26-50

Question 1

A security engineer is deploying a new wireless network for a company. The company shares office space with multiple tenants. Which of the following should the engineer configure on the wireless network to ensure that confidential data is not exposed to unauthorized users?

A. EAP
B. TLS
C. HTTPS
D. AES

Answer 1

A. EAP

Question 2

The Chief Compliance Officer from a bank has approved a background check policy for all new hires. Which of the following is the policy MOST likely protecting against?

A. Preventing any current employees’ siblings from working at the bank to prevent nepotism
B. Hiring an employee who has been convicted of theft to adhere to industry compliance
C. Filtering applicants who have added false information to resumes so they appear better qualified
D. Ensuring no new hires have worked at other banks that may be trying to steal customer information

Answer 2

B. Hiring an employee who has been convicted of theft to adhere to industry compliance

Question 3

An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled.
Which of the following can be used to accomplish this task?

A. Application allow list
B. SWG
C. Host-based firewall
D. VPN

Answer 3

C. Host-based firewall

Question 4

A technician was dispatched to complete repairs on a server in a data center. While locating the server, the technician entered a restricted area without authorization. Which of the following security controls would BEST prevent this in the future?

A. Use appropriate signage to mark all areas.
B. Utilize cameras monitored by guards.
C. Implement access control vestibules.
D. Enforce escorts to monitor all visitors.

Answer 4

C. Implement access control vestibules.

Question 5

Which of the following would BEST provide a systems administrator with the ability to more efficiently identify systems and manage permissions and policies based on location, role, and service level?

A. Standard naming conventions
B. Domain services
C. Baseline configurations
D. Diagrams

Answer 5

A. Standard naming conventions

Question 6

Which of the following would detect intrusions at the perimeter of an airport?

A. Signage
B. Fencing
C. Motion sensors
D. Lighting
E. Bollards

Answer 6

C. Motion sensors

Question 7

A security analyst is concerned about critical vulnerabilities that have been detected on some applications running inside containers. Which of the following is the
BEST remediation strategy?

A. Update the base container Image and redeploy the environment.
B. Include the containers in the regular patching schedule for servers.
C. Patch each running container individually and test the application.
D. Update the host in which the containers are running.

Answer 7

A. Update the base container Image and redeploy the environment.

Question 8

An organization has decided to purchase an insurance policy because a risk assessment determined that the cost to remediate the risk is greater than the five- year cost of the insurance policy. The organization is enabling risk:

A. avoidance.
B. acceptance.
C. mitigation.
D. transference.

Answer 8

D. transference.

Question 9

A security analyst receives an alert from the company’s SIEM that anomalous activity is coming from a local source IP address of 192.168.34.26. The Chief
Information Security Officer asks the analyst to block the originating source. Several days later, another employee opens an internal ticket stating that vulnerability scans are no longer being performed properly. The IP address the employee provides is 192.168.34.26. Which of the following describes this type of alert?

A. True negative
B. True positive
C. False positive
D. False negative

Answer 9

C. False positive

Question 10

The Chief Information Security Officer (CISO) requested a report on potential areas of improvement following a security incident. Which of the following incident response processes is the CISO requesting?

A. Lessons learned
B. Preparation
C. Detection
D. Containment
E. Root cause analysis

Answer 10

A. Lessons learned

Question 11

A company is providing security awareness training regarding the importance of not forwarding social media messages from unverified sources. Which of the following risks would this training help to prevent?

A. Hoaxes
B. SPIMs
C. Identity fraud
D. Credential harvesting

Answer 11

A. Hoaxes

Question 12

A security analyst is receiving numerous alerts reporting that the response time of an internet-facing application has been degraded. However, the internal network performance was not degraded. Which of the following MOST likely explains this behavior?

A. DNS poisoning
B. MAC flooding
C. DDoS attack
D. ARP poisoning

Answer 12

C. DDoS attack

Question 13

Which of the following will increase cryptographic security?

A. High data entropy
B. Algorithms that require less computing power
C. Longer key longevity
D. Hashing

Answer 13

A. High data entropy

Question 14

Which of the following statements BEST describes zero-day exploits?

A. When a zero-day exploit is discovered, the system cannot be protected by any means.
B. Zero-day exploits have their own scoring category in CVSS.
C. A zero-day exploit is initially undetectable, and no patch for it exists.
D. Discovering zero-day exploits is always performed via bug bounty programs.

Answer 14

C. A zero-day exploit is initially undetectable, and no patch for it exists.

Question 15

A company wants to restrict emailing of PHI documents. The company is implementing a DLP solution. In order to restrict PHI documents, which of the following should be performed FIRST?

A. Retention
B. Governance
C. Classification
D. Change management

Answer 15

C. Classification

Question 16

A security analyst is investigating some users who are being redirected to a fake website that resembles www.comptia.org. The following output was found on the naming server of the organization:

Name Type Data
www A 192.168.1.10
server1 A 10.10.10.10
server2 A 10.10.10.11
file A 10.10.10.12

Which of the following attacks has taken place?
A. Domain reputation
B. Domain hijacking
C. Disassociation
D. DNS poisoning

Answer 16

D. DNS poisoning

Question 17

Which of the following describes the continuous delivery software development methodology?

A. Waterfall
B. Spiral
C. V-shaped
D. Agile

Answer 17

D. Agile

Question 18

Which of the following is the BEST example of a cost-effective physical control to enforce a USB removable media restriction policy?

A. Putting security/antitamper tape over USB ports, logging the port numbers, and regularly inspecting the ports
B. Implementing a GPO that will restrict access to authorized USB removable media and regularly verifying that it is enforced
C. Placing systems into locked, key-controlled containers with no access to the USB ports
D. Installing an endpoint agent to detect connectivity of USB and removable media

Answer 18

A. Putting security/antitamper tape over USB ports, logging the port numbers, and regularly inspecting the ports

Question 19

A company suspects that some corporate accounts were compromised. The number of suspicious logins from locations not recognized by the users is increasing.Employees who travel need their accounts protected without the risk of blocking legitimate login requests that may be made over new sign-in properties. Which of the following security controls can be implemented?

A. Enforce MFA when an account request reaches a risk threshold.
B. Implement geofencing to only allow access from headquarters.
C. Enforce time-based login requests that align with business hours.
D. Shift the access control scheme to a discretionary access control.

Answer 19

A. Enforce MFA when an account request reaches a risk threshold.

Question 20

An organization wants to participate in threat intelligence information sharing with peer groups. Which of the following would MOST likely meet the organization’s requirement?

A. Perform OSINT investigations.
B. Subscribe to threat intelligence feeds.
C. Submit RFCs.
D. Implement a TAXII server.

Answer 20

D. Implement a TAXII server.

Question 21

Which of the following is the MOST effective control against zero-day vulnerabilities?

A. Network segmentation
B. Patch management
C. Intrusion prevention system
D. Multiple vulnerability scanners

Answer 21

A. Network segmentation

Question 22

Which of the following is the GREATEST security concern when outsourcing code development to third-party contractors for an internet-facing application?

A. Intellectual property theft
B. Elevated privileges
C. Unknown backdoor
D. Quality assurance

Answer 22

C. Unknown backdoor

Question 23

An organization has hired a red team to simulate attacks on its security posture. Which of the following will the blue team do after detecting an IoC?

A. Reimage the impacted workstations.
B. Activate runbooks for incident response.
C. Conduct forensics on the compromised system.
D. Conduct passive reconnaissance to gather information.

Answer 23

B. Activate runbooks for incident response.

Question 24

An amusement park is implementing a biometric system that validates customers’ fingerprints to ensure they are not sharing tickets. The park’s owner values customers above all and would prefer customers’ convenience over security. For this reason, which of the following features should the security team prioritize
FIRST?

A. Low FAR
B. Low efficacy
C. Low FRR
D. Low CER

Answer 24

C. Low FRR

Question 25

A security analyst wants to reference a standard to develop a risk management program. Which of the following is the BEST source for the analyst to use?

A. SSAE SOC 2
B. ISO 31000
C. NIST CSF
D. GDPR

Answer 25

B. ISO 31000