1) An organization's help desk is flooded with phone calls from users stating they can no longer access certain websites. The help desk escalates the issue to the security team, as these websites were accessible the previous day. The security analysts run the following command: ipconfig /flushdns, but the issue persists. Finally, an analyst changes the DNS server for an impacted machine, and the issue goes away. Which of the following attacks MOST likely occurred on the original DNS server? a) DNS cach Poisoning b) Domain Hijacking c) DDOS d) DNS tunneling 2) A RAT that was used to compromise an organization's banking credentials was found on a user's computer. The RAT evaded antivirus detection. It was installed by a user who has local administrator rights to the system as part of a remote management tool set. Which of the following recommendations would BEST prevent this from reoccurring? a) Create a new acceptable use policy b) Segment the network into trusted and untrusted zones. c) Enforce application whitelisting. d) Implement DLP at the network boundary. 3) A security analyst is reviewing a new website that will soon be made publicly available. The analyst sees the following in the URL: http://dev-site.comptia.org/home/show.php?sessionID=77276554&loc=us. The analyst then sends an internal user a link to the new website for testing purposes, and when the user clicks the link, the analyst is able to browse the website with the following URL:http://dev-site.comptia.org/home/show.php?sessionID=98988475&loc=us. Which of the following application attacks is being tested? a) pass the hash b) session replay c) object deference d) cross-site scripting 4) A startup company is using multiple SaaS and IaaS platforms to stand up a corporate infrastructure and build out a customer-facing web application. Which of the following solutions would be BEST to provide security, manageability, and visibility into the platforms? a) SIEM b) DLP c) CASB d) SWG 5) A root cause analysis reveals that a web application outage was caused by one of the company's developers uploading a newer version of the third-party libraries that were shared among several applications. Which of the following implementations would be BEST to prevent the issue from reoccurring a) CASB b) SWG c) Containerization d) Automated failover 6) A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator MOST likely use to confirm the suspicions? a) Nmap b) Wireshark c) Autopsy d) DNSEnum 7) To secure an application after a large data breach, an e-commerce site will be resetting all users' credentials. Which of the following will BEST ensure the site's users are not compromised after the reset? a) password reuse policy b) account lockout after 3 attemps c) encrypted credentials d) geofencing policy based on login history 8) An organization has implemented a policy requiring the use of conductive metal lockboxes for personal electronic devices outside of a secure research lab. Which of the following did the organization determine to be the GREATEST risk to intellectual property when creating this policy? a) theft of portable devices b) geotagging in the metadata of images c) bluesnarfing of mobile devices d) data exfiltration over mobile hotspot 9) Which of the following would MOST likely support the integrity of a voting machine? a) assymectric encryption b) blockchain c) TLS d) Perfect forward security(PFS) 10) A commercial cyber-threat intelligence organization observes IoCs across a variety of unrelated customers. Prior to releasing specific threat intelligence to other paid subscribers, the organization is MOST likely obligated by contracts to: a) A. perform attribution to specific APTs and nation-state actors. b) B. anonymize any PII that is observed within the IoC data. c) C. add metadata to track the utilization of threat intelligence reports. d) D. assist companies with impact assessments based on the observed data. 11) While checking logs, a security engineer notices a number of end users suddenly downloading files with the .tar.gz extension. Closer examination of the files reveals they are PE32 files. The end users state they did not initiate any of the downloads. Further investigation reveals the end users all clicked on an external email containing an infected MHT file with an href link a week prior. Which of the following is MOST likely occurring? a) a RAT was installed and is transferring additional exploit tools b) the workstations are beaconing to the C2 c) A logic bomb was executed and is responsible for the data transfers d) a fileless virus is spreading in the local network environment 12) Which of the following is the purpose of a risk register? a) to define the level or risk using probability and likelihood b) B. To register the risk with the required regulatory agencies c) C. To identify the risk, the risk owner, and the risk measures d) D. To formally log the type of risk mitigation strategy the organization is using 13) Which of the following is the purpose of a risk register? a) A. To define the level or risk using probability and likelihood b) B. To register the risk with the required regulatory agencies c) C. To identify the risk, the risk owner, and the risk measures d) D. To formally log the type of risk mitigation strategy the organization is using 14) A university with remote campuses, which all use different service providers, loses Internet connectivity across all locations. After a few minutes, Internet and VoIP services are restored, only to go offline again at random intervals, typically within four minutes of services being restored. Outages continue throughout the day, impacting all inbound and outbound connections and services. Services that are limited to the local LAN or WiFi network are not impacted, but all WAN and VoIP services are affected.Later that day, the edge-router manufacturer releases a CVE outlining the ability of an attacker to exploit the SIP protocol handling on devices, leading to resource exhaustion and system reloads. Which of the following BEST describe this type of attack? (Choose two.) a) DoS b) SSL stripping c) Memory leak d) Race condition e) shimming f) refactoring 15) A company wants to deploy PKI on its Internet-facing website. The applications that are currently deployed are:www.company.com (main website) contactus.company.com (for locating a nearby location) quotes.company.com (for requesting a price quote)The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store.company.com. Which of the following certificate types would BEST meet the requirements? a) SAN b) Wildcard c) Extended validation d) self-signed 16) A recently discovered zero-day exploit utilizes an unknown vulnerability in the SMB network protocol to rapidly infect computers. Once infected, computers are encrypted and held for ransom. Which of the following would BEST prevent this attack from reoccurring? a) A. Configure the perimeter firewall to deny inbound external connections to SMB ports. b) B. Ensure endpoint detection and response systems are alerting on suspicious SMB connections. c) C. Deny unauthenticated users access to shared network folders. d) D. Verify computers are set to install monthly operating system, updates automatically. 17) Which of the following refers to applications and systems that are used within an organization without consent or approval? a) Shadow IT b) OSINT c) Dark Web d) Insider Threats 18) A manufacturer creates designs for very high security products that are required to be protected and controlled by the government regulations. These designs are not accessible by corporate networks or the Internet. Which of the following is the BEST solution to protect these designs? a) an air gap b) a faraday cage c) a shielded cable d) a demiliterized zone 19) Which of the following policies would help an organization identify and mitigate potential single points of failure in the company's IT/security operations? a) least priviledge b) awareness training c) separation of duties d) mandatory vacation 20) Which of the following will MOST likely adversely impact the operations of unpatched traditional programmable-logic controllers, running a back-end LAMP server and OT systems with human- management interfaces that are accessible over the Internet via a web interface? (Choose two.) a) Cross-site scripting b) data exfiltration c) poor system logging d) weak encryption e) sql injections f) server side request forgery 21) A Chief Security Office's (CSO's) key priorities are to improve preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks. Which of the following would BEST meet the CSO's objectives? a) A. Use email-filtering software and centralized account management, patch high-risk systems, and restrict administration privileges on fileshares. b) B. Purchase cyber insurance from a reputable provider to reduce expenses during an incident. c) C. Invest in end-user awareness training to change the long-term culture and behavior of staff and executives, reducing the organization's susceptibility to phishing attacks. d) D. Implement application whitelisting and centralized event-log management, and perform regular testing and validation of full backups. 22) A network engineer has been asked to investigate why several wireless barcode scanners and wireless computers in a warehouse have intermittent connectivity to the shipping server. The barcode scanners and computers are all on forklift trucks and move around the warehouse during their regular use. Which of the following should the engineer do to determine the issue? (Choose two.) a) A. Perform a site survey b) B. Deploy an FTK Imager c) C. Create a heat map d) D. Scan for rogue access points e) E. Upgrade the security protocols f) F. Install a captive portal 23) Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data processors? a) SSAE SOC 2 b) PCI DSS c) GDPR d) ISO3100 24) Phishing and spear-phishing attacks have been occurring more frequently against a company's staff. Which of the following would MOST likely help mitigate this issue? a) A. DNSSEC and DMARC b) B. DNS query logging c) C. Exact mail exchanger records in the DNS d) D. The addition of DNS conditional forwarders 25) On which of the following is the live acquisition of data for forensic analysis MOST dependent? (Choose two.) a) data accessibility b) legal hold c) cryptographic or hash algorithm d) data retention legislation e) value and volatility of data f) right-to-audit clauses 26) A security auditor is reviewing vulnerability scan data provided by an internal security team. Which of the following BEST indicates that valid credentials were used? a) A. The scan results show open ports, protocols, and services exposed on the target host b) B. The scan enumerated software versions of installed programs c) C. The scan produced a list of vulnerabilities on the target host d) D. The scan identified expired SSL certificates 27) Which of the following BEST explains the difference between a data owner and a data custodian? a) A. The data owner is responsible for adhering to the rules for using the data, while the data custodian is responsible for determining the corporate governance regarding the data b) B. The data owner is responsible for determining how the data may be used, while the data custodian is responsible for implementing the protection to the data c) C. The data owner is responsible for controlling the data, while the data custodian is responsible for maintaining the chain of custody when handling the data d) D. The data owner grants the technical permissions for data access, while the data custodian maintains the database access controls to the data 28) An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft. Which of the following would be the MOST acceptable? a) SED(self encrypting devices/drivers) b) HSM(hardware security modules) c) DLP(data loss prevention) d) TPM(trusted platform module) 29) A security analyst receives a SIEM alert that someone logged in to the appadmin test account, which is only used for the early detection of attacks. The security analyst then reviews the following application log: a) this is what he sees b) a replay attack c) an injection attack is being conducted against a user authentication system d) A credentialed vulnerability scanner attack is testing several CVEs against the application. e) A service account password may have been changed, resulting in continuous failed logins within the application. 30) In which of the following situations would it be BEST to use a detective control type for mitigation? a) A. A company implemented a network load balancer to ensure 99.999% availability of its web application. b) B. A company designed a backup solution to increase the chances of restoring services in case of a natural disaster. c) C. A company purchased an application-level firewall to isolate traffic between the accounting department and the information technology department. d) D. A company purchased an IPS system, but after reviewing the requirements, the appliance was supposed to monitor, not block, any traffic. e) E. A company purchased liability insurance for flood protection on all capital assets. 31) A cybersecurity analyst needs to implement secure authentication to third-party websites without users' passwords. Which of the following would be the BEST way to achieve this objective? a) OAuth b) SSO c) SAML d) PAP 32) An analyst needs to identify the applications a user was running and the files that were open before the user's computer was shut off by holding down the power button. Which of the following would MOST likely contain that information? a) NGFW b) Pagefile(extension of RAM) c) Netflow d) RAM 33) A remote user recently took a two-week vacation abroad and brought along a corporate-owned laptop. Upon returning to work, the user has been unable to connect the laptop to the VPN. Which of the following is the MOST likely reason for the user's inability to connect the laptop to the VPN? a) A. Due to foreign travel, the user's laptop was isolated from the network. b) B. The user's laptop was quarantined because it missed the latest patch update. c) C. The VPN client was blacklisted. d) D. The user's account was put on a legal hold. 34) An organization needs to implement more stringent controls over administrator/root credentials and service accounts. Requirements for the project include: check-in/checkout of credentials,the ability to ues but not know the password, automated password changes, logging of acces to credentials which of the following solutions would meet the requirements?  a) Oauth 2.0 b) Secure Enclave c) A privileged access management system d) an OpenID Connect authencation system 35) Several employees return to work the day after attending an industry trade show. That same day, the security manager notices several malware alerts coming from each of the employee's workstations. The security manager investigates but finds no signs of an attack on the perimeter firewall or the NIDS. Which of the following is MOST likely causing the malware alerts? a) A. A worm that has propagated itself across the intranet, which was initiated by presentation media b) B. A fileless virus that is contained on a vCard that is attempting to execute an attack c) C. A Trojan that has passed through and executed malicious code on the hosts d) D. A USB flash drive that is trying to run malicious code but is being blocked by the host firewall 36) After reading a security bulletin, a network security manager is concerned that a malicious actor may have breached the network using the same software flaw. The exploit code is publicly available and has been reported as being used against other industries in the same vertical. Which of the following should the network security manager consult FIRST to determine a priority list for forensic review? a) the vulnerability scan output b) The IDS logs c) The full packet capture data d) the SIEM alerts 37) Which of the following cloud models provides clients with servers, storage, and networks but nothing else? a) SaaS b) PaaS c) IaaS d) DaaS 38) A network administrator needs to build out a new datacenter, with a focus on resiliency and uptime. Which of the following would BEST meet this objective? (Choose two.) a) Dual power supply b) off-site backup c) automatic OS upgrades d) NIC teaming e) Scheduled pen testing f) Network attached storage 39) A researcher has been analyzing large data sets for the last ten months. The researcher works with colleagues from other institutions and typically connects via SSH to retrieve additional data. Historically, this setup has worked without issue, but the researcher recently started getting the following message: which of he following network attacks is the reasercher most likely experiencing a) mac cloning b) evil twin c) man-in-the middle d) ARP poisoning 40) A network administrator has been alerted that web pages are experiencing long load times. After determining it is not a routing or DNS issue, the administrator logs in to the router, runs a command, and receives the following output: which of the following is the router experiencing? a) DDos b) memory leak c) buffer overflow d) Resource exhaustion 41) A company provides mobile devices to its users to permit access to email and enterprise applications. The company recently started allowing users to select from several different vendors and device models. When configuring the MDM, which of the following is a key security implication of this heterogeneous device approach? a) A. The most common set of MDM configurations will become the effective set of enterprise mobile security controls. b) B. All devices will need to support SCEP-based enrollment; therefore, the heterogeneity of the chosen architecture may unnecessarily expose private keys to adversaries. c) C. Certain devices are inherently less secure than others, so compensatory controls will be needed to address the delta between device vendors. d) D. MDMs typically will not support heterogeneous deployment environments, so multiple MDMs will need to be installed and configured. 42) A pharmaceutical sales representative logs on to a laptop and connects to the public WiFi to check emails and update reports. Which of the following would be BEST to prevent other devices on the network from directly accessing the laptop? (Choose two.) a) TPM b) Host-based firewall c) DLP solution d) FDE e) a VPN f) antivirus software 43) A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly. Which of the following technologies should the IT manager use when implementing MFA? a) one time passwords b) Email tokens c) Push notifications d) Hardware Authenitcation 44) The CSIRT is reviewing the lessons learned from a recent incident. A worm was able to spread unhindered throughout the network and infect a large number of computers and servers. Which of the following recommendations would be BEST to mitigate the impacts of a similar incident in the future? a) install a NIDS b) Segment the network with firewalls c) Update all antivirus signatures daily d) implement application blacklisting 45) A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company information on user devices. Which of the following solutions would BEST support the policy? a) MDM b) FDE c) Remote wip d) Biometrics 46) A development team employs a practice of bringing all the code changes from multiple team members into the same development project through automation. A tool is utilized to validate the code and track source code through version control. Which of the following BEST describes this process? a) Continuous delivery b) continuous integration c) continuous validation d) continuous monitoring 47) A cybersecurity administrator needs to add disk redundancy for a critical server. The solution must have a two-drive failure for better fault tolerance. Which of the following RAID levels should the administrator select? a) 0 b) 1 c) 5 d) 6 48) Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server? a) A. The document is a honeyfile and is meant to attract the attention of a cyberintruder. b) B. The document is a backup file if the system needs to be recovered. c) C. The document is a standard file that the OS needs to verify the login credentials. d) D. The document is a keylogger that stores all keystrokes should the account be compromised. 49) A security administrator has generated an SSH key pair to authenticate to a new server. Which of the following should the security administrator do NEXT to use the keys securely for authentication? Choose 2 a) A. Install the public key on the server b) B. Install the private key on the server. c) C. Encrypt the public key. d) D. Encrypt the private key. e) E. Install both keys on the server. f) F. Securely wipe the certificate signing request. 50) A security analyst has been asked to investigate a situation after the SOC started to receive alerts from the SIEM. The analyst first looks at the domain controller and finds the following events: a) Credential harvesting b) Keylogger c) Brute-force d) Spraying 51) Which of the following cloud models provides clients with servers, storage, and networks but nothing else? a) SaaS b) PaaS c) IaaS d) DaaS 52) A network administrator needs to build out a new datacenter, with a focus on resiliency and uptime. Which of the following would BEST meet this objective? (Choose two.) a) Dual power supply b) off-site backups c) NIC teaming d) scheduled penetration testing e) Network attached storage 53) A pharmaceutical sales representative logs on to a laptop and connects to the public WiFi to check emails and update reports. Which of the following would be BEST to prevent other devices on the network from directly accessing the laptop? (Choose two.) a) Trusted platform module b) a host-based firewall c) A DLP solution d) Full disk encryption e) A VPN f) Antivirus software 54) A company has just experienced a malware attack affecting a large number of desktop users. The antivirus solution was not able to block the malware, but the HIDS alerted to C2 calls as 'Troj.Generic'. Once the security team found a solution to remove the malware, they were able toremove the malware files successfully, and the HIDS stopped alerting. The next morning, however, the HIDS once again started alerting on the same desktops, and the security team discovered the files were back. Which of the following BEST describes the type of malware infecting this company's network? a) Trojan b) Spyware c) Rootkit d) Botnet 55) An organization wants to host an externally accessible web server that will not contain sensitive user information. Any sensitive information will be hosted on file servers. Which of the following is the BEST architecture configuration for this organization? a) host the web server in a DMZ and the file servers behind a firewall b) B. Host the web server and the file servers in a DMZ c) C. Host the web server behind a firewall and the file servers in a DMZ d) D. Host both the web server and file servers behind a firewall 56) Which of the following describes the ability of code to target a hypervisor from inside a guest OS? a) Fog computing b) VM escape c) Software-defined networking d) Image forgery e) Container breakout 57) A company posts a sign indicating its server room is under video surveillance. Which of the following control types is represented? a) Administrative b) Detective c) Technical d) Deterrent 58) A security administrator has received multiple calls from the help desk about customers who are unable to access the organization's web server. Upon reviewing the log files. the security administrator determines multiple open requests have been made from multiple IP addresses, which is consuming system resources. Which of the following attack types does this BEST describe? a) DDoS b) DoS c) Zero day d) Logic Bomb 59) A network administrator was provided the following output from a vulnerability scan: The network administrator has been instructed to prioritize remediation efforts based on overall risk to the enterprise. Which of the following plugin IDs should be remediated FIRST? a) 10 b) 11 c) 12 d) 13 e) 14 60) Which of the following is the BEST use of a WAF? a) A. To protect sites on web servers that are publicly accessible b) B. To allow access to web services of internal users of the organization. c) C. To maintain connection status of all HTTP requests d) D. To deny access to all websites with certain contents 61) A transitive trust a) automatically established beween a parent and a child b) is used to update DNS record c) allows access to untrusted domain d) can be used in place of a hardware token for logins 62) A systems administrator wants to disable the use of usernames and passwords for SSH authentication and enforce key-based authentication. Which of the following should the administrator do NEXT to enforce this new configuration? a) A. Issue a public/private key pair for each user and securely distribute a private key to each employee. b) B. Instruct users on how to create a public/private key pair and install users' public keys on the server. c) C. Disable the username and password authentication and enable TOTP in the sshd.conf file. d) D. Change the default SSH port. enable TCP tunneling. and provide a pre-configured SSH client. 63) Which of the following would MOST likely be a result of improperly configured user accounts? a) resource exhaustion b) buffer overflow c) session hijacking d) priviledge escalation 64) An organization is concerned about video emissions from users' desktops. Which of the following is the BEST solution to implement? a) screen filters b) shielded cables c) Spectrum analyzers d) Infrared detection 65) Which of the following encryption algorithms require one encryption key? (Select TWO). a) MD5 b) 3DES c) BCRYPT d) RC4 e) DSA 66) A company moved into a new building next to a sugar mill. Cracks have been discovered in the walls of the server room, which is located on the same side as the sugar mill loading docks. The cracks are believed to have been caused by heavy trucks. Moisture has begun to seep into the server room, causing extreme humidification problems and equipment failure. Which of the following BEST describes the type of threat the organization faces? a) Foundational b) Man-made c) Environmental d) Natural 67) Which of the following should a technician use to protect a cellular phone that is needed for an investigation, to ensure the data will not be removed remotely? a) Air gap b) Secure cabinet c) faraday cage d) safe 68) Which of the following is the MOST likely motivation for a script kiddie threat actor? a) Financial gain b) Notoriety c) Political Expression d) Corporate espionage 69) Moving laterally within a network once an initial exploit is used to gain persistent access for the purpose of establishing further control of a system is known as: a) pivoting b) persistence c) active reconnaissance d) a backdoor 70) An organization discovers that unauthorized applications have been installed on companyprovided mobile phones. The organization issues these devices, but some users have managed to bypass the security controls. Which of the following is the MOST likely issue, and how can the organization BEST prevent this from happening? a) A. The mobile phones are being infected with malware that covertly installs the applications. Implement full disk encryption and integrity-checking software. b) B. Some advanced users are jailbreaking the OS and bypassing the controls. Implement an MDM solution to control access to company resources. c) C. The mobile phones have been compromised by an APT and can no longer be trusted. Scan the devices for the unauthorized software, recall any compromised devices, and issue completely new ones. d) D. Some advanced users are upgrading the devices' OS and installing the applications. The organization should create an AUP that prohibits this activity. 71) Which of the following is a valid multifactor authentication combination? a) OTP token combined with password b) strong password and PIN with combination c) OTP token plus smart card d) presence detecting facial recognition 72) A security analyst is investigating a call from a user regarding one of the websites receiving a 503: Service Unavailable error. The analyst runs a netstat-an command to discover if the web server is up and listening. The analyst receives the following output:  a) buffer overflow b) Domain hijacking c) Denial of service d) ARP poisoning 73) Which of the following serves to warn users against downloading and installing pirated software on company devices? a) AUP b) NDA c) ISA d) BPA 74) An employee opens a web browser and types a URL into the address bar. Instead of reaching the requested site, the browser opens a completely different site. Which of the following types of attacks have MOST likely occurred? (Select TWO) a) DNS hijacking b) cross-site scripting c) Domain hijackign d) man-in-the browser e) session hijacking 75) Which of the following represents a multifactor authentication system? a) A. An iris scanner coupled with a palm print reader and fingerprint scanner with liveness detection b) B. A secret passcode that prompts the user to enter a secret key if entered correctly c) C. A digital certificate on a physical token that is unlocked with a secret passcode d) D. A one-time password token combined with a proximity badge 76) A preventive control differs from a compensating control in that a preventive control is: a) A. put in place to mitigate a weakness in a user control. b) B. deployed to supplement an existing control that is EOL. c) C. relied on to address gaps in the existing control structure. d) D. designed to specifically mitigate a risk. 77) The exploitation of a buffer-overrun vulnerability in an application will MOST likely lead to: a) arbitrary code execution b) resource exhaustion c) exposure of authentication credential d) dereferencing of memory pointers 78) The president of a company that specializes in military contracts receives a request for an interview. During the interview, the reporter seems more interested in discussing the president's family life and personal history than the details of a recent company success. Which of the following security concerns is this MOST likely an example of?The president of a company that specializes in military contracts receives a request for an interview. During the interview, the reporter seems more interested in discussing the president's family life and personal history than the details of a recent company success. Which of the following security concerns is this MOST likely an example of? a) Insider threat b) Social engineering c) Passice Reconnaissance d) Phishing 79) Which of the following is an example of federated access management? a) Windows passing user credentials on a peer-to-peer network b) Applying a new user account twith a complex password c) Implementing a AM framework for network access d) Using a popular website login to provide access to another website 80) A company network is currently under attack. Although security controls are in place to stop the attack, the security administrator needs more information about the types of attacks being used. Which of the following network types would BEST help the administrator gather this information? a) DMZ b) Guest network c) ad hoc d) honey net 81) An organization's policy requires users to create passwords with an uppercase letter, lowercase letter, number, and symbol. This policy is enforced with technical controls, which also prevents users from using any of their previous 12 passwords. The quantization does not use single sign on, nor does it centralize storage of passwords.The incident response team recently discovered that passwords for one system were compromised. Passwords for a completely separate system have NOT been compromised, but unusual login activity has been detected fc that separate system. Account login has been detected for users who are on vacation.Which of the following BEST describes what is happening? a) A. Some users are meeting password complexity requirements but not password length requirements. b) B. The password history enforcement is insufficient, and old passwords are still valid across many different systems. c) C. Some users are reusing passwords, and some of the compromised passwords are valid on multiple systems. ' d) D. The compromised password file has been brute-force hacked, and the complexity requirements are not adequate to mitigate this risk. 82) A company recently implemented a new security system. In the course of configuration, the security administrator adds the following entry: Which of the following security technologies is MOST likely being configured? a) application whitelisting b) HIDS c) Data execution prevention d) Removable media control 83) A security analyst needs to be proactive in understand the types of attacks that could potentially target the company's executive. Which of the following intelligence sources should to security analyst review? a) Vulnerability feed b) trusted automated exchanged indicator information c) structured threat information expression d) industry information-sharing and collaboration groups 84) A cybersecurity department purchased a new PAM solution. The team is planning to randomize the service account credentials of the Windows server first. a) Randomize the shared credentials b) use only guest accountsto connect c) use SSH keys and remove generic passwords d) Remove all user accounts 85) A security audit has revealed that a process control terminal is vulnerable to malicious users installing and executing software on the system. The terminal is beyond end-of-life support and cannot be upgraded, so it is placed on a projected network segment. Which of the following would be MOST effective to implement to further mitigate the reported vulnerability? a) DNS Sinkholding b) DLP rules on the terminal c) An IP blacklist d) Application whitelisting 86) An organization has decided to host its web application and database in the cloud. Which of the following BEST describes the security concerns for this decision? a) Access to the organization's servers could be exposed to other cloud-provider clients b) The cloud vendor is a new attack vector within the supply chain c) Outsourcing the code development adds risk to the cloud provider d) Vendor support will cease when the hosting platforms reach EOL. 87) A user reports constant lag and performance issues with the wireless network when working at a local coffee shop.  A security analyst walks the user through an installation of Wireshark and get a five-minute pcap to analyze. The analyst observes the following output:Which of the following attacks does the analyst MOST likely see in this packet capture? a) session replay b) evil twin c) bluejacking d) ARP poisoning 88) A user recently attended an exposition and received some digital promotional materials. The user later noticed blue boxes popping up and disappearing on the computer, and reported receiving several spam emails, which the user did not open. Which of the following is MOST likely the cause of the reported issue? a) there was a drive-by download of malware b) the user installed a cyptominer c) the OS was corrupted d) there was malicious code on the USB drive 89) A security analyst is performing a packet capture on a series of SOAP HTTP requests for a security assessment.  The analyst redirects the output to a file After the capture is complete, the analyst needs to review the first transactions quickly and then search the entire series of requests for a particular string. Which of the following would be BEST to use to accomplish the task? (Select TWO). a) head b) TCP dump c) grep d) rail e) curl /Open ssl f) dd 90) The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, incident during a pandemic or crisis, However, the CEO is concerned that some staff members may take advantage of the of the flexibility and work from high-risk countries while on holidays work to a third-party organization in another country. The Chief information Officer (CIO) believes the company can implement some basic to mitigate the majority of the risk.  Which of the following would be BEST to mitigate CEO's concern? (Select TWO). a) Geolocation b) time-of-day restriction c) certification d) token e) Geotagging f) Role-based access controls 91) A forensics investigator is examining a number of unauthorized payments the were reported on the company's website. Some unusual log entries show users received an email for an unwanted mailing list and clicked on a link to attempt to unsubscribe. One of the users reported the email to the phishing team, and the forwarded email revealed the link to be:Which of the following will the forensics investigator MOST likely determine has occurred? a) SQL injection b) CSRF c) XSS d) XSRF 92) Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the read data? a) Data ecryption b) Data masking c) Data deduplication d) Data minimization 93) A nuclear plant was the victim of a recent attack, and all the networks were air gapped. A subsequent investigation revealed a worm as the source of the issue. Which of the following BEST explains what happened? a) a malicious USB was introdueed by an unsuspecting employee b) the ICS firmware was outdated c) a local machine has a RAT installed d) The HVAC was connected to the maintenance vendor 94) Under GDPR, which of the following is MOST responsible for the protection of privacy and website user rights? a) the data protection officer b) the data processor c) the data owner d) the data controller 95) A user recieved an SMS on a mobile phone that asked for bank delays.Which of the following social-engineering techniques was used in this case? a) SPIM b) Vishing c) Spear phishing d) Smishing 96) A security administrator needs to create a RAID configuration that is focused on high read speeds and fault tolerance. It is unlikely that multiple drivers will fail simultaneously. Which of the following RAID configurations should the administration use? a) RAID 0 b) RAID 1 c) RAID 5 d) RAID 10 97) A user is concerned that a web application will not be able to handle unexpected or random input without crashing. Which of the following BEST describes the type of testing the user should perform? a) Code singing b) Fuzzing c) Manual code review d) Dynamic code analysis 98) A security administrator checks the table of a network switch, which shows the following output: Which of the following is happening to this switch? a) MAC flooding b) DNS poisoning c) MAC cloning d) ARP poisoning 99) A company needs to centralize its logs to create a baseline and have visibility on its security events. Which of the following technologies will accomplish this objective? a) Security information and even management b) A web application firewall c) A vulnerability scanner d) A next-generation firewall

SEC+ Q1

Print
Embed

Leaderboard

Visual style

Options

Switch template

Continue editing: ?