لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
Which Of the following control types is patch management classified under?
A. Deterrent
B. Physical
C. Corrective
D. Detective
عرض الإجابة
اجابة صحيحة: C
السؤال #2
A security analyst needs to implement security features across smartphones. laptops, and tablets. Which of the following would be the most effective across heterogeneous platforms?
A. Enforcing encryption
B. Deploying GPOs
C. Removing administrative permissions
D. Applying MDM software
عرض الإجابة
اجابة صحيحة: A
السؤال #3
Which of the following disaster recovery tests is the LEAST time consuming for the disaster recovery team?
A. Tabletop
B. Parallel
C. Full interruption
D. Simulation
عرض الإجابة
اجابة صحيحة: AF
السؤال #4
A security administrator is managing administrative access to sensitive systems with the following requirements: ? Common login accounts must not be used for administrative duties. ? Administrative accounts must be temporal in nature. ? Each administrative account must be assigned to one specific user. ? Accounts must have complex passwords. " Audit trails and logging must be enabled on all systems. Which of the following solutions should the administrator deploy to meet these requirements? (Give explanatio
A. ABAC
B. SAML
C. PAM
D. CASB
عرض الإجابة
اجابة صحيحة: A
السؤال #5
Employees in the research and development business unit receive extensive training 10 ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day-to-day work activities?
A. Encrypted
B. Intellectual property
C. Critical
D. Data in transit
عرض الإجابة
اجابة صحيحة: D
السؤال #6
An annual information security assessment has revealed that several OS-level configurations are not in compliance due to outdated hardening standards the company is using. Which of the following would be best to use to update and reconfigure the OS-level security configurations?
A. CIS benchmarks
B. GDPR guidance
C. Regional regulations
D. ISO 27001 standards
عرض الإجابة
اجابة صحيحة: C
السؤال #7
A systems engineer is building a new system for production. Which of the following is the FINAL step to be performed prior to promoting to production?
A. Disable unneeded services
B. Install the latest security patches
C. Run a vulnerability scan
D. Encrypt all disks
عرض الإجابة
اجابة صحيحة: A
السؤال #8
Which of the following security design features can an development team to analyze the deletion eoting Of data sets the copy?
A. Stored procedures
B. Code reuse
C. Version control
D. Continunus
عرض الإجابة
اجابة صحيحة: C
السؤال #9
A network analyst is investigating compromised corporate information. The analyst leads to a theory that network traffic was intercepted before being transmitted to the internet. The following output was captured on an internal host: Based on the IoCS, which of the following was the MOST likely attack used to compromise the network communication?
A. Denial of service
B. ARP poisoning
C. Command injection
D. MAC flooding
عرض الإجابة
اجابة صحيحة: AF
السؤال #10
A company would like to provide flexibility for employees on device preference. However, the company is concerned about supporting too many different types of hardware. Which of the following deployment models will provide the needed flexibility with the GREATEST amount of control and security over company data and infrastructure?
A. BYOD
B. VDI
C. COPE
D. CYOD
عرض الإجابة
اجابة صحيحة: B
السؤال #11
A corporate security team needs to secure the wireless perimeter of its physical facilities to ensure only authorized users can access corporate resources. Which of the following should the security team do? (Refer the answer from CompTIA SY0-601 Security+ documents or guide at comptia.org)
A. Identify rogue access points
B. Check for channel overlaps
C. Create heat maps
D. Implement domain hijacking
عرض الإجابة
اجابة صحيحة: C
السؤال #12
A dynamic application vulnerability scan identified code injection could be performed using a web form. Which of the following will be BEST remediation to prevent this vulnerability?
A. Implement input validations
B. Deploy MFA
C. Utilize a WAF
D. Configure HIPS
عرض الإجابة
اجابة صحيحة: D
السؤال #13
A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirement?
A. Asymmetric
B. Symmetric
C. Homomorphic
D. Ephemeral
عرض الإجابة
اجابة صحيحة: A
السؤال #14
An organization's Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained Which of the following roles would MOST likely include these responsibilities?
A. Data protection officer
B. Data owner
C. Backup administrator
D. Data custodian
E. Internal auditor
عرض الإجابة
اجابة صحيحة: C
السؤال #15
A company uses a drone for precise perimeter and boundary monitoring. Which of the following should be MOST concerning to the company?
A. Privacy
B. Cloud storage of telemetry data
C. GPS spoofing
D. Weather events
عرض الإجابة
اجابة صحيحة: D
السؤال #16
Which of the following can be used by an authentication application to validate a user's credentials without the need to store the actual sensitive data?
A. Salt string
B. Private Key
C. Password hash
D. Cipher stream
عرض الإجابة
اجابة صحيحة: B
السؤال #17
A web architect would like to move a company's website presence to the cloud. One of the management team's key concerns is resiliency in case a cloud provider's data center or network connection goes down. Which of the following should the web architect consider to address this concern?
A. Containers
B. Virtual private cloud
C. Segmentation
D. Availability zones
عرض الإجابة
اجابة صحيحة: C
السؤال #18
After segmenting the network, the network manager wants to control the traffic between the segments. Which of the following should the manager use to control the network traffic?
A. A DMZ
B. A VPN a
C. A VLAN
D. An ACL
عرض الإجابة
اجابة صحيحة: C
السؤال #19
Which of the following would most likely include language prohibiting end users from accessing personal email from a company device?
A. SLA
B. BPA
C. NDA
D. AUP
عرض الإجابة
اجابة صحيحة: A
السؤال #20
A company has discovered unauthorized devices are using its WiFi network, and it wants to harden the access point to improve security. Which f the following configuration should an analysis enable To improve security? (Select TWO.)
A. RADIUS
B. PEAP
C. WPS
D. WEP-EKIP
E. SSL
F. WPA2-PSK
عرض الإجابة
اجابة صحيحة: D
السؤال #21
An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft. Which of the following would be the most acceptable?
A. SED
B. HSM
C. DLP
D. TPM
عرض الإجابة
اجابة صحيحة: A
السؤال #22
As part of annual audit requirements, the security team performed a review of exceptions to the company policy that allows specific users the ability to use USB storage devices on their laptops The review yielded the following results. ? The exception process and policy have been correctly followed by the majority of users ? A small number of users did not create tickets for the requests but were granted access ? All access had been approved by supervisors. ? Valid requests for the access sporadically occur
A. Create an automated, monthly attestation process that removes access if an employee's supervisor denies the approval
B. Remove access for all employees and only allow new access to be granted if the employee's supervisor approves the request
C. Perform a quarterly audit of all user accounts that have been granted access and verify the exceptions with the management team
D. Implement a ticketing system that tracks each request and generates reports listing which employees actively use USB storage devices
عرض الإجابة
اجابة صحيحة: A
السؤال #23
A customer called a company's security team to report that all invoices the customer has received over the last five days from the company appear to have fraudulent banking details. An investigation into the matter reveals the following ? The manager of the accounts payable department is using the same password across multiple external websites and the corporate account ? One of the websites the manager used recently experienced a data breach. ? The manager's corporate email account was successfully accesse
A. Remote access Trojan
B. Brute-force
C. Dictionary
D. Credential stuffing
E. Password spraying
عرض الإجابة
اجابة صحيحة: BC
السؤال #24
While troubleshooting a service disruption on a mission-critical server, a technician discovered the user account that was configured to run automated processes was disabled because the user's password failed to meet password complexity requirements. Which of the following would be the BEST solution to securely prevent future issues?
A. Using an administrator account to run the processes and disabling the account when it is not in use
B. Implementing a shared account the team can use to run automated processes
C. Configuring a service account to run the processes
D. Removing the password complexity requirements for the user account
عرض الإجابة
اجابة صحيحة: C
السؤال #25
A security engineer is hardening existing solutions to reduce application vulnerabilities. Which of the following solutions should the engineer implement FIRST? (Select TWO)
A. Auto-update
B. HTTP headers
C. Secure cookies
D. Third-party updates
E. Full disk encryption
F. Sandboxing G
عرض الإجابة
اجابة صحيحة: B
السؤال #26
A Chief Information Officer receives an email stating a database will be encrypted within 24 hours unless a payment of $20,000 is credited to the account mentioned In the email. This BEST describes a scenario related to:
A. whaling
B. smishing
C. spear phishing
D. vishing
عرض الإجابة
اجابة صحيحة: A
السؤال #27
A security analyst receives an alert from the company's S1EM that anomalous activity is coming from a local source IP address of 192 168 34.26 The Chief Information Security Officer asks the analyst to block the originating source Several days later another employee opens an internal ticket stating that vulnerability scans are no longer being performed property. The IP address the employee provides is 192 168.34 26. Which of the following describes this type of alert?
A. True positive
B. True negative
C. False positive
D. False negative
عرض الإجابة
اجابة صحيحة: B
السؤال #28
The new Chief Information Security Officer at a company has asked the security learn to implement stronger user account policies. The new policies require: ? Users to choose a password unique to their last ten passwords ? Users to not log in from certain high-risk countries Which of the following should the security team implement? (Select two).
A. Password complexity
B. Password history
C. Geolocation
D. Geospatial
E. Geotagging
F. Password reuse
عرض الإجابة
اجابة صحيحة: A
السؤال #29
A company's help desk received several AV alerts indicating Mimikatz attempted to run on the remote systems Several users also reported that the new company flash drives they picked up in the break room only have 512KB of storage Which of the following is most likely the cause?
A. The GPO prevents the use of flash drives, which triggers a false positive AV indication and restricts the drives to only 512KB of storage
B. The new flash drives need a driver that is being blocked by the AV software because the flash drives are not on the application's allow list, temporarily restricting the drives to 512KB of storage
C. The new flash drives are incorrectly partitioned, and the systems are automatically trying to use an unapproved application to repartition the drives
D. The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials from memory
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: