SECURITY PLUS 601
Which of the following terms should be included in a contract to help a company monitor the ongoing security maturity of a new vendor? a. A right to audit clause allowing for annual security audits B. Requirements for event logs to be kept for a minimum of 30 days C. Integration of threat intelligence in the company's AV D. A data breach clause requiring disclosure of significant data loss
A. A right to audit clause allowing for annual security audits
Ann, a customer, received a notification from her mortgage company stating her PII may be shared with partners, affiliates, and associates to maintain day to day business operations. Which of the following documents did Ann receive? A. An annual privacy notice B. A non-disclosure agreement C. A privileged user agreement D. A memorandum of understanding
A. An annual privacy notice
A company is implementing a DLP solution on the file server. The file server has PII, financial information and health information stored on it. Depending on what type of data that is hosted on the file server, the company want different DLP rules assigned to the data. Which of the following should the company do to help accomplish this goal? A. Classify the data B. Mask the data C. Assign an application owner D. Perform a risk analysis
A. Classify the data
An organization implemented a process that compares the settings currently configured on systems against secure configuration guidelines in order to identify any gaps. Which of the following control types has the organization implemented? A. Compensating B. Corrective C. Preventive D. Detective
A. Compensating
Employees are having issues accessing the company's website. Some employees report very slow performance while others can't access the website at all. The web and security administrators search the logs and find millions of half open connections to port 443 on the web server. Further analysis reveals thousands of different source IP's initiating this traffic. Which of the following attacks is most likely occurring? A. DDOS ( distributed denial of service) B. Man in the Middle C. Mac flooding D. Domain hijacking
A. DDOS ( distributed denial of service)
A user reports falling for a phishing email to an analyst. Which of the following system logs would the analyst check FIRST? A. DNS B. Message gateway C. Network D. Authentication
A. DNS
An organization recently recovered from a data breach. During the root cause analysis, the organization determined the source of the breach to be a personal cellphone that has been reported lost. Which of the following solutions should the organization implement to reduce the likelihood of future data breaches? A. MDM B. MAM C. VDI D. DLP
A. MDM mobile device management
Several large orders of merchandise were recently purchased on an e-commerce company's website. The totals for each of the transactions were negative values, resulting in credit s on the customers accounts. Which of the following should be implemented to prevent similar situations in the future? A. Ensure input validation is in place to prevent the use of invalid characters and values B. Calculate all possible values to be added together and ensure the use of the proper integer in the code C. Configure the web application firewall to look for and click session replay attacks D. Make sure transactions that are submitted within very short time periods are prevented from being processed.
A. Ensure input validation is in place to prevent the use of invalid characters and values
Which of the following best reduces the security risks introduced when running systems that have expired vendor support and lack an immediate replacement? A. Implement proper network access restrictions B. Initiate a bug bounty program C. Classify the system as shadow IT D. increases the frequency of vulnerability scans
A. Implement proper network access restrictions
A routing audit of medical billing claims revealed that several claims were submitted without the subscriber's knowledge. A review of the audit logs for the medical billing company's system indicated a company's employee downloaded customer records and assisted the direct deposit information to a personal back account. Which of the following does this action describe? A. Inside threat B. Social engineering C. Third party risk D. Data breach
A. Inside threat
To mitigate the impact of a single VM being compromised by another VM on the same hypervisor, an administrator would like to utilize a technical control to further segregate the traffic. Which of the following solutions would best accomplish this objective? A. Install a hypervisor firewall to filter east-west traffic B. Add more VLANs to the hypervisor network switches C. Move exposed or vulnerable VM to the DMZ D. Implement a zero trust policy and physically segregate the hypervisor servers
A. Install a hypervisor firewall to filter east-west traffic
A company is under investigation for possible fraud. As part of the investigation the authorities need to review all emails and ensure data is not deleted. Which of the following should the company implement to assist in the investigation? A. Legal hold B. Chain of custody C. Data loss prevention D. Content filter
A. Legal hold
Two organizations plan to collaborate on the evaluation of new SIEM solutions for their respective companies. A combined effort from both organizations SOC teams would speed up the effort. Which of the following can be written to document this agreement? A. MOU B. ISA C. SLA D. NDA
A. MOU (memorandum of understanding)
A company is launching a new internet platform for its clients. The company does not want to implement its own authorization solution but instead wants to rely on the authorization provided by another platform. Which of the following is the BEST approach to implement the desired solution? A. OAuth B. TACACS+ C. SAML D. RADIUS
A. OAuth
An administrator is configuring a firewall rule set for a subnet to only access DHCP, web pages and SFTP and to specifically block FTP. Which of the following would best accomplish this goal?
A. Permission source destination port Allow: any any 80 Allow: any any 443 Allow: any any 67 Allow: any any 68 Allow: any any 22 Deny: any any 21 Deny: any any
An organization is migrating several SaaS applications that support SSO. The security manager wants to ensure the migration is completed securely. Which of the following application integration aspects should the organization consider before focusing into underlying implementation details? (SELECT TWO) A. The back-end directory source B. The identity federation protocol C. The hashing method D. The encryption method E. The registration authority F. The certificate authority
A. The back-end directory source B. The identity federation protocol
An organization's corporate offices were destroyed due to a natural disaster, so the organization is now setting up offices in a temporary workspace. Which of the following will the organization most likely consult? A. The business continuity plan B. The disaster recovery plan C. The communications plan D. The incident response plan
A. The business continuity plan
A user's PC was recently infected by malware. The user has a legacy printer without vendor support, and the user's OS is fully patched. The user downloaded a driver package from the internet. No threats were found on the downloaded file, but during file installation, a malicious runtime threat was detected. Which of the following is the most likely cause the infection? A. The driver has malware installed and was defactored upon download to avoid detection B. The user's computer has a rootkit installed that has avoided detection until the new driver overwrite let files C. The user's antivirus software definitions were out of date and were damaged by installation of the driver D. The user's computer has been infected with a logic bomb set to run when the new driver was installed
A. The driver has malware installed and was defactored upon download to avoid detection
A retail company that is launching a new website to showcase the company's product line and other information for online shoppers registered the following URLs: A. www.comptia.com B. Shop.comptia.com C. Contact-us.comptia.com D. About-us. Comptia.com
A. www.comptia.com
While reviewing pcap data, a network security analyst is able to locate plaintext usernames and passwords being sent from workstations to network switches. Which of the following is the security analyst most likely observing? A. SNMP traps B. A Telnet session C. An SSH connection D. SFTP traffic
B. A Telnet session
A network analyst is investigating compromised company information. The analysis leads to a theory that the network traffic was intercepted before being transmitted to the internet. The following output was captured on an internal host Ipv4 address... 10.0.0.87 Subnet mask....255.255.255.0 Default gateway... 10.0.0.1 IP address physical address 10.10.255.255 ff-ff-ff-ff-ff-ff 10.0.0.1 aa-aa-aa-aa-aa-aa 10.0.0.254 aa-aa-aa 224.0.0.2 01-00-5e-00-00-02 Based on the IoCs, which of the C following was the most likely attack used to compromise the network connections? A. DoS B. ARP poisoning C. Command injection D. MAC flooding
B. ARP poisoning
The spread of misinformation surrounding the outbreak of a novel virus on Election Day led to eligible voters choosing not to take the risk of going to the polls. This is an example of: A. Prepending B. An influence campaign C. A water hole attack D. Intimidation E. Information elicitation
B. An influence campaign
An information security policy states that separation of duties is required for all highly sensitive database changes that involve customer's financial data. Which of the following will this be best to prevent? A. Least privilege B. An insider threat C. A data breach D. A change control violation
B. An insider threat
A company has decided to move its operations to the cloud. It wants to utilize technology that will prevent users from downloading company applications for personal use, restrict data that is uploaded, and have visibility into which applications are being used across the company. Which of the following solutions will BEST meet these requirements? A. NGFW B. CASB C. application whitelisting D. NG-SWG
B. CASB cloud access security broker
Which of the following employee roles is responsible for protecting an organization's collected personal information? A. CTO B. DPO C. CEO D. DBA
B. DPO (Data Protection Officer)
A security engineer is concerned that the strategy for detection on endpoints is too heavily dependent on previously defined attacks. The engineer would like a tool to monitor for changes to key files and netword traffic on the device. Which or the followinf tools best addresses both detection and prevention? a. NIDS b. HIPS c. AV d. NGFW
B. HIPS
An enterprise needs to keep cryptographic keys in a safe manner. Which of the following network appliances can achieve this goal? A. DLP B. HSM C. TPM D. CASB
B. HSM hardware security module
An information security officer at a credit card transaction company is conducting a framework mapping exercise with the internal controls. The company recently established a new office in Europe. To which of the following frameworks should the security officer map the existing controls? (Select two) A. ISO B. PCI DSS C. SOC D. GDPR E. CSA F. NIST
B. PCI DSS payment card industry data security standard D. GDPR general data protection regulation
Which of the following would be best for a technician to review to determine the total risk an organization can bear when assessing a cloud first adoption strategy? A. Risk register B. Risk appetite C. Risk matrix D. Risk tolerance
B. Risk appetite
Which of the following environments typically hosts the current version configurations and code, compares user story responses and workflow and uses a modified version of actual data for testing? A. Development B. Staging C. Production D. Test
B. Staging
Which of the following is the best reason to maintain a functional and effective asset management policy that aids in ensuring the security of an organization? A. To provide data to quantify risk based on the organization's systems B. To keep all software and hardware fully patched for known vulnerabilities C. To only allow approved organization owned devices onto the business network D. To standardized by selecting 1 laptop model for all users in the organization
B. To keep all software and hardware fully patched for known vulnerabilities
A recent security assessment revealed that someone exploited a vulnerable workstation within a company and has persisted in the network for several months. The company realize the need to reassess its security plan for mitigating risk. Which of the following solutions would best support the company's plan? A. FIM B. DLP C. EDR D. UTM
C. EDR endpoint detection and response
A worldwide manufacturing has been experiencing email accounts compromises. On one incident a user logged in from a company in France but then second later the same user account attempted a login from Brazil. Which of the following account policies would best prevent this type of attack? A. Network location B. Impossible travel time C. Geolocation D. Geofencing
C. Geolocation
Which of the following would best provide detective and corrective controls for thermal regulation? A. A smoke detector B. A fire alarm C. An HVAC System D. Guards
C. HVAC System
The SOC for a large MSSP is meeting to discuss the lessons learned from a recent incident that took much too long to resolve. This type of incident has become more common in the recent weeks and is consuming large amounts of these analyst's time due to manual task being performed. Which of the following solutions should the SOC consider to best improve its response time? A. Configure a NIDS appliance using a switched port analyzer B. Collect OSINT and catalog the artifacts in a central repository C. Implement a SOAR with customizable playbooks D. Install a SIEM with community driven threat intelligence
C. Implement a SOAR with customizable playbooks
A company is looking to migrate some servers to the cloud to minimize its technology footprint. The company has 100 databases that are on premises. Which of the following solutions will require the least management and support from the company? A. SaaS B. IaaS C. PaaS D. SDN
C. PaaS platform as a service
While investigating a data leakage incident, a security analyst reviews access control to cloud hosted data. The following information was presented in a secure posture report: Policy to control external application integration: admin authorized only -47 active integration to this part applications -2 applications authorized by admin -45 applications authorized by b users -32 OAuth apps authorize to access data Based on the report which of the following was the most likely attack vector used against the company? A. Spyware B. Logic bomb C. Potentially unwanted programs D. Supply chain
C. Potentially unwanted programs
After consulting with the chief risk officer (CRO) a manager decides to acquire Cybersecurity insurance for the company. Which of the following risk management strategies is the manager adopting? A. Risk acceptance B. Risk avoidance C. Risk transference D. Risk mitigation
C. Risk transference
Which of the following typically uses a combination of human and artificial intelligence to analyze event data and take action without intervention? A. TTP B. OSINT C. SOAR D. SIEM
C. SOAR security orchestration, automation, and response
An attacker has determined the best way to impact operations is to infiltrate third party software vendors. Which of the following vectors is being exploited? A. Social media B. Cloud C. Supply chain D. Social engineering
C. Supply chain
Which of the following best describes a social engineering attack that relies on an executive at a small business visiting a fake banking website where credit card and account details are harvested? A. Spam B. Pharming C. Whaling D. Invoice scam
C. Whaling
Which of the following controls would be best to use to prevent such a breach in the future? A. Password history B. Account expiration C. Password complexity D. Account lockout
D. Account lockout
Which of the following must be in place before implementing a BCP (business continuity plan)? A. SLA B. AUP C. NDA D. BIA
D. BIA business impact analysis
Pam, a forensic analyst needs to prove that the days she originally acquired had remained unchanged while in her custody. Which of the following should Pam use? A. Non repudiation B. Legal hold C. Chain of custody D. Check sums
D. Check sums
Which of the following is the most secure but least expensive data destruction method for data that is stored in hard drives? A. Pulverizing B. Shredding C. Incinerating D. Degaussing
D. Degaussing
Which of the following controls is used to make an organization initially aware of a data compromise? A. Protective B. Preventative C. Corrective D. Detective
D. Detective
Which of the following is a benefit of including a risk management framework into an organization's security approach? A. It defines expected service levels from participating supply chain partners to ensure system outages are remediated in timely manner B. It identifies specific vendor products that have been tested and approved for use in a secure environment C. It provides legal assurances and remedies in the event a data breach occurs D. It incorporates control, development policy and management activities into IT operations
D. It incorporates control, development policy and management activities into IT operations
An organization regularly scans its infrastructure for missing security patches but is concerned about hackers gaining access to the scanner's account. Which of the following would be best to minimize this risk while ensuring the scans are useful? A. Require complex, eight character password that is updated every 90 days B. Perform only non intrusive scans of workstations C. Use non credentialed scans against high risk servers D. Log and alert on unusual scanner account logon times
D. Log and alert on unusual scanner account logon times
The security team received a report of copyright infringement from the IP space of the corporate network. The report provided a precise time stamp for the incident as well as the name of the copyrighted file. The analyst has been tasked with determining the infringing source machine and instructed to implement measures to prevent such incidents from occurring again. Which of the following is the most capable of accomplishing both tasks? A. HIDS B. Allow list C. TPM D. NGFW
D. NGFW next generation firewall
A system administrator is troubleshooting a server's connection to an internal web server. The administrator needs to determine the correct ports to use. Which of the following tools best shows which ports on the web server are in a listening state? A. Ipconfig B. Ssh C. Ping D. Netstat
D. Netstat
A security administrator needs to inspect in transit files on the enterprise network to search for PII, credit card and classification words. Which of the following would be the best to use? A. IDS solution B. EDR solution C. HIPS software solution D. Network DLP solution
D. Network DLP solution
An application developer accidentally uploaded a company's code signing certificate private key to a public web server. The company is concerned about malicious use of its certificate. Which of the following should the company do first? A. Delete the private key from the repository B. Verify the public key is not exposed as well C. Update the DLP solution to check for private keys D. Revoke the code signing certificate
D. Revoke the code signing certificate
To reduce and limit software and infrastructure costs, the CIO has requested to move email services to the cloud. The cloud provider and the organization must have security controls to protect sensitive data. Which of the following cloud services would best accommodate the request? A. IaaS B. PaaS C. DaaS D. SaaS
D. SaaS
Which of the following should the company use to secure its website if the company is concerned with convenience and cost? A. Self signed certificate B. Root certificate C. Code signing certificate D. Wildcard certificate E. Extended validation certificate
D. Wildcard certificate
A forensics investigator is examining a number of unauthorized payments that were reported on the company's website. Some unusual log entries show users received an email for an unwanted mailing list and clicked on a link to attenpt to unsubscribe. One of the users reported the email to the phishing team and the forwarded email revealed the link to be: a href www.company.com/payto.>click here to unsubscribe</> Which of the following will the forensices investigator most likely determined has occured? A. SQL injection B. Broken authentication C. XSS D. XSRF
D. XSRF