1) NO.1 An incident, which is affecting dozens of systems, involves malware that reaches out to an Internet service for rules and updates. The IP addresses for the Internet host appear to be different in each case. The organization would like to determine a common IoC to support response and recovery actions. Which of the following sources of information would BEST support this solution? a) (A). Web log files b) (B). Browser cache c) (C). DNS query logs d) (D). Antivirus 2) 2 A security administrator checks the table of a network switch, which shows the following output:Which of the following is happening to this switch?   a) (A). MAC Flooding b) (B). DNS poisoning c) (C). MAC cloning d) (D). ARP poisoning 3) NO.3 A security analyst is hardening a Linux workstation and must ensure It has public keys forwarded to remote systems for secure login. Which of the following steps should the analyst perform to meet these requirements? (Select TWO). a) (A). Forward the keys using ssh-copy-id. b) (B). Forward the keys using scp. c) (C). Forward the keys using ash -i. d) (D). Forward the keys using openssl -s. e) (E). Forward the keys using ssh-keyger. 4) NO.5 Developers are writing code and merging it into shared repositories several times a day, where it is tested automatically. Which of the following concepts does this BEST represent? a) (A). Functional testing b) (B). Stored procedures c) (C). Elasticity d) (D). Continuous integration 5) NO.6 Which of the following distributes data among nodes, making it more difficult to manipulate the data hile also minimizing downtime? a) (A). MSSP b) (B). Public cloud c) (C). Hybrid cloud d) (D). Fog computing 6) NO.7 The SOC is reviewing process and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. The allowed the malware to spread to additional hosts before it was contained. Which of the following would be BEST to improve the incident response process? a) (A). Updating the playbooks with better decision points b) (B). Dividing the network into trusted and untrusted zones c) (C). Providing additional end-user training on acceptable use d) (D). Implementing manual quarantining of infected hosts 7) NO.8 A network manager is concerned that business may be negatively impacted if the firewall in its datacenter goes offline. The manager would like to Implement a high availability pair to: a) (A). decrease the mean ne between failures b) (B). remove the single point of failure c) (C). cut down the mean tine to repair d) (D). reduce the recovery time objective 8) NO.9 An organization wants to implement a third factor to an existing multifactor authentication. The organization already uses a smart card and password. Which of the following would meet the organization's needs for a third factor? a) (A). Date of birth b) (B). Fingerprints c) (C). PIN d) (D). TPM 9) NO.10 Which of the following should a technician consider when selecting an encryption method for data that needs to remain confidential for a specific length of time? a) (A). The key length of the encryption algorithm b) (B). The encryption algorithm's longevity c) (C). A method of introducing entropy into key calculations d) (D). The computational overhead of calculating the encryption key 10) NO.11 A root cause analysis reveals that a web application outage was caused by one of the company's developers uploading a newer version of the third-party libraries that were shared among several applications. Which of the following implementations would be BEST to prevent the issue from reoccurring? a) (A). CASB b) (B). SWG c) (C). Containerization d) (D). Automated failover 11) NO.12 An analyst visits an internet forum looking for information about a tool. The analyst finds a threat that appears to contain relevant information. One of the posts says the following:  Which of the following BEST describes the attack that was attempted against the forum readers? a) (A). SOU attack b) (B). DLL attack c) (C). XSS attack d) (D). API attack 12) NO.13 A security analyst is running a vulnerability scan to check for missing patches during a suspected security rodent. During which of the following phases of the response process is this activity MOST likely occurring? a) (A). Containment b) (B). Identification c) (C). Recovery d) (D). Preparation 13) NO.14 A forensics examiner is attempting to dump password cached in the physical memory of a live system but keeps receiving an error message. Which of the following BEST describes the cause of the error? a) (A). The examiner does not have administrative privileges to the system b) (B). The system must be taken offline before a snapshot can be created c) (C). Checksum mismatches are invalidating the disk image d) (D). The swap file needs to be unlocked before it can be accessed 14) NO.15 To secure an application after a large data breach, an e-commerce site will be resetting all users' credentials. Which of the following will BEST ensure the site's users are not compromised after the reset? a) (A). A password reuse policy b) (B). Account lockout after three failed attempts c) (C). Encrypted credentials in transit d) (D). A geofencing policy based on login history 15) NO.16 A grocery store is expressing security and reliability concerns regarding the on-site backup strategy currently being performed by locally attached disks. The main concerns are the physical security of the backup media and the durability of the data stored on these devices. Which of the following is a cost-effective approach to address these concerns? a) (A). Enhance resiliency by adding a hardware RAID. b) (B). Move data to a tape library and store the tapes off site c) (C). Install a local network-attached storage. d) (D). Migrate to a cloud backup solution 16) NO.17 Several employees return to work the day after attending an industry trade show. That same day, the security manager notices several malware alerts coming from each of the employee's workstations. The security manager investigates but finds no signs of an attack on the perimeter firewall or the NIDS. Which of the following is MOST likely causing the malware alerts? a) (A). A worm that has propagated itself across the intranet, which was initiated by presentation media b) (B). A fileless virus that is contained on a vCard that is attempting to execute an attack c) (C). A Trojan that has passed through and executed malicious code on the hosts d) (D). A USB flash drive that is trying to run malicious code but is being blocked by the host firewall 17) NO.18 Which of the following types of controls is a turnstile? a) (A). Physical b) (B). Detective c) (C). Corrective d) (D). Technical 18) NO.20 Under GDPR, which of the following is MOST responsible for the protection of privacy and website user rights? a) (A). The data protection officer b) (B). The data processor c) (C). The data owner d) (D). The data controller 19) NO.22 A security analyst is investigating multiple hosts that are communicating to external IP addresses during the hours of 2:00 a.m - 4:00 am. The malware has evaded detection by traditional antivirus software. Which of the following types of malware is MOST likely infecting the hosts? a) (A). A RAT b) (B). Ransomware c) (C). Logic bomb d) (D). A worm 20) NO.23 An attacker is attempting, to harvest user credentials on a client's website. A security analyst notices multiple attempts of random usernames and passwords. When the analyst types in a random username and password, the logon screen displays the following message: The usuername entered does not exist. Which of the following should the analyst recommend be enabled?    a) (A). Input validation b) (B). Obfuscation c) (C). Error handling d) (D). Username lockout 21) NO.24 An attacker was eavesdropping on a user who was shopping online. The attacker was able to spoof the IP address associated with the shopping site. Later, the user received an email regarding the credit card statement with unusual purchases. Which of the following attacks took place? a) (A). On-path attack b) (B). Protocol poisoning c) (C). Domain hijacking d) (D). Bluejacking 22) NO.26 Which of the following would satisfy three-factor authentication? a) (A). Password, retina scanner, and NFC card b) (B). Password, fingerprint scanner, and retina scanner c) (C). Password, hard token, and NFC card d) (D). Fingerprint scanner, hard token, and retina scanner 23) NO.27 Users at organization have been installing programs from the internet on their workstations without first proper authorization. The organization maintains a portal from which users can install standardized programs. However, some users have administrative access on their workstations to enable legacy programs to function property. Which of the following should the security administrator consider implementing to address this issue? a) (A). Application code signing b) (B). Application whitellsting c) (C). Data loss prevention d) (D). Web application firewalls 24) NO.28 A user enters a password to log in to a workstation and is then prompted to enter an authentication code. Which of the following MFA factors or attributes are being utilized in the authentication process?(Select TWO).  a) (A). Something you know b) (B). Something you have c) (C). Somewhere you are d) (D). Someone you are e) (E). Something you are f) (F). Something you can do 25) NO.29 Which of the following would be the BEST method for creating a detailed diagram of wireless access points and hotspots? a) (A). Footprinting b) (B). White-box testing c) (C). A drone/UAV d) (D). Pivoting 26) NO.30 A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external networks. Which of the following methods would BEST prevent data? (Select TWO) a) (A). VPN b) (B). Drive encryption c) (C). Network firewall d) (D). File-level encryption e) (E). USB blocker f) (F). MFA 27) NO.31 A startup company is using multiple SaaS and IaaS platforms to stand up a corporate infrastructure and build out a customer-facing web application. Which of the following solutiona would be BEST to provide security, manageability, and visibility into the platforms? a) (A). SIEM b) (B). DLP c) (C). CASB d) (D). SWG 28) NO.32 Which of the following is the MOST likely reason for securing an air-gapped laboratory HVAC system? a) (A). To avoid data leakage b) (B). To protect surveillance logs c) (C). To ensure availability d) (D). To restrict remote access 29) NO.33 An organization is concerned that is hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities? a) (A). Hping3 *s comptia, org *p 80 b) (B). Nc -1 v comptia, org p 80 c) (C). nmp comptia, org p 80 aV d) (D). nslookup port=80 comtia.org 30) NO.34 A company is designing the layout of a new datacenter so it will have an optimal environmental temperature. Which of the following must be included? (Select TWO) a) (A). An air gap b) (B). A cold aisle c) (C). Removable doors d) (D). A hot aisle e) (E). An loT thermostat f) (F). A humidity monitor 31) NO.36 Which of the following ISO standards is certified for privacy? a) (A). ISO 9001 b) (B). ISO 27002 c) (C). ISO 27701 d) (D). ISO 31000 32) NO.37 A security analyst is performing a packet capture on a series of SOAP HTTP requests for a security assessment. The analyst redirects the output to a file After the capture is complete, the analyst needs to review the first transactions quickly and then search the entire series of requests for a particular string. Which  a) (A). head b) (B). Tcpdump c) (C). grep d) (D). rail e) (E). curl f) (F). openssi 33) NO.39 A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business customers. Due to the technical limitations of its ustomers the company is unable to upgrade the encryption standard. Which of the following types of controls should be used to reduce the risk created by this scenario? a) (A). Physical b) (B). Detective c) (C). Preventive d) (D). Compensating 34) NO.40 An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft. Which of the following would be the MOST acceptable? a) (A). SED b) (B). HSM c) (C). DLP d) (D). TPM 35) NO.41 A security analyst needs to implement an MDM solution for BYOD users that will allow the company to retain control over company emails residing on the devices and limit data exfiltration that might occur if the devices are lost or stolen. Which of the following would BEST meet these requirements? (Select TWO). a) A). Full-device encryption b) (B). Network usage rules c) (C). Geofencing d) (D). Containerization e) (E). Application whitelisting f) (F). Remote control 36) NO.42 A company has determined that if its computer-based manufacturing is not functioning for 12 consecutive hours, it will lose more money that it costs to maintain the equipment. Which of the following must be less than 12 hours to maintain a positive total cost of ownership? a) (A). MTBF b) (B). RPO c) (C). RTO d) (D). MTTR 37) NO.43 A security analyst wants to fingerprint a web server. Which of the following tools will the security analyst MOST likely use to accomplish this task? a) (A). nmap -p1-65535 192.168.0.10 b) (B). dig 192.168.0.10 c) (C). curl --head http://192.168.0.10 d) (D). ping 192.168.0.10 38) NO.44 Which of the following would be used to find the MOST common web-application vulnerabilities? a) (A). OWASP b) (B). MITRE ATTACK c) (C). Cyber Kill Chain d) (D). SDLC 39) NO.45 A network engineer has been asked to investigate why several wireless barcode scanners and wireless computers in a warehouse have intermittent connectivity to the shipping server. The barcode scanners and computers are all on forklift trucks and move around the warehouse during their regular use. Which of the following should the engineer do to determine the issue? (Choosetwo.) a) (A). Perform a site survey b) (B). Deploy an FTK Imager c) (C). Create a heat map d) (D). Scan for rogue access points e) (E). Upgrade the security protocols f) (F). Install a captive portal 40) NO.46 Entering a secure area requires passing through two doors, both of which require someone who is already inside to initiate access. Which of the following types of physical security controls does this describe? a) (A). Cameras b) (B). Faraday cage c) (C). Access control vestibule d) (D). Sensors e) (E). Guards 41) NO.48 Which of the following is an example of risk avoidance? a) (A). Installing security updates directly in production to expedite vulnerability fixes b) (B). Buying insurance to prepare for financial loss associated with exploits c) (C). Not installing new software to prevent compatibility errors d) (D). Not taking preventive measures to stop the theft of equipment 42) NO.50 Which of the following types of attacks is being attempted and how can it be mitigated? http://comptia.org/../../../etc/passwd  a) (A). XSS; implement a SIEM b) (B). CSRF; implement an IPS c) (C). Directory traversal: implement a WAF d) (D). SQL injection: implement an IDS 43) NO.51 Which of the following is the BEST use of a WAF? a) (A). To protect sites on web servers that are publicly accessible b) (B). To allow access to web services of internal users of the organization. c) (C). To maintain connection status of all HTTP requests d) (D). To deny access to all websites with certain contents 44) NO.52 Which of the following cryptographic concepts would a security engineer utilize while implementing non-repudiation? (Select TWO) a) (A). Block cipher b) (B). Hashing c) (C). Private key d) (D). Perfect forward secrecy e) (E). Salting f) (F). Symmetric keys 45) NO.53 A database administrator needs to ensure all passwords are stored in a secure manner, so the administrate adds randomly generated data to each password before string. Which of the following techniques BEST explains this action? a) (A). Predictability b) (B). Key stretching c) (C). Salting d) (D). Hashing 46) NO.56 Which of the following would be MOST effective to contain a rapidly attack that is affecting a large number of organizations? a) (A). Machine learning b) (B). DNS sinkhole c) (C). Blocklist d) (D). Honeypot 47) NO.57 Which of the following is the correct order of volatility from MOST to LEAST volatile? a) (A). Memory, temporary filesystems, routing tables, disk, network storage b) (B). Cache, memory, temporary filesystems, disk, archival media c) (C). Memory, disk, temporary filesystems, cache, archival media d) (D). Cache, disk, temporary filesystems, network storage, archival media 48) NO.58 Which of the following would be BEST for a technician to review to determine the total risk an organization can bear when assessing a "cloud-first" adoption strategy? a) (A). Risk matrix b) (B). Risk tolerance c) (C). Risk register d) (D). Risk appetite 49) NO.59 A Chief Information Officer receives an email stating a database will be encrypted within 24 hours unless a payment of $20,000 is credited to the account mentioned In the email. This BESTdescribes a scenario related to: a) (A). whaling. b) (B). smishing. c) (C). spear phishing d) (D). vishing 50) NO.60 A company employee recently retired, and there was a schedule delay because no one was capable of filling the employee's position. Which of the following practices would BEST help to prevent this situation in the future? a) (A). Mandatory vacation b) (B). Seperation of duties c) (C). Job rotation d) (D). Exit interviews 51) NO.61 A security administrator suspects an employee has been emailing proprietary information to a competitor. Company policy requires the administrator to capture an exact copy of the employee's hard disk. Which of the following should the administrator use? a) (A). dd b) (B). chmod c) (C). dnsenum d) (D). logger 52) NO.62 A security administrator needs to inspect in-transit files on the enterprise network to search for Pll, credit card data, and classification words. Which of the following would be the BEST to use? a) (A). IDS solution b) (B). EDR solution c) (C). HIPS software solution d) (D). Network DLP solution 53) NO.64 Which of the following is a valid multifactor authentication combination? a) (A). OTP token combined with password b) (B). Strong password and PIN combination c) (C). OTP token plus smart card d) (D). Presence detecting facial recognition 54) NO.65 A company is considering transitioning to the cloud. The company employs individuals from various locations around the world The company does not want to increase its on-premises infrastructure blueprint and only wants to pay for additional compute power required. Which of the following solutions would BEST meet the needs of the company? a) (A). Private cloud b) (B). Hybrid environment c) (C). Managed security service provider d) (D). Hot backup site 55) NO.66 A cybersecurity department purchased o new PAM solution. The team is planning to randomize the service account credentials of the Windows server first. Which of the following would be the BEST method to increase the security on the Linux server? a) (A). Randomize the shared credentials b) (B). Use only guest accounts to connect. c) (C). Use SSH keys and remove generic passwords d) (D). Remove all user accounts. 56) NO.67 A manufacturer creates designs for very high security products that are required to be protected and controlled by the government regulations. These designs are not accessible by corporate networks or the Internet. Which of the following is the BEST solution to protect these designs? a) (A). An air gap b) (B). A Faraday cage c) (C). A shielded cable d) (D). A demilitarized zone 57) NO.68 An attacker is exploiting a vulnerability that does not have a patch available. Which of the following is the attacker exploiting? a) (A). Zero-day b) (B). Default permissions c) (C). Weak encryption d) (D). Unsecure root accounts 58) NO.69 An organization that is located in a flood zone is MOST likely to document the concerns associated with the restoration of IT operation in a: a) (A). business continuity plan b) (B). communications plan. c) (C). disaster recovery plan. d) (D). continuity of operations plan 59) NO.70 A software developer needs to perform code-execution testing, black-box testing, and nonfunctional testing on a new product before its general release. Which of the following BEST describes the tasks the developer is conducting? a) (A). Verification b) (B). Validation c) (C). Normalization d) (D). Staging 60) NO.73 A developer is concerned about people downloading fake malware-infected replicas of a popular game. Which of the following should the developer do to help verify legitimate versions of the game for users? a) (A). Digitally sign the relevant game files. b) (B). Embed a watermark using steganography. c) (C). Implement TLS on the license activation server. d) (D). Fuzz the application for unknown vulnerabilities. 61) NO.74 A SOC is implementing an insider threat detection program, The primary concern is that users may be accessing confidential data without authorization. Which of the fallowing should be deployed to detect a potential insider threat? a) (A). A honeyfile b) (B). A DMZ c) (C). ULF d) (D). File integrity monitoring 62) NO.75 An attack relies on an end user visiting a website the end user would typically visit, however, the site is compromised and uses vulnerabilities in the end users browser to deploy malicious software. Which of the blowing types of attack does this describe? a) (A). Smishing b) (B). Whaling c) (C). Watering hole d) (D). Phishing 63) NO.76 The lessons-learned analysis from a recent incident reveals that an administrative Office worker received a call from someone claiming to be from technical support. The caller convinced the office worker to visit a website, and then download and install a program masquerading as an antivirus package. The program was actually a backdoor that an attacker could later use to remote control the worker's PC. Which of the following would be BEST to help prevent this type of attack in the future? a) (A). Data loss prevention b) (B). Segmentation c) (C). Application whitelisting d) (D). Quarantine 64) NO.77 A user is concerned that a web application will not be able to handle unexpected or random input without crashing. Which of the following BEST describes the type of testing the user should perform? a) (A). Code signing b) (B). Fuzzing c) (C). Manual code review d) (D). Dynamic code analysis 65) NO.78 A security administrator is setting up a SIEM to help monitor for notable events across the enterprise. Which of the following control types does this BEST represent? a) (A). Preventive b) (B). Compensating c) (C). Corrective d) (D). Detective 66) NO.79 A preventive control differs from a compensating control in that a preventive control is: a) (A). put in place to mitigate a weakness in a user control. b) (B). deployed to supplement an existing control that is EOL. c) (C). relied on to address gaps in the existing control structure. d) (D). designed to specifically mitigate a risk. 67) NO.80 A large financial services firm recently released information regarding a security bfeach within its corporate network that began several years before. During the time frame in which the breach occurred, indicators show an attacker gained administrative access to the network through a file download from a social media site and subsequently installed it without the user's knowledge. Since the compromise, the attacker was able to take command and control of the computer systems anonymously while obtaining sensitive corporate and personal employee information. Which of the following methods did the attacker MOST likely use to gam access? a) (A). A bot b) (B). A fileless virus c) (C). A logic bomb d) (D). A RAT

SUPER SET 1-80

by
Print
Embed

Leaderboard

Visual style

Options

Switch template

Continue editing: ?