Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: suredis

CompTIA SY0-601 CompTIA Security+ Exam 2021 Exam Practice Test

Page: 1 / 85
Total 848 questions

CompTIA Security+ Exam 2021 Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$40.25  $114.99

PDF Study Guide

  • Product Type: PDF Study Guide
$35  $99.99
Question 1

Which of the following job roles would sponsor data quality and data entry initiatives that ensure business and regulatory requirements are met?

Options:

A.

The data owner

B.

The data processor

C.

The data steward

D.

The data privacy officer.

Question 2

A startup company is using multiple SaaS and IaaS platform to stand up a corporate infrastructure and build out a customer-facing web application. Which of the following solutions would be BEST to provide security, manageability, and visibility into the platforms?

Options:

A.

SIEM

B.

DLP

C.

CASB

D.

SWG

Question 3

A security analyst needs to be proactive in understand the types of attacks that could potentially target the company's execute. Which of the following intelligence sources should to security analyst review?

Options:

A.

Vulnerability feeds

B.

Trusted automated exchange of indicator information

C.

Structured threat information expression

D.

Industry information-sharing and collaboration groups

Question 4

A security analyst is configuring a large number of new company-issued laptops. The analyst received the

following requirements:

• The devices will be used internationally by staff who travel extensively.

• Occasional personal use is acceptable due to the travel requirements.

• Users must be able to install and configure sanctioned programs and productivity suites.

• The devices must be encrypted

• The devices must be capable of operating in low-bandwidth environments.

Which of the following would provide the GREATEST benefit to the security posture of the devices?

Options:

A.

Configuring an always-on VPN

B.

Implementing application whitelisting

C.

Requiring web traffic to pass through the on-premises content filter

D.

Setting the antivirus DAT update schedule to weekly

Question 5

Users at organization have been installing programs from the internet on their workstations without first proper authorization. The organization maintains a portal from which users can install standardized programs. However, some users have administrative access on their workstations to enable legacy programs to function property. Which of the following should the security administrator consider implementing to address this issue?

Options:

A.

Application code signing

B.

Application whitellsting

C.

Data loss prevention

D.

Web application firewalls

Question 6

Which of the following would be the BEST method for creating a detailed diagram of wireless access points and hot-spots?

Options:

A.

Footprinting

B.

White-box testing

C.

A drone/UAV

D.

Pivoting

Question 7

Which of the following ISO standards is certified for privacy?

Options:

A.

ISO 9001

B.

ISO 27002

C.

ISO 27701

D.

ISO 31000

Question 8

Which of the following algorithms has the SMALLEST key size?

Options:

A.

DES

B.

Twofish

C.

RSA

D.

AES

Question 9

Which of the following would be BEST to establish between organizations to define the responsibilities of each party outline the key deliverables and include monetary penalties for breaches to manage third-party risk?

Options:

A.

An ARO

B.

An MOU

C.

An SLA

D.

A BPA

Question 10

An organization is tuning SIEM rules based off of threat intelligence reports. Which of the following phases of the incident response

process does this scenario represent?

Options:

A.

Lessons learned

B.

Eradication

C.

Recovery

D.

Preparation

Question 11

A company has drafted an insider-threat policy that prohibits the use of external storage devices. Which of the following would BEST protect the company from data exfiltration via removable media?

Options:

A.

Monitoring large data transfer transactions in the firewall logs

B.

Developing mandatory training to educate employees about the removable media policy

C.

Implementing a group policy to block user access to system files

D.

Blocking removable-media devices and write capabilities using a host-based security tool

Question 12

A security analyst discovers that a company username and password database was posted on an internet forum. The username and passwords are stored in plan text. Which of the following would mitigate the damage done by this type of data exfiltration in the future?

Options:

A.

Create DLP controls that prevent documents from leaving the network

B.

Implement salting and hashing

C.

Configure the web content filter to block access to the forum.

D.

Increase password complexity requirements

Question 13

A security administrator needs to create a RAID configuration that is focused on high read speeds and fault tolerance. It is unlikely that multiple drivers will fail simultaneously. Which of the following RAID configurations should the administration use?

Options:

A.

RA1D 0

B.

RAID1

C.

RAID 5

D.

RAID 10

Question 14

In the middle of a cybersecurity, a security engineer removes the infected devices from the network and lock down all compromised accounts. In which of the following incident response phases is the security engineer currently operating?

Options:

A.

Identification

B.

Preparation

C.

Eradiction

D.

Recovery

E.

Containment

Question 15

A workwide manufacturing company has been experiencing email account compromised. In one incident, a user logged in from the corporate office in France, but then seconds later, the same user account attempted a login from Brazil. Which of the following account policies would BEST prevent this type of attack?

Options:

A.

Network location

B.

Impossible travel time

C.

Geolocation

D.

Geofencing

Question 16

A network engineer has been asked to investigate why several wireless barcode scanners and wireless computers in a warehouse have intermittent connectivity to the shipping server. The barcode scanners and computers are all on forklift trucks and move around the warehouse during their regular use. Which of the

following should the engineer do to determine the issue? (Choose two.)

Options:

A.

Perform a site survey

B.

Deploy an FTK Imager

C.

Create a heat map

D.

Scan for rogue access points

E.

Upgrade the security protocols

Question 17

A system administrator needs to implement an access control scheme that will allow an object’s access policy be determined by its owner. Which of the following access control schemes BEST fits the requirements?

Options:

A.

Role-based access control

B.

Discretionary access control

C.

Mandatory access control

D.

Attribute-based access control

Question 18

Against the recommendation of the IT security analyst, a company set all user passwords on a server as “P@)55wOrD". Upon review of the /etc/pesswa file,

an attacker found the following:

hich of the following BEST explains why the encrypted passwords do not match?

Options:

A.

Perfect forward secrecy

B.

Key stretching

C.

Salting

D.

Hashing

Question 19

An organization has been experiencing outages during holiday sales and needs to ensure availability of its point-of-sale systems The IT administrator has been asked to improve both server-data fault tolerance and site availability under high consumer load Which of the following are the BEST options to accomplish this objective'? (Select TWO)

Options:

A.

Load balancing

B.

Incremental backups

C.

UPS

D.

RAID

E.

Dual power supply

F.

NIC teaming

Question 20

An organization Chief information Security Officer a position that will be responsibles for implementing technical controls to protect data, include ensuring backups are properly maintained. Which of the following roles would MOST likely include these responsibilities?

Options:

A.

Data protection officer

B.

Data owner

C.

Backup administrator

D.

Data custodian

E.

Internal auditor

Question 21

A security analyst sees the following log output while reviewing web logs:

Which of the following mitigation strategies would be BEST to prevent this attack from being successful?

Options:

A.

Secure cookies

B.

Input validation

C.

Code signing

D.

Stored procedures

Question 22

A security engineer needs to enhance MFA access to sensitive areas in a building. A key card and fingerprint scan are already in use. Which of the following would add another factor of authentication?

Options:

A.

Hard token

B.

Retina scan

C.

SMS text

D.

Keypad PIN

Question 23

A company discovered that terabytes of data have been exfiltrated over the past year after an employee clicked on an email link. The threat continued to evolve and remain undetected until a security analyst noticed an abnormal amount of external connections when the employee was not working. Which of the following is the MOST likely threat actor?

Options:

A.

Shadow IT

B.

Script kiddies

C.

APT

D.

Insider threat

Question 24

Which of the following in the incident response process is the BEST approach to improve the speed of the identification phase?

Options:

A.

Activate verbose logging in all critical assets.

B.

Tune monitoring in order to reduce false positive rates.

C.

Redirect all events to multiple syslog servers.

D.

Increase the number of sensors present on the environment.

Question 25

In a phishing attack, the perpetrator is pretending to be someone in a position of power in an effort to influence the target to click or follow the desired response. Which of the following principles is being used?

Options:

A.

Authority

B.

Intimidation

C.

Consensus

D.

Scarcity

Question 26

Two hospitals merged into a single organization. The privacy officer requested a review of all records to ensure encryption was used during record storage, in compliance with regulations. During the review, the officer discovered thai medical diagnosis codes and patient names were left unsecured. Which of the following types of data does this combination BEST represent?

Options:

A.

Personal health information

B.

Personally Identifiable Information

C.

ToKenized data

D.

Proprietary data

Question 27

Server administrator want to configure a cloud solution so that computing memory and processor usage is maximized most efficiently acress a number of virtual servers. They also need to avoid potential denial-of-service situations caused by availiability. Which of the following should administrator configure to maximize system availability while efficiently utilizing available computing power?

Options:

A.

Dynamic resource allocation

B.

High availability

C.

Segmentation

D.

Container security

Question 28

An annual information security assessment has revealed that several OS-level configurations are not in compliance due to outdated hardening standards the company is using. Which of the following would be BEST to use to update and reconfigure the OS-level security configurations?

Options:

A.

CIS benchmarks

B.

GDPR guidance

C.

Regional regulations

D.

ISO 27001 standards

Question 29

A security analyst in a SOC has been tasked with onboarding a new network into the SIEM. Which of the following BEST describes the information that should feed into a SIEM solution in order to adequately support an investigation?

Options:

A.

Logs from each device type and security layer to provide correlation of events

B.

Only firewall logs since that is where attackers will most likely try to breach the network

C.

Email and web-browsing logs because user behavior is often the cause of security breaches

D.

NetFlow because it is much more reliable to analyze than syslog and will be exportable from every device

Question 30

A security analyst has been tasked with finding the maximum amount of data loss that can occur before ongoing business operations would be impacted. Which of the following terms BEST defines this metric?

Options:

A.

MTTR

B.

RTO

C.

RPO

D.

MTBF

Question 31

Which of the following is a reason to publish files' hashes?

Options:

A.

To validate the integrity of the files

B.

To verify if the software was digitally signed

C.

To use the hash as a software activation key

D.

To use the hash as a decryption passphrase

Question 32

An attacker has successfully exfiltrated several non-salted password hashes from an online system. Given the logs below:

Which of the following BEST describes the type of password attack the attacker is performing?

Options:

A.

Dictionary

B.

Pass-the-hash

C.

Brute-force

D.

Password spraying

Question 33

A cyber-security administrator is using an enterprise firewall. The administrator created some rules, but now Seems to be unresponsive. All connections being dropped by the firewall. Which of the following would be the BEST option to remove the rules?

Options:

A.

# iptables -t mangle -x

B.

# iptables -f

C.

# iptables -z

D.

# iptables -p input -j drop

Question 34

An administrator is configuring a firewall rule set for a subnet to only access DHCP, web pages, and SFTP, and to specifically block FTP. Which of the following would BEST accomplish this goal?

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 35

Which of the following is an example of risk avoidance?

Options:

A.

Installing security updates directly in production to expedite vulnerability fixes

B.

Buying insurance to prepare for financial loss associated with exploits

C.

Not installing new software to prevent compatibility errors

D.

Not taking preventive measures to stop the theft of equipment

Question 36

Which of the following supplies non-repudiation during a forensics investigation?

Options:

A.

Dumping volatile memory contents first

B.

Duplicating a drive with dd

C.

Using a SHA-2 signature of a drive image

D.

Logging everyone in contact with evidence

E.

Encrypting sensitive data

Question 37

Which of the following processes will eliminate data using a method that will allow the storage device to be reused after the process is complete?

Options:

A.

Pulverizing

B.

Overwriting

C.

Shredding

D.

Degaussing

Question 38

A security analyst is tasked with defining the “something you are“ factor of the company’s MFA settings. Which of the following is BEST to use to complete the configuration?

Options:

A.

Gait analysis

B.

Vein

C.

Soft token

D.

HMAC-based, one-time password

Question 39

An organization just implemented a new security system. Local laws state that citizens must be notified prior to encountering the detection mechanism to deter malicious activities. Which of the following is being implemented?

Options:

A.

Proximity cards with guards

B.

Fence with electricity

C.

Drones with alarms

D.

Motion sensors with signage

Question 40

A large financial services firm recently released information regarding a security breach within its corporate network that began several years before. During the time frame in which the breach occurred, indicators show an attacker gained administrative access to the network through a file downloaded from a social media site and subsequently installed it without the user's knowledge. Since the compromise, the attacker was able to take command and control the computer systems anonymously while obtaining sensitive corporate and personal employee information. Which of the following methods did the attacker MOST likely use to gain access?

Options:

A.

A bot

B.

A fileless virus

C.

A logic bomb

D.

A RAT

Question 41

An attacker has determined the best way to impact operations is to infiltrate third-party software vendors. Which of the following vectors is being exploited?

Options:

A.

Social media

B.

Cloud

C.

Supply chain

D.

Social engineering

Question 42

Users are presented with a banner upon each login to a workstation. The banner mentions that users are not entitled to any reasonable expectation of privacy and access is for authorized personnel only.

In order to proceed past that banner. users must click the OK button. Which of the following is this an example of?

Options:

A.

AUP

B.

NDA

C.

SLA

D.

MOU

Question 43

A penetration tester is fuzzing an application to identify where the EIP of the stack is located on memory. Which of the following attacks is the penetration tester planning to execute?

Options:

A.

Race-condition

B.

Pass-the-hash

C.

Buffer overflow

D.

XSS

Question 44

A user reports falling for a phishing email to an analyst. Which of the following system logs would the analyst check FIRST?

Options:

A.

DNS

B.

Message gateway

C.

Network

D.

Authentication

Question 45

A Chief Information Officer receives an email stating a database will be encrypted within 24 hours unless a payment of $20,000 is credited to the account mentioned In the email. This BEST describes a scenario related to:

Options:

A.

whaling.

B.

smishing.

C.

spear phishing

D.

vishing

Question 46

An organization wants to integrate its incident response processes into a workflow with automated decision points and actions based on predefined playbooks. Which of the following should the organization implement?

Options:

A.

SIEM

B.

SOAR

C.

EDR

D.

CASB

Question 47

During a Chiet Information Securty Officer (CISO) comvenbon to discuss security awareness, the affendees are provided with a network connection to use as a resource. As the Convention progresses. ane of the attendees starts to notice delays in the connection. and the HTTPS ste requests are reverting to HTTP. Which of the folowing BEST describes what is happening?

Options:

A.

Birtuday colfisices on the cartificate key

B.

DNS hijackeng to reroute tratic

C.

Brute force 1 tho access point

D.

A SSL/TLS downgrade

Question 48

A company recently expenenced an attack dunng which #5 main website was directed to the atacker’s web server, allowing the attacker to harvest credentials from unsuspecting customers. Vhich of the following snould the company Implement to prevent this type of attack from accurting in the future?

Options:

A.

IPSec

B.

SSL/TLS

C.

DNSSEC

D.

S/MIME

Question 49

Which of the following in a forensic investigation should be priorities based on the order of volatility? (Select TWO).

Options:

A.

Page files

B.

Event logs

C.

RAM

D.

Cache

E.

Stored files

F.

HDD

Question 50

During an incident, a company's CIRT determines it is necessary to observe the continued network-based transactions between a callback domain and the malware running on an enterprise PC. Which

of the following techniques would be BEST to enable this activity while reducing the nsk of lateral spread and the nsk that the adversary would notice any changes?

Options:

A.

Physically move the PC to a separate Internet point of presence.

B.

Create and apply microsegmentation rules,

C.

Emulate the malware in a heavily monitored DMZ segment

D.

Apply network blacklisting rules for the adversary domain

Question 51

A major clothing company recently lost of large of priority information. The security officer must find a solution to ensure this never happens again. Which of the following is the BEST technician implementation to present this from happeing again?

Options:

A.

Configure DLP solution

B.

Disable peer-topeer sharing

C.

Enable role-based access controls.

D.

Mandsha job rotation.

E.

Implement content filters

Question 52

Which of the following environments can be stood up in a short period of time, utilizes either dummy data or actual data, and is used to demonstrate and model system capabilities and functionality for a fixed, agreed-upon

duration of time?

Options:

A.

PoC

B.

Production

C.

Test

D.

Development

Question 53

While reviewing pcap data, a network security analyst is able to locate plaintext usernames and passwords being sent from workstations to network witches. Which of the following is the security analyst MOST likely observing?

Options:

A.

SNMP traps

B.

A Telnet session

C.

An SSH connection

D.

SFTP traffic

Question 54

A security analyst is investigating a phishing email that contains a malicious document directed to the company's Chief Executive Officer (CEO). Which of the following should the analyst perform to understand the threat and retrieve possible IoCs?

Options:

A.

Run a vulnerability scan against the CEOs computer to find possible vulnerabilities

B.

Install a sandbox to run the malicious payload in a safe environment

C.

Perform a traceroute to identify the communication path

D.

Use netstat to check whether communication has been made with a remote host

Question 55

Which of the following conditions impacts data sovereignty?

Options:

A.

Rights management

B.

Criminal investigations

C.

Healthcare data

D.

Intemational operations

Question 56

A security analyst is running a vulnerability scan to check for missing patches during a suspected security rodent During which of the following phases of the response process is this activity MOST likely occurring?

Options:

A.

Containment

B.

Identification

C.

Recovery

D.

Preparation

Question 57

Which of the following would be BEST for a technician to review to determine the total risk an organization can bear when assessing a "cloud-first" adoption strategy?

Options:

A.

Risk matrix

B.

Risk tolerance

C.

Risk register

D.

Risk appetite

Question 58

Atocompany wants to modify its current backup strategy to modity its current backup strategy to minenize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategy

Options:

A.

Incremental backups followed by differential backups

B.

Full backups followed by incremental backups

C.

Delta backups followed by differental backups

D.

Incremental backups followed by delta backups

E.

Full backup followed by different backups

Question 59

Which of the following function as preventive, detective, and deterrent controls to reduce the risk of physical theft? (Select TWO).

Options:

A.

Mantraps

B.

Security guards

C.

Video surveillance

D.

Fences

E.

Bollards

F.

Antivirus

Question 60

Which of the following uses six initial steps that provide basic control over system security by including hardware and software inventory, vulnerability management, and continuous monitoring to minimize risk in all network environments?

Options:

A.

ISO 27701

B.

The Center for Internet Security

C.

SSAE SOC 2

D.

NIST Risk Management Framework

Question 61

A security engineer is installing a WAF to protect the company's website from malicious web requests over SSL. Which of the following is needed to meet the objective?

Options:

A.

A reverse proxy

B.

A decryption certificate

C.

A spill-tunnel VPN

D.

Load-balanced servers

Question 62

A bad actor tries to persuade someone to provide financial information over the phone in order to gain access to funds. Which of the following types of attacks does this scenario describe?

Options:

A.

Vishing

B.

Phishing

C.

Spear phishing

D.

Whaling

Question 63

When planning to build a virtual environment, an administrator need to achieve the following,

•Establish polices in Limit who can create new VMs

•Allocate resources according to actual utilization‘

•Require justification for requests outside of the standard requirements.

•Create standardized categories based on size and resource requirements

Which of the following is the administrator MOST likely trying to do?

Options:

A.

Implement IaaS replication

B.

Product against VM escape

C.

Deploy a PaaS

D.

Avoid VM sprawl

Question 64

A company installed several crosscut shredders as part of increased information security practices targeting data leakage risks. Which of the following will this practice reduce?

Options:

A.

Dumpster diving

B.

Shoulder surfing

C.

Information elicitation

D.

Credential harvesting

Question 65

Which of the following BEST describes a social-engineering attack that relies on an executive at a small business visiting a fake banking website where credit card and account details are harvested?

Options:

A.

Whaling

B.

Spam

C.

Invoice scam

D.

Pharming

Question 66

A cybersecurity administrator needs to implement a Layer 7 security control on a network and block potential attacks. Which of the following can block an attack at Layer 7? (Select TWO).

Options:

A.

HIDS

B.

NIPS

C.

HSM

D.

WAF

E.

NAC

F.

NIDS

G.

Stateless firewall

Question 67

An organization has implemented a two-step verification process to protect user access to data that s stored in the coud Ic scssnncsitcibin a vdiemiietanebins

code to access the data. Which of the following authentication methods did the organization implement?

Options:

A.

Token key

B.

B Static code

C.

Push notification

'D. HOTP

Question 68

hich of the folowing would be BEST for a technician to review to determing the total figk an organizalion can bear when assessing a "cloud-firet" adoption sraiegy?

Options:

A.

Risk matrix

B.

Risk tolerance

C Risk register

C.

Risk appetite

Question 69

A recent security assessment revealed that an actor explolied a vuinerable workstation willvin an organization and has persisted on the network for several months. The organization realizes the need to reassess Its seourlty

strategy for mitigating risks within the perimeter Which of the following solutions woukl BEST support the organization's strategy?

Options:

A.

FIM

B.

OOP

C.

EOR

D.

DUT

Question 70

The human resources department of a large online retailer has received multiple customer complaints about the rudeness of the automated chatbots it uses to interface and assist online shoppers. The

system, which continuously learns and adapts, was working fine when it was installed a few months ago. Which of the following BEST describes the method being used to exploit the system?

Options:

A.

Baseline modification

B.

A fileless virus

C.

Tainted training data

D.

Cryptographic manipulation

Question 71

Whictpof the following will MOST likely cause machine-learning and Al-enabled systems to operate with unintended consequences?

Options:

A.

Stored procedures

B.

Buffer overflows

C.

Data bias

D.

Code reuse

Question 72

A security analyst is investigating a vulnerability in which a default file permission was set incorrectly. The company uses non-credentialed scanning for vulnerability management.

Which of the following tools can the analyst use to verify the permissions?

Options:

A.

ssh

B.

chmod

C.

1s

D.

setuid

E.

nessus

F.

ne

Question 73

When implementing automation with loT devices, which of the following should be considered FIRST to keep the network secure?

Options:

A.

Z-Wave compatibility

B.

Network range

C.

Zigbee configuration

D.

Communication protocols

Question 74

A security analyst needs to implement security features across smartphones, laptops, and tablets. Which of the following would be the MOST effective across heterogeneous platforms?

Options:

A.

Enforcing encryption

B.

Deploying GPOs

C.

Removing administrative permissions

D.

Applying MDM software

Question 75

After installing a Windows server, a cybersecurity administrator needs to harden it, following security best practices. Which of the following will achieve the administrator's goal? (Select TWO).

Options:

A.

Disabling guest accounts

B.

Disabling service accounts

C.

Enabling network sharing

D.

Disabling NetBIOS over TCP/IP

E.

Storing LAN manager hash values

F.

Enabling NTLM

Question 76

Which of the following terms should be included in a contract to help a company monitor the ongoing security maturity of a new vendor?

Options:

A.

A right-to-audit clause allowing for annual security audits

B.

Requirements for event logs to be kept for a minimum of 30 days

C.

Integration of threat intelligence in the company's AV

D.

A data-breach clause requiring disclosure of significant data loss

Question 77

A network administrator is concerned about users being exposed to malicious content when accessing company cloud applications. The administrator wants to be able to block access to sites based on the AUP. The users must also be protected because many of them work from home or at remote locations, providing on-site customer support. Which of the following should the administrator employ to meet these criteria?

Options:

A.

Implement NAC.

B.

Implement an SWG.

C.

Implement a URL filter.

D.

Implement an MDM.

Question 78

A customer called a company's security team to report that all invoices the customer has received over the last five days from the company appear to have fraudulent banking details. An investigation

into the matter reveals the following

* The manager of the accounts payable department is using the same password across multiple external websites and the corporate account.

* One of the websites the manager used recently experienced a data breach

* The manager's corporate email account was successfully accessed in the last fve days by an IP address located in a foreign country

Which of the following attacks has MOST hkely been used to compromise the manager's corporate account?

A Remote access Trojan

B. Brute-force

C. Oicbonary

D. Credential stuffing

E. Password spraying

Options:

Question 79

Options:

A.

user must introduce a password and a USB key to authenticate against a secure computer, and authentication is limited to the state in which the company resides. Which of the following authentication concepts are in use?

B.

Something you know, something you have, and somewhere you are

C.

Something you know, something you can do, and somewhere you are

D.

Something you are, something you know, and something you can exhibit

E.

Something you have, somewhere you are, and someone you know

Question 80

A Chief Security Officer (CSO) is concerned about the volume and integrity of sensitive information that is exchanged between the organization and a third party through email. The CSO is particularly concerned about an unauthorized party who is intercepting information that is in transit between the two organizations. Which of the following would address the

CSO's concerns?

Options:

A.

SPF

B.

DMARC

C.

SSL

D.

DKIM

E.

TLS

Question 81

A security analyst must determine if either SSH or Telnet is being used to log in to servers. Which of the following should the analyst use?

Options:

A.

logger

B.

Metasploit

C.

tcpdump

D.

netstat

Question 82

To mitigate the impact of a single VM being compromised by another VM on the same hypervisor, an administrator would like to utilize a technical control to further segregate the traffic. Which of the

following solutions would BEST accomplish this objective?

Options:

A.

Install a hypervisor firewall to filter east-west traffic.

B.

Add more VLANs to the hypervisor network switches.

C.

Move exposed or vulnerable VMs to the DMZ.

D.

Implement a zero-trust policy and physically segregate the hypervisor servers.

Question 83

A company Is concerned about ts securkty afler a red-tearn exercise. The report shows the team was able to reach the critical servers due to Ihe SMB being exposed fo the Internet and running NTLMV1, Which of the following

BEST explains the findings?

Options:

A.

Default settings on the servers

B.

Unsecuted administrator accounts

C.

Open ports and services

D.

Weak Gata encryption

Question 84

The concept of connecting a user account across the systems of multiple enterprises is BEST known as:

Options:

A.

federation.

B.

a remote access policy.

C.

multifactor authentication.

D.

single sign-on.

Question 85

A security analyst Is reviewing the following output from a system:

Which of the following is MOST likely being observed?

Options:

A.

ARP polsoning

B.

Man in the middie

C.

Denial of service

D.

DNS poisoning

Question 86

A company's help desk received several AV alerts indicating Mimikatz attempted to run on the remote systems. Several users also reported that the new company flash drives they picked up in the

break room only have 512KB of storage. Which of the following is MOST likely the cause?

A The GPO prevents the use of flash drives, which triggers a false positive AV indication and restricts the drives to only 512KB of storage.

B. The new flash drives need a driver that is being blocked by the AV software because the flash drives are not on the application's allow list, temporarily restricting the drives to 512KB of storage.

C. . The new flash drives are incorrectly partitioned, and the systems are automatically trying to use an unapproved application to repartition the drives.

D. The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials from memory.

Options:

Question 87

A security analyst must detenmine If elther SSH er Telnet ts being used to lng in bo servers. Which of the following should the analyst use?

Options:

A.

legger

B.

Metarup) ost

C.

tepdump

D.

netetat

Question 88

An end user reoorts a computer has been acting slower than normal for a few weeks, During an investigation, an analyst determines the system 3 sending the users email address and a ten-cigit number ta an IP ackiress ance a day. The anly resent (ag entry regarding the user's computer is the fallowing:

Which of the following is the MOST likely cause of the issue?

A The end user purchased anc installed 2 PUP from a wab browser.

B. bot on the cornputer is rule forcing passwords aguinsl vy websile.

C. A hacker Is attempting to ex‘itrate sens tve cata.

D. Ransomwere is communicating with 8 commard-and-contral server.

Options:

Question 89

Per company security policy, IT staff members are required to have separate credentials to perform administrative functions using just-in-time permissions. Which of the following solutions is the company Implementing?

Options:

A.

Privileged access management

B.

SSO

C.

RADIUS

D.

Attribute-based access control

Question 90

Adynamic application vulnerability scan identified that code injection could be performed using a web form. Which of the following will be the BEST remediation to prevent this vulnerability?

Options:

A.

Implement input validations.

B.

Deploy MFA.

C.

Utilize a WAF.

D.

Configure HIPS.

Question 91

A security administrator has discovered that workstations on the LAN are becoming infected with malware. The cause of the infections appears to be users receiving phishing emails that are bypassing the current email-filtering technology. As a result, users are being tricked into clicking on malicious URLs, as no internal controls currently exist in the environment to evaluate their safety. Which of the following would be BEST to implement to address the issue?

Options:

A.

Forward proxy

B.

HIDS

C.

Awareness training

D.

A jump server

E.

IPS

Question 92

Certain users are reporting their accounts are being used to send unauthorized emails and conduct suspicious activities. After further investigation, a security analyst notices the following:

• All users share workstations throughout the day.

• Endpoint protection was disabled on several workstations throughout the network.

• Travel times on logins from the affected users are impossible.

• Sensitive data is being uploaded to external sites.

• All user account passwords were forced to be reset and the issue continued.

Which of the following attacks is being used to compromise the user accounts?

Options:

A.

Brute-force

B.

Keylogger

C.

Dictionary

D.

Rainbow

Question 93

The Chief Information Security Officer wants to pilot a new adaptive, user-based authentication method. The concept Includes granting logical access based on physical location and proximity. Which of the following Is the BEST solution for the pilot?

Options:

A.

Geofencing

B.

Self-sovereign identification

C.

PKl certificates

D.

SSO

Question 94

As part of the lessons-learned phase, the SOC is tasked with building methods to detect if a previous incident is happening again. Which of the following would allow the security analyst to alert the SOC if an event is reoccurring?

Options:

A.

Creating a playbook within the SOAR

B.

Implementing rules in the NGFW

C.

Updating the DLP hash database

D.

Publishing a new CRL with revoked certificates

Question 95

The Chief information Security Officer has directed the security and networking team to retire the use of shared passwords on routers and switches. Which of the following choices BEST meets the requirements?

Options:

A.

SAML

B.

TACACS+

C.

Password vaults

D.

OAuth

Question 96

A security manager needs to assess the security posture of one of the organization's vendors. The contract with the vendor does not allow for auditing of the vendor's security controls. Which of (he following should the manager request to complete the assessment?

Options:

A.

A service-level agreement

B.

A business partnership agreement

C.

A SOC 2 Type 2 report

D.

A memorandum of understanding

Question 97

A company recently experienced a major breach. An investigation concludes that customer credit card data was stolen and exfiltrated through a dedicated business

partner connection to a vendor, who is not held to the same security contral standards. Which of the following is the MOST likely source of the breach?

Options:

A.

Side channel

B.

Supply chain

C.

Cryptographic downgrade

D.

Malware

Question 98

A Chief Information Officer is concerned about employees using company-issued laptops lo steal data when accessing network shares. Which of the following should the company Implement?

Options:

A.

DLP

B.

CASB

C.

HIDS

D.

EDR

E.

UEFI

Question 99

A junior security analyst is reviewing web server logs and identifies the following pattern in the log file:

Which ol the following types of attacks is being attempted and how can it be mitigated?

Options:

A.

XSS. mplement a SIEM

B.

CSRF. implement an IPS

C.

Directory traversal implement a WAF

D.

SQL infection, mplement an IDS

Question 100

A store receives reports that shoppers’ credit card information is being stolen. Upon further analysis, those same shoppers also withdrew money from an ATM in that store.

The attackers are using the targeted shoppers’ credit card information to make online purchases. Which of the following attacks is the MOST probable cause?

Options:

A.

Identity theft

B.

RFID cloning

C.

Shoulder surfing

D.

Card skimming

Question 101

Which of the following provides a catalog of security and privacy controls related to the United States federal information systems?

Options:

A.

GDPR

B.

PCI DSS

C.

ISO 27000

D.

NIST 800-53

Question 102

Which of the following authentication methods sends out a unique password to be used within a specific number of seconds?

Options:

A.

TOTP

B.

Biometrics

C.

Kerberos

D.

LDAP

Question 103

Which of the following BEST describes the method a security analyst would use to confirm a file that is downloaded from a trusted security website is not altered in transit or corrupted using a verified checksum?

Options:

A.

Hashing

B.

Salting

C.

Integrity

D.

Digital signature

Question 104

A security analyst has been tasked with creating a new WiFi network for the company. The requirements received by the analyst are as follows:

•Must be able to differentiate between users connected to WiFi

•The encryption keys need to change routinely without interrupting the users or forcing reauthentication

•Must be able to integrate with RADIUS

•Must not have any open SSIDs

Which of the following options BEST accommodates these requirements?

Options:

A.

WPA2-Enterprise

B.

WPA3-PSK

C.

802.11n

D.

WPS

Question 105

An application owner reports suspicious activity on an internal financial application from various internal users within the past 14 days. A security analyst notices the following:

•Financial transactions were occurring during irregular time frames and outside of business hours by unauthorized users.

•Internal users in question were changing their passwords frequently during that time period.

•A jump box that several domain administrator users use to connect to remote devices was recently compromised.

•The authentication method used in the environment is NTLM.

Which of the following types of attacks is MOST likely being used to gain unauthorized access?

Options:

A.

Pass-the-hash

B.

Brute-force

C.

Directory traversal

D.

Replay

Question 106

A Chief Information Officer is concerned about employees using company-issued laptops to steal data when accessing network shares. Which of the following should the company implement?

Options:

A.

DLP

B.

CASB

C.

HIDS

D.

EDR

E.

UEFI

Question 107

During an investigation, the incident response team discovers that multiple administrator accounts were suspected of being compromised. The host audit logs indicate a repeated brute-force attack on a single administrator account followed by suspicious logins from unfamiliar geographic locations. Which of the following data sources would be BEST to use to assess the accounts impacted by this attack?

Options:

A.

User behavior analytics

B.

Dump files

C.

Bandwidth monitors

D.

Protocol analyzer output

Question 108

A software company is analyzing a process that detects software vulnerabilities at the earliest stage possible. The goal is to scan the source looking for unsecure practices and weaknesses before the application is deployed in a runtime environment. Which of the following would BEST assist the company with this objective?

Options:

A.

Use fuzzing testing

B.

Use a web vulnerability scanner

C.

Use static code analysis

D.

Use a penetration-testing OS

Question 109

A systems analyst determines the source of a high number of connections to a web server that were initiated by ten different IP addresses that belong to a network block in a specific country. Which of the following techniques will the systems analyst MOST likely implement to address this issue?

Options:

A.

Content filter

B.

SIEM

C.

Firewall rules

D.

DLP

Question 110

Which of the following controls would be the MOST cost-effective and time-efficient to deter intrusions at the perimeter of a restricted, remote military training area?

(Select TWO).

Options:

A.

Barricades

B.

Thermal sensors

C.

Drones

D.

Signage

E.

Motion sensors

F.

Guards

G.

Bollards

Question 111

The Chief Information Security Officer wants to prevent exfiltration of sensitive information from employee cell phones when using public USB power charging stations. Which of the following would be the BEST solution to Implement?

Options:

A.

DLP

B.

USB data blocker

C.

USB OTG

D.

Disabling USB ports

Question 112

Which of the following components can be used to consolidate and forward inbound Internet traffic to multiple cloud environments though a single firewall?

Options:

A.

Transit gateway

B.

Cloud hot site

C.

Edge computing

D.

DNS sinkhole

Question 113

An organization wants to implement a biometric system with the highest likelihood that an unauthorized user will be denied access. Which of the following should the organization use to compare biometric solutions?

Options:

A.

FRR

B.

Difficulty of use

C.

Cost

D.

FAR

E.

CER

Question 114

Which of the following are common VoIP-associated vulnerabilities? (Select TWO).

Options:

A.

SPIM

B.

vishing

C.

Hopping

D.

Phishing

E.

Credential harvesting

F.

Tailgating

Question 115

Business partners are working on a secunty mechanism lo validate transactions securely. The requirement is for one company to be responsible for deploying a trusted solution that will register and issue artifacts used to sign encrypt, and decrypt transaction files. Which of the following is the BEST solution to adopt?

Options:

A.

PKI

B.

Blockchain

C.

SAML

D.

OAuth

Question 116

Which of the following describes the exploitation of an interactive process to gain access to restncted areas?

Options:

A.

Persistence

B.

Buffer overflow

C.

Privilege escalation

D.

Pharming

Question 117

An engineer wants to inspect traffic to a cluster of web servers in a cloud environment. Which of the following solutions should the engineer implement?

Options:

A.

Proxy server

B.

WAF

C.

Load balancer

D.

VPN

Question 118

A security analyst has been asked by the Chief Information Security Officer to

• develop a secure method of providing centralized management of infrastructure

• reduce the need to constantly replace aging end user machines

• provide a consistent user desktop expenence

Which of the following BEST meets these requirements?

Options:

A.

BYOD

B.

Mobile device management

C.

VDI

D.

Containers ation

Question 119

A security analyst is investigating suspicious traffic on the web server located at IP address 10.10.1.1. A search of the WAF logs reveals the following output:

Which of the following is MOST likely occurring?

Options:

A.

XSS attack

B.

SQLi attack

C.

Replay attack

D.

XSRF attack

Question 120

Data exftitration analysis indicates that an attacker managed to download system configuration notes from a web server. The web-server logs have been deleted, but analysts have determined that the system configuration notes were stored in the database administrator's folder on the web server Which of the following attacks explains what occurred? (Select TWO)

Options:

A.

Pass-the- hash

B.

Directory traversal

C.

SQL injection

D.

Privilege escalation

E.

Cross-site scnpting

F.

Request forgery

Question 121

A Chief Security Officer (CSO) is concerned that cloud-based services are not adequately protected from advanced threats and malware The CSO believes there is a high risk that a data breach could occur in the near future due to the lack of detective and preventive controls Which of the following should be implemented to BEST address the CSO's concerns? {Select TWO)

Options:

A.

AWAF

B.

ACASB

C.

An NG-SWG

D.

Segmentation

E.

Encryption

F.

Containerization

Question 122

A company wants to improve end users experiences when they tog in to a trusted partner website The company does not want the users to be issued separate credentials for the partner website Which of the following should be implemented to allow users to authenticate using their own credentials to log in to the trusted partner's website?

Options:

A.

Directory service

B.

AAA server

C.

Federation

D.

Multifactor authentication

Question 123

While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is alerted to a subsequent token reuse moments later on a different service using the same single sign-on method. Which of the following would BEST detect a malicious actor?

Options:

A.

Utilizing SIEM correlation engines

B.

Deploying Netflow at the network border

C.

Disabling session tokens for all sites

D.

Deploying a WAF for the web server

Question 124

An ofgantzation has decided to purchase an insurance policy because a risk assessment determined that the cost to remediate the risk is greater than the five-year cost of the insurance policy. The organization is enabling risk

Options:

A.

avoidance

B.

acceptance

C.

mitigation

D.

transference

Question 125

Which of the following is an example of transference of risk?

Options:

A.

Purchasing insurance

B.

Patching vulnerable servers

C.

Retiring outdated applications

D.

Application owner risk sign-off

Question 126

A new company wants to avoid channel interference when building a WLAN. The company needs to know the radio frequency behavior, identify dead zones, and determine the best place for access points. Which of the following should be done FIRST?

Options:

A.

Configure heat maps.

B.

Utilize captive portals.

C.

Conduct a site survey.

D.

Install Wi-Fi analyzers.

Question 127

A systems administrator reports degraded performance on a virtual server. The administrator increases the virtual memory allocation which improves conditions, but performance degrades again after a few days. The administrator runs an anarysis tool and sees the following output:

The administrator terminates the timeAttend.exe observes system performance over the next few days, and notices that the system performance does not degrade Which of the following issues is MOST likely occurring?

Options:

A.

DLL injection

B.

API attack

C.

Buffer oveiflow

D.

Memory leak

Page: 1 / 85
Total 848 questions