Which of the following ISO standards is certified for privacy?

A company Is concerned about is security after a red-team exercise. The report shows the team was able to reach the critical servers due to the SMB being exposed to the Internet and running NTLMV1, Which of the following BEST explains the findings?

A security analyst is performing a forensic investigation compromised account credentials. Using the Event Viewer, the analyst able to detect the following message, ‘’Special privileges assigned to new login.’’ Several of these messages did not have a valid logon associated with the user before these privileges were assigned. Which of the following attacks is MOST likely being detected?

A multinational organization that offers web-based services has datacenters that are located only in the United States; however, a large number of its customers are in Australia, Europe, and China. Payments for services are managed by a third party in the United Kingdom that specializes in payment gateways. The management team is concerned the organization is not compliant with privacy laws that cover some of its customers. Which of the following frameworks should the management team follow?

Which of the following would be BEST to establish between organizations to define the responsibilities of each party outline the key deliverables and include monetary penalties for breaches to manage third-party risk?

The website http://companywebsite.com requires users to provide personal Information, Including security question responses, for registration. Which of the following would MOST likely cause a data breach?

Which of the following would MOST likely support the integrity of a voting machine?

A security analyst is reviewing a new website that will soon be made publicly available. The analyst sees the following in the URL: http://dev-site.comptia.org/home/show.php?sessionID=77276554&loc=us The analyst then sends an internal user a link to the new website for testing purposes, and when the user clicks the link, the analyst is able to browse the website with the following URL: http://dev-site.comptia.org/home/show.php?sessionID=98988475&loc=us Which of the following application attacks is being tes

A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because the score allows the organization to better.

An organization has decided to host its web application and database in the cloud Which of the following BEST describes the security concerns for this decision?

A500 is implementing an insider threat detection program, The primary concern is that users may be accessing confidential data without authorization. Which of the fallowing should be deployed to detect a potential insider threat?

Which of the following often operates in a client-server architecture to act as a service repository. providing enterprise consumers access to structured threat intelligence data?

Which of the following would be BEST to establish between organizations that have agreed cooperate and are engaged in early discussion to define the responsibilities of each party, but do not want to establish a contractually binding agreement?

A company is launching a new internet platform for its clients. The company does not want to implement its own authorization solution but instead wants to rely on the authorization provided by another platform. Which of the following is the BEST approach to implement the desired solution?

A security administrator currently spends a large amount of time on common security tasks, such aa report generation, phishing investigations, and user provisioning and deprovisioning This prevents the administrator from spending time on other security projects. The business does not have the budget to add more staff members. Which of the following should the administrator implement?

In which of the following risk management strategies would cybersecurity insurance be used?

A security analyst is configuring a large number of new company-issued laptops. The analyst received the following requirements: ? The devices will be used internationally by staff who travel extensively. ? Occasional personal use is acceptable due to the travel requirements. ? Users must be able to install and configure sanctioned programs and productivity suites. ? The devices must be encrypted ? The devices must be capable of operating in low-bandwidth environments. Which of the following would provide t

A security analyst reviews the datacenter access logs for a fingerprint scanner and notices an abundance of errors that correlate with users' reports of issues accessing the facility. Which of the following MOST likely the cause of the cause of the access issues?

Which of the following would a European company interested in implementing a technical, hands-on set of security standards MOST likely choose?

An attacker is attempting to exploit users by creating a fake website with the URL users. Which of the following social-engineering attacks does this describe?

A pharmaceutical sales representative logs on to a laptop and connects to the public WiFi to check emails and update reports. Which of the following would be BEST to prevent other devices on the network from directly accessing the laptop? (Choose two.)

A privileged user at a company stole several proprietary documents from a server. The user also went into the log files and deleted all records of the incident. The systems administrator has Just informed investigators that other log files are available for review. Which of the following did the administrator MOST likely configure that will assist the investigators?

A smart retail business has a local store and a newly established and growing online storefront. A recent storm caused a power outage to the business and the local ISP, resulting in several hours of lost sales and delayed order processing. The business owner now needs to ensure two things: * Protection from power outages * Always-available connectivity In case of an outage The owner has decided to implement battery backups for the computer equipment Which of the following would BEST fulfill the owner's seco

A security operations analyst is using the company's SIEM solution to correlate alerts. Which of the following stages of the incident response process is this an example of?

An organization hired a consultant to assist with an active attack, and the consultant was able to identify the compromised accounts and computers. Which of the following is the consultant MOST likely to recommend to prepare for eradication?

Which of the following should be put in place when negotiating with a new vendor about the timeliness of the response to a significant outage or incident?

While reviewing the wireless router, the systems administrator of a small business determines someone is spoofing the MAC address of an authorized device. Given the table below: Which of the following should be the administrator's NEXT step to detect if there is a rogue system without impacting availability?