151-200

Question 1

A security analyst needs to perform periodic vulnerably scans on production systems.
Which of the following scan types would produce the BEST vulnerability scan report?

Answer 1

A. Port
B. Intrusive
C. Host discovery
D. Credentialed
Answer: D

Question 2

While reviewing the wireless router, the systems administrator of a small business determines
someone is spoofing the MAC address of an authorized device.
Given the table below:

Which of the following should be the administrator’s NEXT step to detect if there is a rogue system without
impacting availability?

Answer 2

A. Conduct a ping sweep.
B. Physically check each system,
C. Deny Internet access to the "UNKNOWN" hostname.
D. Apply MAC filtering,
Answer: D

Question 3

A Chief Information Security Officer (CISO) needs to create a policy set that meets international
standards for data privacy and sharing.
Which of the following should the CISO read and understand before writing the policies?

Answer 3

A. PCI DSS
B. GDPR
C. NIST
D. ISO 31000
Answer: B

Question 4

Ann, a forensic analyst, needs to prove that the data she originally acquired has remained
unchanged while in her custody.

Which of the following should Ann use?

Answer 4

A. Chain of custody
B. Checksums
C. Non-repudiation
D. Legal hold
Answer: A

Question 5

A security analyst is performing a forensic investigation compromised account credentials. Using the
Event Viewer, the analyst able to detect the following message, ‘’Special privileges assigned to new
login.’’ Several of these messages did not have a valid logon associated with the user before these
privileges were assigned.
Which of the following attacks is MOST likely being detected?

Answer 5

A. Pass-the-hash
B. Buffer overflow
C. Cross-site scripting
D. Session replay
Answer: A

Question 6

A company has discovered unauthorized devices are using its WiFi network, and it wants to harden
the access point to improve security.
Which of the following configuration should an analyst enable to improve security? (Select Two)

Answer 6

A. RADIUS
B. PEAP
C. WPS
D. WEP-TKIP
E. SSL
F. WPA2-PSK
Answer: D,F

Question 7

Which of the following is a team of people dedicated testing the effectiveness of organizational
security programs by emulating the techniques of potential attackers?

Answer 7

A. Red team
B. While team
C. Blue team
D. Purple team
Answer: A

Question 8

A user reports constant lag and performance issues with the wireless network when working at a
local coffee shop. A security analyst walks the user through an installation of Wireshark and get a
five-minute pcap to analyze.
The analyst observes the following output:

Which of the following attacks does the analyst MOST likely see in this packet capture?

Answer 8

A. Session replay
B. Evil twin
C. Bluejacking
D. ARP poisoning
Answer: B

Question 9

Which of the following would be BEST to establish between organizations to define the
responsibilities of each party outline the key deliverables and include monetary penalties for breaches to
manage third-party risk?

Answer 9

A. An ARO
B. An MOU
C. An SLA
D. A BPA
Answer: B

Question 10

An organization suffered an outage and a critical system took 90 minutes to come back online.
Though there was no data loss during the outage, the expectation was that the critical system would be
available again within 60 minutes.
Which of the following is the 60-minute expectation an example of:

Answer 10

A. MTBF
B. RPO
C. MTTR
D. RTO
Answer: D

Question 11

A cybersecurity department purchased o new PAM solution. The team is planning to randomize the
service account credentials of the Windows server first.
Which of the following would be the BEST method to increase the security on the Linux server?

Answer 11

A. Randomize the shared credentials
B. Use only guest accounts to connect.
C. Use SSH keys and remove generic passwords
D. Remove all user accounts.
Answer: C

Question 12

A privileged user at a company stole several proprietary documents from a server. The user also
went into the log files and deleted all records of the incident. The systems administrator has Just informed
investigators that other log files are available for review.
Which of the following did the administrator MOST likely configure that will assist the investigators?

Answer 12

A. Memory dumps
B. The syslog server
C. The application logs
D. The log retention policy
Answer: B

Question 13

A company is designing the layout of a new datacenter so it will have an optimal environmental
temperature.
Which of the following must be included? (Select TWO)

Answer 13

A. An air gap
B. A cold aisle
C. Removable doors
D. A hot aisle
E. An loT thermostat
F. A humidity monitor
Answer: E,F

Question 14

The following is an administrative control that would be MOST effective to reduce the occurrence of
malware execution?

Answer 14

A. Security awareness training
B. Frequency of NIDS updates
C. Change control procedures
D. EDR reporting cycle
Answer: A

Question 15

A researcher has been analyzing large data sets for the last ten months. The researcher works with
colleagues from other institutions and typically connects via SSH to retrieve additional data.
Historically, this setup has worked without issue, but the researcher recently started getting the following
message:

Which of the following network attacks is the researcher MOST likely experiencing?

Answer 15

A. MAC cloning
B. Evil twin
C. Man-in-the-middle
D. ARP poisoning
Answer: C

Question 16

A user recent an SMS on a mobile phone that asked for bank delays.
Which of the following social-engineering techniques was used in this case?

Answer 16

A. SPIM
B. Vishing
C. Spear phishing
D. Smishing
Answer: D

Question 17

Which of the following describes the BEST approach for deploying application patches?

Answer 17

A. Apply the patches to systems in a testing environment then to systems in a staging environment, and
finally to production systems.
B. Test the patches in a staging environment, develop against them in the development environment, and
then apply them to the production systems
C. Test the patches m a test environment apply them to the production systems and then apply them to a
staging environment
D. Apply the patches to the production systems apply them in a staging environment, and then test all of
them in a testing environment
Answer: A

Question 18

A recent malware outbreak across a subnet included successful rootkit installations on many PCs,
ensuring persistence by rendering remediation efforts ineffective.
Which of the following would BEST detect the presence of a rootkit in the future?

Answer 18

A. FDE
B. NIDS
C. EDR
D. DLP
Answer: C

Question 19

A large enterprise has moved all Hs data to the cloud behind strong authentication and encryption. A
sales director recently had a laptop stolen and later, enterprise data was round to have been
compromised database.
Which of the following was the MOST likely cause?

Answer 19

A. Shadow IT
B. Credential stuffing
C. SQL injection
D. Man-in-the-browser
E. Bluejacking
Answer: A

Question 20

To mitigate the impact of a single VM being compromised by another VM on the same hypervisor, an
administrator would like to utilize a technical control to further segregate the traffic.
Which of the following solutions would BEST accomplish this objective?

Answer 20

A. Install a hypervisor firewall to filter east-west traffic.
B. Add more VLANs to the hypervisor network switches.
C. Move exposed or vulnerable VMs to the DMZ.
D. Implement a zero-trust policy and physically segregate the hypervisor servers.
Answer: B

Question 21

A security analyst is investigating a vulnerability in which a default file permission was set incorrectly.
The company uses non-credentialed scanning for vulnerability management.

Which of the following tools can the analyst use to verify the permissions?

Answer 21

A. ssh
B. chmod
C. 1s
D. setuid
E. nessus
F. nc
Answer: B

Question 22

A company just implemented a new telework policy that allows employees to use personal devices
for official email and file sharing while working from home.
Some of the requirements are:
* Employees must provide an alternate work location (i.e., a home address)
* Employees must install software on the device that will prevent the loss of proprietary data but will not
restrict any other software from being installed.
Which of the following BEST describes the MDM options the company is using?

Answer 22

A. Geofencing, content management, remote wipe, containerization, and storage segmentation
B. Content management, remote wipe, geolocation, context-aware authentication, and containerization
C. Application management, remote wipe, geofencing, context-aware authentication, and containerization
D. Remote wipe, geolocation, screen locks, storage segmentation, and full-device encryption
Answer: D

Question 23

A pharmaceutical sales representative logs on to a laptop and connects to the public WiFi to check
emails and update reports.
Which of the following would be BEST to prevent other devices on the network from directly accessing the
laptop? (Choose two.)

Answer 23

A. Trusted Platform Module
B. A host-based firewall
C. A DLP solution
D. Full disk encryption
E. A VPN
F. Antivirus software
Answer: A,B

Question 24

Several employees return to work the day after attending an industry trade show. That same day, the
security manager notices several malware alerts coming from each of the employee’s workstations. The
security manager investigates but finds no signs of an attack on the perimeter firewall or the NIDS.
Which of the following is MOST likely causing the malware alerts?

Answer 24

A. A worm that has propagated itself across the intranet, which was initiated by presentation media
B. A fileless virus that is contained on a vCard that is attempting to execute an attack
C. A Trojan that has passed through and executed malicious code on the hosts
D. A USB flash drive that is trying to run malicious code but is being blocked by the host firewall
Answer: A

Question 25

An analyst is trying to identify insecure services that are running on the internal network After
performing a port scan the analyst identifies that a server has some insecure services enabled on default
ports.
Which of the following BEST describes the services that are currently running and the secure alternatives
for replacing them’ (Select THREE)?

Answer 25

A. SFTP FTPS
B. SNMPv2 SNMPv3
C. HTTP, HTTPS
D. TFTP FTP
E. SNMPv1, SNMPv2
F. Telnet SSH
G. TLS, SSL
H. POP, IMAP
I. Login, rlogin
Answer: B,C,F

Question 26

A multinational organization that offers web-based services has datacenters that are located only in
the United States; however, a large number of its customers are in Australia, Europe, and China.
Payments for services are managed by a third party in the United Kingdom that specializes in payment
gateways. The management team is concerned the organization is not compliant with privacy laws that
cover some of its customers.

Which of the following frameworks should the management team follow?

Answer 26

A. Payment Card Industry Data Security Standard
B. Cloud Security Alliance Best Practices
C. ISO/IEC 27032 Cybersecurity Guidelines
D. General Data Protection Regulation
Answer: A

Question 27

An organization regularly scans its infrastructure for missing security patches but is concerned about
hackers gaining access to the scanner’s account.
Which of the following would be BEST to minimize this risk?

Answer 27

A. Require a complex, eight-character password that is updated every 90 days.
B. Perform only non-intrusive scans of workstations.
C. Use non-credentialed scans against high-risk servers.
D. Log and alert on unusual scanner account logon times.
Answer: D

Question 28

An organization is concerned that its hosted web servers are not running the most updated version of
the software.
Which of the following would work BEST to help identify potential vulnerabilities?

Answer 28

A. hping3 -S corsptia.org -p 80
B. nc —1 —v comptia.org -p 80
C. nmap comptia.org -p 80 —sV
D. nslookup -port=80 comptia.org
Answer: C

Question 29

When selecting a technical solution for identity management, an architect chooses to go from an
in-house to a third-party SaaS provider.
Which of the following risk management strategies is this an example of?

Answer 29

A. Acceptance
B. Mitigation
C. Avoidance
D. Transference
Answer: D

Question 30

Which of the following are requirements that must be configured for PCI DSS compliance? (Select
TWO).

Answer 30

A. Testing security systems and processes regularly
B. Installing and maintaining a web proxy to protect cardholder data
C. Assigning a unique ID to each person with computer access
D. Encrypting transmission of cardholder data across private networks
E. Benchmarking security awareness training for contractors
F. Using vendor-supplied default passwords for system passwords
Answer: B,D

Question 31

The concept of connecting a user account across the systems of multiple enterprises is BEST known
as:

Answer 31

A. federation.
B. a remote access policy.
C. multifactor authentication.
D. single sign-on.
Answer: D

Question 32

Which of the following relets to applications and systems that are used within an organization without
consent or approval?

Answer 32

A. Shadow IT
B. OSINT
C. Dark web
D. Insider threats
Answer: A

Question 33

An organization hired a consultant to assist with an active attack, and the consultant was able to
identify the compromised accounts and computers.

Which of the following is the consultant MOST likely to recommend to prepare for eradication?

Answer 33

A. Quarantining the compromised accounts and computers, only providing them with network access
B. Segmenting the compromised accounts and computers into a honeynet so as to not alert the attackers.
C. Isolating the compromised accounts and computers, cutting off all network and internet access.
D. Logging off and deleting the compromised accounts and computers to eliminate attacker access.
Answer: B

Question 34

During an incident response, a security analyst observes the following log entry on the web server.
Which of the following BEST describes the type of attack the analyst is experience?

Answer 34

A. SQL injection
B. Cross-site scripting
C. Pass-the-hash
D. Directory traversal
Answer: B

Question 35

An attacker was easily able to log in to a company’s security camera by performing a baste online
search for a setup guide for that particular camera brand and model.
Which of the following BEST describes the configurations the attacker exploited?

Answer 35

A. Weak encryption
B. Unsecure protocols
C. Default settings
D. Open permissions
Answer: C

Question 36

A Chief Security Officer (CSO) was notified that a customer was able to access confidential internal
company files on a commonly used file-sharing service. The file-sharing service is the same one used by
company staff as one of its approved third-party applications. After further investigation, the security team
determines the sharing of confidential files was accidental and not malicious. However, the CSO wants to
implement changes to minimize this type of incident from reoccurring but does not want to impact existing
business processes.
Which of the following would BEST meet the CSO’s objectives?

Answer 36

A. DLP
B. SWG
C. CASB
D. Virtual network segmentation
E. Container security
Answer: A

Question 37

A network technician is installing a guest wireless network at a coffee shop. When a customer
purchases an Item, the password for the wireless network is printed on the recent so the customer can log
in.
Which of the following will the technician MOST likely configure to provide the highest level of security
with the least amount of overhead?

Answer 37

A. WPA-EAP
B. WEP-TKIP
C. WPA-PSK
D. WPS-PIN
Answer: A

Question 38

A company processes highly sensitive data and senior management wants to protect the sensitive
data by utilizing classification labels.

Which of the following access control schemes would be BEST for the company to implement?

Answer 38

A. Discretionary
B. Rule-based
C. Role-based
D. Mandatory
Answer: D

Question 39

A cybersecurity administrator has a reduced team and needs to operate an on-premises network and
security infrastructure efficiently. To help with the situation, the administrator decides to hire a service
provider.
Which of the following should the administrator use?

Answer 39

A. SDP
B. AAA
C. IaaS
D. MSSP
E. Microservices
Answer: D

Question 40

A smart switch has the ability to monitor electrical levels and shut off power to a building in the event
of power surge or other fault situation. The switch was installed on a wired network in a hospital and is
monitored by the facilities department via a cloud application. The security administrator isolated the
switch on a separate VLAN and set up a patch routine.
Which of the following steps should also be taken to harden the smart switch?

Answer 40

A. Set up an air gap for the switch.
B. Change the default password for the switch.
C. Place the switch In a Faraday cage.
D. Install a cable lock on the switch
Answer: B

Question 41

Users at organization have been installing programs from the internet on their workstations without
first proper authorization. The organization maintains a portal from which users can install standardized
programs. However, some users have administrative access on their workstations to enable legacy
programs to function property.
Which of the following should the security administrator consider implementing to address this issue?

Answer 41

A. Application code signing
B. Application whitellsting
C. Data loss prevention
D. Web application firewalls
Answer: B

Question 42

Joe. a security analyst, recently performed a network discovery to fully understand his organization’s electronic footprint from a “public” perspective.
Joe ran a set of commands and received the following output:

Which of the following can be determined about the organization’s public presence and security posture?
(Select TWO).

Answer 42

A. Joe used Who is to produce this output.
B. Joe used cURL to produce this output.
C. Joe used Wireshark to produce this output
D. The organization has adequate information available in public registration.
E. The organization has too much information available in public registration.
F. The organization has too little information available in public registration
Answer: A,D

Question 43

A security administrator is trying to determine whether a server is vulnerable to a range of attacks.
After using a tool, the administrator obtains the following output:

Which of the following attacks was successfully implemented based on the output?

Answer 43

A. Memory leak
B. Race conditions
C. SQL injection
D. Directory traversal
Answer: D

Question 44

A public relations team will be taking a group of guest on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure
all white boars are cleaned and all desks are cleared. The company is MOST likely trying to protect
against.

Answer 44

A. Loss of proprietary information
B. Damage to the company’s reputation
C. Social engineering
D. Credential exposure
Answer: C

Question 45

An engineer wants to access sensitive data from a corporate-owned mobile device.
Personal data is not allowed on the device.

Which of the following MDM configurations must be considered when the engineer travels for business?

Answer 45

A. Screen locks
B. Application management
C. Geofencing
D. Containerization
Answer: D

Question 46

A security administrator currently spends a large amount of time on common security tasks, such aa
report generation, phishing investigations, and user provisioning and deprovisioning This prevents the
administrator from spending time on other security projects. The business does not have the budget to
add more staff members.
Which of the following should the administrator implement?

Answer 46

A. DAC
B. ABAC
C. SCAP
D. SOAR
Answer: D

Question 47

After installing a Windows server, a cybersecurity administrator needs to harden it, following security
best practices.
Which of the following will achieve the administrator’s goal? (Select TWO).

Answer 47

A. Disabling guest accounts
B. Disabling service accounts
C. Enabling network sharing
D. Disabling NetBIOS over TCP/IP
E. Storing LAN manager hash values
F. Enabling NTLM
Answer: A,D

Question 48

A company recently experienced an attack in which a malicious actor was able to exfiltrate data by
cracking stolen passwords, using a rainbow table the sensitive data.

Which of the following should a security engineer do to prevent such an attack in the future?

Answer 48

A. Use password hashing.
B. Enforce password complexity.
C. Implement password salting.
D. Disable password reuse.
Answer: D

Question 49

A SOC is implementing an in sider-threat-detection program. The primary concern is that users may
be accessing confidential data without authorization.
Which of the following should be deployed to detect a potential insider threat?

Answer 49

A. A honeyfile
B. ADMZ
C. DLP
D. File integrity monitoring
Answer: A

Question 50

A security analyst is reviewing a new website that will soon be made publicly available. The analyst
sees the following in the URL: http://dev-site.comptia.org/home/show.php?sessionID=77276554&loc=us
The analyst then sends an internal user a link to the new website for testing purposes, and when the user
clicks the link, the analyst is able to browse the website with the following URL:
http://dev-site.comptia.org/home/show.php?sessionID=98988475&loc=us
Which of the following application attacks is being tested?

Answer 50

A. Pass-the-hash
B. Session replay
C. Object deference
D. Cross-site request forgery
Answer: B

–