COMPTIA Security+
A large organization faces increasing threats from unauthorized devices trying to gain access to its network. The chief information security officer (CISO) seeks to modify the company's network infrastructure to incorporate a more rigorous method of validating both users and devices before granting access to resources. Which network access control method should the CISO implement to ensure rigorous validation of both users and devices, offering the highest level of security against unauthorized access to the company's network resources? A.802.1X B.Media Access Control address filtering C.Virtual Private Network concentrator D.Stateless firewall
802.1X The standard 802.1X provides port-based network access control, ensuring high security by rigorously authenticating both users and devices. It uses credentials or digital certificates to verify the identity of each entity before granting access.
When it comes to monitoring network security, which logs help detect any attempts made by a threat actor to attack a wireless network through disassociation events? A.System logs from routers B.Access logs from switches C.Firewall audit logs D.Access point logs
Access point logs Access point logs record network behavior related to wireless access. In this scenario, disassociation events recorded in access point logs can indicate a threat actor attempting to attack the wireless network.
An organization has hired an HR director to improve the performance of the HR Division. The director first noted the lack of an exit process for employees or contractors. What are some IT security areas an exit process should focus on? (Select the three best options.) A.Account management B.Personal assets C.Physical security D.Company assets
Account management Personal assets Company assets
What is the process used to encrypt and decrypt a message? A.Cryptanalysis B.Plaintext C.Ciphertext D.Algorithm
Algorithm
Which tool assesses different facets of cloud services, such as network bandwidth, virtual machine status, and program health in a network environment? A.Vulnerability scanner B.System monitor C.Application monitor D.Data loss prevention (DLP) tool
Application monitor
As a Security Operations Center (SOC) analyst for a large financial institution that deals with high volumes of alerts and potential threats, what crucial benefit does implementing automation and orchestration in security operations provide? A.Automation and orchestration help simplify the nature of threats, thus reducing the volume of alerts. B.Automation and orchestration perform repetitive tasks quickly and consistently, reducing human error. C.Automation and orchestration eliminate the need for human intervention in many security operations. D.Automation and orchestration cut costs by reducing the number of cybersecurity professionals needed.
Automation and orchestration perform repetitive tasks quickly and consistently, reducing human error.
Which intrusion detection method involves the analysis engine trained to recognize baseline "normal" traffic and generates an incident when it detects deviations from this baseline? A.Signature-based detection B.Behavioral- and anomaly-based detection C.Trend analysis D.Network traffic analysis (NTA)
Behavioral- and anomaly-based detection
A newly-hired cybersecurity manager of a software company evaluates the available intrusion detection and intrusion prevention capabilities of the company. What method detects changes in normal "baseline" operating data sequences and identifies abnormal sequences? A.Signature-based detection B.Behavioral-based detection C.Network behavior and anomaly detection D.Network traffic analysis
Behavioral-based detection Behavioral-based detection is a network monitoring system that detects changes in normal operating data sequences and identifies abnormal sequences. It uses an engine that is trained to recognize baseline "normal traffic" or events.
A large healthcare organization is considering an alliance with a third-party medical software provider. The organization wants to ensure they well-document all aspects of the alliance, with both parties understanding their roles and responsibilities. Which of the following should the healthcare organization prioritize to clearly define the parameters, the expectations for both parties, and the protocols for managing risks and security? A.Business Partnership Agreement (BPA) and Rules of Engagement (RoE) B.Memorandum of Understanding (MOU) and nondisclosure agreement (NDA) C.Service level agreement (SLA) and statement of work (SOW) D.Questionnaires and master services agreement (MSA)
Business Partnership Agreement (BPA) and Rules of Engagement (RoE) A BPA sets the terms for long-term strategic partnerships, including objectives, financial arrangements, decision-making processes, intellectual property rights, and dispute-resolution mechanisms. The RoE establishes the boundaries and expectations of the partnership, covering roles, security requirements, compliance obligations, reporting and communication protocols, change management procedures, and contractual provisions related to risk management.
An organization has a significant amount of mobile devices that it manages. Which mobile device deployment model gives the organization the MOST control over the device, thereby improving security? A.BYOD B. CYOD (Choose Your Own Device) C. COBO (Corporate-Owned Business Only) D. COPE (Corporate-Owned, Personally Enabled)
COBO Corporate-Owned Business Only (COBO) grants the organization ownership of the device, allowing its use solely for company business, providing the most control and improved security.
A small development company just set up a web server and must ensure a secure customer connection. Regarding digital certificates, what is a file containing the information that the subject wants to use in the certificate, including its public key? A.CA B.CSR C.CRL D.PKI
CSR The Certificate Signing Request (CSR) is a file containing the information that the subject wants to use in the certificate, including its public key.
A network architect at a global financial institution overhauls the company's on-premises network to enhance security and reduce the attack surface. To accomplish this, the architect assesses various architecture models and their respective impact on the on-premises network's security implications. While redesigning the on-premises network, which architecture derivative/model could effectively decrease the attack surface? A.Centralized architecture B.Peer-to-peer network C.Content delivery networks D.Hybrid cloudCentralized architecture
Centralized architecture Centralized computing architecture refers to a model where all data processing and storage is performed in a single location, typically a central server. That can help minimize threat vectors.
A large certificate-issuing company lost its reputation due to poor business practices. Its higher signing authority revoked the ability to issue new certificates, and browsers now show it as invalid. What describes the position that the company once had but has now lost? A.Root Certificate Authority B.Certificate Signing Request C.Certificate Authority D.Certificate Revocation List
Certificate Authority A Certificate Authority (CA) is a server that guarantees subject identities by issuing signed digital certificate wrappers for their public keys.
An organization's security officer is actively developing a new data protection strategy. The plan aims to fortify the integrity of data stored on the company's servers to uphold the confidentiality, integrity, and availability (CIA) triad principles. In this development process, which data protection method should the security officer primarily implement to ensure the accuracy and consistency of data over its entire life cycle, according to the principles of the CIA triad, particularly focusing on enhancing the "integrity" aspect? A.User access controls B.Data backup C.Checksum verification D.Data encryption
Checksum verification Checksum verification not only assures the "Integrity" aspect of the CIA triad but also significantly bolsters data integrity by minimizing the risk of data corruption.
To improve security, the security team at a growing tech company aims to update its infrastructure. They explore different architecture models and ponder the implications of logical segmentation. To curb lateral movement within the network (in case an intruder accesses one segment), the team plans to split the network into smaller, isolated segments, each boasting its own resources and security controls. Considering this strategy to boost security, which architecture model would optimally support the logical segmentation strategy? A.Client-server model B.Peer-to-peer model C.Hybrid model D.Monolithic model
Client-server model The client-server model best supports logical segmentation. In this model, clients request services, and servers provide those services. This model is more suitable for segmentation as each segment can have its own server that manages its resources and security controls.
The network security engineer at a multinational company is preparing to introduce a new network infrastructure model. The company's objective is to minimize the attack surface by implementing effective port security measures. To accomplish this, the engineer is evaluating the security implications of various architecture models and their compatibility with port security measures. Since the network security engineer plans to deploy port security to minimize the attack surface, which architecture model can BEST assist in supporting and enhancing the effectiveness of port security? A.Peer-to-peer model B.Client-server model C.Hybrid model D.Three-tier model
Client-server model The client-server model can enhance the effectiveness of port security as it has centralized servers, making it easier to monitor and manage port security.
In exploring the tenets of Zero Trust Architecture, a cyber consultant reviews its' various benefits and components to determine how the solution can help the company. What components are associated with ZTA? (Select the two best options.) A.Better access controls B.Cloud security C.Improved governance and compliance D.Data protection
Cloud security Data protection
An organization must ensure its operating practices align with laws, regulations, standards, policies, and ethical requirements. The organization wants to evaluate the effectiveness of internal controls, identify any noncompliance or risk areas, and communicate findings to internal stakeholders such as risk managers. Which internal assessment approach would be MOST appropriate for this purpose? A.Using an audit committee B.Compliance assessment C.Self-assessment D.Regulatory assessment
Compliance assessment
A healthcare provider must maintain comprehensive patient records while ensuring the privacy of individuals' information. How can the provider navigate legal requirements for data retention with respect to patients who request that their information be removable? A.Establishing a specific data retention policy B.Maintaining extended data inventory C.Complying with the right to be forgotten D.Regularly reviewing and updating privacy policies
Complying with the right to be forgotten
A large financial institution is considering outsourcing its IT infrastructure to a third-party cloud service provider. The company has concerns about the risks of giving its sensitive financial data to an external vendor. What approach should the company use to ensure the vendor complies with the appropriate security standards and regulations? A.Enter into a contract without clauses for regular assessments or audits of the vendor's security practices. B.Rely on the vendor's reputation in the industry without the need to conduct any further assessments. C.Conduct pen testing on the vendor's infrastructure to ensure the vendor performs regular pen tests. D.Prioritize the vendor's cost and ease of use over security considerations based on their capabilities.
Conduct pen testing on the vendor's infrastructure to ensure the vendor performs regular pen tests. - Penetration testing identifies potential vulnerabilities in a vendor's systems, networks, and applications, assessing their security posture. The company gains insights into the vendor's security resilience and vulnerabilities that attackers could exploit by conducting or requesting evidence of regular penetration tests.
A large multinational software company experienced a ransomware attack. After running a forensic audit and recovering data from backups, the company found that it was an organized, illicit, nonpolitical group that attempted to extort it. What describes the attack that occurred to the company? A.Insider threat B.Hacktivism C.Service disruption D.Cybercrime
Cybercrime
Upon learning that the organization is looking to enhance network security solutions for the corporate office, a software technician explores the benefits of deploying a Zero Trust Architecture (ZTA). What is not a key benefit of using a ZTA? A.Greater security B.Better access controls C.Decreased granularity D.Improved governance and compliance
Decreased granularity
A help desk receives multiple calls from customers stating that they are experiencing incredibly slow connections to needed files, and an increasing number of users are having problems logging into their user accounts. Resource consumption and resource inaccessibility are typically indicators of what type of attack? A.Trojan B.Account compromise C.Denial of Service D.Ransomware
Denial of Service
A security administrator reviews the network configurations of a recently deployed server. The administrator notices that certain unnecessary services have access to the server, potentially creating vulnerabilities. The administrator decides to refine the access control list (ACL) to enhance the server's security. Which action will the security administrator MOST likely take when refining the ACL to ensure that only necessary services communicate with the server, thereby reducing potential attack vectors? A.Permit all incoming traffic to maintain functionality B.Deny all traffic and allow exceptions based on requirement C.Permit traffic only from trusted MAC addresses D.Implement a stateful firewall for the server
Deny all traffic and allow exceptions based on requirement
An organization has seen an uptick in phishing emails slipping through its security filters. It is enhancing technical security measures but is considering immediate actions to involve employees more effectively in its defense strategy to mitigate related risks. Which actions should the organization undergo? (Select the best three options.) A.Conduct training sessions for employees to recognize phishing attempts B.Implement a system for employees to report detected suspicious emails C.Deploy a new firewall to inspect incoming email traffic D.Enforce two-factor authentication for all company accounts
Deploy a new firewall to inspect incoming email traffic (doesn't engage users)
Which of the following methods is a replacement for Wi-Fi Protected Setup (WPS) as a more secure means of configuring client devices with the necessary information to access a Wi-Fi network? A.Device Provisioning Protocol (DPP) B.Wi-Fi Protected Access 3 (WPA3) C.Enhanced Open D.Simultaneous Authentication of Equals (SAE)
Device Provisioning Protocol (DPP)
A coffee chain hired a marketing firm to set up a website that allows sign-ups. However, after testing the website, an error message in the browser stated that the connection was insecure. What should the marketing firm purchase and set up so that the page shows that it is secure? A.Digital certificate B.Certificate Authority C.Cryptoanalysis D.Certificate Signing Request
Digital certificate
An information technology manager conducted an audit of the company's support tickets. The manager noticed a trend with the tickets, where the majority were for new computer setups. What security control function would the manager's implementation of a new standard operating procedure have? A.Compensating B.Deterrent C.Directive D.Corrective
Directive
An IT admin receives an alert regarding an employee's web activity in which requested addresses are not written in plaintext, but contain entries such as %2e%2e%2f%2e%2e%2f%2e%2e%2f. What could this employee be attempting to do? (Select the two best options.) A.Command injection attack B.Directory traversal attack C.Canonicalization attack D.Injection attack
Directory traversal attack - A directory traversal attack occurs when a website user requests a file in an attempt to get to the parent directory. If settings are not correct on the web server, it could allow a malicious actor enhanced privileges to the network. Canonicalization attack - A canonicalization attack attempts to circumvent certain web server command filtrations by using the canonicalization of plaintext. If it is successful, it may allow code injection or directory traversal.
A healthcare provider is preparing for an upcoming audit of its patient data management system. The chief compliance officer focuses on ensuring that the organization has taken the necessary steps to identify and minimize risks related to the handling of patient data. What is the chief compliance officer primarily concentrating on? A.Due diligence and care B.Attestation and acknowledgment C.Data encryption strategy D.Employee training program
Due diligence and care
The chief information officer (CIO) tasked the network administrator with redeveloping the credential policy for the company. While working on the new policy, the chief executive officer (CEO) asked why having more than one factor to log into the computers was important. Why is just having a password not enough in today's world? A.Employees choose poor passwords B.Employee passwords are always secure C.Employees dislike using passwords D.Employees choose strong passwords
Employees choose poor passwords
A multinational corporation is preparing to launch a new cloud service that will store customer data from various countries. The chief privacy officer (CPO) must ensure the service complies with cross-border data transfer regulations and individual rights under different national and international laws. What is the CPO considering? A.Auditing physical access controls at data centers to ensure compliance B.Implementing region-specific data minimization practices for data collection C.Updating the corporation's firewall configurations for the new cloud service D.Ensuring adherence to global data transfer frameworks and agreements
Ensuring adherence to global data transfer frameworks and agreements
The security manager at a multinational enterprise is devising a plan to enhance the physical security of the organization's data center. The data center hosts critical infrastructure, and a security breach could severely impact operations. The security manager aims to apply appropriate physical isolation principles to secure the infrastructure. What critical strategy should the security manager employ to enhance the data center's physical security through effective physical isolation? A.Implement biometric security measures at all entry points B.Install closed-circuit TV surveillance across the office building C.Establish separate, secure areas for network equipment D.Increase the number of physical security guards
Establish separate, secure areas for network equipment
An organization's security team is in the process of implementing new security measures for managing its hardware, software, and data assets, increasing its overall protection. The team plans to implement network segmentation, store passwords in plaintext in a secure server, establish a policy for outdated software disposal, and perform regular asset inventory audits. Considering the initiatives the security team proposes, what relevant and secure practices directly relate to managing hardware, software, and data assets effectively and efficiently while ensuring data protection? (Select the two best options.) A.Network segmentation B.Storing passwords in plaintext on a secure server C.Establishing a policy disposing of outdated software D.Performing regular audits of asset inventory
Establishing a policy disposing of outdated software Performing regular audits of asset inventory
The cybersecurity team at a multinational corporation is collaborating with the facilities department to design a new data center. The team seeks to integrate top-tier physical security controls into the site layout to maximize protection against potential threats. The discussions revolve around the best strategies to ensure the safety of the data center. When designing the physical security controls for the site layout of the new data center, which strategy would be MOST effective in deterring unauthorized access and providing a comprehensive security layer? A.Establishing a security perimeter with layered access controls B.Implementing a single, fortified main entrance C.Placing all servers near windows for easy maintenance D.Distributing security personnel evenly throughout the premises
Establishing a security perimeter with layered access controls
A healthcare provider is modernizing its data storage solutions to comply with health information privacy laws. The chief information security officer (CISO) must ensure that sending data access logs to healthcare regulatory authorities is in a specific format. What kind of reporting is taking place? A.Internal compliance reporting B.External compliance reporting C.Data retention policy enforcement D.Privacy impact assessment
External compliance reporting
An organization recently launched a Bring Your Own Device (BYOD) policy to increase work flexibility. The IT team learned that different employees have devices with varying firmware versions. Aware of the potential security implications, the chief security officer (CSO) decides to review the vulnerabilities related to firmware to ensure the organization's cybersecurity posture remains robust. In the context of device firmware vulnerabilities, which of the following actions introduces the greatest risk of a potential breach when employees use the devices for work? A.Refraining from updating third-party applications regularly B.Not enabling multifactor authentication (MFA) on the device C.Failing to update the device's firmware to the latest version D.Using the device on a public Wi-Fi without a virtual private network (VPN)
Failing to update the device's firmware to the latest version
A system has sent an alert due to a large increase in attempted logins to a company's web server, including failed intrusion attempts. The webserver is actively under attack by a malicious actor. What could happen with a compromised web server? (Select the three best options.) A.Gain control of the host B.Steal data from the host C.Gain further access to the network D.Escalate privileges on the network
Gain control of the host Steal data from the host Gain further access to the network
A defense contractor has tasked its local network administrator with securing communications between the organization's web server and clients to protect sensitive user information. Which protocol should the network administrator choose to achieve this security objective? A.HTTP B.Telnet C.HTTPS D.SSH
HTTPS
An outside nongovernment-affiliated group posted a message online claiming responsibility for shutting down the pipeline of a large oil and gas company. The group claims to have performed this through a vulnerability in the company's supervisory control and data acquisition (SCADA) equipment that controls the flow through the pipes. What BEST describes this group of attackers? A.Nation-state B.Hacktivist C.Insider threat D.Advanced persistent threat
Hacktivist
A security consultant is working with a client to improve security practices. How can the consultant describe cryptographic hashing so the client is more likely to accept recommendations? A.Hashing speeds up the encryption process. B.Hashing slows down the encryption process. C.Hashing allows any plaintext length to look the same length as ciphertext. D.Hashing allows the same length of plaintext to be different lengths of ciphertext.
Hashing allows any plaintext length to look the same length as ciphertext. Hashing encrypted data makes it much more difficult to break. Hashing takes any length string and makes it the same length. A hashing algorithm is also useful for proving integrity.
A recent security flaw allowed a malicious actor to access sensitive data even though the data never left the server and there is full drive encryption. Which data state did the malicious actor MOST likely compromise? A.In transit B.At rest C.In use D.Through Bluetooth
In use Data in Use (or data in processing) refers to the state in which data is present in volatile memory, such as system Random Access Memory (RAM) or Central Processing Unit (CPU) registers and cache. The security flaw allows for data exploitation while in use.
A leading fintech company plans to migrate its primary financial application to a public cloud environment. Before the transition, the cloud security specialist reviews the application's architecture to ensure its resistance against potential cloud-based application attacks. Given the specific vulnerabilities associated with cloud platforms, which attack method would be the MOST effective against a cloud-based application that has not appropriately secured its Application Programming Interface (API)? A.Distributed denial of service (DDoS) against the cloud infrastructure B.Brute force attack on application user accounts C.Injection attack targeting the application's API D.Social engineering attack on cloud provider personnel
Injection attack targeting the application's API APIs often act as gateways for data exchange in cloud-based applications. If not securely configured, they become vulnerable to injection attacks.
A renowned bank in the city center is reassessing its physical security controls after a recent break-in attempt. The bank's security manager advocates overhauling the current alarm systems and introducing advanced sensors. The board members, unfamiliar with these concepts, request insights on effectively combining the two for heightened security. Considering the need to upgrade the bank's physical security, which strategies will MOST effectively enhance the synergy between alarm systems and sensors? (Select the two best options.) A.Integrate motion sensors with the alarm system to trigger alerts for unauthorized movements B.Set up alarms to sound only during official bank hours C.Use glass break sensors connected to the alarm for instant alerts on forced entry D.Install temperature sensors and link them to the main alarm to detect computer system overheating
Integrate motion sensors with the alarm system to trigger alerts for unauthorized movements Use glass break sensors connected to the alarm for instant alerts on forced entry
A recently terminated employee copied sensitive information from the company's shared drive right before permanently leaving. This employee is what kind of threat to the company? A.External B.Nation-state C.Hacktivist D.Internal
Internal
What is the primary risk when using the live acquisition method during a cybersecurity investigation? A.It renders evidence inadmissible in court. B.It increases the chances of malware spreading to other systems. C.It only captures a partial snapshot of the system's state during the breach. D.It may alert the threat actor and allow time for anti-forensic actions.
It may alert the threat actor and allow time for anti-forensic actions. This may capture more evidence or more data for analysis and reduce the impact on overall services, but the data on the actual disks will have changed, so this method may not produce legally acceptable evidence. It may also alert the threat actor and allow time for them to perform anti-forensics.
A security consultant is evaluating the resilience of a company's server room during power interruptions, focusing on the integration of Power Distribution Units (PDUs) and backup power solutions. Given the critical need for continuous operation, how do backup power generators complement the use of PDUs and UPS systems to ensure server room operations are maintained without interruption? A.It ensures power load balancing occurs across multiple servers. B.It supplies power to PDUs, preventing lapses during an outage. C.It provides prolonged power to PDUs to prevent exhausting the UPS power. D.It filters and stabilizes power before the PDU distributes it.
It provides prolonged power to PDUs to prevent exhausting the UPS power.
Which technology replaced NT LAN Manager in Active Directory? A.Kerberos B.Virtual Private Network C.Fast IDentity Online D.Unique security identifier
Kerberos The preferred system for network authentication in a Windows environment is Kerberos, which replaces the legacy system NT LAN Manager (NTLM) authentication.
A network administrator conducts an analysis on the company's network in attempts to determine attack surface, with the intent of reducing exploitable vectors. When analyzing the potential attack surface, which layer model allows unauthorized hosts to obtain a valid network address, possibly by spoofing, and communicate with hosts in other zones? A.Layer 3 B.Layer 1 C.Layer 4 D.Layer 7
Layer 3 For this scenario, layer 3 allows unauthorized hosts to obtain a valid network address, possibly by spoofing, and communicate with hosts in other zones.
Which of the following practices is critical for device hardening by providing a standard set of guidelines or checklists for configuring devices securely? A.Regular maintenance cycle B.User awareness training C.Least functionality principle D.Monitoring and encryption
Least functionality principle
What is the primary purpose of the containment phase of cybersecurity incident management during an incident response lifecycle for a user account? (Select the two best options.) A.Remove all traces of the incident from affected systems B.Identify the root cause of the incident and gather evidence for legal action C.Limit the immediate impact of the incident while securing data and notifying stakeholders D.Disable a user account
Limit the immediate impact of the incident while securing data and notifying stakeholders Disable a user account
An IT intern prepares and connects used laptops to the company network. The intern discovers that the system automatically blocks all laptops from network access once connected. What could be the cause of this problem? (Select the two best options.) A.Malware B.Potentially unwanted programs C.Incorrect local network setting D.Registry settings
Malware Potentially unwanted programs
When conducting a cybersecurity investigation, what is the significance of using a memory dump to extract valuable data from a computer system? A.Memory dumps provide information about active processes, registry data, and more. B.Memory dumps provide a permanent record of system usage for long-term trend analysis. C.Memory dumps recover lost files and volatile memory from mass storage devices. D.Memory dumps are solely beneficial for creating encrypted backups and their usage.
Memory dumps provide information about active processes, registry data, and more. A memory dump captures a snapshot of system memory, providing important information for cybersecurity investigations such as active processes, temporary file systems, registry data, network connections, and cryptographic keys.
The governmental organization in charge of managing the personnel records of the country's military service members reported that another country had accessed its database. Who BEST describes the adversary that breached the personnel records database? A.Insider threat B.Hacktivist C.Nation-state D.Advanced persistent threat
Nation-state
A hacker successfully exfiltrates a database of user passwords and attempts to gain access to it as the hacker can now go around the authentication system. What type of attack has the hacker achieved? A.Password spraying B.Brute force C.Dictionary D.Offline
Offline An offline attack means the hacker has obtained a database of password hashes. The hacker can then perform attacks against this offline database in an attempt to compromise the encryption.
A company has expanded its operations to a new location and is setting up its network infrastructure. A significant part of this setup includes strategically placing devices for optimal security and efficiency. How should the network security manager decide the optimal placement of the intrusion detection system (IDS) in the new network topology to ensure maximum visibility and efficiency without impacting overall network performance? A.Place the IDS outside the firewall B.Place the IDS at the end of the network C.Place the IDS directly behind the router D.Place the IDS near the servers
Place the IDS directly behind the router
A software engineer is tasked with identifying vulnerabilities within the network architecture. When evaluating the use of a particular architecture and selection of controls, what should not be considered as part of architectural considerations? A.Port security B.Costs C.Availability D.Risk Transference
Port security Port Security is not considered an architectural consideration but does prevent a device attached to a switch port from communicating on the network unless it matches a given MAC address or other protection profile.
A coffee chain hired a marketing firm to set up a website that allows sign-ups. However, after running a test on the website, an error message in the browser stated that the connection was insecure. What framework should the marketing firm use to ensure this error message does not show up? A.Public key infrastructure B.Certificate authority C.Cryptanalysis D.Typosquatting
Public key infrastructure Public key infrastructure (PKI) refers to a framework of Certificate Authorities (CAs), digital certificates, software, services, and other cryptographic components deployed to validate subject identities.
A multinational corporation has hired a lead IT consultant to assess the security of its various systems, including Windows and Linux servers, desktops, and mobile devices in different countries. To ensure consistent security across all these systems, which of the following tools would the consultant recommend the organization use to automate the deployment of secure baseline configurations? A.Center for Internet Security Configuration Assessment Tool (CIS-CAT) Pro B.Security Content Automation Protocol (SCAP) C.Puppet D.Security Technical Implementation Guides (STIGs)
Puppet Organizations can use configuration management tools like Puppet to automate the deployment of secure baseline configurations across various diverse systems. Puppet helps enforce consistency and detect deviations from the established baseline.
A cybersecurity consultant is assessing risks for a new e-commerce website. The consultant identifies potential risks, evaluates their impact and likelihood, and considers the organization's ability to mitigate them. Which risk assessment methodology is the consultant MOST likely using? A.Qualitative risk assessments B.Quantitative risk assessments C.Qualitative and quantitative D.Ad hoc risk assessments
Qualitative and quantitative
A company employee brought a personal computer to the IT department when it locked after receiving a file from a co-worker. The screen shows a countdown clock with a threat of encrypting files permanently unless the user pays money. What type of virus was the user's computer MOST likely infected with? (Select the two best options.) A.Ransomware B.Crypto-ransomware C.Logic bomb D.Cryptojacking malware
Ransomware Crypto-ransomware
A software development company has recently integrated new tools for dependency analysis and Software Bill of Materials (SBOM) into its development pipeline. The security team ensures that these tools effectively identify and manage vulnerabilities. When leveraging dependency analysis and SBOM tools in a software development environment, which key factors should the security team prioritize to address potential vulnerabilities more efficiently? (Select the two best options.) A.Recognizing outdated software dependencies B.Tracking the frequency of software updates C.Identifying undisclosed open-source components D.Calculating the software's runtime speed
Recognizing outdated software dependencies Identifying undisclosed open-source components
A risk manager for a company providing IT support services conducts a business impact analysis (BIA) and identifies a Mission Essential Function (MEF) that relies on a server with a Mean Time Between Failures (MTBF) of 2,500 hours and a Mean Time to Repair (MTTR) of 4 hours. Given a Maximum Tolerable Downtime (MTD) of 24 hours and a Recovery Time Objective (RTO) of 6 hours for this function, what should the risk manager prioritize in the risk management strategy? A.Improving the MTBF of the server B.Reducing the MTTR of the server C.Increasing the MTD for the function D.Extending the RTO for the function
Reducing the MTTR of the server Reducing the MTTR is crucial. With an RTO of 6 hours and an MTTR of 4 hours, other activities have limited time, such as recovery during the maximum tolerable downtime. Lowering the MTTR provides more time for those activities.
A company helps employees get up to speed quickly with correct documentation. Guidelines can be beneficial in accomplishing this goal. To ensure guidelines remain relevant, what must the company do to them? (Select the two best options.) A.Mandatory employee review B.Continually update them C.Regular review D.Periodic assessments
Regular review Periodic assessments
A company has noticed an apparent uptick in users disconnecting their sessions, then immediately reestablishing them. Their behavior after reestablishing the session is also noticeably different. What could this indicate? (Select the two best options.) A.Replay attack B.Cross-site Scripting C.Forgery attack D.Injection attack
Replay attack - A replay attack captures or guesses the token value and then submits it to reestablish the session illegitimately. A session ending and then immediately reestablishing would most likely indicate this type of attack. Cross-site Scripting - Cross-site Scripting (XSS) can compromise session cookies, which could then lead to the prediction of future session cookies, compromising all future sessions.
An information technology (IT) manager is trying to persuade the chief financial officer (CFO) to sign off on a new support and update contract for the company's virtualized environment. The CFO sees this as a waste of money since the company already has the environment up and running. The IT manager explained to the CFO that the company will no longer receive security updates to protect the environment. What describes the level of hazard posed by NOT keeping the systems up-to-date? A.Vulnerability B.Threat C.Risk D.Insider threat
Risk
A user contacts a company help desk complaining about intermittent connection problems to needed network files and shares. The user also noticed connection problems occur when the network signal strength is at its highest. What could this be a sign of? (Select the two best options.) A.Rogue access point B.Wireless denial of service C.Wireless replay D.Downgrade attack
Rogue access point - A rogue Access Point (AP) allows a person with malicious intent to place a rogue AP with a higher power to capture usernames and passwords without getting caught immediately. Wireless denial of service - A wireless denial of service attack causes network problems by not allowing users access to legitimate APs due to the rogue AP's higher signal strength.
Which security feature in the Linux kernel supports access control security policies, including mandatory access controls (MAC)? A.Group policy B.SELinux C.Application allow lists D.Configuration drift
SELinux SELinux is a security feature of the Linux kernel that supports access control security policies, including mandatory access controls. It allows granular permission control over every process and system object, strictly limiting the resources a process can access and what operations it can perform.
An educational institution's systems administrator is responsible for securing the LDAP directory service for the organization's computing resources. Which authentication method should the systems administrator implement to ensure secure access while minimizing opening extra ports on the firewall? A.It requires no authentication method B.Simple Bind authentication method C.Simple Authentication and Security Layer D.Lightweight Directory Access Protocol Secure
Simple Authentication and Security Layer SASL allows the client and server to negotiate a supported authentication mechanism and provides the option to use the command STARTTLS for encryption and message integrity. This feature is a secure way to access the Lightweight Directory Access Protocol (LDAP) directory.
The IT administrator of a global banking organization is responsible for configuring email services. The administrator must ensure secure communication between servers and servers, as well as servers and clients. Which of the following statements about securing email protocols is true? (Select the two best options.) A.Simple Mail Transfer Protocol Secure (SMTPS) is the most widely implemented and robust method for securing SMTP communications. B.Port 465 is the recommended port for secure message submission over implicit transport layer security using STARTTLS command. C.Post Office Protocol 3S (POP3S) operates over transmission control protocol port 995 by default for secured mailbox access. D.Internet Message Access Protocol Secure allows multiple clients to connect to the same mailbox on port 143 simultaneously.
Simple Mail Transfer Protocol Secure (SMTPS) is the most widely implemented and robust method for securing SMTP communications. Post Office Protocol 3S (POP3S) operates over transmission control protocol port 995 by default for secured mailbox access. - Post Office Protocol 3S (POP3S) ensures sensitive information remains protected during transmission, offering a secure and convenient method for users to access their emails. Its support for encryption and strong authentication makes it suitable for secure email services.
A coworking office wants to upgrade its Wi-Fi encryption to Wi-Fi Protected Access 3 (WPA3). Which feature of WPA3 replaces the pre-shared key (PSK) exchange protocol in WPA2 to ensure an attacker cannot intercept the Wi-Fi password even when capturing data from a successful login? A.Wi-Fi Easy Connect (DPP) B.Enhanced Open C.Updated cryptographic protocols D.Simultaneous authentication of equals (SAE)
Simultaneous authentication of equals (SAE) SAE is a feature of WPA3 that replaces the pre-shared key (PSK) exchange protocol in WPA2. SAE ensures attackers cannot intercept the Wi-Fi password even if they intercept the login.
Which tool or concept can provide a unified view of network hosts and appliances by collecting and aggregating log data from multiple sources, offering better visibility into security events? A.Event Viewer format logging B.Syslog protocol C.Event metadata analysis D.Single pane of glass analysis
Single pane of glass analysis
A small software development company is about to start a project with a new client. The client wants to understand what they can expect from the software development company in terms of the services it will provide and the timeline for the project. Which legal document would be MOST appropriate for outlining the project's specific details, including the scope, deliverables, and timeline? A.Memorandum of understanding (MOU) B.Nondisclosure agreement (NDA) C.Service level agreement (SLA) D.Statement of work (SOW)
Statement of work (SOW)
A large corporation is evaluating potential hardware suppliers and service providers for its new data center expansion. The IT team aims to select vendors that adhere to security best practices to minimize vulnerabilities. When assessing the security posture of hardware suppliers and service providers, which factors are essential for the corporation to consider to ensure reduced vulnerabilities in its data center operations? (Select the two best options.) A.Supply chain verification processes in place B.Number of data centers the supplier operates C.Hardware components' origin transparency D.Annual revenue of the service provider
Supply chain verification processes in place Hardware components' origin transparency
A cancer diagnostic clinic must transfer a large amount of data to a cloud vendor to migrate from its on-premises server. However, the amount of data would make the transfer over the internet take extensive time due to the limited bandwidth the clinic's internet provides. Instead, it wants to ship an encrypted copy of the data to the vendor. What type of encryption would BEST fit the clinic's needs? A.Symmetric algorithm B.Asymmetric algorithm C.Plaintext D.Cryptography
Symmetric algorithm
After deploying a mobile device management system to all its computers, a company noticed a small subset failed to encrypt their hard drives. After inspection, those devices do not have the correct component required for the drive encryption to function. Which security component would the company need to install for the drive encryption to work? A.CRL B.CPU C.TPM D.RAM
TPM The Trusted Platform Module (TPM) chip holds the cryptographic secrets and hardware state to help secure an encrypted hard drive.
A risk manager at a large corporation conducts a Risk and Control Self-Assessment (RCSA) to identify and assess risks for a new market expansion. The manager identifies risks associated with new regulatory requirements, market volatility, and aggressive competitors. Which Key Risk Indicator (KRI) metric is MOST critical for managing these risks? A.The number of new customers acquired in the new market expansion B.The number of regulatory violations reported by regulatory authorities C.The level of market volatility currently affecting the corporation D.The frequency of security incidents involving sensitive customer data
The number of regulatory violations reported by regulatory authorities
A large organization's security operations center (SOC) noticed in its Extended Detection and Response (XDR) antivirus software that a phished email gained access to the company ticketing system, then to the virtual private network (VPN) software, and lastly, to the company's file share. What did the SOC find? A.Threat actor B.Hacktivist C.Threat vector D.Service disruption
Threat vector
Which of the following statements about applying common security techniques to computing resources is correct? A.Secure Sockets Layer (SSL) primarily secures File Transfer Protocol (FTP) communications. B.Hypertext Transfer Protocol Secure (HTTPS) operates over port 80 by default. C.Transport Layer Security (TLS) 1.3 prevents downgrade attacks, reducing handshake messages. D.TLS 1.3 cipher suites include Rivest, Shamir, and Adelman for bulk encryption.
Transport Layer Security (TLS) 1.3 prevents downgrade attacks, reducing handshake messages.
A construction contractor received a phone call from a prospective client that the contractor's website looked off from what they expected. After an investigation, the construction company discovered that the prospect visited a similar-looking website with a slightly different URL. What caused the client to go to an incorrect website? A.Phishing B.Impersonation C.Watering hole attack D.Typosquatting
Typosquatting
An IT intern looks for information on previous network attacks, specifically indicators of attempted and successful replay, forgery, and injection attacks. Where could the intern find this information? (Select the two best options.) A.Buffer overflow B.URL analysis C.Session cookies D.Web server logs
URL analysis - Universal Resource Locators (URLs) can encode some action or data to submit to the server host. Analysis of these URLs can provide indicators of session hijacking/replay, forgery, and injection attacks. Web server logs - An administrator typically configures web servers to log Hypertext Transfer Protocol (HTTP) traffic that encounters an error or traffic that matches some predefined rule set. Web servers can preserve indicators of attempted and successful replay, forgery, and injection attacks.
A major financial institution's computer incident response team (CIRT) is dealing with a complex cyber attack. The attack started with several spear phishing emails sent to crucial employees in different departments. These emails had skillfully crafted messages and appeared to have legitimate attachments. However, upon opening them, the initiation of a highly evasive and previously unknown malware launched. What steps should the CIRT take in the containment phase of the incident response process to address this advanced attack? A.Disconnect all affected hosts from the network and shut down all communication channels. B.Use network segmentation to isolate and monitor infected systems, to analyze the attacker's tactics. C.Immediately restore affected systems from backups and apply patches to prevent further attacks. D.Temporarily disable all user accounts and applications to prevent further spread of malware.
Use network segmentation to isolate and monitor infected systems, to analyze the attacker's tactics.
A consultancy recommended that a large construction company should encrypt its wireless network. Currently, the network is set to open and allows any device to connect to it, even employees' personal devices. What encryption product would help the company secure its wireless networks? A.Transport Layer Security B.Trusted Platform Module C.Internet Protocol Security D.Wi-Fi Protected Access
Wi-Fi Protected Access
A company's IT security specialist decides to upgrade the wireless network infrastructure to enhance data protection during transmissions. Recognizing the importance of strong encryption for wireless data, the specialist evaluates the various encryption standards available. Which wireless encryption standard offers the MOST robust security for protecting wireless data transmissions and has become the preferred choice for many organizations? A.Wi-Fi Protected Access 3 B.Wired Equivalent Privacy C.Wi-Fi Protected Access D.Temporal Key Integrity Protocol
Wi-Fi Protected Access 3
