Special Summer Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

CompTIA SY0-701 CompTIA Security+ Exam 2025 Exam Practice Test

Page: 1 / 50
Total 502 questions

CompTIA Security+ Exam 2025 Questions and Answers

Question 1

Which of the following is a reason why a forensic specialist would create a plan to preserve data after an modem and prioritize the sequence for performing forensic analysis?

Options:

A.

Order of volatility

B.

Preservation of event logs

C.

Chain of custody

D.

Compliance with legal hold

Question 2

A systems administrator is working on a solution with the following requirements:

• Provide a secure zone.

• Enforce a company-wide access control policy.

• Reduce the scope of threats.

Which of the following is the systems administrator setting up?

Options:

A.

Zero Trust

B.

AAA

C.

Non-repudiation

D.

CIA

Question 3

Which of the following would be most useful in determining whether the long-term cost to transfer a risk is less than the impact of the risk?

Options:

A.

ARO

B.

RTO

C.

RPO

D.

ALE

E.

SLE

Question 4

A financial institution would like to store its customer data m the cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution Is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would best meet the requirement?

Options:

A.

Asymmetric

B.

Symmetric

C.

Homomorphic

D.

Ephemeral

Question 5

Which of the following best describes why me SMS DIP authentication method is more risky to implement than the TOTP method?

Options:

A.

The SMS OTP method requires an end user to have an active mobile telephone service and SIM card.

B.

Generally. SMS OTP codes are valid for up to 15 minutes while the TOTP time frame is 30 to 60 seconds

C.

The SMS OTP is more likely to be intercepted and lead to unauthorized disclosure of the code than the TOTP method.

D.

The algorithm used to generate on SMS OTP code is weaker than the one used to generate a TOTP code

Question 6

A client demands at least 99.99% uptime from a service provider's hosted security services. Which of the following documents includes the information the service provider should return to the client?

Options:

A.

MOA

B.

SOW

C.

MOU

D.

SLA

Question 7

A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?

Options:

A.

Enumeration

B.

Sanitization

C.

Destruction

D.

Inventory

Question 8

Which of the following threat vectors is most commonly utilized by insider threat actors attempting data exfiltration?

Options:

A.

Unidentified removable devices

B.

Default network device credentials

C.

Spear phishing emails

D.

Impersonation of business units through typosquatting

Question 9

Which of the following is die most important security concern when using legacy systems to provide production service?

Options:

A.

Instability

B.

Lack of vendor support

C.

Loss of availability

D.

Use of insecure protocols

Question 10

A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?

Options:

A.

Default credentials

B.

Non-segmented network

C.

Supply chain vendor

D.

Vulnerable software

Question 11

An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Choose two.)

Options:

A.

Typosquatting

B.

Phishing

C.

Impersonation

D.

Vishing

E.

Smishing

F.

Misinformation

Question 12

Which of the following should be used to aggregate log data in order to create alerts and detect anomalous activity?

Options:

A.

SIEM

B.

WAF

C.

Network taps

D.

IDS

Question 13

Which of the following should an internal auditor check for first when conducting an audit of the organization's risk management program?

Options:

A.

Policies and procedures

B.

Asset management

C.

Vulnerability assessment

D.

Business impact analysts

Question 14

A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings indicated that a web application form field is vulnerable to cross-site scripting. Which of the following application security techniques should the security analyst recommend the developer implement to prevent this vulnerability?

Options:

A.

Secure cookies

B.

Version control

C.

Input validation

D.

Code signing

Question 15

Which of the following can a security director use to prioritize vulnerability patching within a company's IT environment?

Options:

A.

SOAR

B.

CVSS

C.

SIEM

D.

CVE

Question 16

A security manager is implementing MFA and patch management. Which of the following would best describe the control type and category? (Select two).

Options:

A.

Physical

B.

Managerial

C.

Detective

D.

Administrator

E.

Preventative

F.

Technical

Question 17

A new security regulation was announced that will take effect in the coming year. A company must comply with it to remain in business. Which of the following activities should the company perform next?

Options:

A.

Gap analysis

B.

Policy review

C.

Security procedure evaluation

D.

Threat scope reduction

Question 18

A technician wants to improve the situational and environmental awareness of existing users as they transition from remote to in-office work. Which of the following is the best option?

Options:

A.

Send out periodic security reminders.

B.

Update the content of new hire documentation.

C.

Modify the content of recurring training.D Implement a phishing campaign

Question 19

A security analyst has determined that a security breach would have a financial impact of $15,000 and is expected to occur twice within a three-year period. Which of the following is the ALE for this risk?

Options:

A.

$7,500

B.

$10,000

C.

$15,000

D.

$30,000

Question 20

Which of the following security concepts is accomplished with the installation of a RADIUS server?

Options:

A.

CIA

B.

AA

C.

ACL

D.

PEM

Question 21

Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?

Options:

A.

Insider

B.

Unskilled attacker

C.

Nation-state

D.

Hacktivist

Question 22

The Chief Information Security Officer (CISO) at a large company would like to gain an understanding of how the company's security policies compare to the requirements imposed by external regulators. Which of the following should the CISO use?

Options:

A.

Penetration test

B.

Internal audit

C.

Attestation

D.

External examination

Question 23

A systems administrator wants to prevent users from being able to access data based on their responsibilities. The administrator also wants to apply the required access structure via a simplified format. Which of the following should the administrator apply to the site recovery resource group?

Options:

A.

RBAC

B.

ACL

C.

SAML

D.

GPO

Question 24

A security analyst is assessing several company firewalls. Which of the following cools would The analyst most likely use to generate custom packets to use during the assessment?

Options:

A.

hping

B.

Wireshark

C.

PowerShell

D.

netstat

Question 25

Which of the following explains how to determine the global regulations that data is subject to regardless of the country where the data is stored?

Options:

A.

Geographic dispersion

B.

Data sovereignty

C.

Geographic restrictions

D.

Data segmentation

Question 26

Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?

Options:

A.

Hacktivist

B.

Whistleblower

C.

Organized crime

D.

Unskilled attacker

Question 27

Which of the following is a possible consequence of a VM escape?

Options:

A.

Malicious instructions can be inserted into memory and give the attacker elevated permissions.

B.

An attacker can access the hypervisor and compromise other VMs.

C.

Unencrypted data can be read by a user in a separate environment.

D.

Users can install software that is not on the manufacturer's approved list.

Question 28

Which of the following topics would most likely be included within an organization's SDLC?

Options:

A.

Service-level agreements

B.

Information security policy

C.

Penetration testing methodology

D.

Branch protection requirements

Question 29

A network administrator wants to ensure that network traffic is highly secure while in transit. Which of the following actions best describes the actions the network administrator should take?

Options:

A.

Ensure that NAC is enforced on all network segments, and confirm that firewalls have updated policies to block unauthorized traffic.

B.

Ensure only TLS and other encrypted protocols are selected for use on the network, and only permit authorized traffic via secure protocols.

C.

Configure the perimeter IPS to block inbound HTTPS directory traversal traffic, and verify that signatures are updated on a daily basis.

D.

Ensure the EDR software monitors for unauthorized applications that could be used by threat actors, and configure alerts for the security team.

Question 30

A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware?

Options:

A.

A thorough analysis of the supply chain

B.

A legally enforceable corporate acquisition policy

C.

A right to audit clause in vendor contracts and SOWs

D.

An in-depth penetration test of all suppliers and vendors

Question 31

A company's Chief Information Security Officer (CISO) wants to enhance the capabilities of the incident response team. The CISO directs the incident response team to deploy a tool that rapidly analyzes host and network data from potentially compromised systems and forwards the data for further review. Which of the following tools should the incident response team deploy?

Options:

A.

NAC

B.

IPS

C.

SIEM

D.

EDR

Question 32

After a company was compromised, customers initiated a lawsuit. The company's attorneys have requested that the security team initiate a legal hold in response to the lawsuit. Which of the following describes the action the security team will most likely be required to take?

Options:

A.

Retain the emails between the security team and affected customers for 30 days.

B.

Retain any communications related to the security breach until further notice.

C.

Retain any communications between security members during the breach response.

D.

Retain all emails from the company to affected customers for an indefinite period of time.

Question 33

Which of the following are cases in which an engineer should recommend the decommissioning of a network device? (Select two).

Options:

A.

The device has been moved from a production environment to a test environment.

B.

The device is configured to use cleartext passwords.

C.

The device is moved to an isolated segment on the enterprise network.

D.

The device is moved to a different location in the enterprise.

E.

The device's encryption level cannot meet organizational standards.

F.

The device is unable to receive authorized updates.

Question 34

Which of the following is required for an organization to properly manage its restore process in the event of system failure?

Options:

A.

IRP

B.

DRP

C.

RPO

D.

SDLC

Question 35

An organization is adopting cloud services at a rapid pace and now has multiple SaaS applications in use. Each application has a separate log-in. so the security team wants to reduce the number of credentials each employee must maintain. Which of the following is the first step the security team should take?

Options:

A.

Enable SAML

B.

Create OAuth tokens.

C.

Use password vaulting.

D.

Select an IdP

Question 36

A security engineer would like to enhance the use of automation and orchestration within the SIEM. Which of the following would be the primary benefit of this enhancement?

Options:

A.

It increases complexity.

B.

It removes technical debt.

C.

It adds additional guard rails.

D.

It acts as a workforce multiplier.

Question 37

A company discovered its data was advertised for sale on the dark web. During the initial investigation, the company determined the data was proprietary data. Which of the following is the next step the company should take?

Options:

A.

Identity the attacker sentry methods.

B.

Report the breach to the local authorities.

C.

Notify the applicable parties of the breach.

D.

Implement vulnerability scanning of the company's systems.

Question 38

An employee clicked a malicious link in an email and downloaded malware onto the company's computer network. The malicious program exfiltrated thousands of customer records. Which of the following should the company implement to prevent this in the future?

Options:

A.

User awareness training

B.

Network monitoring

C.

Endpoint protection

D.

Data loss prevention

Question 39

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO's report?

Options:

A.

Insider threat

B.

Hacktivist

C.

Nation-state

D.

Organized crime

Question 40

A company has a website in a server cluster. One server is experiencing very high usage, while others are nearly unused. Which of the following should the company configure to help distribute traffic quickly?

Options:

A.

Server multiprocessing

B.

Warm site

C.

Load balancer

D.

Proxy server

Question 41

Which of the following tasks is typically included in the BIA process?

Options:

A.

Estimating the recovery time of systems

B.

Identifying the communication strategy

C.

Evaluating the risk management plan

D.

Establishing the backup and recovery procedures

E.

Developing the incident response plan

Question 42

A security engineer is installing an IPS to block signature-based attacks in the environment. Which of the following modes will best accomplish this task?

Options:

A.

Monitor

B.

Sensor

C.

Audit

D.

Active

Question 43

A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering.

Which of the following teams will conduct this assessment activity?

Options:

A.

White

B.

Purple

C.

Blue

D.

Red

Question 44

After a recent ransomware attack on a company's system, an administrator reviewed the log files. Which of the following control types did the administrator use?

Options:

A.

Compensating

B.

Detective

C.

Preventive

D.

Corrective

Question 45

A security manager created new documentation to use in response to various types of security incidents. Which of the following is the next step the manager should take?

Options:

A.

Set the maximum data retention policy.

B.

Securely store the documents on an air-gapped network.

C.

Review the documents' data classification policy.

D.

Conduct a tabletop exercise with the team.

Question 46

A visitor plugs a laptop into a network jack in the lobby and is able to connect to the company's network. Which of the following should be configured on the existing network infrastructure to best prevent this activity?

Options:

A.

Port security

B.

Web application firewall

C.

Transport layer security

D.

Virtual private network

Question 47

Which of the following is used to quantitatively measure the criticality of a vulnerability?

Options:

A.

CVE

B.

CVSS

C.

CIA

D.

CERT

Question 48

A company relies on open-source software libraries to build the software used by its customers. Which of the following vulnerability types would be the most difficult to remediate due to the company's reliance on open-source libraries?

Options:

A.

Buffer overflow

B.

SQL injection

C.

Cross-site scripting

D.

Zero day

Question 49

Several customers want an organization to verify its security controls are operating effectively and have requested an independent opinion. Which of the following is the most efficient way to address these requests?

Options:

A.

Hire a vendor to perform a penetration test.

B.

Perform an annual self-assessment.

C.

Allow each client the right to audit.

D.

Provide a third-party attestation report.

Question 50

The security operations center is researching an event concerning a suspicious IP address A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced faded log-In attempts when authenticating from the same IP address:

Question # 50

Which of the following most likely describes attack that took place?

Options:

A.

Spraying

B.

Brute-force

C.

Dictionary

D.

Rainbow table

Question 51

Which of the following is the final step of the modem response process?

Options:

A.

Lessons learned

B.

Eradication

C.

Containment

D.

Recovery

Question 52

An employee used a company's billing system to issue fraudulent checks. The administrator is looking for evidence of other occurrences of this activity. Which of the following should the administrator examine?

Options:

A.

Application logs

B.

Vulnerability scanner logs

C.

IDS/IPS logs

D.

Firewall logs

Question 53

The security team at a large global company needs to reduce the cost of storing data used for performing investigations. Which of the following types of data should have its retention length reduced?

Options:

A.

Packet capture

B.

Endpoint logs

C.

OS security logs

D.

Vulnerability scan

Question 54

An organization wants to limit potential impact to its log-in database in the event of a breach. Which of the following options is the security team most likely to recommend?

Options:

A.

Tokenization

B.

Hashing

C.

Obfuscation

D.

Segmentation

Question 55

A company's online shopping website became unusable shortly after midnight on January 30, 2023. When a security analyst reviewed the database server, the analyst noticed the following code used for backing up data:

Which of the following should the analyst do next?

Options:

A.

Check for recently terminated DBAs.

B.

Review WAF logs for evidence of command injection.

C.

Scan the database server for malware.

D.

Search the web server for ransomware notes.

Question 56

A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?

Options:

A.

Data masking

B.

Encryption

C.

Geolocation policy

D.

Data sovereignty regulation

Question 57

A security professional discovers a folder containing an employee's personal information on the enterprise's shared drive. Which of the following best describes the data type the securityprofessional should use to identify organizational policies and standards concerning the storage of employees' personal information?

Options:

A.

Legal

B.

Financial

C.

Privacy

D.

Intellectual property

Question 58

An administrator notices that several users are logging in from suspicious IP addresses. After speaking with the users, the administrator determines that the employees were not logging in from those IP addresses and resets the affected users’ passwords. Which of the following should the administrator implement to prevent this type of attack from succeeding in the future?

Options:

A.

Multifactor authentication

B.

Permissions assignment

C.

Access management

D.

Password complexity

Question 59

Which of the following aspects of the data management life cycle is most directly impacted by local and international regulations?

Options:

A.

Destruction

B.

Certification

C.

Retention

D.

Sanitization

Question 60

A systems administrator is concerned users are accessing emails through a duplicate site that is not run by the company. Which of the following is used in this scenario?

Options:

A.

Impersonation

B.

Replication

C.

Phishing

D.

Smishing

Question 61

Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

Options:

A.

Disaster recovery plan

B.

Incident response procedure

C.

Business continuity plan

D.

Change management procedure

Question 62

Which of the following methods to secure credit card data is best to use when a requirement is to see only the last four numbers on a credit card?

Options:

A.

Encryption

B.

Hashing

C.

Masking

D.

Tokenization

Question 63

While a user reviews their email, a host gets infected by malware from an external hard drive plugged into the host. The malware steals all the user's credentials stored in the browser. Which of the following training topics should the user review to prevent this situation from reoccurring?

Options:

A.

Operational security

B.

Removable media and cables

C.

Password management

D.

Social engineering

Question 64

Cadets speaking a foreign language are using company phone numbers to make unsolicited phone calls lo a partner organization. A security analyst validates through phone system logs that the calls are occurring and the numbers are not being spoofed. Which of the following is the most likely explanation?

Options:

A.

The executive team is traveling internationally and trying to avoid roaming charges

B.

The company's SIP server security settings are weak.

C.

Disgruntled employees are making calls to the partner organization.

D.

The service provider has assigned multiple companies the same numbers

Question 65

Which of the following architectures is most suitable to provide redundancy for critical business processes?

Options:

A.

Network-enabled

B.

Server-side

C.

Cloud-native

D.

Multitenant

Question 66

Which of the following is the first step to secure a newly deployed server?

Options:

A.

Close unnecessary service ports.

B.

Update the current version of the software.

C.

Add the device to the ACL.

D.

Upgrade the OS version.

Question 67

An attacker submits a request containing unexpected characters in an attempt to gain unauthorized access to information within the underlying systems. Which of the following best describes this attack?

Options:

A.

Side loading

B.

Target of evaluation

C.

Resource reuse

D.

SQL injection

Question 68

A company is implementing a policy to allow employees to use their personal equipment for work. However, the company wants to ensure that only company-approved applications can be installed. Which of the following addresses this concern?

Options:

A.

MDM

B.

Containerization

C.

DLP

D.

FIM

Question 69

For which of the following reasons would a systems administrator leverage a 3DES hash from an installer file that is posted on a vendor's website?

Options:

A.

To test the integrity of the file

B.

To validate the authenticity of the file

C.

To activate the license for the file

D.

To calculate the checksum of the file

Question 70

A company is currently utilizing usernames and passwords, and it wants to integrate an MFA method that is seamless, can Integrate easily into a user's workflow, and can utilize employee-owned devices. Which of the following will meet these requirements?

Options:

A.

Push notifications

B.

Phone call

C.

Smart card

D.

Offline backup codes

Question 71

A company is considering an expansion of access controls for an application that contractors and internal employees use to reduce costs. Which of the following risk elements should the implementation team understand before granting access to the application?

Options:

A.

Threshold

B.

Appetite

C.

Avoidance

D.

Register

Question 72

A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee’s corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?

Options:

A.

Application

B.

IPS/IDS

C.

Network

D.

Endpoint

Question 73

Which of the following activities should a systems administrator perform to quarantine a potentially infected system?

Options:

A.

Move the device into an air-gapped environment.

B.

Disable remote log-in through Group Policy.

C.

Convert the device into a sandbox.

D.

Remote wipe the device using the MDM platform.

Question 74

A security engineer at a large company needs to enhance IAM to ensure that employees can only access corporate systems during their shifts. Which of the following access controls should the security engineer implement?

Options:

A.

Role-based

B.

Time-of-day restrictions

C.

Least privilege

D.

Biometric authentication

Question 75

After an audit, an administrator discovers all users have access to confidential data on a file server. Which of the following should the administrator use to restrict access to the data quickly?

Options:

A.

Group Policy

B.

Content filtering

C.

Data loss prevention

D.

Access control lists

Question 76

Which of the following provides the details about the terms of a test with a third-party penetration tester?

Options:

A.

Rules of engagement

B.

Supply chain analysis

C.

Right to audit clause

D.

Due diligence

Question 77

During a recent company safety stand-down, the cyber-awareness team gave a presentation on the importance of cyber hygiene. One topic the team covered was best practices for printing centers. Which of the following describes an attack method that relates to printing centers?

Options:

A.

Whaling

B.

Credential harvesting

C.

Prepending

D.

Dumpster diving

Question 78

Which of the following is a primary security concern for a company setting up a BYOD program?

Options:

A.

End of life

B.

Buffer overflow

C.

VM escape

D.

Jailbreaking

Question 79

An organization is evaluating new regulatory requirements associated with the implementation of corrective controls on a group of interconnected financial systems. Which of the following is the most likely reason for the new requirement?

Options:

A.

To defend against insider threats altering banking details

B.

To ensure that errors are not passed to other systems

C.

To allow for business insurance to be purchased

D.

To prevent unauthorized changes to financial data

Question 80

Which of the following is the best way to validate the integrity and availability of a disaster recovery site?

Options:

A.

Lead a simulated failover.

B.

Conduct a tabletop exercise.

C.

Periodically test the generators.

D.

Develop requirements for database encryption.

Question 81

A security analyst is reviewing logs to identify the destination of command-and-control traffic originating from a compromised device within the on-premises network. Which of the following is the best log to review?

Options:

A.

IDS

B.

Antivirus

C.

Firewall

D.

Application

Question 82

After failing an audit twice, an organization has been ordered by a government regulatory agency to pay fines. Which of the following caused this action?

Options:

A.

Non-compliance

B.

Contract violations

C.

Government sanctions

D.

Rules of engagement

Question 83

One of a company's vendors sent an analyst a security bulletin that recommends a BIOS update. Which of the following vulnerability types is being addressed by the patch?

Options:

A.

Virtualization

B.

Firmware

C.

Application

D.

Operating system

Question 84

A company needs to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary. Which of the following methods is most secure?

Options:

A.

Implementing a bastion host

B.

Deploying a perimeter network

C.

Installing a WAF

D.

Utilizing single sign-on

Question 85

A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?

Options:

A.

Logging all NetFlow traffic into a SIEM

B.

Deploying network traffic sensors on the same subnet as the servers

C.

Logging endpoint and OS-specific security logs

D.

Enabling full packet capture for traffic entering and exiting the servers

Question 86

Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?

Options:

A.

To track the status of patching installations

B.

To find shadow IT cloud deployments

C.

To continuously the monitor hardware inventory

D.

To hunt for active attackers in the network

Question 87

Which of the following describes the procedures a penetration tester must follow while conducting a test?

Options:

A.

Rules of engagement

B.

Rules of acceptance

C.

Rules of understanding

D.

Rules of execution

Question 88

Which of the following is the most effective way to protect an application server running software that is no longer supported from network threats?

Options:

A.

Air gap

B.

Barricade

C.

Port security

D.

Screen subnet

Question 89

Which of the following is an algorithm performed to verify that data has not been modified?

Options:

A.

Hash

B.

Code check

C.

Encryption

D.

Checksum

Question 90

Which of the following is the best reason to complete an audit in a banking environment?

Options:

A.

Regulatory requirement

B.

Organizational change

C.

Self-assessment requirement

D.

Service-level requirement

Question 91

A company has begun labeling all laptops with asset inventory stickers and associating them with employee IDs. Which of the following security benefits do these actions provide? (Choose two.)

Options:

A.

If a security incident occurs on the device, the correct employee can be notified.

B.

The security team will be able to send user awareness training to the appropriate device.

C.

Users can be mapped to their devices when configuring software MFA tokens.

D.

User-based firewall policies can be correctly targeted to the appropriate laptops.

E.

When conducting penetration testing, the security team will be able to target the desired laptops.

F.

Company data can be accounted for when the employee leaves the organization.

Question 92

Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?

Options:

A.

SIEM

B.

DLP

C.

IDS

D.

SNMP

Question 93

A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture?

Options:

A.

Patch availability

B.

Product software compatibility

C.

Ease of recovery

D.

Cost of replacement

Question 94

Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

Options:

A.

Compensating control

B.

Network segmentation

C.

Transfer of risk

D.

SNMP traps

Question 95

An organization has recently decided to implement SSO. The requirements are to leverage access tokens and focus on application authorization rather than user authentication. Which of the following solutions would the engineering team most likely configure?

Options:

A.

LDAP

B.

Federation

C.

SAML

D.

OAuth

Question 96

An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website. Which of the following should the administrator do?

Options:

A.

Deploy multifactor authentication.

B.

Decrease the level of the web filter settings

C.

Implement security awareness training.

D.

Update the acceptable use policy

Question 97

A systems administrator is concerned about vulnerabilities within cloud computing instances Which of the following is most important for the administrator to consider when architecting a cloud computing environment?

Options:

A.

SQL injection

B.

TOC/TOU

C.

VM escape

D.

Tokenization

E.

Password spraying

Question 98

You are security administrator investigating a potential infection on a network.

Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.

Question # 98

Question # 98

Question # 98

Options:

Question 99

The management team notices that new accounts that are set up manually do not always have correct access or permissions.

Which of the following automation techniques should a systems administrator use to streamline account creation?

Options:

A.

Guard rail script

B.

Ticketing workflow

C.

Escalation script

D.

User provisioning script

Question 100

A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?

Options:

A.

SSO

B.

LEAP

C.

MFA

D.

PEAP

Question 101

Which of the following is a compensating control for providing user access to a high-risk website?

Options:

A.

Enabling threat prevention features on the firewall

B.

Configuring a SIEM tool to capture all web traffic

C.

Setting firewall rules to allow traffic from any port to that destination

D.

Blocking that website on the endpoint protection software

Question 102

Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?

Options:

A.

To track the status of patch installations

B.

To find shadow IT cloud deployments

C.

To continuously monitor hardware inventory

D.

To hunt for active attackers in the network

Question 103

An organization is implementing a COPE mobile device management policy. Which of the following should the organization include in the COPE policy? (Select two).

Options:

A.

Remote wiping of the device

B.

Data encryption

C.

Requiring passwords with eight characters

D.

Data usage caps

E.

Employee data ownership

F.

Personal application store access

Question 104

Which of the following activities are associated with vulnerability management? (Select two).

Options:

A.

Reporting

B.

Prioritization

C.

Exploiting

D.

Correlation

E.

Containment

F.

Tabletop exercise

Question 105

Which of the following describes an executive team that is meeting in a board room and testing the company's incident response plan?

Options:

A.

Continuity of operations

B.

Capacity planning

C.

Tabletop exercise

D.

Parallel processing

Question 106

A company wants to get alerts when others are researching and doing reconnaissance on the company One approach would be to host a part of the Infrastructure online with known vulnerabilities that would appear to be company assets. Which of the following describes this approach?

Options:

A.

Watering hole

B.

Bug bounty

C.

DNS sinkhole

D.

Honeypot

Question 107

A university employee logged on to the academic server and attempted to guess the system administrators' log-in credentials. Which of the following security measures should the university have implemented to detect the employee's attempts to gain access to the administrators' accounts?

Options:

A.

Two-factor authentication

B.

Firewall

C.

Intrusion prevention system

D.

User activity logs

Question 108

An organization recently updated its security policy to include the following statement:

Regular expressions are included in source code to remove special characters such as $, |, ;. &, `, and ? from variables set by forms in a web application.

Which of the following best explains the security technique the organization adopted by making this addition to the policy?

Options:

A.

Identify embedded keys

B.

Code debugging

C.

Input validation

D.

Static code analysis

Question 109

Which of the following should a security operations center use to improve its incident response procedure?

Options:

A.

Playbooks

B.

Frameworks

C.

Baselines

D.

Benchmarks

Question 110

A website user is locked out of an account after clicking an email link and visiting a different website Web server logs show the user's password was changed, even though the user did not change the password. Which of the following is the most likely cause?

Options:

A.

Cross-sue request forgery

B.

Directory traversal

C.

ARP poisoning

D.

SQL injection

Question 111

A security consultant needs secure, remote access to a client environment. Which of the following should the security consultant most likely use to gain access?

Options:

A.

EAP

B.

DHCP

C.

IPSec

D.

NAT

Question 112

Which of the following types of vulnerabilities is primarily caused by improper use and management of cryptographic certificates?

Options:

A.

Misconfiguration

B.

Resource reuse

C.

Insecure key storage

D.

Weak cipher suites

Question 113

A security administrator is reissuing a former employee's laptop. Which of the following is the best combination of data handling activities for the administrator to perform? (Select two).

Options:

A.

Data retention

B.

Certification

C.

Tokenization

D.

Classification

E.

Sanitization

F.

Enumeration

Question 114

A company's end users are reporting that they are unable to reach external websites. After reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk, and memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of DNS queries sent to this server. Which of the following best describes what the security analyst is seeing?

Options:

A.

Concurrent session usage

B.

Secure DNS cryptographic downgrade

C.

On-path resource consumption

D.

Reflected denial of service

Question 115

A company wants to ensure employees are allowed to copy files from a virtual desktop during the workday but are restricted during non-working hours. Which of the following security measures should the company set up?

Options:

A.

Digital rights management

B.

Role-based access control

C.

Time-based access control

D.

Network access control

Question 116

An IT manager is putting together a documented plan describing how the organization will keep operating in the event of a global incident. Which of the following plans is the IT manager creating?

Options:

A.

Business continuity

B.

Physical security

C.

Change management

D.

Disaster recovery

Question 117

A security analyst developed a script to automate a trivial and repeatable task. Which of the following best describes the benefits of ensuring other team members understand how the script works?

Options:

A.

To reduce implementation cost

B.

To identify complexity

C.

To remediate technical debt

D.

To prevent a single point of failure

Question 118

Which of the following would enable a data center to remain operational through a multiday power outage?

Options:

A.

Generator

B.

Uninterruptible power supply

C.

Replication

D.

Parallel processing

Question 119

A security analyst is reviewing the following logs:

Question # 119

Which of the following attacks is most likely occurring?

Options:

A.

Password spraying

B.

Account forgery

C.

Pass-t he-hash

D.

Brute-force

Question 120

An organization maintains intellectual property that it wants to protect. Which of the following concepts would be most beneficial to add to the company's security awareness training program?

Options:

A.

Insider threat detection

B.

Simulated threats

C.

Phishing awareness

D.

Business continuity planning

Question 121

A new employee logs in to the email system for the first time and notices a message from human resources about onboarding. The employee hovers over a few of the links within the email and discovers that the links do not correspond to links associated with the company. Which of the following attack vectors is most likely being used?

Options:

A.

Business email

B.

Social engineering

C.

Unsecured network

D.

Default credentials

Question 122

An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Select two).

Options:

A.

Application

B.

Authentication

C.

DHCP

D.

Network

E.

Firewall

F.

Database

Question 123

Which of the following would a security administrator use to comply with a secure baseline during a patch update?

Options:

A.

Information security policy

B.

Service-level expectations

C.

Standard operating procedure

D.

Test result report

Question 124

A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system. Which of the following would detect this behavior?

Options:

A.

Implementing encryption

B.

Monitoring outbound traffic

C.

Using default settings

D.

Closing all open ports

Question 125

A systems administrator receives a text message from an unknown number claiming to be the Chief Executive Officer of the company. The message states an emergency situation requires a password reset. Which of the following threat vectors is being used?

Options:

A.

Typosquatting

B.

Smishing

C.

Pretexting

D.

Impersonation

Question 126

During a SQL update of a database, a temporary field that was created was replaced by an attacker in order to allow access to the system. Which of the following best describes this type of vulnerability?

Options:

A.

Race condition

B.

Memory injection

C.

Malicious update

D.

Side loading

Question 127

An administrator has identified and fingerprinted specific files that will generate an alert if an attempt is made to email these files outside of the organization. Which of the following best describes the tool the administrator is using?

Options:

A.

DLP

B.

SNMP traps

C.

SCAP

D.

IPS

Question 128

Which of the following agreement types defines the time frame in which a vendor needs to respond?

Options:

A.

SOW

B.

SLA

C.

MOA

D.

MOU

Question 129

A database administrator is updating the company's SQL database, which stores credit card information for pending purchases. Which of the following is the best method to secure the data against a potential breach?

Options:

A.

Hashing

B.

Obfuscation

C.

Tokenization

D.

Masking

Question 130

A systems administrator set up a perimeter firewall but continues to notice suspicious connections between internal endpoints. Which of the following should be set up in order to mitigate the threat posed by the suspicious activity?

Options:

A.

Host-based firewall

B.

Web application firewall

C.

Access control list

D.

Application allow list

Question 131

An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.

Which of the following best describes the user’s activity?

Options:

A.

Penetration testing

B.

Phishing campaign

C.

External audit

D.

Insider threat

Question 132

During a recent log review, an analyst found evidence of successful injection attacks. Which of the following will best address this issue?

Options:

A.

Authentication

B.

Secure cookies

C.

Static code analysis

D.

Input validation

Question 133

A security consultant is working with a client that wants to physically isolate its secure systems. Which of the following best describes this architecture?

Options:

A.

SDN

B.

Air gapped

C.

Containerized

D.

Highly available

Question 134

A business needs a recovery site but does not require immediate failover. The business also wants to reduce the workload required to recover from an outage. Which of the following recovery sites is the best option?

Options:

A.

Hot

B.

Cold

C.

Warm

D.

Geographically dispersed

Question 135

A company recently decided to allow employees to work remotely. The company wants to protect us data without using a VPN. Which of the following technologies should the company Implement?

Options:

A.

Secure web gateway

B.

Virtual private cloud end point

C.

Deep packet Inspection

D.

Next-gene ration firewall

Question 136

Malware spread across a company's network after an employee visited a compromised industry blog. Which of the following best describes this type of attack?

Options:

A.

Impersonation

B.

Disinformation

C.

Watering-hole

D.

Smishing

Question 137

An administrator needs to perform server hardening before deployment. Which of the following steps should the administrator take? (Select two).

Options:

A.

Disable default accounts.

B.

Add the server to the asset inventory.

C.

Remove unnecessary services.

D.

Document default passwords.

E.

Send server logs to the SIEM.

F.

Join the server to the corporate domain.

Question 138

Which of the following best practices gives administrators a set period to perform changes to an operational system to ensure availability and minimize business impacts?

Options:

A.

Impact analysis

B.

Scheduled downtime

C.

Backout plan

D.

Change management boards

Question 139

A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring?

Options:

A.

Encryption at rest

B.

Masking

C.

Data classification

D.

Permission restrictions

Question 140

An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC’s memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?

Options:

A.

Privilege escalation

B.

Buffer overflow

C.

SQL injection

D.

Pass-the-hash

Question 141

A human resources (HR) employee working from home leaves their company laptop open on the kitchen table. A family member walking through the kitchen reads an email from the Chief Financial Officer addressed to the HR department. The email contains information referencing company layoffs. The family member posts the content of the email to social media. Which of the following policies will the HR employee most likely need to review after this incident?

Options:

A.

Hybrid work environment

B.

Operations security

C.

Data loss prevention

D.

Social engineering

Question 142

An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?

Options:

A.

Real-time recovery

B.

Hot

C.

Cold

D.

Warm

Question 143

Which of the following is a type of vulnerability that involves inserting scripts into web-based applications in order to take control of the client's web browser?

Options:

A.

SQL injection

B.

Cross-site scripting

C.

Zero-day exploit

D.

On-path attack

Question 144

A growing company would like to enhance the ability of its security operations center to detect threats but reduce the amount of manual work required tor the security analysts. Which of the following would best enable the reduction in manual work?

Options:

A.

SOAR

B.

SIEM

C.

MDM

D.

DLP

Page: 1 / 50
Total 502 questions