Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: myex65

Home > CompTIA > CompTIA Security+ > SY0-701

SY0-701 CompTIA Security+ Exam 2025 Question and Answers

Question # 4

The Chief Information Security Officer (CISO) at a large company would like to gain an understanding of how the company's security policies compare to the requirements imposed by external regulators. Which of the following should the CISO use?

A.

Penetration test

B.

Internal audit

C.

Attestation

D.

External examination

Full Access
Question # 5

Which of the following vulnerabilities is associated with installing software outside of a manufacturer’s approved software repository?

A.

Jailbreaking

B.

Memory injection

C.

Resource reuse

D.

Side loading

Full Access
Question # 6

Which of the following are the best security controls for controlling on-premises access? (Select two.)

A.

Swipe card

B.

Picture ID

C.

Phone authentication application

D.

Biometric scanner

E.

Camera

F.

Memorable

Full Access
Question # 7

A user would like to install software and features that are not available with a smartphone's default software. Which of the following would allow the user to install unauthorized software and enable new features?

A.

SOU

B.

Cross-site scripting

C.

Jailbreaking

D.

Side loading

Full Access
Question # 8

A Chief Information Security Officer would like to conduct frequent, detailed reviews of systems and procedures to track compliance objectives. Which of the following is the best method to achieve this objective?

A.

Third-party attestation

B.

Penetration testing

C.

Internal auditing

D.

Vulnerability scans

Full Access
Question # 9

Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?

A.

SIEM

B.

DLP

C.

IDS

D.

SNMP

Full Access
Question # 10

A company's accounts payable clerk receives a message from a vendor asking to change their bank account before paying an invoice. The clerk makes the change and sends the payment to the new account. Days later, the clerk receives another message from the same vendor with a request for a missing payment to the original bank account. Which of the following has most likely occurred?

A.

Phishing campaign

B.

Data exfiltration

C.

Pretext calling

D.

Business email compromise

Full Access
Question # 11

Which of the following allows for the attribution of messages to individuals?

A.

Adaptive identity

B.

Non-repudiation

C.

Authentication

D.

Access logs

Full Access
Question # 12

Which of the following should a security operations center use to improve its incident response procedure?

A.

Playbooks

B.

Frameworks

C.

Baselines

D.

Benchmarks

Full Access
Question # 13

Which of the following involves an attempt to take advantage of database misconfigurations?

A.

Buffer overflow

B.

SQL injection

C.

VM escape

D.

Memory injection

Full Access
Question # 14

Which of the following is required for an organization to properly manage its restore process in the event of system failure?

A.

IRP

B.

DRP

C.

RPO

D.

SDLC

Full Access
Question # 15

A company is concerned with supply chain compromise of new servers and wants to limit this risk. Which of the following should the company review first?

A.

Sanitization procedure

B.

Acquisition process

C.

Change management

D.

Asset tracking

Full Access
Question # 16

Which of the following scenarios describes a possible business email compromise attack?

A.

An employee receives a gift card request in an email that has an executive's name in the display field of the email.

B.

Employees who open an email attachment receive messages demanding payment in order to access files.

C.

A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.

D.

An employee receives an email with a link to a phishing site that is designed to look like the company's email portal.

Full Access
Question # 17

A network administrator wants to ensure that network traffic is highly secure while in transit. Which of the following actions best describes the actions the network administrator should take?

A.

Ensure that NAC is enforced on all network segments, and confirm that firewalls have updated policies to block unauthorized traffic.

B.

Ensure only TLS and other encrypted protocols are selected for use on the network, and only permit authorized traffic via secure protocols.

C.

Configure the perimeter IPS to block inbound HTTPS directory traversal traffic, and verify that signatures are updated on a daily basis.

D.

Ensure the EDR software monitors for unauthorized applications that could be used by threat actors, and configure alerts for the security team.

Full Access
Question # 18

Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?

A.

Automation

B.

Compliance checklist

C.

Attestation

D.

Manual audit

Full Access
Question # 19

A company has yearly engagements with a service provider. The general terms and conditions are the same for all engagements. The company wants to simplify the process and revisit the general terms every three years. Which of the following documents would provide the best way to set the general terms?

A.

MSA

B.

NDA

C.

MOU

D.

SLA

Full Access
Question # 20

Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?

A.

Mitigate

B.

Accept

C.

Transfer

D.

Avoid

Full Access
Question # 21

During a recent log review, an analyst discovers evidence of successful injection attacks. Which of the following will best address this issue?

A.

Authentication

B.

Secure cookies

C.

Static code analysis

D.

Input validation

Full Access
Question # 22

An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?

A.

Exception

B.

Segmentation

C.

Risk transfer

D.

Compensating controls

Full Access
Question # 23

A security analyst developed a script to automate a trivial and repeatable task. Which of the following best describes the benefits of ensuring other team members understand how the script works?

A.

To reduce implementation cost

B.

To identify complexity

C.

To remediate technical debt

D.

To prevent a single point of failure

Full Access
Question # 24

An administrator wants to perform a risk assessment without using proprietary company information. Which of the following methods should the administrator use to gather information?

A.

Network scanning

B.

Penetration testing

C.

Open-source intelligence

D.

Configuration auditing

Full Access
Question # 25

Which of the following security measures is required when using a cloud-based platform for loT management?

A.

Encrypted connection

B.

Federated identity

C.

Firewall

D.

Single sign-on

Full Access
Question # 26

An engineer has ensured that the switches are using the latest OS, the servers have the latest patches, and the endpoints' definitions are up to date. Which of the following will these actions most effectively prevent?

A.

Zero-day attacks

B.

Insider threats

C.

End-of-life support

D.

Known exploits

Full Access
Question # 27

A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?

A.

Cross-site scripting

B.

Buffer overflow

C.

Jailbreaking

D.

Side loading

Full Access
Question # 28

An engineer moved to another team and is unable to access the new team's shared folders while still being able to access the shared folders from the former team. After opening a ticket, the engineer discovers that the account was never moved to the new group. Which of the following access controls is most likely causing the lack of access? 1  

A.

Role-based

B.

Discretionary

C.

Time of day

D.

Least privilege

Full Access
Question # 29

A security engineer is working to address the growing risks that shadow IT services are introducing to the organization. The organization has taken a cloud-first approach end does not have an on-premises IT infrastructure. Which of the following would best secure the organization?

A.

Upgrading to a next-generation firewall

B.

Deploying an appropriate in-line CASB solution

C.

Conducting user training on software policies

D.

Configuring double key encryption in SaaS platforms

Full Access
Question # 30

As part of new compliance audit requirements, multiple servers need to be segmented on different networks and should be reachable only from authorized internal systems. Which of the following would meet the requirements?

A.

Configure firewall rules to block external access to Internal resources.

B.

Set up a WAP to allow internal access from public networks.

C.

Implement a new IPSec tunnel from internal resources.

D.

Deploy an Internal Jump server to access resources.

Full Access
Question # 31

Which of the following is a common data removal option for companies that want to wipe sensitive data from hard drives in a repeatable manner but allow the hard drives to be reused?

A.

Sanitization

B.

Formatting

C.

Degaussing

D.

Defragmentation

Full Access
Question # 32

Which of the following would a systems administrator follow when upgrading the firmware of an organization's router?

A.

Software development life cycle

B.

Risk tolerance

C.

Certificate signing request

D.

Maintenance window

Full Access
Question # 33

An administrator has configured a quarantine subnet for all guest devices that connect to the network. Which of the following would be best for the security team to configure on the MDM before allowing access to corporate resources?

A.

Device fingerprinting

B.

Compliance attestation

C.

NAC

D.

802.1X

Full Access
Question # 34

A security analyst locates a potentially malicious video file on a server and needs to identify both the creation date and the file's creator. Which of the following actions would most likely give the security analyst the information required?

A.

Obtain the file's SHA-256 hash.

B.

Use hexdump on the file's contents.

C.

Check endpoint logs.

D.

Query the file's metadata.

Full Access
Question # 35

Which of the following would be the best solution to deploy a low-cost standby site that includes hardware and internet access?

A.

Recovery site

B.

Cold site

C.

Hot site

D.

Warm site

Full Access
Question # 36

Which of the following is a reason why a forensic specialist would create a plan to preserve data after an modem and prioritize the sequence for performing forensic analysis?

A.

Order of volatility

B.

Preservation of event logs

C.

Chain of custody

D.

Compliance with legal hold

Full Access
Question # 37

A company is in the process of migrating to cloud-based services. The company's IT department has limited resources for migration and ongoing support. Which of the following best meets the company's needs?

A.

IPS

B.

WAF

C.

SASE

D.

IAM

Full Access
Question # 38

A hacker gained access to a system via a phishing attempt that was a direct result of a user clicking a suspicious link. The link laterally deployed ransomware, which laid dormant for multiple weeks, across the network. Which of the following would have mitigated the spread?

A.

IPS

B.

IDS

C.

WAF

D.

UAT

Full Access
Question # 39

A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do?

A.

Place posters around the office to raise awareness of common phishing activities.

B.

Implement email security filters to prevent phishing emails from being delivered

C.

Update the EDR policies to block automatic execution of downloaded programs.

D.

Create additional training for users to recognize the signs of phishing attempts.

Full Access
Question # 40

A security administrator observed the following in a web server log while investigating an incident:

Which of the following attacks did the security administrator most likely see?

A.

Privilege escalation

B.

Credential replay

C.

Brute force

D.

Directory traversal

Full Access
Question # 41

A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks.

SIEM alerts have not yet been configured. Which of the following best describes what the security analyst should do to identify this behavior?

A.

[Digital forensics

B.

E-discovery

C.

Incident response

D.

Threat hunting

Full Access
Question # 42

Which of the following architectures is most suitable to provide redundancy for critical business processes?

A.

Network-enabled

B.

Server-side

C.

Cloud-native

D.

Multitenant

Full Access
Question # 43

A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops No known Indicators of compromise have been found on the network. Which of the following should the team do first to secure the environment?

A.

Contain the Impacted hosts

B.

Add the malware to the application blocklist.

C.

Segment the core database server.

D.

Implement firewall rules to block outbound beaconing

Full Access
Question # 44

Which of the following is prevented by proper data sanitization?

A.

Hackers' ability to obtain data from used hard drives

B.

Devices reaching end-of-life and losing support

C.

Disclosure of sensitive data through incorrect classification

D.

Incorrect inventory data leading to a laptop shortage

Full Access
Question # 45

An enterprise security team is researching a new security architecture to better protect the company's networks and applications against the latest cyberthreats. The company has a fully remote workforce. The solution should be highly redundant and enable users to connect to a VPN with an integrated, software-based firewall. Which of the following solutions meets these requirements?

A.

IPS

B.

SIEM

C.

SASE

D.

CASB

Full Access
Question # 46

Executives at a company are concerned about employees accessing systems and information about sensitive company projects unrelated to the employees' normal job duties. Which of the following enterprise security capabilities will the security team most likely deploy to detect that activity?

A.

UBA

B.

EDR

C.

NAC

D.

DLP

Full Access
Question # 47

Which of the following techniques would attract the attention of a malicious attacker in an insider threat scenario?

A.

Creating a false text file in /docs/salaries

B.

Setting weak passwords in /etc/shadow

C.

Scheduling vulnerable jobs in /etc/crontab

D.

Adding a fake account to /etc/passwd

Full Access
Question # 48

A security analyst wants to automate a task that shares data between systems. Which of the following is the best option for the analyst to use?

A.

SOAR

B.

API

C.

SFTP

D.

RDP

Full Access
Question # 49

Which of the following is a reason environmental variables are a concern when reviewing potential system vulnerabilities?

A.

The contents of environmental variables could affect the scope and impact of an exploited vulnerability.

B.

In-memory environmental variable values can be overwritten and used by attackers to insert malicious code.

C.

Environmental variables define cryptographic standards for the system and could create vulnerabilities if deprecated algorithms are used.

D.

Environmental variables will determine when updates are run and could mitigate the likelihood of vulnerability exploitation.

Full Access
Question # 50

Which of the following is die most important security concern when using legacy systems to provide production service?

A.

Instability

B.

Lack of vendor support

C.

Loss of availability

D.

Use of insecure protocols

Full Access
Question # 51

An organization would like to calculate the time needed to resolve a hardware issue with a server. Which of the following risk management processes describes this example?

A.

Recovery point objective

B.

Mean time between failures

C.

Recovery time objective

D.

Mean time to repair  

Full Access
Question # 52

A company is expanding its threat surface program and allowing individuals to security test the company’s internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?

A.

Open-source intelligence

B.

Bug bounty

C.

Red team

D.

Penetration testing

Full Access
Question # 53

Which of the following is used to add extra complexity before using a one-way data transformation algorithm?

A.

Key stretching

B.

Data masking

C.

Steganography

D.

Salting

Full Access
Question # 54

Which of the following is the most common data loss path for an air-gapped network?

A.

Bastion host

B.

Unsecured Bluetooth

C.

Unpatched OS

D.

Removable devices

Full Access
Question # 55

Which of the following explains why an attacker cannot easily decrypt passwords using a rainbow table attack?

A.

Digital signatures

B.

Salting

C.

Hashing

D.

Perfect forward secrecy

Full Access
Question # 56

An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?

A.

Hardening

B.

Employee monitoring

C.

Configuration enforcement

D.

Least privilege

Full Access
Question # 57

Which of the following documents details how to accomplish a technical security task?

A.

Standard

B.

Policy

C.

Guideline

D.

Procedure

Full Access
Question # 58

A security analyst has determined that a security breach would have a financial impact of $15,000 and is expected to occur twice within a three-year period. Which of the following is the ALE for this risk?

A.

$7,500

B.

$10,000

C.

$15,000

D.

$30,000

Full Access
Question # 59

During a SQL update of a database, a temporary field that was created was replaced by an attacker in order to allow access to the system. Which of the following best describes this type of vulnerability?

A.

Race condition

B.

Memory injection

C.

Malicious update

D.

Side loading

Full Access
Question # 60

A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks.

Which of the following analysis elements did the company most likely use in making this decision?

A.

IMTTR

B.

RTO

C.

ARO

D.

MTBF

Full Access
Question # 61

Which of the following is a type of vulnerability that refers to the unauthorized installation of applications on a device through means other than the official application store?

A.

Cross-site scripting

B.

Buffer overflow

C.

Jailbreaking

D.

Side loading

Full Access
Question # 62

An organization would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network. Which of the following should the administrator use to accomplish this goal?

A.

Segmentation

B.

Isolation

C.

Patching

D.

Encryption

Full Access
Question # 63

Which of the following security concepts is accomplished when granting access after an individual has logged into a computer network?

A.

Authorization

B.

Identification

C.

Non-repudiation

D.

Authentication

Full Access
Question # 64

For which of the following reasons would a systems administrator leverage a 3DES hash from an installer file that is posted on a vendor's website?

A.

To test the integrity of the file

B.

To validate the authenticity of the file

C.

To activate the license for the file

D.

To calculate the checksum of the file

Full Access
Question # 65

A group of developers has a shared backup account to access the source code repository. Which of the following is the best way to secure the backup account if there is an SSO failure?

A.

RAS

B.

EAP

C.

SAML

D.

PAM

Full Access
Question # 66

After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?

A.

Insider threat

B.

Email phishing

C.

Social engineering

D.

Executive whaling

Full Access
Question # 67

An organization maintains intellectual property that it wants to protect. Which of the following concepts would be most beneficial to add to the company's security awareness training program?

A.

Insider threat detection

B.

Simulated threats

C.

Phishing awareness

D.

Business continuity planning

Full Access
Question # 68

Which of the following is a feature of a next-generation SIEM system?

A.

Virus signatures

B.

Automated response actions

C.

Security agent deployment

D.

Vulnerability scanning

Full Access
Question # 69

Which of the following security concepts is being followed when implementing a product that offers protection against DDoS attacks?

A.

Availability

B.

Non-repudiation

C.

Integrity

D.

Confidentiality

Full Access
Question # 70

An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?

A.

Real-time recovery

B.

Hot

C.

Cold

D.

Warm

Full Access
Question # 71

Which of the following activities should a systems administrator perform to quarantine a potentially infected system?

A.

Move the device into an air-gapped environment.

B.

Disable remote log-in through Group Policy.

C.

Convert the device into a sandbox.

D.

Remote wipe the device using the MDM platform.

Full Access
Question # 72

An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC’s memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?

A.

Privilege escalation

B.

Buffer overflow

C.

SQL injection

D.

Pass-the-hash

Full Access
Question # 73

Which of the following actions would reduce the number of false positives for an analyst to manually review?

A.

Create playbooks as part of a SOAR platform

B.

Redefine the patch management process

C.

Replace an EDR tool with an XDR solution

D.

Disable AV heuristics scanning

Full Access
Question # 74

A company's website is www. Company. com Attackers purchased the domain wwww. company.com Which of the following types of attacks describes this example?

A.

Typosquatting

B.

Brand Impersonation

C.

On-path

D.

Watering-hole

Full Access
Question # 75

An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?

A.

Smishing

B.

Disinformation

C.

Impersonating

D.

Whaling

Full Access
Question # 76

A growing organization, which hosts an externally accessible application, adds multiple virtual servers to improve application performance and decrease the resource usage on individual servers Which of the following solutions is the organization most likely to employ to further increase performance and availability?

A.

Load balancer

B.

Jump server

C.

Proxy server

D.

SD-WAN

Full Access
Question # 77

A company identified the potential for malicious insiders to harm the organization. Which of the following measures should the organization implement to reduce this risk?

A.

Unified threat management

B.

Web application firewall

C.

User behavior analytics

D.

Intrusion detection system

Full Access
Question # 78

A program manager wants to ensure contract employees can only use the company’s computers Monday through Friday from 9 a.m. to 5 p.m. Which of the following would best enforce this access control?

A.

Creating a GPO for all contract employees and setting time-of-day log-in restrictions

B.

Creating a discretionary access policy and setting rule-based access for contract employees

C.

Implementing an OAuth server and then setting least privilege for contract employees

D.

Implementing SAML with federation to the contract employees' authentication server

Full Access
Question # 79

Which of the following best describes why me SMS DIP authentication method is more risky to implement than the TOTP method?

A.

The SMS OTP method requires an end user to have an active mobile telephone service and SIM card.

B.

Generally. SMS OTP codes are valid for up to 15 minutes while the TOTP time frame is 30 to 60 seconds

C.

The SMS OTP is more likely to be intercepted and lead to unauthorized disclosure of the code than the TOTP method.

D.

The algorithm used to generate on SMS OTP code is weaker than the one used to generate a TOTP code

Full Access
Question # 80

A network manager wants to protect the company's VPN by implementing multifactor authentication that uses:

. Something you know

. Something you have

. Something you are

Which of the following would accomplish the manager's goal?

A.

Domain name, PKI, GeolP lookup

B.

VPN IP address, company ID, facial structure

C.

Password, authentication token, thumbprint

D.

Company URL, TLS certificate, home address

Full Access
Question # 81

An employee used a company's billing system to issue fraudulent checks. The administrator is looking for evidence of other occurrences of this activity. Which of the following should the administrator examine?

A.

Application logs

B.

Vulnerability scanner logs

C.

IDS/IPS logs

D.

Firewall logs

Full Access
Question # 82

Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?

A.

Insider

B.

Unskilled attacker

C.

Nation-state

D.

Hacktivist

Full Access
Question # 83

Company A jointly develops a product with Company B, which is located in a different country. Company A finds out that their intellectual property is being shared with unauthorized companies. Which of the following has been breached?

A.

SLA

B.

AUP

C.

SOW

D.

MOA

Full Access
Question # 84

A company wants to reduce the time and expense associated with code deployment. Which of the following technologies should the company utilize?

A.

Serverless architecture

B.

Thin clients

C.

Private cloud

D.

Virtual machines

Full Access
Question # 85

According to various privacy rules and regulations, users have the power to request that all data pertaining to them is deleted. This is known as:

A.

Right to be forgotten

B.

Attestation and acknowledgement

C.

Data retention

D.

Information deletion

Full Access
Question # 86

Which of the following is used to validate a certificate when it is presented to a user?

A.

OCSP

B.

CSR

C.

CA

D.

CRC

Full Access
Question # 87

The security operations center is researching an event concerning a suspicious IP address A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced faded log-In attempts when authenticating from the same IP address:

Which of the following most likely describes attack that took place?

A.

Spraying

B.

Brute-force

C.

Dictionary

D.

Rainbow table

Full Access
Question # 88

Which of the following security controls are a company implementing by deploying HIPS? (Select two).

A.

Directive

B.

Preventive

C.

Physical

D.

Corrective

E.

Compensating

F.

Detective

Full Access
Question # 89

Which of the following digital forensics activities would a security team perform when responding to legal requests in a pending investigation?

A.

E-discovery

B.

User provisioning

C.

Firewall log export

D.

Root cause analysis

Full Access
Question # 90

A systems administrator is working on a solution with the following requirements:

• Provide a secure zone.

• Enforce a company-wide access control policy.

• Reduce the scope of threats.

Which of the following is the systems administrator setting up?

A.

Zero Trust

B.

AAA

C.

Non-repudiation

D.

CIA

Full Access
Question # 91

Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

A.

Compensating control

B.

Network segmentation

C.

Transfer of risk

D.

SNMP traps

Full Access
Question # 92

A company recently decided to allow employees to work remotely. The company wants to protect us data without using a VPN. Which of the following technologies should the company Implement?

A.

Secure web gateway

B.

Virtual private cloud end point

C.

Deep packet Inspection

D.

Next-gene ration firewall

Full Access
Question # 93

Which of the following is the most important element when defining effective security governance?

A.

Discovering and documenting external considerations

B.

Developing procedures for employee onboarding and offboarding

C.

Assigning roles and responsibilities for owners, controllers, and custodians

D.

Defining and monitoring change management procedures

Full Access
Question # 94

An IT administrator needs to ensure data retention standards are implemented on an enterprise application. Which of the Mowing describes the administrator's role?

A.

Processor

B.

Custodian

C.

Privacy officer

D.

Owner

Full Access
Question # 95

An organization wants a third-party vendor to do a penetration test that targets a specific device. The organization has provided basic information about the device. Which of the following best describes this kind of penetration test?

A.

Partially known environment

B.

Unknown environment

C.

Integrated

D.

Known environment

Full Access
Question # 96

Which of the following is the first step to take when creating an anomaly detection process?

A.

Selecting events

B.

Building a baseline

C.

Selecting logging options

D.

Creating an event log

Full Access
Question # 97

A security analyst is investigating a workstation that is suspected of outbound communication to a command-and-control server. During the investigation, the analyst discovered that logs on the endpoint were deleted. Which of the following logs would the analyst most likely look at next?

A.

IPS

B.

Firewall

C.

ACL

D.

Windows security

Full Access
Question # 98

During a security incident, the security operations team identified sustained network traffic from a malicious IP address:

10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization’s network. Which of the following fulfills this request?

A.

access-list inbound deny ig source 0.0.0.0/0 destination 10.1.4.9/32

B.

access-list inbound deny ig source 10.1.4.9/32 destination 0.0.0.0/0

C.

access-list inbound permit ig source 10.1.4.9/32 destination 0.0.0.0/0

D.

access-list inbound permit ig source 0.0.0.0/0 destination 10.1.4.9/32

Full Access
Question # 99

The Cruel Information Security Officer (CISO) asks a security analyst to install an OS update to a production VM that has a 99% uptime SLA. The CISO tells me analyst the installation must be done as quickly as possible. Which of the following courses of action should the security analyst take first?

A.

Log in to the server and perform a health check on the VM.

B.

Install the patch Immediately.

C.

Confirm that the backup service is running.

D.

Take a snapshot of the VM.

Full Access
Question # 100

Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company?

A.

Provisioning resources

B.

Disabling access

C.

Reviewing change approvals

D.

Escalating permission requests

Full Access
Question # 101

While investigating a recent security breach an analyst finds that an attacker gained access by SOL infection through a company website. Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?

A.

Secure cookies

B.

Input sanitization

C.

Code signing

D.

Blocklist

Full Access
Question # 102

Which of the following incident response activities ensures evidence is properly handied?

A.

E-discovery

B.

Chain of custody

C.

Legal hold

D.

Preservation

Full Access
Question # 103

An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. Which of the following types of infections is present on the systems?

A.

Virus

B.

Trojan

C.

Spyware

D.

Ransomware

Full Access
Question # 104

Which of the following best protects sensitive data in transit across a geographically dispersed Infrastructure?

A.

Encryption

B.

Masking

C.

Tokenization

D.

Obfuscation

Full Access
Question # 105

Which of the following is a type of vulnerability that may result from outdated algorithms or keys?

A.

Hash collision

B.

Cryptographic

C.

Buffer overflow

D.

Input validation

Full Access
Question # 106

A company plans to secure its systems by:

Preventing users from sending sensitive data over corporate email

Restricting access to potentially harmful websites

Which of the following features should the company set up? (Select two).

A.

DLP software

B.

DNS filtering

C.

File integrity monitoring

D.

Stateful firewall

Full Access
Question # 107

Which of the following threat actors would most likely deface the website of a high-profile music group?

A.

Unskilled attacker

B.

Organized crime

C.

Nation-state

D.

Insider threat

Full Access
Question # 108

The internal audit team determines a software application is no longer in scope for external reporting requirements. Which of the following will confirm management’s perspective that the application is no longer applicable?

A.

Data inventory and retention

B.

Right to be forgotten

C.

Due care and due diligence

D.

Acknowledgement and attestation

Full Access
Question # 109

Which of the following steps in the risk management process involves establishing the scope and potential risks involved with a project?

A.

Risk mitigation

B.

Risk identification

C.

Risk treatment

D.

Risk monitoring and review

Full Access
Question # 110

A company is aware of a given security risk related to a specific market segment. The business chooses not to accept responsibility and target their services to a different market segment. Which of the following describes this risk management strategy?

A.

Exemption

B.

Exception

C.

Avoid

D.

Transfer

Full Access
Question # 111

A company with a high-availability website is looking to harden its controls at any cost. The company wants to ensure that the site is secure by finding any possible issues. Which of the following would most likely achieve this goal?

A.

Permission restrictions

B.

Bug bounty program

C.

Vulnerability scan

D.

Reconnaissance

Full Access
Question # 112

An analyst is reviewing an incident in which a user clicked on a link in a phishing email. Which of the following log sources would the analyst utilize to determine whether the connection was successful?

A.

Network

B.

System

C.

Application

D.

Authentication

Full Access
Question # 113

Which of the following would enable a data center to remain operational through a multiday power outage?

A.

Generator

B.

Uninterruptible power supply

C.

Replication

D.

Parallel processing

Full Access
Question # 114

A security analyst scans a company's public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?

A.

Changing the remote desktop port to a non-standard number

B.

Setting up a VPN and placing the jump server inside the firewall

C.

Using a proxy for web connections from the remote desktop server

D.

Connecting the remote server to the domain and increasing the password length

Full Access
Question # 115

A systems administrator set up a perimeter firewall but continues to notice suspicious connections between internal endpoints. Which of the following should be set up in order to mitigate the threat posed by the suspicious activity?

A.

Host-based firewall

B.

Web application firewall

C.

Access control list

D.

Application allow list

Full Access
Question # 116

A company is developing a critical system for the government and storing project information on a fileshare. Which of the following describes how this data will most likely be classified? (Select two).

A.

Private

B.

Confidential

C.

Public

D.

Operational

E.

Urgent

F.

Restricted

Full Access
Question # 117

Which of the following tools is best for logging and monitoring in a cloud environment?

A.

IPS

B.

FIM

C.

NAC

D.

SIEM

Full Access
Question # 118

When trying to access an internal website, an employee reports that a prompt displays, stating that the site is insecure. Which of the following certificate types is the site most likely using?

A.

Wildcard

B.

Root of trust

C.

Third-party

D.

Self-signed

Full Access
Question # 119

Which of the following roles, according to the shared responsibility model, is responsible for securing the company’s database in an IaaS model for a cloud environment?

A.

Client

B.

Third-party vendor

C.

Cloud provider

D.

DBA

Full Access
Question # 120

Which of the following activities is included in the post-incident review phase?

A.

Determining the root cause of the incident

B.

Developing steps to mitigate the risks of the incident

C.

Validating the accuracy of the evidence collected during the investigation

D.

Reestablishing the compromised system's configuration and settings

Full Access
Question # 121

To which of the following security categories does an EDR solution belong?

A.

Physical

B.

Operational

C.

Managerial

D.

Technical

Full Access
Question # 122

The local administrator account for a company's VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have most likely prevented this from happening'?

A.

Using least privilege

B.

Changing the default password

C.

Assigning individual user IDs

D.

Reviewing logs more frequently

Full Access
Question # 123

A forensic engineer determines that the root cause of a compromise is a SQL injection attack. Which of the following should the engineer review to identify the command used by the threat actor?

A.

Metadata

B.

Application log

C.

System log

D.

Netflow log

Full Access
Question # 124

Which of the following explains how to determine the global regulations that data is subject to regardless of the country where the data is stored?

A.

Geographic dispersion

B.

Data sovereignty

C.

Geographic restrictions

D.

Data segmentation

Full Access
Question # 125

Which of the following exercises should an organization use to improve its incident response process?

A.

Tabletop

B.

Replication

C.

Failover

D.

Recovery

Full Access
Question # 126

A company is discarding a classified storage array and hires an outside vendor to complete the disposal. Which of the following should the company request from the vendor?

A.

Certification

B.

Inventory list

C.

Classification

D.

Proof of ownership

Full Access
Question # 127

A systems administrator receives an alert that a company's internal file server is very slow and is only working intermittently. The systems administrator reviews the server management software and finds the following information about the server:

Which of the following indicators most likely triggered this alert?

A.

Concurrent session usage

B.

Network saturation

C.

Account lockout

D.

Resource consumption

Full Access
Question # 128

A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?

A.

Default credentials

B.

Non-segmented network

C.

Supply chain vendor

D.

Vulnerable software

Full Access
Question # 129

An organization recently started hosting a new service that customers access through a web portal. A security engineer needs to add to the existing security devices a new solution to protect this new service. Which of the following is the engineer most likely to deploy?

A.

Layer 4 firewall

B.

NGFW

C.

WAF

D.

UTM

Full Access
Question # 130

A security analyst learns that an attack vector, used as part of a recent incident, was a well-known IoT device exploit. The analyst needs to review logs to identify the time of the initial exploit. Which of the following logs should the analyst review first?

A.

Endpoint

B.

Application

C.

Firewall

D.

NAC

Full Access
Question # 131

Which of the following consequences would a retail chain most likely face from customers in the event the retailer is non-compliant with PCI DSS?

A.

Contractual impacts

B.

Sanctions

C.

Fines

D.

Reputational damage

Full Access
Question # 132

Malware spread across a company's network after an employee visited a compromised industry blog. Which of the following best describes this type of attack?

A.

Impersonation

B.

Disinformation

C.

Watering-hole

D.

Smishing

Full Access
Question # 133

The Chief Information Officer (CIO) asked a vendor to provide documentation detailing the specific objectives within the compliance framework that the vendor's services meet. The vendor provided a report and a signed letter stating that the services meet 17 of the 21 objectives. Which of the following did the vendor provide to the CIO?

A.

Penetration test results

B.

Self-assessment findings

C.

Attestation of compliance

D.

Third-party audit report

Full Access
Question # 134

During a recent company safety stand-down, the cyber-awareness team gave a presentation on the importance of cyber hygiene. One topic the team covered was best practices for printing centers. Which of the following describes an attack method that relates to printing centers?

A.

Whaling

B.

Credential harvesting

C.

Prepending

D.

Dumpster diving

Full Access
Question # 135

A security analyst receives an alert that there was an attempt to download known malware. Which of the following actions would allow the best chance to analyze the malware?

A.

Review the IPS logs and determine which command-and-control IPs were blocked.

B.

Analyze application logs to see how the malware attempted to maintain persistence.

C.

Run vulnerability scans to check for systems and applications that are vulnerable to the malware.

D.

Obtain and execute the malware in a sandbox environment and perform packet captures.

Full Access
Question # 136

Which of the following is an example of a data protection strategy that uses tokenization?

A.

Encrypting databases containing sensitive data

B.

Replacing sensitive data with surrogate values

C.

Removing sensitive data from production systems

D.

Hashing sensitive data in critical systems

Full Access
Question # 137

A systems administrator wants to prevent users from being able to access data based on their responsibilities. The administrator also wants to apply the required access structure via a simplified format. Which of the following should the administrator apply to the site recovery resource group?

A.

RBAC

B.

ACL

C.

SAML

D.

GPO

Full Access
Question # 138

A business received a small grant to migrate its infrastructure to an off-premises solution. Which of the following should be considered first?

A.

Security of cloud providers

B.

Cost of implementation

C.

Ability of engineers

D.

Security of architecture

Full Access
Question # 139

Which of the following practices would be best to prevent an insider from introducing malicious code into a company's development process?

A.

Code scanning for vulnerabilities

B.

Open-source component usage

C.

Quality assurance testing

D.

Peer review and approval

Full Access
Question # 140

An administrator is Investigating an incident and discovers several users’ computers were Infected with malware after viewing files mat were shared with them. The administrator discovers no degraded performance in the infected machines and an examination of the log files does not show excessive failed logins. Which of the following attacks Is most likely the cause of the malware?

A.

Malicious flash drive

B.

Remote access Trojan

C.

Brute-forced password

D.

Cryptojacking

Full Access
Question # 141

A systems administrator creates a script that validates OS version, patch levels, and installed applications when users log in. Which of the following examples best describes the purpose of this script?

A.

Resource scaling

B.

Policy enumeration

C.

Baseline enforcement

D.

Guardrails implementation

Full Access
Question # 142

Which of the following would help ensure a security analyst is able to accurately measure the overall risk to an organization when a new vulnerability is disclosed?

A.

A full inventory of all hardware and software

B.

Documentation of system classifications

C.

A list of system owners and their departments

D.

Third-party risk assessment documentation

Full Access
Question # 143

A company is utilizing an offshore team to help support the finance department. The company wants to keep the data secure by keeping it on a company device but does not want to provide equipment to the offshore team. Which of the following should the company implement to meet this requirement?

A.

VDI

B.

MDM

C.

VPN

D.

VPC

Full Access
Question # 144

Which of the following would be the greatest concern for a company that is aware of the consequences of non-compliance with government regulations?

A.

Right to be forgotten

B.

Sanctions

C.

External compliance reporting

D.

Attestation

Full Access
Question # 145

Which of the following should an organization focus on the most when making decisions about vulnerability prioritization?

A.

Exposure factor

B.

CVSS

C.

CVE

D.

Industry impact

Full Access
Question # 146

Which of the following makes Infrastructure as Code (IaC) a preferred security architecture over traditional infrastructure models?

A.

Common attacks are less likely to be effective.

B.

Configuration can be better managed and replicated.

C.

Outsourcing to a third party with more expertise in network defense is possible.

D.

Optimization can occur across a number of computing instances.

Full Access
Question # 147

A penetration tester begins an engagement by performing port and service scans against the client environment according to the rules of engagement. Which of the following reconnaissance types is the tester performing?

A.

Active

B.

Passive

C.

Defensive

D.

Offensive

Full Access
Question # 148

An organization issued new laptops to all employees and wants to provide web filtering both in and out of the office without configuring additional access to the network. Which of the following types of web filtering should a systems administrator configure?

A.

Agent-based

B.

Centralized proxy

C.

URL scanning

D.

Content categorization

Full Access
Question # 149

Which of the following best represents an application that does not have an on-premises requirement and is accessible from anywhere?

A.

Pass

B.

Hybrid cloud

C.

Private cloud

D.

IaaS

E.

SaaS

Full Access
Question # 150

A penetration test has demonstrated that domain administrator accounts were vulnerable to pass-the-hash attacks. Which of the following would have been the best strategy to prevent the threat actor from using domain administrator accounts?

A.

Audit each domain administrator account weekly for password compliance.

B.

Implement a privileged access management solution.

C.

Create IDS policies to monitor domain controller access.

D.

Use Group Policy to enforce password expiration.

Full Access
Question # 151

Which of the following cryptographic solutions protects data at rest?

A.

Digital signatures

B.

Full disk encryption

C.

Private key

D.

Steganography

Full Access
Question # 152

A company plans to secure its systems by:

Preventing users from sending sensitive data over corporate email

Restricting access to potentially harmful websites

Which of the following features should the company set up? (Select two).

A.

DLP software

B.

DNS filtering

C.

File integrity monitoring

D.

Stateful firewall

E.

Guardralls

F.

Antivirus signatures

Full Access
Question # 153

The executive management team is mandating the company develop a disaster recovery plan. The cost must be kept to a minimum, and the money to fund additional internet connections is not available. Which of the following would be the best option?

A.

Hot site

B.

Cold site

C.

Failover site

D.

Warm site

Full Access
Question # 154

Which of the following can best protect against an employee inadvertently installing malware on a company system?

A.

Host-based firewall

B.

System isolation

C.

Least privilege

D.

Application allow list

Full Access
Question # 155

Which of the following is the most likely motivation for a hacktivist?

A.

Financial gain

B.

Service disruption

C.

Philosophical beliefs

D.

Corporate espionage

Full Access
Question # 156

A security administrator recently reset local passwords and the following values were recorded in the system:

Which of the following in the security administrator most likely protecting against?

A.

Account sharing

B.

Weak password complexity

C.

Pass-the-hash attacks

D.

Password compromise

Full Access
Question # 157

An organization wants to improve the company's security authentication method for remote employees. Given the following requirements:

• Must work across SaaS and internal network applications

• Must be device manufacturer agnostic

• Must have offline capabilities

Which of the following would be the most appropriate authentication method?

A.

Username and password

B.

Biometrics

C.

SMS verification

D.

Time-based tokens

Full Access
Question # 158

A systems administrate wants to implement a backup solution. the solution needs to allow recovery of the entire system, including the operating system, in case of a disaster. Which of the following backup types should the administrator consider?

A.

Incremental

B.

Storage area network

C.

Differential

D.

Image

Full Access
Question # 159

A legal department must maintain a backup from all devices that have been shredded and recycled by a third party. Which of the following best describes this requirement?

A.

Data retention

B.

Certification

C.

Sanitation

D.

Destruction

Full Access
Question # 160

A security analyst reviews web server logs and sees the following entries:

16.22.48.102 -- 26/April/2023 22:00:04.33 GET "http://www.databaseInfo.com/index.html/* " 200

16.22.48.102 -- 26/April/2023 22:00:07.23 GET "http://www.databaseInfo.com/index.html/../ " 404

16.22.48.102 -- 26/April/2023 22:01:16.03 GET "http://www.databaseInfo.com/index.html/../images " 404

16.22.48.102 -- 26/April/2023 22:03:10.25 GET "http://www.databaseInfo.com/index.html/../passwords " 404

16.22.48.102 -- 26/April/2023 22:05:11.22 GET "http://www.databaseInfo.com/index.html/../storedSQLqueries " 404

Which of the following attacks is most likely being attempted?

A.

Denial of service

B.

Password spraying

C.

SQL injection

D.

Directory traversal

Full Access
Question # 161

Which of the following describes the procedures a penetration tester must follow while conducting a test?

A.

Rules of engagement

B.

Rules of acceptance

C.

Rules of understanding

D.

Rules of execution

Full Access
Question # 162

A client demands at least 99.99% uptime from a service provider's hosted security services. Which of the following documents includes the information the service provider should return to the client?

A.

MOA

B.

SOW

C.

MOU

D.

SLA

Full Access
Question # 163

A security analyst is reviewing logs to identify the destination of command-and-control traffic originating from a compromised device within the on-premises network. Which of the following is the best log to review?

A.

IDS

B.

Antivirus

C.

Firewall

D.

Application

Full Access
Question # 164

Which of the following describes the maximum allowance of accepted risk?

A.

Risk indicator

B.

Risk level

C.

Risk score

D.

Risk threshold

Full Access
Question # 165

A security analyst reviews domain activity logs and notices the following:

Which of the following is the best explanation for what the security analyst has discovered?

A.

The user jsmith's account has been locked out.

B.

A keylogger is installed on [smith's workstation

C.

An attacker is attempting to brute force ismith's account.

D.

Ransomware has been deployed in the domain.

Full Access
Question # 166

Which of the following is used to quantitatively measure the criticality of a vulnerability?

A.

CVE

B.

CVSS

C.

CIA

D.

CERT

Full Access
Question # 167

Which of the following is a risk of conducting a vulnerability assessment?

A.

A disruption of business operations

B.

Unauthorized access to the system

C.

Reports of false positives

D.

Finding security gaps in the system

Full Access
Question # 168

Which of the following is the best way to improve the confidentiality of remote connections to an enterprise's infrastructure?

A.

Firewalls

B.

Virtual private networks

C.

Extensive logging

D.

Intrusion detection systems

Full Access
Question # 169

Which of the following is a use of CVSS?

A.

To determine the cost associated with patching systems

B.

To identify unused ports and services that should be closed

C.

To analyze code for defects that could be exploited

D.

To prioritize the remediation of vulnerabilities

Full Access
Question # 170

Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?

A.

Fines

B.

Audit findings

C.

Sanctions

D.

Reputation damage

Full Access
Question # 171

A company’s web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?

A.

encryption=off\

B.

http://

C.

www.*.com

D.

:443

Full Access