sec+3
The dark web
A Chief Executive Officer's (CEO) personal information was stolen in a social-engineering attack. Which of the following sources would reveal if the CEO's personal information is for sale? A. Automated information sharing B. Open-source intelligence C. The dark web D. Vulnerability databases
RAID/UPS/Geographic dispersal
A Chief Information Security Officer has defined resiliency requirements for a new data center architecture. The requirements are as follows:* Critical fileshares will remain accessible during and after a natural disaster.* Five percent of hard disks can fail at any given time without impacting the data.* Systems will be forced to shut down gracefully when battery levels are below 20%.Which of the following are required to BEST meet these objectives? (Choose three.) A. Fiber switching B. IaC C. NAS D. RAID E. UPS F. Redundant power supplies G. Geographic dispersal H. Snapshots I. Load balancing
DNSSEC
A Chief Information Security Officer wants to ensure the organization is validating and checking the integrity of zone transfers. Which of the following solutions should be implemented? A. DNSSEC B. LDAPS C. NGFW D. DLP
Load balancer
A Chief Security Officer is looking for a solution that can reduce the occurrence of customers receiving errors from back-end infrastructure when systems go offline unexpectedly. The security architect would like the solution to help maintain session persistence. Which of the following would BEST meet the requirements? A. Reverse proxy B. NIC teaming C. Load balancer D. Forward proxy
Integration and auditing
A company acquired several other small companies. The company that acquired the others is transitioning network services to the cloud. The company wants to make sure that performance and security remain intact. Which of the following BEST meets both requirements? A. High availability B. Application security C. Segmentation D. Integration and auditing
CASB
A company is moving its retail website to a public cloud provider. The company wants to tokenize credit card data but not allow the cloud provider to see the stored credit card information. Which of the following would BEST meet these objectives? A. WAF B. CASB C. VPN D. TLS
Block access to application stores
A company is working on mobile device security after a report revealed that users granted non-verified software access to corporate data. Which of the following is the MOST effective security control to mitigate this risk? A. Block access to application stores B. Implement OTA updates C. Update the BYOD policy D. Deploy a uniform firmware
Configure the MDM software to enforce the use of PINs to access the phone
A company recently decided to allow its employees to use their personally owned devices for tasks like checking email and messaging via mobile applications. The company would like to use MDM, but employees are concerned about the loss of personal data. Which of the following should the IT department implement to BEST protect the company against company data loss while still addressing the employees' concerns? A. Enable the remote-wiping option in the MDM software in case the phone is stolen. B. Configure the MDM software to enforce the use of PINs to access the phone. C. Configure MDM for FDE without enabling the lock screen. D. Perform a factory reset on the phone before installing the company's applications.
TLS
A company wants to build a new website to sell products online. The website will host a storefront application that will allow visitors to add products to a shopping cart and pay for the products using a credit card. Which of the following protocols would be the MOST secure to implement? A. SSL B. SFTP C. SNMP D. TLS
Implement an SWG.
A network administrator is concerned about users being exposed to malicious content when accessing company cloud applications. The administrator wants to be able to block access to sites based on the AUP. The users must also be protected because many of them work from home or at remote locations, providing on-site customer support. Which of the following should the administrator employ to meet these criteria? A. Implement NAC. B. Implement an SWG. C. Implement a URL filter. D. Implement an MDM.
Jump servers
A network engineer created two subnets that will be used for production and development servers. Per security policy production and development servers must each have a dedicated network that cannot communicate with one another directly. Which of the following should be deployed so that server administrators can access these devices? A. VLANs B. Internet proxy servers C. NIDS D. Jump servers
139/445
A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned that servers in the company's DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN. Which of the following TCP ports should be blocked for all external inbound connections to the DMZ as a workaround to protect the servers? (Choose two.) A. 135 B. 139 C. 143 D. 161 E. 443 F. 445
Weak credentials
A news article states hackers have been selling access to IoT camera feeds. Which of the following is the MOST likely reason for this issue? A. Outdated software B. Weak credentials C. Lack of encryption D. Backdoors
Secure the access point and cabling inside the drop ceiling.
A penetration tester is brought on site to conduct a full attack simulation at a hospital. The penetration tester notices a WAP that is hanging from the drop ceiling by its cabling and is reachable. Which of the following recommendations would the penetration tester MOST likely make given this observation? A. Employ a general contractor to replace the drop-ceiling tiles. B. Place the network cabling inside a secure conduit. C. Secure the access point and cabling inside the drop ceiling. D. Utilize only access points that have internal antennas
Buffer overflow
A penetration tester is fuzzing an application to identify where the EIP of the stack is located on memory. Which of the following attacks is the penetration tester planning to execute? A. Race-condition B. Pass-the-hash C. Buffer overflow D. XSS
SOAR playbook
A recent phishing campaign resulted in several compromised user accounts. The security incident response team has been tasked with reducing the manual labor of filtering through all the phishing emails as they arrive and blocking the sender's email address, along with other time-consuming mitigation actions. Which of the following can be configured to streamline those tasks? A. SOAR playbook B. MDM policy C. Firewall rules D. URL filter E. SIEM data collection
Evil twin
A security administrator is analyzing the corporate wireless network. The network only has two access points running on channels 1 and 11. While using airodump-ng, the administrator notices other access points are running with the same corporate ESSID on all available channels and with the same BSSID of one of the legitimate access points. Which of the following attacks is happening on the corporate network? A. On-path B. Evil twin C. Jamming D. Rogue access point E. Disassociation
Directory traversal
A security administrator is trying to determine whether a server is vulnerable to a range of attacks. After using a tool, the administrator obtains the following output: Which of the following attacks was successfully implemented based on the output? A. Memory leak B. Race conditions C. SQL injection D. Directory traversal
WPA2-Enterprise
A security analyst has been tasked with creating a new WiFi network for the company. The requirements received by the analyst are as follows: * Must be able to differentiate between users connected to WiFi * The encryption keys need to change routinely without interrupting the users or forcing reauthentication * Must be able to integrate with RADIUS * Must not have any open SSIDs Which of the following options BEST accommodates these requirements? A. WPA2-Enterprise B. WPA3-PSK C. 802.11n D. WPS
Logs from each device type and security layer to provide correlation of events
A security analyst in a SOC has been tasked with onboarding a new network into the SIEM. Which of the following BEST describes the information that should feed into a SIEM solution in order to adequately support an investigation? A. Logs from each device type and security layer to provide correlation of events B. Only firewall logs since that is where attackers will most likely try to breach the network C. Email and web-browsing logs because user behavior is often the cause of security breaches D. NetFlow because it is much more reliable to analyze than syslog and will be exportable from every device
Increase in the attack surface
A security analyst is evaluating the risks of authorizing multiple security solutions to collect data from the company's cloud environment. Which of the following is an immediate consequence of these integrations? A. Non-compliance with data sovereignty rules B. Loss of the vendors interoperability support C. Mandatory deployment of a SIEM solution D. Increase in the attack surface
Utilize behavioral analysis to enable the SIEM's learning mode
A security analyst is receiving several alerts per user and is trying to determine if various logins are malicious. The security analyst would like to create a baseline of normal operations and reduce noise. Which of the following actions should the security analyst perform? A. Adjust the data flow from authentication sources to the SIEM. B. Disable email alerting and review the SIEM directly. C. Adjust the sensitivity levels of the SIEM correlation engine. D. Utilize behavioral analysis to enable the SIEM's learning mode.
Denial of service
A security analyst is reviewing the following output from a system: Which of the following is MOST likely being observed? A. ARP poisoning B. Man in the middle C. Denial of service D. DNS poisoning
Security patches were uninstalled due to user impact.
A security analyst is reviewing the vulnerability scan report for a web server following an incident. The vulnerability that was used to exploit the server is present in historical vulnerability scan reports, and a patch is available for the vulnerability. Which of the following is the MOST likely cause? A. Security patches were uninstalled due to user impact. B. An adversary altered the vulnerability scan reports C. A zero-day vulnerability was used to exploit the web server D. The scan reported a false negative for the vulnerability
Directory traversal
A security analyst is reviewing web application logs and finds the following log: Which of the following attacks is being observed? A. Directory traversal B. XSS C. CSRF D. On-path attack
Marketing Strategies
A security analyst is tasked with classifying data to be stored on company servers. Which of the following should be classified as proprietary? A. Customers' dates of birth B. Customers' email addresses C. Marketing strategies D. Employee salaries
Vein
A security analyst is tasked with defining the "something you are" factor of the company's MFA settings. Which of the following is BEST to use to complete the configuration? A. Gait analysis B. Vein C. Soft token D. HMAC-based, one-time password
Applying MDM software
A security analyst needs to implement security features across smartphones, laptops, and tablets. Which of the following would be the MOST effective across heterogeneous platforms? A. Enforcing encryption B. Deploying GPOs C. Removing administrative permissions D. Applying MDM software
Lessons learned
A security analyst needs to produce a document that details how a security incident occurred, the steps that were taken for recovery, and how future incidents can be avoided. During which of the following stages of the response process will this activity take place? A. Recovery B. Identification C. Lessons learned D. Preparation
VDI and thin clients
A security architect is required to deploy to conference rooms some workstations that will allow sensitive data to be displayed on large screens. Due to the nature of the data, it cannot be stored in the conference rooms. The file share is located in a local data center. Which of the following should the security architect recommend to BEST meet the requirement? A. Fog computing and KVMs B. VDI and thin clients C. Private cloud and DLP D. Full drive encryption and thick clients
HIPS
A security engineer is concerned that the strategy for detection on endpoints is too heavily dependent on previously defined attacks. The engineer would like a tool to monitor for changes to key files and network traffic on the device. Which of the following tools BEST addresses both detection and prevention? A. NIDS B. HIPS C. AV D. NGFW
WPA2
A security engineer must deploy two wireless routers in an office suite. Other tenants in the office building should not be able to connect to this wireless network.Which of the following protocols should the engineer implement to ensure the STRONGEST encryption? A. WPS B. WPA2 C. WAP D. HTTPS
ISO 27001
A social media company based in North America is looking to expand into new global markets and needs to maintain compliance with international standards.With which of the following is the company's data protection officer MOST likely concerned? A. NIST Framework B. ISO 27001 C. GDPR D. PCI-DSS
Hybrid cloud/Fog computing
A systems engineer wants to leverage a cloud-based architecture with low latency between network-connected devices that also reduces the bandwidth that is required by performing analytics directly on the endpoints. Which of the following would BEST meet the requirements? (Choose two.) A. Private cloud B. SaaS C. Hybrid cloud D. IaaS E. DRaaS F. Fog computing
Smishing
A user received an SMS on a mobile phone that asked for bank details. Which of the following social-engineering techniques was used in this case? A. SPIM B. Vishing C. Spear phishing D. Smishing
Evil twin
A user reports constant lag and performance issues with the wireless network when working at a local coffee shop. A security analyst walks the user through an installation of Wireshark and gets a five-minute pcap to analyze. The analyst observes the following output: Which of the following attacks does the analyst MOST likely see in this packet capture? A. Session replay B. Evil twin C. Bluejacking D. ARP poisoning
Message gateway
A user reports falling for a phishing email to an analyst. Which of the following system logs would the analyst check FIRST? A. DNS B. Message gateway C. Network D. Authentication
An attacker is utilizing a brute-force attack against the account.
A user's account is constantly being locked out. Upon further review, a security analyst found the following in the SIEM:Which of the following describes what is occurring? A. An attacker is utilizing a password-spraying attack against the account. B. An attacker is utilizing a dictionary attack against the account. C. An attacker is utilizing a brute-force attack against the account. D. An attacker is utilizing a rainbow table attack against the account.
The last full backup that was conducted seven days ago
A web server has been compromised due to a ransomware attack. Further investigation reveals the ransomware has been in the server for the past 72 hours. The systems administrator needs to get the services back up as soon as possible. Which of the following should the administrator use to restore services to a secure state? A. The last incremental backup that was conducted 72 hours ago B. The last known-good configuration C. The last full backup that was conducted seven days ago D. The baseline OS configuration
Tokenizing the credit cards in the database
A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process. Which of the following methods would BEST accomplish this goal? A. Salting the magnetic strip information B. Encrypting the credit card information in transit C. Hashing the credit card numbers upon entry D. Tokenizing the credit cards in the database
Impossible travel time
A worldwide manufacturing company has been experiencing email account compromises. In one incident, a user logged in from the corporate office in France, but then seconds later, the same user account attempted a login from Brazil. Which of the following account policies would BEST prevent this type of attack? A. Network location B. Impossible travel time C. Geolocation D. Geofencing
PCI DSS
After a recent external audit, the compliance team provided a list of several non-compliant, in-scope hosts that were not encrypting cardholder data at rest. Which of the following compliance frameworks would address the compliance team's GREATEST concern? A. PCI DSS B. GDPR C. ISO 27001 D. NIST CSF
ARO
An IT manager is estimating the mobile device budget for the upcoming year. Over the last five years, the number of devices that were replaced due to loss, damage, or theft steadily increased by 10%. Which of the following would BEST describe the estimated number of devices to be replaced next year? A. ALE B. ARO C. RPO D. SLE
Provide a domain parameter to theHarvester tool.
An IT security manager requests a report on company information that is publicly available. The manager's concern is that malicious actors will be able to access the data without engaging in active reconnaissance. Which of the following is the MOST efficient approach to perform the analysis? A. Provide a domain parameter to theHarvester tool. B. Check public DNS entries using dnsenum. C. Perform a Nessus vulnerability scan targeting a public company's IP. D. Execute nmap using the options: scan all ports and sneaky mode.
A. [Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Allow: Any Any 67 -Allow: Any Any 68 -Allow: Any Any 22 -Deny: Any Any 21 -Deny: Any Any
An administrator is configuring a firewall rule set for a subnet to only access DHCP, web pages, and SFTP, and to specifically block FTP. Which of the following would BEST accomplish this goal? A. [Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Allow: Any Any 67 -Allow: Any Any 68 -Allow: Any Any 22 -Deny: Any Any 21 -Deny: Any Any B. [Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Allow: Any Any 67 -Allow: Any Any 68 -Deny: Any Any 22 -Allow: Any Any 21 -Deny: Any Any C. [Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Allow: Any Any 22 -Deny: Any Any 67 -Deny: Any Any 68 -Deny: Any Any 21 -Allow: Any Any D. [Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Deny: Any Any 67 -Allow: Any Any 68 -Allow: Any Any 22 -Allow: Any Any 21 -Allow: Any Any
Injection
An analyst is reviewing logs associated with an attack. The logs indicate an attacker downloaded a malicious file that was quarantined by the AV solution. The attacker utilized a local non-administrative account to restore the malicious file to a new location. The file was then used by another process to execute a payload.Which of the following attacks did the analyst observe? A. Privilege escalation B. Request forgeries C. Injection D. Replay attack
SNMPv2, SNMPv3/HTTP, HTTPS/Telnet, SSH
An analyst is trying to identify insecure services that are running on the internal network. After performing a port scan, the analyst identifies that a server has some insecure services enabled on default ports. Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them? (Choose three.) A. SFTP, FTPS B. SNMPv2, SNMPv3 C. HTTP, HTTPS D. TFTP, FTP E. SNMPv1, SNMPv2 F. Telnet, SSH G. TLS, SSL H. POP, IMAP I. Login, rlogin
DNS poisoning
An analyst receives multiple alerts for beaconing activity for a host on the network. After analyzing the activity, the analyst observes the following activity: * A user enters comptia.org into a web browser. * The website that appears is not the comptia.org site. * The website is a malicious site from the attacker. * Users in a different office are not having this issue. Which of the following types of attacks was observed? A. On-path attack B. DNS poisoning C. Locator (URL) redirection D. Domain hijacking
CIS benchmarks
An annual information security assessment has revealed that several OS-level configurations are not in compliance due to outdated hardening standards the company is using. Which of the following would be BEST to use to update and reconfigure the OS-level security configurations? A. CIS benchmarks B. GDPR guidance C. Regional regulations D. ISO 27001 standards
Reconnaissance
An attacker browses a company's online job board attempting to find any relevant information regarding the technologies the company uses. Which of the following BEST describes this social engineering technique? A. Hoax B. Reconnaissance C. Impersonation D. Pretexting
Supply chain
An attacker has determined the best way to impact operations is to infiltrate third-party software vendors. Which of the following vectors is being exploited? A. Social media B. Cloud C. Supply chain D. Social Engineering
nmap comptia.org -p 80 -sV
An organization is concerned that its hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities? A. hping3 -S comptia-org -p 80 B. nc -l -v comptia.org -p 80 C. nmap comptia.org -p 80 -sV D. nslookup -port=80 comptia.org
Corrective
An organization is repairing the damage after an incident. Which of the following controls is being implemented? A. Detective B. Preventive C. Corrective D. Compensating
Motion sensors with signage
An organization just implemented a new security system. Local laws state that citizens must be notified prior to encountering the detection mechanism to deter malicious activities. Which of the following is being implemented? A. Proximity cards with guards B. Fence with electricity C. Drones with alarms D. Motion sensors with signage
VDI
An organization would like to give remote workers the ability to use applications hosted inside the corporate network. Users will be allowed to use their personal computers, or they will be provided organization assets. Either way, no data or applications will be installed locally on any user systems. Which of the following mobile solutions would accomplish these goals? A. VDI B. MDM C. COPE D. UTM
An external security assessment
An organization's Chief Security Officer (CSO) wants to validate the business's involvement in the incident response plan to ensure its validity and thoroughness. Which of the following will the CSO MOST likely use? A. An external security assessment B. A bug bounty program C. A tabletop exercise D. A red-team engagement
Block unneeded TCP 445 connections.
During a recent incident, an external attacker was able to exploit an SMB vulnerability over the internet. Which of the following action items should a security analyst perform FIRST to prevent this from occurring again? A. Check for any recent SMB CVEs. B. Install AV on the affected server. C. Block unneeded TCP 445 connections. D. Deploy a NIDS in the affected subnet.
Zero day
During a recent security assessment, a vulnerability was found in a common OS. The OS vendor was unaware of the issue and promised to release a patch within the next quarter. Which of the following BEST describes this type of vulnerability? A. Legacy operating system B. Weak configuration C. Zero day D. Supply chain
chmod
During a security assessment, a security analyst finds a file with overly permissive permissions. Which of the following tools will allow the analyst to reduce the permissions for the existing users and groups and remove the set-user-ID bit from the file? A. ls B. chflags C. chmod D. lsof E. setuid
dd
During an incident response process involving a laptop, a host was identified as the entry point for malware. The management team would like to have the laptop restored and given back to the user. The cybersecurity analyst would like to continue investigating the intrusion on the host. Which of the following would allow the analyst to continue the investigation and also return the laptop to the user as soon as possible? A. dd B. memdump C. tcpdump D. head
Dynamic resource allocation
Server administrators want to configure a cloud solution so that computing memory and processor usage is maximized most efficiently across a number of virtual servers. They also need to avoid potential denial-of-service situations caused by availability. Which of the following should administrators configure to maximize system availability while efficiently utilizing available computing power? A. Dynamic resource allocation B. High availability C. Segmentation D. Container security
Tabletop walk-through
The Chief Information Security Officer (CISO) of a bank recently updated the incident response policy. The CISO is concerned that members of the incident response team do not understand their roles. The bank wants to test the policy but with the least amount of resources or impact. Which of the following BEST meets the requirements? A. Warm site failover B. Tabletop walk-through C. Parallel path testing D. Full outage simulation
federation
The concept of connecting a user account across the systems of multiple enterprises is BEST known as: A. federation. B. a remote access policy. C. multifactor authentication. D. single sign-on.
Password history/Geolocation
The new Chief Information Security Officer at a company has asked the security team to implement stronger user account policies. The new policies require:* Users to choose a password unique to their last ten passwords* Users to not log in from certain high-risk countriesWhich of the following should the security team implement? (Choose two.) A. Password complexity B. Password history C. Geolocation D. Geofencing E. Geotagging F. Password reuse
SaaS
To reduce and limit software and infrastructure costs, the Chief Information Officer has requested to move email services to the cloud. The cloud provider and the organization must have security controls to protect sensitive data. Which of the following cloud services would BEST accommodate the request? A. IaaS B. PaaS C. DaaS D. SaaS
Communication protocols
When implementing automation with IoT devices, which of the following should be considered FIRST to keep the network secure? A. Z-Wave compatibility B. Network range C. Zigbee configuration D. Communication protocols
Chain of custody
Which of the following BEST describes the process of documenting who has access to evidence? A. Order of volatility B. Chain of custody C. Non-repudiation D. Admissibility
Version control
Which of the following concepts BEST describes tracking and documenting changes to software and managing access to files and systems? A. Version control B. Continuous monitoring C. Stored procedures D. Automation
Corrective
Which of the following control types fixes a previously identified issue and mitigates a risk? A. Detective B. Corrective C. Preventative D. Finalized
Detective
Which of the following controls is used to make an organization initially aware of a data compromise? A. Protective B. Preventative C. Corrective D. Detective
Reference architecture
Which of the following documents provides guidance regarding the recommended deployment of network security systems from the manufacturer? A. Cloud control matrix B. Reference architecture C. NIST RMF D. CIS Top 20
Development
Which of the following environments utilizes dummy data and is MOST likely to be installed locally on a system that allows code to be assessed directly and modified easily with each build? A. Production B. Test C. Staging D. Development
It identifies the amount of allowable downtime for an application or system.
Which of the following explains why RTO is included in a BIA? A. It identifies the amount of allowable downtime for an application or system. B. It prioritizes risks so the organization can allocate resources appropriately. C. It monetizes the loss of an asset and determines a break-even point for risk mitigation. D. It informs the backup approach so that the organization can recover data to a known time.
Badges
Which of the following holds staff accountable while escorting unauthorized personnel? A. Locks B. Badges C. Cameras D. Visitor logs
Activate verbose logging in all critical assets.
Which of the following in the incident response process is the BEST approach to improve the speed of the identification phase? A. Activate verbose logging in all critical assets. B. Tune monitoring in order to reduce false positive rates. C. Redirect all events to multiple syslog servers. D. Increase the number of sensors present on the environment.
A risk register
Which of the following is MOST likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented? A. An RTO report B. A risk register C. A business impact analysis D. An asset value register E. A disaster recovery plan
GDPR
Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data processors? A. SSAE SOC 2 B. PCI DSS C. GDPR D. ISO 31000
Data can become a liability if archived longer than required by regulatory guidance.
Which of the following is a known security risk associated with data archives that contain financial information? A. Data can become a liability if archived longer than required by regulatory guidance. B. Data must be archived off-site to avoid breaches and meet business requirements. C. Companies are prohibited from providing archived data to e-discovery requests. D. Unencrypted archives should be preserved as long as possible and encrypted.
Job rotation policy
Which of the following is a policy that provides a greater depth and breadth of knowledge across an organization? A. Asset management policy B. Separation of duties policy C. Acceptable use policy D. Job rotation policy
Set up hashing on the source log file servers that complies with local regulatory requirements
Which of the following is a security best practice that ensures the integrity of aggregated log files within a SIEM? A. Set up hashing on the source log file servers that complies with local regulatory requirements. B. Back up the aggregated log files at least two times a day or as stated by local regulatory requirements. C. Write protect the aggregated log files and move them to an isolated server with limited access. D. Back up the source log files and archive them for at least six years or in accordance with local regulatory requirements.
Watering hole
Which of the following is a targeted attack aimed at compromising users within a specific industry or group? A. Watering hole B. Typosquatting C. Hoax D. Impersonation
Implement a vulnerability scan to assess dependencies earlier on SDLC
Which of the following is the MOST effective way to detect security flaws present on third-party libraries embedded on software before it is released into production? A. Employ different techniques for server- and client-side validations B. Use a different version control system for third-party libraries C. Implement a vulnerability scan to assess dependencies earlier on SDLC D. Increase the number of penetration tests before software release
. Chain of custody
Which of the following is used to ensure that evidence is admissible in legal proceedings when it is collected and provided to the authorities? A. Chain of custody B. Legal hold C. Event log D. Artifacts
AUP (Acceptable Use Policy)
Which of the following prevents an employee from seeing a colleague who is visiting an inappropriate website? A. Job rotation policy B. NDA C. AUP D. Separation of duties policy
Overwriting
Which of the following processes will eliminate data using a method that will allow the storage device to be reused after the process is complete? A. Pulverizing B. Overwriting C. Shredding D. Degaussing
Communication plan
Which of the following should an organization consider implementing in the event executives need to speak to the media after a publicized data breach? A. Incident response plan B. Business continuity plan C. Communication plan D. Disaster recovery plan
Using a SHA-2 signature of a drive image
Which of the following supplies non-repudiation during a forensics investigation? A. Dumping volatile memory contents first B. Duplicating a drive with dd C. Using a SHA-2 signature of a drive image D. Logging everyone in contact with evidence E. Encrypting sensitive data
Salting
Which of the following techniques eliminates the use of rainbow tables for password cracking? A. Hashing B. Tokenization C. Asymmetric encryption D. Salting
SOAR
Which of the following typically uses a combination of human and artificial intelligence to analyze event data and take action without intervention? A. TTP B. OSINT C. SOAR D. SIEM
netstat
While investigating a recent security incident, a security analyst decides to view all network connections on a particular server. Which of the following would provide the desired information? A. arp B. nslookup C. netstat D. nmap
Conduct a ping sweep
While reviewing the wireless router, a systems administrator of a small business determines someone is spoofing the MAC address of an authorized device. Given the table below: Which of the following should be the administrator's NEXT step to detect if there is a rogue system without impacting availability? A. Conduct a ping sweep, B. Physically check each system. C. Deny internet access to the "UNKNOWN" hostname. D. Apply MAC filtering.