Random Questions 81 - 100

Question 1

Question 81:
A company is configuring a multi-factor authentication system for its remote employees using Azure Active Directory (Azure AD). The configuration requires setting up an application proxy and configuring the authentication settings.

{
“settings”: {
“applicationProxy”: true,
“authenticationMethods”: [
“mfa”,
“SMS”
]
}
}

Options:

A. Enable Azure AD Application Proxy.

B. Disable multi-factor authentication for remote access.

C. Configure the SMS as an additional MFA method.

D. Set up a custom domain for email services.

E. Disable application proxy and use on-premises servers only.

Answer 1

**Correct Answer: A, C **

Explanation: To enable multi-factor authentication (MFA) with Azure AD Application Proxy for remote employees, both the application proxy must be enabled and SMS as an additional MFA method should be configured.

Question 2

Question 82:

An organization has a policy that requires all data transmitted between their web server and clients to be encrypted. They are using HTTPS but want to implement stronger security measures.

{
“settings” : {
“sslVersion”: “TLSv1.3”,
“cipherSuite”: [“ECDHE-ECDSA-AES256-GCM-SHA384”, “ECDHE-RSA-AES256-GCM-SHA384”]
}
}

Options:
A. Upgrade SSL/TLS version to TLS 1.3.

B. Use weaker encryption ciphers like AES128.

C. Disable HTTP Strict Transport Security (HSTS).

D. Configure a reverse proxy for load balancing.

E. Enable plaintext fallbacks.

Answer 2

Correct Answer: A

Explanation:

To enhance the security of data transmitted between the web server and clients, upgrading the SSL/TLS version to TLS 1.3 is necessary as it provides better security compared to older versions.

Question 3

Question 83:

A network administrator needs to secure a remote access solution that involves multiple layers of authentication and encryption for securing communications.

Options:

A. Use SSH with public key authentication.

B. Implement a simple username/password login.

C. Configure WPA2 on the Wi-Fi network for better security.

D. Enable two-factor authentication (2FA) using RSA tokens.

E. Disable all non-essential services to minimize attack surface.

Answer 3

Correct Answer: A, D

Explanation:

For securing remote access with multiple layers of authentication and encryption, using SSH with public key authentication and enabling two-factor authentication using RSA tokens are recommended practices as they provide strong security measures.

Question 4

Question 84:

In a recent update of CompTIA Security+ (SYO-701), which two-factor authentication methods are now emphasized as critical for securing network access?

Options:

A. Biometric Fingerprint Scanning and USB Tokens

B. SMS One-Time Password (OTP) and FIDO2

C. Email Verification and Smart Cards

D. Physical Keys and Static Passwords

E. QR Code Authentication and Bluetooth Low Energy Tags

Answer 4

** Correct Answer: B **

Explanation: The current CompTIA Security+ exam highlights the importance of modern authentication methods like SMS OTP and FIDO2 for secure network

Question 5

Question 85:

An organization needs to implement a threat intelligence platform. Which two components should be prioritized based on current CISSP exam standards?

Options:

A. Web filtering

B. User behavior analytics (UBA)

C. Intrusion detection systems (IDS)

D. Security information and event management
(SIEM)

E. Antivirus software

Answer 5

Correct Answer: B, D

Explanation:

UBA and SIEM are critical for advanced threat detection and monitoring.

Question 6

Question 86:

A company is configuring its network to enhance security. Which two protocols should be used to secure file transfers over the Internet?

Options:

А. НТТР

B. HTTPS

C. FTP

D. SFTP

E. SMTP

Answer 6

Correct Answer: B, D

Explanation:

Secure Hypertext Transfer Protocol (HTTPS) and Secure File Transfer Protocol (SFTP) ensure data integrity and confidentiality during file.

Question 7

Question 87:

An organization is facing frequent phishing attacks. Which two strategies should be implemented to mitigate this risk?

Options:

A. Email filtering

B. Strong password policies

C. Multi-factor authentication (MFA)

D. Regular patch management

E. Employee training

Answer 7

Correct Answer: A, E

Explanation:

Implementing email filtering and providing regular employee training can significantly reduce the incidence of phishing attacks.

Question 8

Question 88:

The network administrator needs to configure a firewall rule for a new application server that requires outbound traffic only to a specific external IP address. Which configuration should be used?

Options:

A. Allow all inbound traffic

B. Deny all inbound traffic

C. Allow all outbound traffic

D. Allow outbound traffic to < external_|P>

E. Deny outbound traffic

Answer 8

Correct Answer: D

Explanation: The rule should allow outbound traffic only to the specific external IP

Question 9

Question 89:

A company wants to implement a Zero Trust Architecture (ZTA) for its cloud services. Which two components are essential in ZTA?

Options:

A. Multi-factor authentication (MFA)

B. Network segmentation

C. Continuous monitoring

D. Intrusion detection systems (IDS)

E. Regular security audits

Answer 9

Correct Answer: A, B

Explanation:

MFA and network segmentation are fundamental to Zero Trust Architecture, ensuring that only authorized entities can access resources.

Question 10

Question 90:

During a security assessment, a security analyst discovers multiple instances where sensitive data is being transmitted between internal networks using an unencrypted protocol. The organization has a strict policy requiring encryption for all sensitive data transmission, but implementing encryption would require significant infrastructure changes. Which TWO control types would be most appropriate to implement immediately while planning for a long-term solution?

Options:

A. Detective controls to monitor data transmission patterns.

B. Compensating controls to provide alternative security measures.

C. Directive controls to enforce new security policies.

D. Corrective controls to fix the encryption issues.

E. Deterrent controls to discourage unauthorized access.

Answer 10

Correct Answer: A, B

Explanation:

Detective controls monitor transmissions to identify potential breaches, while compensating controls provide alternative security measures when primary controls cannot be immediately implemented. These are most suitable as temporary solutions while planning infrastructure changes.

Question 11

Question 91:

A security team is implementing deception technology to detect advanced persistent threats. The CISO wants to maximize the effectiveness of this implementation across multiple network segments. Which approach would provide the most comprehensive threat intelligence while minimizing the risk of adversaries detecting the deception?

Options:

A. Deploy multiple identical honeypots across all network segments.

B. Implement a single sophisticated honeynet in the DMZ.

C. Place honeytokens throughout different systems and monitor their usage.

D. Create one high-interaction honeypot per network segment.

Answer 11

Correct Answer: C

Explanation:

Honeytokens distributed throughout systems provide wide coverage, are difficult for attackers to identify as fake, and offer valuable threat intelligence while requiring minimal resources and reducing detection risk.

Question 12

Question 92:

An organization’s incident response team is analyzing a potential security breach where attackers might have gained unauthorized access to multiple systems. The team needs to determine the exact scope of the compromise while ensuring business continuity. Which type of security control would be most effective in identifying the extent of the breach without disrupting operations?

Options:

A. Preventive controls to block further unauthorized access.

B. Detective controls with enhanced logging and monitoring.

C. Corrective controls to remove compromised accounts.

D. Compensating controls to restrict system access.

Answer 12

Correct Answer: B

Explanation:

Detective controls with enhanced logging and monitoring allow continuous analysis of system activities to determine breach scope while maintaining normal operations, providing visibility without disrupting business processes.

Question 13

Question 93:

A large enterprise is experiencing frequent security incidents across different departments. After investigation, the security team discovers that TWO critical factors are contributing to these incidents. Which combination of issues most likely represents the root causes that need immediate attention?

Options:

A. Inadequate security awareness training program implementation.

B. Outdated intrusion detection systems.

C. Gaps in third-party risk management processes.

D. Limited network bandwidth.

E. Inconsistent security policy enforcement across departments.

Answer 13

Correct Answer: A, E

Explanation:
Inadequate security awareness training leads to human errors and security breaches, while inconsistent policy enforcement creates security gaps across departments.

These fundamental issues directly impact overall security posture and require immediate attention for effective risk reduction.

Question 14

Question 95:

An organization’s security team is investigating a potential data breach where sensitive information might have been exfiltrated. The incident response team needs to determine the attack vector while maintaining chain of custody. Which sequence of incident response processes would be most appropriate?

Options:

A. Recovery, Analysis, Containment, Documentation.

B. Detection, Eradication, Lessons Learned, Preparation.

C. Detection, Analysis, Containment, Eradication.

D. Containment, Analysis, Recovery, Preparation.

Answer 14

Correct Answer: C

Explanation: The sequence of Detection (identifying the breach), Analysis (determining attack vector), Containment (preventing further damage), and Eradication (removing threat) represents the correct logical progression while maintaining proper incident handling procedures.

Detection –> Analysis –> Containment –> Eradication.

Question 14

Question 94:

During a business continuity planning session, the risk management team identifies a critical business process that requires 99.999% uptime. The process handles sensitive financial transactions but has recently experienced multiple disruptions. Which approach would best address both the availability and security requirements?

Options:

A. Implement load balancers with basic failover capabilities.

B. Deploy redundant systems with real-time synchronization and zero trust principles.

C. Increase system monitoring without architectural changes.

D. Add more security controls to existing infrastructure.

Answer 14

Correct Answer: B

Explanation: Redundant systems with real-time synchronization ensure high availability (99.999% uptime), while zero trust principles provide comprehensive security for sensitive financial transactions, addressing both critical requirements simultaneously.

Question 15

Question 96:

A multinational corporation is implementing a zero trust architecture while transitioning to cloud services. Given the complex environment, which TWO components are most critical to ensure proper security control implementation across both control and data planes?

Options:

A. Continuous monitoring and verification of all access requests.

B. Implementation of traditional perimeter-based security.

C. Dynamic policy enforcement based on real-time context.

D. Regular backup of cloud resources.

E. Static access control lists.

Answer 15

Correct Answer: A, C

Explanation: In zero trust architecture, continuous monitoring, and verification of all access requests ensure proper authentication, while dynamic policy enforcement based on real-time context maintains security across both planes by adapting to changing conditions and threats.

Question 16

Question 97:

During a security audit, an organization discovers that their current security metrics fail to accurately represent their security posture to executive management. Which approach would most effectively address this gap while aligning with security program management best practices?

Options:

A. Implement technical security controls without metrics.

B. Create metrics focused solely on system uptime.

C. Develop risk-based metrics aligned with business objectives.

D. Report raw security event logs to management.

Answer 16

Correct Answer: C

Explanation: Risk-based metrics aligned with business objectives provide meaningful insights to executive management, demonstrating security program effectiveness in business terms while supporting informed decision-making.

Question 17

Question 98:

A security team identifies suspicious activity indicating a potential advanced persistent threat (APT) in their network. The organization needs to gather intelligence about the attacker’s techniques while preventing data exfiltration. Which deception technology strategy would be most effective?

Options:

A. Deploy a basic honeypot with limited interaction capabilities.

B. Implement a sophisticated honeynet with monitored services.

C. Place security cameras in the server room.

D. Install additional firewalls.

Answer 17

Correct Answer: B

Explanation: A sophisticated honeynet with monitored services provides detailed intelligence about APT tactics while safely containing and observing attacker activities, enabling better threat analysis and response strategies.

Question 18

Question 99:

A healthcare organization has experienced multiple social engineering attacks targeting different departments. Analysis reveals that TWO key vulnerabilities are consistently being exploited. Which combination of issues most likely represents these critical vulnerabilities?

Options:

A. Insufficient verification procedures for urgent requests.

B. Outdated antivirus software.

C. Lack of role-based social engineering awareness training.

D. Weak network passwords.

E. Inconsistent incident reporting

Answer 18

Correct Answer: A, C

Explanation: Insufficient verification procedures allow attackers to exploit urgency in their social engineering attempts, while lack of role-based awareness training leaves employees unprepared for department-specific social engineering tactics targeting their particular roles.

Question 19

Question 100:

An organization implements a comprehensive physical security system for their new data center. After a security assessment, which combination of physical security measures would provide the most effective defense-in-depth protection while maintaining efficient access for authorized personnel?

Options:

A. Multiple security guards with access badges.

B. Integrated system of bollards, access control vestibule, and multi-factor authentication.

C. Standard door locks with CCTV cameras.

D. Basic keypad entry with motion

Answer 19

Correct Answer: B

Explanation:

An integrated system combining bollards (perimeter protection), access control vestibule (controlled entry point), and multi-factor authentication provides comprehensive physical security through multiple layers while maintaining efficient authorized access.

Question 20

What indicator might suggest an active brute-force attempt to access an account, requiring further investigation?

A - Blocked content.
B - Account lockout.
C - Concurrent session usage.
D - Dictionary attack.

Answer 20

** Answer: B - Account lockout. **

An account lockout might suggest a brute-force attempt to access an account and would necessitate further investigation to determine the cause.

Question 21

Which is the used to describe the cyber threat involving the use of SMS messages to trick recipients into downloading malicious software or divulging personal information?

A - Spear-phishing.
B - Spam.
C- Smishing.
D - Malware.

Answer 21

** Answer: C- Smishing. **

Smishing, which is a combination of “SMS” and “phishing”, is a type of attack that involves using SMS messages to trick recipients into actions like downloading malicious software or providing personal information.

Question 22

Which of the following methods is described as a less secure form of strong authentication that is vulnerable to on-path attacks and sends a question to the user’s phone via SMS to ask if the authorization attempt is approved?

A - Email authentication.
B - SMS OTP.
C - SMS challenge/response.
D - IM authentication.

Answer 22

** Answer: C - SMS challenge/response. **

With SMS challenge/response, a question is sent to the user’s phone via SMS, asking if the authorization attempt is approved. If the user text back “Yes”, authorization is completed, and if the user text back ‘No”, authentication fails. It is a less secure form of strong authentication that is vulnerable to on-path attacks.

Question 23

What is one of the methods attackers can use to spread malware through digital images?

A - Deleting metadata.
B - Embedding destructive code within an image.
C- Increasing image resolution.
D - Compressing the image.

Answer 23

** Answer:
B - Embedding destructive code within an image.
**

Attackers can embed destructive code within an image to spread malware. When the image is opened, the hidden code may be executed, leading to system compromise.

Question 24

What does the term unsupported systems and applications refer to? A - Systems with extensive technical support. B - Systems that have reached end-of-life (EOL) and no longer receive regular updates. C- Systems supported by multiple vendors. D - Systems that are newly launched.

Answer 24

** Answer: B - Systems that have reached end-of-life (EOL) and no longer receive regular updates. ** Unsupported systems and applications are software tools or platforms that do not receive regular updates, security patches, or technical support, often because they have reached their official end-of-life (EOL). Without updates, these systems become prime targets for cybercriminals and pose significant security risks.

Question 24

Which security approach requires installation on individual client devices and can provide more granular control and customization but may be more resource-intensive? A - Agentless security. B - Client-based security. C- Unsupported security. D - Patched security.

Answer 24

** Answer: B - Client-based security. ** Client-based security requires that software (an agent) be installed on the client device itself to actively monitor and protect against malicious activities. It can provide more granular control and customization but may be more resource-intensive.

Question 25

Which of the following wireless network security protocols is considered outdated and susceptible to exploitation if used in modern networks? A - WPA3. B - WEP. C- WPA2. D - WPA2-Enterprise.

Answer 25

** Answer: B - WEP. ** WEP (Wired Equivalent Privacy) is considered outdated and susceptible to exploitation due to its encryption and vulnerabilities.

Question 26

What technique involves scanning a list of telephone numbers and dialing them to search for computer systems and fax machines, sifting out phone numbers associated with voice lines? A - Vishing. B - Smishing. C- War-dialing. D - Typosquatting.

Answer 26

** Answer: C - War-dialing. War-dialing involves scanning a list of telephone numbers and dialing them in search on computer systems and fax machines, filtering out numbers associated with voice lines.

Question 27

Which approach is critical in the context of supply chain cybersecurity for identifying and addressing security gaps in vendors? A - Regular product quality assessment. B - Continuous monitoring and vendor risk management. C - Strictly focusing on the cost-efficiency of vendors. D - Emphasizing only raw material quality.

Answer 27

** Answer: B - Continuous monitoring and vendor risk management. ** Continuous monitoring and vendor risk management, including regular security assessments and contractual obligations, help in identifying and addressing security gaps in vendors.

Question 28

What term refers to phasing attacks accomplished through telephone conversations, where attackers might impersonate legitimate institutions to steal sensitive information? A - War-dialing. В - Typosquatting. C - Vishing. D - Smishing.

Answer 28

** Answer: C - Vishing. ** Vishing, or voice phishing, refers to phishing attacks accomplished by telephone conversations that are often used to steal sensitive information.

Question 29

In which social engineering technique does an attacker register a domain that is a common typo of a legitimate site to host malware or impersonate the real website and leverage human error when typing a URL? A - Smishing. В - War-dialing. C - Typosquatting. D - Vishing.

Answer 29

** Answer: C - Typosquatting.** Typosquatting leverages human error when typing a URL... An attacker registers a domain that is a common typo of a legitimate site to host malware or impersonate the real website. Victims who type in the wrong URL are subject to this attack.

Question 30

Which vulnerability enables an attacker to introduce malicious code into system memory, making detection challenging? A - Zero-day. B - Malicious update. C - Memory injection. D - Race condition.

Answer 30

** Answer: C- Memory injection. ** Memory injection involves introducing malicious code into a system's memory. This makes detection challenging because the code runs within a legitimate process.

Question 31

What is one of the primary measures for preventing buffer overflow? A - Using secure channels for updates. B - Implementing stack protection. C - Educating users about updates. D - Monitoring time of use.

Answer 31

** Answer: B - Implementing stack protection. ** Implementing stack protection is a security mechanism specifically designed to prevent buffer overflow. A buffer overflow is one of the best-known forms of software security vulnerability and is still a commonly used cyber attack. You can prevent a buffer overflow attack by auditing code, providing training, using compiler tools, using safe functions, patching web and application servers, and scanning applications.

Question 32

A company recently experienced a major breach. An investigation concludes that customer credit card data was stolen and exfiltrated through a dedicated business partner connection to a vendor, who is not held to the same security control standards. Which of the following is the most likely source of the breach? Side channel Malware Supply chain Cryptographic downgrade

Answer 32

** Answer: Supply chain. ** A supply chain attack involves exploiting vulnerabilities in a company's supply chain, which includes vendors, partners, or other entities connected to the organization. The compromised security control standards of the vendor may have allowed attackers to gain unauthorized access to the company's systems and exfiltrate sensitive data. This type of attack emphasizes the importance of ensuring that all entities within the supply chain maintain appropriate security measures to mitigate the risk of breaches. **The other options:** **Side channel**: Side-channel attacks involve exploiting information leaked during the execution of a system, but it is not the most likely source for the described breach. **Cryptographic downgrade:** Cryptographic downgrade attacks involve forcing the use of weaker cryptographic algorithms, and they are not directly related to the scenario described. **Malware:** While malware could be involved in a breach, the scenario emphasizes the involvement of a dedicated business partner connection to a vendor, suggesting a broader supply chain compromise.

Question 33

A security analyst needs to recommend a solution that will allow current Active Directory accounts and groups to be used for access controls on both network and remote-access devices. Which of the following should the analyst recommend? (Select two). TACACS+ CHAP Kerberos OpenID OAuth RADIUS

Answer 33

** Answer: B - RADIUS, Kerberos ** **Kerberos:** Kerberos is a network authentication protocol that is commonly used with Active Directory. It supports strong authentication and can be used for both network and remote-access devices. **RADIUS (Remote Authentication Dial-In User Service): ** RADIUS is a network protocol that supports centralized authentication and authorization. It can integrate with Active Directory and is commonly used for remote-access solutions.

Question 34

A desktop support technician recently installed a new document-scanning software program on a computer. However, when the end user tried to launch the program, it did not respond. Which of the following is MOST likely the cause? The software was not added to the application whitelist A new firewall rule is needed to access the application The system was isolated from the network due to infected software The system was quarantined for missing software updates

Answer 34

** Answer: The software was not added to the application whitelist ** If the document-scanning software program does not respond when launched, the most likely cause is that the software has not been added to the application whitelist. Application whitelisting is a security measure that only allows approved applications to run on a system. If the new software is not on the whitelist, the system may prevent it from executing.

Question 35

An organization would like to remediate the risk associated with its cloud service provider not meeting its advertised 99.999% availability metrics. Which of the following should the organization consult for the exact requirements of the cloud provider? SLA MOU NDA ВРА

Answer 35

** Answer: SLA ** The SLA is a formal contract that outlines the agreed-upon terms and conditions between the service provider and the customer, including details about service levels, performance metrics, and remedies in case of service level breaches. The other options are not directly related to the specific requirements and metrics for service availability: **BPA (Business Partnership Agreement):** This term is not commonly used in the context of cloud service agreements. **NDA (Non-Disclosure Agreement):** An NDA is a legal contract that outlines confidentiality terms between parties but does not typically provide details on service levels. **MOU (Memorandum of Understanding):** An MOU is a non-binding agreement that outlines the terms and details of a collaboration or understanding between parties. It may not contain specific service level details.

Question 36

An enterprise has hired an outside security firm to facilitate penetration testing on its network and applications. The firm has agreed to pay for each vulnerability that is discovered. Which of the following BEST represents the type of testing that is being used? White-box Black-box Bug bounty Gray-box Red-leam

Answer 36

** Answer: Bug bounty. ** Bug Bounty: In a bug bounty program, an organization incentivizes security researchers to find and report vulnerabilities in their systems by offering a reward for each discovered flaw. This aligns perfectly with the given scenario where the enterprise is paying for each identified vulnerability.

Question 37

A security technician observes that the data center's server racks are accessible to all employees, posing a risk to critical infrastructure. What is the most appropriate physical control to mitigate this risk? A. Implement a network intrusion detection system B. Install locks on the server rack doors C. Update the antivirus software on the servers D. Conduct a risk assessment of the data center

Answer 37

** Answer: B. Install locks on the server rack doors. **

Question 38

A security professional notices an unusual pattern of outgoing traffic from a server hosting sensitive data. The traffic suggests potential data exfiltration. What technical control should be implemented IMMEDIATELY to best address this issue? A. Install a firewall to monitor and control incoming and outgoing network traffic B. Conduct security awareness training for employees C. Implement biometric access controls to the server room D. Review and update the company's security policies

Answer 38

** Answer: A. Install a firewall to monitor and control incoming and outgoing network traffic. **

Question 39

Which of the following is a legal document describing a bilateral agreement between parties? MVO MOU ATO BCP

Answer 39

**"MOU"** is correct. A memorandum of understanding (MOU) is a legal document describing bilateral agreements between parties.

Question 40

Which of the following protocols would you use to encrypt VPN traffic? S/MIME SSH MD5 IPsec

Answer 40

**"IPsec"** is correct. IPsec provides encryption, integrity, and authentication for data tunneled over VPNs across public networks.

Question 41

Which tool would you use to check the path packets take over a network? ARP Is tracert grep

Answer 41

**"tracert"** is correct. tracert is a Windows command for tracing the route that packets take over the network.

Question 42

What is the term for the process of identifying critical assets and systems, interdependencies, and ensuring their availability during a disruption? Disaster recovery Incident response planning Restoration of business planning Continuity of operations

Answer 42

**"Continuity of operations planning"** is correct. Continuity of operations planning (COOP) involves developing a comprehensive plan to enact during a situation where normal operations are disrupted.

Question 43

The value of a loss expected from a single event is the definition of what? ARO ALE SLE SLA

Answer 43

"SLE" is correct. Single loss expectancy (SLE) is the value of a loss from a single event.

Question 44

Which of the following statements is false regarding BYOD? It works well for temporary workers. Users prefer a single device over multiple devices. The learning curve is shorter on devices they own or prefer. Employees are willing to limit the use of their devices as determined by corporate policies.

Answer 44

"Employees are willing to limit the use of their devices as determined by corporate policies" is correct. In a bring-your-own-device (BYOD) environment, employees might not be eager to limit the use of their devices based on corporate

Question 45

Which of the following can cause a successful attack on a system when a user enters malicious code or characters into a form field on a Web application? Lack of restrictive permissions on the Web form Lack of input validation Lack of adequate memory in a buffer Lack of properly formatted HTML

Answer 45

"Lack of input validation" is correct. A lack of input validation in the Web form field may allow certain types of attacks to take place when a user enters malicious or incorrect characters in the form.

Question 46

Fabian's new load balancer has a number of scheduling options and he's trying to decide the one to use. He wants to schedule load balancing such that the load balancer assigns to each server in order, and then returns to the first server. What is this form of scheduling? Affinity On-demand First come Round robin

Answer 46

** "Round robin" is correct. ** Round robin is a turn-based scheduling method where jobs are assigned to servers in sequential order.

Question 46

Which tool would you use to output the first part of a file? hping head tail cd

Answer 46

"head" is correct. head outputs the first part of a file.

Question 47

What is the specific name given to sturdy posts, often made of concrete, galvanized steel, or stainless steel? They are used to protect entryways and prevent unauthorized entry and vehicle ramming attacks. Access control vestibule Barrier Rampart Bollard

Answer 47

** "Bollard" is correct. ** The simple post-type barricade that prevents a vehicle from passing but allows people to walk past is called a bollard.

Question 48

Which of the following is the best description of impact? The level of concern one places on the well-being of people The chance of something not working as planned Damage that is the result of unmitigated risk The cost associated with a single loss

Answer 48

** "Damage that is the result of unmitigated risk" is correct. ** Impact is the result of a vulnerability being exploited by a threat, resulting in a loss.

Question 49

What is a zero day vulnerability? A vulnerability that is newly discovered and not yet addressed by a patch A vulnerability that is only effective on new systems A vulnerability that is only effective for a limited period of time, usually a few days A vulnerability that only affects UNIX operating systems

Answer 49

** "A vulnerability that is newly discovered and not yet addressed by a patch" is correct. ** Zero day is a term used to define vulnerabilities that are newly discovered and not yet addressed by a patch.

Question 50

What is a script kiddie? A hacker under the legal age of 18 A person who writes scripts for others to use but does not use the scripts themselves An individual who downloads and runs scripts/tools but lacks the ability to create their own A person who hacks for a specific political or social cause

Answer 50

** "An individual who downloads and runs scripts/tools but lacks the ability to create their own" is correct. ** A script kiddie is an individual who does not have the technical expertise to develop scripts or discover new vulnerabilities in software but has just enough understanding of computer systems to be able to download and run scripts that others have developed.

Question 51

Executives in the organization complain that an abnormally high number of scam email messages have been flooding their inboxes. Other users in the organization have not received any of the same messages. All user devices are configured with the same security software and settings. When reporting to your manager, which term best describes the situation? Phishing Advanced persistent threat Spear phishing Honeypot

Answer 51

** "Spear phishing" is correct. ** Spear phishing targets a select group of potential victims, such as company executives. They are usually victims which could result in more valuable data being provided or a larger amount of financial rewards than a standard employee

Question 52

Which of the following enables a user to provide one set of credentials to the system and use those credentials throughout other interconnected systems? Single sign-on Single-factor authentication Pass-through authentication Multifactor authentication

Answer 52

** "Single sign-on" is correct. ** Single sign-on is a method of authentication that enables a user to provide one set of credentials and use them throughout an interconnected network. Both Kerberos and Sesame protocols allow single sign-on.

Question 53

Why are insider threats considered more dangerous than external threats? (Select all that apply) Insiders may already have the access they need to commit fraud or steal data. Insiders are easier to detect and stop than outsiders. Most security measures are designed to protect against outsiders. Insiders have the access and knowledge to cause immediate damage.

Answer 53

** "Insiders may already have the access they need to commit fraud or steal data" **, **"Most security measures are designed to protect against outsiders"**, and **"Insiders have the access and knowledge to cause immediate damage" ** are correct. Insiders are usually employees of the organization and may already have the access they need as part of their job duties to commit fraud or steal data. Also, most security measures are set up to protect the boundaries of the organization and to keep unauthorized personnel out. Finally, insiders are usually employees of the organization with access to the network and internal systems. As employees, they are likely to know where the sensitive data is stored, what systems are most critical to the organization, and how best to damage/cripple the organization.

Question 54

Your company's t-shirt printer went down, again! The tech whose job it is to keep the printer running tells you that it's going to take her about 30 minutes to repair the printer. This 30 minute period is best represented by - MTBF MTTF MTTR RPO

Answer 54

** "MTTR" is correct. ** Mean time to repair is the average amount of time it takes to get a device repaired.

Question 55

You are browsing a social media platform and notice question-game posts asking which car you drove to pass a driver's test. Which term best describes these types of posts? Spear phishing Phishing Spam Malware

Answer 55

** "Phishing" is correct. ** Phishing campaigns are a form of social engineering that can trick users into divulging sensitive information, such as details often used as password reminder hints.

Question 56

Which of the following is not one of the Trust Services identified by SOC 2? Trust Privacy Availability Security

Answer 56

** "Trust" is correct. ** Trust is not one of the Trust Services identified by SOC 2. The other answers are incorrect. ** Security, availability, and privacy are Trust Services identified by SOC. **

Question 57

Which of the following is the name given to the connection of infrastructure and software elements to provide specific services to a business entity? Software-defined visibility Serverless architecture Software-defined networking Services integration

Answer 57

** "Services integration" is correct. ** This is a description of services integration, where you connect processing, storage, databases, web, communications, and other functions into an integrated comprehensive solution.

Question 58

Which tool would you use to discover hosts and services on a network? chmod curl SPAN nmap

Answer 58

** "nmap" is correct.** nmap is an open-source network scanner used to discover hosts and services on a network.

Question 59

The X.509 standard outlines which of the following? (Select two choices) Possible values of certificate fields Location of the CRL Necessary fields of a certificate Usage types

Answer 59

** "Necessary fields of a certificate" ** and ** "Possible values of certificate fields" ** are correct. The X.509 standard defines a certificate's fields and the possible values those fields have.

Question 60

You are conducting user security awareness training. An attendee asks how they can identify phishing email messages. What should you tell the attendee to look for? (Select two choices) Bad grammar Messages that are not encrypted Email address inconsistencies Messages that are not digitally signed

Answer 60

** "Bad grammar" ** and ** "Email address inconsistencies" ** are correct. Bad grammar is common in phishing email messages. Most professional companies take the time to ensure that their correspondence is clear and adheres to proper grammar rules. If the sender email address ends in a standard free type of account domain name, such as outlook.com or gmail.com, instead of the company domain, such as fakecompany.com, users should be suspicious.

Question 61

Which the following is a recognized way of restricting access to applications? Graylisting Whitelisting Blacklisting Filtering

Answer 61

** "Blacklisting" is correct. ** Blacklisting is a technique that involves an administrator adding undesirable or restricted software or applications to a list on content filtering devices, in group policy, or through some other type of mechanism. This ensures that users are not allowed to download, install, or execute these particular applications.

Question 62

What is the term used to describe the characteristic of a software system to process higher workloads on its current resources or additional resources without interruption? Continuously Deliver Continuously deployment Scalability Elasticity

Answer 62

** "Scalability" is correct. ** Scalability is the characteristic of a software system to process higher workloads on its current resources (scale up) or additional resources (scale out) without interruption.

Question 63

What is RFID an acronym for? Radial frequency identification Radio frequency interference Radio frequency identification (RFID) Radical frequency interference

Answer 63

** "Radio frequency identification" is correct. ** RFID is an acronym for radio frequency identification. Radio Frequency Identification (RFID) systems are generally secure, but, they do have some vulnerabilities. Security strengths -- Encryption: Many modern RFID systems use encryption to protect data. -- One-time codes: Some RFID systems, like credit card chips, use unique codes for each transaction. -- System verification: RFID systems can verify that data matches expected parameters. Radio Frequency Identification (RFID) technology uses radio waves to identify people or objects. There is a device that reads information contained in a wireless device or “tag” from a distance without making any physical contact or requiring a line of sight.

Question 64

Which tool would you use to read and write TCP/UDP network connections? SFC netcat AV topdump

Answer 64

** "netcat" is correct. ** Netcat is used for reading from and writing to network connections using TCP or UDP.

Question 65

Your organization has had problems with unauthorized individuals following behind authorized employees into restricted areas. What is one of the best ways to avoid this issue, commonly known as tailgating? Install physical locks that require key access. Install an access control vestibule. Install biometric identification mechanisms. Issue badges that are needed for card swipe access.

Answer 65

** "Install an access control vestibule" is correct. ** An access control vestibule is composed of two doors closely spaced that require the user to use a card to get through one and then

Question 66

Data sovereignty is a relatively new type of legislation several countries have recently enacted. What do these laws generally require? Data that originated from within one country must be maintained in systems in that country. Data stored on systems within a country must be stored in the predominant language of that country. Data stored within a country's borders is subject to that country's laws. Data stored within a country's borders is subject to their laws, and in some cases, data originating within their borders must be stored there as well.

Answer 66

** "Data stored within a country's borders is subject to their laws, and in some cases, data originating within their borders must be stored there as well" is correct. ** It is now somewhat expected that data stored within a country's borders is going to be subject to their laws. Additionally, some countries have gone the extra step in requiring that the data (for example, information on their citizens) remain stored on systems in that country.