MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: A company's help desk is experiencing a large number of calls from the finance department slating access issues to www bank com The security operations center reviewed the following security logs:Which of the following is most likely the cause of the issue?
Question2: Which of the following AI concerns is most adequately addressed by input sanitation?
Question3: Which of the following best explains the importance of determining organization risk appetite when operating with a constrained budget?
Question4: An organization mat performs real-time financial processing is implementing a new backup solution Given the following business requirements?* The backup solution must reduce the risk for potential backup compromise* The backup solution must be resilient to a ransomware attack.* The time to restore from backups is less important than the backup data integrity* Multiple copies of production data must be maintainedWhich of the following backup strategies best meets these requirement?
Question5:
Question6: A security review revealed that not all of the client proxy traffic is being captured. Which of the following architectural changes best enables the capture of traffic for analysis?
Question7: A threat hunter is identifying potentially malicious activity associated with an APT. When the threat hunter runs queries against the SIEM platform with a date range of 60 to 90 days ago, the involved account seems to be typically most active in the evenings. When the threat hunter reruns the same query with a date range of 5 to 30 days ago, the account appears to be most active in the early morning. Which of the following techniques is the threat hunter using to better understand the data?
Question8: A user submits a help desk ticket stating then account does not authenticate sometimes. An analyst reviews the following logs for the user:Which of the following best explains the reason the user's access is being denied?
Question9: SIMULATIONYou are tasked with integrating a new B2B client application with an existing OAuth workflow that must meet the following requirements:. The application does not need to know the users' credentials.. An approval interaction between the users and the HTTP service must be orchestrated.. The application must have limited access to users' data.INSTRUCTIONSUse the drop-down menus to select the action items for the appropriate locations. All placeholders must be filled.
Question10: During a periodic internal audit, a company identifies a few new, critical security controls that are missing. The company has a mature risk management program in place, and the following requirements must be met:The stakeholders should be able to see all the risks.The risks need to have someone accountable for them.Which of the following actions should the GRC analyst take next?
Question11: A security engineer must ensure that sensitive corporate information is not exposed if a company laptop is stolen. Which of the following actions best addresses this requirement?
Question12: After an incident response exercise, a security administrator reviews the following table:Which of the following should the administrator do to beat support rapid incident response in the future?
Question13: An organization recently implemented a new email DLP solution. Emails sent from company email addresses to matching personal email addresses generated a large number of alerts, but the content of the emails did not include company dat a. The security team needs to reduce the number of emails sent without blocking all emails to common personal email services. Which of the following should the security team implement first?
Question14: Operational technology often relies upon aging command, control, and telemetry subsystems that were created with the design assumption of:
Question15: A company was recently infected by malware. During the root cause analysis, the company determined that several users were installing their own applications. To prevent further compromises, the company has decided it will only allow authorized applications to run on its systems. Which of the following should the company implement?
Question16: A global manufacturing company has an internal application mat is critical to making products This application cannot be updated and must Be available in the production area A security architect is implementing security for the application. Which of the following best describes the action the architect should take-?
Question17: SIMULATIONDuring the course of normal SOC operations, three anomalous events occurred and were flagged as potential IoCs. Evidence for each of these potential IoCs is provided.INSTRUCTIONSReview each of the events and select the appropriate analysis and remediation options for each IoC.
Question18: An organization has been using self-managed encryption keys rather than the free keys managed by the cloud provider. The Chief Information Security Officer (CISO) reviews the monthly bill and realizes the self-managed keys are more costly than anticipated. Which of the following should the CISO recommend to reduce costs while maintaining a strong security posture?
Question19: A security engineer is assisting a DevOps team that has the following requirements for container images:Ensure container images are hashed and use version controls.Ensure container images are up to date and scanned for vulnerabilities.Which of the following should the security engineer do to meet these requirements?
Question20: An organization is looking for gaps in its detection capabilities based on the APTs that may target the industry Which of the following should the security analyst use to perform threat modeling?
Question21: A senior security engineer flags the following log file snippet as having likely facilitated an attacker's lateral movement in a recent breach:qry_source: 19.27.214.22 TCP/53qry_dest: 199.105.22.13 TCP/53qry_type: AXFR| in comptia.org------------ directoryserver1 A 10.80.8.10------------ directoryserver2 A 10.80.8.11------------ directoryserver3 A 10.80.8.12------------ internal-dns A 10.80.9.1----------- www-int A 10.80.9.3------------ fshare A 10.80.9.4------------ sip A 10.80.9.5------------ msn-crit-apcs A 10.81.22.33Which of the following solutions, if implemented, would mitigate the risk of this issue reoccurring?
Question22: A security analyst reviews the following report:Which of the following assessments is the analyst performing?
Question23: During a vulnerability assessment, a scan reveals the following finding:Windows Server 2016 Missing hotfix KB87728 - CVSS 3.1 Score: 8.1 [High] - Affected host 172.16.15.2 Later in the review process, the remediation team marks the finding as a false positive. Which of the following is the best way to avoid this issue on future scans?
Question24: A hospital provides tablets to its medical staff to enable them to more quickly access and edit patients' charts. The hospital wants to ensure that if a tablet is Identified as lost or stolen and a remote command is issued, the risk of data loss can be mitigated within seconds. The tablets are configured as follows to meet hospital policy* Full disk encryption is enabled* "Always On" corporate VPN is enabled* ef-use-backed keystore is enabled'ready.* Wi-Fi 6 is configured with SAE.* Location services is disabled.* Application allow list is configured
Question25: A security officer performs due diligence activities before implementing a third-party solution into the enterprise environment. The security officer needs evidence from the third party that a data subject access request handling process is in place. Which of the following is the security officer most likely seeking to maintain compliance?
Question26: A company wants to install a three-tier approach to separate the web. database, and application servers A security administrator must harden the environment which of the following is the best solution?
Question27: A company migrating to a remote work model requires that company-owned devices connect to a VPN before logging in to the device itself. The VPN gateway requires that a specific key extension is deployed to the machine certificates in the internal PKI. Which of the following best explains this requirement?
Question28: A company receives several complaints from customers regarding its website. An engineer implements a parser for the web server logs that generates the following output:which of the following should the company implement to best resolve the issue?
Question29: A security architect is mitigating a vulnerability that previously led to a web application data breach. An analysis into the root cause of the issue finds the following:An administrator's account was hijacked and used on several Autonomous System Numbers within 30 minutes.All administrators use named accounts that require multifactor authentication.Single sign-on is used for all company applications.Which of the following should the security architect do to mitigate the issue?
Question30: A security analyst is reviewing the following log:Which of the following possible events should the security analyst investigate further?
Question31: An organization wants to manage specialized endpoints and needs a solution that provides the ability to* Centrally manage configurations* Push policies.* Remotely wipe devices* Maintain asset inventoryWhich of the following should the organization do to best meet these requirements?
Question32: A company wants to modify its process to comply with privacy requirements after an incident involving PII data in a development environment. In order to perform functionality tests, the QA team still needs to use valid data in the specified format. Which of the following best addresses the risk without impacting the development life cycle?
Question33: After several companies in the financial industry were affected by a similar incident, they shared information about threat intelligence and the malware used for exploitation. Which of the following should the companies do to best indicate whether the attacks are being conducted by the same actor?
Question34: A security architect must make sure that the least number of services as possible is exposed in order to limit an adversary's ability to access the systems. Which of the following should the architect do first?
Question35: A building camera is remotely accessed and disabled from the remote console application during off-hours. A security analyst reviews the following logs:Which of the following actions should the analyst take to best mitigate the threat?
Question36: Which of the following supports the process of collecting a large pool of behavioral observations to inform decision-making?
Question37: A company hosts a platform-as-a-service solution with a web-based front end, through which customer interact with data sets. A security administrator needs to deploy controls to prevent application-focused attacks. Which of the following most directly supports the administrator's objective'
Question38: The material finding from a recent compliance audit indicate a company has an issue with excessive permissions. The findings show that employees changing roles or departments results in privilege creep. Which of the following solutions are the best ways to mitigate this issue? (Select two).Setting different access controls defined by business area
Question39: A security configure is building a solution to disable weak CBC configuration for remote access connections lo Linux systems. Which of the following should the security engineer modify?
Question40: During a forensic review of a cybersecurity incident, a security engineer collected a portion of the payload used by an attacker on a comprised web server Given the following portion of the code:Which of the following best describes this incident?
Question41: Asecuntv administrator is performing a gap assessment against a specific OS benchmark The benchmark requires the following configurations be applied to endpomts:* Full disk encryption* Host-based firewall* Time synchronization* Password policies* Application allow listing* Zero Trust application accessWhich of the following solutions best addresses the requirements? (Select two).
Question42: A security analyst is reviewing the following event timeline from an COR solution:Which of the following most likely has occurred and needs to be fixed?
Question43: A company wants to implement hardware security key authentication for accessing sensitive information systems The goal is to prevent unauthorized users from gaining access with a stolen password Which of the following models should the company implement to best solve this issue?
Question44: Recent repents indicate that a software tool is being exploited Attackers were able to bypass user access controls and load a database. A security analyst needs to find the vulnerability and recommend a mitigation. The analyst generates the following output:Which of the following would the analyst most likely recommend?
Question45: A company recently experienced an incident in which an advanced threat actor was able to shim malicious code against the hardware static of a domain controller The forensic team cryptographically validated that com the underlying firmware of the box and the operating system had not been compromised. However, the attacker was able to exfiltrate information from the server using a steganographic technique within LOAP Which of the following is me best way to reduce the risk oi reoccurrence?
Question46: A security officer received several complaints from users about excessive MPA push notifications at night The security team investigates and suspects malicious activities regarding user account authentication Which of the following is the best way for the security officer to restrict MI~A notifications''
Question47: Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility. Which of the following would be the best option to implement?
Question48: An organization is developing on Al-enabled digital worker to help employees complete common tasks such as template development, editing, research, and scheduling. As part of the Al workload the organization wants to Implement guardrails within the platform. Which of the following should the company do to secure the Al environment?
Question49: An organization is required to* Respond to internal and external inquiries in a timely manner* Provide transparency.* Comply with regulatory requirementsThe organization has not experienced any reportable breaches but wants to be prepared if a breach occurs in the future. Which of the following is the best way for the organization to prepare?
Question50: Company A acquired Company B and needs to determine how the acquisition will impact the attack surface of the organization as a whole. Which of the following is the best way to achieve this goal? (Select two).Implementing DLP controls preventing sensitive data from leaving Company B's network
Question51: An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the least amount of downtime. Which of the following should the analyst perform?
Question52: A company detects suspicious activity associated with external connections Security detection tools are unable to categorize this activity. Which of the following is the best solution to help the company overcome this challenge?
Question53: A security team is responding to malicious activity and needs to determine the scope of impact the malicious activity appears to affect certain version of an application used by the organization Which of the following actions best enables the team to determine the scope of Impact?
Question54: A security engineer performed a code scan that resulted in many false positives. The security engineer must find a solution that improves the quality of scanning results before application deployment. Which of the following is the best solution?
Question55: A software company deployed a new application based on its internal code repository Several customers are reporting anti-malware alerts on workstations used to test the application Which of the following is the most likely cause of the alerts?
Question56: SIMULATIONYou are a security analyst tasked with interpreting an Nmap scan output from company's privileged network.The company's hardening guidelines indicate the following:There should be one primary server or service per device.Only default ports should be used.Non-secure protocols should be disabled.INSTRUCTIONSUsing the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:The IP address of the deviceThe primary server or service of the device (Note that each IP should by associated with one service/port only) The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines) If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Question57: A security analyst is performing a review of a web application. During testing as a standard user, the following error log appears:Error Message in Database ConnectionConnection to host USA-WebApp-Database failedDatabase "Prod-DB01" not foundTable "CustomerInfo" not foundPlease retry your request laterWhich of the following best describes the analyst's findings and a potential mitigation technique?
Question58: Which of the following best describes the challenges associated with widespread adoption of homomorphic encryption techniques?
Question59: A security engineer is implementing a code signing requirement for all code developed by the organization. Currently, the PKI only generates website certificates. Which of the following steps should the engineer perform first?
Question60: Which of the following best describes the reason PQC preparation is important?
Question61: A software company deployed a new application based on its internal code repository Several customers are reporting anti-malware alerts on workstations used to test the application Which of the following is the most likely cause of the alerts?
Question62: An organization currently has IDS, firewall, and DLP systems in place. The systems administrator needs to integrate the tools in the environment to reduce response time. Which of the following should the administrator use?
Question63: A company wants to invest in research capabilities with the goal to operationalize the research output. Which of the following is the best option for a security architect to recommend?
Question64: A systems administrator wants to introduce a newly released feature for an internal application. The administrate docs not want to test the feature in the production environment. Which of the following locations is the best place to test the new feature?
Question65: A company's SIEM is designed to associate the company's asset inventory with user events. Given the following report:Which of the following should a security engineer investigate first as part of a log audit?
Question66: As part of a security audit in the software development life cycle, a product manager must demonstrate and provide evidence of a complete representation of the code and modules used within the production-deployed application prior to the build. Which of the following best provides the required evidence?
Question67: A security engineer wants to reduce the attack surface of a public-facing containerized application Which of the following will best reduce the application's privilege escalation attack surface?
Question68: Previously intercepted communications must remain secure even if a current encryption key is compromised in the future. Which of the following best supports this requirement?
Question69: Which of the following best describes the challenges associated with widespread adoption of homomorphic encryption techniques?
Question70: A software development team requires valid data for internal tests. Company regulations, however do not allow the use of this data in cleartext. Which of the following solutions best meet these requirements?
Question71: Developers have been creating and managing cryptographic material on their personal laptops fix use in production environment. A security engineer needs to initiate a more secure process. Which of the following is the best strategy for the engineer to use?
Question72: SIMULATIONA security engineer needs to review the configurations of several devices on the network to meet the following requirements:* The PostgreSQL server must only allow connectivity in the 10.1.2.0/24 subnet.* The SSH daemon on the database server must be configured to listento port 4022.* The SSH daemon must only accept connections from a Singleworkstation.* All host-based firewalls must be disabled on all workstations.* All devices must have the latest updates from within the past eightdays.* All HDDs must be configured to secure data at rest.* Cleartext services are not allowed.* All devices must be hardened when possible.Instructions:Click on the various workstations and network devices to review the posture assessment results. Remediate any possible issues or indicate that no issue is found.Click on Server A to review output data. Select commands in the appropriate tab to remediate connectivity problems to the pOSTGREsql DATABASE VIA sshWAP APC ALaptop ASwitch ASwitch B:Laptop BPC BPC CServer A