Month End Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

CompTIA SY0-701 CompTIA Security+ Exam 2025 Exam Practice Test

Page: 1 / 52
Total 518 questions

CompTIA Security+ Exam 2025 Questions and Answers

Question 1

Which of the following would a systems administrator follow when upgrading the firmware of an organization's router?

Options:

A.

Software development life cycle

B.

Risk tolerance

C.

Certificate signing request

D.

Maintenance window

Question 2

An administrator wants to perform a risk assessment without using proprietary company information. Which of the following methods should the administrator use to gather information?

Options:

A.

Network scanning

B.

Penetration testing

C.

Open-source intelligence

D.

Configuration auditing

Question 3

An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website. Which of the following should the administrator do?

Options:

A.

Deploy multifactor authentication.

B.

Decrease the level of the web filter settings

C.

Implement security awareness training.

D.

Update the acceptable use policy

Question 4

A security analyst needs to propose a remediation plan 'or each item in a risk register. The item with the highest priority requires employees to have separate logins for SaaS solutions and different password complexity requirements for each solution. Which of the following implementation plans will most likely resolve this security issue?

Options:

A.

Creating a unified password complexity standard

B.

Integrating each SaaS solution with the Identity provider

C.

Securing access to each SaaS by using a single wildcard certificate

D.

Configuring geofencing on each SaaS solution

Question 5

An organization is adopting cloud services at a rapid pace and now has multiple SaaS applications in use. Each application has a separate log-in. so the security team wants to reduce the number of credentials each employee must maintain. Which of the following is the first step the security team should take?

Options:

A.

Enable SAML

B.

Create OAuth tokens.

C.

Use password vaulting.

D.

Select an IdP

Question 6

An administrator is Investigating an incident and discovers several users’ computers were Infected with malware after viewing files mat were shared with them. The administrator discovers no degraded performance in the infected machines and an examination of the log files does not show excessive failed logins. Which of the following attacks Is most likely the cause of the malware?

Options:

A.

Malicious flash drive

B.

Remote access Trojan

C.

Brute-forced password

D.

Cryptojacking

Question 7

A penetration tester begins an engagement by performing port and service scans against the client environment according to the rules of engagement. Which of the following reconnaissance types is the tester performing?

Options:

A.

Active

B.

Passive

C.

Defensive

D.

Offensive

Question 8

A security analyst is reviewing logs to identify the destination of command-and-control traffic originating from a compromised device within the on-premises network. Which of the following is the best log to review?

Options:

A.

IDS

B.

Antivirus

C.

Firewall

D.

Application

Question 9

Which of the following activities is the first stage in the incident response process?

Options:

A.

Detection

B.

Declaration

C.

Containment

D.

Vacation

Question 10

An organization has recently decided to implement SSO. The requirements are to leverage access tokens and focus on application authorization rather than user authentication. Which of the following solutions would the engineering team most likely configure?

Options:

A.

LDAP

B.

Federation

C.

SAML

D.

OAuth

Question 11

A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?

Options:

A.

Data masking

B.

Encryption

C.

Geolocation policy

D.

Data sovereignty regulation

Question 12

An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?

Options:

A.

Secured zones

B.

Subject role

C.

Adaptive identity

D.

Threat scope reduction

Question 13

A network administrator wants to ensure that network traffic is highly secure while in transit. Which of the following actions best describes the actions the network administrator should take?

Options:

A.

Ensure that NAC is enforced on all network segments, and confirm that firewalls have updated policies to block unauthorized traffic.

B.

Ensure only TLS and other encrypted protocols are selected for use on the network, and only permit authorized traffic via secure protocols.

C.

Configure the perimeter IPS to block inbound HTTPS directory traversal traffic, and verify that signatures are updated on a daily basis.

D.

Ensure the EDR software monitors for unauthorized applications that could be used by threat actors, and configure alerts for the security team.

Question 14

During a security incident, the security operations team identified sustained network traffic from a malicious IP address:

10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization’s network. Which of the following fulfills this request?

Options:

A.

access-list inbound deny ig source 0.0.0.0/0 destination 10.1.4.9/32

B.

access-list inbound deny ig source 10.1.4.9/32 destination 0.0.0.0/0

C.

access-list inbound permit ig source 10.1.4.9/32 destination 0.0.0.0/0

D.

access-list inbound permit ig source 0.0.0.0/0 destination 10.1.4.9/32

Question 15

The security team at a large global company needs to reduce the cost of storing data used for performing investigations. Which of the following types of data should have its retention length reduced?

Options:

A.

Packet capture

B.

Endpoint logs

C.

OS security logs

D.

Vulnerability scan

Question 16

A bank set up a new server that contains customers' Pll. Which of the following should the bank use to make sure the sensitive data is not modified?

Options:

A.

Full disk encryption

B.

Network access control

C.

File integrity monitoring

D.

User behavior analytics

Question 17

Various stakeholders are meeting to discuss their hypothetical roles and responsibilities in a specific situation, such as a security incident or major disaster. Which of the following best describes this meeting?

Options:

A.

Penetration test

B.

Continuity of operations planning

C.

Tabletop exercise

D.

Simulation

Question 18

A security analyst receives an alert that there was an attempt to download known malware. Which of the following actions would allow the best chance to analyze the malware?

Options:

A.

Review the IPS logs and determine which command-and-control IPs were blocked.

B.

Analyze application logs to see how the malware attempted to maintain persistence.

C.

Run vulnerability scans to check for systems and applications that are vulnerable to the malware.

D.

Obtain and execute the malware in a sandbox environment and perform packet captures.

Question 19

An administrator notices that several users are logging in from suspicious IP addresses. After speaking with the users, the administrator determines that the employees were not logging in from those IP addresses and resets the affected users’ passwords. Which of the following should the administrator implement to prevent this type of attack from succeeding in the future?

Options:

A.

Multifactor authentication

B.

Permissions assignment

C.

Access management

D.

Password complexity

Question 20

A security analyst learns that an attack vector, used as part of a recent incident, was a well-known IoT device exploit. The analyst needs to review logs to identify the time of the initial exploit. Which of the following logs should the analyst review first?

Options:

A.

Endpoint

B.

Application

C.

Firewall

D.

NAC

Question 21

The management team notices that new accounts that are set up manually do not always have correct access or permissions.

Which of the following automation techniques should a systems administrator use to streamline account creation?

Options:

A.

Guard rail script

B.

Ticketing workflow

C.

Escalation script

D.

User provisioning script

Question 22

Which of the following cryptographic solutions protects data at rest?

Options:

A.

Digital signatures

B.

Full disk encryption

C.

Private key

D.

Steganography

Question 23

An organization plans to expand its operations internationally and needs to keep data at the new location secure. The organization wants to use the most secure architecture model possible. Which of the following models offers the highest level of security?

Options:

A.

Cloud-based

B.

Peer-to-peer

C.

On-premises

D.

Hybrid

Question 24

Which of the following cryptographic methods is preferred for securing communications with limited computing resources?

Options:

A.

Hashing algorithm

B.

Public key infrastructure

C.

Symmetric encryption

D.

Elliptic curve cryptography

Question 25

An employee emailed a new systems administrator a malicious web link and convinced the administrator to change the email server's password. The employee used this access to remove the mailboxes of key personnel. Which of the following security awareness concepts would help prevent this threat in the future?

Options:

A.

Recognizing phishing

B.

Providing situational awareness training

C.

Using password management

D.

Reviewing email policies

Question 26

Which of the following threat actors would most likely deface the website of a high-profile music group?

Options:

A.

Unskilled attacker

B.

Organized crime

C.

Nation-state

D.

Insider threat

Question 27

A company plans to secure its systems by:

Preventing users from sending sensitive data over corporate email

Restricting access to potentially harmful websites

Which of the following features should the company set up? (Select two).

Options:

A.

DLP software

B.

DNS filtering

C.

File integrity monitoring

D.

Stateful firewall

Question 28

An organization is developing a security program that conveys the responsibilities associated with the general operation of systems and software within the organization. Which of the following documents would most likely communicate these expectations?

Options:

A.

Business continuity plan

B.

Change management procedure

C.

Acceptable use policy

D.

Software development life cycle policy

Question 29

For which of the following reasons would a systems administrator leverage a 3DES hash from an installer file that is posted on a vendor's website?

Options:

A.

To test the integrity of the file

B.

To validate the authenticity of the file

C.

To activate the license for the file

D.

To calculate the checksum of the file

Question 30

Which of the following security concepts is accomplished with the installation of a RADIUS server?

Options:

A.

CIA

B.

AA

C.

ACL

D.

PEM

Question 31

Several customers want an organization to verify its security controls are operating effectively and have requested an independent opinion. Which of the following is the most efficient way to address these requests?

Options:

A.

Hire a vendor to perform a penetration test.

B.

Perform an annual self-assessment.

C.

Allow each client the right to audit.

D.

Provide a third-party attestation report.

Question 32

A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks.

SIEM alerts have not yet been configured. Which of the following best describes what the security analyst should do to identify this behavior?

Options:

A.

[Digital forensics

B.

E-discovery

C.

Incident response

D.

Threat hunting

Question 33

A company identified the potential for malicious insiders to harm the organization. Which of the following measures should the organization implement to reduce this risk?

Options:

A.

Unified threat management

B.

Web application firewall

C.

User behavior analytics

D.

Intrusion detection system

Question 34

Which of the following should a security operations center use to improve its incident response procedure?

Options:

A.

Playbooks

B.

Frameworks

C.

Baselines

D.

Benchmarks

Question 35

An organization issued new laptops to all employees and wants to provide web filtering both in and out of the office without configuring additional access to the network. Which of the following types of web filtering should a systems administrator configure?

Options:

A.

Agent-based

B.

Centralized proxy

C.

URL scanning

D.

Content categorization

Question 36

Which of the following phases of the incident response process attempts to minimize disruption?

Options:

A.

Recovery

B.

Containment

C.

Preparation

D.

Analysis

Question 37

Which of the following activities is included in the post-incident review phase?

Options:

A.

Determining the root cause of the incident

B.

Developing steps to mitigate the risks of the incident

C.

Validating the accuracy of the evidence collected during the investigation

D.

Reestablishing the compromised system's configuration and settings

Question 38

A company is working with a vendor to perform a penetration test Which of the following includes an estimate about the number of hours required to complete the engagement?

Options:

A.

SOW

B.

BPA

C.

SLA

D.

NDA

Question 39

A user would like to install software and features that are not available with a smartphone's default software. Which of the following would allow the user to install unauthorized software and enable new features?

Options:

A.

SOU

B.

Cross-site scripting

C.

Jailbreaking

D.

Side loading

Question 40

An administrator discovers that some files on a database server were recently encrypted. The administrator sees from the security logs that the data was last accessed by a domain user. Which of the following best describes the type of attack that occurred?

Options:

A.

Insider threat

B.

Social engineering

C.

Watering-hole

D.

Unauthorized attacker

Question 41

In a rush to meet an end-of-year business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective. Which of the following best describes the security engineer's response?

Options:

A.

Risk tolerance

B.

Risk acceptance

C.

Risk importance

D.

Risk appetite

Question 42

A security analyst is creating base for the server team to follow when hardening new devices for deployment. Which of the following beet describes what the analyst is creating?

Options:

A.

Change management procedure

B.

Information security policy

C.

Cybersecurity framework

D.

Secure configuration guide

Question 43

A company is considering an expansion of access controls for an application that contractors and internal employees use to reduce costs. Which of the following risk elements should the implementation team understand before granting access to the application?

Options:

A.

Threshold

B.

Appetite

C.

Avoidance

D.

Register

Question 44

Which of the following should an organization focus on the most when making decisions about vulnerability prioritization?

Options:

A.

Exposure factor

B.

CVSS

C.

CVE

D.

Industry impact

Question 45

A systems administrator receives the following alert from a file integrity monitoring tool:

The hash of the cmd.exe file has changed.

The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?

Options:

A.

The end user changed the file permissions.

B.

A cryptographic collision was detected.

C.

A snapshot of the file system was taken.

D.

A rootkit was deployed.

Question 46

Which of the following security control types does an acceptable use policy best represent?

Options:

A.

Detective

B.

Compensating

C.

Corrective

D.

Preventive

Question 47

A security analyst is investigating an application server and discovers that software on the server is behaving abnormally. The software normally runs batch jobs locally and does not generate traffic, but the process is now generating outbound traffic over random high ports. Which of the following vulnerabilities has likely been exploited in this software?

Options:

A.

Memory injection

B.

Race condition

C.

Side loading

D.

SQL injection

Question 48

An attacker submits a request containing unexpected characters in an attempt to gain unauthorized access to information within the underlying systems. Which of the following best describes this attack?

Options:

A.

Side loading

B.

Target of evaluation

C.

Resource reuse

D.

SQL injection

Question 49

Which of the following actions must an organization take to comply with a person's request for the right to be forgotten?

Options:

A.

Purge all personally identifiable attributes.

B.

Encrypt all of the data.

C.

Remove all of the person’s data.

D.

Obfuscate all of the person’s data.

Question 50

Which of the following control types is AUP an example of?

Options:

A.

Physical

B.

Managerial

C.

Technical

D.

Operational

Question 51

Which of the following best describes why me SMS DIP authentication method is more risky to implement than the TOTP method?

Options:

A.

The SMS OTP method requires an end user to have an active mobile telephone service and SIM card.

B.

Generally. SMS OTP codes are valid for up to 15 minutes while the TOTP time frame is 30 to 60 seconds

C.

The SMS OTP is more likely to be intercepted and lead to unauthorized disclosure of the code than the TOTP method.

D.

The algorithm used to generate on SMS OTP code is weaker than the one used to generate a TOTP code

Question 52

Which of the following actions best addresses a vulnerability found on a company's web server?

Options:

A.

Patching

B.

Segmentation

C.

Decommissioning

D.

Monitoring

Question 53

A security operations center determines that the malicious activity detected on a server is normal. Which of the following activities describes the act of ignoring detected activity in the future?

Options:

A.

Tuning

B.

Aggregating

C.

Quarantining

D.

Archiving

Question 54

A systems administrator is working on a solution with the following requirements:

• Provide a secure zone.

• Enforce a company-wide access control policy.

• Reduce the scope of threats.

Which of the following is the systems administrator setting up?

Options:

A.

Zero Trust

B.

AAA

C.

Non-repudiation

D.

CIA

Question 55

Visitors to a secured facility are required to check in with a photo ID and enter the facility through an access control vestibule Which of the following but describes this form of security control?

Options:

A.

Physical

B.

Managerial

C.

Technical

D.

Operational

Question 56

Which of the following data protection strategies can be used to confirm file integrity?

Options:

A.

Masking

B.

Encryption

C.

Hashing

D.

Obfuscation

Question 57

A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?

Options:

A.

Logging all NetFlow traffic into a SIEM

B.

Deploying network traffic sensors on the same subnet as the servers

C.

Logging endpoint and OS-specific security logs

D.

Enabling full packet capture for traffic entering and exiting the servers

Question 58

A certificate authority needs to post information about expired certificates. Which of the following would accomplish this task?

Options:

A.

TPM

B.

CRL

C.

PKI

D.

CSR

Question 59

An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic. Which of the following will help achieve these objectives?

Options:

A.

Deploying a SASE solution to remote employees

B.

Building a load-balanced VPN solution with redundant internet

C.

Purchasing a low-cost SD-WAN solution for VPN traffic

D.

Using a cloud provider to create additional VPN concentrators

Question 60

Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?

Options:

A.

Mitigate

B.

Accept

C.

Transfer

D.

Avoid

Question 61

A company wants to reduce the time and expense associated with code deployment. Which of the following technologies should the company utilize?

Options:

A.

Serverless architecture

B.

Thin clients

C.

Private cloud

D.

Virtual machines

Question 62

A customer has a contract with a CSP and wants to identify which controls should be implemented in the IaaS enclave. Which of the following is most likely to contain this information?

Options:

A.

Statement of work

B.

Responsibility matrix

C.

Service-level agreement

D.

Master service agreement

Question 63

A systems administrator needs to encrypt all data on employee laptops. Which of the following encryption levels should be implemented?

Options:

A.

Volume

B.

Partition

C.

Full disk

D.

File

Question 64

Which of the following allows a systems administrator to tune permissions for a file?

Options:

A.

Patching

B.

Access control list

C.

Configuration enforcement

D.

Least privilege

Question 65

Which of the following is used to protect a computer from viruses, malware, and Trojans being installed and moving laterally across the network?

Options:

A.

IDS

B.

ACL

C.

EDR

D.

NAC

Question 66

A security analyst is reviewing the following logs about a suspicious activity alert for a user's VPN log-ins. Which of the following malicious activity indicators triggered the alert?

Log Summary:

User logs in fromChicago, ILmultiple times, then suddenly a successful login appears fromRome, Italy, followed again by Chicago logins — all within ashort time span.

Options:

A.

Impossible travel

B.

Account lockout

C.

Blocked content

D.

Concurrent session usage

Question 67

A security analyst wants to automate a task that shares data between systems. Which of the following is the best option for the analyst to use?

Options:

A.

SOAR

B.

API

C.

SFTP

D.

RDP

Question 68

The Chief Information Security Officer wants to discuss options for a disaster recovery site that allows the business to resume operations as quickly as possible. Which of the following solutions meets this requirement?

Options:

A.

Hot site

B.

Cold site

C.

Geographic dispersion

D.

Warm site

Question 69

Which of the following is an algorithm performed to verify that data has not been modified?

Options:

A.

Hash

B.

Code check

C.

Encryption

D.

Checksum

Question 70

Which of the following is the best way to prevent an unauthorized user from plugging a laptop into an employee's phone network port and then using tools to scan for database servers?

Options:

A.

MAC filtering

B.

Segmentation

C.

Certification

D.

Isolation

Question 71

A company must ensure sensitive data at rest is rendered unreadable. Which of the following will the company most likely use?

Options:

A.

Hashing

B.

Tokenization

C.

Encryption

D.

Segmentation

Question 72

An organization would like to calculate the time needed to resolve a hardware issue with a server. Which of the following risk management processes describes this example?

Options:

A.

Recovery point objective

B.

Mean time between failures

C.

Recovery time objective

D.

Mean time to repair  

Question 73

Which of the following best describe why a process would require a two-person integrity security control?

Options:

A.

To Increase the chance that the activity will be completed in half of the time the process would take only one user to complete

B.

To permit two users from another department to observe the activity that is being performed by an authorized user

C.

To reduce the risk that the procedures are performed incorrectly or by an unauthorized user

D.

To allow one person to perform the activity while being recorded on the CCTV camera

Question 74

An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC’s memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?

Options:

A.

Privilege escalation

B.

Buffer overflow

C.

SQL injection

D.

Pass-the-hash

Question 75

A security administrator is addressing an issue with a legacy system that communicates data using an unencrypted protocol to transfer sensitive data to a third party. No software updates that use an encrypted protocol are available, so a compensating control is needed. Which of the following are the most appropriate for the administrator to suggest? (Select two.)

Options:

A.

Tokenization

B.

Cryptographic downgrade

C.

SSH tunneling

D.

Segmentation

E.

Patch installation

F.

Data masking

Question 76

An attorney prints confidential documents to a copier in an office space near multiple workstations and a reception desk. When the attorney goes to the copier to retrieve the documents, the documents are missing. Which of the following would best prevent this from reoccurring?

Options:

A.

Place the copier in the legal department.

B.

Configure DLP on the attorney's workstation.

C.

Set up LDAP authentication on the printer.

D.

Conduct a physical penetration test.

Question 77

Which of the following is a common source of unintentional corporate credential leakage in cloud environments?

Options:

A.

Code repositories

B.

Dark web

C.

Threat feeds

D.

State actors

E.

Vulnerability databases

Question 78

A company is changing its mobile device policy. The company has the following requirements:

Company-owned devices

Ability to harden the devices

Reduced security risk

Compatibility with company resources

Which of the following would best meet these requirements?

Options:

A.

BYOD

B.

CYOD

C.

COPE

D.

COBO

Question 79

An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a “page not found” error message. Which of the following types of social engineering attacks occurred?

Options:

A.

Brand impersonation

B.

Pretexting

C.

Typosquatting

D.

Phishing

Question 80

An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?

Options:

A.

ACL

B.

DLP

C.

IDS

D.

IPS

Question 81

Which of the following would enable a data center to remain operational through a multiday power outage?

Options:

A.

Generator

B.

Uninterruptible power supply

C.

Replication

D.

Parallel processing

Question 82

A company's marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for securing the data while in transit and at rest. Which of the following data roles describes the customer?

Options:

A.

Processor

B.

Custodian

C.

Subject

D.

Owner

Question 83

Which of the following is the most relevant reason a DPO would develop a data inventory?

Options:

A.

To manage data storage requirements better

B.

To determine the impact in the event of a breach

C.

To extend the length of time data can be retained

D.

To automate the reduction of duplicated data

Question 84

A security analyst receives an alert from a corporate endpoint used by employees to issue visitor badges. The alert contains the following details:

Which of the following best describes the indicator that triggered the alert?

Options:

A.

Blocked content

B.

Brute-force attack

C.

Concurrent session usage

D.

Account lockout

Question 85

A company wants to get alerts when others are researching and doing reconnaissance on the company One approach would be to host a part of the Infrastructure online with known vulnerabilities that would appear to be company assets. Which of the following describes this approach?

Options:

A.

Watering hole

B.

Bug bounty

C.

DNS sinkhole

D.

Honeypot

Question 86

A company is currently utilizing usernames and passwords, and it wants to integrate an MFA method that is seamless, can Integrate easily into a user's workflow, and can utilize employee-owned devices. Which of the following will meet these requirements?

Options:

A.

Push notifications

B.

Phone call

C.

Smart card

D.

Offline backup codes

Question 87

An organization is looking to optimize its environment and reduce the number of patches necessary for operating systems. Which of the following will best help to achieve this objective?

Options:

A.

Microservices

B.

Virtualization

C.

Real-time operating system

D.

Containers

Question 88

Which of the following would be the best ways to ensure only authorized personnel can access a secure facility? (Select two).

Options:

A.

Fencing

B.

Video surveillance

C.

Badge access

D.

Access control vestibule

E.

Sign-in sheet

F.

Sensor

Question 89

A security audit of an organization revealed that most of the IT staff members have domain administrator credentials and do not change the passwords regularly. Which of the following solutions should the security learn propose to resolve the findings in the most complete way?

Options:

A.

Creating group policies to enforce password rotation on domain administrator credentials

B.

Reviewing the domain administrator group, removing all unnecessary administrators, and rotating all passwords

C.

Integrating the domain administrator's group with an IdP and requiring SSO with MFA for all access

D.

Securing domain administrator credentials in a PAM vault and controlling access with role-based access control

Question 90

An enterprise security team is researching a new security architecture to better protect the company's networks and applications against the latest cyberthreats. The company has a fully remote workforce. The solution should be highly redundant and enable users to connect to a VPN with an integrated, software-based firewall. Which of the following solutions meets these requirements?

Options:

A.

IPS

B.

SIEM

C.

SASE

D.

CASB

Question 91

Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked.

Which of the following changes would allow users to access the site?

Options:

A.

Creating a firewall rule to allow HTTPS traffic

B.

Configuring the IPS to allow shopping

C.

Tuning the DLP rule that detects credit card data

D.

Updating the categorization in the content filter

Question 92

A systems administrator needs to ensure the secure communication of sensitive data within the organization's private cloud. Which of the following is the best choice for the administrator to implement?

Options:

A.

IPSec

B.

SHA-1

C.

RSA

D.

TGT

Question 93

While investigating a possible incident, a security analyst discovers the following log entries:

67.118.34.157 ----- [28/Jul/2022:10:26:59 -0300] "GET /query.php?q-wireless%20headphones / HTTP/1.0" 200 12737

132.18.222.103 ----[28/Jul/2022:10:27:10 -0300] "GET /query.php?q=123 INSERT INTO users VALUES('temp', 'pass123')# / HTTP/1.0" 200 935

12.45.101.121 ----- [28/Jul/2022:10:27:22 -0300] "GET /query.php?q=mp3%20players I HTTP/1.0" 200 14650

Which of the following should the analyst do first?

Options:

A.

Implement a WAF

B.

Disable the query .php script

C.

Block brute-force attempts on temporary users

D.

Check the users table for new accounts

Question 94

A systems administrator is changing the password policy within an enterprise environment and wants this update implemented on all systems as quickly as possible. Which of the following operating system security measures will the administrator most likely use?

Options:

A.

Deploying PowerShell scripts

B.

Pushing GPO update

C.

Enabling PAP

D.

Updating EDR profiles

Question 95

Cadets speaking a foreign language are using company phone numbers to make unsolicited phone calls lo a partner organization. A security analyst validates through phone system logs that the calls are occurring and the numbers are not being spoofed. Which of the following is the most likely explanation?

Options:

A.

The executive team is traveling internationally and trying to avoid roaming charges

B.

The company's SIP server security settings are weak.

C.

Disgruntled employees are making calls to the partner organization.

D.

The service provider has assigned multiple companies the same numbers

Question 96

A university employee logged on to the academic server and attempted to guess the system administrators' log-in credentials. Which of the following security measures should the university have implemented to detect the employee's attempts to gain access to the administrators' accounts?

Options:

A.

Two-factor authentication

B.

Firewall

C.

Intrusion prevention system

D.

User activity logs

Question 97

An organization implemented cloud-managed IP cameras to monitor building entry points and sensitive areas. The service provider enables direct TCP/IP connection to stream live video footage from each camera. The organization wants to ensure this stream is encrypted and authenticated. Which of the following protocols should be implemented to best meet this objective?

Options:

A.

SSH

B.

SRTP

C.

S/MIME

D.

PPTP

Question 98

After reviewing the following vulnerability scanning report:

Server:192.168.14.6

Service: Telnet

Port: 23 Protocol: TCP

Status: Open Severity: High

Vulnerability: Use of an insecure network protocol

A security analyst performs the following test:

nmap -p 23 192.168.14.6 —script telnet-encryption

PORT STATE SERVICE REASON

23/tcp open telnet syn-ack

I telnet encryption:

| _ Telnet server supports encryption

Which of the following would the security analyst conclude for this reported vulnerability?

Options:

A.

It is a false positive.

B.

A rescan is required.

C.

It is considered noise.

D.

Compensating controls exist.

Question 99

Which of the following environments utilizes a subset of customer data and is most likely to be used to assess the impacts of major system upgrades and demonstrate system features?

Options:

A.

Development

B.

Test

C.

Production

D.

Staging

Question 100

Which of the following security measures is required when using a cloud-based platform for loT management?

Options:

A.

Encrypted connection

B.

Federated identity

C.

Firewall

D.

Single sign-on

Question 101

A spoofed identity was detected for a digital certificate. Which of the following are the type of unidentified key and the certificate mat could be in use on the company domain?

Options:

A.

Private key and root certificate

B.

Public key and expired certificate

C.

Private key and self-signed certificate

D.

Public key and wildcard certificate

Question 102

The security operations center is researching an event concerning a suspicious IP address A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced faded log-In attempts when authenticating from the same IP address:

Question # 102

Which of the following most likely describes attack that took place?

Options:

A.

Spraying

B.

Brute-force

C.

Dictionary

D.

Rainbow table

Question 103

A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

Options:

A.

Testing input validation on the user input fields

B.

Performing code signing on company-developed software

C.

Performing static code analysis on the software

D.

Ensuring secure cookies are use

Question 104

A security administrator is reissuing a former employee's laptop. Which of the following is the best combination of data handling activities for the administrator to perform? (Select two).

Options:

A.

Data retention

B.

Certification

C.

Tokenization

D.

Classification

E.

Sanitization

F.

Enumeration

Question 105

During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?

Options:

A.

Analysis

B.

Lessons learned

C.

Detection

D.

Containment

Question 106

A security professional discovers a folder containing an employee's personal information on the enterprise's shared drive. Which of the following best describes the data type the securityprofessional should use to identify organizational policies and standards concerning the storage of employees' personal information?

Options:

A.

Legal

B.

Financial

C.

Privacy

D.

Intellectual property

Question 107

A company's online shopping website became unusable shortly after midnight on January 30, 2023. When a security analyst reviewed the database server, the analyst noticed the following code used for backing up data:

Which of the following should the analyst do next?

Options:

A.

Check for recently terminated DBAs.

B.

Review WAF logs for evidence of command injection.

C.

Scan the database server for malware.

D.

Search the web server for ransomware notes.

Question 108

Which of the following is most likely associated with introducing vulnerabilities on a corporate network by the deployment of unapproved software?

Options:

A.

Hacktivists

B.

Script kiddies

C.

Competitors

D.

Shadow IT

Question 109

A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies.

Which of the following is the most important consideration during development?

Options:

A.

Scalability

B.

Availability

C.

Cost

D.

Ease of deployment

Question 110

Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

Options:

A.

Compensating control

B.

Network segmentation

C.

Transfer of risk

D.

SNMP traps

Question 111

Which of the following best describe the benefits of a microservices architecture when compared to a monolithic architecture? (Select two).

Options:

A.

Easter debugging of the system

B.

Reduced cost of ownership of the system

C.

Improved scalability of the system

D.

Increased compartmentalization of the system

E.

Stronger authentication of the system

F.

Reduced complexity of the system

Question 112

An administrator is installing an SSL certificate on a new system. During testing, errors indicate that the certificate is not trusted. The administrator has verified with the issuing CA and has validated the private key. Which of the following should the administrator check for next?

Options:

A.

If the wildcard certificate is configured

B.

If the certificate signing request is valid

C.

If the root certificate is installed

D.

If the public key is configured

Question 113

A business uses Wi-Fi with content filleting enabled. An employee noticed a coworker accessed a blocked sue from a work computer and repotted the issue. While Investigating the issue, a security administrator found another device providing internet access to certain employees. Which of the following best describes the security risk?

Options:

A.

The host-based security agent Is not running on all computers.

B.

A rogue access point Is allowing users to bypass controls.

C.

Employees who have certain credentials are using a hidden SSID.

D.

A valid access point is being jammed to limit availability.

Question 114

A company is aware of a given security risk related to a specific market segment. The business chooses not to accept responsibility and target their services to a different market segment. Which of the following describes this risk management strategy?

Options:

A.

Exemption

B.

Exception

C.

Avoid

D.

Transfer

Question 115

Which of the following should an organization use to protect its environment from external attacks conducted by an unauthorized hacker?

Options:

A.

ACL

B.

IDS

C.

HIDS

D.

NIPS

Question 116

A company is implementing a policy to allow employees to use their personal equipment for work. However, the company wants to ensure that only company-approved applications can be installed. Which of the following addresses this concern?

Options:

A.

MDM

B.

Containerization

C.

DLP

D.

FIM

Question 117

Which of the following is the stage in an investigation when forensic images are obtained?

Options:

A.

Acquisition

B.

Preservation

C.

Reporting

D.

E-discovery

Question 118

A vendor needs to remotely and securely transfer files from one server to another using the command line. Which of the following protocols should be Implemented to allow for this type of access? (Select two).

Options:

A.

SSH

B.

SNMP

C.

RDP

D.

S/MIME

E.

SMTP

F.

SFTP

Question 119

Which of the following strategies should an organization use to efficiently manage and analyze multiple types of logs?

Options:

A.

Deploy a SIEM solution

B.

Create custom scripts to aggregate and analyze logs

C.

Implement EDR technology

D.

Install a unified threat management appliance

Question 120

An administrator has identified and fingerprinted specific files that will generate an alert if an attempt is made to email these files outside of the organization. Which of the following best describes the tool the administrator is using?

Options:

A.

DLP

B.

SNMP traps

C.

SCAP

D.

IPS

Question 121

Which of the following best explains a concern with OS-based vulnerabilities?

Options:

A.

An exploit would give an attacker access to system functions that span multiple applications.

B.

The OS vendor's patch cycle is not frequent enough to mitigate the large number of threats.

C.

Most users trust the core operating system features and may not notice if the system has been compromised.

D.

Exploitation of an operating system vulnerability is typically easier than any other vulnerability.

Question 122

An organization wants to improve the company's security authentication method for remote employees. Given the following requirements:

• Must work across SaaS and internal network applications

• Must be device manufacturer agnostic

• Must have offline capabilities

Which of the following would be the most appropriate authentication method?

Options:

A.

Username and password

B.

Biometrics

C.

SMS verification

D.

Time-based tokens

Question 123

A company wants to ensure secure remote access to its internal network. The company has only one public IP and would like to avoid making any changes to the current network setup. Which of the following solutions would best accomplish this goal?

Options:

A.

PAT

B.

IPSec VPN

C.

Perimeter network

D.

Reverse proxy

Question 124

A security report shows that during a two-week test period. 80% of employees unwittingly disclosed their SSO credentials when accessing an external website. The organization purposelycreated the website to simulate a cost-free password complexity test. Which of the following would best help reduce the number of visits to similar websites in the future?

Options:

A.

Block all outbound traffic from the intranet.

B.

Introduce a campaign to recognize phishing attempts.

C.

Restrict internet access for the employees who disclosed credentials.

D.

Implement a deny list of websites.

Question 125

A company processes and stores sensitive data on its own systems. Which of the following steps should the company take first to ensure compliance with privacy regulations?

Options:

A.

Implement access controls and encryption.

B.

Develop and provide training on data protection policies.

C.

Create incident response and disaster recovery plans.

D.

Purchase and install security software.

Question 126

A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings indicated that a web application form field is vulnerable to cross-site scripting. Which of the following application security techniques should the security analyst recommend the developer implement to prevent this vulnerability?

Options:

A.

Secure cookies

B.

Version control

C.

Input validation

D.

Code signing

Question 127

Which of the following best describe a penetration test that resembles an actual external attach?

Options:

A.

Known environment

B.

Partially known environment

C.

Bug bounty

D.

Unknown environment

Question 128

A company is using a legacy FTP server to transfer financial data to a third party. The legacy system does not support SFTP, so a compensating control is needed to protect the sensitive, financial data in transit. Which of the following would be the most appropriate for the company to use?

Options:

A.

Telnet connection

B.

SSH tunneling

C.

Patch installation

D.

Full disk encryption

Question 129

Which of the following teams combines both offensive and defensive testing techniques to protect an organization's critical systems?

Options:

A.

Red

B.

Blue

C.

Purple

D.

Yellow

Question 130

After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?

Options:

A.

Insider threat

B.

Email phishing

C.

Social engineering

D.

Executive whaling

Question 131

Which of the following would be the best way to handle a critical business application that is running on a legacy server?

Options:

A.

Segmentation

B.

Isolation

C.

Hardening

D.

Decommissioning

Question 132

A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?

Options:

A.

A worm is propagating across the network.

B.

Data is being exfiltrated.

C.

A logic bomb is deleting data.

D.

Ransomware is encrypting files.

Question 133

An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?

Options:

A.

Exception

B.

Segmentation

C.

Risk transfer

D.

Compensating controls

Question 134

A systems administrate wants to implement a backup solution. the solution needs to allow recovery of the entire system, including the operating system, in case of a disaster. Which of the following backup types should the administrator consider?

Options:

A.

Incremental

B.

Storage area network

C.

Differential

D.

Image

Question 135

Which of the following is the best way to provide secure remote access for employees while minimizing the exposure of a company's internal network?

Options:

A.

VPN

B.

LDAP

C.

FTP

D.

RADIUS

Question 136

A hacker gained access to a system via a phishing attempt that was a direct result of a user clicking a suspicious link. The link laterally deployed ransomware, which laid dormant for multiple weeks, across the network. Which of the following would have mitigated the spread?

Options:

A.

IPS

B.

IDS

C.

WAF

D.

UAT

Question 137

A client demands at least 99.99% uptime from a service provider's hosted security services. Which of the following documents includes the information the service provider should return to the client?

Options:

A.

MOA

B.

SOW

C.

MOU

D.

SLA

Question 138

The Cruel Information Security Officer (CISO) asks a security analyst to install an OS update to a production VM that has a 99% uptime SLA. The CISO tells me analyst the installation must be done as quickly as possible. Which of the following courses of action should the security analyst take first?

Options:

A.

Log in to the server and perform a health check on the VM.

B.

Install the patch Immediately.

C.

Confirm that the backup service is running.

D.

Take a snapshot of the VM.

Question 139

Which of the following is prevented by proper data sanitization?

Options:

A.

Hackers' ability to obtain data from used hard drives

B.

Devices reaching end-of-life and losing support

C.

Disclosure of sensitive data through incorrect classification

D.

Incorrect inventory data leading to a laptop shortage

Question 140

A legal department must maintain a backup from all devices that have been shredded and recycled by a third party. Which of the following best describes this requirement?

Options:

A.

Data retention

B.

Certification

C.

Sanitation

D.

Destruction

Question 141

A security administrator recently reset local passwords and the following values were recorded in the system:

Question # 141

Which of the following in the security administrator most likely protecting against?

Options:

A.

Account sharing

B.

Weak password complexity

C.

Pass-the-hash attacks

D.

Password compromise

Question 142

A visitor plugs a laptop into a network jack in the lobby and is able to connect to the company's network. Which of the following should be configured on the existing network infrastructure to best prevent this activity?

Options:

A.

Port security

B.

Web application firewall

C.

Transport layer security

D.

Virtual private network

Question 143

A company's Chief Information Security Officer (CISO) wants to enhance the capabilities of the incident response team. The CISO directs the incident response team to deploy a tool that rapidlyanalyzes host and network data from potentially compromised systems and forwards the data for further review. Which of the following tools should the incident response team deploy?

Options:

A.

NAC

B.

IPS

C.

SIEM

D.

EDR

Question 144

Which of the following is used to quantitatively measure the criticality of a vulnerability?

Options:

A.

CVE

B.

CVSS

C.

CIA

D.

CERT

Question 145

A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?

Options:

A.

SSO

B.

LEAP

C.

MFA

D.

PEAP

Question 146

Which of the following describes the procedures a penetration tester must follow while conducting a test?

Options:

A.

Rules of engagement

B.

Rules of acceptance

C.

Rules of understanding

D.

Rules of execution

Question 147

An IT administrator needs to ensure data retention standards are implemented on an enterprise application. Which of the Mowing describes the administrator's role?

Options:

A.

Processor

B.

Custodian

C.

Privacy officer

D.

Owner

Question 148

Which of the following should be used to aggregate log data in order to create alerts and detect anomalous activity?

Options:

A.

SIEM

B.

WAF

C.

Network taps

D.

IDS

Question 149

While investigating a recent security breach an analyst finds that an attacker gained access by SOL infection through a company website. Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?

Options:

A.

Secure cookies

B.

Input sanitization

C.

Code signing

D.

Blocklist

Question 150

Which of the following types of vulnerabilities is primarily caused by improper use and management of cryptographic certificates?

Options:

A.

Misconfiguration

B.

Resource reuse

C.

Insecure key storage

D.

Weak cipher suites

Question 151

While reviewing logs, a security administrator identifies the following code:

Which of the following best describes the vulnerability being exploited?

Options:

A.

XSS

B.

SQLi

C.

DDoS

D.

CSRF

Question 152

A security analyst is reviewing the following logs:

Question # 152

Which of the following attacks is most likely occurring?

Options:

A.

Password spraying

B.

Account forgery

C.

Pass-t he-hash

D.

Brute-force

Question 153

Which of the following activities should a systems administrator perform to quarantine a potentially infected system?

Options:

A.

Move the device into an air-gapped environment.

B.

Disable remote log-in through Group Policy.

C.

Convert the device into a sandbox.

D.

Remote wipe the device using the MDM platform.

Question 154

During a recent log review, an analyst discovers evidence of successful injection attacks. Which of the following will best address this issue?

Options:

A.

Authentication

B.

Secure cookies

C.

Static code analysis

D.

Input validation

Question 155

While considering the organization's cloud-adoption strategy, the Chief Information Security Officer sets a goal to outsource patching of firmware, operating systems, and applications to the chosen cloud vendor. Which of the following best meets this goal?

Options:

A.

Community cloud

B.

PaaS

C.

Containerization

D.

Private cloud

E.

SaaS

F.

laaS

Question 156

A penetration test has demonstrated that domain administrator accounts were vulnerable to pass-the-hash attacks. Which of the following would have been the best strategy to prevent the threat actor from using domain administrator accounts?

Options:

A.

Audit each domain administrator account weekly for password compliance.

B.

Implement a privileged access management solution.

C.

Create IDS policies to monitor domain controller access.

D.

Use Group Policy to enforce password expiration.

Question 157

An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.

Which of the following best describes the user’s activity?

Options:

A.

Penetration testing

B.

Phishing campaign

C.

External audit

D.

Insider threat

Page: 1 / 52
Total 518 questions