MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1:
Question2:
Question3:
Question4: A secutily analyst is reviewing WAF alerts and sees the following request:Which of the following BEST describes the attack?
Question5:
Question6:
Question7:
Question8:
Question9: A cybersecurity analyst is supposing an incident response effort via threat intelligence. Which of the following is the analyst MOST likely executing?
Question10:
Question11:
Question12: Which of the following will allow different cloud instances to share various types of data with a minimal amount of complexity?
Question13:
Question14: A forensics investigator is analyzing a compromised workstation. The investigator has cloned the hard drive and needs to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive that was collected as evidence. Which of the following should the investigator do?
Question15: A security analyst is conceded that a third-party application may have access to user passwords during authentication. Which of the following protocols should the application use to alleviate the analyst's concern?
Question16:
Question17: A company's domain has been spooled in numerous phishing campaigns. An analyst needs to determine the company is a victim of domain spoofing, despite having a DMARC record that should tell mailbox providers to ignore any email that fails DMARC upon review of the record, the analyst finds the following:Which of the following BEST explains the reason why the company's requirements are not being processed correctly by mailbox providers?
Question18:
Question19:
Question20:
Question21: During a forensic investigation, a security analyst reviews some Session Initiation Protocol packets that came from a suspicious IP address. Law enforcement requires access to a VoIP call that originated from the suspicious IP address. Which of the following should the analyst use to accomplish this task?
Question22:
Question23:
Question24: An organization is experiencing issues with emails that are being sent to external recipients Incoming emails to the organization are working fine. A security analyst receives the following screenshot ot email error from the help desk.The analyst the checks the email server and sees many of the following messages in the logs.Error 550 - Message rejectedWhich of the following is MOST likely the issue?
Question25:
Question26:
Question27:
Question28: A company has alerted planning the implemented a vulnerability management procedure. However, to security maturity level is low, so there are some prerequisites to complete before risk calculation and prioritization. Which of the following should be completed FIRST?
Question29: Which of the following BEST describes HSM?
Question30:
Question31: A security analyst needs to determine the best method for securing access to a top-secret datacenter Along with an access card and PIN code, which of the following additional authentication methods would be BEST to enhance the datacenter's security?
Question32:
Question33:
Question34:
Question35: A company recently experienced a break-in whereby a number of hardware assets were stolen through unauthorized access at the back of the building. Which of the following would BEST prevent this type of theft from occurring in the future?
Question36:
Question37:
Question38:
Question39:
Question40: An analyst needs to provide recommendations for the AUP Which of the following is the BEST recommendation to protect the company's intellectual property?
Question41: During routine monitoring, a security analyst discovers several suspicious websites that are communicating with a local host. The analyst queries for IP 192.168.50.2 for a 24-hour period:To further investigate, the analyst should request PCAP for SRC 192.168.50.2 and .
Question42:
Question43:
Question44: A company just chose a global software company based in Europe to implement a new supply chain management solution. Which of the following would be the MAIN concern of the company?
Question45:
Question46:
Question47: A security analyst receives an alert from the SIEM about a possible attack happening on the network The analyst opens the alert and sees the IP address of the suspected server as 192.168.54.66. which is part of the network 192 168 54 0/24. The analyst then pulls all the command history logs from that server and sees the followingWhich of the following activities is MOST likely happening on the server?
Question48:
Question49: An employee in the billing department accidentally sent a spreadsheet containing payment card data to a recipient outside the organization The employee intended to send the spreadsheet to an internal staff member with a similar name and was unaware of the mistake until the recipient replied to the message In addition to retraining the employee, which of the following would prevent this from happening in the future?
Question50:
Question51:
Question52:
Question53:
Question54: A security analyst is reviewing the following log entries to identify anomalous activity:Which of the following attack types is occurring?
Question55:
Question56:
Question57:
Question58: A security analyst identified one server that was compromised and used as a data making machine, and a few of the hard drive that was created. Which of the following will MOST likely provide information about when and how the machine was compromised and where the malware is located?
Question59:
Question60: A security analyst at exampte.com receives a SIEM alert for an IDS signature and reviews the associated packet capture and TCP stream:Winch of the following actions should the security analyst lake NEXT?
Question61: A routine vulnerability scan detected a known vulnerability in a critical enterprise web application. Which of the following would be the BEST next step?
Question62:
Question63:
Question64:
Question65: A security analyst, who is working for a company that utilizes Linux servers, receives the following results from a vulnerability scan:Which of the following is MOST likely a false positive?
Question66:
Question67:
Question68: A system administrator is doing network reconnaissance of a company's external network to determine the vulnerability of various services that are running. Sending some sample traffic to the external host, the administrator obtains the following packet capture:Based on the output, which of the following services should be further tested for vulnerabilities?
Question69:
Question70: As part of a review of modern response plans, which of the following is MOST important for an organization lo understand when establishing the breach notification period?
Question71:
Question72:
Question73:
Question74:
Question75: During a review of recent network traffic, an analyst realizes the team has seen this same traffic multiple times in the past three weeks, and it resulted in confirmed malware activity The analyst also notes there is no other alert in place for this traffic After resolving the security incident, which of the following would be the BEST action for the analyst to take to increase the chance of detecting this traffic in the future?
Question76:
Question77:
Question78:
Question79: A cybersecurity analyst is establishing a threat hunting and intelligence group at a growing organization. Which of the following is a collaborative resource that would MOST likely be used for this purpose?
Question80: A company stores all of its data in the cloud. All company-owned laptops are currently unmanaged, and all users have administrative rights. The security team is having difficulty identifying a way to secure the environment. Which of the following would be the BEST method to protect the company's data?
Question81:
Question82:
Question83: A malicious artifact was collected during an incident response procedure. A security analyst is unable to run it in a sandbox to understand its features and method of operation. Which of the following procedures is the BEST approach to perform a further analysis of the malware's capabilities?
Question84: An analyst is reviewing the following output:Which of the following was MOST likely used to discover this?
Question85:
Question86: Which of the following software assessment methods would be BEST for gathering data related to an application's availability during peak times?
Question87:
Question88: A company wants to outsource a key human-resources application service to remote employees as a SaaS-based cloud solution. The company's GREATEST concern should be the SaaS provider's:
Question89: A security administrator needs to provide access from partners to an Isolated laboratory network inside an organization that meets the following requirements:* The partners' PCs must not connect directly to the laboratory network.* The tools the partners need to access while on the laboratory network must be available to all partners* The partners must be able to run analyses on the laboratory network, which may take hours to complete Which of the following capabilities will MOST likely meet the security objectives of the request?
Question90: A security analyst is researching ways to improve the security of a company's email system to mitigate emails that are impersonating company executives. Which of the following would be BEST for the analyst to configure to achieve this objective?
Question91: A security analyst received a SIEM alert regarding high levels of memory consumption for a critical system. After several attempts to remediate the issue, the system went down. A root cause analysis revealed a bad actor forced the application to not reclaim memory. This caused the system to be depleted of resources.Which of the following BEST describes this attack?
Question92: A security analyst has discovered malware is spreading across multiple critical systems and is originating from a single workstations, which belongs to a member of the cyber-infrastructure team who has legitimate administrator credentials. An analysis of the traffic indicates the workstation swept the networking looking for vulnerable hosts to infect. Which of the following would have worked BEST to prevent the spread of this infection?
Question93:
Question94:
Question95: The SOC has received reports of slowness across all workstation network segments. The currently installed antivirus has not detected anything, but a different anti-malware product was just downloaded and has revealed a worm is spreading Which of the following should be the NEXT step in this incident response?
Question96:
Question97:
Question98:
Question99:
Question100:
Question101: A general contractor has a list of contract documents containing critical business data that are stored at a public cloud provider. The organization's security analyst recently reviewed some of the storage containers and discovered most of the containers are not encrypted. Which of the following configurations will provide the MOST security to resolve the vulnerability?
Question102:
Question103:
Question104:
Question105:
Question106:
Question107: As part of an organization's information security governance process, a Chief Information Security Officer (CISO) is working with the compliance officer to update policies to include statements related to new regulatory and legal requirements. Which of the following should be done to BEST ensure all employees are appropriately aware of changes to the policies?
Question108:
Question109:
Question110:
Question111: An organization wants to move non-essential services into a cloud computing environment. Management has a cost focus and would like to achieve a recovery time objective of 12 hours. Which of the following cloud recovery strategies would work BEST to attain the desired outcome?
Question112:
Question113:
Question114:
Question115: A security analyst received an alert from the SIEM indicating numerous login attempts from users outside their usual geographic zones, all of which were initiated through the web-based mail server. The logs indicate all domain accounts experienced two login attempts during the same time frame.Which of the following is the MOST likely cause of this issue?
Question116:
Question117:
Question118: As part of a review of incident response plans, which of the following is MOST important for an organization to understand when establishing the breach notification period?
Question119: An email analysis system notifies a security analyst that the following message was quarantined and requires further review.Which of the following actions should the security analyst take?
Question120: A security analyst is reviewing a suspected phishing campaign that has targeted an organisation. The organization has enabled a few email security technologies in the last year: however, the analyst believes the security features are not working. The analyst runs the following command:> dig domain._domainkey.comptia.orq TXTWhich of the following email protection technologies is the analyst MOST likely validating?
Question121:
Question122:
Question123: A consultant evaluating multiple threat intelligence leads to assess potential risks for a client. Which of the following is the BEST approach for the consultant to consider when modeling the client's attack surface?
Question124: A network attack that is exploiting a vulnerability in the SNMP is detected.Which of the following should the cybersecurity analyst do FIRST?
Question125:
Question126:
Question127: A security analyst for a large financial institution is creating a threat model for a specific threat actor that is likely targeting an organization's financial assets.Which of the following is the BEST example of the level of sophistication this threat actor is using?
Question128: As part of the senior leadership team's ongoing nsk management activities the Chief Information Security Officer has tasked a security analyst with coordinating the right training and testing methodology to respond to new business initiatives or significant changes to existing ones The management team wants to examine a new business process that would use existing infrastructure to process and store sensitive data Which of the following would be appropnate for the security analyst to coordinate?
Question129: A cybersecurity analyst is currently checking a newly deployed server that has an access control list applied. When conducting the scan, the analyst received the following code snippet of results:Which of the following describes the output of this scan?
Question130:
Question131: Which of the following would MOST likely be included in the incident response procedure after a security breach of customer PII?
Question132: While conducting a network infrastructure review, a security analyst discovers a laptop that is plugged into a core switch and hidden behind a desk.The analyst sees the following on the laptop's screen:Which of the following is the BEST action for the security analyst to take?
Question133:
Question134:
Question135:
Question136:
Question137: After examining a header and footer file, a security analyst begins reconstructing files by scanning the raw data bytes of a hard disk and rebuilding them. Which of the following techniques is the analyst using?
Question138:
Question139:
Question140: An organization wants to mitigate against risks associated with network reconnaissance. ICMP is already blocked at the firewall; however, a penetration testing team has been able to perform reconnaissance against the organization's network and identify active hosts. An analyst sees the following output from a packet capture:Which of the following phrases from the output provides information on how the testing team is successfully getting around the ICMP firewall rule?
Question141:
Question142:
Question143: During routine monitoring a security analyst identified the following enterpnse network traffic:Packet capture output:Which of the following BEST describes what the security analyst observed?
Question144: A company's blocklist has outgrown the current technologies in place. The ACLS are at maximum, and the IPS signatures only allow a certain amount of space for domains to be added, creating the need for multiple signatures.Which of the following configuration changes to the existing controls would be the MOST appropriate to improve performance?
Question145:
Question146: A Chief Information Security Officer (CISO) is concerned the development team, which consists of contractors, has too much access to customer dat A.Developers use personal workstations, giving the company little to no visibility into the development activities.Which of the following would be BEST to implement to alleviate the CISO's concern?
Question147: A security analyst is responding to an incident on a web server on the company network that is making a large number of outbound requests over DNS Which of the following is the FIRST step the analyst should take to evaluate this potential indicator of compromise'?
Question148: A system is experiencing noticeably slow response times, and users are being locked out frequently. An analyst asked for the system security plan and found the system comprises two servers: an application server in the DMZ and a database server inside the trusted domain. Which of the following should be performed NEXT to investigate the availability issue?
Question149: A cybersecurity analyst is reading a daily intelligence digest of new vulnerabilities The type of vulnerability that should be disseminated FIRST is one that:
Question150:
Question151:
Question152:
Question153:
Question154: A company's security administrator needs to automate several security processes related to testing for the existence of changes within the environment Conditionally other processes will need to be created based on input from prior processes Which of the following is the BEST method for accomplishing this task?
Question155: A security analyst needs to provide a copy of a hard drive for forensic analysis. Which of the following would allow the analyst to perform the task?A)B)C)D)
Question156:
Question157:
Question158:
Question159: