sec plus
Which of the following would a security analyst use to determine if other companies in the same sector have seen similar malicious activity against their systems? A. Vulnerability scanner B. Open-source intelligence C. Packet capture D. Threat feeds
Threat feeds Threat feeds are a source of information about current and emerging threats, including indicators of compromise (IOCs), which can help organizations identify and respond to attacks. By analyzing threat feeds, a security analyst can identify if other organizations in the same sector are experiencing similar attacks or if a particular attack is unique to their organization.
A network administrator needs to determine the sequence of a server farm's logs. Which of the following should the administrator consider? (Choose two.) A. Chain of custody B. Tags C. Reports D. Time stamps E. Hash values F. Time offset
Time Stamps Hash Values
The board of directors at a company contracted with an insurance firm to limit the organization's liability. Which of the following risk management practices does this BEST describe? A. Transference B. Avoidance C. Mitigation D. Acknowledgement
Transference Transference is a risk management practice in which an organization shifts the financial burden of potential risks or losses to another party. In this scenario, by contracting with an insurance firm, the company is transferring the liability of certain risks to the insurance company. If an incident occurs that is covered by the insurance policy, the insurance company would bear the financial responsibility, thereby limiting the organization's liability.
Which of the following tools is effective in preventing a user from accessing unauthorized removable media? A. USB data blocker B. Faraday cage C. Proximity reader D. Cable lock
USB data blocker
A security engineer needs to recommend a solution to defend against malicious actors misusing protocols and being allowed through network defenses. Which of the following will the engineer most likely recommend? A. A content filter B. A WAF C. A next-generation firewall D. An IDS
A next-generation firewall A next-generation firewall (NGFW) offers advanced capabilities, including application awareness, protocol inspection, intrusion prevention, and deep packet inspection. These features make NGFWs well-suited to identify and block malicious actors misusing protocols and ensure that they do not bypass network defenses.
A company uses specially configured workstations for any work that requires administrator privileges to its Tier 0 and Tier 1 systems. The company follows a strict process to harden systems immediately upon delivery. Even with these strict security measures in place, an incident occurred from one of the workstations. The root cause appears to be that the SoC was tampered with or replaced. Which of the following MOST likely occurred? A. Fileless malware B. A downgrade attack C. A supply-chain attack D. A logic bomb E. Misconfigured BIOS
A supply chain attack. A supply-chain attack involves compromising the security of a product or component during its manufacturing, distribution, or delivery process. In this case, the incident suggests that the SoC (System on a Chip) in one of the specially configured workstations was tampered with or replaced, indicating a compromise in the supply chain.
Which of the following statements BEST describes zero-day exploits? A. When a zero-day exploit is discovered, the system cannot be protected by any means. B. Zero-day exploits have their own scoring category in CVSS. C. A zero-day exploit is initially undetectable, and no patch for it exists. D. Discovering zero-day exploits is always performed via bug bounty programs.
A zero day exploit is initially undetectable, and no patch for it exists
An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic. Which of the following will help achieve these objectives? A. Deploying a SASE solution to remote employees B. Building a load-balanced VPN solution with redundant internet C. Purchasing a low-cost SD-WAN solution for VPN traffic D. Using a cloud provider to create additional VPN concentrators
A. Deploying a SASE solution to remote employees SASE (Secure Access Service Edge) is a comprehensive networking and security approach that combines wide-area networking (WAN) capabilities with security features. It provides secure access to applications and data, including encrypted tunnel access to the data center, while also offering monitoring capabilities for remote employee internet traffic. By implementing a SASE solution, the organization can reduce traffic on the VPN and internet circuit by routing traffic intelligently through the cloud, closer to the users. This approach helps optimize performance and security, addressing the scaling issues effectively.
A network manager wants to protect the company's VPN by multifactor authentication that uses: • Something you know • Something you have • Somewhere you are Which of the following would accomplish the manager's goal? A. Domain name. PKI, GeoIP lookup B. VPN IP address, company ID. partner site C. Password, authentication token, thumbprint D. Company URL, TLS certificate, home address
A. Domain name. PKI, GeoIP lookup
Several attempts have been made to pick the door lock of a secure facility. As a result, the security engineer has been assigned to implement a stronger preventative access control. Which of the following would BEST complete the engineer's assignment? A. Replacing the traditional key with an RFID key B. Installing and monitoring a camera facing the door C. Setting motion-sensing lights to illuminate the door on activity D. Surrounding the property with fencing and gates
A. Replacing the traditional key with an RFID key
A news article states hackers have been selling access to IoT camera feeds. Which of the following is the MOST likely reason for this issue? A. Outdated software B. Weak credentials C. Lack of encryption D. Backdoors
Weak credentials
While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is alerted to a subsequent token reuse moments later on a different service using the same single sign-on method. Which of the following would BEST detect a malicious actor? A. Utilizing SIEM correlation engines B. Deploying Netflow at the network border C. Disabling session tokens for all sites D. Deploying a WAF for the web server
A. Utilizing SIEM correlation engines
A security analyst wants to fingerprint a web server. Which of the following tools will the security analyst MOST likely use to accomplish this task? A. nmap -pl-65535 192.168.0.10 B. dig 192.168.0.10 C. curl --head http://192.168.0.10 D. ping 192.168.0.10
A. nmap -pl-65535 192.168.0.10
Digital signatures use asymmetric encryption. This means the message is encrypted with: A. the sender's private key and decrypted with the sender's public key. B. the sender's public key and decrypted with the sender's private key. C. the sender's private key and decrypted with the recipient's public key. D. the sender's public key and decrypted with the recipient's private key.
A. the sender's private key and decrypted with the sender's public key.
The marketing department at a retail company wants to publish an internal website to the internet so it is reachable by a limited number of specific, external service providers in a secure manner. Which of the following configurations would be BEST to fulfil this requirement? A. NAC B. ACL C. WAF D. NAT
ACL
Users are presented with a banner upon each login to a workstation. The banner mentions that users are not entitled to any reasonable expectation of privacy and access is for authorized personnel only. In order to proceed past that banner, users must click the OK button. Which of the following is this an example of? A. AUP B. NDA C. SLA D. MOU
AUP (acceptable use policy)
Which of the following will provide the BEST physical security countermeasures to stop intruders? (Choose two.) A. Alarms B. Signage C. Lighting D. Access control vestibules E. Fencing F. Sensors
Access control vestibules Fencing
The compliance team requires an annual recertification of privileged and non-privileged user access. However, multiple users who left the company six months ago still have access. Which of the following would have prevented this compliance violation? A. Account audits B. AUP C. Password reuse D. SSO
Account audits
A user's account is constantly being locked out. Upon further review, a security analyst found the following in the SIEM: Time. log message 9:00:01 login: user. password: aBG23TMV 9:00:02 login: user. password: aBG33TMV 9:00:03 login: user. password: aBG43TMV 9:00:04 login: user. password: aBG53TMV Which of the following describes what is occurring? A. An attacker is utilizing a password-spraying attack against the account. B. An attacker is utilizing a dictionary attack against the account. C. An attacker is utilizing a brute-force attack against the account. D. An attacker is utilizing a rainbow table attack against the account.
An attacker is utilizing a brute force attack against the account
A company is receiving emails with links to phishing sites that look very similar to the company's own website address and content. Which of the following is theBEST way for the company to mitigate this attack? A. Create a honeynet to trap attackers who access the VPN with credentials obtained by phishing. B. Generate a list of domains similar to the company's own and implement a DNS sinkhole for each. C. Disable POP and IMAP on all Internet-facing email servers and implement SMTPS. D. Use an automated tool to flood the phishing websites with fake usernames and passwords.
B. Generate a list of domains similar to the company's own and implement a DNS sinkhole for each.
Which of the following best describes why a company would erase a newly purchased device and install its own image with an operating system and applications? A. Installing a new operating system thoroughly tests the equipment B. Removing unneeded applications reduces the system's attack surface C. Reimaging a system creates an updated baseline of the computer image D. Wiping the device allows the company to evaluate its performance
B. Removing unneeded applications reduces the system's attack surface
A security analyst is scanning a company's public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend? A. Changing the remote desktop port to a non-standard number B. Setting up a VPN and placing the jump server inside the firewall C. Using a proxy for web connections from the remote desktop server D. Connecting the remote server to the domain and increasing the password length
B. Setting up a VPN and placing the jump server inside the firewall
Which of the following would be the BEST way to analyze diskless malware that has infected a VDI? A. Shut down the VDI and copy off the event logs. B. Take a memory snapshot of the running system. C. Use NetFlow to identify command-and-control IPs. D. Run a full on-demand scan of the root volume.
B. Take a memory snapshot of the running system.
During a security incident, the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network. Which of the following fulfills this request? A. access-list inbound deny ip source 0.0.0.0/0 destination 10.1.4.9/32 B. access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0 C. access-list inbound permit ip source 10.1.4.9/32 destination 0.0.0.0/0 D. access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32
B. access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0
An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following policies is the administrator carrying out? A. Compromise B. Retention C. Analysis D. Transfer E. Inventory
B. retention
While troubleshooting service disruption on a mission-critical server, a technician discovered the user account that was configured to run automated processes was disabled because the user s password failed to meet password complexity requirements. Which of the following would be the best solution to securely prevent future issues? A. Using an administrator account to run the processes and disabling the account when it is not in use B. Implementing a shared account the team can use to run automated processes C. Configuring a service account to run the processes D. Removing the password complexity requirements for the user account
C. Configuring a service account to run the processes
A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to the account and pivot throughout the global network. Which of the following would be BEST to help mitigate this concern? A. Create different accounts for each region, each configured with push MFA notifications. B. Create one global administrator account and enforce Kerberos authentication. C. Create different accounts for each region, limit their logon times, and alert on risky logins. D. Create a guest account for each region, remember the last ten passwords, and block password reuse.
C. Create different accounts for each region, limit their logon times, and alert on risky logins.
As part of annual audit requirements, the security team performed a review of exceptions to the company policy that allows specific users the ability to use USB storage devices on their laptops. The review yielded the following results: • The exception process and policy have been correctly followed by the majority of users. • A small number of users did not create tickets for the requests but were granted access. • All access had been approved by supervisors. • Valid requests for the access sporadically occurred across multiple departments. • Access, in most cases, had not been removed when it was no longer needed. Which of the following should the company do to ensure that appropriate access is not disrupted but unneeded access is removed in a reasonable time frame? A. Create an automated, monthly attestation process that removes access if an employee's supervisor denies the approval. B. Remove access for all employees and only allow new access to be granted if the employee's supervisor approves the request. C. Perform a quarterly audit of all user accounts that have been granted access and verify the exceptions with the management team. D. Implement a ticketing system that tracks eac
C. Perform a quarterly audit of all user accounts that have been granted access and verify the exceptions with the management team.
A recent audit cited a risk involving numerous low-criticality vulnerabilities created by a web application using a third-party library. The development staff state there are still customers using the application even though it is end of life and it would be a substantial burden to update the application for compatibility with more secure libraries. Which of the following would be the MOST prudent course of action? A. Accept the risk if there is a clear road map for timely decommission. B. Deny the risk due to the end-of-life status of the application. C. Use containerization to segment the application from other applications to eliminate the risk. D. Outsource the application to a third-party developer group.
C. Use containerization to segment the application from other applications to eliminate the risk.
An organization that is located in a flood zone is MOST likely to document the concerns associated with the restoration of IT operations in a: A. business continuity plan. B. communications plan. C. disaster recovery plan. D. continuity of operations plan.
C. disaster recovery plan.
Which of the following provides a calculated value for known vulnerabilities so organizations can prioritize mitigation steps? A. CVSS B. SIEM C. SOAR D. CVE
CVSS. CVSS (Common Vulnerability Scoring System) is a standardized scoring system used to assess and quantify the severity of known vulnerabilities. It provides a calculated value or score for each vulnerability based on its characteristics and potential impact. The CVSS score helps organizations prioritize their mitigation efforts by understanding the severity of each vulnerability and taking appropriate action accordingly. Higher CVSS scores indicate more severe vulnerabilities that require immediate attention and mitigation.
A security operations center wants to implement a solution that can execute files to test for malicious activity. The solution should provide a report of the files' activity against known threats. Which of the following should the security operations center implement? A. the Harvester B. Nessus C. Cuckoo D. Sn1per
Cuckoo Cuckoo is a sandbox that can run programs and identify any malware. The virtualized environment supports Windows Linux, Mac OS, and Android.
Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company's final software releases? (Choose two.) A. Unsecure protocols B. Use of penetration-testing utilities C. Weak passwords D. Included third-party libraries E. Vendors/supply chain F. Outdated anti-malware software
D. Included third party libraries E. Vendors/Supply chain
Which of the following best describes the risk that is present once mitigations are applied? A. Control risk B. Residual risk C. Inherent risk D. Risk awareness
D. Residual risk The residual risk is the risk that remains after an organization implements controls designed to mitigate, avoid, and/or transfer the inherent risk.
The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve security in the environment and protect patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that training and guidance have not been provided to frontline staff, and a risk analysis has not been performed. Which of the following is the MOST likely cause of the CRO's concerns? A. SSO would simplify username and password management, making it easier for hackers to guess accounts. B. SSO would reduce password fatigue, but staff would still need to remember more complex passwords. C. SSO would reduce the password complexity for frontline staff. D. SSO would reduce the resilience and availability of systems if the identity provider goes offline.
D. SSO would reduce the resilience and availability of systems if the identity provider goes offline.
A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack? A. DDoS B. Privilege escalation C. DNS poisoning D. Buffer overflow
DDoS
The Chief Information Security Officer is concerned about employees using personal email rather than company email to communicate with clients and sending sensitive business information and PII. Which of the following would be the BEST solution to install on the employees' workstations to prevent information from leaving the company's network? A. HIPS B. DLP C. HIDS D. EDR
DLP Data Loss Prevention enables businesses to detect data loss, as well as prevent the illicit transfer of data outside the organization and the unwanted destruction of sensitive or personally identifiable data (PII).
Which of the following is a known security risk associated with data archives that contain financial information? A. Data can become a liability if archived longer than required by regulatory guidance. B. Data must be archived off-site to avoid breaches and meet business requirements. C. Companies are prohibited from providing archived data to e-discovery requests. D. Unencrypted archives should be preserved as long as possible and encrypted.
Data can become a liability if archived longer than required by regulatory guidance.
A company is moving to new location. The systems administrator has provided the following server room requirements to the facilities staff: • Consistent power levels in case of brownouts or voltage spikes • A minimum of 30 minutes runtime following a power outage • Ability to trigger graceful shutdowns of critical systems Which of the following would BEST meet the requirements? A. Maintaining a standby, gas-powered generator B. Using large surge suppressors on computer equipment C. Configuring managed PDUs to monitor power levels D. Deploying an appropriately sized, network-connected UPS device
Deploying an appropriately sized, network-connected UPS device
An organization implemented a process that compares the settings currently configured on systems against secure configuration guidelines in order to identify any gaps. Which of the following control types has the organization implemented? A. Compensating B. Corrective C. Preventive D. Detective
Detective -Compensating - controls designed to mitigate the risk associated with exceptions made to a security policy. -Corrective - remediate security issues that have already occurred. Restoring backups after a ransomware attack is an example of a corrective control. -Preventive - intend to stop a security issue before it occurs. Firewalls and encryption are examples of preventive controls. -Detective - identify security events that have already occurred. Intrusion detection systems are detective controls.
Which of the following environments utilizes dummy data and is MOST likely to be installed locally on a system that allows code to be assessed directly and modified easily with each build? A. Production B. Test C. Staging D. Development
Development
The most recent vulnerability scan flagged the domain controller with a critical vulnerability. The systems administrator researched the vulnerability and discovered the domain controller does not run the associated application with the vulnerability. Which of the following steps should the administrator take next? A. Ensure the scan engine is configured correctly. B. Apply a patch to the domain controller. C. Research the CVE. D. Document this as a false positive.
Document this as a false positive
A user is attempting to navigate to a website from inside the company network using a desktop. When the user types in the URL, https://www.site.com, the user is presented with a certificate mismatch warning from the browser. The user does not receive a warning when visiting http://www.anothersite.com. Which of the following describes this attack? A. On-path B. Domain hijacking C. DNS poisoning D. Evil twin
Domain hijacking
A company wants to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategy to implement? A. Incremental backups followed by differential backups B. Full backups followed by incremental backups C. Delta backups followed by differential backups D. Incremental backups followed by delta backups E. Full backups followed by differential backups
E. Full backups followed by differential backups while an incremental backup only includes the data that has changed since the previous backup, a differential backup contains all of the data that has changed since the last full backup.
Historically, a company has had issues with users plugging in personally owned removable media devices into corporate computers. As a result, the threat of malware incidents is almost constant. Which of the following would best help prevent the malware from being installed on the computers? A. AUP B. NGFW C. DLP D. EDR
EDR (endpoint detection response)
An organization wants to implement a biometric system with the highest likelihood that an unauthorized user will be denied access. Which of the following should the organization use to compare biometric solutions? A. FRR B. Difficulty of use C. Cost D. FAR E. CER
FAR: False acceptance rate
The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, including during a pandemic or crisis. However, the CEO is concerned that some staff members may take advantage of the flexibility and work from high-risk countries while on holiday or outsource work to a third-party organization in another country. The Chief Information Officer (CIO) believes the company can implement some basic controls to mitigate the majority of the risk. Which of the following would be BEST to mitigate the CEO's concerns? (Choose two.) A. Geolocation B. Time-of-day restrictions C. Certificates D. Tokens E. Geotagging F. Role-based access controls
Geo location Time of day restrictions
A worldwide manufacturing company has been experiencing email account compromises. In one incident, a user logged in from the corporate office in France, but then seconds later, the same user account attempted a login from Brazil. Which of the following account policies would BEST prevent this type of attack? A. Network location B. Impossible travel time C. Geolocation D. Geofencing
Geofencing So when someone is logging into the network, you can check to see where this device is physically located. And if they happen to be in or around the building, you can allow that authentication to continue. If you check the authentication and the user's authenticating from a different country, than you might want to automatically deny authentication from occurring.
A security engineer is concerned that the strategy for detection on endpoints is too heavily dependent on previously defined attacks. The engineer would like a tool to monitor for changes to key files and network traffic on the device. Which of the following tools BEST addresses both detection and prevention? A. NIDS B. HIPS C. AV D. NGFW
HIPS A host-based intrusion prevention system (HIPS) is a tool that monitors for changes to key files and network traffic on a device
Server administrators want to configure a cloud solution so that computing memory and processor usage is maximized most efficiently across a number of virtual servers. They also need to avoid potential denial-of-service situations caused by availability. Which of the following should administrators configure to maximize system availability while efficiently utilizing available computing power? A. Dynamic resource allocation B. High availability C. Segmentation D. Container security
High availability High availability refers to designing a system with redundancy and failover mechanisms to minimize downtime and ensure continuous operation. By implementing high availability measures, administrators can distribute computing load across multiple servers and ensure that if one server fails, the workload is automatically transferred to another available server. This not only enhances system availability but also allows for efficient utilization of computing resources as the workload is distributed across multiple servers.
Which of the following will increase cryptographic security? A. High data entropy B. Algorithms that require less computing power C. Longer key longevity D. Hashing
High data entropy Entropy is a measure of disorder. A plaintext will usually exhibit low entropy as it represents a message in a human language or programming language or data structure. The plaintext must be ordered for it to be intelligible to a person, computer processor, or database. One of the requirements of a strong cryptographic algorithm is to produce a disordered ciphertext. Put another way, the ciphertext must exhibit a high level of entropy. If any elements of order from the plaintext persist, it will make the ciphertext vulnerable to cryptanalysis, and the algorithm can be shown to be weak.
A security admin is evaluating remote access solutions for employees who are geographically dispersed. Which of the following would provide the MOST secure remote access? ( choose 2) a. IPSec b. SFTP c. SRTP d. LDAPS e. S/MIME F. SSL VPN
IPSEC SSL VPN IPSec (Internet Protocol Security): IPSec provides secure communication over IP networks by encrypting and authenticating network traffic. It establishes a secure tunnel between the remote user and the organization's network, ensuring confidentiality, integrity, and authenticity of the data transmitted. SSL VPN (Secure Sockets Layer Virtual Private Network): SSL VPN is a remote access solution that uses SSL/TLS protocols to secure the connection between the remote user and the internal network. It provides secure access to internal resources through a web browser or dedicated client, allowing for encrypted data transmission and authentication.
Joe, a user at a company, clicked an email link that led to a website that infected his workstation. Joe was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and it has continued to evade detection. Which of the following should a security administrator implement to protect the environment from this malware? A. Install a definition-based antivirus. B. Implement an IDS/IPS. C. Implement a heuristic behavior-detection solution. D. Implement CASB to protect the network shares.
Implement a heuristic behavior-detection solution
A technician was dispatched to complete repairs on a server in a data center. While locating the server, the technician entered a restricted area without authorization. Which of the following security controls would BEST prevent this in the future? A. Use appropriate signage to mark all areas. B. Utilize cameras monitored by guards. C. Implement access control vestibules. D. Enforce escorts to monitor all visitors.
Implement access control vestibules
An analyst receives multiple alerts for beaconing activity for a host on the network. After analyzing the activity, the analyst observes the following activity:* A user enters comptia.org into a web browser.* The website that appears is not the comptia.org site.* The website is a malicious site from the attacker.* Users in a different office are not having this issue.Which of the following types of attacks was observed? A. On-path attack B. DNS poisoning C. Locator (URL) redirection D. Domain hijacking
Locator (URL) redirection The answer would have been DNS Poisoning if all users are impacted, since one user is impacted the answer is C as Locator URL redirection is a technique which allows an attacker to force users application or web browser to an untrusted external site.
A security analyst is reviewing the following command-line output: which of the following is the analyst observing? a. ICMP spoofing b. URL redirection c. MAC address cloning d. DNS poisoning
MAC address cloning
Unauthorized devices have been detected on the internal network. The devices' locations were traced to Ethernet ports located in conference rooms. Which of the following would be the best technical controls to implement to prevent these devices from accessing the internal network? A. NAC B. DLP C. IDS D. MFA
NAC
Which of the following organizations sets frameworks and controls for optimal security configuration on systems? A. ISO B. GDPR C. PCI DSS D. NIST
NIST
A Chief Information Security Officer (CISO) is evaluating the dangers involved in deploying a new ERP system for the company. The CISO categorizes the system, selects the controls that apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system. Which of the following is the CISO using to evaluate the environment for this new ERP system? A. The Diamond Model of Intrusion Analysis B. CIS Critical Security Controls C. NIST Risk Management Framework D. ISO 27002
NIST risk management framework
A security administrator needs to inspect in-transit files on the enterprise network to search for PII, credit card data, and classification words. Which of the following would be the BEST to use? A. IDS solution B. EDR solution C. HIPS software solution D. Network DLP solution
Network DLP solution
A business operations manager is concerned that a PC that is critical to business operations will have a costly hardware failure soon. The manager is looking for options to continue business operations without incurring large costs. Which of the following would mitigate the manager's concerns? A. Implement a full system upgrade. B. Perform a physical-to-virtual migration. C. Install uninterruptible power supplies. D. Purchase cybersecurity insurance.
Perform a physical-to-virtual migration
Joe, an employee, receives an email stating he won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm Joe's identity before sending him the prize. Which of the following BEST describes this type of email? A. Spear phishing B. Whaling C. Phishing D. Vishing
Phishing
A user downloaded an extension for a browser and the user's device later became infected. The analyst who is investigating the incident saw various logs where the attacker was hiding activity by deleting data. The following was observed running: New-Partition -DiskNumber 2 -UseMaximumSize -AssignDriveLetter C| Format-Volume -DriveLetter C - FileSystemLabel "New"-FileSystem NTFS - Full -Force -Confirm:$false | Which of the following is the malware using to execute the attack? A. PowerShell B. Python C. Bash D. Macros
PowerShell
An IT security manager requests a report on company information that is publicly available. The manager's concern is that malicious actors will be able to access the data without engaging in active reconnaissance. Which of the following is the MOST efficient approach to perform the analysis? A. Provide a domain parameter to theHarvester tool. B. Check public DNS entries using dnsenum. C. Perform a Nessus vulnerability scan targeting a public company's IP. D. Execute nmap using the options: scan all ports and sneaky mode.
Provide a domain parameter to theharvester tool The package contains a tool for gathering subdomain names, e-mail addresses, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers).
Cloud security engineers are planning to allow and deny access to specific features in order to increase data security. Which of the following cloud features is the most appropriate to ensure access is granted properly? A. API integrations B. Auditing C. Resource policies D. Virtual networks
Resource policies
A security administrator, who is working for a government organization, would like to utilize classification and granular planning to secure top secret data and grant access on a need-to-know basis. Which of the following access control schemas should the administrator consider? A. Mandatory B. Rule-based C. Discretionary D. Role-based
Role-based ?? [Mandatory]
Multiple beaconing activities to a malicious domain have been observed. The malicious domain is hosting malware from various endpoints on the network. Which of the following technologies would be BEST to correlate the activities between the different endpoints? A. Firewall B. SIEM C. IPS D. Protocol analyzer
SIEM
A security analyst is evaluating solutions to deploy an additional layer of protection for a web application. The goal is to allow only encrypted communications without relying on network devices. Which of the following can be implemented? A. HTTP security header B. DNSSEC implementation C. SRTP D. S/MIME
SRTP (secure real time transport protocol)
A data administrator is configuring authentication for a saas application and would like to reduce the number of credentials employees need to maintain. the company prefers to use domain credentials to access a new Saas applications. Which of the following methods would allow this functionality? A. SSO B. LEAP C. MFA D. PEAP
SSO (single sign on)
To reduce costs and overhead, an organization wants to move from an on-premises email solution to a cloud-based email solution. At this time, no other services will be moving. Which of the following cloud models would BEST meet the needs of the organization? A. SaaS B. PaaS C. laaS D. MaaS
SaaS
which of the following best represents an application that does not have an on-premises requirement and is accessible from anywhere? a. PaaS b. hybrid cloud c. private cloud d. Iaas e. SaaS
SaaS
Against the recommendation of the IT security analyst, a company set all user passwords on a server as `P@55w0rD`. Upon review of the /etc/passwd file, an attacker found the following: alice:a8df3b6c4fd75f0617431fd248f35191df8d237f bob:2d250c5b2976b03d757f324ebd59340df96aa05e chris:ea981ec3285421d014108089f3f3f997ce0f4150Which of the following BEST explains why the encrypted passwords do not match? A. Perfect forward secrecy B. Key stretching C. Salting D. Hashing
Salting The reason the encrypted passwords do not match is due to the use of salting. In password hashing, salting involves adding a random value (the salt) to the password before hashing it. The salt value is unique for each user, which means even if two users have the same password, their hashed passwords will be different due to the different salt values. In the given scenario, the three encrypted passwords for Alice, Bob, and Chris do not match each other because each password is hashed with a different salt. This adds an extra layer of security and prevents attackers from easily identifying common passwords by looking at the hashed values.
Which of the following is an administrative control that would be MOST effective to reduce the occurrence of malware execution? A. Security awareness training B. Frequency of NIDS updates C. Change control procedures D. EDR reporting cycle
Security awareness training
A database administrator wants to grant access to an application that will be reading and writing data to a database. The database is shared by other applications also used by the finance department. Which of the following account types is MOST appropriate for this purpose? A. Service B. Shared C. Generic D. Admin
Service
After installing a Patch on a security appliance, an organization realized a massive data exfiltration had occurred. Which of the best describes the incident? A. SUpply chain attack b. ransomware attack c.cryptographic attack d.password attack
Supply chain attack
An analyst visits an Internet forum looking for information about a tool. The analyst finds a thread that appears to contain relevant information. One of the posts says the following: Which of the following BEST describes the attack that was attempted against the forum readers? A. SQLi attack B. DLL attack C. XSS attack D. API attack
XSS attack
All security analysts' workstations at a company have network access to a critical server VLAN. The information security manager wants to further enhance the controls by requiring that all access to the secure VLAN be authorized only from a given single location. Which of the following will the information security manager most likely implement? A. A forward proxy server B. A jump server C. A reverse proxy server D. A stateful firewall server
a jump server
Audit logs indicate an administrative account that belongs to a security engineer has been locked out multiple times during the day. The security engineer has been on vacation for a few days. Which of the following attacks can the account lockout be attributed to? A. Backdoor B. Brute-force C. Rootkit D. Trojan
brute force
Which of the following should a security administrator adhere to when setting up a new set of firewall rules? a. disaster recovery plan b. incident response procedure c. business continuity plan d. change management procedure
change management procedure
The local administrator account for a company's VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have prevented this from happening? A. Using least privilege B. Changing the default password C. Assigning individual user IDs D. Implementing multifactor authentication
changing the default password
Which of the following control types would be BEST to use in an accounting department to reduce losses from fraudulent transactions? A. Recovery B. Deterrent C. Corrective D. Detective
detective
A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring? A. Encryption at rest B. Masking C. Data classification D. Permission restrictions
encryption at rest
A company suspects that some corporate accounts were compromised. The number of suspicious logins from locations not recognized by the users is increasing.Employees who travel need their accounts protected without the risk of blocking legitimate login requests that may be made over new sign-in properties. Which of the following security controls can be implemented? A. Enforce MFA when an account request reaches a risk threshold. B. Implement geofencing to only allow access from headquarters. C. Enforce time-based login requests that align with business hours. D. Shift the access control scheme to a discretionary access control.
enforce MFA when an account request reaches a risk threshold
A security analyst receives an alert from the company's SIEM that anomalous activity is coming from a local source IP address of 192.168.34.26. The CISO asks the analyst to block the originating source. Several days later, another employee opens an internal ticket stating that vulnerability scans are no longer being performed properly. The IP address the employee provides is 192.168.34.26. Which of the following describes this type of alert? a. true negative b. true positive c. false positive d. false negative
false positive
Which of the following is a benefit of including a risk management framework into an organization's security approach? a. it defines expected service levels from participating supply chain partners to ensure system outages are remediated in a timely manner. b. it identifies specific vendor products that have been tested an approved for use in a secure environment. c. it provides legal assurances and remedies in the event a data breach occurs. d. it incorporates control, development, policy, and management activities into IT operations
it incorporates control, development, policy, and mangement activities into IT operations
Which of the following is a policy that provides a greater depth and breadth of knowledge across an organization? A. Asset management policy B. Separation of duties policy C. Acceptable use policy D. Job rotation policy
job rotation policy
As part of a security compliance assessment, an auditor performs automated vulnerability scans. In addition, which of the following should the auditor do to complete the assessment? A. User behavior analysis B. Packet captures C. Configuration reviews D. Log analysis
log analysis
An organization is concerned that its hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities? A. hping3 -S comptia.org -p 80 B. nc -l -v comptia.org -p 80 C. nmap comptia.org -p 80 -sV D. nslookup -port=80 comptia.org
nmap comptia.org -p 80 -sV
A company labeled some documents with the public sensitivity classification. This means the documents can be accessed by: A. employees of other companies and the press B. all members of the department that created the documents. C. only the company's employees and those listed in the document. D. only the individuals listed in the documents.
only the company's employees and those listed in the document
A security analyst is performing a forensic investigation involving compromised account credentials. Using the Event Viewer, the analyst was able to detect the following message: `Special privileges assigned to new logon.` Several of these messages did not have a valid logon associated with the user before these privileges were assigned.Which of the following attacks is MOST likely being detected? A. Pass-the-hash B. Buffer overflow C. Cross-site scripting D. Session replay
pass the hash
A security analyst is reviewing the following logs: Which of the following attacks is most likely occuring? a. password spraying b. account forgery c. pass-the-hash d. brute force
password spraying
A newly identified network access vulnerability has been found in the OS of legacy IoT devices. Which of the following would best mitigate this vulnerability quickly? A. Insurance B. Patching C. Segmentation D. Replacement
patching
Which of the following BEST describes the team that acts as a referee during a pen-testing exercise? a. white team b. purple team c. green team d. blue team e. red team
purple team
A Chief Security Officer is looking for a solution that can provide increased scalability and flexibility for back-end infrastructure, allowing it to be updated and modified without disruption to services. The security architect would like the solution selected to reduce the back-end server resources and has highlighted that session persistence is not important for the applications running on the back-end servers. Which of the following would BEST meet the requirements? A. Reverse proxy B. Automated patch management C. Snapshots D. NIC teaming
reverse proxy Increased Scalability: Reverse proxies can distribute incoming requests to various back-end servers, improving scalability and ensuring high availability. Flexibility for Updates: Since the reverse proxy handles client requests, backend servers can be taken down for maintenance or updates without causing service disruption. Reduced Server Resources: By caching content and offloading SSL termination, reverse proxies can reduce the load on back-end servers. Session Persistence Not Important: A reverse proxy can operate without needing to maintain session persistence
Which of the following is a risk that is specifically associated with hosting applications in the public cloud? a. unsecured root accounts b. zero day c. shared tenancy d. insider threat
shared tenancy
An administrator identifies some locations on the third floor of the building that have a poor wireless signal Multiple users confirm the incident and report it is not an isolated event. Which of the following should the administrator use to find the areas with a poor or non-existent wireless signal? A. Heat map B. Input validation C. Site survey D. Embedded systems
site survey
The Chief Information Security Officer (CISO) of a bank recently updated the incident response policy. The CISO is concerned that members of the incident response team do not understand their roles. The bank wants to test the policy but with the least amount of resources or impact. Which of the following BEST meets the requirements? A. Warm site failover B. Tabletop walk-through C. Parallel path testing D. Full outage simulation
tabletop walk through
An attacker is trying to gain access by installing malware on a website that is known to be visited by the target victims. Which of the following is the attacker MOST likely attempting? A. A spear-phishing attack B. A watering-hole attack C. Typo squatting D. A phishing attack
watering hole attack
An attacker is targeting a company. The attacker notices that the company's employees frequently access a particular website. The attacker decides to infect the website with malware and hopes the employees' devices will also become infected. Which of the follow ng techniques is the attacker using? A. Watering-hole attack B. Pretexting C. Typosquatting D. Impersonation
watering-hole attack
During a recent security assessment, a vulnerability was found in a common OS. The OS vendor was unaware of the issue and promised to release a patch within the next quarter. Which of the following BEST describes this type of vulnerability? A. Legacy operating system B. Weak configuration C. Zero day D. Supply chain
zero day