Weekend Special Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 1b2718643m

SY0-601 Exam Dumps - CompTIA Security+ Exam 2021

Question # 4

Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the real data?

A.

Data encryption

B.

Data masking

C.

Data deduplication

D.

Data minimization

Full Access
Question # 5

To secure an application after a large data breach, an e-commerce site will be resetting all users’ credentials. Which of the following will BEST ensure the site’s users are not compromised after the reset?

A.

A password reuse policy

B.

Account lockout after three failed attempts

C.

Encrypted credentials in transit

D.

A geofencing policy based on login history

Full Access
Question # 6

A pharmaceutical sales representative logs on to a laptop and connects to the public WiFi to check emails and update reports. Which of the following would be BEST to prevent other devices on the network from directly accessing the laptop? (Choose two.)

A.

Trusted Platform Module

B.

A host-based firewall

C.

A DLP solution

D.

Full disk encryption

E.

A VPN

F.

Antivirus software

Full Access
Question # 7

A company recently moved sensitive videos between on-premises. Company-owned websites. The company then learned the videos had been uploaded and shared to the internet. Which of the following would MOST likely allow the company to find the cause?

A.

Checksums

B.

Watermarks

C.

Oder of volatility

D.

A log analysis

E.

A right-to-audit clause

Full Access
Question # 8

A security assessment determines DES and 3DES at still being used on recently deployed production servers. Which of the following did the assessment identify?

A.

Unsecme protocols

B.

Default settings

C.

Open permissions

D.

Weak encryption

Full Access
Question # 9

A company's Chief Information Office (CIO) is meeting with the Chief Information Security Officer (CISO) to plan some activities to enhance the skill levels of the company's developers. Which of the following would be MOST suitable for training the developers'?

A.

A capture-the-flag competition

B.

A phishing simulation

C.

Physical security training

D.

Baste awareness training

Full Access
Question # 10

A company provides mobile devices to its users to permit access to email and enterprise applications. The company recently started allowing users to select from several different vendors and device models. When configuring the MDM, which of the following is a key security implication of this heterogeneous device approach?

A.

The most common set of MDM configurations will become the effective set of enterprise mobile security controls.

B.

All devices will need to support SCEP-based enrollment; therefore, the heterogeneity of the chosen architecture may unnecessarily expose private keys to adversaries.

C.

Certain devices are inherently less secure than others, so compensatory controls will be needed to address the delta between device vendors.

D.

MDMs typically will not support heterogeneous deployment environments, so multiple MDMs will need to be installed and configured.

Full Access
Question # 11

A security analyst is performing a forensic investigation compromised account credentials. Using the Event Viewer, the analyst able to detect the following message, ‘’Special privileges assigned to new login.’’ Several of these messages did not have a valid logon associated with the user before these privileges were assigned. Which of the following attacks is MOST likely being detected?

A.

Pass-the-hash

B.

Buffer overflow

C.

Cross-site scripting

D.

Session replay

Full Access
Question # 12

A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business customers. Due to the technical limitations of its customers the company is unable to upgrade the encryption standard. Which of the following types of controls should be used to reduce the risk created by this scenario?

A.

Physical

B.

Detective

C.

Preventive

D.

Compensating

Full Access
Question # 13

Which of the following provides the BEST protection for sensitive information and data stored in cloud-based services but still allows for full functionality and searchability of data within the cloud-based services?

A.

Data encryption

B.

Data masking

C.

Anonymization

D.

Tokenization

Full Access
Question # 14

A security analyst Is hardening a Linux workstation and must ensure It has public keys forwarded to remote systems for secure login Which of the following steps should the analyst perform to meet these requirements? (Select TWO).

A.

Forward the keys using ssh-copy-id.

B.

Forward the keys using scp.

C.

Forward the keys using ash -i.

D.

Forward the keys using openssl -s.

E.

Forward the keys using ssh-keyger.

Full Access
Question # 15

A symmetric encryption algorithm Is BEST suited for:

A.

key-exchange scalability.

B.

protecting large amounts of data.

C.

providing hashing capabilities,

D.

implementing non-repudiation.

Full Access
Question # 16

A user recently attended an exposition and received some digital promotional materials The user later noticed blue boxes popping up and disappearing on the computer, and reported receiving several spam emails, which the user did not open Which of the following is MOST likely the cause of the reported issue?

A.

There was a drive-by download of malware

B.

The user installed a cryptominer

C.

The OS was corrupted

D.

There was malicious code on the USB drive

Full Access
Question # 17

A security analyst needs to determine how an attacker was able to use User3 to gain a foothold within a company's network. The company's lockout policy requires that an account be locked out for a minimum of 15 minutes after three unsuccessful attempts. While reviewing the log files, the analyst discovers the following:

Which of the following attacks MOST likely occurred?

A.

Dictionary

B.

Credential-stuffing

C.

Password-spraying

D.

Brute-force

Full Access
Question # 18

A company processes highly sensitive data and senior management wants to protect the sensitive data by utilizing classification labels. Which of the following access control schemes would be BEST for the company to implement?

A.

Discretionary

B.

Rule-based

C.

Role-based

D.

Mandatory

Full Access
Question # 19

A remote user recently took a two-week vacation abroad and brought along a corporate-owned laptop. Upon returning to work, the user has been unable to connect the laptop to the VPN. Which of the following is the MOST likely reason for the user’s inability to connect the laptop to the VPN?

A.

Due to foreign travel, the user’s laptop was isolated from the network.

B.

The user’s laptop was quarantined because it missed the latest path update.

C.

The VPN client was blacklisted.

D.

The user’s account was put on a legal hold.

Full Access
Question # 20

An organization needs to implement more stringent controls over administrator/root credentials and service accounts. Requirements for the project include:

  • Check-in/checkout of credentials
  • The ability to use but not know the password
  • Automated password changes
  • Logging of access to credentials

Which of the following solutions would meet the requirements?

A.

OAuth 2.0

B.

Secure Enclave

C.

A privileged access management system

D.

An OpenID Connect authentication system

Full Access
Question # 21

A development team employs a practice of bringing all the code changes from multiple team members into the same development project through automation. A tool is utilized to validate the code and track source code through version control. Which of the following BEST describes this process?

A.

Continuous delivery

B.

Continuous integration

C.

Continuous validation

D.

Continuous monitoring

Full Access
Question # 22

A network administrator needs to build out a new datacenter, with a focus on resiliency and uptime. Which of the following would BEST meet this objective? (Choose two.)

A.

Dual power supply

B.

Off-site backups

C.

Automatic OS upgrades

D.

NIC teaming

E.

Scheduled penetration testing

F.

Network-attached storage

Full Access
Question # 23

A company recently set up an e-commerce portal to sell its product online. The company wants to start accepting credit cards for payment, which requires compliance with a security standard. Which of the following standards must the company comply with before accepting credit cards on its e-commerce platform?

A.

PCI DSS

B.

ISO 22301

C.

ISO 27001

D.

NIST CSF

Full Access
Question # 24

A cybersecurity administrator has a reduced team and needs to operate an on-premises network and security infrastructure efficiently. To help with the situation, the administrator decides to hire a service provider. Which of the following should the administrator use?

A.

SDP

B.

AAA

C.

IaaS

D.

MSSP

E.

Microservices

Full Access
Question # 25

A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area. Which of the following would MOST likely have prevented this breach?

A.

A firewall

B.

A device pin

C.

A USB data blocker

D.

Biometrics

Full Access
Question # 26

An organization is concerned that is hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities?

A.

Hping3 –s comptia, org –p 80

B.

Nc -1 –v comptia, org –p 80

C.

nmp comptia, org –p 80 –aV

D.

nslookup –port=80 comtia.org

Full Access
Question # 27

A security engineer is reviewing log files after a third discovered usernames and passwords for the organization’s accounts. The engineer sees there was a change in the IP address for a vendor website one earlier. This change lasted eight hours. Which of the following attacks was MOST likely used?

A.

Man-in- the middle

B.

Spear-phishing

C.

Evil twin

D.

DNS poising

Full Access
Question # 28

A small company that does not have security staff wants to improve its security posture. Which of the following would BEST assist the company?

A.

MSSP

B.

SOAR

C.

IaaS

D.

PaaS

Full Access
Question # 29

The CSIRT is reviewing the lessons learned from a recent incident. A worm was able to spread unhindered throughout the network and infect a large number of computers and servers. Which of the following recommendations would be BEST to mitigate the impacts of a similar incident in the future?

A.

Install a NIDS device at the boundary.

B.

Segment the network with firewalls.

C.

Update all antivirus signatures daily.

D.

Implement application blacklisting.

Full Access
Question # 30

An auditor is performing an assessment of a security appliance with an embedded OS that was vulnerable during the last two assessments. Which of the following BEST explains the appliance’s vulnerable state?

A.

The system was configured with weak default security settings.

B.

The device uses weak encryption ciphers.

C.

The vendor has not supplied a patch for the appliance.

D.

The appliance requires administrative credentials for the assessment.

Full Access
Question # 31

A security analyst is reviewing logs on a server and observes the following output:

Which of the following is the security analyst observing?

A.

A rainbow table attack

B.

A password-spraying attack

C.

A dictionary attack

D.

A keylogger attack

Full Access
Question # 32

A startup company is using multiple SaaS and IaaS platform to stand up a corporate infrastructure and build out a customer-facing web application. Which of the following solutions would be BEST to provide security, manageability, and visibility into the platforms?

A.

SIEM

B.

DLP

C.

CASB

D.

SWG

Full Access
Question # 33

An information security incident recently occurred at an organization, and the organization was required to report the incident to authorities and notify the affected parties. When the organization's customers became of aware of the incident, some reduced their orders or stopped placing orders entirely. Which of the following is the organization experiencing?

A.

Reputation damage

B.

Identity theft

C.

Anonymlzation

D.

Interrupted supply chain

Full Access
Question # 34

A security engineer needs to Implement the following requirements:

• All Layer 2 switches should leverage Active Directory tor authentication.

• All Layer 2 switches should use local fallback authentication If Active Directory Is offline.

• All Layer 2 switches are not the same and are manufactured by several vendors.

Which of the following actions should the engineer take to meet these requirements? (Select TWO).

A.

Implement RADIUS.

B.

Configure AAA on the switch with local login as secondary.

C.

Configure port security on the switch with the secondary login method.

D.

Implement TACACS+

E.

Enable the local firewall on the Active Directory server.

F.

Implement a DHCP server.

Full Access
Question # 35

A security analyst is using a recently released security advisory to review historical logs, looking for the specific activity that was outlined in the advisory. Which of the following is the analyst doing?

A.

A packet capture

B.

A user behavior analysis

C.

Threat hunting

D.

Credentialed vulnerability scanning

Full Access
Question # 36

Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server?

A.

The document is a honeyfile and is meant to attract the attention of a cyberintruder.

B.

The document is a backup file if the system needs to be recovered.

C.

The document is a standard file that the OS needs to verify the login credentials.

D.

The document is a keylogger that stores all keystrokes should the account be compromised.

Full Access
Question # 37

A company was recently breached Part of the company's new cybersecurity strategy is to centralize the logs from all security devices Which of the following components forwards the logs to a central source?

A.

Log enrichment

B.

Log aggregation

C.

Log parser

D.

Log collector

Full Access
Question # 38

A company wants to deploy PKI on its Internet-facing website. The applications that are currently deployed are:

  • www.company.com (main website)
  • contactus.company.com (for locating a nearby location)
  • quotes.company.com (for requesting a price quote)

The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store.company.com. Which of the following certificate types would BEST meet the requirements?

A.

SAN

B.

Wildcard

C.

Extended validation

D.

Self-signed

Full Access
Question # 39

Which of the following would be BEST to establish between organizations that have agreed cooperate and are engaged in early discussion to define the responsibilities of each party, but do not want to establish a contractually binding agreement?

A.

An SLA

B.

An NDA

C.

A BPA

D.

An MOU

Full Access
Question # 40

A security analyst is investigating an incident to determine what an attacker was able to do on a compromised laptop. The analyst reviews the following SIEM log:

Which of the following describes the method that was used to compromise the laptop?

A.

An attacker was able to move laterally from PC1 to PC2 using a pass-the-hash attack

B.

An attacker was able to bypass application whitelisting by emailing a spreadsheet attachment with an embedded PowerShell in the file

C.

An attacker was able to install malware to the CAasdf234 folder and use it to gam administrator nights and launch Outlook

D.

An attacker was able to phish user credentials successfully from an Outlook user profile

Full Access
Question # 41

Which of the following relets to applications and systems that are used within an organization without consent or approval?

A.

Shadow IT

B.

OSINT

C.

Dark web

D.

Insider threats

Full Access
Question # 42

A company is designing the layout of a new datacenter so it will have an optimal environmental temperature Which of the following must be included? (Select TWO)

A.

An air gap

B.

A cold aisle

C.

Removable doors

D.

A hot aisle

E.

An loT thermostat

F.

A humidity monitor

Full Access
Question # 43

A security administrator currently spends a large amount of time on common security tasks, such aa report generation, phishing investigations, and user provisioning and deprovisioning This prevents the administrator from spending time on other security projects. The business does not have the budget to add more staff members. Which of the following should the administrator implement?

A.

DAC

B.

ABAC

C.

SCAP

D.

SOAR

Full Access
Question # 44

Following a prolonged datacenter outage that affected web-based sales, a company has decided to move its operations to a private cloud solution. The security team has received the following requirements:

• There must be visibility into how teams are using cloud-based services.

• The company must be able to identify when data related to payment cards is being sent to the cloud.

• Data must be available regardless of the end user's geographic location

• Administrators need a single pane-of-glass view into traffic and trends.

Which of the following should the security analyst recommend?

A.

Create firewall rules to restrict traffic to other cloud service providers.

B.

Install a DLP solution to monitor data in transit.

C.

Implement a CASB solution.

D.

Configure a web-based content filter.

Full Access
Question # 45

An organization blocks user access to command-line interpreters but hackers still managed to invoke the interpreters using native administrative tools Which of the following should the security team do to prevent this from Happening in the future?

A.

Implement HIPS to block Inbound and outbound SMB ports 139 and 445.

B.

Trigger a SIEM alert whenever the native OS tools are executed by the user

C.

Disable the built-in OS utilities as long as they are not needed for functionality.

D.

Configure the AV to quarantine the native OS tools whenever they are executed

Full Access
Question # 46

A security analyst needs to produce a document that details how a security incident occurred, the steps that were taken for recovery, and how future incidents can be avoided. During which of the following stages of the response process will this activity take place?

A.

Recovery

B.

Identification

C.

Lessons learned

D.

Preparation

Full Access
Question # 47

An attacker is trying to gain access by installing malware on a website that is known to be visited by the target victims. Which of the following is the attacker MOST likely attempting?

A.

A spear-phishing attack

B.

A watering-hole attack

C.

Typo squatting

D.

A phishing attack

Full Access
Question # 48

A client sent several inquiries to a project manager about the delinquent delivery status of some critical reports. The project manager darned the reports were previously sent via email but then quickly generated and backdated the reports before submitting them via a new email message Which of the following actions MOST likely supports an investigation for fraudulent submission?

A.

Establish chain of custody

B.

Inspect the file metadata

C.

Reference the data retention policy

D.

Review the email event logs

Full Access
Question # 49

A security analyst discovers several .jpg photos from a cellular phone during a forensics investigation involving a compromised system. The analyst runs a forensics tool to gather file metadata. Which of the following would be part of the images if all the metadata is still intact?

A.

The GPS location

B.

When the file was deleted

C.

The total number of print jobs

D.

The number of copies made

Full Access
Question # 50

Which of the following disaster recovery tests is The LEAST time consuming for the disaster recovery team?

A.

Tabletop

B.

Parallel

C.

Full interruption

D.

Simulation

Full Access
Question # 51

The following is an administrative control that would be MOST effective to reduce the occurrence of malware execution?

A.

Security awareness training

B.

Frequency of NIDS updates

C.

Change control procedures

D.

EDR reporting cycle

Full Access
Question # 52

A security engineer needs to implement an MDM solution that complies with the corporate mobile device policy. The policy states that in order for mobile users to access corporate resources on their devices the following requirements must be met:

• Mobile device OSs must be patched up to the latest release

• A screen lock must be enabled (passcode or biometric)

• Corporate data must be removed if the device is reported lost or stolen

Which of the following controls should the security engineer configure? (Select TWO)

A.

Containerization

B.

Storage segmentation

C.

Posture checking

D.

Remote wipe

E.

Full-device encryption

F.

Geofencing

Full Access
Question # 53

A commercial cyber-threat intelligence organization observes IoCs across a variety of unrelated customers. Prior to releasing specific threat intelligence to other paid subscribers, the organization is MOST likely obligated by contracts to:

A.

perform attribution to specific APTs and nation-state actors.

B.

anonymize any PII that is observed within the IoC data.

C.

add metadata to track the utilization of threat intelligence reports.

D.

assist companies with impact assessments based on the observed data.

Full Access
Question # 54

Which of the following scenarios BEST describes a risk reduction technique?

A.

A security control objective cannot be met through a technical change, so the company purchases insurance and is no longer concerned about losses from data breaches.

B.

A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation.

C.

A security control objective cannot be met through a technical change, so the company changes as method of operation

D.

A security control objective cannot be met through a technical change, so the Chief Information Officer (CIO) decides to sign off on the risk.

Full Access
Question # 55

A company's Chief Information Security Officer (CISO) recently warned the security manager that the company’s Chief Executive Officer (CEO) is planning to publish a controversial option article in a national newspaper, which may result in new cyberattacks Which of the following would be BEST for the security manager to use in a threat mode?

A.

Hacktivists

B.

White-hat hackers

C.

Script kiddies

D.

Insider threats

Full Access
Question # 56

An organization's RPO for a critical system is two hours. The system is used Monday through Friday, from 9:00 am to 5:00 pm. Currently, the organization performs a full backup every Saturday that takes four hours to complete. Which of the following additional backup implementations would be the BEST way for the analyst to meet the business requirements?

A.

Incremental backups Monday through Friday at 6:00 p.m and differential backups hourly

B.

Full backups Monday through Friday at 6:00 p.m and incremental backups hourly.

C.

incremental backups Monday through Friday at 6:00 p.m and full backups hourly.

D.

Full backups Monday through Friday at 6:00 p.m and differential backups hourly.

Full Access
Question # 57

An organization's Chief Security Officer (CSO) wants to validate the business's involvement in the incident response plan to ensure its validity and thoroughness. Which of the following will the CSO MOST likely use?

A.

An external security assessment

B.

A bug bounty program

C.

A tabletop exercise

D.

A red-team engagement

Full Access
Question # 58

After consulting with the Chief Risk Officer (CRO). a manager decides to acquire cybersecurity insurance for the company Which of the following risk management strategies is the manager adopting?

A.

Risk acceptance

B.

Risk avoidance

C.

Risk transference

D.

Risk mitigation

Full Access
Question # 59

A smart retail business has a local store and a newly established and growing online storefront. A recent storm caused a power outage to the business and the local ISP, resulting in several hours of lost sales and delayed order processing. The business owner now needs to ensure two things:

* Protection from power outages

* Always-available connectivity In case of an outage

The owner has decided to implement battery backups for the computer equipment Which of the following would BEST fulfill the owner's second need?

A.

Lease a point-to-point circuit to provide dedicated access.

B.

Connect the business router to its own dedicated UPS.

C.

Purchase services from a cloud provider for high availability

D Replace the business's wired network with a wireless network.

Full Access
Question # 60

A500 is implementing an insider threat detection program, The primary concern is that users may be accessing confidential data without authorization. Which of the fallowing should be deployed to detect a potential insider threat?

A.

A honeyfile

B.

A DMZ

C.

ULF

D.

File integrity monitoring

Full Access
Question # 61

A company recently experienced an attack during which its main website was directed to the attacker’s web server, allowing the attacker to harvest credentials from unsuspecting customers. Which of the following should the company implement to prevent this type of attack occurring in the future?

A.

IPSec

B.

SSL/TLS

C.

DNSSEC

D.

S/MIME

Full Access
Question # 62

A company recently experienced an attack in which a malicious actor was able to exfiltrate data by cracking stolen passwords, using a rainbow table the sensitive data. Which of the following should a security engineer do to prevent such an attack in the future?

A.

Use password hashing.

B.

Enforce password complexity.

C.

Implement password salting.

D.

Disable password reuse.

Full Access
Question # 63

Several large orders of merchandise were recently purchased on an e-commerce company's website. The totals for each of the transactions were negative values, resulting in credits on the customers' accounts. Which of the following should be implemented to prevent similar situations in the future?

A.

Ensure input validation is in place to prevent the use of invalid characters and values.

B.

Calculate all possible values to be added together and ensure the use of the proper integer in the code.

C.

Configure the web application firewall to look for and block session replay attacks.

D.

Make sure transactions that are submitted within very short time periods are prevented from being processed.

Full Access
Question # 64

A multinational organization that offers web-based services has datacenters that are located only in the United States; however, a large number of its customers are in Australia, Europe, and China. Payments for services are managed by a third party in the United Kingdom that specializes in payment gateways. The management team is concerned the organization is not compliant with privacy laws that cover some of its customers. Which of the following frameworks should the management team follow?

A.

Payment Card Industry Data Security Standard

B.

Cloud Security Alliance Best Practices

C.

ISO/IEC 27032 Cybersecurity Guidelines

D.

General Data Protection Regulation

Full Access
Question # 65

The board of doctors at a company contracted with an insurance firm to limit the organization’s liability. Which of the following risk management practices does the BEST describe?

A.

Transference

B.

Avoidance

C.

Mitigation

D.

Acknowledgement

Full Access
Question # 66

During an asset inventory, several assets, supplies, and miscellaneous items were noted as missing. The security manager has been asked to find an automated solution to detect any future theft of equipment. Which of the following would be BEST to implement?

A.

Badges

B.

Fencing

C.

Access control vestibule

D.

Lighting

E.

Cameras

Full Access
Question # 67

The website http://companywebsite.com requires users to provide personal information including security responses, for registration. which of the following would MOST likely cause a date breach?

A.

LACK OF INPUT VALIDATION

B.

OPEN PERMISSIONS

C.

UNSCECURE PROTOCOL

D.

MISSING PATCHES

Full Access
Question # 68

During an incident response, an analyst applied rules to all inbound traffic on the border firewall and implemented ACLs on each critical server. Following an investigation, the company realizes it is still vulnerable because outbound traffic is not restricted, and the adversary is able to maintain a presence in the network. In which of the following stages of the Cyber Kill Chain is the adversary currently operating?

A.

Reconnaissance

B.

Command and control

C.

Actions on objective

D.

Exploitation

Full Access
Question # 69

A security analyst wants to fingerprint a web server. Which of the following tools will the security analyst MOST likely use to accomplish this task?

A.

nmap -p1-65535 192.168.0.10

B.

dig 192.168.0.10

C.

curl --head http://192.168.0.10

D.

ping 192.168.0.10

Full Access
Question # 70

A network administrator is concerned about users being exposed to malicious content when accessing company cloud applications. The administrator wants to be able to block access to sites based on the AUP. The users must also be protected because many of them work from home or at remote locations, providing on-site customer support. Which of the following should the administrator employ to meet these criteria?

A.

Implement NAC.

B.

Implement an SWG.

C.

Implement a URL filter.

D.

Implement an MDM.

Full Access
Question # 71

A company Is concerned about is security after a red-team exercise. The report shows the team was able to reach the critical servers due to the SMB being exposed to the Internet and running NTLMV1, Which of the following BEST explains the findings?

A.

Default settings on the servers

B.

Unsecured administrator accounts

C.

Open ports and services

D.

Weak Data encryption

Full Access
Question # 72

A company is looking to migrate some servers to the cloud to minimize its technology footprint. The company has 100 databases that are on premises. Which of the following solutions will require the LEAST management and support from the company?

A.

SaaS

B.

IaaS

C.

PaaS

D.

SDN

Full Access
Question # 73

The human resources department of a large online retailer has received multiple customer complaints about the rudeness of the automated chatbots It uses to interface and assist online shoppers. The system, which continuously learns and adapts, was working fine when it was installed a few months ago. Which of the following BEST describes the method being used to exploit the system?

A.

Baseline modification

B.

A fileless virus

C.

Tainted training data

D.

Cryptographic manipulation

Full Access
Question # 74

A company installed several crosscut shredders as part of increased information security practices targeting data leakage risks. Which of the following will this practice reduce?

A.

Dumpster diving

B.

Shoulder surfing

C.

Information elicitation

D.

Credential harvesting

Full Access
Question # 75

Which of the following types of attacks is specific to the individual it targets?

A.

Whaling

B.

Pharming

C.

Smishing

D.

Credential harvesting

Full Access
Question # 76

An organization is concerned about intellectual property theft by employee who leave the organization. Which of the following will be organization MOST likely implement?

A.

CBT

B.

NDA

C.

MOU

D.

AUP

Full Access
Question # 77

A security analyst is investigating a phishing email that contains a malicious document directed to the company's Chief Executive Officer (CEO). Which of the following should the analyst perform to understand the threat and retrieve possible IoCs?

A.

Run a vulnerability scan against the CEOs computer to find possible vulnerabilities

B.

Install a sandbox to run the malicious payload in a safe environment

C.

Perform a traceroute to identify the communication path

D.

Use netstat to check whether communication has been made with a remote host

Full Access
Question # 78

Users reported several suspicious activities within the last two weeks that resulted in several unauthorized transactions. Upon investigation, the security analyst found the following:

  • Multiple reports of breached credentials within that time period
  • Traffic being redirected in certain parts of the network
  • Fraudulent emails being sent by various internal users without their consent

Which of the following types of attacks was MOST likely used?

A.

Replay attack

B.

Race condition

C.

Cross site scripting

D.

Request forgeries

Full Access
Question # 79

Which of the following BEST reduces the security risks introduced when running systems that have expired vendor support and lack an immediate replacement?

A.

Implement proper network access restrictions

B.

Initiate a bug bounty program

C.

Classify the system as shadow IT.

D.

Increase the frequency of vulnerability scans

Full Access
Question # 80

An organization regularly scans its infrastructure for missing security patches but is concerned about hackers gaining access to the scanner's account. Which of the following would be BEST to minimize this risk?

A.

Require a complex, eight-character password that is updated every 90 days.

B.

Perform only non-intrusive scans of workstations.

C.

Use non-credentialed scans against high-risk servers.

D.

Log and alert on unusual scanner account logon times.

Full Access
Question # 81

A systems administrator is troubleshooting a server's connection to an internal web server. The administrator needs to determine the correct ports to use. Which of the following tools BEST shows which ports on the web server are in a listening state?

A.

Ipconfig

B.

ssh

C.

Ping

D.

Netstat

Full Access
Question # 82

A customer has reported that an organization's website displayed an image of a smiley (ace rather than the expected web page for a short time two days earlier. A security analyst reviews log tries and sees the following around the lime of the incident:

Which of the following is MOST likely occurring?

A.

Invalid trust chain

B.

Domain hijacking

C.

DNS poisoning

D.

URL redirection

Full Access
Question # 83

A Chief Executive Officer (CEO) is dissatisfied with the level of service from the company's new service provider. The service provider is preventing the CEO from sending email from a work account to a personal account. Which of the following types of service providers is being used?

A.

Telecommunications service provider

B.

Cloud service provider

C.

Master managed service provider

D.

Managed security service provider

Full Access
Question # 84

A dynamic application vulnerability scan identified code injection could be performed using a web form. Which of the following will be BEST remediation to prevent this vulnerability?

A.

Implement input validations

B.

Deploy MFA

C.

Utilize a WAF

D.

Configure HIPS

Full Access
Question # 85

Which of the following should be monitored by threat intelligence researchers who search for leaked credentials?

A.

Common Weakness Enumeration

B.

OSINT

C.

Dark web

D.

Vulnerability databases

Full Access
Question # 86

A systems administrator reports degraded performance on a virtual server. The administrator increases the virtual memory allocation, which improves conditions, but performance degrades again after a few days The administrator runs an analysis tool and sees the following output:

The administrator terminates the timeAttend.exe, observes system performance over the next few days and notices that the system performance does not degrade Which of the following issues is MOST likely occurring?

A.

DLL injection

B.

API attack

C.

Buffer overflow

D.

Memory leak

Full Access
Question # 87

A security administrator is setting up a SIEM to help monitor for notable events across the enterprise. Which of the following control types does this BEST represent?

A.

Preventive

B.

Compensating

C.

Corrective

D.

Detective

Full Access
Question # 88

During a recent penetration test, the tester discovers large amounts of data were exfiltrated over the course of 12 months via the Internet. The penetration tester stops the test to inform the client of the findings. Which of the following should be the client's NEXT step to mitigate the issue?

A.

Conduct a full vulnerability scan to identify possible vulnerabilities.

B.

Perform containment on the critical servers and resources

C.

Review the firewall and identify the source of the active connection.

D.

Disconnect the entire infrastructure from the Internet

Full Access
Question # 89

A junior security analyst is conducting an analysis after passwords were changed on multiple accounts without users' interaction. The SIEM have multiple login entries with the following text:

Which of the following is the MOST likely attack conducted on the environment?

A.

Malicious script

B.

Privilege escalation

C.

Domain hijacking

D.

DNS poisoning

Full Access
Question # 90

An organization recently discovered that a purchasing officer approved an invoice for an amount that was different than the original purchase order. After further investigation a security analyst determines that the digital signature for the fraudulent invoice is exactly the same as the digital signature for the correct invoice that had been approved Which of the following attacks MOST likely explains the behavior?

A.

Birthday

B.

Rainbow table

C.

Impersonation

D.

Whaling

Full Access
Question # 91

A financial analyst has been accused of violating the company’s AUP and there is forensic evidence to substantiate the allegation. Which of the following would dispute the analyst’s claim of innocence?

A.

Legal hold

B.

Order of volatility

C.

Non-repudiation

D.

Chain of custody

Full Access
Question # 92

A security auditor is reviewing vulnerability scan data provided by an internal security team. Which of the following BEST indicates that valid credentials were used?

A.

The scan results show open ports, protocols, and services exposed on the target host

B.

The scan enumerated software versions of installed programs

C.

The scan produced a list of vulnerabilities on the target host

D.

The scan identified expired SSL certificates

Full Access