Random Questions 81 - 100 Flashcards
Question 81:
A company is configuring a multi-factor authentication system for its remote employees using Azure Active Directory (Azure AD). The configuration requires setting up an application proxy and configuring the authentication settings.
{
“settings”: {
“applicationProxy”: true,
“authenticationMethods”: [
“mfa”,
“SMS”
]
}
}
Options:
A. Enable Azure AD Application Proxy.
B. Disable multi-factor authentication for remote access.
C. Configure the SMS as an additional MFA method.
D. Set up a custom domain for email services.
E. Disable application proxy and use on-premises servers only.
**Correct Answer: A, C **
Explanation: To enable multi-factor authentication (MFA) with Azure AD Application Proxy for remote employees, both the application proxy must be enabled and SMS as an additional MFA method should be configured.
Question 82:
An organization has a policy that requires all data transmitted between their web server and clients to be encrypted. They are using HTTPS but want to implement stronger security measures.
{
“settings” : {
“sslVersion”: “TLSv1.3”,
“cipherSuite”: [“ECDHE-ECDSA-AES256-GCM-SHA384”, “ECDHE-RSA-AES256-GCM-SHA384”]
}
}
Options:
A. Upgrade SSL/TLS version to TLS 1.3.
B. Use weaker encryption ciphers like AES128.
C. Disable HTTP Strict Transport Security (HSTS).
D. Configure a reverse proxy for load balancing.
E. Enable plaintext fallbacks.
Correct Answer: A
Explanation:
To enhance the security of data transmitted between the web server and clients, upgrading the SSL/TLS version to TLS 1.3 is necessary as it provides better security compared to older versions.
Question 83:
A network administrator needs to secure a remote access solution that involves multiple layers of authentication and encryption for securing communications.
Options:
A. Use SSH with public key authentication.
B. Implement a simple username/password login.
C. Configure WPA2 on the Wi-Fi network for better security.
D. Enable two-factor authentication (2FA) using RSA tokens.
E. Disable all non-essential services to minimize attack surface.
Correct Answer: A, D
Explanation:
For securing remote access with multiple layers of authentication and encryption, using SSH with public key authentication and enabling two-factor authentication using RSA tokens are recommended practices as they provide strong security measures.
Question 84:
In a recent update of CompTIA Security+ (SYO-701), which two-factor authentication methods are now emphasized as critical for securing network access?
Options:
A. Biometric Fingerprint Scanning and USB Tokens
B. SMS One-Time Password (OTP) and FIDO2
C. Email Verification and Smart Cards
D. Physical Keys and Static Passwords
E. QR Code Authentication and Bluetooth Low Energy Tags
** Correct Answer: B **
Explanation: The current CompTIA Security+ exam highlights the importance of modern authentication methods like SMS OTP and FIDO2 for secure network
Question 85:
An organization needs to implement a threat intelligence platform. Which two components should be prioritized based on current CISSP exam standards?
Options:
A. Web filtering
B. User behavior analytics (UBA)
C. Intrusion detection systems (IDS)
D. Security information and event management
(SIEM)
E. Antivirus software
Correct Answer: B, D
Explanation:
UBA and SIEM are critical for advanced threat detection and monitoring.
Question 86:
A company is configuring its network to enhance security. Which two protocols should be used to secure file transfers over the Internet?
Options:
А. НТТР
B. HTTPS
C. FTP
D. SFTP
E. SMTP
Correct Answer: B, D
Explanation:
Secure Hypertext Transfer Protocol (HTTPS) and Secure File Transfer Protocol (SFTP) ensure data integrity and confidentiality during file.
Question 87:
An organization is facing frequent phishing attacks. Which two strategies should be implemented to mitigate this risk?
Options:
A. Email filtering
B. Strong password policies
C. Multi-factor authentication (MFA)
D. Regular patch management
E. Employee training
Correct Answer: A, E
Explanation:
Implementing email filtering and providing regular employee training can significantly reduce the incidence of phishing attacks.
Question 88:
The network administrator needs to configure a firewall rule for a new application server that requires outbound traffic only to a specific external IP address. Which configuration should be used?
Options:
A. Allow all inbound traffic
B. Deny all inbound traffic
C. Allow all outbound traffic
D. Allow outbound traffic to < external_|P>
E. Deny outbound traffic
Correct Answer: D
Explanation: The rule should allow outbound traffic only to the specific external IP
Question 89:
A company wants to implement a Zero Trust Architecture (ZTA) for its cloud services. Which two components are essential in ZTA?
Options:
A. Multi-factor authentication (MFA)
B. Network segmentation
C. Continuous monitoring
D. Intrusion detection systems (IDS)
E. Regular security audits
Correct Answer: A, B
Explanation:
MFA and network segmentation are fundamental to Zero Trust Architecture, ensuring that only authorized entities can access resources.
Question 90:
During a security assessment, a security analyst discovers multiple instances where sensitive data is being transmitted between internal networks using an unencrypted protocol. The organization has a strict policy requiring encryption for all sensitive data transmission, but implementing encryption would require significant infrastructure changes. Which TWO control types would be most appropriate to implement immediately while planning for a long-term solution?
Options:
A. Detective controls to monitor data transmission patterns.
B. Compensating controls to provide alternative security measures.
C. Directive controls to enforce new security policies.
D. Corrective controls to fix the encryption issues.
E. Deterrent controls to discourage unauthorized access.
Correct Answer: A, B
Explanation:
Detective controls monitor transmissions to identify potential breaches, while compensating controls provide alternative security measures when primary controls cannot be immediately implemented. These are most suitable as temporary solutions while planning infrastructure changes.
Question 91:
A security team is implementing deception technology to detect advanced persistent threats. The CISO wants to maximize the effectiveness of this implementation across multiple network segments. Which approach would provide the most comprehensive threat intelligence while minimizing the risk of adversaries detecting the deception?
Options:
A. Deploy multiple identical honeypots across all network segments.
B. Implement a single sophisticated honeynet in the DMZ.
C. Place honeytokens throughout different systems and monitor their usage.
D. Create one high-interaction honeypot per network segment.
Correct Answer: C
Explanation:
Honeytokens distributed throughout systems provide wide coverage, are difficult for attackers to identify as fake, and offer valuable threat intelligence while requiring minimal resources and reducing detection risk.
Question 92:
An organization’s incident response team is analyzing a potential security breach where attackers might have gained unauthorized access to multiple systems. The team needs to determine the exact scope of the compromise while ensuring business continuity. Which type of security control would be most effective in identifying the extent of the breach without disrupting operations?
Options:
A. Preventive controls to block further unauthorized access.
B. Detective controls with enhanced logging and monitoring.
C. Corrective controls to remove compromised accounts.
D. Compensating controls to restrict system access.
Correct Answer: B
Explanation:
Detective controls with enhanced logging and monitoring allow continuous analysis of system activities to determine breach scope while maintaining normal operations, providing visibility without disrupting business processes.
Question 93:
A large enterprise is experiencing frequent security incidents across different departments. After investigation, the security team discovers that TWO critical factors are contributing to these incidents. Which combination of issues most likely represents the root causes that need immediate attention?
Options:
A. Inadequate security awareness training program implementation.
B. Outdated intrusion detection systems.
C. Gaps in third-party risk management processes.
D. Limited network bandwidth.
E. Inconsistent security policy enforcement across departments.
Correct Answer: A, E
Explanation:
Inadequate security awareness training leads to human errors and security breaches, while inconsistent policy enforcement creates security gaps across departments.
These fundamental issues directly impact overall security posture and require immediate attention for effective risk reduction.
Question 95:
An organization’s security team is investigating a potential data breach where sensitive information might have been exfiltrated. The incident response team needs to determine the attack vector while maintaining chain of custody. Which sequence of incident response processes would be most appropriate?
Options:
A. Recovery, Analysis, Containment, Documentation.
B. Detection, Eradication, Lessons Learned, Preparation.
C. Detection, Analysis, Containment, Eradication.
D. Containment, Analysis, Recovery, Preparation.
Correct Answer: C
Explanation: The sequence of Detection (identifying the breach), Analysis (determining attack vector), Containment (preventing further damage), and Eradication (removing threat) represents the correct logical progression while maintaining proper incident handling procedures.
Detection –> Analysis –> Containment –> Eradication.
Question 94:
During a business continuity planning session, the risk management team identifies a critical business process that requires 99.999% uptime. The process handles sensitive financial transactions but has recently experienced multiple disruptions. Which approach would best address both the availability and security requirements?
Options:
A. Implement load balancers with basic failover capabilities.
B. Deploy redundant systems with real-time synchronization and zero trust principles.
C. Increase system monitoring without architectural changes.
D. Add more security controls to existing infrastructure.
Correct Answer: B
Explanation: Redundant systems with real-time synchronization ensure high availability (99.999% uptime), while zero trust principles provide comprehensive security for sensitive financial transactions, addressing both critical requirements simultaneously.
Question 96:
A multinational corporation is implementing a zero trust architecture while transitioning to cloud services. Given the complex environment, which TWO components are most critical to ensure proper security control implementation across both control and data planes?
Options:
A. Continuous monitoring and verification of all access requests.
B. Implementation of traditional perimeter-based security.
C. Dynamic policy enforcement based on real-time context.
D. Regular backup of cloud resources.
E. Static access control lists.
Correct Answer: A, C
Explanation: In zero trust architecture, continuous monitoring, and verification of all access requests ensure proper authentication, while dynamic policy enforcement based on real-time context maintains security across both planes by adapting to changing conditions and threats.
Question 97:
During a security audit, an organization discovers that their current security metrics fail to accurately represent their security posture to executive management. Which approach would most effectively address this gap while aligning with security program management best practices?
Options:
A. Implement technical security controls without metrics.
B. Create metrics focused solely on system uptime.
C. Develop risk-based metrics aligned with business objectives.
D. Report raw security event logs to management.
Correct Answer: C
Explanation: Risk-based metrics aligned with business objectives provide meaningful insights to executive management, demonstrating security program effectiveness in business terms while supporting informed decision-making.
Question 98:
A security team identifies suspicious activity indicating a potential advanced persistent threat (APT) in their network. The organization needs to gather intelligence about the attacker’s techniques while preventing data exfiltration. Which deception technology strategy would be most effective?
Options:
A. Deploy a basic honeypot with limited interaction capabilities.
B. Implement a sophisticated honeynet with monitored services.
C. Place security cameras in the server room.
D. Install additional firewalls.
Correct Answer: B
Explanation: A sophisticated honeynet with monitored services provides detailed intelligence about APT tactics while safely containing and observing attacker activities, enabling better threat analysis and response strategies.
Question 99:
A healthcare organization has experienced multiple social engineering attacks targeting different departments. Analysis reveals that TWO key vulnerabilities are consistently being exploited. Which combination of issues most likely represents these critical vulnerabilities?
Options:
A. Insufficient verification procedures for urgent requests.
B. Outdated antivirus software.
C. Lack of role-based social engineering awareness training.
D. Weak network passwords.
E. Inconsistent incident reporting
Correct Answer: A, C
Explanation: Insufficient verification procedures allow attackers to exploit urgency in their social engineering attempts, while lack of role-based awareness training leaves employees unprepared for department-specific social engineering tactics targeting their particular roles.
Question 100:
An organization implements a comprehensive physical security system for their new data center. After a security assessment, which combination of physical security measures would provide the most effective defense-in-depth protection while maintaining efficient access for authorized personnel?
Options:
A. Multiple security guards with access badges.
B. Integrated system of bollards, access control vestibule, and multi-factor authentication.
C. Standard door locks with CCTV cameras.
D. Basic keypad entry with motion
Correct Answer: B
Explanation:
An integrated system combining bollards (perimeter protection), access control vestibule (controlled entry point), and multi-factor authentication provides comprehensive physical security through multiple layers while maintaining efficient authorized access.
What indicator might suggest an active brute-force attempt to access an account, requiring further investigation?
A - Blocked content.
B - Account lockout.
C - Concurrent session usage.
D - Dictionary attack.
** Answer: B - Account lockout. **
An account lockout might suggest a brute-force attempt to access an account and would necessitate further investigation to determine the cause.
Which is the used to describe the cyber threat involving the use of SMS messages to trick recipients into downloading malicious software or divulging personal information?
A - Spear-phishing.
B - Spam.
C- Smishing.
D - Malware.
** Answer: C- Smishing. **
Smishing, which is a combination of “SMS” and “phishing”, is a type of attack that involves using SMS messages to trick recipients into actions like downloading malicious software or providing personal information.
Which of the following methods is described as a less secure form of strong authentication that is vulnerable to on-path attacks and sends a question to the user’s phone via SMS to ask if the authorization attempt is approved?
A - Email authentication.
B - SMS OTP.
C - SMS challenge/response.
D - IM authentication.
** Answer: C - SMS challenge/response. **
With SMS challenge/response, a question is sent to the user’s phone via SMS, asking if the authorization attempt is approved. If the user text back “Yes”, authorization is completed, and if the user text back ‘No”, authentication fails. It is a less secure form of strong authentication that is vulnerable to on-path attacks.
What is one of the methods attackers can use to spread malware through digital images?
A - Deleting metadata.
B - Embedding destructive code within an image.
C- Increasing image resolution.
D - Compressing the image.
** Answer:
B - Embedding destructive code within an image.
**
Attackers can embed destructive code within an image to spread malware. When the image is opened, the hidden code may be executed, leading to system compromise.