Final Test part 2

Question 1

An organization implemented a process that compares the settings currently configured on systems against secure configuration guidelines in order to identify any gaps. Which of the following control types has the organization implemented?
A. Compensating
B. Corrective
C. Preventive
D. Detective

Answer 1

D. Detective

Question 2

The Chief Information Security Officer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access. Which of the following is the BEST security solution to reduce this risk?
A. CASB
B. VPN concentrator
C. MFA
D. VPC endpoint

Answer 2

A. CASB

Question 3

A technician enables full disk encryption on a laptop that will be taken on a business trip. Which of the following does this process BEST protect?
A. Data in transit
B. Data in processing
C. Data at rest
D. Data tokenization

Answer 3

C. Data at rest

Question 4

A security analyst was called to investigate a file received directly from a hardware manufacturer. The analyst is trying to determine whether the file was modified in transit before installation on the user’s computer. Which of the following can be used to safely assess the file?
A. Check the hash of the installation file.
B. Match the file names.
C. Verify the URL download location.
D. Verify the code signing certificate.

Answer 4

A. Check the hash of the installation file.

Question 5

Which of the following is a benefit of including a risk management framework into an organization’s security approach?
A. It defines expected service levels from participating supply chain partners to ensure system outages are remediated in a timely manner.
B. It identifies specific vendor products that have been tested and approved for use in a secure environment.
C. It provides legal assurances and remedies in the event a data breach occurs.
D. It incorporates control, development, policy, and management activities into IT operations.

Answer 5

D. It incorporates control, development, policy, and management activities into IT operations.

Question 6

An audit identified PII being utilized in the development environment of a critical application, the CPO is adamant that this data must be removed. However, the developers are concerned that without real data they cannot perform functionality tests and search for specific data. Which of the following should a security professional implement to BEST satisfy both the CPO’s and the development team’s requirements?
A. Data anonymization
B. Data Encryption
C. Data Masking
D. Data tokenization

Answer 6

Data Masking

Question 7

Which of the following tools is effective in preventing a user from accessing unauthorized removable media?
A. USB data blocker
B. Faraday cage
C. Proximity reader
D. Cable lock

Answer 7

A. USB data blocker

Question 8

A Chief Security Officer is looking for a solution that can provide increased scalability and flexibility for back-end infrastructure, allowing it to be updated and modified without disruption to services. The security architect would like the solution selected to reduce the back-end server resources and has highlighted that session persistence is not important for the applications running on the back-end servers. Which of the following would BEST meet the requirements?
A. Reverse proxy
B. Automated patch management
C. Snapshots
D. NIC teaming

Answer 8

A. Reverse proxy

Question 9

A security analyst is reviewing application logs to determine the source of a breach and locates the following log: https://www.comptia.com/login.php?id=’%20or%20’1’1=’1
Which of the following has been observed?
A. DLL Injection
B. API attack
C. SQLi
D. XSS

Answer 9

C. SQLi

Question 10

A forensics investigator is examining a number of unauthorized payments that were reported on the company’s website. Some unusual log entries show users received an email for an unwanted mailing list and clicked on a link to attempt to unsubscribe. One of the users reported the email to the phishing team, and the forwarded email revealed the link to be:
<a>Click here to unsubscribe</a>
Which of the following will the forensics investigator MOST likely determine has occurred?
A. SQL injection
B. Broken authentication
C. XSS
D. XSRF

Answer 10

D. XSRF

Question 11

A report delivered to the Chief Information Security Officer (CISO) shows that some user credentials could be exfiltrated. The report also indicates that users tend to choose the same credentials on different systems and applications. Which of the following policies should the CISO use to prevent someone from using the exfiltrated credentials?
A. MFA
B. Lockout
C. Time-based logins
D. Password history

Answer 11

A. MFA

Question 12

A company wants to simplify the certificate management process. The company has a single domain with several dozen subdomains, all of which are publicly accessible on the internet. Which of the following BEST describes the type of certificate the company should implement?
A. Subject alternative name
B. Wildcard
C. Self-signed
D. Domain validation

Answer 12

B.Wildcard

Question 13

An amusement park is implementing a biometric system that validates customers’ fingerprints to ensure they are not sharing tickets. The park’s owner values customers above all and would prefer customers’ convenience over security. For this reason, which of the following features should the security team prioritize
FIRST?
A. Low FAR
B. Low efficacy
C. Low FRR
D. Low CER

Answer 13

C. Low FRR

Question 14

A recent security breach exploited software vulnerabilities in the firewall and within the network management solution. Which of the following will MOST likely be used to identify when the breach occurred through each device?
A. SIEM correlation dashboards
B. Firewall syslog event logs
C. Network management solution login audit logs
D. Bandwidth monitors and interface sensors

Answer 14

A. SIEM correlation dashboards

Question 15

As part of a security compliance assessment, an auditor performs automated vulnerability scans. In addition, which of the following should the auditor do to complete the assessment?
A. User behavior analysis
B. Packet captures
C. Configuration reviews
D. Log analysis

Answer 15

C. Configuration reviews

Question 16

An organization maintains several environments in which patches are developed and tested before being deployed to an operational status. Which of the following is the environment in which patches will be deployed just prior to being put into an operational status?
A. Development
B. Test
C. Production
D. Staging

Answer 16

D. Staging

Question 17

An organization wants to implement a biometric system with the highest likelihood that an unauthorized user will be denied access. Which of the following should the organization use to compare biometric solutions?
A. FRR
B. Difficulty of use
C. Cost
D. FAR
E. CER

Answer 17

E. CER

Question 18

A company recently experienced a significant data loss when proprietary information was leaked to a competitor. The company took special precautions by using proper labels; however, email filter logs do not have any record of the incident. An investigation confirmed the corporate network was not breached, but documents were downloaded from an employee’s COPE tablet and passed to the competitor via cloud storage. Which of the following is the BEST remediation for this data leak?
A. User training
B. CASB
C. MDM
D. DLP

Answer 18

D. DLP

Question 19

A tax organization is working on a solution to validate the online submission of documents. The solution should be carried on a portable USB device that should be inserted on any computer that is transmitting a transaction securely. Which of the following is the BEST certificate for these requirements?
A. User certificate
B. Self-signed certificate
C. Computer certificate
D. Root certificate

Answer 19

A. User certificate

Question 20

A recent audit cited a risk involving numerous low-criticality vulnerabilities created by a web application using a third-party library. The development staff state there are still customers using the application even though it is end of life and it would be a substantial burden to update the application for compatibility with more secure libraries. Which of the following would be the MOST prudent course of action?
A. Accept the risk if there is a clear road map for timely decommission.
B. Deny the risk due to the end-of-life status of the application.
C. Use containerization to segment the application from other applications to eliminate the risk.
D. Outsource the application to a third-party developer group.

Answer 20

A. Accept the risk if there is a clear road map for timely decommission.

Question 21

A security analyst is evaluating solutions to deploy an additional layer of protection for a web application. The goal is to allow only encrypted communications without relying on network devices. Which of the following can be implemented?
A. HTTP security header
B. DNSSEC implementation
C. SRTP
D. S/MIME

Answer 21

A. HTTP security header

Question 22

A company labeled some documents with the public sensitivity classification. This means the documents can be accessed by:
A. employees of other companies and the press.
B. all members of the department that created the documents.
C. only the company’s employees and those listed in the document.
D. only the individuals listed in the documents.

Answer 22

A. employees of other companies and the press.

Question 23

Which of the following is the MOST relevant security check to be performed before embedding third-party libraries in developed code?
A. Check to see if the third party has resources to create dedicated development and staging environments.
B. Verify the number of companies that downloaded the third-party code and the number of contributions on the code repository.
C. Assess existing vulnerabilities affecting the third-party code and the remediation efficiency of the libraries’ developers.
D. Read multiple penetration-testing reports for environments running software that reused the library.

Answer 23

C. Assess existing vulnerabilities affecting the third-party code and the remediation efficiency of the libraries’ developers.

Question 24

During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user’s intranet account? (Choose two.)

A. Federation
B. Identity proofing
C. Password complexity
D. Default password changes
E. Password manager
F. Open authentication

Answer 24

A. Federation
C. Password complexity

Question 25

A large bank with two geographically dispersed data centers is concerned about major power disruptions at both locations. Every day each location experiences very brief outages that last for a few seconds. However, during the summer a high risk of intentional brownouts that last up to an hour exists, particularly at one of the locations near an industrial smelter. Which of the following is the BEST solution to reduce the risk of data loss?
A. Dual supply
B. Generator
C. UPS
D. POU
E. Daily backups

Answer 25

C. UPS

Question 26

Which of the following would be the BEST way to analyze diskless malware that has infected a VDI?
A. Shut down the VDI and copy off the event logs.
B. Take a memory snapshot of the running system.
C. Use NetFlow to identify command-and-control IPs.
D. Run a full on-demand scan of the root volume.

Answer 26

B. Take a memory snapshot of the running system.

Question 27

Users are presented with a banner upon each login to a workstation. The banner mentions that users are not entitled to any reasonable expectation of privacy and access is for authorized personnel only. In order to proceed past that banner, users must click the OK button. Which of the following is this an example of?
A. AUP
B. NDA
C. SLA
D. MOU

Answer 27

A. AUP

Question 28

The Chief Information Security Officer is concerned about employees using personal email rather than company email to communicate with clients and sending sensitive business information and PII. Which of the following would be the BEST solution to install on the employees’ workstations to prevent information from leaving the company’s network?
A. HIPS
B. DLP
C. HIDS
D. EDR

Answer 28

B. DLP

Question 29

A company discovered that terabytes of data have been exfiltrated over the past year after an employee clicked on an email link. The threat continued to evolve and remain undetected until a security analyst noticed an abnormal amount of external connections when the employee was not working. Which of the following is the MOST likely threat actor?
A. Shadow IT
B. Script kiddies
C. APT
D. Insider threat

Answer 29

C. APT

Question 30

A major political party experienced a server breach. The hacker then publicly posted stolen internal communications concerning campaign strategies to give the opposition party an advantage. Which of the following BEST describes these threat actors?
A. Semi-authorized hackers
B. State actors
C. Script kiddies
D. Advanced persistent threats

Answer 30

B. State actors

Question 31

A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?
A. Default system configuration
B. Unsecure protocols
C. Lack of vendor support
D. Weak encryption

Answer 31

C. Lack of vendor support

Question 32

Which of the following can work as an authentication method and as an alerting mechanism for unauthorized access attempts?
A. Smart card
B. Push notifications
C. Attestation service
D. HMAC-based
E. one-time password

Answer 32

B. Push notifications

Question 33

A Chief Information Security Officer has defined resiliency requirements for a new data center architecture. The requirements are as follows:
* Critical fileshares will remain accessible during and after a natural disaster.
* Five percent of hard disks can fail at any given time without impacting the data.
* Systems will be forced to shut down gracefully when battery levels are below 20%.
Which of the following are required to BEST meet these objectives? (Choose three.)
A. Fiber switching
B. IaC
C. NAS
D. RAID
E. UPS
F. Redundant power supplies
G. Geographic dispersal
H. Snapshots
I. Load balancing

Answer 33

D. RAID
E. UPS
G. Geographic dispersal

Question 34

A security analyst is evaluating the risks of authorizing multiple security solutions to collect data from the company’s cloud environment. Which of the following is an immediate consequence of these integrations?
A. Non-compliance with data sovereignty rules
B. Loss of the vendors interoperability support
C. Mandatory deployment of a SIEM solution
D. Increase in the attack surface

Answer 34

D. Increase in the attack surface

Question 35

Which of the following is a known security risk associated with data archives that contain financial information?
A. Data can become a liability if archived longer than required by regulatory guidance.
B. Data must be archived off-site to avoid breaches and meet business requirements.
C. Companies are prohibited from providing archived data to e-discovery requests.
D. Unencrypted archives should be preserved as long as possible and encrypted

Answer 35

A. Data can become a liability if archived longer than required by regulatory guidance.

Question 36

A systems engineer wants to leverage a cloud-based architecture with low latency between network-connected devices that also reduces the bandwidth that is required by performing analytics directly on the endpoints. Which of the following would BEST meet the requirements? (Choose two.)
A. Private cloud
B. SaaS
C. Hybrid cloud
D. IaaS
E. DRaaS
F. Fog computing

Answer 36

C. Hybrid cloud
F. Fog computing

Question 37

Which of the following is a policy that provides a greater depth and breadth of knowledge across an organization?
A. Asset management policy
B. Separation of duties policy
C. Acceptable use policy
D. Job rotation policy

Answer 37

D. Job rotation policy

Question 38

A company is moving its retail website to a public cloud provider. The company wants to tokenize credit card data but not allow the cloud provider to see the stored credit card information. Which of the following would BEST meet these objectives?
A. WAF
B. CASB
C. VPN
D. TLS

Answer 38

B. CASB

Question 39

A security analyst is tasked with defining the “something you are” factor of the company’s MFA settings. Which of the following is BEST to use to complete the configuration?
A. Gait analysis
B. Vein
C. Soft token
D. HMAC-based, one-time password

Answer 39

B. Vein

Question 40

A web server has been compromised due to a ransomware attack. Further investigation reveals the ransomware has been in the server for the past 72 hours. The systems administrator needs to get the services back up as soon as possible. Which of the following should the administrator use to restore services to a secure state?
A. The last incremental backup that was conducted 72 hours ago
B. The last known-good configuration
C. The last full backup that was conducted seven days ago
D. The baseline OS configuration

Answer 40

C. The last full backup that was conducted seven days ago

Question 41

A network engineer created two subnets that will be used for production and development servers. Per security policy production and development servers must each have a dedicated network that cannot communicate with one another directly. Which of the following should be deployed so that server administrators can access these devices?
A. VLANs
B. Internet proxy servers
C. NIDS
D. Jump servers

Answer 41

D. Jump servers

Question 42

A social media company based in North America is looking to expand into new global markets and needs to maintain compliance with international standards.
With which of the following is the company’s data protection officer MOST likely concerned?
A. NIST Framework
B. ISO 27001
C. GDPR
D. PCI-DSS

Answer 42

C. GDPR

Question 43

A Chief Information Security Officer wants to ensure the organization is validating and checking the integrity of zone transfers. Which of the following solutions should be implemented?
A. DNSSEC
B. LDAPS
C. NGFW
D. DLP

Answer 43

A. DNSSEC

Question 44

A company acquired several other small companies. The company that acquired the others is transitioning network services to the cloud. The company wants to make sure that performance and security remain intact. Which of the following BEST meets both requirements?
A. High availability
B. Application security
C. Segmentation
D. Integration and auditing

Answer 44

C. Segmentation

Question 45

Which of the following is the MOST effective way to detect security flaws present on third-party libraries embedded on software before it is released into production?
A. Employ different techniques for server- and client-side validations
B. Use a different version control system for third-party libraries
C. Implement a vulnerability scan to assess dependencies earlier on SDLC
D. Increase the number of penetration tests before software release

Answer 45

C. Implement a vulnerability scan to assess dependencies earlier on SDLC

Question 46

A user reports falling for a phishing email to an analyst. Which of the following system logs would the analyst check FIRST?
A. DNS
B. Message gateway
C. Network
D. Authentication

Answer 46

B. Message gateway

Question 47

Which of the following is used to ensure that evidence is admissible in legal proceedings when it is collected and provided to the authorities?
A. Chain of custody
B. Legal hold
C. Event log
D. Artifacts

Answer 47

A. Chain of custody

Question 48

A security engineer must deploy two wireless routers in an office suite. Other tenants in the office building should not be able to connect to this wireless network.
Which of the following protocols should the engineer implement to ensure the STRONGEST encryption?
A. WPS
B. WPA2
C. WAP
D. HTTPS

Answer 48

B. WPA2

Question 49

During an incident response process involving a laptop, a host was identified as the entry point for malware. The management team would like to have the laptop restored and given back to the user. The cybersecurity analyst would like to continue investigating the intrusion on the host. Which of the following would allow the analyst to continue the investigation and also return the laptop to the user as soon as possible?
A. dd
B. memdump
C. tcpdump
D. head

Answer 49

A. dd

Question 50

An analyst is trying to identify insecure services that are running on the internal network. After performing a port scan, the analyst identifies that a server has some insecure services enabled on default ports. Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them? (Choose three.)

A. SFTP, FTPS
B. SNMPv2, SNMPv3
C. HTTP, HTTPS
D. TFTP, FTP
E. SNMPv1, SNMPv2
F. Telnet, SSH
G. TLS, SSL
H. POP, IMAP
I. Login, rlogin

Answer 50

B. SNMPv2, SNMPv3
C. HTTP, HTTPS
F. Telnet, SSH

Question 51

A security analyst needs to produce a document that details how a security incident occurred, the steps that were taken for recovery, and how future incidents can be avoided. During which of the following stages of the response process will this activity take place?

A. Recovery
B. Identification
C. Lessons learned
D. Preparation

Answer 51

C. Lessons learned

Question 52

While investigating a recent security incident, a security analyst decides to view all network connections on a particular server. Which of the following would provide the desired information?

A. arp
B. nslookup
C. netstat
D. nmap

Answer 52

C. netstat

Question 53

A company recently decided to allow its employees to use their personally owned devices for tasks like checking email and messaging via mobile applications. The company would like to use MDM, but employees are concerned about the loss of personal data. Which of the following should the IT department implement to BEST protect the company against company data loss while still addressing the employees’ concerns?

A. Enable the remote-wiping option in the MDM software in case the phone is stolen.
B. Configure the MDM software to enforce the use of PINs to access the phone.
C. Configure MDM for FDE without enabling the lock screen.
D. Perform a factory reset on the phone before installing the company’s applications.

Answer 53

B. Configure the MDM software to enforce the use of PINs to access the phone.

Question 54

The concept of connecting a user account across the systems of multiple enterprises is BEST known as:

A. federation.
B. a remote access policy.
C. multifactor authentication.
D. single sign-on.

Answer 54

A. federation.

Question 55

A company is working on mobile device security after a report revealed that users granted non-verified software access to corporate data. Which of the following is the MOST effective security control to mitigate this risk?

A. Block access to application stores
B. Implement OTA updates
C. Update the BYOD policy
D. Deploy a uniform firmware

Answer 55

A. Block access to application stores

Question 56

A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned that servers in the company’s DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN. Which of the following TCP ports should be blocked for all external inbound connections to the DMZ as a workaround to protect the servers? (Choose two.)

A. 135
B. 139
C. 143
D. 161
E. 443
F. 445

Answer 56

B. 139
F. 445

Question 57

Which of the following techniques eliminates the use of rainbow tables for password cracking?

A. Hashing
B. Tokenization
C. Asymmetric encryption
D. Salting

Answer 57

D. Salting

Question 58

A network administrator is concerned about users being exposed to malicious content when accessing company cloud applications. The administrator wants to be able to block access to sites based on the AUP. The users must also be protected because many of them work from home or at remote locations, providing on-site customer support. Which of the following should the administrator employ to meet these criteria?

A. Implement NAC.
B. Implement an SWG.
C. Implement a URL filter.
D. Implement an MDM.

Answer 58

B. Implement an SWG.

Question 59

Which of the following supplies non-repudiation during a forensics investigation?

A. Dumping volatile memory contents first
B. Duplicating a drive with dd
C. Using a SHA-2 signature of a drive image
D. Logging everyone in contact with evidence
E. Encrypting sensitive data

Answer 59

C. Using a SHA-2 signature of a drive image

Question 60

An organization’s Chief Security Officer (CSO) wants to validate the business’s involvement in the incident response plan to ensure its validity and thoroughness. Which of the following will the CSO MOST likely use?

A. An external security assessment
B. A bug bounty program
C. A tabletop exercise
D. A red-team engagement

Answer 60

C. A tabletop exercise

Question 61

Which of the following documents provides guidance regarding the recommended deployment of network security systems from the manufacturer?

A. Cloud control matrix
B. Reference architecture
C. NIST RMF
D. CIS Top 20

Answer 61

B. Reference architecture

Question 62

An organization just implemented a new security system. Local laws state that citizens must be notified prior to encountering the detection mechanism to deter malicious activities. Which of the following is being implemented?

A. Proximity cards with guards
B. Fence with electricity
C. Drones with alarms
D. Motion sensors with signage

Answer 62

D. Motion sensors with signage

Question 63

When implementing automation with IoT devices, which of the following should be considered FIRST to keep the network secure?

A. Z-Wave compatibility
B. Network range
C. Zigbee configuration
D. Communication protocols

Answer 63

D. Communication protocols

Question 64

A news article states hackers have been selling access to IoT camera feeds. Which of the following is the MOST likely reason for this issue?

A. Outdated software
B. Weak credentials
C. Lack of encryption
D. Backdoors

Answer 64

B. Weak credentials

Question 65

A company wants to build a new website to sell products online. The website will host a storefront application that will allow visitors to add products to a shopping cart and pay for the products using a credit card. Which of the following protocols would be the MOST secure to implement?

A. SSL
B. SFTP
C. SNMP
D. TLS

Answer 65

D. TLS

Question 66

An IT manager is estimating the mobile device budget for the upcoming year. Over the last five years, the number of devices that were replaced due to loss, damage, or theft steadily increased by 10%. Which of the following would BEST describe the estimated number of devices to be replaced next year?

A. ALE
B. ARO
C. RPO
D. SLE

Answer 66

B. ARO

Question 67

Which of the following typically uses a combination of human and artificial intelligence to analyze event data and take action without intervention?

A. TTP
B. OSINT
C. SOAR
D. SIEM

Answer 67

C. SOAR

Question 68

A Chief Security Officer is looking for a solution that can reduce the occurrence of customers receiving errors from back-end infrastructure when systems go offline unexpectedly. The security architect would like the solution to help maintain session persistence. Which of the following would BEST meet the requirements?

A. Reverse proxy
B. NIC teaming
C. Load balancer
D. Forward proxy

Answer 68

C. Load balancer

Question 69

A company is implementing BYOD and wants to ensure all users have access to the same cloud-based services. Which of the following would BEST allow the company to meet this requirement?

A. IaaS
B. PaaS
C. MaaS
D. SaaS

Answer 69

D. SaaS

Question 70

An organization is tuning SIEM rules based off of threat intelligence reports. Which of the following phases of the incident response process does this scenario represent?

A. Lessons learned
B. Eradication
C. Recovery
D. Preparation

Answer 70

D. Preparation