Black Friday Goodies - 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: av54zq84

Exact2Pass Menu

Question # 4

A network manager is concerned that business may be negatively impacted if the firewall in its datacenter goes offline. The manager would like to Implement a high availability pair to:

A.

decrease the mean ne between failures

B.

remove the single point of failure

C.

cut down the mean tine to repair

D.

reduce the recovery time objective

Full Access
Question # 5

A SOC is implementing an in sider-threat-detection program. The primary concern is that users may be accessing confidential data without authorization. Which of the following should be deployed to detect a potential insider threat?

A.

A honeyfile

B.

ADMZ

C.

DLP

D.

File integrity monitoring

Full Access
Question # 6

While reviewing pcap data, a network security analyst is able to locate plaintext usernames and passwords being sent from workstations to network witches. Which of the following is the security analyst MOST likely observing?

A.

SNMP traps

B.

A Telnet session

C.

An SSH connection

D.

SFTP traffic

Full Access
Question # 7

A external forensics investigator has been hired to investigate a data breach at a large enterprise with numerous assets. It is known that the breach started in the DMZ and moved to the sensitive information, generating multiple logs as the attacker traversed through the network. Which of the following will BEST assist with this investigation?

A.

Perform a vulnerability scan to identity the weak spots.

B.

Use a packet analyzer to Investigate the NetFlow traffic.

C.

Check the SIEM to review the correlated logs.

D.

Require access to the routers to view current sessions.

Full Access
Question # 8

Accompany deployed a WiFi access point in a public area and wants to harden the configuration to make it more secure. After performing an assessment, an analyst identifies that the access point is

configured to use WPA3, AES, WPS, and RADIUS. Which of the following should the analyst disable to enhance the access point security?

A.

WPA3

B.

AES

C.

RADIUS

D.

WPS

Full Access
Question # 9

Joe. a security analyst, recently performed a network discovery to fully understand his organization's electronic footprint from a "public" perspective. Joe ran a set of commands and received the following output:

Which of the following can be determined about the organization's public presence and security posture? (Select TWO).

A.

Joe used Who is to produce this output.

B.

Joe used cURL to produce this output.

C.

Joe used Wireshark to produce this output

D.

The organization has adequate information available in public registration.

E.

The organization has too much information available in public registration.

F.

The organization has too little information available in public registration

Full Access
Question # 10

A security analyst wants to verify that a client-server (non-web) application is sending encrypted traffic. Which of the following should the analyst use?

A.

openssl

B.

hping

C.

netcat

D.

tcpdump

Full Access
Question # 11

After a phishing scam for a user's credentials, the red team was able to craft a payload to deploy on a server. The attack allowed the installation of malicious software that initiates a new remote session. Which of the following types of attacks has occurred?

A.

Privilege escalation

B.

Session replay

C.

Application programming interface

D.

Directory traversalw

Full Access
Question # 12

Ann, a forensic analyst, needs to prove that the data she originally acquired has remained unchanged while in her custody. Which of the following should Ann use?

A.

Chain of custody

B.

Checksums

C.

Non-repudiation

D.

Legal hold

Full Access
Question # 13

Which of the following is the BEST reason to maintain a functional and effective asset management policy that aids in ensuring the security of an organization?

A.

To provide data to quantity risk based on the organization's systems.

B.

To keep all software and hardware fully patched for known vulnerabilities

C.

To only allow approved, organization-owned devices onto the business network

D.

To standardize by selecting one laptop model for all users in the organization

Full Access
Question # 14

An analyst is trying to identify insecure services that are running on the internal network After performing a port scan the analyst identifies that a server has some insecure services enabled on default ports Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them' (Select THREE)

A.

SFTP FTPS

B.

SNMPv2 SNMPv3

C.

HTTP, HTTPS

D.

TFTP FTP

E.

SNMPv1, SNMPv2

F.

Telnet SSH

G.

TLS, SSL

Full Access
Question # 15

Which of the following controls would BEST identify and report malicious insider activities?

A.

An intrusion detection system

B.

A proxy

C.

Audit trails

D.

Strong authentication

Full Access
Question # 16

Which of the following terms should be included in a contract to help a company monitor the ongoing security maturity of a new vendor?

A.

A right-to-audit clause allowing for annual security audits

B.

Requirements for event logs to be kept for a minimum of 30 days

C.

Integration of threat intelligence in the company's AV

D.

A data-breach clause requiring disclosure of significant data loss

Full Access
Question # 17

A company is setting up a web server on the Internet that will utilize both encrypted and unencrypted web-browsing protocols. A security engineer runs a port scan against the server from the Internet and sees the following output:

Which of the following steps would be best for the security engineer to take NEXT?

A.

Allow DNS access from the internet.

B.

Block SMTP access from the Internet

C.

Block HTTPS access from the Internet

D.

Block SSH access from the Internet.

Full Access
Question # 18

An end user reports a computer has been acting slower than normal for a few weeks, During an investigation, an analyst determines the system 3 sending the users email address and a ten-digit number ta an IP address once a day. The only resent log entry regarding the user's computer is the following:

Which of the following is the MOST likely cause of the issue?

A.

The end user purchased and installed 2 PUP from a web browser.

B.

4 bot on the computer is rule forcing passwords against a website.

C.

A hacker Is attempting to exfilltrated sensitive data.

D.

Ransomwere is communicating with a command-and-control server.

Full Access
Question # 19

A security analyst is investigating multiple hosts that are communicating to external IP addresses during the hours of 2:00 a.m - 4:00 am. The malware has evaded detection by traditional antivirus software. Which of the following types of malware is MOST likely infecting the hosts?

A.

A RAT

B.

Ransomware

C.

Polymophic

D.

A worm

Full Access
Question # 20

A company just developed a new web application for a government agency. The application must be assessed and authorized prior to being deployed. Which of the following is required to assess the vulnerabilities resident in the

application?

A.

Repository transaction logs

B.

Common Vulnerabilities and Exposures

C.

Static code analysis

D.

Non-credentialed scans

Full Access
Question # 21

Which of the following is the correct order of volatility from MOST to LEAST volatile?

A.

Memory, temporary filesystems, routing tables, disk, network storage

B.

Cache, memory, temporary filesystems, disk, archival media

C.

Memory, disk, temporary filesystems, cache, archival media

D.

Cache, disk, temporary filesystems, network storage, archival media

Full Access
Question # 22

A security administrator needs to inspect in-transit files on the enterprise network to search for Pll, credit card data, and classification words. Which of the following would be the BEST to use?

A.

IDS solution

B.

EDR solution

C.

HIPS software solution

D.

Network DLP solution

Full Access
Question # 23

Which of the following corporate policies is used to help prevent employee fraud and to detect system log modifications or other malicious activity based on tenure?

A.

Background checks

B.

Mandatory vacation

C.

Social media analysis

D.

Separation of duties

Full Access
Question # 24

A cybersecurity analyst needs to implement secure authentication to third-party websites without users’ passwords. Which of the following would be the BEST way to achieve this objective?

A.

OAuth

B.

SSO

C.

SAML

D.

PAP

Full Access
Question # 25

Which of the following is the purpose of a risk register?

A.

To define the level or risk using probability and likelihood

B.

To register the risk with the required regulatory agencies

C.

To identify the risk, the risk owner, and the risk measures

D.

To formally log the type of risk mitigation strategy the organization is using

Full Access
Question # 26

An analyst visits an internet forum looking for information about a tool. The analyst finds a threat that appears to contain relevant information. One of the posts says the following:

Which of the following BEST describes the attack that was attempted against the forum readers?

A.

SOU attack

B.

DLL attack

C.

XSS attack

D.

API attack

Full Access
Question # 27

A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process. Which of the following methods would BEST accomplish this goal?

A.

Salting the magnetic strip information

B.

Encrypting the credit card information in transit.

C.

Hashing the credit card numbers upon entry.

D.

Tokenizing the credit cards in the database

Full Access
Question # 28

Which of the following will MOST likely adversely impact the operations of unpatched traditional programmable-logic controllers, running a back-end LAMP server and OT systems with human-management interfaces that are accessible over the Internet via a web interface? (Choose two.)

A.

Cross-site scripting

B.

Data exfiltration

C.

Poor system logging

D.

Weak encryption

E.

SQL injection

F.

Server-side request forgery

Full Access
Question # 29

A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logon attempts to access the departed executive's accounts. Which of the following security practices would have addressed the issue?

A.

A non-disclosure agreement

B.

Least privilege

C.

An acceptable use policy

D.

Ofboarding

Full Access
Question # 30

A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company information on user devices. Which of the following solutions would BEST support the policy?

A.

Mobile device management

B.

Full-device encryption

C.

Remote wipe

D.

Biometrics

Full Access
Question # 31

A security administrator needs to create a RAIS configuration that is focused on high read speeds and fault tolerance. It is unlikely that multiple drivers will fail simultaneously. Which of the following RAID configurations should the administration use?

A.

RA1D 0

B.

RAID1

C.

RAID 5

D.

RAID 10

Full Access
Question # 32

Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts?

A.

DLP

B.

HIDS

C.

EDR

D.

NIPS

Full Access
Question # 33

An organization just experienced a major cyberattack modem. The attack was well coordinated sophisticated and highly skilled. Which of the following targeted the organization?

A.

Shadow IT

B.

An insider threat

C.

A hacktivist

D.

An advanced persistent threat

Full Access
Question # 34

A network administrator has been asked to install an IDS to improve the security posture of an organization. Which of the following control types is an IDS?

A.

Corrective

B.

Physical

C.

Detective

D.

Administrative

Full Access
Question # 35

A workwide manufacturing company has been experiencing email account compromised. In one incident, a user logged in from the corporate office in France, but then seconds later, the same user account attempted a login from Brazil. Which of the following account policies would BEST prevent this type of attack?

A.

Network location

B.

Impossible travel time

C.

Geolocation

D.

Geofencing

Full Access
Question # 36

An organization is concerned that is hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities?

A.

Hping3 –s comptia, org –p 80

B.

Nc -1 –v comptia, org –p 80

C.

nmp comptia, org –p 80 –aV

D.

nslookup –port=80 comtia.org

Full Access
Question # 37

A host was infected with malware. During the incident response, Joe, a user, reported that he did not receive any emails with links, but he had been browsing the Internet all day. Which of the following would MOST likely show where the malware originated?

A.

The DNS logs

B.

The web server logs

C.

The SIP traffic logs

D.

The SNMP logs

Full Access
Question # 38

The IT department at a university is concerned about professors placing servers on the university network in an attempt to bypass security controls. Which of the following BEST represents this type of threat?

A.

A script kiddie

B.

Shadow IT

C.

Hacktivism

D.

White-hat

Full Access
Question # 39

A company provides mobile devices to its users to permit access to email and enterprise applications. The company recently started allowing users to select from several different vendors and device models. When configuring the MDM, which of the following is a key security implication of this heterogeneous device approach?

A.

The most common set of MDM configurations will become the effective set of enterprise mobile security controls.

B.

All devices will need to support SCEP-based enrollment; therefore, the heterogeneity of the chosen architecture may unnecessarily expose private keys to adversaries.

C.

Certain devices are inherently less secure than others, so compensatory controls will be needed to address the delta between device vendors.

D.

MDMs typically will not support heterogeneous deployment environments, so multiple MDMs will need to be installed and configured.

Full Access
Question # 40

A startup company is using multiple SaaS and IaaS platform to stand up a corporate infrastructure and build out a customer-facing web application. Which of the following solutions would be BEST to provide security, manageability, and visibility into the platforms?

A.

SIEM

B.

DLP

C.

CASB

D.

SWG

Full Access
Question # 41

An organization suffered an outage and a critical system took 90 minutes to come back online. Though there was no data loss during the outage, the expectation was that the critical system would be available again within 60 minutes Which of the following is the 60-minute expectation an example of:

A.

MTBF

B.

RPO

C.

MTTR

D.

RTO

Full Access
Question # 42

Which of the following policies would help an organization identify and mitigate potential single points of failure in the company’s IT/security operations?

A.

Least privilege

B.

Awareness training

C.

Separation of duties

D.

Mandatory vacation

Full Access
Question # 43

Which of the following incident response steps involves actions to protect critical systems while maintaining business operations?

A.

Investigation

B.

Containment

C.

Recovery

D.

Lessons learned

Full Access
Question # 44

The CSIRT is reviewing the lessons learned from a recent incident. A worm was able to spread unhindered throughout the network and infect a large number of computers and servers. Which of the following recommendations would be BEST to mitigate the impacts of a similar incident in the future?

A.

Install a NIDS device at the boundary.

B.

Segment the network with firewalls.

C.

Update all antivirus signatures daily.

D.

Implement application blacklisting.

Full Access
Question # 45

A user recently entered a username and password into a recruiting application website that had been forged to look like the legitimate site Upon investigation, a security analyst the identifies the following:

• The legitimate websites IP address is 10.1.1.20 and eRecruit local resolves to the IP

• The forged website's IP address appears to be 10.2.12.99. based on NetFtow records

• AH three at the organization's DNS servers show the website correctly resolves to the legitimate IP

• DNS query logs show one of the three DNS servers returned a result of 10.2.12.99 (cached) at the approximate time of the suspected compromise.

Which of the following MOST likely occurred?

A.

A reverse proxy was used to redirect network traffic

B.

An SSL strip MITM attack was performed

C.

An attacker temporarily pawned a name server

D.

An ARP poisoning attack was successfully executed

Full Access
Question # 46

A system administrator needs to implement an access control scheme that will allow an object’s access policy be determined by its owner. Which of the following access control schemes BEST fits the requirements?

A.

Role-based access control

B.

Discretionary access control

C.

Mandatory access control

D.

Attribute-based access control

Full Access
Question # 47

A security analyst needs to determine how an attacker was able to use User3 to gain a foothold within a company's network. The company's lockout policy requires that an account be locked out for a minimum of 15 minutes after three unsuccessful attempts. While reviewing the log files, the analyst discovers the following:

Which of the following attacks MOST likely occurred?

A.

Dictionary

B.

Credential-stuffing

C.

Password-spraying

D.

Brute-force

Full Access
Question # 48

A security administrator checks the table of a network switch, which shows the following output:

Which of the following is happening to this switch?

A.

MAC Flooding

B.

DNS poisoning

C.

MAC cloning

D.

ARP poisoning

Full Access
Question # 49

A university is opening a facility in a location where there is an elevated risk of theft The university wants to protect the desktops in its classrooms and labs Which of the following should the university use to BEST protect these assets deployed in the facility?

A.

Visitor logs

B.

Cable locks

C.

Guards

D.

Disk encryption

E.

Motion detection

Full Access
Question # 50

A network engineer is troubleshooting wireless network connectivity issues that were reported by users. The issues are occurring only in the section of the building that is closest to the parking lot. Users are intermittently experiencing slow speeds when accessing websites and are unable to connect to network drives. The issues appear to increase when laptop users return desks after using their devices in other areas of the building. There have also been reports of users being required to enter their credentials on web pages in order to gain access to them. Which of the following is the MOST likely cause of this issue?

A.

An external access point is engaging in an evil-twin attack.

B.

The signal on the WAP needs to be increased in that section of the building.

C.

The certificates have expired on the devices and need to be reinstalled.

D.

The users in that section of the building are on a VLAN that is being blocked by the firewall.

Full Access
Question # 51

Which of the following will MOST likely cause machine learning and Al-enabled systems to operate with unintended consequences?

A.

Stored procedures

B.

Buffer overflows

C.

Data bias

D.

Code reuse

Full Access
Question # 52

A security administrator currently spends a large amount of time on common security tasks, such aa report generation, phishing investigations, and user provisioning and deprovisioning This prevents the administrator from spending time on other security projects. The business does not have the budget to add more staff members. Which of the following should the administrator implement?

A.

DAC

B.

ABAC

C.

SCAP

D.

SOAR

Full Access
Question # 53

A user recently attended an exposition and received some digital promotional materials The user later noticed blue boxes popping up and disappearing on the computer, and reported receiving several spam emails, which the user did not open Which of the following is MOST likely the cause of the reported issue?

A.

There was a drive-by download of malware

B.

The user installed a cryptominer

C.

The OS was corrupted

D.

There was malicious code on the USB drive

Full Access
Question # 54

A company's Chief Information Security Officer (CISO) recently warned the security manager that the company’s Chief Executive Officer (CEO) is planning to publish a controversial option article in a national newspaper, which may result in new cyberattacks Which of the following would be BEST for the security manager to use in a threat mode?

A.

Hacktivists

B.

White-hat hackers

C.

Script kiddies

D.

Insider threats

Full Access
Question # 55

Local guidelines require that all information systems meet a minimum-security baseline to be compliant. Which of the following can security administrators use to assess their system configurations against the baseline?

A.

SOAR playbook

B.

Security control matrix

C.

Risk management framework

D.

Benchmarks

Full Access
Question # 56

A security analyst discovers several .jpg photos from a cellular phone during a forensics investigation involving a compromised system. The analyst runs a forensics tool to gather file metadata. Which of the following would be part of the images if all the metadata is still intact?

A.

The GPS location

B.

When the file was deleted

C.

The total number of print jobs

D.

The number of copies made

Full Access
Question # 57

A security analyst is investigation an incident that was first reported as an issue connecting to network shares and the internet, While reviewing logs and tool output, the analyst sees the following:

Which of the following attacks has occurred?

A.

IP conflict

B.

Pass-the-hash

C.

MAC flooding

D.

Directory traversal

E.

ARP poisoning

Full Access
Question # 58

The facilities supervisor for a government agency is concerned about unauthorized access to environmental systems in the event the staff WiFi network is breached. Which of the blowing would BEST address this security concern?

A.

install a smart meter on the staff WiFi.

B.

Place the environmental systems in the same DHCP scope as the staff WiFi.

C.

Implement Zigbee on the staff WiFi access points.

D.

Segment the staff WiFi network from the environmental systems network.

Full Access
Question # 59

Given the following logs:

Which of the following BEST describes the type of attack that is occurring?

A.

Rainbow table

B.

Dictionary

C.

Password spraying

D.

Pass-the-hash

Full Access
Question # 60

A nuclear plant was the victim of a recent attack, and all the networks were air gapped. A subsequent investigation revealed a worm as the source of the issue. Which of the following BEST explains what happened?

A.

A malicious USB was introduced by an unsuspecting employee.

B.

The ICS firmware was outdated

C.

A local machine has a RAT installed.

D.

The HVAC was connected to the maintenance vendor.

Full Access
Question # 61

A forensics examiner is attempting to dump password cached in the physical memory of a live system but keeps receiving an error message. Which of the following BEST describes the cause of the error?

A.

The examiner does not have administrative privileges to the system

B.

The system must be taken offline before a snapshot can be created

C.

Checksum mismatches are invalidating the disk image

D.

The swap file needs to be unlocked before it can be accessed

Full Access
Question # 62

A symmetric encryption algorithm Is BEST suited for:

A.

key-exchange scalability.

B.

protecting large amounts of data.

C.

providing hashing capabilities,

D.

implementing non-repudiation.

Full Access
Question # 63

A security analyst is configuring a large number of new company-issued laptops. The analyst received the following requirements:

• The devices will be used internationally by staff who travel extensively.

• Occasional personal use is acceptable due to the travel requirements.

• Users must be able to install and configure sanctioned programs and productivity suites.

• The devices must be encrypted

• The devices must be capable of operating in low-bandwidth environments.

Which of the following would provide the GREATEST benefit to the security posture of the devices?

A.

Configuring an always-on VPN

B.

Implementing application whitelisting

C.

Requiring web traffic to pass through the on-premises content filter

D.

Setting the antivirus DAT update schedule to weekly

Full Access
Question # 64

A well-known organization has been experiencing attacks from APIs. The organization is concerned that custom malware is being created and emailed into the company or installed on USB sticks that are dropped in parking lots. Which of the following is the BEST defense against this scenario?

A.

Configuring signature-based antivirus io update every 30 minutes

B.

Enforcing S/MIME for email and automatically encrypting USB drives upon insertion.

C.

Implementing application execution in a sandbox for unknown software.

D.

Fuzzing new files for vulnerabilities if they are not digitally signed

Full Access
Question # 65

Which of the following would be BEST to establish between organizations that have agreed cooperate and are engaged in early discussion to define the responsibilities of each party, but do not want to establish a contractually binding agreement?

A.

An SLA

B.

AnNDA

C.

ABPA

D.

AnMOU

Full Access
Question # 66

An end user reports a computer has been acting slower than normal for a few weeks. During an investigation, an analyst determines the system is sending the user's email address and a ten-digit number to an IP address once a day. The only recent log entry regarding the user's computer is the following:

Which of the following is the MOST likely cause of the issue?

A.

The end user purchased and installed a PUP from a web browser

B.

A bot on the computer is brute forcing passwords against a website

C.

A hacker is attempting to exfiltrate sensitive data

D.

Ransomware is communicating with a command-and-control server.

Full Access
Question # 67

A security analyst is preparing a threat for an upcoming internal penetration test. The analyst needs to identify a method for determining the tactics, techniques, and procedures of a threat against the organization’s network. Which of the following will the analyst MOST likely use to accomplish the objective?

A.

A table exercise

B.

NST CSF

C.

MTRE ATT$CK

D.

OWASP

Full Access
Question # 68

Under GDPR, which of the following is MOST responsible for the protection of privacy and website user rights?

A.

The data protection officer

B.

The data processor

C.

The data owner

D.

The data controller

Full Access
Question # 69

A security engineer needs to Implement the following requirements:

• All Layer 2 switches should leverage Active Directory tor authentication.

• All Layer 2 switches should use local fallback authentication If Active Directory Is offline.

• All Layer 2 switches are not the same and are manufactured by several vendors.

Which of the following actions should the engineer take to meet these requirements? (Select TWO).

A.

Implement RADIUS.

B.

Configure AAA on the switch with local login as secondary.

C.

Configure port security on the switch with the secondary login method.

D.

Implement TACACS+

E.

Enable the local firewall on the Active Directory server.

F.

Implement a DHCP server.

Full Access