SEC4
Which of the following BEST reduces the security risks introduced when running systems that have expired vendor support and lack an immediate replacement? A. Implement proper network access restrictions. B. Initiate a bug bounty program. C. Classify the system as shadow IT. D. Increase the frequency of vulnerability scans.
A. Implement proper network access restrictions.
A security proposal was set up to track requests for remote access by creating a baseline of the users' common sign-in properties. When a baseline deviation is detected, an MFA challenge will be triggered. Which of the following should be configured in order to deploy the proposal? A. Context-aware authentication B. Simultaneous authentication of equals C. Extensive authentication protocol D. Agentless network access control
A. Context-aware authentication
A Chief Information Security Officer wants to ensure the organization is validating and checking the integrity of zone transfers. Which of the following solutions should be implemented? A. DNSSEC B. LDAPS C. NGFW D. DLP
A. DNSSEC
Server administrators want to configure a cloud solution so that computing memory and processor usage is maximized most efficiently across a number of virtual servers. They also need to avoid potential denial-of-service situations caused by availability. Which of the following should administrators configure to maximize system availability while efficiently utilizing available computing power? A. Dynamic resource allocation B. High availability C. Segmentation D. Container security
A. Dynamic resource allocation
The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, including during a pandemic or crisis. However, the CEO is concerned that some staff members may take advantage of the flexibility and work from high-risk countries while on holiday or outsource work to a third-party organization in another country. The Chief Information Officer (CIO) believes the company can implement some basic controls to mitigate the majority of the risk. Which of the following would be BEST to mitigate the CEO's concerns? (Choose two.) A. Geolocation B. Time-of-day restrictions C. Certificates D. Tokens E. Geotagging F. Role-based access controls
A. Geolocation B. Time-of-day restrictions
A security analyst is evaluating solutions to deploy an additional layer of protection for a web application. The goal is to allow only encrypted communications without relying on network devices. Which of the following can be implemented? A. HTTP security header B. DNSSEC implementation C. SRTP D. S/MIME
A. HTTP security header
A security administrator is evaluating remote access solutions for employees who are geographically dispersed. Which of the following would provide the MOST secure remote access? (Choose two.) A. IPSec B. SFTP C. SRTP D. LDAPS E. S/MIME F. SSL VPN
A. IPSec F. SSL VPN
A security analyst in a SOC has been tasked with onboarding a new network into the SIEM. Which of the following BEST describes the information that should feed into a SIEM solution in order to adequately support an investigation? A. Logs from each device type and security layer to provide correlation of events B. Only firewall logs since that is where attackers will most likely try to breach the network C. Email and web-browsing logs because user behavior is often the cause of security breaches D. NetFlow because it is much more reliable to analyze than syslog and will be exportable from every device
A. Logs from each device type and security layer to provide correlation of events
A security administrator is seeking a solution to prevent unauthorized access to the internal network. Which of the following security solutions should the administrator choose? A. MAC filtering B. Anti-malware C. Translation gateway D. VPN
A. MAC filtering
Two organizations plan to collaborate on the evaluation of new SIEM solutions for their respective companies. A combined effort from both organizations' SOC teams would speed up the effort. Which of the following can be written to document this agreement? A. MOU B. ISA C. SLA D. NDA
A. MOU
A retail store has a business requirement to deploy a kiosk computer in an open area. The kiosk computer's operating system has been hardened and tested. A security engineer is concerned that someone could use removable media to install a rootkit. Which of the following should the security engineer configure to BEST protect the kiosk computer? A. Measured boot B. Boot attestation C. UEFI D. EDR
A. Measured boot
The marketing department at a retail company wants to publish an internal website to the internet so it is reachable by a limited number of specific, external service providers in a secure manner. Which of the following configurations would be BEST to fulfil this requirement? A. NAC B. ACL C. WAF D. NAT
A. NAC
A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator MOST likely use to confirm the suspicions? A. Nmap B. Wireshark C. Autopsy D. DNSEnum
A. Nmap
Which of the following would be the BEST resource for a software developer who is looking to improve secure coding practices for web applications? A. OWASP B. Vulnerability scan results C. NIST CSF D. Third-party libraries
A. OWASP
Which of the following would be used to find the MOST common web-application vulnerabilities? A. OWASP B. MITRE ATT&CK C. Cyber Kill Chain D. SDLC
A. OWASP
An attacker was eavesdropping on a user who was shopping online. The attacker was able to spoof the IP address associated with the shopping site. Later, the user received an email regarding the credit card statement with unusual purchases. Which of the following attacks took place? A. On-path attack B. Protocol poisoning C. Domain hijacking D. Bluejacking
A. On-path attack
An IT security manager requests a report on company information that is publicly available. The manager's concern is that malicious actors will be able to access the data without engaging in active reconnaissance. Which of the following is the MOST efficient approach to perform the analysis? A. Provide a domain parameter to theHarvester tool. B. Check public DNS entries using dnsenum. C. Perform a Nessus vulnerability scan targeting a public company's IP. D. Execute nmap using the options: scan all ports and sneaky mode.
A. Provide a domain parameter to theHarvester tool.
An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft. Which of the following would be the MOST acceptable? A. SED B. HSM C. DLP D. TPM
A. SED
A recent phishing campaign resulted in several compromised user accounts. The security incident response team has been tasked with reducing the manual labor of filtering through all the phishing emails as they arrive and blocking the sender's email address, along with other time-consuming mitigation actions. Which of the following can be configured to streamline those tasks? A. SOAR playbook B. MDM policy C. Firewall rules D. URL filter E. SIEM data collection
A. SOAR playbook
The Chief Executive Officer announced a new partnership with a strategic vendor and asked the Chief Information Security Officer to federate user digital identities using SAML-based protocols. Which of the following will this enable? A. SSO B. MFA C. PKI D. DLP
A. SSO
A company is looking to migrate some servers to the cloud to minimize its technology footprint. The company has a customer relationship management system on premises. Which of the following solutions will require the LEAST infrastructure and application support from the company? A. SaaS B. IaaS C. PaaS D. SDN
A. SaaS
A security analyst is reviewing the vulnerability scan report for a web server following an incident. The vulnerability that was used to exploit the server is present in historical vulnerability scan reports, and a patch is available for the vulnerability. Which of the following is the MOST likely cause? A. Security patches were uninstalled due to user impact. B. An adversary altered the vulnerability scan reports C. A zero-day vulnerability was used to exploit the web server D. The scan reported a false negative for the vulnerability
A. Security patches were uninstalled due to user impact.
A database administrator wants to grant access to an application that will be reading and writing data to a database. The database is shared by other applications also used by the finance department. Which of the following account types is MOST appropriate for this purpose? A. Service B. Shared C. Generic D. Admin
A. Service
An organization wants to enable built-in FDE on all laptops. Which of the following should the organization ensure is installed on all laptops? A. TPM B. CA C. SAML D. CRL
A. TPM
Due to unexpected circumstances, an IT company must vacate its main office, forcing all operations to alternate, off-site locations. Which of the following will the company MOST likely reference for guidance during this change? A. The business continuity plan B. The retention policy C. The disaster recovery plan D. The incident response plan
A. The business continuity plan
An untrusted SSL certificate was discovered during the most recent vulnerability scan. A security analyst determines the certificate is signed properly and is a valid wildcard. This same certificate is installed on the other company servers without issue. Which of the following is the MOST likely reason for this finding? A. The required intermediate certificate is not loaded as part of the certificate chain. B. The certificate is on the CRL and is no longer valid. C. The corporate CA has expired on every server, causing the certificate to fail verification. D. The scanner is incorrectly configured to not trust this certificate when detected on the server.
A. The required intermediate certificate is not loaded as part of the certificate chain.
While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is alerted to a subsequent token reuse moments later on a different service using the same single sign-on method. Which of the following would BEST detect a malicious actor? A. Utilizing SIEM correlation engines B. Deploying Netflow at the network border C. Disabling session tokens for all sites D. Deploying a WAF for the web server
A. Utilizing SIEM correlation engines
Which of the following concepts BEST describes tracking and documenting changes to software and managing access to files and systems? A. Version control B. Continuous monitoring C. Stored procedures D. Automation
A. Version control
A security analyst has been tasked with creating a new WiFi network for the company. The requirements received by the analyst are as follows:* Must be able to differentiate between users connected to WiFi* The encryption keys need to change routinely without interrupting the users or forcing reauthentication* Must be able to integrate with RADIUS* Must not have any open SSIDsWhich of the following options BEST accommodates these requirements? A. WPA2-Enterprise B. WPA3-PSK C. 802.11n D. WPS
A. WPA2-Enterprise
A company labeled some documents with the public sensitivity classification. This means the documents can be accessed by: A. employees of other companies and the press. B. all members of the department that created the documents. C. only the company's employees and those listed in the document. D. only the individuals listed in the documents.
A. employees of other companies and the press.
Users report access to an application from an internal workstation is still unavailable to a specific server, even after a recent firewall rule implementation that was requested for this access. ICMP traffic is successful between the two devices. Which of the following tools should the security analyst use to help identify if the traffic is being blocked? A. nmap B. tracert C. ping D. ssh
A. nmap
A company recently decided to allow its employees to use their personally owned devices for tasks like checking email and messaging via mobile applications. The company would like to use MDM, but employees are concerned about the loss of personal data. Which of the following should the IT department implement to BEST protect the company against company data loss while still addressing the employees' concerns? A. Enable the remote-wiping option in the MDM software in case the phone is stolen. B. Configure the MDM software to enforce the use of PINs to access the phone. C. Configure MDM for FDE without enabling the lock screen. D. Perform a factory reset on the phone before installing the company's applications.
B. Configure the MDM software to enforce the use of PINs to access the phone.
An analyst receives multiple alerts for beaconing activity for a host on the network. After analyzing the activity, the analyst observes the following activity:* A user enters comptia.org into a web browser.* The website that appears is not the comptia.org site.* The website is a malicious site from the attacker.* Users in a different office are not having this issue.Which of the following types of attacks was observed? A. On-path attack B. DNS poisoning C. Locator (URL) redirection D. Domain hijacking
B. DNS poisoning
A security analyst has been tasked with ensuring all programs that are deployed into the enterprise have been assessed in a runtime environment. Any critical issues found in the program must be sent back to the developer for verification and remediation. Which of the following BEST describes the type of assessment taking place? A. Input validation B. Dynamic code analysis C. Fuzzing D. Manual code review
B. Dynamic code analysis
An organization is moving away from the use of client-side and server-side certificates for EAP. The company would like for the new EAP solution to have the ability to detect rogue access points. Which of the following would accomplish these requirements? A. PEAP B. EAP-FAST C. EAP-TLS D. EAP-TTLS
B. EAP-FAST
A network administrator is concerned about users being exposed to malicious content when accessing company cloud applications. The administrator wants to be able to block access to sites based on the AUP. The users must also be protected because many of them work from home or at remote locations, providing on-site customer support. Which of the following should the administrator employ to meet these criteria? A. Implement NAC. B. Implement an SWG. C. Implement a URL filter. D. Implement an MDM.
B. Implement an SWG.
A worldwide manufacturing company has been experiencing email account compromises. In one incident, a user logged in from the corporate office in France, but then seconds later, the same user account attempted a login from Brazil. Which of the following account policies would BEST prevent this type of attack? A. Network location B. Impossible travel time C. Geolocation D. Geofencing
B. Impossible travel time
An employee received a word processing file that was delivered as an email attachment. The subject line and email content enticed the employee to open the attachment. Which of the following attack vectors BEST matches this malware? A. Embedded Python code B. Macro-enabled file C. Bash scripting D. Credential-harvesting website
B. Macro-enabled file
Which of the following documents provides guidance regarding the recommended deployment of network security systems from the manufacturer? A. Cloud control matrix B. Reference architecture C. NIST RMF D. CIS Top 20
B. Reference architecture
Multiple beaconing activities to a malicious domain have been observed. The malicious domain is hosting malware from various endpoints on the network. Which of the following technologies would be BEST to correlate the activities between the different endpoints? A. Firewall B. SIEM C. IPS D. Protocol analyzer
B. SIEM
An analyst is trying to identify insecure services that are running on the internal network. After performing a port scan, the analyst identifies that a server has some insecure services enabled on default ports. Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them? (Choose three.) A. SFTP, FTPS B. SNMPv2, SNMPv3 C. HTTP, HTTPS D. TFTP, FTP E. SNMPv1, SNMPv2 F. Telnet, SSH G. TLS, SSL H. POP, IMAP I. Login, rlogin
B. SNMPv2, SNMPv3 C. HTTP, HTTPS F. Telnet, SSH
A new security engineer has started hardening systems. One of the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability to use SCP to transfer files to the NAS, even though the data is still viewable from the users' PCs. Which of the following is the MOST likely cause of this issue? A. TFTP was disabled on the local hosts. B. SSH was turned off instead of modifying the configuration file. C. Remote login was disabled in the networkd.conf instead of using the sshd.conf. D. Network services are no longer running on the NAS.
B. SSH was turned off instead of modifying the configuration file.
Which of the following BEST describes when an organization utilizes a ready-to-use application from a cloud provider? A. IaaS B. SaaS C. PaaS D. XaaS
B. SaaS
Which of the following would be the BEST way to analyze diskless malware that has infected a VDI? A. Shut down the VDI and copy off the event logs. B. Take a memory snapshot of the running system. C. Use NetFlow to identify command-and-control IPs. D. Run a full on-demand scan of the root volume.
B. Take a memory snapshot of the running system.
A security analyst has been reading about a newly discovered cyberattack from a known threat actor. Which of the following would BEST support the analyst's review of the tactics, techniques, and protocols the threat actor was observed using in previous campaigns? A. Security research publications B. The MITRE ATT&CK framework C. The Diamond Model of Intrusion Analysis D. The Cyber Kill Chain
B. The MITRE ATT&CK framework
An organization is migrating several SaaS applications that support SSO. The security manager wants to ensure the migration is completed securely. Which of the following application integration aspects should the organization consider before focusing into underlying implementation details? (Choose two.) A. The back-end directory source B. The identity federation protocol C. The hashing method D. The encryption method E. The registration authority F. The certificate authority
B. The identity federation protocol F. The certificate authority
A company has a flat network that is deployed in the cloud. Security policy states that all production and development servers must be segmented. Which of the following should be used to design the network to meet the security requirements? A. CASB B. VPC C. Perimeter network D. WAF
B. VPC
A news article states hackers have been selling access to IoT camera feeds. Which of the following is the MOST likely reason for this issue? A. Outdated software B. Weak credentials C. Lack of encryption D. Backdoors
B. Weak credentials
A network manager is concerned that business may be negatively impacted if the firewall in its data center goes offline. The manager would like to implement a high availability pair to: A. decrease the mean time between failures. B. remove the single point of failure. C. cut down the mean time to repair. D. reduce the recovery time objective.
B. remove the single point of failure.
Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation. INSTRUCTIONS -Not all attacks and remediation actions will be used.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Botnet->Enable DDoS protection RAT->Disable remote access services Worm-> Change default passwords Keylogger->2FA using push Backdoor->Code Review
An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given the documentation only available to the customers of the applications. Which of the following BEST represents the type of testing that will occur? A. Bug bounty B. Black-box C. Gray-box D. White-box
C. Gray-box
As part of the building process for a web application, the compliance team requires that all PKI certificates are rotated annually and can only contain wildcards at the secondary subdomain level. Which of the following certificate properties will meet these requirements? A. HTTPS://*.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022 B. HTTPS://app1.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022 C. HTTPS://*.app1.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022 D. HTTPS://*.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2023
C. HTTPS://*.app1.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022
Which of the following BEST helps to demonstrate integrity during a forensic investigation? A. Event logs B. Encryption C. Hashing D. Snapshots
C. Hashing
A systems engineer wants to leverage a cloud-based architecture with low latency between network-connected devices that also reduces the bandwidth that is required by performing analytics directly on the endpoints. Which of the following would BEST meet the requirements? (Choose two.) A. Private cloud B. SaaS C. Hybrid cloud D. IaaS E. DRaaS F. Fog computing
C. Hybrid cloud F. Fog computing
Which of the following is the MOST effective way to detect security flaws present on third-party libraries embedded on software before it is released into production? A. Employ different techniques for server- and client-side validations B. Use a different version control system for third-party libraries C. Implement a vulnerability scan to assess dependencies earlier on SDLC D. Increase the number of penetration tests before software release
C. Implement a vulnerability scan to assess dependencies earlier on SDLC
A well-known organization has been experiencing attacks from APTs. The organization is concerned that custom malware is being created and emailed into the company or installed on USB sticks that are dropped in parking lots. Which of the following is the BEST defense against this scenario? A. Configuring signature-based antivirus to update every 30 minutes B. Enforcing S/MIME for email and automatically encrypting USB drives upon insertion C. Implementing application execution in a sandbox for unknown software D. Fuzzing new files for vulnerabilities if they are not digitally signed
C. Implementing application execution in a sandbox for unknown software
Which of the following is MOST likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented? A. An RTO report B. A risk register C. A business impact analysis D. An asset value register E. A disaster recovery plan
B. A risk register
An IT manager is estimating the mobile device budget for the upcoming year. Over the last five years, the number of devices that were replaced due to loss, damage, or theft steadily increased by 10%. Which of the following would BEST describe the estimated number of devices to be replaced next year? A. ALE B. ARO C. RPO D. SLE Reveal Solution
B. ARO
A company is moving its retail website to a public cloud provider. The company wants to tokenize credit card data but not allow the cloud provider to see the stored credit card information. Which of the following would BEST meet these objectives? A. WAF B. CASB C. VPN D. TLS
B. CASB
A security analyst is hardening a network infrastructure. The analyst is given the following requirements:• Preserve the use of public IP addresses assigned to equipment on the core router.• Enable "in transport" encryption protection to the web server with the strongest ciphers.Which of the following should the analyst implement to meet these requirements? (Choose two.) A. Configure VLANs on the core router. B. Configure NAT on the core router. C. Configure BGP on the core router. D. Enable AES encryption on the web server. E. Enable 3DES encryption on the web server. F. Enable TLSv2 encryption on the web server.
B. Configure NAT on the core router. F. Enable TLSv2 encryption on the web server.
An analyst is reviewing logs associated with an attack. The logs indicate an attacker downloaded a malicious file that was quarantined by the AV solution. The attacker utilized a local non-administrative account to restore the malicious file to a new location. The file was then used by another process to execute a payload.Which of the following attacks did the analyst observe? A. Privilege escalation B. Request forgeries C. Injection D. Replay attack
C. Injection
A Chief Security Officer is looking for a solution that can reduce the occurrence of customers receiving errors from back-end infrastructure when systems go offline unexpectedly. The security architect would like the solution to help maintain session persistence. Which of the following would BEST meet the requirements? A. Reverse proxy B. NIC teaming C. Load balancer D. Forward proxy
C. Load balancer
Security analysts are conducting an investigation of an attack that occurred inside the organization's network. An attacker was able to collect network traffic between workstations throughout the network. The analysts review the following logs:The Layer 2 address table has hundreds of entries similar to the ones above. Which of the following attacks has MOST likely occurred? A. SQL injection B. DNS spoofing C. MAC flooding D. ARP poisoning
C. MAC flooding
A Chief Information Security Officer (CISO) is evaluating the dangers involved in deploying a new ERP system for the company. The CISO categorizes the system, selects the controls that apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system. Which of the following is the CISO using to evaluate the environment for this new ERP system? A. The Diamond Model of Intrusion Analysis B. CIS Critical Security Controls C. NIST Risk Management Framework D. ISO 27002
C. NIST Risk Management Framework
Which of the following is an example of risk avoidance? A. Installing security updates directly in production to expedite vulnerability fixes B. Buying insurance to prepare for financial loss associated with exploits C. Not installing new software to prevent compatibility errors D. Not taking preventive measures to stop the theft of equipment
C. Not installing new software to prevent compatibility errors
An employee's company account was used in a data breach. Interviews with the employee revealed:• The employee was able to avoid changing passwords by using a previous password again.• The account was accessed from a hostile, foreign nation, but the employee has never traveled to any other countries.Which of the following can be implemented to prevent these issues from reoccurring? (Choose two.) A. Geographic dispersal B. Password complexity C. Password history D. Geotagging E. Password lockout F. Geofencing
C. Password history F. Geofencing
A security analyst has been tasked with finding the maximum amount of data loss that can occur before ongoing business operations would be impacted. Which of the following terms BEST defines this metric? A. MTTR B. RTO C. RPO D. MTBF
C. RPO
A penetration tester is brought on site to conduct a full attack simulation at a hospital. The penetration tester notices a WAP that is hanging from the drop ceiling by its cabling and is reachable. Which of the following recommendations would the penetration tester MOST likely make given this observation? A. Employ a general contractor to replace the drop-ceiling tiles. B. Place the network cabling inside a secure conduit. C. Secure the access point and cabling inside the drop ceiling. D. Utilize only access points that have internal antennas
C. Secure the access point and cabling inside the drop ceiling.
A web server has been compromised due to a ransomware attack. Further investigation reveals the ransomware has been in the server for the past 72 hours. The systems administrator needs to get the services back up as soon as possible. Which of the following should the administrator use to restore services to a secure state? A. The last incremental backup that was conducted 72 hours ago B. The last known-good configuration C. The last full backup that was conducted seven days ago D. The baseline OS configuration
C. The last full backup that was conducted seven days ago
A security analyst is concerned about traffic initiated to the dark web from the corporate LAN. Which of the following networks should the analyst monitor? A. SFTP B. AIS C. Tor D. IoC
C. Tor
A network engineer and a security engineer are discussing ways to monitor network operations. Which of the following is the BEST method? A. Disable Telnet and force SSH. B. Establish a continuous ping. C. Utilize an agentless monitor. D. Enable SNMPv3 with passwords.
C. Utilize an agentless monitor.
A business is looking for a cloud service provider that offers a la carte services, including cloud backups, VM elasticity, and secure networking. Which of the following cloud service provider types should the business engage? A. IaaS B. PaaS C. XaaS D. SaaS
C. XaaS
During a recent security assessment, a vulnerability was found in a common OS. The OS vendor was unaware of the issue and promised to release a patch within the next quarter. Which of the following BEST describes this type of vulnerability? A. Legacy operating system B. Weak configuration C. Zero day D. Supply chain
C. Zero day
An organization is concerned that its hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities? A. hping3 -S comptia-org -p 80 B. nc -l -v comptia.org -p 80 C. nmap comptia.org -p 80 -sV D. nslookup -port=80 comptia.org
C. nmap comptia.org -p 80 -sV
A security analyst needs to implement security features across smartphones, laptops, and tablets. Which of the following would be the MOST effective across heterogeneous platforms? A. Enforcing encryption B. Deploying GPOs C. Removing administrative permissions D. Applying MDM software
D. Applying MDM software
A security analyst is looking for a solution to help communicate to the leadership team the severity levels of the organization's vulnerabilities. Which of the following would BEST meet this need? A. CVE B. SIEM C. SOAR D. CVSS
D. CVSS
A security analyst needs to implement an MDM solution for BYOD users that will allow the company to retain control over company emails residing on the devices and limit data exfiltration that might occur if the devices are lost or stolen. Which of the following would BEST meet these requirements? (Choose two.) A. Full device encryption B. Network usage rules C. Geofencing D. Containerization E. Application approve list F. Remote control
D. Containerization F. Remote control
A company recently experienced a significant data loss when proprietary information was leaked to a competitor. The company took special precautions by using proper labels; however, email filter logs do not have any record of the incident. An investigation confirmed the corporate network was not breached, but documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage. Which of the following is the BEST remediation for this data leak? A. User training B. CASB C. MDM D. DLP
D. DLP
Which of the following environments utilizes dummy data and is MOST likely to be installed locally on a system that allows code to be assessed directly and modified easily with each build? A. Production B. Test C. Staging D. Development
D. Development
The help desk has received calls from users in multiple locations who are unable to access core network services. The network team has identified and turned off the network switches using remote commands. Which of the following actions should the network team take NEXT? A. Disconnect all external network connections from the firewall. B. Send response teams to the network switch locations to perform updates. C. Turn on all the network switches by using the centralized management software. D. Initiate the organization's incident response plan.
D. Initiate the organization's incident response plan.
A security administrator needs to inspect in-transit files on the enterprise network to search for PII, credit card data, and classification words. Which of the following would be the BEST to use? A. IDS solution B. EDR solution C. HIPS software solution D. Network DLP solution
D. Network DLP solution
Which of the following secure application development concepts aims to block verbose error messages from being shown in a user's interface? A. OWASP B. Obfuscation/camouflage C. Test environment D. Prevention of information exposure
D. Prevention of information exposure
A Chief Information Security Officer has defined resiliency requirements for a new data center architecture. The requirements are as follows:* Critical fileshares will remain accessible during and after a natural disaster.* Five percent of hard disks can fail at any given time without impacting the data.* Systems will be forced to shut down gracefully when battery levels are below 20%.Which of the following are required to BEST meet these objectives? (Choose three.) A. Fiber switching B. IaC C. NAS D. RAID E. UPS F. Redundant power supplies G. Geographic dispersal H. Snapshots I. Load balancing Reveal Solution Discussion 22
D. RAID E. UPS G. Geographic dispersal
A network administrator has been alerted that web pages are experiencing long load times. After determining it is not a routing or DNS issue, the administrator logs in to the router, runs a command, and receives the following output:CPU 0 percent busy, from 300 sec ago1 sec ave: 99 percent busy5 sec ave: 97 percent busy1 min ave: 83 percent busyWhich of the following is the router experiencing? A. DDoS attack B. Memory leak C. Buffer overflow D. Resource exhaustion
D. Resource exhaustion
The IT department's on-site developer has been with the team for many years. Each time an application is released, the security team is able to identify multiple vulnerabilities. Which of the following would BEST help the team ensure the application is ready to be released to production? A. Limit the use of third-party libraries. B. Prevent data exposure queries. C. Obfuscate the source code. D. Submit the application to QA before releasing it.
D. Submit the application to QA before releasing it.
A network administrator needs to determine the sequence of a server farm's logs. Which of the following should the administrator consider? (Choose two.) A. Chain of custody B. Tags C. Reports D. Time stamps E. Hash values F. Time offset
D. Time stamps F. Time offset
A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process. Which of the following methods would BEST accomplish this goal? A. Salting the magnetic strip information B. Encrypting the credit card information in transit C. Hashing the credit card numbers upon entry D. Tokenizing the credit cards in the database
D. Tokenizing the credit cards in the database
A security analyst is receiving several alerts per user and is trying to determine if various logins are malicious. The security analyst would like to create a baseline of normal operations and reduce noise. Which of the following actions should the security analyst perform? A. Adjust the data flow from authentication sources to the SIEM. B. Disable email alerting and review the SIEM directly. C. Adjust the sensitivity levels of the SIEM correlation engine. D. Utilize behavioral analysis to enable the SIEM's learning mode.
D. Utilize behavioral analysis to enable the SIEM's learning mode.
A company deployed a WiFi access point in a public area and wants to harden the configuration to make it more secure. After performing an assessment, an analyst identifies that the access point is configured to use WPA3, AES, WPS, and RADIUS. Which of the following should the analyst disable to enhance the access point security? A. WPA3 B. AES C. RADIUS D. WPS
D. WPS
A company wants to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategy to implement? A. Incremental backups followed by differential backups B. Full backups followed by incremental backups C. Delta backups followed by differential backups D. Incremental backups followed by delta backups E. Full backups followed by differential backups
E. Full backups followed by differential backups
SIMULATION -An attack has occurred against a company.INSTRUCTIONS -You have been tasked to do the following:✑ Identify the type of attack that is occurring on the network by clicking on the attacker's tablet and reviewing the output.✑ Identify which compensating controls a developer should implement on the assets, in order to reduce the effectiveness of future attacks by dragging them to the correct server.All objects will be used, but not all placeholders may be filled. Objects may only be used once. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Session Hijacking Application Source Code - code review CRM Server - record level access Web Server - URL filter, WAF Database - Input validation
Users are presented with a banner upon each login to a workstation. The banner mentions that users are not entitled to any reasonable expectation of privacy and access is for authorized personnel only. In order to proceed past that banner, users must click the OK button. Which of the following is this an example of? A. AUP B. NDA C. SLA D. MOU
A. AUP
DDoS attacks are causing an overload on the cluster of cloud servers. A security architect is researching alternatives to make the cloud environment respond to load fluctuation in a cost-effective way. Which of the following options BEST fulfills the architect's requirements? A. An orchestration solution that can adjust scalability of cloud assets B. Use of multipath by adding more connections to cloud storage C. Cloud assets replicated on geographically distributed regions D. An on-site backup that is displayed and only used when the load increases
A. An orchestration solution that can adjust scalability of cloud assets
The Chief Information Security Officer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access. Which of the following is the BEST security solution to reduce this risk? A. CASB B. VPN concentrator C. MFA D. VPC endpoint
A. CASB
A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned that servers in the company's DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN. Which of the following TCP ports should be blocked for all external inbound connections to the DMZ as a workaround to protect the servers? (Choose two.) A. 135 B. 139 C. 143 D. 161 E. 443 F. 445
B. 139 F. 445
A cybersecurity administrator is using iptables as an enterprise firewall. The administrator created some rules, but the network now seems to be unresponsive. All connections are being dropped by the firewall. Which of the following would be the BEST option to remove the rules? A. # iptables -t mangle -X B. # iptables -F C. # iptables -Z D. # iptables -P INPUT -j DROP
B. # iptables -F
A company received a "right to be forgotten" request. To legally comply, the company must remove data related to the requester from its systems. Which of the following is the company MOST likely complying with? A. NIST CSF B. GDPR C. PCI DSS D. ISO 27001
B. GDPR
An attacker replaces a digitally signed document with another version that goes unnoticed. Upon reviewing the document's contents, the author notices some additional verbiage that was not originally in the document but cannot validate an integrity issue. Which of the following attacks was used? A. Cryptomalware B. Hash substitution C. Collision D. Phishing
B. Hash substitution
A social media company based in North America is looking to expand into new global markets and needs to maintain compliance with international standards.With which of the following is the company's data protection officer MOST likely concerned? A. NIST Framework B. ISO 27001 C. GDPR D. PCI-DSS
B. ISO 27001
