March Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > CompTIA > CompTIA Security+ > SY0-601

SY0-601 CompTIA Security+ Exam 2021 Question and Answers

Question # 4

Developers are writing code and merging it into shared repositories several times a day, where it is tested automatically. Which of the following concepts does this BEST represent?

A.

Functional testing

B.

Stored procedures

C.

Elasticity

D.

Continuous integration

Full Access
Question # 5

Which of the following controls would provide the BEST protection against tailgating?

A.

Access control vestibule

B.

Closed-circuit television

C.

Proximity card reader

D.

Faraday cage

Full Access
Question # 6

An organization would like to remediate the risk associated with its cloud service provider not meeting its advertised 99.999% availability metrics. Which of the following should the organization consult for the exact requirements for the cloud provider?

A.

SLA

B.

BPA

C.

NDA

D.

MOU

Full Access
Question # 7

Which of the following conditions impacts data sovereignty?

A.

Rights management

B.

Criminal investigations

C.

Healthcare data

D.

International operations

Full Access
Question # 8

An employee, receives an email stating he won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm employee's identity before sending him the prize. Which of the following BEST describes this type of email?

A.

Spear phishing

B.

Whaling

C.

Phishing

D.

Vishing

Full Access
Question # 9

An organization is concerned about hackers potentially entering a facility and plugging in a remotely accessible Kali Linux box. Which of the following should be the first lines of defense against such an attack? (Select TWO)

A.

MAC filtering

B.

Zero trust segmentation

C.

Network access control

D.

Access control vestibules

E.

Guards

F.

Bollards

Full Access
Question # 10

An enterprise needs to keep cryptographic keys in a safe manner. Which of the following network appliances can achieve this goal?

A.

HSM

B.

CASB

C.

TPM

D.

DLP

Full Access
Question # 11

A security analyst has received several reports of an issue on an internal web application. Users state they are having to provide their credentials twice to log in. The analyst checks with the application team and notes this is not an expected behavior. After looking at several logs, the analyst decides to run some commands on the gateway and obtains the following output:

Which of the following BEST describes the attack the company is experiencing?

A.

MAC flooding

B.

URL redirection

C.

ARP poisoning

D.

DNS hijacking

Full Access
Question # 12

A developer is building a new portal to deliver single-pane-of-glass management capabilities to customers with multiple firewalls. To Improve the user experience, the developer wants to implement an authentication and authorization standard that uses security tokens that contain assertions to pass user Information between nodes. Which of the following roles should the developer configure to meet these requirements? (Select TWO).

A.

Identity processor

B.

Service requestor

C.

Identity provider

D.

Service provider

E.

Tokenized resource

F.

Notarized referral

Full Access
Question # 13

Which of the following environment utilizes dummy data and is MOST to be installed locally on a system that allows to be assessed directly and modified easily wit each build?

A.

Production

B.

Test

C.

Staging

D.

Development

Full Access
Question # 14

Which of the following disaster recovery tests is the LEAST time consuming for the disaster recovery team?

A.

Tabletop

B.

Parallel

C.

Full interruption

D.

Simulation

Full Access
Question # 15

A security analyst is running a vulnerability scan to check for missing patches during a suspected security rodent During which of the following phases of the response process is this activity MOST likely occurring?

A.

Containment

B.

Identification

C.

Recovery

D.

Preparation

Full Access
Question # 16

A security researcher has alerted an organization that its sensitive user data was found for sale on a website. Which of the following should the organization use to inform the affected parties?

A.

A An incident response plan

B.

A communications plan

C.

A business continuity plan

D.

A disaster recovery plan

Full Access
Question # 17

A security assessment found that several embedded systems are running unsecure protocols. These Systems were purchased two years ago and the company that developed them is no longer in business Which of the following constraints BEST describes the reason the findings cannot be remediated?

A.

inability to authenticate

B.

Implied trust

C.

Lack of computing power

D.

Unavailable patch

Full Access
Question # 18

Which of the following provides a catalog of security and privacy controls related to the United States federal information systems?

A.

GDPR

B.

PCI DSS

C.

ISO 27000

D.

NIST 800-53

Full Access
Question # 19

A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirement?

A.

Asymmetric

B.

Symmetric

C.

Homomorphic

D.

Ephemeral

Full Access
Question # 20

Which of the following is the MOST secure but LEAST expensive data destruction method for data that is stored on hard drives?

A.

Pulverizing

B.

Shredding

C.

Incinerating

D.

Degaussing

Full Access
Question # 21

A systems administrator is considering different backup solutions for the IT infrastructure. The company is looking for a solution that offers the fastest recovery time while also saving the most amount of storage used to maintain the backups. Which of the following recovery solutions would be the BEST option to meet these requirements?

A.

Snapshot

B.

Differential

C.

Full

D.

Tape

Full Access
Question # 22

After a WiFi scan of a local office was conducted, an unknown wireless signal was identified Upon investigation, an unknown Raspberry Pi device was found connected to an Ethernet port using a single connection. Which of the following BEST describes the purpose of this device?

A.

loT sensor

B.

Evil twin

C.

Rogue access point

D.

On-path attack

Full Access
Question # 23

A network analyst is investigating compromised corporate information. The analyst leads to a theory that network traffic was intercepted before being transmitted to the internet. The following output was captured on an internal host:

Based on the IoCS, which of the following was the MOST likely attack used to compromise the network communication?

A.

Denial of service

B.

ARP poisoning

C.

Command injection

D.

MAC flooding

Full Access
Question # 24

one of the attendees starts to notice delays in the connection. and the HTTPS site requests are reverting to HTTP. Which of the following BEST describes what is happening?

A.

Birthday collision on the certificate key

B.

DNS hacking to reroute traffic

C.

Brute force to the access point

D.

A SSL/TLS downgrade

Full Access
Question # 25

A company was compromised, and a security analyst discovered the attacker was able to get access to a service account. The following logs were discovered during the investigation:

Which of the following MOST likely would have prevented the attacker from learning the service account name?

A.

Race condition testing

B.

Proper error handling

C.

Forward web server logs to a SIEM

D.

Input sanitization

Full Access
Question # 26

Which of the following would be most effective to contain a rapidly spreading attack that is affecting a large number of organizations?

A.

Machine learning

B.

DNS sinkhole

C.

Blocklist

D.

Honey pot

Full Access
Question # 27

A company is designing the layout of a new data center so it will have an optimal environmental temperature Which of the following must be included? (Select two).

A.

An air gap

B.

A cold aisle

C.

Removable doors

D.

A hot aisle

E.

An loT thermostat

F.

A humidity monitor

Full Access
Question # 28

A privileged user at a company stole several proprietary documents from a server. The user also went into the log files and deleted all records of the incident The systems administrator has just informed investigators that other log files are available for review Which of the following did the administrator most likely configure that will assist the investigators?

A.

Memory dumps

B.

The syslog server

C.

The application logs

D.

The log retention policy

Full Access
Question # 29

A threat actor used a sophisticated attack to breach a well-known ride-sharing. company. The threat actor posted on social media that this action was in response to the company's treatment of its drivers Which of the following best describes tm type of throat actor?

A.

Nation-slate

B.

Hacktivist

C.

Organized crime

D.

Shadow IT

Full Access
Question # 30

The most recent vulnerability scan flagged the domain controller with a critical vulnerability. The systems administrator researched the vulnerability and discovered the domain controller

does not run the associated application with the vulnerability. Which of the following steps should the administrator take next?

A.

Ensure the scan engine is configured correctly.

B.

Apply a patch to the domain controller.

C.

Research the CVE.

D.

Document this as a false positive.

Full Access
Question # 31

Which of the following teams combines both offensive and defensive testing techniques to protect an organization's critical systems?

A.

Red

B.

Blue

C.

Purple

D.

Yellow

Full Access
Question # 32

Server administrators want to configure a cloud solution so that computing memory and processor usage are maximized most efficiently across a number of virtual servers. They also need to avoid potential denial-of-service situations caused by availability. Which of the following should administrators configure to maximize system availability while efficiently utilizing available computing power?

A.

Dynamic resource allocation

B.

High availability

C.

Segmentation

D.

Container security

Full Access
Question # 33

In which of the following scenarios is tokenization the best privacy technique to use?

A.

Providing pseudo-anonymization for social media user accounts

B.

Serving as a second factor for authentication requests

C.

Enabling established customers to safely store credit card information

D.

Masking personal information inside databases by segmenting data

Full Access
Question # 34

A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?

A.

A worm is propagating across the network.

B.

Data is being exfiltrated.

C.

A logic bomb is deleting data.

D.

Ransomware is encrypting files.

Full Access
Question # 35

Employees in the research and development business unit receive extensive training 10 ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day-to-day work activities?

A.

Encrypted

B.

Intellectual property

C.

Critical

D.

Data in transit

Full Access
Question # 36

A worldwide manufacturing company has been experiencing email account compromises. In one incident, a user logged in from the corporate office in France, but then seconds later, the same user account attempted a login from Brazil. Which of the following account policies would best prevent this type of attack?

A.

Network location

B.

Impossible travel time

C.

Geolocation

D.

Geofencing

Full Access
Question # 37

A company is looking to migrate some servers to the cloud to minimize its technology footprint The company has a customer relationship management system on premises Which of the following solutions will require the least infrastructure and application support from the company?

A.

SaaS

B.

IaaS

C.

PaaS

D.

SDN

Full Access
Question # 38

An attacker is trying to gain access by installing malware on a website that is known to be visited by the target victims. Which of the following is the attacker most likely attempting?

A.

A spear-phishing attach

B.

A watering-hole attack

C.

Typo squatting

D.

A phishing attack

Full Access
Question # 39

Local guidelines require that all information systems meet a minimum security baseline to be compliant Which of the following can security administrators use to assess their system configurations against the baseline?

A.

SOAR playbook

B.

Security control matrix

C.

Risk management framework

D.

Benchmarks

Full Access
Question # 40

An organization's Chief Security Officer (CSO) wants to validate the business's involvement in the incident response plan to ensure its validity and thoroughness. Which of the following will the CSO most likely use?

A.

An external security assessment

B.

A bug bounty program

C.

A tabletop exercise

D.

A red-team engagement

Full Access
Question # 41

A security analyst was asked to evaluate a potential attack that occurred on a publicly accessible section of the company's website. The malicious actor posted an entry in an attempt to trick users into clicking the following:

Which of the following was most likely observed?

A.

DLL injection

B.

Session replay

C.

SQLi

D.

xss

Full Access
Question # 42

An organization is outlining data stewardship roles and responsibilities. Which of the following employee roles would determine the purpose of data and how to process it?

A.

Data custodian

B.

Data controller

C.

Data protection officer

D.

Data processor

Full Access
Question # 43

A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system Which of the following would detect this behavior?

A.

Implementing encryption

B.

Monitoring outbound traffic

C.

Using default settings

D.

Closing all open ports

Full Access
Question # 44

An organization is concerned that ils hosted web servers are not running the most updated version of the software. Which of the following would work best to help identify potential vulnerabilities?

A.

hping3 -S compcia.org -p 80

B.

nc -1 -v comptia.crg -p 80

C.

nmap comptia.org -p 80 -sv

D.

nslookup -port«80 comptia.org

Full Access
Question # 45

Developers are writing code and merging it into shared repositories several times a day. where it is tested automatically. Which of the following concepts does this best represent?

A.

Functional testing

B.

Stored procedures

C.

Elasticity

D.

Continuous Integration

Full Access
Question # 46

A Chief Security Officer (CSO) is concerned that cloud-based services are not adequately protected from advanced threats and malware. The CSO believes there is a high risk that a data breach could occur in the near future due to the lack of detective and preventive controls Which of the following should be implemented to best address the CSO's concerns? (Select two).

A.

AWAF

B.

A CASB

C.

An NG-SWG

D.

Segmentation

E.

Encryption

F.

Containenzation

Full Access
Question # 47

A vulnerability has been discovered and a known patch to address the vulnerability does not exist. Which of the following controls works best until a proper fix is released?

A.

Detective

B.

Compensating

C.

Deterrent

D.

Corrective

Full Access
Question # 48

A security engineer needs to recommend a solution to defend against malicious actors misusing protocols and being allowed through network defenses. Which of the following will the engineer most likely recommended?

A.

A content filter

B.

AWAF

C.

A next-generation firewall

D.

An IDS

Full Access
Question # 49

Which of the following is the correct order of volatility from most to least volatile?

A.

Memory, temporary filesystems. routing tables, disk, network storage

B.

Cache, memory, temporary filesystems. disk, archival media

C.

Memory, disk, temporary filesystems. cache, archival media

D.

Cache, disk, temporary filesystems. network storage, archival media

Full Access
Question # 50

A security administrator received an alert for a user account with the following log activity:

Which of the following best describes the trigger for the alert the administrator received?

A.

Number of failed log-in attempts

B.

Geolocation

C.

Impossible travel time

D.

Time-based log-in attempt

Full Access
Question # 51

Which of the following holds staff accountable while escorting unauthorized personnel?

A.

Locks

B.

Badges

C.

Cameras

D.

Visitor logs

Full Access
Question # 52

A dynamic application vulnerability scan identified that code injection could be performed using a web form. Which of the following will be the best remediation to prevent this vulnerability?

A.

Implement input validations

B.

Deploy UFA

C.

Utilize a WAF

D.

Conjure HIPS

Full Access
Question # 53

A user's login credentials were recently compromised During the investigation, the security analyst determined the user input credentials into a pop-up window when prompted to confirm the username and password However the trusted website does not use a pop-up for entering user colonials Which of the following attacks occurred?

A.

Cross-site scripting

B.

SOL injection

C.

DNS poisoning

D.

Certificate forgery

Full Access
Question # 54

An attacker was eavesdropping on a user who was shopping online. The attacker was able to spoof the IP address associated with the shopping site. Later, the user received an email regarding credit card statement with unusual purchases. Which of the following attacks took place?

A.

On-path attack

B.

Protocol poisoning

C.

Domain hijacking

D.

Bluejacking

Full Access
Question # 55

A software company adopted the following processes before releasing software to production

• Peer review

• Static code scanning

• Signing

A considerable number of vulnerabilities are still being detected when code is executed on production Which of the following security tools can improve vulnerability detection on this environment?

A.

File integrity monitoring for the source code

B.

Dynamic code analysis tool

C.

Encrypted code repository

D.

Endpoint detection and response solution

Full Access
Question # 56

An analyst is concerned about data leaks and wants to restrict access to internet services to authorized users only. The analyst also wants to control the actions each user can perform on each service. Which of the following would be the best technology for the analyst to consider implementing?

A.

DLP

B.

VPC

C.

CASB

D.

Content filtering

Full Access
Question # 57

A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logon attempts to access the departed executive's accounts. Which of the following security practices would have addressed the issue?

A.

A non-disclosure agreement

B.

Least privilege

C.

An acceptable use policy

D.

Off boarding

Full Access
Question # 58

A routine audit of medical billing claims revealed that several claims were submitted without the subscriber's knowledge A review of the audit logs for the medical billing company's system indicated a company employee downloaded customer records and adjusted the direct deposit information to a personal bank account Which of the following does this action describe?

A.

Insider threat

B.

Social engineering

C.

Third-party risk

D.

Data breach

Full Access
Question # 59

Which of the following describes the ability of code to target a hypervisor from inside a guest OS?

A.

Fog computing

B.

VM escape

C.

Software-defined networking

D.

Image forgery

E.

Container breakout

Full Access
Question # 60

A security analyst is creating baselines for the server team to follow when hardening new devices for deployment. Which of the following best describes what the analyst is creating?

A.

Change management procedure

B.

Information security policy

C.

Cybersecurity framework

D.

Secure configuration guide

Full Access
Question # 61

A large industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the company's security manager notices the generator's IP is sending packets to an internal file server's IP. Which of the following mitigations would be best for the security manager to implement while maintaining alerting capabilities?

A.

Segmentation

B.

Firewall allow list

C.

Containment

D.

Isolation

Full Access
Question # 62

Which of the following is a reason why a forensic specialist would create a plan to preserve data after an incident and prioritize the sequence for performing forensic analysis?

A.

Order of volatility

B.

Preservation of event logs

C.

Chain of custody

D.

Compliance with legal hold

Full Access
Question # 63

A security analyst is reviewing the output of a web server log and notices a particular account is attempting to transfer large amounts of money:

GET http://yourbank.com/transfer.do?acctnum=08764 6959 &amount=500000 HTTP/1.1

GET http://yourbank.com/transfer.do?acctnum=087646958 &amount=5000000 HTTP/1.1

GET http://yourbank.com/transfer.do?acctnum=-087646958 &amount=1000000 HTTP/1.1

GET http://yourbank.com/transfer.do?acctnum=087646953 &amount=500 HTTP/1.1

Which of the following types of attacks is most likely being conducted?

A.

SQLi

B.

CSRF

C.

Spear phishing

D.

API

Full Access
Question # 64

The application development teams have been asked to answer the following questions:

  • Does this application receive patches from an external source?
  • Does this application contain open-source code?
  • Is this application accessible by external users?
  • Does this application meet the corporate password standard?

Which of the following are these questions part of?

A.

Risk control self-assessment

B.

Risk management strategy

C.

Risk acceptance

D.

Risk matrix

Full Access
Question # 65

A security analyst discovers several jpg photos from a cellular phone during a forensics investigation involving a compromised system The analyst runs a forensics tool to gather file metadata Which of the following would be part of the images if all the metadata is still intact?

A.

The GSS location

B.

When the file was deleted

C.

The total number of print jobs

D.

The number of copies made

Full Access
Question # 66

When implementing automation with loT devices, which of the following should be considered first to keep the network secure?

A.

Z-Wave compatibility

B.

Network range

C.

Zigbee configuration

D.

Communication protocols

Full Access
Question # 67

A security engineer must deploy two wireless routers in an office suite Other tenants in the office building should not be able to connect to this wireless network Which of the following protocols should the engineer implement to ensure the strongest encryption?

A.

WPS

B.

WPA2

C.

WAP

D.

HTTPS

Full Access
Question # 68

A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?

A.

Accept

B.

Transfer

C.

Mitigate

D.

Avoid

Full Access
Question # 69

Recent changes to a company's BYOD policy require all personal mobile devices to use a two-factor authentication method that is not something you know or have. Which of the following will meet this requirement?

A.

Facial recognition

B.

Six-digit PIN

C.

PKI certificate

D.

Smart card

Full Access
Question # 70

An organization suffered numerous multiday power outages at its current location. The Chief Executive Officer wants to create a disaster recovery strategy to resolve this issue. Which of the following options offer low-cost solutions? (Select two).

A.

Warm site

B.

Generator

C.

Hot site

D.

Cold site

E.

Cloud backups

F.

UPS

Full Access
Question # 71

Given the following snippet of Python code:

Which of the following types of malware MOST likely contains this snippet?

A.

Logic bomb

B.

Keylogger

C.

Backdoor

D.

Ransomware

Full Access
Question # 72

An air traffic controller receives a change in flight plan for an morning aircraft over the phone. The air traffic controller compares the change to what

appears on radar and determines the information to be false. As a result, the air traffic controller is able to prevent an incident from occurring. Which of the following is this scenario an example of?

A.

Mobile hijacking

B.

Vishing

C.

Unsecure VoIP protocols

D.

SPIM attack

Full Access
Question # 73

A company would like to move to the cloud. The company wants to prioritize control and security over cost and ease of management. Which of the following cloud models would best suit this company's priorities?

A.

Public

B.

Hybrid

C.

Community

D.

Private

Full Access
Question # 74

Unauthorized devices have been detected on the internal network. The devices’ locations were traced to Ether ports located in conference rooms. Which of the following would be the best technical controls to implement to prevent these devices from accessing the internal network?

A.

NAC

B.

DLP

C.

IDS

D.

MFA

Full Access
Question # 75

An organization wants to secure a LAN/WLAN so users can authenticate and transport data securely. The solution needs to prevent on-path attacks and evil twin attacks. Which of the following will best meet the organization's need?

A.

MFA

B.

802.1X

C.

WPA2

D.

TACACS

Full Access
Question # 76

A company is moving its retail website to a public cloud provider. The company wants to tokenize audit card data but not allow the cloud provider to see the stored credit card information. Which of the following would BEST meet these objectives?

A.

WAF

B.

CASB

C.

VPN

D.

TLS

Full Access
Question # 77

A Security engineer needs to implement an MDM solution that complies with the corporate mobile device policy. The policy states that in order for mobile users to access corporate resources on their

devices, the following requirements must be met:

  • Mobile device OSs must be patched up to the latest release.
  • A screen lock must be enabled (passcode or biometric).
  • Corporate data must be removed if the device is reported lost or stolen.

Which of the following controls should the security engineer configure? (Select two).

A.

Disable firmware over-the-air

B.

Storage segmentation

C.

Posture checking

D.

Remote wipe

E.

Full device encryption

F.

Geofencing

Full Access
Question # 78

An organization recently released a zero-trust policy that will enforce who is able to remotely access certain data. Authenticated users who access the data must have a need to know, depending on their level of permissions.

Which of the following is the first step the organization should take when implementing the policy?

A.

Determine a quality CASB solution.

B.

Configure the DLP policies by user groups.

C.

Implement agentless NAC on boundary devices.

D.

Classify all data on the file servers.

Full Access
Question # 79

A new security engineer has started hardening systems. One of the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability to use SCP to transfer files to the NAS, even though the data is still viewable from the users' PCs. Which of the following is the MOST likely cause of this issue?

A.

TFTP was disabled on the local hosts

B.

SSH was turned off instead of modifying the configuration file

C.

Remote login was disabled in the networkd.conf instead of using the sshd.conf.

D.

Network services are no longer running on the NAS.

Full Access
Question # 80

Which of the following incident response phases should the proper collection of the detected 'ocs and establishment of a chain of custody be performed before?

A.

Containment

B.

Identification

C.

Preparation

D.

Recovery

Full Access
Question # 81

A security team is providing input on the design of a secondary data center that has the following requirements:+ Anatural disaster at the primary site should not affect the secondary site. The secondary site should have the capability for failover during traffic surge situations.+ The secondary site must meet the same physical security requirements as the primary site. The secondary site must provide protection against power surges and outages.

Which of the following should the security team recommend? (Select two).

A.

 Coniguring replication of the web servers at the primary site to offline storage

B.

 Constructing the secondary site in a geographically disperse location

C.

 Deploying load balancers at the primary site

D.

 Installing generators

E.

 Using differential backups at the secondary site

F.

 Implementing hot and cold aisles at the secondary site

Full Access
Question # 82

Which of the following procedures would be performed after the root cause of a security incident has been identified to help avoid future incidents from occurring?

A.

Walk-throughs

B.

Lessons learned

C.

Attack framework alignment

D.

Containment

Full Access
Question # 83

Which of the following would be best to ensure data is saved to a location on a server, is easily scaled, and is centrally monitored?

A.

 Edge computing

B.

Microservices

C.

Containers

D.

Thin client

Full Access
Question # 84

A security engineer is concerned the strategy for detection on endpoints is too heavily dependent on previously defined attacks. The engineer wants a tool that can monitor for changes to key files and network traffic for the device. Which of the following tools should the engineer select?

A.

HIDS

B.

AV

C.

NGF-W

D.

DLP

Full Access
Question # 85

An organization recently completed a security control assessment The organization determined some controls did not meet the existing security measures. Additional mitigations are needed to lessen the risk of the non-complaint controls. Which of the following best describes these

mitigations?

A.

Corrective

B.

Compensating

C.

Deterrent

D.

Technical

Full Access
Question # 86

Which of the following best describes when an organization Utilizes a read-to-use application from a cloud provider?

A.

IaaS

B.

SaaS

C.

PaaS

D.

XaaS

Full Access
Question # 87

A data cento has experienced an increase in under-voltage events Mowing electrical grid maintenance outside the facility These events are leading to occasional losses of system availability Which of the following would be the most cost-effective solution for the data center 10 implement''

A.

Uninterruptible power supplies with battery backup

B.

Managed power distribution units lo track these events

C.

A generator to ensure consistent, normalized power delivery

D.

Dual power supplies to distribute the load more evenly

Full Access
Question # 88

A user is trying unsuccessfully to send images via SMS. The user downloaded the images from a corporate email account on a work phone. Which of the following policies is preventing the user from completing this action?

A.

Application management

B.

Content management

C.

Containerization

D.

Full disk encryption

Full Access
Question # 89

Which of the following would satisfy three-factor authentication requirements?

A.

Password, PIN, and physical token

B.

PIN, fingerprint scan, and ins scan

C.

Password, fingerprint scan, and physical token

D.

PIN, physical token, and ID card

Full Access
Question # 90

A network security manager wants to implement periodic events that will test the security team's preparedness for incidents in a controlled and scripted manner, Which of the following concepts describes this scenario?

A.

Red-team exercise

B.

Business continuity plan testing

C.

Tabletop exercise

D.

Functional exercise

Full Access
Question # 91

An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled. Which of the following can be

used to accomplish this task?

A.

Application allow list

B.

Load balancer

C.

Host-based firewall

D.

VPN

Full Access
Question # 92

A network engineer receives a call regarding multiple LAN-connected devices that are on the same switch. The devices have suddenly been experiencing speed and latency issues while connecting to network resources. The engineer enters the command show mac address-table and reviews the following output

Which of the following best describes the attack that is currently in progress?

A.

MAC flooding

B.

Evil twin

C.

ARP poisoning

D.

DHCP spoofing

Full Access
Question # 93

A company was recently breached Pan of the company's new cybersecurity strategy is to centralize? the togs horn all security devices Which of the following components forwards the logs to a central source?

A.

Log enrichment

B.

Log queue

C.

Log parser

D.

Log collector

Full Access
Question # 94

A security architect is working on an email solution that will send sensitive data. However, funds are not currently available in the budget for building additional infrastructure. Which of the following should the architect choose?

A.

POP

B.

IPSec

C.

IMAP

D.

PGP

Full Access
Question # 95

A security team is engaging a third-party vendor to do a penetration test of a new proprietary application prior to its release. Which of the following documents would the third-party vendor

most likely be required to review and sign?

A.

SLA

B.

NDA

C.

MOU

D.

AUP

Full Access
Question # 96

A contractor overhears a customer recite their credit card number during a confidential phone call. The credit card Information is later used for a fraudulent transaction. Which of the following social engineering techniques describes this scenario?

A.

Shoulder surfing

B.

Watering hole

C.

Vishing

D.

Tailgating

Full Access
Question # 97

An organization has been experiencing outages during holiday sales and needs to ensure availability of its point-of-sales systems. The IT administrator has been asked to improve both server-data fault tolerance and site availability under high consumer load. Which of the following are the best options to accomplish this objective? (Select two.)

A.

Load balancing

B.

Incremental backups

C.

UPS

D.

RAID

E.

Dual power supply

F.

VLAN

Full Access
Question # 98

An engineer wants to inspect traffic to a cluster of web servers in a cloud environment Which of the following solutions should the engineer implement? (Select two).

A.

CASB

B.

WAF

C.

Load balancer

D.

VPN

E.

TLS

F.

DAST

Full Access
Question # 99

While researching a data exfiltration event, the security team discovers that a large amount of data was transferred to a file storage site on the internet. Which of the following controls would work best to reduce the risk of further exfiltration using this method?

A.

Data loss prevention

B.

Blocking IP traffic at the firewall

C.

Containerization

D.

File integrity monitoring

Full Access
Question # 100

A network administrator needs to determine Ihe sequence of a server farm's logs. Which of the following should the administrator consider? (Select TWO).

A.

Chain of custody

B.

Tags

C.

Reports

D.

Time stamps

E.

Hash values

F.

Time offset

Full Access
Question # 101

A security administrator Is managing administrative access to sensitive systems with the following requirements:

• Common login accounts must not be used (or administrative duties.

• Administrative accounts must be temporal in nature.

• Each administrative account must be assigned to one specific user.

• Accounts must have complex passwords.

• Audit trails and logging must be enabled on all systems.

Which of the following solutions should the administrator deploy to meet these requirements?

A.

ABAC

B.

SAML

C.

PAM

D.

CASB

Full Access
Question # 102

A security administrator is compiling information from all devices on the local network in order to gain better visibility into user activities. Which of the following is the best solution to meet

this objective?

A.

SIEM

B.

HIDS

C.

CASB

D.

EDR

Full Access
Question # 103

A network administrator needs to determine the sequence of a server farm's logs. Which of the following should the administrator consider? (Select two).

A.

Chain of custody

B.

Tags

C.

Reports

D.

Time stamps

E.

Hash values

F.

Time offset

Full Access
Question # 104

An organization wants to quickly assess how effectively the IT team hardened new laptops Which of the following would be the best solution to perform this assessment?

A.

Install a SIEM tool and properly configure it to read the OS configuration files.

B.

Load current baselines into the existing vulnerability scanner.

C.

Maintain a risk register with each security control marked as compliant or non-compliant.

D.

Manually review the secure configuration guide checklists.

Full Access
Question # 105

A security team suspects that the cause of recent power consumption overloads is the unauthorized use of empty power outlets in the network rack. Which of the following options will mitigate this issue without compromising the number of outlets

available?

A.

Adding a new UPS dedicated to the rack

B.

Installing a managed PDU

C.

Using only a dual power supplies unit

D.

Increasing power generator capacity

Full Access
Question # 106

A global pandemic is forcing a private organization to close some business units and reduce staffing at others. Which of the following would be best to help the organization's executives determine their next course of action?

A.

An incident response plan

B.

A communication plan

C.

A disaster recovery plan

D.

A business continuity plan

Full Access
Question # 107

A security administrator examines the ARP table of an access switch and sees the following output:

Which of the following is a potential threat that is occurring on this access switch?

A.

DDoSonFa02 port

B.

MAG flooding on Fa0/2 port

C.

ARP poisoning on Fa0/1 port

D.

DNS poisoning on port Fa0/1

Full Access
Question # 108

Which of the following can be used to calculate the total loss expected per year due to a threat targeting an asset?

A.

EF x asset value

B.

ALE / SLE

C.

MTBF x impact

D.

SLE x ARO

Full Access
Question # 109

A security team is conducting a security review of a hosted data provider. The management team has asked the hosted data provider to share proof that customer data is being appropriately protected.

Which of the following would provide the best proof that customer data is being protected?

A.

SOC2

B.

CSA

C.

CSF

D.

1SO 31000

Full Access
Question # 110

Which of the following best describes a tool used by an organization to identi-fy, log, and track any potential risks and corresponding risk information?

A.

Quantitative risk assessment

B.

Risk register

C.

Risk control assessment

D.

Risk matrix

Full Access
Question # 111

An account was disabled atter several failed and successful login connections were made from various parts of the Word at various times. A security analysts investigating the issue. Which of the following account policies most likely triggered the action to disable the

A.

Time based logins

B.

Password history

C.

Geofencing

D.

Impossible travel time

Full Access
Question # 112

A security manager is attempting to meet multiple security objectives in the next fiscal year. The security manager has proposed the purchase of the following four items:

Vendor A:

1- Firewall

1-12 switch

Vendor B:

1- Firewall

1-12 switch

Which of the following security objectives is the security manager attempting to meet? (Select two).

A.

Simplified patch management

B.

Scalability

C.

Zero-day attack tolerance

D.

Multipath

E.

Replication

F.

Redundancy

Full Access
Question # 113

A web server log contains two million lines. A security analyst wants to obtain the next 500 lines starting from line 4,600. Which of the following commands will help the security analyst to achieve this objective?

A.

cat webserver.log | head -4600 | tail +500 |

B.

cat webserver.log | tail -1995400 | tail -500 |

C.

cat webserver.log | tail -4600 | head -500 |

D.

cat webserver.log | head -5100 | tail -500 |

Full Access
Question # 114

A security analyst reviews web server logs and finds the following string

gallerys?file—. ./../../../../. . / . ./etc/passwd

Which of the following attacks was performed against the web server?

A.

Directory traversal

B.

CSRF

C.

Pass the hash

D.

SQL injection

Full Access
Question # 115

A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator most likely use to confirm the suspicions?

A.

Nmap

B.

Wireshark

C.

Autopsy

D.

DNSEnum

Full Access
Question # 116

Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer's Pll?

A.

SCAP

B.

NetFlow

C.

Antivirus

D.

DLP

Full Access
Question # 117

A network administrator has been alerted that web pages are experiencing long load times After determining it is not a routing or DNS issue the administrator logs in to the router, runs a command, and receives the following output:

CPU 0 percent busy, from 300 sec ago

1 sec ave: 99 percent busy

5 sec ave: 97 percent busy

1 min ave: 83 percent busy

Which of the following is The router experiencing?

A.

DDoS attack

B.

Memory leak

C.

Buffer overflow

D.

Resource exhaustion

Full Access
Question # 118

Which of the following is most likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented?

A.

An RTO report

B.

A risk register

C.

A business impact analysis

D.

An asset value register

E.

A disaster recovery plan

Full Access
Question # 119

Which Of the following is a primary security concern for a setting up a BYOD program?

A.

End of life

B.

Buffer overflow

C.

VM escape

D.

Jailbreaking

Full Access
Question # 120

An attack has occurred against a company.

INSTRUCTIONS

You have been tasked to do the following:

Identify the type of attack that is occurring on the network by clicking on the attacker’s tablet and reviewing the output. (Answer Area 1).

Identify which compensating controls should be implemented on the assets, in order to reduce the effectiveness of future attacks by dragging them to the correct server.

(Answer area 2) All objects will be used, but not all placeholders may be filled. Objects may only be used once.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Select and Place:

Full Access
Question # 121

A security analyst discovers that a company's username and password database were posted on an internet forum. The usernames and passwords are stored in plaintext. Which of the following would mitigate the damage done by this type of data exfiltration in the future?

A.

Create DLP controls that prevent documents from leaving the network.

B.

Implement salting and hashing.

C.

Configure the web content filter to block access to the forum.

D.

Increase password complexity requirements.

Full Access
Question # 122

A security professional wants to enhance the protection of a critical environment that is Used to store and manage a company's encryption keys. The selected technology should be tamper resistant. Which of the following should the security professional implement to achieve the goal?

A.

DLP

B.

HSM

C.

CA

D.

FIM

Full Access
Question # 123

Which Of the following best ensures minimal downtime for organizations vÄh crit-ical computing equipment located in earthquake-prone areas?

A.

Generators and UPS

B.

Off-site replication

C.

Additional warm site

D.

Local

Full Access
Question # 124

Which of the following terms should be included in a contract to help a company monitor the ongo-ing security maturity Of a new vendor?

A.

A right-to-audit clause allowing for annual security audits

B.

Requirements for event logs to kept for a minimum of 30 days

C.

Integration of threat intelligence in the companys AV

D.

A data-breach clause requiring disclosure of significant data loss

Full Access
Question # 125

Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).

A.

Alarm

B.

Signage

C.

Lighting

D.

Access control vestibules

E.

Fencing

F.

Sensors

Full Access
Question # 126

A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

A.

Testing input validation on the user input fields

B.

Performing code signing on company-developed software

C.

Performing static code analysis on the software

D.

Ensuring secure cookies are used

Full Access
Question # 127

An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Select two).

A.

Application

B.

Authentication

C.

Error

D.

Network

E.

Firewall

F.

System

Full Access
Question # 128

A newly purchased corporate WAP needs to be configured in the MOST secure manner possible.

INSTRUCTIONS

Please click on the below items on the network diagram and configure them accordingly:

  • WAP
  • DHCP Server
  • AAA Server
  • Wireless Controller
  • LDAP Server

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Full Access
Question # 129

A company needs to centralize its logs to create a baseline and have visibility on its security events Which of the following technologies will accomplish this objective?

A.

Security information and event management

B.

A web application firewall

C.

A vulnerability scanner

D.

A next-generation firewall

Full Access
Question # 130

Which of the following threat actors is most likely to be motivated by ideology?

A.

Business competitor

B.

Hacktivist

C.

Criminal syndicate

D.

Script kiddie

E.

Disgruntled employee

Full Access
Question # 131

A technician is setting up a new firewall on a network segment to allow web traffic to the internet while hardening the network. After the firewall is configured, users receive errors stating the website could not be located. Which of the following would best correct the issue?

A.

Setting an explicit deny to all traffic using port 80 instead of 443

B.

Moving the implicit deny from the bottom of the rule set to the top

C.

Configuring the first line in the rule set to allow all traffic

D.

Ensuring that port 53 has been explicitly allowed in the rule set

Full Access
Question # 132

A network manager is concerned that business may be negatively impacted if the firewall in its data center goes offline. The manager would like to implement a high availability pair to:

A.

decrease the mean time between failures.

B.

remove the single point of failure.

C.

cut down the mean time to repair

D.

reduce the recovery time objective

Full Access
Question # 133

Which of the following cloud models provides clients with servers, storage, and networks but nothing else?

A.

SaaS

B.

PaaS

C.

laaS

D.

DaaS

Full Access
Question # 134

An organization is repairing damage after an incident. Which Of the following controls is being implemented?

A.

Detective

B.

Preventive

C.

Corrective

D.

Compensating

Full Access
Question # 135

A company wants the ability to restrict web access and monitor the websites that employees visit, Which Of the following would best meet these requirements?

A.

Internet Proxy

B.

VPN

C.

WAF

D.

Firewall

Full Access
Question # 136

You are security administrator investigating a potential infection on a network.

Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.

Full Access
Question # 137

An organization's corporate offices were destroyed due to a natural disaster, so the organization is now setting up offices in a temporary work space. Which of the following will the organization most likely consult?

A.

The business continuity plan

B.

The risk management plan

C.

The communication plan

D.

The incident response plan

Full Access
Question # 138

A security architect is designing a remote access solution for a business partner. The business partner needs to access one Linux server at the company. The business partner wants to avid managing a password for authentication and additional software installation. Which of the following should the architect recommend?

A.

Soft token

B.

Smart card

C.

CSR

D.

SSH key

Full Access
Question # 139

A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company information on user devices. Which of the following solutions would best support the policy?

A.

Mobile device management

B.

Full device encryption

C.

Remote wipe

D.

Biometrics

Full Access
Question # 140

During a recent security assessment, a vulnerability was found in a common OS. The OS vendor was unaware of the issue and promised to release a patch within the next quarter. Which of the following best describes this type of vulnerability?

A.

Legacy operating system

B.

Weak configuration

C.

Zero day

D.

Supply chain

Full Access
Question # 141

A user enters a password to log in to a workstation and is then prompted to enter an authentication code Which of the following MFA factors or attributes are being utilized in the authentication process? {Select two).

A.

Something you know

B.

Something you have

C.

Somewhere you are

D.

Someone you know

E.

Something you are

F.

Something you can do

Full Access
Question # 142

A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly Which of the following technologies should the IT manager use when implementing MFA?

A.

One-time passwords

B.

Email tokens

C.

Push notifications

D.

Hardware authentication

Full Access
Question # 143

A user downloaded an extension for a browser, and the user's device later became infected. The analyst who Is Investigating the Incident saw various logs where the attacker was hiding activity by deleting data. The following was observed running:

New-Partition -DiskNumber 2 -UseMaximumSize -AssignDriveLetter C| Format-Volume -Driveletter C - FileSystemLabel "New"-FileSystem NTFS - Full -Force -Confirm:$false

Which of the following is the malware using to execute the attack?

A.

PowerShell

B.

Python

C.

Bash

D.

Macros

Full Access
Question # 144

Which of the following is constantly scanned by internet bots and has the highest risk of attack in the case of the default configurations?

A.

Wearable sensors

B.

Raspberry Pi

C.

Surveillance systems

D.

Real-time operating systems

Full Access
Question # 145

An organization is repairing the damage after an incident. Which of the following controls is being implemented?

A.

Detective

B.

Preventive

C.

Corrective

D.

Compensating

Full Access
Question # 146

An administrator is configuring a firewall rule set for a subnet to only access DHCP, web pages, and SFTP, and to specifically block FTP. Which of the following would BEST accomplish this goal?

A.

[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Allow: Any Any 67 -Allow: Any Any 68 -Allow: Any Any 22 -Deny: Any Any 21 -Deny: Any Any

B.

[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Allow: Any Any 67 -Allow: Any Any 68 -Deny: Any Any 22 -Allow: Any Any 21 -Deny: Any Any

C.

[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Allow: Any Any 22 -Deny: Any Any 67 -Deny: Any Any 68 -Deny: Any Any 21 -Allow: Any Any

D.

[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Deny: Any Any 67 -Allow: Any Any 68 -Allow: Any Any 22 -Allow: Any Any 21 -Allow: Any Any

Full Access
Question # 147

A cyber security administrator is using iptables as an enterprise firewall. The administrator created some rules, but the network now seems to be unresponsive. All connections are being dropped by the firewall Which of the following would be the best option to remove the rules?

A.

# iptables -t mangle -X

B.

# iptables -F

C.

# iptables -2

D.

# iptables -P INPUT -j DROP

Full Access
Question # 148

Which of the following supplies non-repudiation during a forensics investigation?

A.

Dumping volatile memory contents first

B.

Duplicating a drive with dd

C.

Using a SHA-2 signature of a drive image

D.

Logging everyone in contact with evidence

E.

Encrypting sensitive data

Full Access
Question # 149

Cloud security engineers are planning to allow and deny access to specific features in order to in-crease data security. Which of the following cloud features is the most appropriate to ensure ac-cess is granted properly?

A.

API integrations

B.

Auditing

C.

Resource policies

D.

Virtual networks

Full Access
Question # 150

A security administrator needs to inspect in-transit files on the enterprise network to search for PI I credit card data, and classification words Which of the following would be the best to use?

A.

IDS solution

B.

EDR solution

C.

HIPS software solution

D.

Network DLP solution

Full Access
Question # 151

Which of the following would help ensure a security analyst is able to accurately measure the overall risk to an organization when a new vulnerability is disclosed?

A.

A full inventory of all hardware and software

B.

Documentation of system classifications

C.

A list of system owners and their departments

D.

Third-party risk assessment documentation

Full Access
Question # 152

A security analyst receives an alert from the company's S1EM that anomalous activity is coming from a local source IP address of 192 168 34.26 The Chief Information Security Officer asks the analyst to block the originating source Several days later another employee opens an internal ticket stating that vulnerability scans are no longer being performed property. The IP address the employee provides is 192 168.34 26. Which of the following describes this type of alert?

A.

True positive

B.

True negative

C.

False positive

D.

False negative

Full Access
Question # 153

A security analyst discovers that one of the web APIs is being abused by an unknown third party. Logs indicate that the third party is attempting to manipulate the parameters being passed to the API endpoint. Which of the following solutions would best help to protect against the attack?

A.

DLP

B.

SIEM

C.

NIDS

D.

WAF

Full Access
Question # 154

An audit identified Pll being utilized in the development environment of a crit-ical application. The Chief Privacy Officer (CPO) is adamant that this data must be removed: however, the developers are concerned that without real data they cannot perform functionality tests and search for specific data. Which of the following should a security professional implement to best satisfy both the CPOs and the development team's requirements?

A.

Data purge

B.

Data encryption

C.

Data masking

D.

Data tokenization

Full Access
Question # 155

Which of the following best reduces the security risks introduced when running systems that have expired vendor support and lack an immediate replacement?

A.

Implement proper network access restrictions.

B.

Initiate a bug bounty program.

C.

Classify the system as shadow IT.

D.

Increase the frequency of vulnerability scans.

Full Access
Question # 156

Law enforcement officials sent a company a notification that states electronically stored information and paper documents cannot be destroyed. Which of the following explains this process?

A.

Data breach notification

B.

Accountability

C.

Legal hold

D.

Chain of custody

Full Access
Question # 157

Security analysts notice a server login from a user who has been on vacation for two weeks, The an-alysts confirm that the user did not log in to the system while on vacation After reviewing packet capture the analysts notice the following:

Which of the following occurred?

A.

A buffer overflow was exploited to gain unauthorized access.

B.

The user's account was con-promised, and an attacker changed the login credentials.

C.

An attacker used a pass-the-hash attack to gain access.

D.

An insider threat with username logged in to the account.

Full Access
Question # 158

An organization has hired a security analyst to perform a penetration test The analyst captures 1Gb worth of inbound network traffic to the server and transfers the pcap back to the machine for

analysis. Which of the following tools should the analyst use to further review the pcap?

A.

Nmap

B.

CURL

C.

Neat

D.

Wireshark

Full Access
Question # 159

A company is auditing the manner in which its European customers’ personal information is handled. Which of the following should the company consult?

A.

GDPR

B.

ISO

C.

NIST

D.

PCI DSS

Full Access
Question # 160

A company recently experienced a significant data loss when proprietary information was leaked to a competitor. The company took special precautions by using proper labels; however, email filter logs do not have any record of the incident. An investigation confirmed the corporate network was not breached, but documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage. Which of the following is the best mitigation strategy to prevent this from happening in the future?

A.

User training

B.

CAsB

C.

MDM

D.

EDR

Full Access
Question # 161

Which of the following should a technician consider when selecting an encryption method for data that needs to remain confidential for a specific length of time?

A.

The key length of the encryption algorithm

B.

The encryption algorithm's longevity

C.

A method of introducing entropy into key calculations

D.

The computational overhead of calculating the encryption key

Full Access
Question # 162

A security engineer is hardening existing solutions to reduce application vulnerabilities. Which of the following solutions should the engineer implement FIRST? (Select TWO)

A.

Auto-update

B.

HTTP headers

C.

Secure cookies

D.

Third-party updates

E.

Full disk encryption

F.

Sandboxing

G.

Hardware encryption

Full Access
Question # 163

Which of the technologies is used to actively monitor for specific file types being transmitted on the network?

A.

File integrity monitoring

B.

Honeynets

C.

Tcpreplay

D.

Data loss prevention

Full Access
Question # 164

The SIEM at an organization has detected suspicious traffic coming a workstation in its internal network. An analyst in the SOC the workstation and discovers malware that is associated with a botnet is installed on the device A review of the logs on the workstation reveals that the privileges of the local account were escalated to a local administrator. To which of the following groups should the analyst report this real-world event?

A.

The NOC team

B.

The vulnerability management team

C.

The CIRT

D.

The read team

Full Access
Question # 165

A major clothing company recently lost a large amount of proprietary information. The security officer must find a solution to ensure this never happens again.

Which of the following is the BEST technical implementation to prevent this from happening again?

A.

Configure DLP solutions

B.

Disable peer-to-peer sharing

C.

Enable role-based

D.

Mandate job rotation

E.

Implement content filters

Full Access
Question # 166

A security researcher is tracking an adversary by noting its attacks and techniques based on its capabilities, infrastructure, and victims. Which of the following is the researcher MOST likely using?

A.

The Diamond Model of Intrusion Analysis

B.

The Cyber Kill Chain

C.

The MITRE CVE database

D.

The incident response process

Full Access
Question # 167

Which of the following controls would be the MOST cost-effective and time-efficient to deter intrusions at the perimeter of a restricted, remote military training area?

(Select TWO).

A.

Barricades

B.

Thermal sensors

C.

Drones

D.

Signage

E.

Motion sensors

F.

Guards

G.

Bollards

Full Access
Question # 168

After segmenting the network, the network manager wants to control the traffic between the segments. Which of the following should the manager use to control the network traffic?

A.

A DMZ

B.

A VPN a

C.

A VLAN

D.

An ACL

Full Access
Question # 169

An organization wants seamless authentication to its applications. Which of the following should the organization employ to meet this requirement?

A.

SOAP

B.

SAML

C.

SSO

D.

Kerberos

Full Access
Question # 170

A security researcher has alerted an organization that its sensitive user data was found for sale on a website. Which of the following should the organization use to inform the affected parties?

A.

An incident response plan

B.

A communications plan

C.

A business continuity plan

D.

A disaster recovery plan

Full Access
Question # 171

Which of the following biometric authentication methods is the MOST accurate?

A.

Gait

B.

Retina

C.

Signature

D.

Voice

Full Access
Question # 172

An organization wants to integrate its incident response processes into a workflow with automated decision points and actions based on predefined playbooks. Which of the following should the organization implement?

A.

SIEM

B.

SOAR

C.

EDR

D.

CASB

Full Access
Question # 173

A systems analyst determines the source of a high number of connections to a web server that were initiated by ten different IP addresses that belong to a network block in a specific country. Which of the following techniques will the systems analyst MOST likely implement to address this issue?

A.

Content filter

B.

SIEM

C.

Firewall rules

D.

DLP

Full Access
Question # 174

The Chief Executive Officer announced a new partnership with a strategic vendor and asked the Chief Information Security Officer to federate user digital identities using SAML-based protocols. Which of the following will this enable?

A.

SSO

B.

MFA

C.

PKI

D.

OLP

Full Access
Question # 175

A network engineer and a security engineer are discussing ways to monitor network operations. Which of the following is the BEST method?

A.

Disable Telnet and force SSH.

B.

Establish a continuous ping.

C.

Utilize an agentless monitor

D.

Enable SNMPv3 With passwords.

Full Access
Question # 176

A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?

A.

Default system configuration

B.

Unsecure protocols

C.

Lack of vendor support

D.

Weak encryption

Full Access
Question # 177

An organization is moving away from the use of client-side and server-side certificates for EAR The company would like for the new EAP solution to have the ability to detect rogue access points. Which of the following would accomplish these requirements?

A.

PEAP

B.

EAP-FAST

C.

EAP-TLS

D.

EAP-TTLS

Full Access
Question # 178

The Chief Information Security Officer (CISO) has decided to reorganize security staff to concentrate on incident response and to outsource outbound Internet URL categorization and filtering to an outside company. Additionally, the CISO would like this solution to provide the same protections even when a company laptop or mobile device is away from a home office. Which of the following should the CISO choose?

A.

CASB

B.

Next-generation SWG

C.

NGFW

D.

Web-application firewall

Full Access
Question # 179

A customer has reported that an organization's website displayed an image of a smiley (ace rather than the expected web page for a short time two days earlier. A security analyst reviews log tries and sees the following around the lime of the incident:

Which of the following is MOST likely occurring?

A.

Invalid trust chain

B.

Domain hijacking

C.

DNS poisoning

D.

URL redirection

Full Access
Question # 180

A network analyst is setting up a wireless access point for a home office in a remote, rural location. The requirement is that users need to connect to the access point securely but do not want to have to remember passwords Which of the following should the network analyst enable to meet the requirement?

A.

MAC address filtering

B.

802.1X

C.

Captive portal

D.

WPS

Full Access