- Which of the following corporate policies is used to help prevent employee fraud and to detect system log modifications or other malicious activity based on tenure? (A). Background checks (B). Mandatory vacation (C). Social media analysis (D). Separation of duties
(A). HTTPS sessions are being downgraded to insecure cipher suites
355- A company's bank has reported that multiple corporate credit cards have been stolen over the past several weeks. The bank has provided the names of the affected cardholders to the company's forensics team to assist in the cyber-incident investigation. An incident responder learns the following information: The timeline of stolen card numbers corresponds closely with affected users making Internet-based purchases from diverse websites via enterprise desktop PCs. All purchase connections were encrypted, and the company uses an SSL inspection proxy for the inspection of encrypted traffic of the hardwired network. Purchases made with corporate cards over the corporate guest WiFi network, where no SSL inspection occurs, were unaffected. Which of the following is the MOST likely root cause? (A). HTTPS sessions are being downgraded to insecure cipher suites (B). The SSL inspection proxy is feeding events to a compromised SIEM (C). The payment providers are insecurely processing credit card charges (D). The adversary has not yet established a presence on the guest WiFi network
A. HSM
356- An enterprise needs to keep cryptographic keys in a safe manner. Which of the following network appliances can achieve this goal? A. HSM B. CASB C. TPM D. DLP
(D). Access control vestibules (E). Fencing
357- Which of the following will provide the BEST physical security countermeasures to stop intruders? (Select TWO.) (A). Alarms (B). Signage (C). Lighting (D). Access control vestibules (E). Fencing (F). Sensors
B. Change the default password for the switch.
358- A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of power surge of power surge or other fault situation. The switch was installed on a wired network in a hospital and is monitored by the facilities department via a cloud application. The security administrator isolated the switch on a separate VLAN and set up a patching routine. Which of the following steps should also be taken to harden the smart switch? A. Set up an air gap for the switch. B. Change the default password for the switch. C. Place the switch in a Faraday cage. D. Install a cable lock on the switch.
(A). DLP
359- A Chief information Officer is concerned about employees using company-issued laptops to steal data when accessing network shares. Which of the following should the company implement? (A). DLP (B). CASB (C). HIDS (D). EDR (E). UEFI
(D). International operations
360- Which of the following conditions impacts data sovereignty? (A). Rights management (B). Criminal investigations (C). Healthcare data (D). International operations
(A). FDE
361- The Chief Information Security Officer came across a news article outlining a mechanism that allows certain OS passwords to be bypassed. The security team was then tasked with determining which method could be used to prevent data loss in the corporate environment in case an attacker bypasses authentication. Which of the following will accomplish this objective? (A). FDE (B). Proper patch management protocols (C). TPM (D). Input validations
(C). Man-in-the-middle
362- A researcher has been analyzing large data sets for the last ten months. The researcher works with colleagues from other institutions and typically connects via SSH to retrieve additional data. Historically, this setup has worked without issue, but the researcher recently started getting the following message: Which of the following network attacks is the researcher MOST likely experiencing? (A). MAC cloning (B). Evil twin (C). Man-in-the-middle (D). ARP poisoning
(B). Content management, remote wipe, geolocation, context-aware authentication, and containerization
363- A company just implemented a new telework policy that allows employees to use personal devices for official email and file sharing while working from home. Some of the requirements are: ✑ Employees must provide an alternate work location (i.e., a home address). ✑ Employees must install software on the device that will prevent the loss of proprietary data but will not restrict any other software from being installed. Which of the following BEST describes the MDM options the company is using? (A). Geofencing, content management, remote wipe, containerization, and storage segmentation (B). Content management, remote wipe, geolocation, context-aware authentication, and containerization (C). Application management, remote wipe, geofencing, context-aware authentication, and containerization (D). Remote wipe, geolocation, screen locks, storage segmentation, and full-device encryption
E. It assures customers that the organization meets security standards.
364- An organization recently acquired an ISO 27001 certification. Which of the following would MOST likely be considered a benefit of this certification? A. It allows for the sharing of digital forensics data across organizations. B. It provides insurance in case of a data breach. C. It provides complimentary training and certification resources to IT security staff. D. It certifies the organization can work with foreign entities that require a security clearance. E. It assures customers that the organization meets security standards.
C. Implement a vulnerability scan to assess dependencies earlier on SDLC
365- Which of the following is the MOST effective way to detect security flaws present on third-party libraries embedded on software before it is released into production? A. Employ different techniques for server- and client-side validations B. Use a different version control system for third-party libraries C. Implement a vulnerability scan to assess dependencies earlier on SDLC D. Increase the number of penetration tests before software release
(B). Pagefile
366- An analyst needs to identify the applications a user was running and the files that were open before the user's computer was shut off by holding down the power button. Which of the following would MOST likely contain that information? (A). NGFW (B). Pagefile (C). NetFlow (D). RAM
(A). DNS cache poisoning
367- An organization's help desk is flooded with phone calls from users stating they can no longer access certain websites. The help desk escalates the issue to the security team, as these websites were accessible the previous day. The security analysts run the following command: ipconfig /flushdns, but the issue persists. Finally, an analyst changes the DNS server for an impacted machine, and the issue goes away. Which of the following attacks MOST likely occurred on the original DNS server? (A). DNS cache poisoning (B). Domain hijacking (C). Distributed denial-of-service (D). DNS tunneling
(C). Virtual machines
368- A manufacturing company has several one-off legacy information systems that can not be migrated to a newer OS due to software compatibility issues. The OSs are still supported by the vendor, but the industrial software is no longer supported. The Chief Information Security Officer (CISO) has created a resiliency plan for these systems that will allow OS patches to be installed in a non-production environment, while also creating backups of the systems for recovery. Which of the following resiliency techniques will provide these capabilities? (A). Redundancy (B). RAID 1+5 (C). Virtual machines (D). Full backups
A. Hacktivists
369- A company's Chief Information Security Officer (CISO) recently warned the security manager that the company's Chief Executive Officer (CEO) is planning to publish a controversial opinion article in a national newspaper, which may result in new cyberattacks. Which of the following would be BEST for the security manager to use in a threat model? A. Hacktivists B. White-hat hackers C. Script kiddies D. Insider threats
(B). Credential stuffing
370- A large enterprise has moved all its data to the cloud behind strong authentication and encryption. A sales director recently had a laptop stolen, and later enterprise data was found to have been compromised from a local database. Which of the following was the MOST likely cause? (A). Shadow IT (B). Credential stuffing (C). SQL injection (D). Man-in-the-browser (E). Bluejacking
(C). Properly configured SIEM with retention policies
371- During an investigation, a security manager receives notification from local authorities that company proprietary data was found on a former employee's home computer. The former employee's corporate workstation has since been repurposed, and the data on the hard drive has been overwritten. Which of the following would BEST provide the security manager with enough details to determine when the data was removed from the company network? (A). Properly configured hosts with security logging (B). Properly configured endpoint security tool with alerting (C). Properly configured SIEM with retention policies (D). Properly configured USB blocker with encryption
(B). Enable MAC filtering on the switches that support the wireless network. (E). Scan the wireless network for rogue access points.
372- During a routine scan of a wireless segment at a retail company, a security administrator discovers several devices are connected to the network that do not match the company's naming convention and are not in the asset Inventory. WiFi access Is protected with 255-Wt encryption via WPA2. Physical access to the company's facility requires two-factor authentication using a badge and a passcode Which of the following should the administrator implement to find and remediate the Issue? (Select TWO). (A). Check the SIEM for failed logins to the LDAP directory. (B). Enable MAC filtering on the switches that support the wireless network. (C). Run a vulnerability scan on all the devices in the wireless network (D). Deploy multifactor authentication for access to the wireless network (E). Scan the wireless network for rogue access points. (F). Deploy a honeypot on the network
ssh-keygen -t rsa (creating the key-pair) ssh-copy-id -i /.ssh/id_rsa.pub user@server (copy the public-key to user@server) ssh -i ~/.ssh/id_rsa user@server (login to remote host with private-key)
373- DRAG DROP - A security engineer is setting up passwordless authentication for the first time. INSTRUCTIONS -Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.Select and Place: **Answer:The task requires only the minimum set of commands. ssh-keygen -t rsa (creating the key-pair) ssh-copy-id -i /.ssh/id_rsa.pub user@server (copy the public-key to user@server) ssh -i ~/.ssh/id_rsa user@server (login to remote host with private-key)
(B). HTTPS://app1.comptia.org, Valid from April 10 00:00:00 2021-April 8 12:00:00 2022
374- As part of the building process for a web application, the compliance team requires that all PKI certificates are rotated annually and can only contain wildcards at the secondary subdomain level. Which of the following certificate properties will meet these requirements? (A). HTTPS://.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022 (B). HTTPS://app1.comptia.org, Valid from April 10 00:00:00 2021-April 8 12:00:00 2022 (C). HTTPS://app1.comptia.org, Valid from April 10 00:00:00 2021-April 8 12:00:00 2023 (D). HTTPS://.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00
(C). Chain of custody
375- An employee has been charged with fraud and is suspected of using corporate assets. As authorities collect evidence, and to preserve the admissibility of the evidence, which of the following forensic techniques should be used? (A). Order of volatility (B). Data recovery (C). Chain of custody (D). non-repudiation
(A). The end user purchased and installed a PUP from a web browser
376- An end user reports a computer has been acting slower than normal for a few weeks. During an investigation, an analyst determines the system is sending the user's email address and a ten-digit number to an IP address once a day. The only recent log entry regarding the user's computer is the following: Which of the following is the MOST likely cause of the issue? (A). The end user purchased and installed a PUP from a web browser (B). A bot on the computer is brute forcing passwords against a website (C). A hacker is attempting to exfiltrate sensitive data (D). Ransomware is communicating with a command-and-control server
(D). Reputation
377- Hackers recently attacked a company's network and obtained several unfavorable pictures from the Chief Executive Officer's workstation. The hackers are threatening to send the images to the press if a ransom is not paid. Which of the following is impacted the MOST? (A). Identify theft (B). Data loss (C). Data exfiltration (D). Reputation
(D). isolate the infected attachment.
378- An analyst is working on an email security incident in which the target opened an attachment containing a worm. The analyst wants to implement mitigation techniques to prevent further spread. Which of the following is the BEST course of action for the analyst to take? (A). Apply a DLP solution. (B). Implement network segmentation (C). Utilize email content filtering, (D). isolate the infected attachment.
(B). reconnaissance.
379- The process of passively gathering information prior to launching a cyberattack is called: (A). tailgating. (B). reconnaissance. (C). pharming. (D). prepending.
(A). Configure AAA on the switch with local login as secondary (C). Implement TACACS+
380- A security engineer needs to Implement the following requirements: * All Layer 2 switches should leverage Active Directory tor authentication. * All Layer 2 switches should use local fallback authentication If Active Directory Is offline. * All Layer 2 switches are not the same and are manufactured by several vendors. Which of the following actions should the engineer take to meet these requirements? (Select TWO). Implement RADIUS. (A). Configure AAA on the switch with local login as secondary (B). Configure port security on the switch with the secondary login method. (C). Implement TACACS+ (D). Enable the local firewall on the Active Directory server. (E). Implement a DHCP server
(D). The SIEM alerts
381- After reading a security bulletin, a network security manager is concerned that a malicious actor may have breached the network using the same software flaw. The exploit code is publicly available and has been reported as being used against other industries in the same vertical. Which of the following should the network security manager consult FIRST to determine a priority list for forensic review? (A). The vulnerability scan output (B). The IDS logs (C). The full packet capture data (D). The SIEM alerts
(C). A jump server
382- A security engineer needs to build a solution to satisfy regulatory requirements that stale certain critcal servers must be accessed using MFA However, the critical servers are older and are unable to support the addition of MFA, Which of the following will the engineer MOST likely use to achieve this objective? (A). A forward proxy (B). A stateful firewall (C). A jump server (D). A port tap
(C). 802.1X
383- A network administrator is setting up wireless access points in all the conference rooms and wants to authenticate device using PKI. Which of the following should the administrator configure? (A). A captive portal (B). PSK (C). 802.1X (D). WPS
(D). Benchmarks
384- Local guidelines require that all information systems meet a minimum-security baseline to be compliant. Which of the following can security administrators use to assess their system configurations against the baseline? (A). SOAR playbook (B). Security control matrix (C). Risk management framework (D). Benchmarks
(B). A BCP prepares for any operational interruption while a DRP prepares for natural disasters.
385- Which of the following is a difference between a DRP and a BCP? (A). A BCP keeps operations running during a disaster while a DRP does not. (B). A BCP prepares for any operational interruption while a DRP prepares for natural disasters. (C). BCP is a technical response to disasters while a DRP is operational. (D). A BCP is formally written and approved while a DRP is not.
(C). Homomorphic
386- A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirement? (A). Asymmetric (B). Symmetric (C). Homomorphic (D). Ephemeral
A. An air gap
387- A manufacturer creates designs for very high security products that are required to be protected and controlled by the government regulations. These designs are not accessible by corporate networks or the Internet. Which of the following is the BEST solution to protect these designs? A. An air gap B. A Faraday cage C. A shielded cable D. A demilitarized zone
(B). SOAR
388- An organization wants to integrate its incident response processes into a workflow with automated decision points and actions based on predefined playbooks. Which of the following should the organization implement? (A). SIEM (B). SOAR (C). EDR (D). CASB
(A). An annual privacy notice
389- Ann, a customer, received a notification from her mortgage company stating her PII may be shared with partners, affiliates, and associates to maintain day-to-day business operations. Which of the following documents did Ann receive? (A). An annual privacy notice (B). A non-disclosure agreement (C). A privileged-user agreement (D). A memorandum of understanding
(A). TOTP
390- Which of the following authentication methods sends out a unique password to be used within a specific number of seconds? (A). TOTP (B). Biometrics (C). Kerberos (D). LDAP
(C). Static code analysis
391- A company just developed a new web application for a government agency. The application must be assessed and authorized prior to being deployed. Which of the following is required to assess the vulnerabilities resident in the application? (A). Repository transaction logs (B). Common Vulnerabilities and Exposures (C). Static code analysis (D). Non-credentialed scans
(B). DNS logs
392- During a security incident investigation, an analyst consults the company's SIEM and sees an event concerning high traffic to a known, malicious command-and-control server. The analyst would like to determine the number of company workstations that may be impacted by this issue. Which of the following can provide the information? (A). WAF logs (B). DNS logs (C). System logs (D). Application logs
(A). MITRE ATT&CK
393- A security analyst is taking part in an evaluation process that analyzes and categorizes threat actors of real-world events in order to improve the incident response team's process. Which of the following is the analyst MOST likely participating in? (A). MITRE ATT&CK B Walk-through (B). Red team (C). Purple team (D). TAXII
(A). Risk matrix
394- Which of the following would an organization use to assign a value to risks based on probability of occurrence and impact? (A). Risk matrix (B). Risk register (C). Risk appetite (D). Risk mitgation plan
(D). CVSS
395- A security analyst is looking for a solution to help communicate to the leadership team the seventy levels of the organization's vulnerabilities. Which of the following would BEST meet this need? (A). CVE (B). SIEM (C). SOAR (D). CVSS
(D). tcpdump
396- A security analyst wants to verify that a client-server (non-web) application is sending encrypted traffic. Which of the following should the analyst use? (A). openssl (B). hping (C). netcat (D). tcpdump
A. Mantraps B. Security guards
397- Which of the following function as preventive, detective, and deterrent controls to reduce the risk of physical theft? (Choose two.) A. Mantraps B. Security guards C. Video surveillance D. Fences E. Bollards F. Antivirus
(C). Change control procedures
399- Which of the following is an administrative control that would be MOST effective to reduce the occurrence of malware execution? (A). Security awareness training (B). Frequency of NIDS updates (C). Change control procedures (D). EDR reporting cycle
(B). The cameras could be compromised if nott patched in a timely manner.
400- Which of the following would cause a Chief information Security Officer the MOST concern regarding newly installed Internet-accessible 4K surveillance cameras? (A). An inability to monitor 100% of every facility could expose the company to unnecessary risk. (B). The cameras could be compromised if nott patched in a timely manner. (C). Physical security at the facility may not protect the cameras from theft. (D). Exported videos may take up excessive space on the file servers.
(A). Check for any recent SMB CVEs
98- During a recent incident an external attacker was able to exploit an SMB vulnerability over the internet. Which of the following action items should a security analyst perform FIRST to prevent this from occurring again? (A). Check for any recent SMB CVEs (B). Install AV on the affected server (C). Block unneeded TCP 445 connections (D). Deploy a NIDS in the affected subnet
B. An attacker was able to bypass application whitelisting by emailing a spreadsheet attachment with an embedded PowerShell in the file.
A security analyst is investigating an incident to determine what an attacker was able to do on a compromised laptop. The analyst reviews the following SIEM log: Which of the following describes the method that was used to compromise the laptop? A. An attacker was able to move laterally from PC1 to PC2 using a pass-the-hash attack. B. An attacker was able to bypass application whitelisting by emailing a spreadsheet attachment with an embedded PowerShell in the file. C. An attacker was able to install malware to the C:\asdf234 folder and use it to gain administrator rights and launch Outlook. D. An attacker was able to phish user credentials successfully from an Outlook user profile