shitchyah
Which of the following uis an example of transference of risk?A. Purchasing insuranceB. Patching vulnerable serversC. Retiring outdated applicationsD. Application owner risk sign-off
A. Purchasing insurance
A worldwide manufacturing company has been experiencing email account compromises. In one incident, a user logged in from the corporate office in France, but then seconds later, the same user account attempted a login from Brazil. Which of the following account policies would BEST prevent this type of attack?A. Network locationB. impossible travel timec. geolocationd. geofencing
b. impossible travel time
Which of the following risk management strategies would an organization use to maintain-a legacy system with known risks for operational purposes?A. AcceptanceB. TransferenceC. AvoidanceD. Mitigation
A. Acceptance
DDoS attacks are causing an overload on the cluster of cloud servers. A security architect is researching alternatives to make the cloud environment respond to load fluctuation in a cost-effective way. Which of the following options BEST fulfills the architects requirements?A. An orchestration solution that can adjust scalability of cloud assetsB. Use of multipath by adding more connections to cloud storageC. Cloud assets replicated on geographically distributed regionsD. An onsite backup that is displayed and only used when the load increases
A. An orchestration solution that can adjust scalability of cloud assets
An annual information security assessment has revealed that several OS-level configurations are not in compliance due to outdated hardening standards the company is using. Which would be best to use to update and reconfigure the OS-level security configurations?A. CIS BenchmarksB. GDPR GuidanceC. Regional regulationsD. ISO 27001 standards
A. CIS benchmarks
Which of the following provides a calculated value for known vulnerabilities so organizations can prioritize mitigation steps?A. CVSSB. SIEMC. SOARD. CVE
A. CVSS
A security analyst was called investigate a file received directly from a hardware manufacturer. The analyst is trying to determine whether the fire was modified in transit before installation on the users computer. Which of the following can be used to safely access the file?A. Check the hash of the installation file B. Match the file names C. Verify the URL download location D. Verify the code signing certificate
A. Check the hash of the installation file
An administrator is experiencing issues when trying to upload a support file to a vendor. A pop-up message reveals that a payment card number was found in the file, and the file upload was blocked. Which of the following controls is most likely causing this issue and should be checked first? A. DLP B. Firewall rule C. Content filter D. MDM E. Application allow list
A. DLP
A user reports failing for a phishing email to an analyst. Which of the following system logs would the analyst check FIRST?A. DNSB. Message gatewayC. NetworkD. Authentication
A. DNS
An audit identified PII being utilized in the development environment of a critical application of a critical application. The Chef Privacy Officer (CPO) is adamant that this data must be removed, however, the developers are concerned that without real data they cannot perform functionality tests and search for specific data. Which of the following should a security professional implement to BEST satisfy both the SPO's and the development team's requirements?A. Data anonymizationB. Data encryption C. Data maskingD. Data tokenization
A. Data anonymization
Which of the following is a known security risk associated with data archives that contain financial information?A. Data can become a liability if archived longer than required by regulatory guidanceB. Data must be archived off-site to avoid breaches and meet business requirementsC. Companies are prohibited from providing archived data to e-discovery requestsD. Unencrypted archives should be preserved as long as possible and encrypted
A. Data can become a liability if archived longer than required by regulatory guidance
A security analyst is reviewing web-application logs and finds the following log: https://www.comptia.org/contact-us/%3Ffile%3D..%2F.. %2F.. %2Fetc%2Fpasswd Which of the following attacks is being observed? A. Directory transversal B. XSS C. CSRF D. On-path attack
A. Directory traversal
Server admins wants to configure a cloud solution so that computing memory and processor usage is maximized most efficiently across a number of virtual servers. They also need to avoid potential denial-of-service situations caused by availability. Which of the following should admins configure to maximize system availability while efficiently utilizing available computing power?A. Dynamic resource allocationB. High AvailabilityC. SegmentationD. Container security
A. Dynamic resource allocation
Which biometric error would allow an unauthorized user to access a system? A. False acceptance B. False entrance C. False rejection D. False denial
A. False acceptance
The concept of connecting a user account across the systems of multiple enterprises is best known as: A. Federation B. A remote access policy C. Multifactor authentication D. Single sign on
A. Federation
A company is auditing the manner in which it's European customers' personal info is handled. Which of the following should the company consult?A. GDPRB. ISOC. NISTD. PCI DSS
A. GDPR
A security analyst is evaluating solutions to deploy an additional layer of protection for a web application. The goal is to allow only encrypted communications without relying on network devices. Which of the following can be implemented?A. HTTP security headerB. DNSSEC implementationC. SRTPD. S/MIME
A. HTTPS security header
A company is providing security awareness training regarding the importance of not forwarding social media messages from unverified sources. Which of the following risks would this training help to prevent?A. HoaxesB. SPIMsC. Identity fraudD. Credential harvesting
A. Hoaxes
Which of the following BEST reduces the security risks introduced when running systems that have expired vendor support and lack an immediate replacement?A. Implement proper network access restrictionsB. Initiate a bug bounty programC. Classify the system as shadow ITD. Increase the frequency of vulnerability scans
A. Implement proper network access restrictions
Which of the following explains why RTO is included in a BIA?A. It identifies the amount of allowable downtime for an application or systemB. It prioritizes the risks so the organization can allocate resources appropriatelyC. It monetizes the loss of an asset and determines a break-even point for risk mitigationD. It informs the backup approach so that the organization can recover data to a known time
A. It identifies the amount of allowable downtime for an application or system
A company is under investigation for possible fraud. As part of the investigation, the authorities need to review all emails and ensure data is not deleted. Which of the following should the company implement to assist in the investigation? A. Legal hold B. Chain of custody C. Data loss prevention D. Content filter
A. Legal hold
A DBA reports that several production server hard drives were wiped over the weekend. The DBA also reports that several Linux servers were unavailable due to system files being deleted unexpectedly. A security analyst verified that software was configured to delete data deliberately from the servers. No back doors to any servers were found. Which of the following attacks was most likely used to cause the data loss?A. Logic bombB. RansomwareC. Fileless virusD. Remote access trojansE. Rootkit
A. Logic bomb
Two organizations plan to collaborate on the evaluation of new SIEM solutions for their respective companies. A combined effort from both organizations' SOC teams would speed up the effort. Which of the following can be written to document this agreement? A. MOU B. ISA C. SLA D. NDA
A. MOU
Which of the following secure coding techniques making compromised code more difficult for hackers to use?A. ObfuscationB. NormalizationC. ExecutionD. Reuse
A. Obfuscation
An IT security manager requests a report on company information that is publicly available. The manager's concern is that malicious actors will be able to access the data without engaging in active reconnaissance. Which of the following is the most efficient approach to perform the analysis? A. Provide a domain parameter to theHarvester tool B. Check public DNS entries using dnsenumC. Perform a Neesus vulnerability scan targeting a public companies IP D. Execute NMAP using the options: scan all ports and sneaky mode
A. Provide a domain parameter to theHarvester tool
An administrator needs to protect user passwords and has been advised to hash the passwords. Which of the following BEST describes what the administrator is being advised to do?A. Perform a mathematical operation on the passwords that will convert them into unique stringsB. Add extra data to the passwords so their length is increased, making them harder to brute forceC. Store all passwords in the system in a rainbow table that has a centralized locationD. Enforce the use of one-time passwords that are changed for every login session
A. Perform a mathematical operation on the passwords that will convert them into unique strings
After returning from a conference, users laptop has been operating slower than normal and overheating, and the fans have been running constantly. During the diagnosis process, and another piece of hardware is found connected to the laptops motherboard. Which of the following attack factors was exploited to install the hardware? A. Removable media B. Spear phishingC. Supply chain D. Direct access
A. Removable media
Several attempts have been made to pick the door lock of a secure facility. As a result, the security engineer has been assigned to implement a stronger preventative access control. Which of the following would best complete the engineers assignment? A. Replacing the traditional key with an RFID key B. Installing and monitoring a camera facing the door C. Setting motion sensing lights to illuminate the door on activity D. Surrounding the property with fencing and gates
A. Replacing the traditional key with an RFID key
A Chief Security officer is looking for a solution that can reduce the occurrence of customers receiving errors from back end infrastructure when systems go offline unexpectedly. The security architect would like the solution to help maintain session persistence. Which of the following would BEST meet the requirements?A. Reverse proxyB. NIC teamingC. Load balancerD. Forward proxy
A. Reverse proxy
A chief security officer is looking for a solution that can provide increase scalability and flexibility for back end infrastructure, allowing it to be updated and modified without disruption to services. The security architect would like the solution selected to reduce the back end server resources and has highlighted that session persistence is not important for the applications running on the back end servers. Which of the following would best meet the requirements? A. Reverse proxy B. Automated patch management C. Snapshots D. NIC teaming
A. Reverse proxy
A recent security breach exploited software vulnerabilities in the firewall and within the network management solution. Which of the following will most likely be used to identify when the breach occurred through each device? A. SIEM correlation dashboards B. Firewall syslog event logs C. Network management solution login audit logs D. Bandwidth monitors and interface sensors
A. SIEM correlation dashboards
Which of the following are common VOIP-associated vulnerabilities? (2)A. SPIMB. VishingC. HoppingD. PhishingE. Credential HarvestingF. Tailgating
A. SPIMB. Vishing
A user report's constant lag and performance issues with the wireless network when working at a local coffee shop. A security analyst walks the user through an installation of a wire shark and gets a five minute PCAP to analyze. The analyst observes the following output:Which of the following attacks does the analyst most likely see in this packet capture? A. Session replay B. Evil twin C. Bluejacking D. ARP poisoning
A. Session replay
Which of the following is a security best practice that ensures the integrity of aggregated log files within a SIEM? A. Set up hashing on the source log file servers that complies with local regulatory requirements B. Back up the aggregated log files at least two times a day or as stated by local regulatory requirements C. Write protect the aggregated log files and move them to an isolated server with limited access D. Back up the source log and archive them for at least six years or in accordance with a local regulatory requirements
A. Set up hashing on the source log file servers that complies with local regulatory requirements
Which of the following would BEST provide a systems administrator with the ability to more efficiently identify systems and manage permissions and policies based on location, role and service level?A. Standard naming conventionsB. Domain servicesC. Baseline configurationD. Diagrams
A. Standard naming conventions
An untrusted SSL certificate was discovered during the most recent vulnerability scan. A security analyst determines the certificate is signed properly and is a valid wildcard. This same certificate is installed on the other company servers without issue. Which of the following is the MOST likely reason for this finding?A. The required intermediate certificate is not loaded as part of the certificate chainB. The certificate is on the CRL and is no longer validC. The corporate CA has expired on every server, causing the certificate to fail verificationD. The scanner is incorrectly configured to not trust this certificate when detected on the server
A. The required intermediate certificate is not loaded as part of the certificate chain
Digital signatures use asymmetric encryption. This means the message is encrypted with: A. The sender's private key and decrypted with the senders public key B. The senders public key and decrypted with the sender's private key C. The sender's private key and decrypted with the recipients public keyD. The senders public key and decrypted with the recipients private key
A. The sender's private key and decrypted with the senders public key
Which of the following is a reason to publish files' hashes? A. To validate the integrity of the filesB. To verify if the software was digitally signedC. To use the hash as a software activation keyD. To use the hash as a decryption passphrase
A. To validate the integrity of the files
The database administration team is requesting guidance for a secure solution that will ensure confidentiality of cardholder data at rest only. In certain fields. In the database schema. The requirement is to substitute a sensitive data field with a non-sensitive field that is rendered useless if a data breach occurs. Which of the following is the BEST solution to meet the requirement? A. Tokenization B. Masking C. Full disk encryption D. Mirroring
A. Tokenization
A tax organization is working on a solution to validate the online submission of documents. The solution should be carried on a portable USB device that should be inserted on any computer that is transmitting a transaction securely. Which of the following is the BEST certificate for these requirements?A. User certificateB. Self- signed certificateC. Computer certificateD. Root certificate
A. User certificate
And organization would like to give remote workers the ability to use applications hosted inside the corporate network. Users will be allowed to use their personal computers, or they will be be provided organization assets. Either way, no data or applications will be installed locally on any user systems. Which of the following mobile solutions would accomplish these goals?A. VDIB. MDM C. COPE D. UTM
A. VDI
A network engineer created two subnets that will be used for production and development servers. Per security policy production and development servers must each have a dedicated network that cannot communicate with one another directly. Which of the following should be deployed so that server administrators can access these? A. vLANs B. Internet proxy servers C. NIDS D. Jump servers
A. vLANs
Which of the following is MOST likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented?A. An RTO reportB. A risk registerC. A business impact analysisD. An asset value registerE. A disaster recovery plan
B. A risk register
A security analyst is investigating some users who are being redirected to a fake website that resembles www.comptia.org. The following output was found on the naming server of the organization: IMAGE 2 Which of the following attacks has taken place?A. Domain reputationB. Domain hijackingC. DisassociationD. DNS poisoning
B. Domain hijacking
An analyst receives multiple alerts for beginning activity for a host on the network. After analyzing the activity, the analyst observed the following activity:- A user enters comptia.org into a web browser- The website that appears is not the comptia.org site- The website is a malicious site from the attacker-Users in a different office are not having this issueWhich of the following types of attacks was observed? A. On-path attack B. DNS poisoning C Locator (URL) redirection D. domain hijacking
B. DNS poisoning
Which of the following employee roles is responsible for protecting organizations collected personal information? A. CTO B. DPO C. CEO D. DBA
B. DPO
A penetration tester is fuzzing an application to identify where the EIP of the stack is located on memory. Which of the following attacks is the penetration tester planning to execute?A. Race- conditionB. Pass-the-hashC. Buffer overflowD. XSS
C. Buffer overflow
A security analyst has been tasked with ensuring all programs that are deployed into the enterprise have been assessed in a runtime environment. Any critical issues found in the program must be sent back to the developer for verification and remediation. Which of the following BEST describes the type of assessment taking place?A. Input validationB. Dynamic code analysisC. FuzzingD. Manual code review
B. Dynamic code analysis
A large bank with two geographically disbursed data centers is concerned about major power disruptions at both locations. Every day each location experience is very brief outages that lasts for a few seconds, however during the summer a high risk of intentional brown outs that last up to an hour exist, particularly at one of the locations near an industrial smelter. Which of the following best is the best solution to reduce the risk of data loss? A. Dual supply B. Generator C. UPS D. POU E. Daily back ups
B. Generator
A company is considering transitioning to the cloud. The company employs individuals from various locations around the world the company does not want to increase it's on premises infrastructure blueprint and only wants to pay for additional compute power required. Which of the following solutions would best meet the needs of the company?A. Private cloud B. Hybrid environment C. Managed security service provider D. Hot back up site
B. Hybrid environment
A network administrator is concerned about users being exposed to malicious content when accessing company cloud applications. the admin wants to be able to block access to the sites based on the AUP. Which of the following should the admin employ to meet these criteria?A. Implement NACB. Implement an SWGC. Implement a URL filterD. Implement an MDM
B. Implement an SWG
Certain users are reporting their accounts are being used to send unauthorized emails and conduct suspicious activities. After further investigation, a security analyst notices the following:✑ All users share workstations throughout the day.✑ Endpoint protection was disabled on several workstations throughout the network.✑ Travel times on logins from the affected users are impossible.✑ Sensitive data is being uploaded to external sites.All user account passwords were forced to be reset and the issue continued.Which of the following attacks is being used to compromise the user accounts? A. Brute-force B. Keylogger C. Dictionary D. Rainbow
B. Keylogger
A Chief Information has defined resiliency requirements for a new data center architecture. The requirements are as follows:-critical file shares will remain accessible during and after a natural disaster -5% of hard disk and fail at any given time without impacting the data -systems will be forced to shut down gracefully when battery levels are below 20% which of the following are required to best meet these objectives? choose three A. fiber switching B. LACC. NAS D. raid E. UPS F. redundant power supplies G. geographic dispersal H. snapshots
B. LACC. NAS D. raid
The new Chief Information Security Officer at a company has asked the security team to implement stronger user account policies. The new policies require:-Users to choose a password unique to their last 10 passwords-Users to not log in from high risk countriesWhich of the following should the security team implement? (2)A. Password complexityB. Password historyC. GeolocationD. GeofencingE. GeotaggingF. Password reuse
B. Password history C. Geolocation
An attacker browses a company's online job board attempting to find any relevant info regarding the technologies the company uses. Which of the following best describes this social engineering technique?A. HoaxB. ReconnaissanceC. ImpersonationD. Pretexting
B. Reconnaissance
A security analyst needs to be able to search and correlate logs from multiple sources in a single tool. Which of the following would BEST allow a security analyst to have this ability?A. SOARB. SIEMC. Log collectorsD. Network-attached storage
B. SIEM
A security analyst is investigating suspicious traffic on the web server located at IP address 10.10.1.1. A search of the WAF logs reveals the following output: Which is most likely occurring?A. XSS AttackB. SQLi attackC. Replay attackD. XSRF attack
B. SQLi attack IMAGE
A systems engineer wants to leverage a cloud-based architecture with low latency between network connected devices that also reduces the bandwidth that is required by performing analytics directly on the endpoints. Which of the following would best meet the requirements? Choose two A. Private cloud B. SaaS C. Hybrid cloud D. laaS E. DRaaS F. Fog computing
B. SaaSF. Fog computing
The chief information security officer (CISO) of a bank recently updated the incident response policy. The CISO is concerned that members of the incident response team do not understand their roles. The bank wants to test the policy but with the least amount of resources or impact. Which of the following tools best addresses both detection and prevention?A. Warm site failoverB. Tabletop walkthroughC. Parallel path testingD. Full outage simulation
B. Tabletop walkthrough
Which of the following is the BEST way to analyze diskless malware that has infected a VDI? A. Shut down the VDI and copy off the event logs B. Take a memory snapshot of the running system C. Use NetFlow to identify command-and-control IPs D. Run a full on-demand scan of the root volume
B. Take a memory snapshot of the running system.
A security architect is required to deploy to conference rooms some workstations that will allow sensitive data to be displayed on large screens. Due to the nature of the data, it cannot be stored in the conference rooms. The file share is located in a local data center. Which of the following should the security architect recommend to Best meet the requirement?A. Fog computing ad KVMsB. VDI and thin clientsC. Private cloud and DLPD. Full drive encryption and thick clients
B. VDI and thin clients
A security analyst is tasked with defining the "something you are" factor of the company's MFA settings. Which of the following is BEST to use to complete the configuration?A. Galt analysisB. VeinC. Soft tokenD. HMAC-based, one time password
B. Vein
During a recent incident, an external attacker was able to exploit an SMB vulnerability over the internet. Which of the following action items should a security analyst perform FIRST to prevent this from happening again?A. Check for any recent SMB CVEsB. Install AV on the affected serversC. Block unneeded TCP 445 connectionsD. Deploy a NIDS in the affected subnet
C. Block unneeded TCP 445 connections
An organization's Chief Security Officer (CSO) wants to validate the business's involvement in the incident response plan to ensure its validity and thoroughness. Which of the following will the CSO MOST likely use?A. An external security assessmentB. A bug bounty programC. A tabletop exerciseD. A red-team engagement
C. A tabletop exercise
A SOC operator is analyzing a log file that contains the following entries:IMAGE 2Which of the following explains these log entries?A. SQL injection and improper input-handling attemptsB. Cross-site scripting and resource exhaustion attemptsC. Command injection and directory transversal attemptsD. Error handling and privilege escalation attempts
C. Command injection and directory transversal
Which of the following should an organization consider implementing in the event executives need to speak to the media after a publicized data breach?A. Incident response planB. Business continuity planC. Communication planD. Disaster recovery plan
C. Communication plan
An organization is repairing the damage after an incident. Which of the following controls is being implemented? A. Detective B. Preventative C. Corrective D. Compensating
C. Corrective
Which of the following should be monitored by threat intelligence researchers who search for leaked credentials?A. Common Weakness EnumerationB. OSINTC. Dark webD. Vulnerability databases
C. Dark web
A technician enables full disk encryption on a laptop that will be taken on a business trip. Which of the following does this process best protect? A. Data in transit B. Data in processing C. Data at rest D. Data tokenization
C. Data at rest
A company wants to improve and users experiences when they log into a trusted partner website. The company does not want the users to be issued separate credentials for the partner website. Which of the following should be implemented to allow users to authenticate using their own credentials to log into the trusted partners website? A. Directory serviceB. AAA server C. Federation D. Multifactor authentication
C. Federation
A company is required to continue using legacy software to support a critical service. Which of the following best explains a risk of this practice? A. Default system configuration B. Unsecure protocols C. Lack of vendor support D. Weak encryption
C. Lack of vendor support
The chief compliance officer from a bank has approved a background check policy for all new hires. Which of the following is the policy most likely protecting against? A. Preventing any current employee siblings from working at the bank to prevent nepotism. B. Hiring an employee who has been convicted of theft to adhere to industry compliance. C. Filtering applicants who have added false information to resumes so they appear better qualified. D. Ensuring new no new hires have worked at other banks that may be trying to steal customer information
C. Filtering applicants who have added false information to resumes so they appear better qualified.
A cloud service provider has created an environment where customers can connect existing local networks to the cloud for additional computing resources and block internal HR applications from reaching the cloud. Which of the following cloud models is being used?A. PublicB. CommunityC. HybridD. Private
C. Hybrid
Which of the following is the MOST effective way to detect security flaws present on third-party libraries embedded on software before it is released into production?A. Employ different techniques for server- and client- side validationsB. Use a different version control system for third-party librariesC. Implement a vulnerability scan to assess dependencies earlier on SDLCD. Increase the number of penetration tests before software release
C. Implement a vulnerability scan to assess dependencies earlier on SDLC
An analyst is reviewing logs associated with an attack. The logs indicate an attacker downloaded a malicious file that was quarantined by the AV solution. The attacker utilized a local non-administrative account to restore the malicious file to a new location. The file was then used by another process to execute a payload. Which of the following attacks did the analyst observe?A. Privilege escalationB. Request forgeriesC. InjectionD. Replay attack
C. Injection
An organization implemented a process that compares the settings currently configured on systems against secure configuration guidelines in order to identify any gaps. Which of the following control types has the organization implemented?A. Compensating B. Corrective C. Preventative D. Detective
C. Preventative
Chief Information Security Officer (CISO) has requested that a third-party vendor provide supporting documents that show proper controls are in place to protect customer data. Which of the following would be BEST for the third party vendor to provide to the CISO?A. GDPR compliance attestationB. Cloud Security Alliance materialsC. SOC 2 Type 2 reportD. NIST RMF workbooks
C. SOC 2 Type 2 report
A security analyst is reviewing application logs to determine the source of a breach and locate the following log httPs;//comptia.com/login. PHP? ID =' %20 or %20'1'1 ='1Which of the following has been observed? A. DLL injection B. API attack C. SQLID. XSS
C. SQLI
A security engineer is building a file transfer solution to send files to a business partner. The users would like to drop off the files in a specific directory and have the server send the file to the business partner. The connection to the business partner is over the internet and needs to be secure. Which of the following can be used?A. S/MIMEB. LDAPSC. SSHD. SRTP
C. SSH
A penetration tester is brought on site to conduct a full attack simulation at a hospital. The penetration tester notices a WAP that is hanging from the drop ceiling by its cabling and is reachable. Which of the following recommendations would the penetration tester most likely make given this observation? A. Employ a general contractor to replace the drop ceiling tiles pB. Place the network cabling inside a secure conduit C. Secure the access point and cabling inside the drop ceiling D. Utilize only access points that have internal antennas
C. Secure the access point and cabling inside the drop ceiling
An attacker has determined the best way to impact operation is to infiltrate third-party software vendors. Which of the following vectors is being exploited?A. Social mediaB. CloudC. Supply chainD. Social engineering
C. Supply chain
A company recently experienced an inside attack using a corporate machine that resulted in data compromise. Analysis indicated an unauthorized change to the software circumvented technological protection measures. The analyst was tasked with determining the best method to ensure the integrity of the system remains intact and local and remote to attestation can take place. Which of the following would provide the best solution? A. HIPSB. FIMC. TPMD. DLP
C. TPM
A Chief Executive Officer's (CEO) personal information was stolen in a social engineering attack. Which of the following sources would reveal if the CEO's personal information is for sale?A. Automated information sharingB. Open source intelligenceC. The dark webD. Vulnerability databases
C. The dark web
Which of the following is the GREATEST security concern when outsourcing code development to third-party contractors for an internet-facing application?A. Intellectual property theftB. Elevated privilegesC. Unknown backdoorD. Quality assurance
C. Unknown backdoor
A company is working on mobile device security after a report revealed that users granted non-verified software access to corporate data. Which of the following is the most effective security control to mitigate this risk? A. Block access to application stores B. Implement OTA updates C. Update the BYOD policyD. Deploy a uniform firmware
C. Update the BYOD policy
A recent audit cited a risk involving numerous low critically vulnerabilities created by a web application using a third-party library. The development staff state there are still customers using the application even though it is end of life and it would be a substantial burden to update the application for compatibility with more secure libraries. Which of the following would be the MOST prudent course of action?A. Accept the risk if there is a clear roadmap for timely decomissionB. Deny the risk due to the end-of-life status of the applicationC. Use containerization to segment the application from other applications to eliminate the riskD. Outsource the application to a third-party developer group
C. Use containerization to segment the application from other applications to segment the risk
Which of the following supplies non-repudiation during a forensics investigation?A. Dumping volatile memory contents firstB. Duplicating a drive with ddC. Using a SHA-2 signature of a drive imageD. Logging everyone in contact with evidentE. Encrypting sensitive data
C. Using a SHA-2 signature of a drive image
A security analyst has been asked by the Chief Information Security Officer to:✑ develop a secure method of providing centralized management of infrastructure✑ reduce the need to constantly replace aging end user machines✑ provide a consistent user desktop experienceWhich of the following BEST meets these requirements? A. BYOD B. Mobile device management C. VDI D. Containerization
C. VDI
During a recent security assessment, a vulnerability was found in a common OS. The OS vendor was unaware of the issue and promised to release a patch within the next quarter. Which of the following best describes this type of vulnerability?A. Legacy operating systemB. Weak configurationC. Zero dayD. Supply chain
C. Zero day
During a security assessment, a security analyst finds a file with overly permissive permissions. Which of the following tools will allow the analyst to reduce the permissions for the existing users and groups and remove the set-user-ID bit from the file?A. IsB. chflagsC. chmodD. IsofE. setuid
C. chmod
The SOC for a large MSSP is meeting to discuss the lessons learned from a recent incident that took much too long to resolve. This type of incident has become more common in recent weeks and it's consuming large amounts of the analyst time due to the manual tax being performed. Which of the following solutions should the SOC consider to best improve its response time? A. configure A NIDS appliance using a switch to port analyzerB. collect OSINT and catalog the artifacts in a central repository C. implement a SOAR with customizable play books D. install A SIEM with community driven threat intelligence
C. implement a SOAR with customizable play books
Which of the following would detect intrusions at the perimeter of the airport? A. SignageB. FencingC. Motion sensorsD. LightingE. Bollards
C. motion sensors
An organization is concerned that its hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities?A. hping3- S comptia.org -p 80B. nc-l-v comptia.org -p 80C. nmap comptia.org -p 80 -sVD. nslookup -port= 80 comptia.org
C. nmap comptia.org -p 80
A security engineer is deploying a new wireless network for a company. The company shares office space with multiple tenants. Which of the following should the engineer configure on the wireless network to ensure that confidential data is not exposed to unauthorized users?A. EAPB. TLSC. HTTPSD. AES
D. AES
Which of the following describes the continuous delivery software development methodology?A. WaterfallB. SpiralC. V-shapedD. Agile
D. Agile
A forensic analyst needs to prove that data has not been tampered with since it was collected. Which of the following methods will the analyst MOST likely use?A. Look for tampering on the evidence collection bagB. Encrypt the collected data using asymmetric encryptionC. Ensure proper procedures for chain of custody are being followedD. Calculate the checksum using a hashing algorithm
D. Calculate the checksum using a hashing algorithm
When implementing automation with LoT devices which of the following should be considered first to keep the network secure? A. Z-wave compatibility B. Network range C. Zigbee configuration D. Communication protocols
D. Communication protocols
A security analyst is designing the appropriate controls to limit unauthorized access to a physical site. The analyst has a directive to utilize the lowest possible budget. Which of the following would best meet their requirements? A. Preventative controls B. Compensating controls C. Deterrent controls D. Detective controls
D. Detective controls
The Chief Information Security Officer is concerned about employees using personal email rather than company email to communicate with clients and sending sensitive business information and PII. Which of the following would be the BEST solution to install of the employee's workstations to prevent information from leaving the company's network?A. HIPSB. DLPC. HIDSD. EDR
D. EDR
A company acquired several other small companies. The company that acquired the others is transitioning network services to the cloud. The company wants to make sure that performance and security remain intact. Which of the following BEST meets both requirements? A. High availability B. Application security C. Segmentation D. Integration and auditing
D. Integration and auditing
Which of the following is a benefit of including a risk management framework into an organization security approach? A. It defines expected service levels from participating supply chain partners to ensure system outages are remediated in a timely matter. B. It identifies specific vendor products that have been tested and approved for use in a secure environment. C. It provides legal assurances and remedies in the event a data breach occurs. D. It incorporates control, development, policy, and management activities into IT operations.
D. It incorporates control, development, policy, and management activities into IT operations.
A systems administrator reports degraded performance on a virtual server. The administrator increases the virtual memory allocation, which improves conditions, but performance degrades again after a few days. The administrator runs an analysis tool and sees the following output:== 3214 == timeAttend.exe analyzed== 3214 == ERROR SUMMARY:== 3214 == malloc/free: in use at exit: 4608 bytes in 18 blocks== 3214 == check 82116 bytes== 3214 ==definitely lost: 4608 bytes in 18 blocks The administrator terminates the timeAttend.exe, observes system performance over the next few days, and notices that the system performance does not degrade. Which of the following issues is most likely occurring?A. DLL injectionB. API attackC. Buffer overflowD. Memory leak
D. Memory leak
An organization has developed an application that needs a patch to fix a critical vulnerability. In which of the following environments should the patch be deployed LAST?A. TestB. StagingC. DevelopmentD. Production
D. Production
An application developer accidentally uploaded a company's code-signing certificate private key to a public web server. The company is concerned about malicious use of its certificate. Which of the following should the company do FIRST?A. Delete the private key from the repository.B. Verify the public key is not exposed as well.C. Update the DLP solution to check for private keys.D. Revoke the code-signing certificate.
D. Revoke the code-signing certificate.
Which of the following is the BEST action to foster a consistent and auditable incident response process?A. Incent new hires to constantly update the document with external knowledgeB. Publish the document in a central repository that is easily accessible to the organizationC. Restrict eligibility to comment on the process to subject matter experts of each IT siloD. Rotate CIRT members to foster a shared responsibility model in the organization
D. Rotate CIRT members to foster a shared responsibility model in the organization
Which of the following techniques eliminates the use of rainbow tables for password cracking?A. HashingB. TokenizationC. Asymmetric encryptionD. Salting
D. Salting
A customer service representative reported an unusual text message that was sent to the help desk. The message contained an unrecognized invoice number with a large balance due in a link to click for more details. Which of the following best describes this technique? A. Vishing B. Whailing C. PhishingD. Smishing
D. Smishing
An organization maintains several environments in which patches are developed and tested before being deployed to an operational status. Which of the following is the environment in which patches will be deployed just prior to being put into an operational status?A. DevelopmentB. TestC. ProductionD. Staging
D. Staging
A security analyst generated a file named host1 pcap and shared it with a team member who is going to use it for further incident analysis. Which tools will the other team member most likely use to open this file?A.AutopsyB. MemdumpC. FTK ImagerD. Wireshark
D. Wireshark
After gaining access to a dual horned (i.e wired and wireless) multifunction device by exploiting a vulnerability in the devices firmware, a penetration tester then gains shell access on another networked asset. This technique is an example of what?A. Privilege escalationB. footprintingC. persistenceD. pivoting
D. pivoting
