لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
A security analyst is investigating some users who are being redirected to a fake website that resembles www.comptia.org. The following output was found on the naming server of the organization: Which of the following attacks has taken place?
A. Domain reputation
B. Domain hijacking
C. Disassociation
D. DNS poisoning
عرض الإجابة
اجابة صحيحة: D
السؤال #2
A university is opening a facility in a location where there is an elevated risk of theft The university wants to protect the desktops in its classrooms and labs Which of the following should the university use to BEST protect these assets deployed in the facility?
A. Visitor logs
B. Cable locks
C. Guards
D. Disk encryption
E. Motion detection
عرض الإجابة
اجابة صحيحة: D
السؤال #3
A systems administrator is troubleshooting a server's connection to an internal web server. The administrator needs to determine the correct ports to use. Which of the following tools BEST shows which ports on the web server are in a listening state?
A. Ipconfig
B. ssh
C. Ping
D. Netstat
عرض الإجابة
اجابة صحيحة: D
السؤال #4
Entering a secure area requires passing through two doors, both of which require someone who is already inside to initiate access. Which of the following types of physical security controls does this describe?
A. Cameras
B. Faraday cage
C. Access control vestibule
D. Sensors
E. Guards
عرض الإجابة
اجابة صحيحة: A
السؤال #5
An employee received a word processing file that was delivered as an email attachment The subject line and email content enticed the employee to open the attachment. Which of the following attack vectors BEST matches this malware?
A. Embedded Python code
B. Macro-enabled file
C. Bash scripting
D. Credential-harvesting website
عرض الإجابة
اجابة صحيحة: B
السؤال #6
A security analyst needs to perform periodic vulnerably scans on production systems. Which of the following scan types would produce the BEST vulnerability scan report?
A. Port
B. Intrusive
C. Host discovery
D. Credentialed
عرض الإجابة
اجابة صحيحة: B
السؤال #7
An organization maintains several environments in which patches are developed and tested before deployed to an operation status. Which of the following is the environment in which patches will be deployed just prior to being put into an operational status?
A. Development
B. Test
C. Production
D. Staging
عرض الإجابة
اجابة صحيحة: B
السؤال #8
The new Chief Executive Officer (CEO) of a large company has announced a partnership with a vendor that will provide multiple collaboration applications t make remote work easier. The company has a geographically dispersed staff located in numerous remote offices in different countries. The company's IT administrators are concerned about network traffic and load if all users simultaneously download the application. Which of the following would work BEST to allow each geographic region to download the softwa
A. Update the host IDS rules
B. Enable application whitelisting
C. Modify the corporate firewall rules
D. Deploy all applications simultaneously
عرض الإجابة
اجابة صحيحة: D
السؤال #9
Which of the following describes the exploitation of an interactive process to gain access to restncted areas?
A. Persistence
B. Buffer overflow
C. Privilege escalation
D. Pharming
عرض الإجابة
اجابة صحيحة: A
السؤال #10
A security analyst is investigating suspicious traffic on the web server located at IP address 10.10.1.1. A search of the WAF logs reveals the following output: Which of the following is MOST likely occurring?
A. XSS attack
B. SQLi attack
C. Replay attack
D. XSRF attack
عرض الإجابة
اجابة صحيحة: B
السؤال #11
An organization is migrating several SaaS applications that support SSO. The security manager wants to ensure the migration is completed securely. Which of the following should the organization consider before implementation? (Select TWO).
A. The back-end directory source
B. The identity federation protocol
C. The hashing method
D. The encryption method
E. The registration authority
F. The certificate authority
عرض الإجابة
اجابة صحيحة: CF
السؤال #12
An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled. Which of the following can be used to accomplish this task?
A. Application allow list
B. SWG
C. Host-based firewall
D. VPN
عرض الإجابة
اجابة صحيحة: A
السؤال #13
A DBA reports that several production server hard drives were wiped over the weekend. The DBA also reports that several Linux servers were unavailable due to system files being deleted unexpectedly. A security analyst verified that software was configured to delete data deliberately from those servers. No backdoors to any servers were found. Which of the following attacks was MOST likely used to cause the data toss?
A. Logic bomb
B. Ransomware
C. Fileless virus
D. Remote access Trojans
E. Rootkit
عرض الإجابة
اجابة صحيحة: A
السؤال #14
A security engineer was assigned to implement a solution to prevent attackers from gaining access by pretending to be authorized users. Which of the following technologies meets the requirement?
A. SSO
B. IDS
C. MFA
D. TPM
عرض الإجابة
اجابة صحيحة: C
السؤال #15
Which of the following tools is effective in preventing a user from accessing unauthorized removable media?
A. USB data blocker
B. Faraday cage
C. Proximity reader
D. Cable lock
عرض الإجابة
اجابة صحيحة: B
السؤال #16
An attacker was easily able to log in to a company's security camera by performing a basic online search for a setup guide for that particular camera brand and model Which of the following BEST describes the configurations the attacker exploited?
A. Weak encryption
B. Unsecure protocols
C. Default settings
D. Open permissions
عرض الإجابة
اجابة صحيحة: C
السؤال #17
A security analyst is evaluating solutions to deploy an additional layer of protection for a web application The goal is to allow only encrypted communications without relying on network devices Which of the following can be implemented?
A. HTTP security header
B. DNSSEC implementation
C. SRTP
D. S/MIME
عرض الإجابة
اجابة صحيحة: D
السؤال #18
An amusement park is implementing a btomelnc system that validates customers' fingerpnnts to ensure they are not sharing tickets The park's owner values customers above all and would prefer customers' convenience over security For this reason which of the following features should the security team prioritize FIRST?
A. Low FAR
B. Low efficacy
C. Low FRR
D. Low CER
عرض الإجابة
اجابة صحيحة: C
السؤال #19
A security administrator has noticed unusual activity occurring between different global instances and workloads and needs to identify the source of the unusual traffic. Which of the following log sources would be BEST to show the source of the unusual traffic?
A. HIDS
B. UEBA
C. CASB
D. VPC
عرض الإجابة
اجابة صحيحة: C
السؤال #20
Which of the following will increase cryptographic security?
A. High data entropy
B. Algorithms that require less computing power
C. Longer key longevity
D. Hashing
عرض الإجابة
اجابة صحيحة: A
السؤال #21
A security analyst is concerned about critical vulnerabilities that have been detected on some applications running inside containers Which of the following is the BEST remediation strategy?
A. Update the base container image and redeploy the environment
B. Include the containers in the regular patching schedule for servers
C. Patch each running container individually and test the application
D. Update the host in which the containers are running
عرض الإجابة
اجابة صحيحة: C
السؤال #22
A company is looking to migrate some servers to the cloud to minimize its technology footprint. The company has 100 databases that are on premises. Which of the following solutions will require the LEAST management and support from the company?
A. SaaS
B. IaaS
C. PaaS
D. SDN
عرض الإجابة
اجابة صحيحة: C
السؤال #23
A security analyst is reviewing the following output from a system: Which of the following is MOST likely being observed?
A. ARP palsoning
B. Man in the middle
C. Denial of service
D. DNS poisoning
عرض الإجابة
اجابة صحيحة: C
السؤال #24
A forensics examiner is attempting to dump password cached in the physical memory of a live system but keeps receiving an error message. Which of the following BEST describes the cause of the error?
A. The examiner does not have administrative privileges to the system
B. The system must be taken offline before a snapshot can be created
C. Checksum mismatches are invalidating the disk image
D. The swap file needs to be unlocked before it can be accessed
عرض الإجابة
اجابة صحيحة: B
السؤال #25
A company wants to restrict emailing of PHI documents. The company is implementing a DLP solution In order to reslnct PHI documents which of the following should be performed FIRST?
A. Retention
B. Governance
C. Classification
D. Change management
عرض الإجابة
اجابة صحيحة: C
السؤال #26
An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft. Which of the following would be the MOST acceptable?
A. SED
B. HSM
C. DLP
D. TPM
عرض الإجابة
اجابة صحيحة: A
السؤال #27
A company labeled some documents with the public sensitivity classification This means the documents can be accessed by:
A. employees of other companies and the press
B. all members of the department that created the documents
C. only the company's employees and those listed in the document
D. only the individuate listed in the documents
عرض الإجابة
اجابة صحيحة: A
السؤال #28
As part of a security compliance assessment, an auditor performs automated vulnerability scans. In addition, which of the following should the auditor do to complete the assessment?
A. User behavior analysis
B. Packet captures
C. Configuration reviews
D. Log analysis
عرض الإجابة
اجابة صحيحة: D
السؤال #29
An engineer is setting up a VDI environment for a factory location, and the business wants to deploy a low-cost solution to enable users on the shop floor to log in to the VDI environment directly. Which of the following should the engineer select to meet these requirements?
A. Laptops
B. Containers
C. Thin clients
D. Workstations
عرض الإجابة
اجابة صحيحة: D
السؤال #30
To further secure a company’s email system, an administrator is adding public keys to DNS records in the company’s domain Which of the following is being used?
A. PFS
B. SPF
C. DMARC
D. DNSSEC
عرض الإجابة
اجابة صحيحة: B
السؤال #31
A cybersecurity administrator needs to add disk redundancy for a critical server. The solution must have a two- drive failure for better fault tolerance. Which of the following RAID levels should the administrator select?
A. 1
B. 5
C. 6
عرض الإجابة
اجابة صحيحة: B
السؤال #32
A company uses specially configured workstations tor any work that requires administrator privileges to its Tier 0 and Tier 1 systems. The company follows a strict process to harden systems immediately upon delivery. Even with these strict security measures in place, an incident occurred from one of the workstations. The root cause appears to be that the SoC was tampered with or replaced. Which of the following MOST likely occurred?
A. Fileless malware
B. A downgrade attack
C. A supply-chain attack
D. A logic bomb
E. Misconfigured BIOS
عرض الإجابة
اجابة صحيحة: D
السؤال #33
An organization implemented a process that compares the settings currently configured on systems against secure configuration guidelines in order to identify any gaps Which of the following control types has the organization implemented?
A. Compensating
B. Corrective
C. Preventive
D. Detective
عرض الإجابة
اجابة صحيحة: C
السؤال #34
An organization is concerned that its hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities?
A. hping3 -S corsptia
B. nc —1 —v comptia
C. nmap comptia
D. nslookup -port=80 comptia
عرض الإجابة
اجابة صحيحة: A
السؤال #35
Which of the following BEST describes a social-engineering attack that relies on an executive at a small business visiting a fake banking website where credit card and account details are harvested?
A. Whaling
B. Spam
C. Invoice scam
D. Pharming
عرض الإجابة
اجابة صحيحة: B
السؤال #36
A Chief Security Officer (CSO) is concerned that cloud-based services are not adequately protected from advanced threats and malware The CSO believes there is a high risk that a data breach could occur in the near future due to the lack of detective and preventive controls Which of the following should be implemented to BEST address the CSO's concerns? {Select TWO)
A. AWAF
B. ACASB
C. An NG-SWG
D. Segmentation
E. Encryption
F. Containerization
عرض الإجابة
اجابة صحيحة: BF
السؤال #37
An attacker was eavesdropping on a user who was shopping online. The attacker was able to spoof the IP address associated with the shopping site. Later, the user received an email regarding the credit card statement with unusual purchases. Which of the following attacks took place?
A. On-path attack
B. Protocol poisoning
C. Domain hijacking
D. Bluejacking
عرض الإجابة
اجابة صحيحة: A
السؤال #38
The following are the logs of a successful attack. Which of the following controls would be BEST to use to prevent such a breach in the future?
A. Password history
B. Account expiration
C. Password complexity
D. Account lockout
عرض الإجابة
اجابة صحيحة: C
السؤال #39
Which of the following is the MOST effective control against zero-day vulnerabilities?
A. Network segmentation
B. Patch management
C. Intrusion prevention system
D. Multiple vulnerability scanners
عرض الإجابة
اجابة صحيحة: A
السؤال #40
A security analyst is running a vulnerability scan to check for missing patches during a suspected security rodent During which of the following phases of the response process is this activity MOST likely occurring?
A. Containment
B. Identification
C. Recovery
D. Preparation
عرض الإجابة
اجابة صحيحة: A
السؤال #41
An engineer wants to inspect traffic to a cluster of web servers in a cloud environment. Which of the following solutions should the engineer implement?
A. Proxy server
B. WAF
C. Load balancer
D. VPN
عرض الإجابة
اجابة صحيحة: A
السؤال #42
An organization's corporate offices were destroyed due to a natural disaster, so the organization is now setting up offices in a temporary work space. Which of the following will the organization MOST likely consult?
A. The business continuity plan
B. The disaster recovery plan
C. The communications plan
D. The incident response plan
عرض الإجابة
اجابة صحيحة: D

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: