MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: Which of the following best describes when an organization Utilizes a read-to-use application from a cloud provider?
Question2: A security analyst is responding to an alert from the SIEM. The alert states that malware was discovered on a host and was not automatically deleted. Which of the following would be BEST for the analyst to perform?
Question3: A security analyst needs an overview of vulnerabilities for a host on the network. Which of the following is the BEST type of scan for the analyst to run to discover which vulnerable services are running?
Question4: An information security manager for an organization is completing a PCI DSS self-assessment for the first time. which of the is following MOST likely reason for this type of assessment?
Question5: A company's help desk received several AV alerts indicating Mimikatz attempted to run on the remote systems Several users also reported that the new company flash drives they picked up in the break room only have512KB of storage Which of the following is most likely the cause?
Question6: Which of the following can best protect against an employee inadvertently installing malware on a company system?
Question7: While reviewing pcap data, a network security analyst is able to locate plaintext usernames and passwords being sent from workstations to network witches. Which of the following is the security analyst MOST likely observing?
Question8: Which of the following is constantly scanned by internet bots and has the highest risk of attack in the case of the default configurations?
Question9: A manufacturing company has several one-off legacy information systems that cannot be migrated to a newer OS due to software compatibility issues. The OSs are still supported by the vendor but the industrial software is no longer supported The Chief Information Security Officer has created a resiliency plan for these systems that will allow OS patches to be installed in a non-production environment, white also creating backups of the systems for recovery. Which of the following resiliency techniques will provide these capabilities?
Question10: The application development teams have been asked to answer the following questions:* Does this application receive patches from an external source?* Does this application contain open-source code?* Is this application accessible by external users?* Does this application meet the corporate password standard?Which of the following are these questions part of?
Question11: A security engineer needs to create a network segment that can be used for servers thal require connections from untrusted networks. Which of the following should the engineer implement?
Question12: A security incident has been resolved Which of the following BEST describes the importance of the final phase of the incident response plan?
Question13: A security professional wants to enhance the protection of a critical environment that is Used to store and manage a company's encryption keys. The selected technology should be tamper resistant. Which of the following should the security professional implement to achieve the goal?
Question14: Which of the following incident response phases should the proper collection of the detected 'ocs and establishment of a chain of custody be performed before?
Question15: A security engineer is installing a WAF to protect the company's website from malicious web requests over SSL. Which of the following is needed to meet the objective?
Question16: A company wants to modify its current backup strategy to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategy
Question17: An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled. Which of the following can be used to accomplish this task?
Question18: An organization is building a new headquarters and has placed fake cameras around the building in an attempt to discourage potential intruders. Which of the following kinds of controls describes this security method?
Question19: A security administrator is integrating several segments onto a single network. One of the segments, which includes legacy devices, presents a significant amount of risk to the network.Which of the following would allow users to access to the legacy devices without compromising the security of the entire network?
Question20: An enterprise needs to keep cryptographic keys in a safe manner. Which of the following network appliances can achieve this goal?
Question21: Which of the following describes software on network hardware that needs to be updated on a rou-tine basis to help address possible vulnerabilities?
Question22: Which of the following environments would MOST likely be used to assess the execution of component parts of a system at both the hardware and software levels and to measure performance characteristics?
Question23: A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the companVs mobile application. After reviewing the back-end server logs, the security analyst finds the following entriesWhich of the following is the most likely cause of the security control bypass?
Question24: A company wants to deploy PKI on its internet-facing website The applications that are currently deployed are* www company.com (mam website)* contact us company com (for locating a nearby location)* quotes company.com (for requesting a price quote)The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store company com Which of the following certificate types would best meet the requirements?
Question25: A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?
Question26: Which of the following secure application development concepts aims to block verbose error messages from being shown in a user's interface?
Question27: Physical access to the organization's servers in the data center requires entry and exit through multiple access points: a lobby, an access control vestibule, three doors leading to the server floor itself and eventually to a caged area solely for the organization's hardware. Which of the following controls is described in this scenario?
Question28: Which of the following Is the BEST reason to maintain a functional and effective asset management policy that aids in ensuring the security of an organization?
Question29: Which of the following should be addressed first on security devices before connecting to the network?
Question30: A security team discovered a large number of company-issued devices with non-work-related software installed. Which of the following policies would most likely contain language that would prohibit this activity?
Question31: A company has hired an assessment team to test the security of the corporate network and employee vigilance.Only the Chief Executive Officer and Chief Operating Officer are aware of this exercise, and very little information has been provided to the assessors. Which of the following is taking place?
Question32: A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?
Question33: A systems integrator is installing a new access control system for a building. The new system will need to connect to the Company's AD server In order to validate current employees. Which of the following should the systems integrator configure to be the most secure?
Question34: A company would like to set up a secure way to transfer data between users via their mobile phones The company's top pnonty is utilizing technology that requires users to be in as close proximity as possible to each other. Which of the following connection methods would BEST fulfill this need?
Question35: Which of the following is used to quantitatively measure the criticality of a vulnerability?
Question36: A company that provides an online streaming service made its customers' personal data including names and email addresses publicly available in a cloud storage service. As a result, the company experienced an increase m the number of requests to delete user accounts. Which of the following best describes the consequence of tins data disclosure?
Question37: A company recently experienced an attack during which 5 main website was directed to the atack-er's web server, allowing the attacker to harvest credentials from unsuspecting customers. Which of the following should the company Implement to prevent this type of attack from occurring in the future?
Question38: A Chief Information Security Officer (CISO) wants to implement a new solution that can protect against certain categories of websites, whether the employee is in the offer or away. Which of the following solutions should the CISO implement?
Question39: Two organizations are discussing a possible merger Both Organizations Chief Fi-nancial Officers would like to safely share payroll data with each Other to de-termine if the pay scales for different roles are similar at both organizations Which Of the following techniques would be best to protect employee data while allowing the companies to successfully share this information?
Question40: A security administrator needs to inspect in-transit files on the enterprise network to search for PI I credit card data, and classification words Which of the following would be the best to use?
Question41: A security administrator is seeking a solution to prevent unauthorized access to the internal network. Which of the following security solutions should the administrator choose?
Question42: Which of the following is most likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented?
Question43: A security analyst is reviewing the output of a web server log and notices a particular account is attempting to transfer large amounts of money:GET http://yourbank.com/transfer.do?acctnum=087646959&amount=500000 HTTP/1.1GET http://yourbank.com/transfer.do?acctnum=087646958&amount=5000000 HTTP/1.1GET http://yourbank.com/transfer.do?acctnum=-087646958&amount=1000000 HTTP/1.1GET http://yourbank.com/transfer.do?acctnum=087646953&amount=500 HTTP/1.1Which of the following types of attacks is most likely being conducted?
Question44: A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?
Question45: A software company is analyzing a process that detects software vulnerabilities at the earliest stage possible.The goal is to scan the source looking for unsecure practices and weaknesses before the application is deployed in a runtime environment. Which of the following would BEST assist the company with this objective?
Question46: A network manager is concerned that business may be negatively impacted if the firewall in its data center goes offline. The manager would like to implement a high availability pair to:
Question47: A network engineer and a security engineer are discussing ways to monitor network operations. Which of the following is the BEST method?
Question48: A data owner has been tasked with assigning proper data classifications and destruction methods for various types of data contained within the environment.
Question49: Which of the following is required in order for an IDS and a WAF to be effective on HTTPS traffic?
Question50: A company recently upgraded its authentication infrastructure and now has more computing power. Which of the following should the company consider using to ensure user credentials are being transmitted and stored more securely?
Question51: A security administrator is using UDP port 514 to send a syslog through an unsecure network to the SIEM server. Which of the following is the best way for the administrator to improve the process?
Question52: If a current private key is compromised, which of the following would ensure it cannot be used to decrypt ail historical data?
Question53: Which of the following BEST describes the method a security analyst would use to confirm a file that is downloaded from a trusted security website is not altered in transit or corrupted using a verified checksum?
Question54: A security administrator is setting up a SIEM to help monitor for notable events across the enterprise. Which of the following control types does this BEST represent?
Question55: A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?
Question56: Cloud security engineers are planning to allow and deny access to specific features in order to in-crease data security. Which of the following cloud features is the most appropriate to ensure ac-cess is granted properly?
Question57: A large enterprise has moved all its data to the cloud behind strong authentication and encryption. A sales director recently had a laptop stolen, and later, enterprise data was found to have been compromised from a local database. Which of the following was the MOST likely cause?
Question58: Hackers recently attacked a company's network and obtained several unfavorable pictures from the Chief Executive Officer's workstation. The hackers are threatening to send the images to the press if a ransom is not paid. Which of the following is impacted the MOST?
Question59: A third party asked a user to share a public key for secure communication. Which of the following file formats should the user choose to share the key?
Question60: An organization decided not to put controls in place because of the high cost of implementing the controls compared to the cost of a potential fine. Which of the following risk management strategies is the organization following?
Question61: Several universities are participating in a collaborative research project and need to share compute and storage resources. Which of the following cloud deployment strategies would best meet this need?
Question62: A company wants to build a new website to sell products online. The website wd I host a storefront application that allow visitors to add products to a shopping cart and pay for products using a credit card. which Of the following protocols *would be most secure to implement?
Question63: An attacker was eavesdropping on a user who was shopping online. The attacker was able to spoof the IP address associated with the shopping site. Later, the user received an email regarding credit card statement with unusual purchases. Which of the following attacks took place?
Question64: A security analyst is assisting a team of developers with best practices for coding. The security analyst would like to defend against the use of SQL injection attacks. Which of the following should the security analyst recommend first?
Question65: A global pandemic is forcing a private organization to close some business units and reduce staffing at others.Which of the following would be best to help the organization's executives determine their next course of action?
Question66: Which of the following would produce the closet experience of responding to an actual incident response scenario?
Question67: The SIEM at an organization has detected suspicious traffic coming a workstation in its internal network. An analyst in the SOC the workstation and discovers malware that is associated with a botnet is installed on the device A review of the logs on the workstation reveals that the privileges of the local account were escalated to a local administrator. To which of the following groups should the analyst report this real-world event?
Question68: An organization discovered a disgruntled employee exfiltrated a large amount of PII data by uploading files Which of the following controls should the organization consider to mitigate this risk?
Question69: The following are the logs of a successful attack.Which of the following controls would be BEST to use to prevent such a breach in the future?
Question70: Which of the following would a security analyst use to determine if other companies in the same sector have seen similar malicious activity against their systems?
Question71: You received the output of a recent vulnerability assessment.Review the assessment and scan output and determine the appropriate remedialion(s} 'or each dewce.Remediation options may be selected multiple times, and some devices may require more than one remediation.If at any time you would like to biing bade the initial state ot the simulation, please dick me Reset All button.
Question72: An attacker replaces a digitally signed document with another version that goes unnoticed Upon reviewing the document's contents the author notices some additional verbiage that was not originally in the document but cannot validate an integrity issue. Which of the following attacks was used?
Question73: Which of the following procedures would be performed after the root cause of a security incident has been identified to help avoid future incidents from occurring?
Question74: A security researcher has alerted an organization that its sensitive user data was found for sale on a website.Which of the following should the organization use to inform the affected parties?
Question75: A major manufacturing company updated its internal infrastructure and just started to allow OAuth application to access corporate data Data leakage is being reported Which of following most likely caused the issue?
Question76: An incident has occurred in the production environment.Analyze the command outputs and identify the type of compromise.
Question77: A business is looking for a cloud service provider that offers a la carte services, including cloud backups, VM elasticity, and secure networking. Which of the following cloud service provider types should business engage?
Question78: The technology department at a large global company is expanding its Wi-Fi network infrastructure at the headquarters building Which of the following should be closely coordinated between the technology, cybersecurity, and physical security departments?
Question79: A security analyst reports a company policy violation in a case in which a large amount of sensitive data is being downloaded after hours from various mobile devices to an external site. Upon further investigation, the analyst notices that successful login attempts are being conducted with impossible travel times during the same time periods when the unauthorized downloads are occurring. The analyst also discovers a couple of WAPs are using the same SSID, but they have non-standard DHCP configurations and an overlapping channel.Which of the following attacks is being conducted?
Question80: An organization has hired a security analyst to perform a penetration test The analyst captures 1Gb worth of inbound network traffic to the server and transfers the pcap back to the machine for analysis. Which of the following tools should the analyst use to further review the pcap?
Question81: A security engineer is investigating a penetration test report that states the company website is vulnerable to a web application attack. While checking the web logs from the time of the test, the engineer notices several invalid web form submissions using an unusual address: "SELECT * FROM customername". Which of the following is most likely being attempted?
Question82: Which of the following would be most effective to contain a rapidly spreading attack that is affecting a large number of organizations?
Question83: Which of the following allow access to remote computing resources, a operating system. and centrdized configuration and data
Question84: A Chief Information Security Officer (CISO) is evaluating (he dangers involved in deploying a new ERP system tor the company. The CISO categorizes the system, selects the controls mat apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system Which of the following is the CISO using to evaluate Hie environment for this new ERP system?
Question85: A company would like to protect credit card information that is stored in a database from being exposed and reused. However, the current POS system does not support encryption. Which of the following would be BEST suited to secure this information?(Give me related explanation and references from CompTIA Security+ SY0-601 documents for Correct answer option)
Question86: A security analyst is investigating multiple hosts that are communicating to external IP addresses during the hours of 2:00 a.m - 4:00 am. The malware has evaded detection by traditional antivirus software. Which of the following types of malware is MOST likely infecting the hosts?
Question87: A cybersecurity analyst needs to adopt controls to properly track and log user actions to an individual. Which of the following should the analyst implement?
Question88: A security engineer needs to build @ solution to satisfy regulatory requirements that stale certain critical servers must be accessed using MFA However, the critical servers are older and are unable to support the addition of MFA, Which of te following will the engineer MOST likely use to achieve this objective?
Question89: An organization's Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained Which of the following roles would MOST likely include these responsibilities?
Question90: To reduce and limit software and infrastructure costs the Chief Information Officer has requested to move email services to the cloud. The cloud provider and the organization must have secunty controls to protect sensitive data Which of the following cloud services would best accommodate the request?
Question91: A network analyst is setting up a wireless access point for a home office in a remote, rural location. The requirement is that users need to connect to the access point securely but do not want to have to remember passwords Which of the following should the network analyst enable to meet the requirement?
Question92: A security analyst reviews web server logs and notices the following line:104.35. 45.53 -[22/May/2020:07 : 00:58 +0100] "GET . UNION ALL SELECTuser login, user _ pass, user email from wp users-- HTTP/I.I" 200 1072http://www.example.com/wordpress/wp-admin/Which of the following vulnerabilities is the attacker trying to exploit?
Question93: A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?
Question94: Which of the following would satisfy three-factor authentication requirements?
Question95: A desktop computer was recently stolen from a desk located in the lobby of an office building. Which of the following would be the best way to secure a replacement computer and deter future theft?
Question96: An email security vendor recently added a retroactive alert after discovering a phishing email had already been delivered to an inbox. Which of the following would be the best way for the security administrator to address this type of alert in the future?
Question97: A network security manager wants to implement periodic events that will test the security team's preparedness for incidents in a controlled and scripted manner, Which of the following concepts describes this scenario?
Question98: Multiple beaconing activities to a malicious domain have been observed. The malicious domain is hosting malware from various endpoints on the network. Which of the following technologies would be best to correlate the activities between the different endpoints?
Question99: A security administrator has discovered that workstations on the LAN are becoming infected with malware.The cause of the infections appears to be users receiving phishing emails that are bypassing the current email-filtering technology. As a result, users are being tricked into clicking on malicious URLs, as no internal controls currently exist in the environment to evaluate their safety. Which of the following would be BEST to implement to address the issue?
Question100: An employee received multiple messages on a mobile device. The messages instructing the employee to pair the device to an unknown device. Which of the following BEST describes What a malicious person might be doing to cause this issue to occur?
Question101: During an assessment, a systems administrator found several hosts running FTP and decided to immediately block FTP communications at the firewall.Which of the following describes the greatest risk associated with using FTP?
Question102: Which of the following best describes configuring devices to log to a centralized, off-site location for possible future reference?
Question103: A company is moving its retail website to a public cloud provider. The company wants to tokenize audit card data but not allow the cloud provider to see the stored credit card information. Which of the following would BEST meet these objectives?
Question104: A Chief Information Security Officer (CISO) is evaluating the dangers involved in deploying a new ERP system for the company. The CISO categorizes the system, selects the controls that apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system. Which of the following is the CISO using to evaluate the environment for this new ERP system?
Question105: A security operations center wants to implement a solution that can execute files to test for malicious activity.The solution should provide a report of the files' activity against known threats.Which of the following should the security operations center implement?
Question106: Which of Ihe following control types is patch management classified under?
Question107: An engineer is using scripting to deploy a network in a cloud environment. Which the following describes this scenario?
Question108: A junior human resources administrator was gathering data about employees to submit to a new company awards program The employee data included job title business phone number location first initial with last name and race Which of the following best describes this type of information?
Question109: Which of the following would help ensure a security analyst is able to accurately measure the overall risk to an organization when a new vulnerability is disclosed?
Question110: Which of the following will increase cryptographic security?
Question111: A digital forensics team at a large company is investigating a case in which malicious code was downloaded over an HTTPS connection and was running in memory, but was never committed to disk. Which of the following techniques should the team use to obtain a sample of the malware binary?
Question112: A company recently enhanced mobile device configuration by implementing a set of security controls:biometrics, context-aware authentication, and full device encryption. Even with these settings in place, an unattended phone was used by a malicious actor to access corporate data.Which of the following additional controls should be put in place first?
Question113: A company is auditing the manner in which its European customers' personal information is handled. Which of the following should the company consult?
Question114: Which of the following is a solution that can be used to stop a disgruntled employee from copying confidential data to a USB drive?
Question115: A company is concerned about individuals dnvmg a car into the building to gam access Which of the following security controls would work BEST to prevent this from happening?
Question116: Which of the following should a technician consider when selecting an encryption method for data that needs to remain confidential for a specific length of time?
Question117: A company would like to move to the cloud. The company wants to prioritize control and security over cost and ease of management. Which of the following cloud models would best suit this company's priorities?
Question118: An analyst is concerned about data leaks and wants to restrict access to internet services to authorized users only. The analyst also wants to control the actions each user can perform on each service. Which of the following would be the best technology for the analyst to consider implementing?
Question119: Which of the following describes a maintenance metric that measures the average time required to troubleshoot and restore failed equipment?
Question120: A security administrator examines the ARP table of an access switch and sees the following output:Which of the following is a potential threat that is occurring on this access switch?
Question121: A security administrator needs to provide secure access to internal networks for external partners The administrator has given the PSK and other parameters to the third-party security administrator. Which of the following is being used to establish this connection?
Question122: A penetration tester was able to compromise a host using previously captured network traffic. Which of the following is the result of this action?
Question123: During a Chief Information Security Officer (CISO) convention to discuss security awareness, the attendees are provided with a network connection to use as a resource. As the convention progresses, one of the attendees starts to notice delays in the connection, and the HIIPS site requests are reverting to HTTP Which of the following BEST describes what is happening?
Question124: A user attempts to load a web-based application, but the expected login screen does not appear A help desk analyst troubleshoots the issue by running the following command and reviewing the output on the user's PCThe help desk analyst then runs the same command on the local PCWhich of the following BEST describes the attack that is being detected?
Question125: The help desk has received calls from users in multiple locations who are unable to access core network services The network team has identified and turned off the network switches using remote commands. Which of the following actions should the network team take NEXT?
Question126: A security engineer obtained the following output from a threat intelligence source that recently performed an attack on the company's server:Which of the following best describes this kind of attack?
Question127: A user is trying to upload a tax document, which the corporate finance department requested, but a security program IS prohibiting the upload A security analyst determines the file contains Pll, Which of the following steps can the analyst take to correct this issue?
Question128: An upcoming project focuses on secure communications and trust between external parties. Which of the following security components will need to be considered to ensure a chosen trust provider IS used and the selected option is highly scalable?
Question129: A security engineer learns that a non-critical application was compromised. The most recent version of the application includes a malicious reverse proxy while the application is running. Which of the following should the engineer is to quickly contain the incident with the least amount of impact?
Question130: A network-connected magnetic resonance imaging (MRI) scanner at a hospital is controlled and operated by an outdated and unsupported specialized Windows OS. Which of the following is most likely preventing the IT manager at the hospital from upgrading the specialized OS?
Question131: An organization is concerned that ils hosted web servers are not running the most updated version of the software. Which of the following would work best to help identify potential vulnerabilities?
Question132: Certain users are reporting their accounts are being used to send unauthorized emails and conduct suspicious activities. After further investigation, a security analyst notices the following:* All users share workstations throughout the day.* Endpoint protection was disabled on several workstations throughout the network.* Travel times on logins from the affected users are impossible.* Sensitive data is being uploaded to external sites.* All user account passwords were forced to be reset and the issue continued.Which of the following attacks is being used to compromise the user accounts?
Question133: An organization has expanded its operations by opening a remote office. The new office is fully furnished with office resources to support up to 50 employees working on any given day. Which of the following VPN solutions would best support the new office?
Question134: Which of the following describes business units that purchase and implement scripting software without approval from an organization's technology Support staff?
Question135: Which of the following can be used to calculate the total loss expected per year due to a threat targeting an asset?
Question136: Which of the following terms should be included in a contract to help a company monitor the ongo-ing security maturity Of a new vendor?
Question137: A company a "right to forgotten" request To legally comply, the company must remove data related to the requester from its systems. Which Of the following Company most likely complying with?
Question138: An attacker is using a method to hide data inside of benign files in order to exfiltrate confidential data. Which of the following is the attacker most likely using?
Question139: Which of the following environments can be stood up in a short period of time, utilizes either dummy data or actual data, and is used to demonstrate and model system capabilities and functionality for a fixed, agreed-upon duration of time?
Question140: A network analyst is investigating compromised corporate information. The analyst leads to a theory that network traffic was intercepted before being transmitted to the internet. The following output was captured on an internal host:Based on the IoCS, which of the following was the MOST likely attack used to compromise the network communication?
Question141: A global company is experiencing unauthorized logging due to credential theft and account lockouts caused by brute-force attacks. The company is considering implementing a third-party identity provider to help mitigate these attacks. Which of the following would be the BEST control for the company to require from prospective vendors?
Question142: A security researcher is using an adversary's infrastructure and TTPs and creating a named group to track those targeted Which of the following is the researcher MOST likely using?
Question143: A company installed several crosscut shredders as part of increased information security practices targeting data leakage risks. Which of the following will this practice reduce?
Question144: Which of the following roles is responsible for defining the protection type and Classification type for a given set of files?
Question145: A company is focused on reducing risks from removable media threats. Due to certain primary applications, removable media cannot be entirely prohibited at this time. Which of the following best describes the company's approach?
Question146: Which of the following BEST describes data streams that are compiled through artificial intelligence that provides insight on current cyberintrusions, phishing, and other malicious cyberactivity?
Question147: A customer has reported that an organization's website displayed an image of a smiley (ace rather than the expected web page for a short time two days earlier. A security analyst reviews log tries and sees the following around the lime of the incident:Which of the following is MOST likely occurring?
Question148: A cyber security administrator is using iptables as an enterprise firewall. The administrator created some rules, but the network now seems to be unresponsive. All connections are being dropped by the firewall Which of the following would be the best option to remove the rules?
Question149: A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO's report?
Question150: A security analyst receives an alert from the company's S1EM that anomalous activity is coming from a local source IP address of 192 168 34.26 The Chief Information Security Officer asks the analyst to block the originating source Several days later another employee opens an internal ticket stating that vulnerability scans are no longer being performed property. The IP address the employee provides is 192 168.34 26. Which of the following describes this type of alert?
Question151: A corporate security team needs to secure the wireless perimeter of its physical facilities to ensure only authorized users can access corporate resources. Which of the following should the security team do? (Refer the answer from CompTIA SY0-601 Security+ documents or guide at comptia.org)
Question152: A security engineer is setting up passwordless authentication for the first time.INSTRUCTIONSUse the minimum set of commands to set this up and verify that it works. Commands cannot be reused.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Question153: The Chief Information Security Officer (CISO) has decided to reorganize security staff to concentrate on incident response and to outsource outbound Internet URL categorization and filtering to an outside company.Additionally, the CISO would like this solution to provide the same protections even when a company laptop or mobile device is away from a home office. Which of the following should the CISO choose?
Question154: During a recent security assessment, a vulnerability was found in a common OS. The OS vendor was unaware of the issue and promised to release a patch within the next quarter. Which of the following best describes this type of vulnerability?
Question155: A company recently suffered a breach in which an attacker was able to access the internal mail servers and directly access several user inboxes. A large number of email messages were later posted online. Which of the following would bast prevent email contents from being released should another breach occur?
Question156: An organization needs to implement more stringent controls over administrator/root credentials and service accounts. Requirements for the project include:* Check-in/checkout of credentials* The ability to use but not know the password* Automated password changes* Logging of access to credentialsWhich of the following solutions would meet the requirements?
Question157: A new security engineer has started hardening systems. One of the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability to use SCP to transfer files to the NAS, even through the data is still viewable from the user's PCs. Which of the following is the most likely cause of this issue?
Question158: A company recently experienced a significant data loss when proprietary information was leaked to a competitor. The company took special precautions by using proper labels; however, email filter logs do not have any record of the incident. An investigation confirmed the corporate network was not breached, but documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage.Which of the following is the best mitigation strategy to prevent this from happening in the future?
Question159: A company completed a vulnerability scan. The scan found malware on several systems that were running older versions of Windows. Which of the following is MOST likely the cause of the malware infection?
Question160: An organization wants to ensure that proprietary information is not inadvertently exposed during facility tours.Which of the following would the organization implement to mitigate this risk?
Question161: During a security assessment, a security finds a file with overly permissive permissions. Which of the following tools will allow the analyst to reduce the permission for the existing users and groups and remove the set-user-ID from the file?
Question162: An internet company has created a new collaboration application. To expand the user base, the company wants to implement an option that allows users to log in to the application with the credentials of her popular websites. Which of the following should the company implement?
Question163: The compliance team requires an annual recertification of privileged and non-privileged user access. However, multiple users who left the company six months ago still have access. Which of the following would have prevented this compliance violation?
Question164: A company recently decided to allow its employees to use their personally owned devices for tasks like checking email and messaging via mobile applications. The company would like to use MDM, but employees are concerned about the loss of personal data. Which of the following should the IT department implement to BEST protect the company against company data loss while still addressing the employees' concerns?
Question165: A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly Which of the following technologies should the IT manager use when implementing MFA?
Question166: A desktop support technician recently installed a new document-scanning software program on a computer.However, when the end user tried to launch the program, it did not respond. Which of the following is MOST likely the cause?
Question167: A security analyst reviews a company's authentication logs and notices multiple authentication failures. The authentication failures are from different usernames that share the same source IP address. Which of the password attacks is MOST likely happening?
Question168: A security architect at a large, multinational organization is concerned about the complexities and overhead of managing multiple encryption keys securely in a multicioud provider environment. The security architect is looking for a solution with reduced latency to allow the incorporation of the organization's existing keys and to maintain consistent, centralized control and management regardless of the data location. Which of the following would best meet the architect's objectives?
Question169: An account was disabled atter several failed and successful login connections were made from various parts of the Word at various times. A security analysts investigating the issue. Which of the following account policies most likely triggered the action to disable the
Question170: A security analyst wants to verify that a client-server (non-web) application is sending encrypted traffic.Which of the following should the analyst use?
Question171: An organization recently completed a security control assessment The organization determined some controls did not meet the existing security measures. Additional mitigations are needed to lessen the risk of the non-complaint controls. Which of the following best describes these mitigations?
Question172: A local server recently crashed, and the team is attempting to restore the server from a backup. During the restore process, the team notices the file size of each daily backup is large and will run out of space at the current rate.The current solution appears to do a full backup every night. Which of the following would use the least amount of storage space for backups?
Question173: A security analyst is reviewing SIEM logs during an ongoing attack and notices the following:http://company.com/getphp?f=/etc/passwdhttp://company.com/..%2F..42F..42F.. $2Fetct2Fshadowhttp: //company.com/../../../ ../etc/passwdWhich of the following best describes the type of attack?
Question174: A company is implementing a new SIEM to log and send alerts whenever malicious activity is blocked by its antivirus and web content filters. Which of the following is the primary use case for this scenario?
Question175: The application development team is in the final stages of developing a new healthcare application. The team has requested copies of current PHI records to perform the final testing.Which of the following would be the best way to safeguard this information without impeding the testing process?
Question176: Which of the following is the correct order of evidence from most to least volatile in forensic analysis?
Question177: A security administrator would like to ensure all cloud servers will have software preinstalled for facilitating vulnerability scanning and continuous monitoring. Which of the following concepts should the administrator utilize?
Question178: Users report access to an application from an internal workstation is still unavailable to a specific server, even after a recent firewall rule implementation that was requested for this access. ICMP traffic is successful between the two devices. Which of the following tools should the security analyst use to help identify if the traffic is being blocked?
Question179: An organization's corporate offices were destroyed due to a natural disaster, so the organization is now setting up offices in a temporary work space. Which of the following will the organization most likely consult?
Question180: A security analyst was deploying a new website and found a connection attempting to authenticate on the site's portal. While Investigating The incident, the analyst identified the following Input in the username field:Which of the following BEST explains this type of attack?
Question181: A company wants the ability to restrict web access and monitor the websites that employees visit, Which Of the following would best meet these requirements?
Question182: Which of the following involves the inclusion of code in the main codebase as soon as it is written?
Question183: An organization is repairing damage after an incident. Which Of the following controls is being implemented?
Question184: A new security engineer has started hardening systems. One of the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability to use SCP to transfer files to the NAS, even though the data is still viewable from the users' PCs. Which of the following is the MOST likely cause of this issue?
Question185: An analyst is working on an investigation with multiple alerts for multiple hosts. The hosts are showing signs of being compromised by a fast-spreading worm. Which of the following should be the next step in order to stop the spread?
Question186: Developers are writing code and merging it into shared repositories several times a day, where it is tested automatically. Which of the following concepts does this BEST represent?
Question187: Which of the following would be the best resource for a software developer who is looking to improve secure coding practices for web applications?
Question188: Unauthorized devices have been detected on the internal network. The devices' locations were traced to Ether ports located in conference rooms. Which of the following would be the best technical controls to implement to prevent these devices from accessing the internal network?
Question189: A network administrator has been alerted that web pages are experiencing long load times After determining it is not a routing or DNS issue the administrator logs in to the router, runs a command, and receives the following output:CPU 0 percent busy, from 300 sec ago1 sec ave: 99 percent busy5 sec ave: 97 percent busy1 min ave: 83 percent busyWhich of the following is The router experiencing?
Question190: A company reduced the area utilized in its datacenter by creating virtual networking through automation and by creating provisioning routes and rules through scripting. Which of the following does this example describe?
Question191: Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.INSTRUCTIONSNot all attacks and remediation actions will be used.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Question192: Developers are writing code and merging it into shared repositories several times a day. where it is tested automatically. Which of the following concepts does this best represent?
Question193: Which of the following BEST describes the team that acts as a referee during a penetration-testing exercise?
Question194: A security engineer is reviewing the logs from a SAML application that is configured to use MFA, during this review the engineer notices a high volume of successful logins that did not require MFA from users who were traveling internationally. The application, which can be accessed without a VPB, has a policy that allows time-based tokens to be generated. Users who changed locations should be required to reauthenticate but have been Which of the following statements BEST explains the issue?
Question195: A customer called a company's security team to report that all invoices the customer has received over the last five days from the company appear to have fraudulent banking details. An investigation into the matter reveals the following* The manager of the accounts payable department is using the same password across multiple external websites and the corporate account* One of the websites the manager used recently experienced a data breach.* The manager's corporate email account was successfully accessed in the last five days by an IP address located in a foreign country.Which of the following attacks has most likely been used to compromise the manager's corporate account?
Question196: Which of the following BEST describes a technique that compensates researchers for finding vulnerabilities?
Question197: Which of the following security concepts should an e-commerce organization apply for protection against erroneous purchases?
Question198: A systems analyst determines the source of a high number of connections to a web server that were initiated by ten different IP addresses that belong to a network block in a specific country. Which of the following techniques will the systems analyst MOST likely implement to address this issue?
Question199: Which of the following is a primary security concern for a company setting up a BYOD program?
Question200: A retail store has a business requirement to deploy a kiosk computer In an open area The kiosk computer's operating system has been hardened and tested. A security engineer IS concerned that someone could use removable media to install a rootkit Mich of the should the security engineer configure to BEST protect the kiosk computer?
Question201: Which of the following best describes the situation where a successfully onboarded employee who is using a fingerprint reader is denied access at the company's mam gate?
Question202: A security analyst is running a vulnerability scan to check for missing patches during a suspected security rodent During which of the following phases of the response process is this activity MOST likely occurring?
Question203: Which of the following would most likely include language prohibiting end users from accessing personal email from a company device?
Question204: A security engineer is building a file transfer solution to send files to a business partner. The users would like to drop off the files in a specific directory and have the server send the file to the business partner. The connection to the business partner is over the internet and needs to be secure. Which of the following can be used?
Question205: Which of the following BEST describes a social-engineering attack that relies on an executive at a small business visiting a fake banking website where credit card and account details are harvested?
Question206: A newly purchased corporate WAP needs to be configured in the MOST secure manner possible.INSTRUCTIONSPlease click on the below items on the network diagram and configure them accordingly:* WAP* DHCP Server* AAA Server* Wireless Controller* LDAP ServerIf at any time you would like to bring back the initial state of the simulation, please click the Reset All button.