Summer Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

CompTIA SY0-701 CompTIA Security+ Exam 2025 Exam Practice Test

Page: 1 / 52
Total 518 questions

CompTIA Security+ Exam 2025 Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$43.75  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$38.5  $109.99
Question 1

A recent penetration test identified that an attacker could flood the MAC address table of network switches. Which of the following would best mitigate this type of attack?

Options:

A.

Load balancer

B.

Port security

C.

IPS

D.

NGFW

Question 2

Which of the following data states applies to data that is being actively processed by a database server?

Options:

A.

In use

B.

At rest

C.

In transit

D.

Being hashed

Question 3

Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company?

Options:

A.

Provisioning resources

B.

Disabling access

C.

Reviewing change approvals

D.

Escalating permission requests

Question 4

A business received a small grant to migrate its infrastructure to an off-premises solution. Which of the following should be considered first?

Options:

A.

Security of cloud providers

B.

Cost of implementation

C.

Ability of engineers

D.

Security of architecture

Question 5

The security team at a large global company needs to reduce the cost of storing data used for performing investigations. Which of the following types of data should have its retention length reduced?

Options:

A.

Packet capture

B.

Endpoint logs

C.

OS security logs

D.

Vulnerability scan

Question 6

A company is redesigning its infrastructure and wants to reduce the number of physical servers in use. Which of the following architectures is best suited for this goal?

Options:

A.

Isolation

B.

Segmentation

C.

Virtualization

D.

Redundancy

Question 7

A security operations center determines that the malicious activity detected on a server is normal. Which of the following activities describes the act of ignoring detected activity in the future?

Options:

A.

Tuning

B.

Aggregating

C.

Quarantining

D.

Archiving

Question 8

A company installed cameras and added signs to alert visitors that they are being recorded. Which of the following controls did the company implement? (Select two).

Options:

A.

Directive

B.

Deterrent

C.

Preventive

D.

Detective

E.

Corrective

F.

Technical

Question 9

A security analyst is prioritizing vulnerability scan results using a risk-based approach. Which of the following is the most efficient resource for the analyst to use?

Options:

A.

Business impact analysis

B.

Common Vulnerability Scoring System

C.

Risk register

D.

Exposure factor

Question 10

Which of the following is an algorithm performed to verify that data has not been modified?

Options:

A.

Hash

B.

Code check

C.

Encryption

D.

Checksum

Question 11

Which of the following is a type of vulnerability that refers to the unauthorized installation of applications on a device through means other than the official application store?

Options:

A.

Cross-site scripting

B.

Buffer overflow

C.

Jailbreaking

D.

Side loading

Question 12

A security team created a document that details the order in which critical systems should be through back online after a major outage. Which of the following documents did the team create?

Options:

A.

Communication plan

B.

Incident response plan

C.

Data retention policy

D.

Disaster recovery plan

Question 13

A forensic engineer determines that the root cause of a compromise is a SQL injection attack. Which of the following should the engineer review to identify the command used by the threat actor?

Options:

A.

Metadata

B.

Application log

C.

System log

D.

Netflow log

Question 14

A company's online shopping website became unusable shortly after midnight on January 30, 2023. When a security analyst reviewed the database server, the analyst noticed the following code used for backing up data:

Which of the following should the analyst do next?

Options:

A.

Check for recently terminated DBAs.

B.

Review WAF logs for evidence of command injection.

C.

Scan the database server for malware.

D.

Search the web server for ransomware notes.

Question 15

A malicious update was distributed to a common software platform and disabled services at many organizations. Which of the following best describes this type of vulnerability?

Options:

A.

DDoS attack

B.

Rogue employee

C.

Insider threat

D.

Supply chain

Question 16

An organization needs to monitor its users' activities to prevent insider threats. Which of the following solutions would help the organization achieve this goal?

Options:

A.

Behavioral analytics

B.

Access control lists

C.

Identity and access management

D.

Network intrusion detection system

Question 17

An organization is required to provide assurance that its controls are properly designed and operating effectively. Which of the following reports will best achieve the objective?

Options:

A.

Red teaming

B.

Penetration testing

C.

Independent audit

D.

Vulnerability assessment

Question 18

To which of the following security categories does an EDR solution belong?

Options:

A.

Physical

B.

Operational

C.

Managerial

D.

Technical

Question 19

A business needs a recovery site but does not require immediate failover. The business also wants to reduce the workload required to recover from an outage. Which of the following recovery sites is the best option?

Options:

A.

Hot

B.

Cold

C.

Warm

D.

Geographically dispersed

Question 20

An organization wants to limit potential impact to its log-in database in the event of a breach. Which of the following options is the security team most likely to recommend?

Options:

A.

Tokenization

B.

Hashing

C.

Obfuscation

D.

Segmentation

Question 21

A company is aware of a given security risk related to a specific market segment. The business chooses not to accept responsibility and target their services to a different market segment. Which of the following describes this risk management strategy?

Options:

A.

Exemption

B.

Exception

C.

Avoid

D.

Transfer

Question 22

Which of the following would be the greatest concern for a company that is aware of the consequences of non-compliance with government regulations?

Options:

A.

Right to be forgotten

B.

Sanctions

C.

External compliance reporting

D.

Attestation

Question 23

A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do?

Options:

A.

Place posters around the office to raise awareness of common phishing activities.

B.

Implement email security filters to prevent phishing emails from being delivered

C.

Update the EDR policies to block automatic execution of downloaded programs.

D.

Create additional training for users to recognize the signs of phishing attempts.

Question 24

A penetration test has demonstrated that domain administrator accounts were vulnerable to pass-the-hash attacks. Which of the following would have been the best strategy to prevent the threat actor from using domain administrator accounts?

Options:

A.

Audit each domain administrator account weekly for password compliance.

B.

Implement a privileged access management solution.

C.

Create IDS policies to monitor domain controller access.

D.

Use Group Policy to enforce password expiration.

Question 25

An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?

Options:

A.

Secured zones

B.

Subject role

C.

Adaptive identity

D.

Threat scope reduction

Question 26

Which of the following security controls would best guard a payroll system against insider manipulation threats?

Options:

A.

Compensating

B.

Deterrent

C.

Detective

D.

Corrective

Question 27

A security analyst locates a potentially malicious video file on a server and needs to identify both the creation date and the file's creator. Which of the following actions would most likely give the security analyst the information required?

Options:

A.

Obtain the file's SHA-256 hash.

B.

Use hexdump on the file's contents.

C.

Check endpoint logs.

D.

Query the file's metadata.

Question 28

A company has a website in a server cluster. One server is experiencing very high usage, while others are nearly unused. Which of the following should the company configure to help distribute traffic quickly?

Options:

A.

Server multiprocessing

B.

Warm site

C.

Load balancer

D.

Proxy server

Question 29

Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?

Options:

A.

Software as a service

B.

Infrastructure as code

C.

Internet of Things

D.

Software-defined networking

Question 30

A systems administrator is redesigning now devices will perform network authentication. The following requirements need to be met:

• An existing Internal certificate must be used.

• Wired and wireless networks must be supported

• Any unapproved device should be Isolated in a quarantine subnet

• Approved devices should be updated before accessing resources

Which of the following would best meet the requirements?

Options:

A.

802.IX

B.

EAP

C.

RADIUS

D.

WPA2

Question 31

An administrator must replace an expired SSL certificate. Which of the following does the administrator need to create the new SSL certificate?

Options:

A.

CSR

B.

OCSP

C.

Key

D.

CRL

Question 32

Which of the following practices would be best to prevent an insider from introducing malicious code into a company's development process?

Options:

A.

Code scanning for vulnerabilities

B.

Open-source component usage

C.

Quality assurance testing

D.

Peer review and approval

Question 33

A company plans to secure its systems by:

Preventing users from sending sensitive data over corporate email

Restricting access to potentially harmful websites

Which of the following features should the company set up? (Select two).

Options:

A.

DLP software

B.

DNS filtering

C.

File integrity monitoring

D.

Stateful firewall

Question 34

An external vendor recently visited a company's headquarters tor a presentation. Following the visit a member of the hosting team found a file that the external vendor left behind on a server. The file contained detailed architecture information and code snippets. Which of the following data types best describes this file?

Options:

A.

Government

B.

Public

C.

Proprietary

D.

Critical

Question 35

An organization is adopting cloud services at a rapid pace and now has multiple SaaS applications in use. Each application has a separate log-in. so the security team wants to reduce the number of credentials each employee must maintain. Which of the following is the first step the security team should take?

Options:

A.

Enable SAML

B.

Create OAuth tokens.

C.

Use password vaulting.

D.

Select an IdP

Question 36

A company processes and stores sensitive data on its own systems. Which of the following steps should the company take first to ensure compliance with privacy regulations?

Options:

A.

Implement access controls and encryption.

B.

Develop and provide training on data protection policies.

C.

Create incident response and disaster recovery plans.

D.

Purchase and install security software.

Question 37

A security analyst is investigating an application server and discovers that software on the server is behaving abnormally. The software normally runs batch jobs locally and does not generate traffic, but the process is now generating outbound traffic over random high ports. Which of the following vulnerabilities has likely been exploited in this software?

Options:

A.

Memory injection

B.

Race condition

C.

Side loading

D.

SQL injection

Question 38

Which of the following documents details how to accomplish a technical security task?

Options:

A.

Standard

B.

Policy

C.

Guideline

D.

Procedure

Question 39

A security analyst is investigating a workstation that is suspected of outbound communication to a command-and-control server. During the investigation, the analyst discovered that logs on the endpoint were deleted. Which of the following logs would the analyst most likely look at next?

Options:

A.

IPS

B.

Firewall

C.

ACL

D.

Windows security

Question 40

An important patch for a critical application has just been released, and a systems administrator is identifying all of the systems requiring the patch. Which of the following must be maintained in order to ensure that all systems requiring the patch are updated?

Options:

A.

Asset inventory

B.

Network enumeration

C.

Data certification

D.

Procurement process

Question 41

Which of the following cryptographic methods is preferred for securing communications with limited computing resources?

Options:

A.

Hashing algorithm

B.

Public key infrastructure

C.

Symmetric encryption

D.

Elliptic curve cryptography

Question 42

A vendor salesperson is a personal friend of a company’s Chief Financial Officer (CFO). The company recently made a large purchase from the vendor, which was directly approved by the CFO. Which of the following best describes this situation?

Options:

A.

Rules of engagement

B.

Conflict of interest

C.

Due diligence

D.

Contractual impact

E.

Reputational damage

Question 43

Which of the following activities are associated with vulnerability management? (Select two).

Options:

A.

Reporting

B.

Prioritization

C.

Exploiting

D.

Correlation

E.

Containment

F.

Tabletop exercise

Question 44

A security practitioner completes a vulnerability assessment on a company’s network and finds several vulnerabilities, which the operations team remediates. Which of the following should be done next?

Options:

A.

Conduct an audit.

B.

Initiate a penetration test.

C.

Rescan the network.

D.

Submit a report.

Question 45

A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?

Options:

A.

Data masking

B.

Encryption

C.

Geolocation policy

D.

Data sovereignty regulation

Question 46

A security analyst is reviewing logs to identify the destination of command-and-control traffic originating from a compromised device within the on-premises network. Which of the following is the best log to review?

Options:

A.

IDS

B.

Antivirus

C.

Firewall

D.

Application

Question 47

Which of the following is the best way to remove personal data from a social media account that is no longer being used?

Options:

A.

Exercise the right to be forgotten

B.

Uninstall the social media application

C.

Perform a factory reset

D.

Terminate the social media account

Question 48

Which of the following is the best reason to complete an audit in a banking environment?

Options:

A.

Regulatory requirement

B.

Organizational change

C.

Self-assessment requirement

D.

Service-level requirement

Question 49

A company needs to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary. Which of the following methods is most secure?

Options:

A.

Implementing a bastion host

B.

Deploying a perimeter network

C.

Installing a WAF

D.

Utilizing single sign-on

Question 50

A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations. Which of the following should the hosting provider consider first?

Options:

A.

Local data protection regulations

B.

Risks from hackers residing in other countries

C.

Impacts to existing contractual obligations

D.

Time zone differences in log correlation

Question 51

A systems administrator wants to prevent users from being able to access data based on their responsibilities. The administrator also wants to apply the required access structure via a simplified format. Which of the following should the administrator apply to the site recovery resource group?

Options:

A.

RBAC

B.

ACL

C.

SAML

D.

GPO

Question 52

A systems administrate wants to implement a backup solution. the solution needs to allow recovery of the entire system, including the operating system, in case of a disaster. Which of the following backup types should the administrator consider?

Options:

A.

Incremental

B.

Storage area network

C.

Differential

D.

Image

Question 53

An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?

Options:

A.

Hardening

B.

Employee monitoring

C.

Configuration enforcement

D.

Least privilege

Question 54

An administrator discovers that some files on a database server were recently encrypted. The administrator sees from the security logs that the data was last accessed by a domain user. Which of the following best describes the type of attack that occurred?

Options:

A.

Insider threat

B.

Social engineering

C.

Watering-hole

D.

Unauthorized attacker

Question 55

After a security incident, a systems administrator asks the company to buy a NAC platform. Which of the following attack surfaces is the systems administrator trying to protect?

Options:

A.

Bluetooth

B.

Wired

C.

NFC

D.

SCADA

Question 56

Which of the following architecture models ensures that critical systems are physically isolated from the network to prevent access from users with remote access privileges?

Options:

A.

Segmentation

B.

Virtualized

C.

Air-gapped

D.

Serverless

Question 57

A network engineer is increasing the overall security of network devices and needs to harden the devices. Which of the following will best accomplish this task?

Options:

A.

Configuring centralized logging

B.

Generating local administrator accounts

C.

Replacing Telnet with SSH

D.

Enabling HTTP administration

Question 58

In a rush to meet an end-of-year business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective. Which of the following best describes the security engineer's response?

Options:

A.

Risk tolerance

B.

Risk acceptance

C.

Risk importance

D.

Risk appetite

Question 59

An attorney prints confidential documents to a copier in an office space near multiple workstations and a reception desk. When the attorney goes to the copier to retrieve the documents, the documents are missing. Which of the following would best prevent this from reoccurring?

Options:

A.

Place the copier in the legal department.

B.

Configure DLP on the attorney's workstation.

C.

Set up LDAP authentication on the printer.

D.

Conduct a physical penetration test.

Question 60

An organization is developing a security program that conveys the responsibilities associated with the general operation of systems and software within the organization. Which of the following documents would most likely communicate these expectations?

Options:

A.

Business continuity plan

B.

Change management procedure

C.

Acceptable use policy

D.

Software development life cycle policy

Question 61

An accounting clerk sent money to an attacker's bank account after receiving fraudulent instructions over the phone to use a new account. Which of the following would most likely prevent this activity in the future?

Options:

A.

Standardizing security incident reporting

B.

Executing regular phishing campaigns

C.

Implementing insider threat detection measures

D.

Updating processes for sending wire transfers

Question 62

A systems administrator is concerned about vulnerabilities within cloud computing instances Which of the following is most important for the administrator to consider when architecting a cloud computing environment?

Options:

A.

SQL injection

B.

TOC/TOU

C.

VM escape

D.

Tokenization

E.

Password spraying

Question 63

A security administrator needs a method to secure data in an environment that includes some form of checks so that the administrator can track any changes. Which of the following should the administrator set up to achieve this goal?

Options:

A.

SPF

B.

GPO

C.

NAC

D.

FIM

Question 64

The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?

Options:

A.

Shadow IT

B.

Insider threat

C.

Data exfiltration

D.

Service disruption

Question 65

A security administrator is reissuing a former employee's laptop. Which of the following is the best combination of data handling activities for the administrator to perform? (Select two).

Options:

A.

Data retention

B.

Certification

C.

Tokenization

D.

Classification

E.

Sanitization

F.

Enumeration

Question 66

A program manager wants to ensure contract employees can only use the company’s computers Monday through Friday from 9 a.m. to 5 p.m. Which of the following would best enforce this access control?

Options:

A.

Creating a GPO for all contract employees and setting time-of-day log-in restrictions

B.

Creating a discretionary access policy and setting rule-based access for contract employees

C.

Implementing an OAuth server and then setting least privilege for contract employees

D.

Implementing SAML with federation to the contract employees' authentication server

Question 67

A company wants to ensure employees are allowed to copy files from a virtual desktop during the workday but are restricted during non-working hours. Which of the following security measures should the company set up?

Options:

A.

Digital rights management

B.

Role-based access control

C.

Time-based access control

D.

Network access control

Question 68

While investigating a recent security breach an analyst finds that an attacker gained access by SOL infection through a company website. Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?

Options:

A.

Secure cookies

B.

Input sanitization

C.

Code signing

D.

Blocklist

Question 69

A systems administrator creates a script that validates OS version, patch levels, and installed applications when users log in. Which of the following examples best describes the purpose of this script?

Options:

A.

Resource scaling

B.

Policy enumeration

C.

Baseline enforcement

D.

Guardrails implementation

Question 70

Which of the following explains why an attacker cannot easily decrypt passwords using a rainbow table attack?

Options:

A.

Digital signatures

B.

Salting

C.

Hashing

D.

Perfect forward secrecy

Question 71

Which of the following is the most common data loss path for an air-gapped network?

Options:

A.

Bastion host

B.

Unsecured Bluetooth

C.

Unpatched OS

D.

Removable devices

Question 72

An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC’s memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?

Options:

A.

Privilege escalation

B.

Buffer overflow

C.

SQL injection

D.

Pass-the-hash

Question 73

A systems administrator notices that the research and development department is not using the company VPN when accessing various company-related services and systems. Which of the following scenarios describes this activity?

Options:

A.

Espionage

B.

Data exfiltration

C.

Nation-state attack

D.

Shadow IT

Question 74

Which of the following control types involves restricting IP connectivity to a router's web management interface to protect it from being exploited by a vulnerability?

Options:

A.

Corrective

B.

Physical

C.

Preventive

D.

Managerial

Question 75

An administrator has identified and fingerprinted specific files that will generate an alert if an attempt is made to email these files outside of the organization. Which of the following best describes the tool the administrator is using?

Options:

A.

DLP

B.

SNMP traps

C.

SCAP

D.

IPS

Question 76

A company plans to secure its systems by:

Preventing users from sending sensitive data over corporate email

Restricting access to potentially harmful websites

Which of the following features should the company set up? (Select two).

Options:

A.

DLP software

B.

DNS filtering

C.

File integrity monitoring

D.

Stateful firewall

E.

Guardralls

F.

Antivirus signatures

Question 77

Which of the following actions would reduce the number of false positives for an analyst to manually review?

Options:

A.

Create playbooks as part of a SOAR platform

B.

Redefine the patch management process

C.

Replace an EDR tool with an XDR solution

D.

Disable AV heuristics scanning

Question 78

A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task?

Options:

A.

Off-the-shelf software

B.

Orchestration

C.

Baseline

D.

Policy enforcement

Question 79

Malware spread across a company's network after an employee visited a compromised industry blog. Which of the following best describes this type of attack?

Options:

A.

Impersonation

B.

Disinformation

C.

Watering-hole

D.

Smishing

Question 80

Which of the following provides the details about the terms of a test with a third-party penetration tester?

Options:

A.

Rules of engagement

B.

Supply chain analysis

C.

Right to audit clause

D.

Due diligence

Question 81

A new security regulation was announced that will take effect in the coming year. A company must comply with it to remain in business. Which of the following activities should the company perform next?

Options:

A.

Gap analysis

B.

Policy review

C.

Security procedure evaluation

D.

Threat scope reduction

Question 82

Which of the following describes the reason root cause analysis should be conducted as part of incident response?

Options:

A.

To gather loCs for the investigation

B.

To discover which systems have been affected

C.

To eradicate any trace of malware on the network

D.

To prevent future incidents of the same nature

Question 83

An organization recently updated its security policy to include the following statement:

Regular expressions are included in source code to remove special characters such as $, |, ;. &, `, and ? from variables set by forms in a web application.

Which of the following best explains the security technique the organization adopted by making this addition to the policy?

Options:

A.

Identify embedded keys

B.

Code debugging

C.

Input validation

D.

Static code analysis

Question 84

A security analyst discovers that a large number of employee credentials had been stolen and were being sold on the dark web. The analyst investigates and discovers that some hourly employee credentials were compromised, but salaried employee credentials were not affected.

Most employees clocked in and out while they were Inside the building using one of the kiosks connected to the network. However, some clocked out and recorded their time after leaving to go home. Only those who clocked in and out while Inside the building had credentials stolen. Each of the kiosks are on different floors, and there are multiple routers, since the business segments environments for certain business functions.

Hourly employees are required to use a website called acmetimekeeping.com to clock in and out. This website is accessible from the internet. Which of the following Is the most likely reason for this compromise?

Options:

A.

A brute-force attack was used against the time-keeping website to scan for common passwords.

B.

A malicious actor compromised the time-keeping website with malicious code using an unpatched vulnerability on the site, stealing the credentials.

C.

The internal DNS servers were poisoned and were redirecting acmetimkeeping.com to malicious domain that intercepted the credentials and then passed them through to the real site

D.

ARP poisoning affected the machines in the building and caused the kiosks lo send a copy of all the submitted credentials to a machine.machine.

Question 85

According to various privacy rules and regulations, users have the power to request that all data pertaining to them is deleted. This is known as:

Options:

A.

Right to be forgotten

B.

Attestation and acknowledgement

C.

Data retention

D.

Information deletion

Question 86

Which of the following Is a common, passive reconnaissance technique employed by penetration testers in the early phases of an engagement?

Options:

A.

Open-source intelligence

B.

Port scanning

C.

Pivoting

D.

Exploit validation

Question 87

Which of the following steps in the risk management process involves establishing the scope and potential risks involved with a project?

Options:

A.

Risk mitigation

B.

Risk identification

C.

Risk treatment

D.

Risk monitoring and review

Question 88

Company A jointly develops a product with Company B, which is located in a different country. Company A finds out that their intellectual property is being shared with unauthorized companies. Which of the following has been breached?

Options:

A.

SLA

B.

AUP

C.

SOW

D.

MOA

Question 89

A financial institution would like to store its customer data m the cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution Is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would best meet the requirement?

Options:

A.

Asymmetric

B.

Symmetric

C.

Homomorphic

D.

Ephemeral

Question 90

A university employee logged on to the academic server and attempted to guess the system administrators' log-in credentials. Which of the following security measures should the university have implemented to detect the employee's attempts to gain access to the administrators' accounts?

Options:

A.

Two-factor authentication

B.

Firewall

C.

Intrusion prevention system

D.

User activity logs

Question 91

Which of the following is used to protect a computer from viruses, malware, and Trojans being installed and moving laterally across the network?

Options:

A.

IDS

B.

ACL

C.

EDR

D.

NAC

Question 92

An organization has too many variations of a single operating system and needs to standardize the arrangement prior to pushing the system image to users. Which of the following should the organization implement first?

Options:

A.

Standard naming convention

B.

Mashing

C.

Network diagrams

D.

Baseline configuration

Question 93

During a recent company safety stand-down, the cyber-awareness team gave a presentation on the importance of cyber hygiene. One topic the team covered was best practices for printing centers. Which of the following describes an attack method that relates to printing centers?

Options:

A.

Whaling

B.

Credential harvesting

C.

Prepending

D.

Dumpster diving

Question 94

Which of the following security control types does an acceptable use policy best represent?

Options:

A.

Detective

B.

Compensating

C.

Corrective

D.

Preventive

Question 95

Which of the following best protects sensitive data in transit across a geographically dispersed Infrastructure?

Options:

A.

Encryption

B.

Masking

C.

Tokenization

D.

Obfuscation

Question 96

During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Oncethe password is created, the company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user's intranet account? (Select two).

Options:

A.

Federation

B.

Identity proofing

C.

Password complexity

D.

Default password changes

E.

Password manager

F.

Open authentication

Question 97

A security analyst reviews web server logs and sees the following entries:

16.22.48.102 -- 26/April/2023 22:00:04.33 GET " " 200

16.22.48.102 -- 26/April/2023 22:00:07.23 GET " " 404

16.22.48.102 -- 26/April/2023 22:01:16.03 GET " " 404

16.22.48.102 -- 26/April/2023 22:03:10.25 GET " " 404

16.22.48.102 -- 26/April/2023 22:05:11.22 GET " " 404

Which of the following attacks is most likely being attempted?

Options:

A.

Denial of service

B.

Password spraying

C.

SQL injection

D.

Directory traversal

Question 98

Which of the following describes the category of data that is most impacted when it is lost?

Options:

A.

Confidential

B.

Public

C.

Private

D.

Critical

Question 99

A security team is setting up a new environment for hosting the organization's on-premises software application as a cloud-based service. Which of the following should the team ensure is in place in order for the organization to follow security best practices?

Options:

A.

Visualization and isolation of resources

B.

Network segmentation

C.

Data encryption

D.

Strong authentication policies

Question 100

A systems administrator needs to ensure the secure communication of sensitive data within the organization's private cloud. Which of the following is the best choice for the administrator to implement?

Options:

A.

IPSec

B.

SHA-1

C.

RSA

D.

TGT

Question 101

A security analyst is assessing several company firewalls. Which of the following cools would The analyst most likely use to generate custom packets to use during the assessment?

Options:

A.

hping

B.

Wireshark

C.

PowerShell

D.

netstat

Question 102

Which of the following should a systems administrator use to decrease the company's hardware attack surface?

Options:

A.

Replication

B.

Isolation

C.

Centralization

D.

Virtualization

Question 103

A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

Options:

A.

Testing input validation on the user input fields

B.

Performing code signing on company-developed software

C.

Performing static code analysis on the software

D.

Ensuring secure cookies are use

Question 104

In order to strengthen a password and prevent a hacker from cracking it, a random string of 36 characters was added to the password. Which of the following best describes this technique?

Options:

A.

Key stretching

B.

Tokenization

C.

Data masking

D.

Salting

Question 105

Which of the following data types relates to data sovereignty?

Options:

A.

Data classified as public in other countries

B.

Personally Identifiable data while traveling

C.

Health data shared between doctors in other nations

D.

Data at rest outside of a country's borders

Question 106

Which of the following would be the best way to test resiliency in the event of a primary power failure?

Options:

A.

Parallel processing

B.

Tabletop exercise

C.

Simulation testing

D.

Production failover

Question 107

Which of the following is an example of a data protection strategy that uses tokenization?

Options:

A.

Encrypting databases containing sensitive data

B.

Replacing sensitive data with surrogate values

C.

Removing sensitive data from production systems

D.

Hashing sensitive data in critical systems

Question 108

Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked.

Which of the following changes would allow users to access the site?

Options:

A.

Creating a firewall rule to allow HTTPS traffic

B.

Configuring the IPS to allow shopping

C.

Tuning the DLP rule that detects credit card data

D.

Updating the categorization in the content filter

Question 109

An organization would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network. Which of the following should the administrator use to accomplish this goal?

Options:

A.

Segmentation

B.

Isolation

C.

Patching

D.

Encryption

Question 110

Which of the following is a type of vulnerability that involves inserting scripts into web-based applications in order to take control of the client's web browser?

Options:

A.

SQL injection

B.

Cross-site scripting

C.

Zero-day exploit

D.

On-path attack

Question 111

A security engineer configured a remote access VPN. The remote access VPN allows end users to connect to the network by using an agent that is installed on the endpoint, which establishes an encrypted tunnel. Which of the following protocols did the engineer most likely implement?

Options:

A.

GRE

B.

IPSec

C.

SD-WAN

D.

EAP

Question 112

Which of the following is the final step of the modem response process?

Options:

A.

Lessons learned

B.

Eradication

C.

Containment

D.

Recovery

Question 113

An organization wants to improve the company's security authentication method for remote employees. Given the following requirements:

• Must work across SaaS and internal network applications

• Must be device manufacturer agnostic

• Must have offline capabilities

Which of the following would be the most appropriate authentication method?

Options:

A.

Username and password

B.

Biometrics

C.

SMS verification

D.

Time-based tokens

Question 114

In which of the following will unencrypted PLC management traffic most likely be found?

Options:

A.

SDN

B.

IoT

C.

VPN

D.

SCADA

Question 115

Which of the following strategies should an organization use to efficiently manage and analyze multiple types of logs?

Options:

A.

Deploy a SIEM solution

B.

Create custom scripts to aggregate and analyze logs

C.

Implement EDR technology

D.

Install a unified threat management appliance

Question 116

Which of the following vulnerabilities is associated with installing software outside of a manufacturer’s approved software repository?

Options:

A.

Jailbreaking

B.

Memory injection

C.

Resource reuse

D.

Side loading

Question 117

After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network. Which of the following is the most appropriate to disable?

Options:

A.

Console access

B.

Routing protocols

C.

VLANs

D.

Web-based administration

Question 118

Which of the following is a preventive physical security control?

Options:

A.

Video surveillance system

B.

Bollards

C.

Alarm system

D.

Motion sensors

Question 119

Which of the following is a social engineering attack in which a bad actor impersonates a web URL?

Options:

A.

Pretexting

B.

Misinformation

C.

Typosquatting

D.

Watering-hole

Question 120

A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops No known Indicators of compromise have been found on the network. Which of the following should the team do first to secure the environment?

Options:

A.

Contain the Impacted hosts

B.

Add the malware to the application blocklist.

C.

Segment the core database server.

D.

Implement firewall rules to block outbound beaconing

Question 121

Which of the following should an internal auditor check for first when conducting an audit of the organization's risk management program?

Options:

A.

Policies and procedures

B.

Asset management

C.

Vulnerability assessment

D.

Business impact analysts

Question 122

A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture?

Options:

A.

Patch availability

B.

Product software compatibility

C.

Ease of recovery

D.

Cost of replacement

Question 123

After creating a contract for IT contractors, the human resources department changed several clauses. The contract has gone through three revisions. Which of the following processes should the human resources department follow to track revisions?

Options:

A.

Version validation

B.

Version changes

C.

Version updates

D.

Version control

Question 124

A company wants to reduce the time and expense associated with code deployment. Which of the following technologies should the company utilize?

Options:

A.

Serverless architecture

B.

Thin clients

C.

Private cloud

D.

Virtual machines

Question 125

A vendor needs to remotely and securely transfer files from one server to another using the command line. Which of the following protocols should be Implemented to allow for this type of access? (Select two).

Options:

A.

SSH

B.

SNMP

C.

RDP

D.

S/MIME

E.

SMTP

F.

SFTP

Question 126

Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included. Which of the following best describes how the controls should be set up?

Options:

A.

Remote access points should fail closed.

B.

Logging controls should fail open.

C.

Safety controls should fail open.

D.

Logical security controls should fail closed.

Question 127

Various company stakeholders meet to discuss roles and responsibilities in the event of a security breach affecting offshore offices. Which of the following is this an example of?

Options:

A.

Tabletop exercise

B.

Penetration test

C.

Geographic dispersion

D.

Incident response

Question 128

A penetration test identifies that an SMBvl Is enabled on multiple servers across an organization. The organization wants to remediate this vulnerability in the most efficient way possible. Which of the following should the organization use for this purpose?

Options:

A.

GPO

B.

ACL

C.

SFTP

D.

DLP

Question 129

An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic. Which of the following will help achieve these objectives?

Options:

A.

Deploying a SASE solution to remote employees

B.

Building a load-balanced VPN solution with redundant internet

C.

Purchasing a low-cost SD-WAN solution for VPN traffic

D.

Using a cloud provider to create additional VPN concentrators

Question 130

Which of the following phases of the incident response process attempts to minimize disruption?

Options:

A.

Recovery

B.

Containment

C.

Preparation

D.

Analysis

Question 131

An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website. Which of the following should the administrator do?

Options:

A.

Deploy multifactor authentication.

B.

Decrease the level of the web filter settings

C.

Implement security awareness training.

D.

Update the acceptable use policy

Question 132

A security analyst is creating base for the server team to follow when hardening new devices for deployment. Which of the following beet describes what the analyst is creating?

Options:

A.

Change management procedure

B.

Information security policy

C.

Cybersecurity framework

D.

Secure configuration guide

Question 133

An organization maintains intellectual property that it wants to protect. Which of the following concepts would be most beneficial to add to the company's security awareness training program?

Options:

A.

Insider threat detection

B.

Simulated threats

C.

Phishing awareness

D.

Business continuity planning

Question 134

A company's accounts payable clerk receives a message from a vendor asking to change their bank account before paying an invoice. The clerk makes the change and sends the payment to the new account. Days later, the clerk receives another message from the same vendor with a request for a missing payment to the original bank account. Which of the following has most likely occurred?

Options:

A.

Phishing campaign

B.

Data exfiltration

C.

Pretext calling

D.

Business email compromise

Question 135

An employee who was working remotely lost a mobile device containing company data. Which of the following provides the best solution to prevent future data loss?

Options:

A.

MDM

B.

DLP

C.

FDE

D.

EDR

Question 136

Which of the following exercises should an organization use to improve its incident response process?

Options:

A.

Tabletop

B.

Replication

C.

Failover

D.

Recovery

Question 137

Which of the following tools is best for logging and monitoring in a cloud environment?

Options:

A.

IPS

B.

FIM

C.

NAC

D.

SIEM

Question 138

An administrator notices that several users are logging in from suspicious IP addresses. After speaking with the users, the administrator determines that the employees were not logging in from those IP addresses and resets the affected users’ passwords. Which of the following should the administrator implement to prevent this type of attack from succeeding in the future?

Options:

A.

Multifactor authentication

B.

Permissions assignment

C.

Access management

D.

Password complexity

Question 139

A security administrator observed the following in a web server log while investigating an incident:

Which of the following attacks did the security administrator most likely see?

Options:

A.

Privilege escalation

B.

Credential replay

C.

Brute force

D.

Directory traversal

Question 140

A company prevented direct access from the database administrators’ workstations to the network segment that contains database servers. Which of the following should a database administrator use to access the database servers?

Options:

A.

Jump server

B.

RADIUS

C.

HSM

D.

Load balancer

Question 141

Which of the following techniques would identify whether data has been modified in transit?

Options:

A.

Hashing

B.

Tokenization

C.

Masking

D.

Encryption

Question 142

A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee’s corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?

Options:

A.

Application

B.

IPS/IDS

C.

Network

D.

Endpoint

Question 143

A Chief Information Security Officer (CISO) has developed information security policies that relate to the software development methodology. Which of the following would the CISO most likely include in the organization's documentation?

Options:

A.

Peer review requirements

B.

Multifactor authentication

C.

Branch protection tests

D.

Secrets management configurations

Question 144

A business uses Wi-Fi with content filleting enabled. An employee noticed a coworker accessed a blocked sue from a work computer and repotted the issue. While Investigating the issue, a security administrator found another device providing internet access to certain employees. Which of the following best describes the security risk?

Options:

A.

The host-based security agent Is not running on all computers.

B.

A rogue access point Is allowing users to bypass controls.

C.

Employees who have certain credentials are using a hidden SSID.

D.

A valid access point is being jammed to limit availability.

Question 145

A security engineer would like to enhance the use of automation and orchestration within the SIEM. Which of the following would be the primary benefit of this enhancement?

Options:

A.

It increases complexity.

B.

It removes technical debt.

C.

It adds additional guard rails.

D.

It acts as a workforce multiplier.

Question 146

Which of the following allows a systems administrator to tune permissions for a file?

Options:

A.

Patching

B.

Access control list

C.

Configuration enforcement

D.

Least privilege

Question 147

The help desk receives multiple calls that machines with an outdated OS version are running slowly. Several users are seeing virus detection alerts. Which of the following mitigation techniques should be reviewed first?

Options:

A.

Patching

B.

Segmentation

C.

Monitoring

D.

Isolation

Question 148

After a series of account compromises and credential misuse, a company hires a security manager to develop a security program. Which of the following steps should the security manager take first to increase security awareness?

Options:

A.

Evaluate tools that identify risky behavior and distribute reports on the findings.

B.

Send quarterly newsletters that explain the importance of password management.

C.

Develop phishing campaigns and notify the management team of any successes.

D.

Update policies and handbooks to ensure all employees are informed of the new procedures.

Question 149

An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a “page not found” error message. Which of the following types of social engineering attacks occurred?

Options:

A.

Brand impersonation

B.

Pretexting

C.

Typosquatting

D.

Phishing

Question 150

A security report shows that during a two-week test period. 80% of employees unwittingly disclosed their SSO credentials when accessing an external website. The organization purposelycreated the website to simulate a cost-free password complexity test. Which of the following would best help reduce the number of visits to similar websites in the future?

Options:

A.

Block all outbound traffic from the intranet.

B.

Introduce a campaign to recognize phishing attempts.

C.

Restrict internet access for the employees who disclosed credentials.

D.

Implement a deny list of websites.

Question 151

A company is implementing a policy to allow employees to use their personal equipment for work. However, the company wants to ensure that only company-approved applications can be installed. Which of the following addresses this concern?

Options:

A.

MDM

B.

Containerization

C.

DLP

D.

FIM

Question 152

A systems administrator receives a text message from an unknown number claiming to be the Chief Executive Officer of the company. The message states an emergency situation requires a password reset. Which of the following threat vectors is being used?

Options:

A.

Typosquatting

B.

Smishing

C.

Pretexting

D.

Impersonation

Question 153

Which of the following is a common data removal option for companies that want to wipe sensitive data from hard drives in a repeatable manner but allow the hard drives to be reused?

Options:

A.

Sanitization

B.

Formatting

C.

Degaussing

D.

Defragmentation

Question 154

The physical security team at a company receives reports that employees are not displaying their badges. The team also observes employees tailgating at controlled entrances. Which of the following topics will the security team most likely emphasize in upcoming security training?

Options:

A.

Social engineering

B.

Situational awareness

C.

Phishing

D.

Acceptable use policy

Question 155

A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these requirements?

Options:

A.

Serverless framework

B.

Type 1 hvpervisor

C.

SD-WAN

D.

SDN

Question 156

Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?

Options:

A.

To track the status of patching installations

B.

To find shadow IT cloud deployments

C.

To continuously the monitor hardware inventory

D.

To hunt for active attackers in the network

Question 157

A security administrator recently reset local passwords and the following values were recorded in the system:

Which of the following in the security administrator most likely protecting against?

Options:

A.

Account sharing

B.

Weak password complexity

C.

Pass-the-hash attacks

D.

Password compromise

Question 158

A company is expanding its threat surface program and allowing individuals to security test the company’s internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?

Options:

A.

Open-source intelligence

B.

Bug bounty

C.

Red team

D.

Penetration testing

Question 159

Employees located off-site must have access to company resources in order to complete their assigned tasks These employees utilize a solution that allows remote access without interception concerns. Which of the following best describes this solution?

Options:

A.

Proxy server

B.

NGFW

C.

VPN

D.

Security zone

Question 160

A security consultant needs secure, remote access to a client environment. Which of the following should the security consultant most likely use to gain access?

Options:

A.

EAP

B.

DHCP

C.

IPSec

D.

NAT

Question 161

A systems administrator is changing the password policy within an enterprise environment and wants this update implemented on all systems as quickly as possible. Which of the following operating system security measures will the administrator most likely use?

Options:

A.

Deploying PowerShell scripts

B.

Pushing GPO update

C.

Enabling PAP

D.

Updating EDR profiles

Question 162

An organization is implementing a COPE mobile device management policy. Which of the following should the organization include in the COPE policy? (Select two).

Options:

A.

Remote wiping of the device

B.

Data encryption

C.

Requiring passwords with eight characters

D.

Data usage caps

E.

Employee data ownership

F.

Personal application store access

Question 163

A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following documents should the company provide to the client?

Options:

A.

MSA

B.

SLA

C.

BPA

D.

SOW

Question 164

A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 002.1X for access control. To be allowed on the network, a device must have a Known hardware address, and a valid user name and password must be entered in a captive portal. The following is the audit report:

Which of the following is the most likely way a rogue device was allowed to connect?

Options:

A.

A user performed a MAC cloning attack with a personal device.

B.

A DMCP failure caused an incorrect IP address to be distributed

C.

An administrator bypassed the security controls for testing.

D.

DNS hijacking let an attacker intercept the captive portal traffic.

Question 165

A security analyst reviews domain activity logs and notices the following:

Which of the following is the best explanation for what the security analyst has discovered?

Options:

A.

The user jsmith's account has been locked out.

B.

A keylogger is installed on [smith's workstation

C.

An attacker is attempting to brute force ismith's account.

D.

Ransomware has been deployed in the domain.

Question 166

A systems administrator is working on a solution with the following requirements:

• Provide a secure zone.

• Enforce a company-wide access control policy.

• Reduce the scope of threats.

Which of the following is the systems administrator setting up?

Options:

A.

Zero Trust

B.

AAA

C.

Non-repudiation

D.

CIA

Question 167

A company is changing its mobile device policy. The company has the following requirements:

Company-owned devices

Ability to harden the devices

Reduced security risk

Compatibility with company resources

Which of the following would best meet these requirements?

Options:

A.

BYOD

B.

CYOD

C.

COPE

D.

COBO

Question 168

Which of the following definitions best describes the concept of log co-relation?

Options:

A.

Combining relevant logs from multiple sources into ono location

B.

Searching end processing, data to identify patterns of malicious activity

C.

Making a record of the events that occur in the system

D.

Analyzing the log files of the system components

Question 169

A systems administrator is concerned users are accessing emails through a duplicate site that is not run by the company. Which of the following is used in this scenario?

Options:

A.

Impersonation

B.

Replication

C.

Phishing

D.

Smishing

Question 170

Which of the following is the first step to take when creating an anomaly detection process?

Options:

A.

Selecting events

B.

Building a baseline

C.

Selecting logging options

D.

Creating an event log

Question 171

A company's Chief Information Security Officer (CISO) wants to enhance the capabilities of the incident response team. The CISO directs the incident response team to deploy a tool that rapidlyanalyzes host and network data from potentially compromised systems and forwards the data for further review. Which of the following tools should the incident response team deploy?

Options:

A.

NAC

B.

IPS

C.

SIEM

D.

EDR

Page: 1 / 52
Total 518 questions