Special Summer Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > CompTIA > CompTIA Security+ > SY0-701

SY0-701 CompTIA Security+ Exam 2025 Question and Answers

Question # 4

The Chief Information Security Officer wants to discuss options for a disaster recovery site that allows the business to resume operations as quickly as possible. Which of the following solutions meets this requirement?

A.

Hot site

B.

Cold site

C.

Geographic dispersion

D.

Warm site

Full Access
Question # 5

A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?

A.

Accept

B.

Transfer

C.

Mitigate

D.

Avoid

Full Access
Question # 6

A growing organization, which hosts an externally accessible application, adds multiple virtual servers to improve application performance and decrease the resource usage on individual servers Which of the following solutions is the organization most likely to employ to further increase performance and availability?

A.

Load balancer

B.

Jump server

C.

Proxy server

D.

SD-WAN

Full Access
Question # 7

A security analyst is investigating an application server and discovers that software on the server is behaving abnormally. The software normally runs batch jobs locally and does not generate traffic, but the process is now generating outbound traffic over random high ports. Which of the following vulnerabilities has likely been exploited in this software?

A.

Memory injection

B.

Race condition

C.

Side loading

D.

SQL injection

Full Access
Question # 8

A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?

A.

Default credentials

B.

Non-segmented network

C.

Supply chain vendor

D.

Vulnerable software

Full Access
Question # 9

An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?

A.

ACL

B.

DLP

C.

IDS

D.

IPS

Full Access
Question # 10

A company recently decided to allow employees to work remotely. The company wants to protect us data without using a VPN. Which of the following technologies should the company Implement?

A.

Secure web gateway

B.

Virtual private cloud end point

C.

Deep packet Inspection

D.

Next-gene ration firewall

Full Access
Question # 11

A company is planning a disaster recovery site and needs to ensure that a single natural disaster would not result in the complete loss of regulated backup data. Which of the following should the company consider?

A.

Geographic dispersion

B.

Platform diversity

C.

Hot site

D.

Load balancing

Full Access
Question # 12

Which of the following describes the procedures a penetration tester must follow while conducting a test?

A.

Rules of engagement

B.

Rules of acceptance

C.

Rules of understanding

D.

Rules of execution

Full Access
Question # 13

Which of the following would be the best ways to ensure only authorized personnel can access a secure facility? (Select two).

A.

Fencing

B.

Video surveillance

C.

Badge access

D.

Access control vestibule

E.

Sign-in sheet

F.

Sensor

Full Access
Question # 14

An unexpected and out-of-character email message from a Chief Executive Officer’s corporate account asked an employee to provide financial information and to change the recipient's contact number. Which of the following attack vectors is most likely being used?

A.

Business email compromise

B.

Phishing

C.

Brand impersonation

D.

Pretexting

Full Access
Question # 15

Which of the following best represents an application that does not have an on-premises requirement and is accessible from anywhere?

A.

Pass

B.

Hybrid cloud

C.

Private cloud

D.

IaaS

E.

SaaS

Full Access
Question # 16

A company implemented an MDM policy 10 mitigate risks after repealed instances of employees losing company-provided mobile phones. In several cases. The lost phones were used maliciously to perform social engineering attacks against other employees. Which of the following MDM features should be configured to best address this issue? (Select two).

A.

Screen locks

B.

Remote wipe

C.

Full device encryption

D.

Push notifications

E.

Application management

F.

Geolocation

Full Access
Question # 17

While a user reviews their email, a host gets infected by malware from an external hard drive plugged into the host. The malware steals all the user's credentials stored in the browser. Which of the following training topics should the user review to prevent this situation from reoccurring?

A.

Operational security

B.

Removable media and cables

C.

Password management

D.

Social engineering

Full Access
Question # 18

A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?

A.

Capacity planning

B.

Redundancy

C.

Geographic dispersion

D.

Tablet exercise

Full Access
Question # 19

An important patch for a critical application has just been released, and a systems administrator is identifying all of the systems requiring the patch. Which of the following must be maintained in order to ensure that all systems requiring the patch are updated?

A.

Asset inventory

B.

Network enumeration

C.

Data certification

D.

Procurement process

Full Access
Question # 20

An organization recently updated its security policy to include the following statement:

Regular expressions are included in source code to remove special characters such as $, |, ;. &, `, and ? from variables set by forms in a web application.

Which of the following best explains the security technique the organization adopted by making this addition to the policy?

A.

Identify embedded keys

B.

Code debugging

C.

Input validation

D.

Static code analysis

Full Access
Question # 21

Which of the following should an internal auditor check for first when conducting an audit of the organization's risk management program?

A.

Policies and procedures

B.

Asset management

C.

Vulnerability assessment

D.

Business impact analysts

Full Access
Question # 22

A company plans to secure its systems by:

Preventing users from sending sensitive data over corporate email

Restricting access to potentially harmful websites

Which of the following features should the company set up? (Select two).

A.

DLP software

B.

DNS filtering

C.

File integrity monitoring

D.

Stateful firewall

Full Access
Question # 23

Which of the following best practices gives administrators a set period to perform changes to an operational system to ensure availability and minimize business impacts?

A.

Impact analysis

B.

Scheduled downtime

C.

Backout plan

D.

Change management boards

Full Access
Question # 24

A legacy device is being decommissioned and is no longer receiving updates or patches. Which of the following describes this scenario?

A.

End of business

B.

End of testing

C.

End of support

D.

End of life

Full Access
Question # 25

An organization is required to provide assurance that its controls are properly designed and operating effectively. Which of the following reports will best achieve the objective?

A.

Red teaming

B.

Penetration testing

C.

Independent audit

D.

Vulnerability assessment

Full Access
Question # 26

A newly identified network access vulnerability has been found in the OS of legacy loT devices. Which of the following would best mitigate this vulnerability quickly?

A.

Insurance

B.

Patching

C.

Segmentation

D.

Replacement

Full Access
Question # 27

An enterprise security team is researching a new security architecture to better protect the company's networks and applications against the latest cyberthreats. The company has a fully remoteworkforce. The solution should be highly redundant and enable users to connect to a VPN with an integrated, software-based firewall. Which of the following solutions meets these requirements?

A.

IPS

B.

SIEM

C.

SASE

D.

CASB

Full Access
Question # 28

An organization is looking to optimize its environment and reduce the number of patches necessary for operating systems. Which of the following will best help to achieve this objective?

A.

Microservices

B.

Virtualization

C.

Real-time operating system

D.

Containers

Full Access
Question # 29

Which of the following architectures is most suitable to provide redundancy for critical business processes?

A.

Network-enabled

B.

Server-side

C.

Cloud-native

D.

Multitenant

Full Access
Question # 30

Which of the following security concepts is being followed when implementing a product that offers protection against DDoS attacks?

A.

Availability

B.

Non-repudiation

C.

Integrity

D.

Confidentiality

Full Access
Question # 31

Which of the following is the main consideration when a legacy system that is a critical part of a company's infrastructure cannot be replaced?

A.

Resource provisioning

B.

Cost

C.

Single point of failure

D.

Complexity

Full Access
Question # 32

Which of the following are cases in which an engineer should recommend the decommissioning of a network device? (Select two).

A.

The device has been moved from a production environment to a test environment.

B.

The device is configured to use cleartext passwords.

C.

The device is moved to an isolated segment on the enterprise network.

D.

The device is moved to a different location in the enterprise.

E.

The device's encryption level cannot meet organizational standards.

F.

The device is unable to receive authorized updates.

Full Access
Question # 33

An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC’s memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?

A.

Privilege escalation

B.

Buffer overflow

C.

SQL injection

D.

Pass-the-hash

Full Access
Question # 34

Which of the following would a security administrator use to comply with a secure baseline during a patch update?

A.

Information security policy

B.

Service-level expectations

C.

Standard operating procedure

D.

Test result report

Full Access
Question # 35

Which of the following is the most likely to be included as an element of communication in a security awareness program?

A.

Reporting phishing attempts or other suspicious activities

B.

Detecting insider threats using anomalous behavior recognition

C.

Verifying information when modifying wire transfer data

D.

Performing social engineering as part of third-party penetration testing

Full Access
Question # 36

A new employee logs in to the email system for the first time and notices a message from human resources about onboarding. The employee hovers over a few of the links within the email and discovers that the links do not correspond to links associated with the company. Which of the following attack vectors is most likely being used?

A.

Business email

B.

Social engineering

C.

Unsecured network

D.

Default credentials

Full Access
Question # 37

Which of the following is a possible consequence of a VM escape?

A.

Malicious instructions can be inserted into memory and give the attacker elevated permissions.

B.

An attacker can access the hypervisor and compromise other VMs.

C.

Unencrypted data can be read by a user in a separate environment.

D.

Users can install software that is not on the manufacturer's approved list.

Full Access
Question # 38

An administrator wants to automate an account permissions update for a large number of accounts. Which of the following would best accomplish this task?

A.

Security groups

B.

Federation

C.

User provisioning

D.

Vertical scaling

Full Access
Question # 39

The Chief Information Security Officer (CISO) at a large company would like to gain an understanding of how the company's security policies compare to the requirements imposed by external regulators. Which of the following should the CISO use?

A.

Penetration test

B.

Internal audit

C.

Attestation

D.

External examination

Full Access
Question # 40

Which of the following is a reason why a forensic specialist would create a plan to preserve data after an modem and prioritize the sequence for performing forensic analysis?

A.

Order of volatility

B.

Preservation of event logs

C.

Chain of custody

D.

Compliance with legal hold

Full Access
Question # 41

Which of the following is a benefit of an RTO when conducting a business impact analysis?

A.

It determines the likelihood of an incident and its cost.

B.

It determines the roles and responsibilities for incident responders.

C.

It determines the state that systems should be restored to following an incident.

D.

It determines how long an organization can tolerate downtime after an incident.

Full Access
Question # 42

Which of the following would be the best way to test resiliency in the event of a primary power failure?

A.

Parallel processing

B.

Tabletop exercise

C.

Simulation testing

D.

Production failover

Full Access
Question # 43

A company wants to ensure employees are allowed to copy files from a virtual desktop during the workday but are restricted during non-working hours. Which of the following security measures should the company set up?

A.

Digital rights management

B.

Role-based access control

C.

Time-based access control

D.

Network access control

Full Access
Question # 44

A network administrator wants to ensure that network traffic is highly secure while in transit. Which of the following actions best describes the actions the network administrator should take?

A.

Ensure that NAC is enforced on all network segments, and confirm that firewalls have updated policies to block unauthorized traffic.

B.

Ensure only TLS and other encrypted protocols are selected for use on the network, and only permit authorized traffic via secure protocols.

C.

Configure the perimeter IPS to block inbound HTTPS directory traversal traffic, and verify that signatures are updated on a daily basis.

D.

Ensure the EDR software monitors for unauthorized applications that could be used by threat actors, and configure alerts for the security team.

Full Access
Question # 45

A business uses Wi-Fi with content filleting enabled. An employee noticed a coworker accessed a blocked sue from a work computer and repotted the issue. While Investigating the issue, a security administrator found another device providing internet access to certain employees. Which of the following best describes the security risk?

A.

The host-based security agent Is not running on all computers.

B.

A rogue access point Is allowing users to bypass controls.

C.

Employees who have certain credentials are using a hidden SSID.

D.

A valid access point is being jammed to limit availability.

Full Access
Question # 46

A security administrator is deploying a DLP solution to prevent the exfiltration of sensitive customer data. Which of the following should the administrator do first?

A.

Block access to cloud storage websites.

B.

Create a rule to block outgoing email attachments.

C.

Apply classifications to the data.

D.

Remove all user permissions from shares on the file server.

Full Access
Question # 47

Which of the following is a primary security concern for a company setting up a BYOD program?

A.

End of life

B.

Buffer overflow

C.

VM escape

D.

Jailbreaking

Full Access
Question # 48

An analyst is reviewing an incident in which a user clicked on a link in a phishing email. Which of the following log sources would the analyst utilize to determine whether the connection was successful?

A.

Network

B.

System

C.

Application

D.

Authentication

Full Access
Question # 49

A security administrator recently reset local passwords and the following values were recorded in the system:

Which of the following in the security administrator most likely protecting against?

A.

Account sharing

B.

Weak password complexity

C.

Pass-the-hash attacks

D.

Password compromise

Full Access
Question # 50

Which of the following best describes why me SMS DIP authentication method is more risky to implement than the TOTP method?

A.

The SMS OTP method requires an end user to have an active mobile telephone service and SIM card.

B.

Generally. SMS OTP codes are valid for up to 15 minutes while the TOTP time frame is 30 to 60 seconds

C.

The SMS OTP is more likely to be intercepted and lead to unauthorized disclosure of the code than the TOTP method.

D.

The algorithm used to generate on SMS OTP code is weaker than the one used to generate a TOTP code

Full Access
Question # 51

A company is considering an expansion of access controls for an application that contractors and internal employees use to reduce costs. Which of the following risk elements should the implementation team understand before granting access to the application?

A.

Threshold

B.

Appetite

C.

Tolerance

D.

Register

Full Access
Question # 52

An organization is adopting cloud services at a rapid pace and now has multiple SaaS applications in use. Each application has a separate log-in. so the security team wants to reduce the number of credentials each employee must maintain. Which of the following is the first step the security team should take?

A.

Enable SAML

B.

Create OAuth tokens.

C.

Use password vaulting.

D.

Select an IdP

Full Access
Question # 53

An organization’s internet-facing website was compromised when an attacker exploited a buffer overflow. Which of the following should the organization deploy to best protect against similar attacks in the future?

A.

NGFW

B.

WAF

C.

TLS

D.

SD-WAN

Full Access
Question # 54

A security consultant needs secure, remote access to a client environment. Which of the following should the security consultant most likely use to gain access?

A.

EAP

B.

DHCP

C.

IPSec

D.

NAT

Full Access
Question # 55

During a recent company safety stand-down, the cyber-awareness team gave a presentation on the importance of cyber hygiene. One topic the team covered was best practices for printing centers. Which of the following describes an attack method that relates to printing centers?

A.

Whaling

B.

Credential harvesting

C.

Prepending

D.

Dumpster diving

Full Access
Question # 56

Which of the following security concepts is accomplished when granting access after an individual has logged into a computer network?

A.

Authorization

B.

Identification

C.

Non-repudiation

D.

Authentication

Full Access
Question # 57

Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.

INSTRUCTIONS

Not all attacks and remediation actions will be used.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Full Access
Question # 58

Which of the following explains how to determine the global regulations that data is subject to regardless of the country where the data is stored?

A.

Geographic dispersion

B.

Data sovereignty

C.

Geographic restrictions

D.

Data segmentation

Full Access
Question # 59

Which of the following is a benefit of vendor diversity?

A.

Patch availability

B.

Zero-day resiliency

C.

Secure configuration guide applicability

D.

Load balancing

Full Access
Question # 60

A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations. Which of the following should the hosting provider consider first?

A.

Local data protection regulations

B.

Risks from hackers residing in other countries

C.

Impacts to existing contractual obligations

D.

Time zone differences in log correlation

Full Access
Question # 61

An engineer moved to another team and is unable to access the new team's shared folders while still being able to access the shared folders from the former team. After opening a ticket, the engineer discovers that the account was never moved to the new group. Which of the following access controls is most likely causing the lack of access? 1  

A.

Role-based

B.

Discretionary

C.

Time of day

D.

Least privilege

Full Access
Question # 62

A group of developers has a shared backup account to access the source code repository. Which of the following is the best way to secure the backup account if there is an SSO failure?

A.

RAS

B.

EAP

C.

SAML

D.

PAM

Full Access
Question # 63

In order to strengthen a password and prevent a hacker from cracking it, a random string of 36 characters was added to the password. Which of the following best describes this technique?

A.

Key stretching

B.

Tokenization

C.

Data masking

D.

Salting

Full Access
Question # 64

An external vendor recently visited a company's headquarters tor a presentation. Following the visit a member of the hosting team found a file that the external vendor left behind on a server. The file contained detailed architecture information and code snippets. Which of the following data types best describes this file?

A.

Government

B.

Public

C.

Proprietary

D.

Critical

Full Access
Question # 65

An organization is evaluating new regulatory requirements associated with the implementation of corrective controls on a group of interconnected financial systems. Which of the following is the most likely reason for the new requirement?

A.

To defend against insider threats altering banking details

B.

To ensure that errors are not passed to other systems

C.

To allow for business insurance to be purchased

D.

To prevent unauthorized changes to financial data

Full Access
Question # 66

Which of the following is an example of memory injection?

A.

Two processes access the same variable, allowing one to cause a privilege escalation.

B.

A process receives an unexpected amount of data, which causes malicious code to be executed.

C.

Malicious code is copied to the allocated space of an already running process.

D.

An executable is overwritten on the disk, and malicious code runs the next time it is executed.

Full Access
Question # 67

A malicious insider from the marketing team alters records and transfers company funds to a personal account. Which of the following methods would be the best way to secure company records in the future?

A.

Permission restrictions

B.

Hashing

C.

Input validation

D.

Access control list

Full Access
Question # 68

A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these requirements?

A.

Serverless framework

B.

Type 1 hvpervisor

C.

SD-WAN

D.

SDN

Full Access
Question # 69

Which of the following describes the understanding between a company and a client about what will be provided and the accepted time needed to provide the company with the resources?

A.

SLA

B.

MOU

C.

MOA

D.

BPA

Full Access
Question # 70

Which of the following is used to add extra complexity before using a one-way data transformation algorithm?

A.

Key stretching

B.

Data masking

C.

Steganography

D.

Salting

Full Access
Question # 71

Which of the following is die most important security concern when using legacy systems to provide production service?

A.

Instability

B.

Lack of vendor support

C.

Loss of availability

D.

Use of insecure protocols

Full Access
Question # 72

Which of the following is most likely associated with introducing vulnerabilities on a corporate network by the deployment of unapproved software?

A.

Hacktivists

B.

Script kiddies

C.

Competitors

D.

Shadow IT

Full Access
Question # 73

Which of the following would help ensure a security analyst is able to accurately measure the overall risk to an organization when a new vulnerability is disclosed?

A.

A full inventory of all hardware and software

B.

Documentation of system classifications

C.

A list of system owners and their departments

D.

Third-party risk assessment documentation

Full Access
Question # 74

After reviewing the following vulnerability scanning report:

Server:192.168.14.6

Service: Telnet

Port: 23 Protocol: TCP

Status: Open Severity: High

Vulnerability: Use of an insecure network protocol

A security analyst performs the following test:

nmap -p 23 192.168.14.6 —script telnet-encryption

PORT STATE SERVICE REASON

23/tcp open telnet syn-ack

I telnet encryption:

| _ Telnet server supports encryption

Which of the following would the security analyst conclude for this reported vulnerability?

A.

It is a false positive.

B.

A rescan is required.

C.

It is considered noise.

D.

Compensating controls exist.

Full Access
Question # 75

Which of the following best describe a penetration test that resembles an actual external attach?

A.

Known environment

B.

Partially known environment

C.

Bug bounty

D.

Unknown environment

Full Access
Question # 76

A security officer is implementing a security awareness program and is placing security-themed posters around the building and is assigning online user training. Which of the following would the security officer most likely implement?

A.

Password policy

B.

Access badges

C.

Phishing campaign

D.

Risk assessment

Full Access
Question # 77

Which of the following teams combines both offensive and defensive testing techniques to protect an organization's critical systems?

A.

Red

B.

Blue

C.

Purple

D.

Yellow

Full Access
Question # 78

An organization would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network. Which of the following should the administrator use to accomplish this goal?

A.

Segmentation

B.

Isolation

C.

Patching

D.

Encryption

Full Access
Question # 79

An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a “page not found” error message. Which of the following types of social engineering attacks occurred?

A.

Brand impersonation

B.

Pretexting

C.

Typosquatting

D.

Phishing

Full Access
Question # 80

Company A jointly develops a product with Company B, which is located in a different country. Company A finds out that their intellectual property is being shared with unauthorized companies. Which of the following has been breached?

A.

SLA

B.

AUP

C.

SOW

D.

MOA

Full Access
Question # 81

Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?

A.

Hacktivist

B.

Whistleblower

C.

Organized crime

D.

Unskilled attacker

Full Access
Question # 82

Which of the following should a company use to provide proof of external network security testing?

A.

Business impact analysis

B.

Supply chain analysis

C.

Vulnerability assessment

D.

Third-party attestation

Full Access
Question # 83

An organization would like to calculate the time needed to resolve a hardware issue with a server. Which of the following risk management processes describes this example?

A.

Recovery point objective

B.

Mean time between failures

C.

Recovery time objective

D.

Mean time to repair  

Full Access
Question # 84

Which of the following would be the most appropriate way to protect data in transit?

A.

SHA-256

B.

SSL 3.0

C.

TLS 1.3

D.

AES-256

Full Access
Question # 85

A systems administrator needs to ensure the secure communication of sensitive data within the organization's private cloud. Which of the following is the best choice for the administrator to implement?

A.

IPSec

B.

SHA-1

C.

RSA

D.

TGT

Full Access
Question # 86

A security analyst is reviewing logs and discovers the following:

Which of the following should be used lo best mitigate this type of attack?

A.

Input sanitization

B.

Secure cookies

C.

Static code analysis

D.

Sandboxing

Full Access
Question # 87

Which of the following is a compensating control for providing user access to a high-risk website?

A.

Enabling threat prevention features on the firewall

B.

Configuring a SIEM tool to capture all web traffic

C.

Setting firewall rules to allow traffic from any port to that destination

D.

Blocking that website on the endpoint protection software

Full Access
Question # 88

Which of the following is best used to detect fraud by assigning employees to different roles?

A.

Least privilege

B.

Mandatory vacation

C.

Separation of duties

D.

Job rotation

Full Access
Question # 89

An accounting clerk sent money to an attacker's bank account after receiving fraudulent instructions over the phone to use a new account. Which of the following would most likely prevent this activity in the future?

A.

Standardizing security incident reporting

B.

Executing regular phishing campaigns

C.

Implementing insider threat detection measures

D.

Updating processes for sending wire transfers

Full Access
Question # 90

A systems administrator is concerned users are accessing emails through a duplicate site that is not run by the company. Which of the following is used in this scenario?

A.

Impersonation

B.

Replication

C.

Phishing

D.

Smishing

Full Access
Question # 91

A technician needs to apply a high-priority patch to a production system. Which of the following steps should be taken first?

A.

Air gap the system.

B.

Move the system to a different network segment.

C.

Create a change control request.

D.

Apply the patch to the system.

Full Access
Question # 92

Which of the following techniques can be used to sanitize the data contained on a hard drive while allowing for the hard drive to be repurposed?

A.

Degaussing

B.

Drive shredder

C.

Retention platform

D.

Wipe tool

Full Access
Question # 93

Which of the following most accurately describes the order in which a security engineer should implement secure baselines?

A.

Deploy, maintain, establish

B.

Establish, maintain, deploy

C.

Establish, deploy, maintain

D.

Deploy, establish, maintain

Full Access
Question # 94

A company has a website in a server cluster. One server is experiencing very high usage, while others are nearly unused. Which of the following should the company configure to help distribute traffic quickly?

A.

Server multiprocessing

B.

Warm site

C.

Load balancer

D.

Proxy server

Full Access
Question # 95

Which of the following would be the best solution to deploy a low-cost standby site that includes hardware and internet access?

A.

Recovery site

B.

Cold site

C.

Hot site

D.

Warm site

Full Access
Question # 96

Which of the following would enable a data center to remain operational through a multiday power outage?

A.

Generator

B.

Uninterruptible power supply

C.

Replication

D.

Parallel processing

Full Access
Question # 97

The management team notices that new accounts that are set up manually do not always have correct access or permissions.

Which of the following automation techniques should a systems administrator use to streamline account creation?

A.

Guard rail script

B.

Ticketing workflow

C.

Escalation script

D.

User provisioning script

Full Access
Question # 98

An administrator must replace an expired SSL certificate. Which of the following does the administrator need to create the new SSL certificate?

A.

CSR

B.

OCSP

C.

Key

D.

CRL

Full Access
Question # 99

A business received a small grant to migrate its infrastructure to an off-premises solution. Which of the following should be considered first?

A.

Security of cloud providers

B.

Cost of implementation

C.

Ability of engineers

D.

Security of architecture

Full Access
Question # 100

The Chief Information Security Officer wants to put security measures in place to protect PlI. The organization needs to use its existing labeling and classification system to accomplish this goal. Which of the following would most likely be configured to meet the requirements?

A.

Tokenization

B.

S/MIME

C.

DLP

D.

MFA

Full Access
Question # 101

An administrator has identified and fingerprinted specific files that will generate an alert if an attempt is made to email these files outside of the organization. Which of the following best describes the tool the administrator is using?

A.

DLP

B.

SNMP traps

C.

SCAP

D.

IPS

Full Access
Question # 102

An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?

A.

Smishing

B.

Disinformation

C.

Impersonating

D.

Whaling

Full Access
Question # 103

A security analyst is reviewing logs to identify the destination of command-and-control traffic originating from a compromised device within the on-premises network. Which of the following is the best log to review?

A.

IDS

B.

Antivirus

C.

Firewall

D.

Application

Full Access
Question # 104

A website user is locked out of an account after clicking an email link and visiting a different website Web server logs show the user's password was changed, even though the user did not change the password. Which of the following is the most likely cause?

A.

Cross-sue request forgery

B.

Directory traversal

C.

ARP poisoning

D.

SQL injection

Full Access
Question # 105

A security engineer is working to address the growing risks that shadow IT services are introducing to the organization. The organization has taken a cloud-first approach end does not have an on-premises IT infrastructure. Which of the following would best secure the organization?

A.

Upgrading to a next-generation firewall

B.

Deploying an appropriate in-line CASB solution

C.

Conducting user training on software policies

D.

Configuring double key encryption in SaaS platforms

Full Access
Question # 106

Which of the following strategies should an organization use to efficiently manage and analyze multiple types of logs?

A.

Deploy a SIEM solution

B.

Create custom scripts to aggregate and analyze logs

C.

Implement EDR technology

D.

Install a unified threat management appliance

Full Access
Question # 107

Visitors to a secured facility are required to check in with a photo ID and enter the facility through an access control vestibule Which of the following but describes this form of security control?

A.

Physical

B.

Managerial

C.

Technical

D.

Operational

Full Access
Question # 108

Which of the following activities should a systems administrator perform to quarantine a potentially infected system?

A.

Move the device into an air-gapped environment.

B.

Disable remote log-in through Group Policy.

C.

Convert the device into a sandbox.

D.

Remote wipe the device using the MDM platform.

Full Access
Question # 109

An organization is leveraging a VPN between its headquarters and a branch location. Which of the following is the VPN protecting?

A.

Data in use

B.

Data in transit

C.

Geographic restrictions

D.

Data sovereignty

Full Access
Question # 110

Which of the following provides the details about the terms of a test with a third-party penetration tester?

A.

Rules of engagement

B.

Supply chain analysis

C.

Right to audit clause

D.

Due diligence

Full Access
Question # 111

A Chief Information Security Officer would like to conduct frequent, detailed reviews of systems and procedures to track compliance objectives. Which of the following is the best method to achieve this objective?

A.

Third-party attestation

B.

Penetration testing

C.

Internal auditing

D.

Vulnerability scans

Full Access
Question # 112

A company's Chief Information Security Officer (CISO) wants to enhance the capabilities of the incident response team. The CISO directs the incident response team to deploy a tool that rapidly analyzes host and network data from potentially compromised systems and forwards the data for further review. Which of the following tools should the incident response team deploy?

A.

NAC

B.

IPS

C.

SIEM

D.

EDR

Full Access
Question # 113

A security analyst locates a potentially malicious video file on a server and needs to identify both the creation date and the file's creator. Which of the following actions would most likely give the security analyst the information required?

A.

Obtain the file's SHA-256 hash.

B.

Use hexdump on the file's contents.

C.

Check endpoint logs.

D.

Query the file's metadata.

Full Access
Question # 114

A user would like to install software and features that are not available with a smartphone's default software. Which of the following would allow the user to install unauthorized software and enable new features?

A.

SOU

B.

Cross-site scripting

C.

Jailbreaking

D.

Side loading

Full Access
Question # 115

A certificate authority needs to post information about expired certificates. Which of the following would accomplish this task?

A.

TPM

B.

CRL

C.

PKI

D.

CSR

Full Access
Question # 116

A company is currently utilizing usernames and passwords, and it wants to integrate an MFA method that is seamless, can Integrate easily into a user's workflow, and can utilize employee-owned devices. Which of the following will meet these requirements?

A.

Push notifications

B.

Phone call

C.

Smart card

D.

Offline backup codes

Full Access
Question # 117

A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware?

A.

A thorough analysis of the supply chain

B.

A legally enforceable corporate acquisition policy

C.

A right to audit clause in vendor contracts and SOWs

D.

An in-depth penetration test of all suppliers and vendors

Full Access
Question # 118

A security analyst is assessing several company firewalls. Which of the following cools would The analyst most likely use to generate custom packets to use during the assessment?

A.

hping

B.

Wireshark

C.

PowerShell

D.

netstat

Full Access
Question # 119

A systems administrator is redesigning now devices will perform network authentication. The following requirements need to be met:

• An existing Internal certificate must be used.

• Wired and wireless networks must be supported

• Any unapproved device should be Isolated in a quarantine subnet

• Approved devices should be updated before accessing resources

Which of the following would best meet the requirements?

A.

802.IX

B.

EAP

C.

RADIUS

D.

WPA2

Full Access
Question # 120

Which of the following practices would be best to prevent an insider from introducing malicious code into a company's development process?

A.

Code scanning for vulnerabilities

B.

Open-source component usage

C.

Quality assurance testing

D.

Peer review and approval

Full Access
Question # 121

An organization implemented cloud-managed IP cameras to monitor building entry points and sensitive areas. The service provider enables direct TCP/IP connection to stream live video footage from each camera. The organization wants to ensure this stream is encrypted and authenticated. Which of the following protocols should be implemented to best meet this objective?

A.

SSH

B.

SRTP

C.

S/MIME

D.

PPTP

Full Access
Question # 122

A legal department must maintain a backup from all devices that have been shredded and recycled by a third party. Which of the following best describes this requirement?

A.

Data retention

B.

Certification

C.

Sanitation

D.

Destruction

Full Access
Question # 123

While reviewing logs, a security administrator identifies the following code:

Which of the following best describes the vulnerability being exploited?

A.

XSS

B.

SQLi

C.

DDoS

D.

CSRF

Full Access
Question # 124

Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?

A.

To track the status of patch installations

B.

To find shadow IT cloud deployments

C.

To continuously monitor hardware inventory

D.

To hunt for active attackers in the network

Full Access
Question # 125

While investigating a possible incident, a security analyst discovers the following log entries:

67.118.34.157 ----- [28/Jul/2022:10:26:59 -0300] "GET /query.php?q-wireless%20headphones / HTTP/1.0" 200 12737

132.18.222.103 ----[28/Jul/2022:10:27:10 -0300] "GET /query.php?q=123 INSERT INTO users VALUES('temp', 'pass123')# / HTTP/1.0" 200 935

12.45.101.121 ----- [28/Jul/2022:10:27:22 -0300] "GET /query.php?q=mp3%20players I HTTP/1.0" 200 14650

Which of the following should the analyst do first?

A.

Implement a WAF

B.

Disable the query .php script

C.

Block brute-force attempts on temporary users

D.

Check the users table for new accounts

Full Access
Question # 126

Which of the following can be used to compromise a system that is running an RTOS?

A.

Cross-site scripting

B.

Memory injection

C.

Replay attack

D.

Ransomware

Full Access
Question # 127

A security engineer is installing an IPS to block signature-based attacks in the environment. Which of the following modes will best accomplish this task?

A.

Monitor

B.

Sensor

C.

Audit

D.

Active

Full Access
Question # 128

Which of the following is the best way to provide secure remote access for employees while minimizing the exposure of a company's internal network?

A.

VPN

B.

LDAP

C.

FTP

D.

RADIUS

Full Access
Question # 129

Which of the following describes an executive team that is meeting in a board room and testing the company's incident response plan?

A.

Continuity of operations

B.

Capacity planning

C.

Tabletop exercise

D.

Parallel processing

Full Access
Question # 130

An organization needs to monitor its users' activities to prevent insider threats. Which of the following solutions would help the organization achieve this goal?

A.

Behavioral analytics

B.

Access control lists

C.

Identity and access management

D.

Network intrusion detection system

Full Access
Question # 131

A penetration tester begins an engagement by performing port and service scans against the client environment according to the rules of engagement. Which of the following reconnaissance types is the tester performing?

A.

Active

B.

Passive

C.

Defensive

D.

Offensive

Full Access
Question # 132

Which of the following should a security operations center use to improve its incident response procedure?

A.

Playbooks

B.

Frameworks

C.

Baselines

D.

Benchmarks

Full Access
Question # 133

Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company?

A.

Provisioning resources

B.

Disabling access

C.

Reviewing change approvals

D.

Escalating permission requests

Full Access
Question # 134

When trying to access an internal website, an employee reports that a prompt displays, stating that the site is insecure. Which of the following certificate types is the site most likely using?

A.

Wildcard

B.

Root of trust

C.

Third-party

D.

Self-signed

Full Access
Question # 135

After creating a contract for IT contractors, the human resources department changed several clauses. The contract has gone through three revisions. Which of the following processes should the human resources department follow to track revisions?

A.

Version validation

B.

Version changes

C.

Version updates

D.

Version control

Full Access
Question # 136

Which of the following is the best way to prevent an unauthorized user from plugging a laptop into an employee's phone network port and then using tools to scan for database servers?

A.

MAC filtering

B.

Segmentation

C.

Certification

D.

Isolation

Full Access
Question # 137

An organization wants a third-party vendor to do a penetration test that targets a specific device. The organization has provided basic information about the device. Which of the following best describes this kind of penetration test?

A.

Partially known environment

B.

Unknown environment

C.

Integrated

D.

Known environment

Full Access
Question # 138

Which of the following documents details how to accomplish a technical security task?

A.

Standard

B.

Policy

C.

Guideline

D.

Procedure

Full Access
Question # 139

A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops No known Indicators of compromise have been found on the network. Which of the following should the team do first to secure the environment?

A.

Contain the Impacted hosts

B.

Add the malware to the application blocklist.

C.

Segment the core database server.

D.

Implement firewall rules to block outbound beaconing

Full Access
Question # 140

Which of the following would be best suited for constantly changing environments?

A.

RTOS

B.

Containers

C.

Embedded systems

D.

SCADA

Full Access
Question # 141

Which of the following activities is the first stage in the incident response process?

A.

Detection

B.

Declaration

C.

Containment

D.

Vacation

Full Access
Question # 142

A systems administrator wants to prevent users from being able to access data based on their responsibilities. The administrator also wants to apply the required access structure via a simplified format. Which of the following should the administrator apply to the site recovery resource group?

A.

RBAC

B.

ACL

C.

SAML

D.

GPO

Full Access
Question # 143

A systems administrator receives the following alert from a file integrity monitoring tool:

The hash of the cmd.exe file has changed.

The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?

A.

The end user changed the file permissions.

B.

A cryptographic collision was detected.

C.

A snapshot of the file system was taken.

D.

A rootkit was deployed.

Full Access
Question # 144

An organization recently started hosting a new service that customers access through a web portal. A security engineer needs to add to the existing security devices a new solution to protect this new service. Which of the following is the engineer most likely to deploy?

A.

Layer 4 firewall

B.

NGFW

C.

WAF

D.

UTM

Full Access