DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Latest CompTIA Security+ SY0-601 Exam Questions for Effective Preparation

The CompTIA Security+ certification is globally recognized and validates essential skills for core security functions. Prepare effectively with our expertly curated study materials, covering topics such as network security, cryptography, risk management, and more. Are you ready to take on the CompTIA Security+ SY0-601 exam and advance your IT security career? Our comprehensive exam questions and answers, meticulously crafted test questions, and invaluable exam resources are here to guide you to success. Boost your confidence with our mock exams, designed to replicate the real exam environment. Identify areas of improvement, sharpen your skills, and ensure you're fully prepared to pass successfully. With our professional guidance and top-notch study materials, you'll be well-equipped to tackle the CompTIA Security+ SY0-601 exam and take your IT security career to new heights. Start preparing today for a successful exam experience!
Take other online exams
Question #1
The help desk has received calls from users in multiple locations who are unable to access core network services. The network team has identified and turned off the network switches using remote commands. Which of the following actions should the network team take NEXT?
A. isconnect all external network connections from the firewall
B. end response teams to the network switch locations to perform updates
C. urn on all the network switches by using the centralized management software
D. nitiate the organization's incident response plan
View answer
Correct Answer: D
Question #2
A Chief Security Officer (CSO) is concerned that cloud-based services are not adequately protected from advanced threats and malware. The CSO believes there is a high risk that a data breach could occur in the near future due to the lack of detective and preventive controls. Which of the following should be implemented to BEST address the CSO's concerns? (Choose two.)
A. DM and application management
B. YOD and containers
C. OPE and VDI
D. YOD and VMs
View answer
Correct Answer: BC
Question #3
A user reports constant lag and performance issues with the wireless network when working at a local coffee shop. A security analyst walks the user through an installation of Wireshark and gets a five-minute pcap to analyze. The analyst observes the following output:Which of the following attacks does the analyst MOST likely see in this packet capture?
A. RP poisoning
B. an in the middle
C. enial of service
D. NS poisoning
View answer
Correct Answer: B
Question #4
Which of the following incident response phases should the proper collection of the detected IoCs and establishment of a chain of custody be performed before?
A. ontainment
B. dentification
C. reparation
D. ecovery
View answer
Correct Answer: A
Question #5
An employee’s company account was used in a data breach. Interviews with the employee revealed:•The employee was able to avoid changing passwords by using a previous password again.•The account was accessed from a hostile, foreign nation, but the employee has never traveled to any other countries.Which of the following can be implemented to prevent these issues from reoccurring? (Choose two.)
A. egmentation
B. irewall allow list
C. ontainment
D. solation
View answer
Correct Answer: CF
Question #6
Two organizations are discussing a possible merger. Both organizations' Chief Financial Officers would like to safely share payroll data with each other to determine if the pay scales for different roles are similar at both organizations. Which of the following techniques would be best to protect employee data while allowing the companies to successfully share this information?
A. seudo-anonymization
B. okenization
C. ata masking
D. ncryption
View answer
Correct Answer: B
Question #7
Which of the following types of controls is a turnstile?
A. hysical
B. etective
C. orrective
D. echnical
View answer
Correct Answer: A
Question #8
The Chief Information Security Officer (CISO) requested a report on potential areas of improvement following a security incident. Which of the following incident response processes is the CISO requesting?
A. essons learned
B. reparation
C. etection
D. ontainment
E. oot cause analysis
View answer
Correct Answer: A
Question #9
A business operations manager is concerned that a PC that is critical to business operations will have a costly hardware failure soon. The manager is looking for options to continue business operations without incurring large costs. Which of the following would mitigate the manager's concerns?
A. revent connections over TFTP from the internal network
B. reate a firewall rule that blocks a 22 from the internet to the server
C. isable file sharing over port 445 to the server
D. lock port 3389 inbound from untrusted networks
View answer
Correct Answer: B
Question #10
An organization has been experiencing outages during holiday sales and needs to ensure availability of its point-of-sale systems. The IT administrator has been asked to improve both server-data fault tolerance and site availability under high consumer load. Which of the following are the best options to accomplish this objective? (Choose two.)
A. eb application scan
B. hreat intelligence
C. og aggregation
D. acket capture
View answer
Correct Answer: AD
Question #11
Which of the following is a security implication of newer ICS devices that are becoming more common in corporations?
A. evices with cellular communication capabilities bypass traditional network security controls
B. any devices do not support elliptic-curve encryption algorithms due to the overhead they require
C. hese devices often lack privacy controls and do not meet newer compliance regulations
D. nauthorized voice and audio recording can cause loss of intellectual property
View answer
Correct Answer: A
Question #12
After a recent external audit, the compliance team provided a list of several non-compliant, in-scope hosts that were not encrypting cardholder data at rest. Which of the following compliance frameworks would address the compliance team's GREATEST concern?
A. CI DSS
B. DPR
C. SO 27001
D. IST CSF
View answer
Correct Answer: A
Question #13
A user received an SMS on a mobile phone that asked for bank details. Which of the following social-engineering techniques was used in this case?
A. PIM
B. ishing
C. pear phishing
D. mishing
View answer
Correct Answer: D
Question #14
A Chief Executive Officer’s (CEO) personal information was stolen in a social-engineering attack. Which of the following sources would reveal if the CEO’s personal information is for sale?
A. utomated information sharing
B. pen-source intelligence
C. he dark web
D. ulnerability databases
View answer
Correct Answer: C
Question #15
A security analyst is reviewing web-application logs and finds the following log:Which of the following attacks is being observed?
A. irectory traversal
B. SS
C. SRF
D. n-path attack
View answer
Correct Answer: A
Question #16
Which of the following is assured when a user signs an email using a private key?
A. on-repudiation
B. onfidentiality
C. vailability
D. uthentication
View answer
Correct Answer: A
Question #17
A large industrial system’s smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the company’s security manager notices the generator’s IP is sending packets to an internal file server’s IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?
A. ile integrity monitoring
B. oneynets
C. cpreplay
D. ata loss prevention
View answer
Correct Answer: A
Question #18
A company is working on mobile device security after a report revealed that users granted non-verified software access to corporate data. Which of the following is the MOST effective security control to mitigate this risk?
A. lock access to application stores
B. mplement OTA updates
C. pdate the BYOD policy
D. eploy a uniform firmware
View answer
Correct Answer: C
Question #19
A company suspects that some corporate accounts were compromised. The number of suspicious logins from locations not recognized by the users is increasing.Employees who travel need their accounts protected without the risk of blocking legitimate login requests that may be made over new sign-in properties. Which of the following security controls can be implemented?
A. nforce MFA when an account request reaches a risk threshold
B. mplement geofencing to only allow access from headquarters
C. nforce time-based login requests that align with business hours
D. hift the access control scheme to a discretionary access control
View answer
Correct Answer: A
Question #20
Which of the following best describes the situation where a successfully onboarded employee who is using a fingerprint reader is denied access at the company's main gate?
A. rossover error rate
B. alse match rate
C. alse rejection
D. alse positive
View answer
Correct Answer: C
Question #21
A security administrator needs to add fault tolerance and load balancing to the connection from the file server to the backup storage. Which of the following is the best choice to achieve this objective?
A. ultipath
B. AID
C. egmentation
D. 02
View answer
Correct Answer: A
Question #22
Which of the following scenarios BEST describes a risk reduction technique?
A. security control objective cannot be met through a technical change, so the company purchases insurance and is no longer concerned about losses from data breaches
B. security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation
C. security control objective cannot be met through a technical change, so the company performs regular audits to determine if violations have occurred
D. security control objective cannot be met through a technical change, so the Chief Information Officer decides to sign off on the risk
View answer
Correct Answer: B
Question #23
During a Chief Information Security Officer (CISO) convention to discuss security awareness, the attendees are provided with a network connection to use as a resource. As the convention progresses, one of the attendees starts to notice delays in the connection, and the HTTPS site requests are reverting to HTTP. Which of the following BEST describes what is happening?
A. irthday collision on the certificate key
B. NS hijacking to reroute traffic
C. rute force to the access point
D. SSL/TLS downgrade
View answer
Correct Answer: D
Question #24
A cloud service provider has created an environment where customers can connect existing local networks to the cloud for additional computing resources and block internal HR applications from reaching the cloud. Which of the following cloud models is being used?
A. ublic
B. ommunity
C. ybrid
D. rivate
View answer
Correct Answer: C
Question #25
Which of the following in the incident response process is the BEST approach to improve the speed of the identification phase?
A. ctivate verbose logging in all critical assets
B. une monitoring in order to reduce false positive rates
C. edirect all events to multiple syslog servers
D. ncrease the number of sensors present on the environment
View answer
Correct Answer: B
Question #26
Which of the following control types is focused primarily on reducing risk before an incident occurs?
A. reventive
B. eterrent
C. orrective
D. etective
View answer
Correct Answer: A
Question #27
Which of the following actions would be recommended to improve an incident response process?
A. Train the team to identify the difference between events and incidents
B. Modify access so the IT team has full access to the compromised assets
C. Contact the authorities if a cybercrime is suspected
D. Restrict communication surrounding the response to the IT team
View answer
Correct Answer: A
Question #28
A security analyst is reviewing the following command-line output:Which of the following is the analyst observing?
A. CMP spoofing
B. RL redirection
C. AC address cloning
D. NS poisoning
View answer
Correct Answer: C
Question #29
Which of the following describes a social engineering technique that seeks to exploit a person's sense of urgency?
A. phishing email stating a cash settlement has been awarded but will expire soon
B. smishing message stating a package is scheduled for pickup
C. vishing call that requests a donation be made to a local charity
D. SPIM notification claiming to be undercover law enforcement investigating a cybercrime
View answer
Correct Answer: A
Question #30
Which of the following would MOST likely be identified by a credentialed scan but would be missed by an uncredentialed scan?
A. ulnerabilities with a CVSS score greater than 6
B. ritical infrastructure vulnerabilities on non-IP protocols
C. VEs related to non-Microsoft systems such as printers and switches
D. issing patches for third-party software on Windows workstations and servers
View answer
Correct Answer: D
Question #31
Which of the following is the MOST effective control against zero-day vulnerabilities?
A. etwork segmentation
B. atch management
C. ntrusion prevention system
D. ultiple vulnerability scanners
View answer
Correct Answer: B
Question #32
A junior security analyst is conducting an analysis after passwords were changed on multiple accounts without users' interaction. The SIEM have multiple login entries with the following text: suspicious event - user: scheduledtasks successfully authenticate on AD on abnormal time suspicious event - user: scheduledtasks failed to execute c:\weekly_checkups\amazing-3rdparty-domain-assessment.py suspicious event - user: scheduledtasks failed to execute c:\weekly_checkups\secureyourAD-3rdparty-compliance.sh sus
A. ishing
B. haling
C. hishing
D. mishing
View answer
Correct Answer: A
Question #33
Which of the following rales is responsible for defining the protection type and classification type for a given set of files?
A. eneral counsel
B. ata owner
C. isk manager
D. hief Information Officer
View answer
Correct Answer: B
Question #34
Which of the following is a benefit of including a risk management framework into an organization's security approach?
A. t defines expected service levels from participating supply chain partners to ensure system outages are remediated in a timely manner
B. t identifies specific vendor products that have been tested and approved for use in a secure environment
C. t provides legal assurances and remedies in the event a data breach occurs
D. t incorporates control, development, policy, and management activities into IT operations
View answer
Correct Answer: D
Question #35
Which of the following explains why RTO is included in a BIA?
A. t identifies the amount of allowable downtime for an application or system
B. t prioritizes risks so the organization can allocate resources appropriately
C. t monetizes the loss of an asset and determines a break-even point for risk mitigation
D. t informs the backup approach so that the organization can recover data to a known time
View answer
Correct Answer: A
Question #36
Stakeholders at an organization must be kept aware of any incidents and receive updates on status changes as they occur. Which of the following plans would fulfill this requirement?
A. ommunication plan
B. isaster recovery plan
C. usiness continuity plan
D. isk plan
View answer
Correct Answer: A
Question #37
A security analyst is working on a project to implement a solution that monitors network communications and provides alerts when abnormal behavior is detected.Which of the following is the security analyst MOST likely implementing?
A. ulnerability scans
B. ser behavior analysis
C. ecurity orchestration, automation, and response
D. hreat hunting
View answer
Correct Answer: B
Question #38
A digital forensics team at a large company is investigat ng a case in which malicious code was down oaded over an HTTPS connection and was running in memory, but was never committed to disk. Which of the following techniques should the team use to obtain a sample of the malware binary?
A. cap reassembly
B. SD snapshot
C. mage volatile memory
D. xtract from checksums
View answer
Correct Answer: C
Question #39
A company is providing security awareness training regarding the importance of not forwarding social media messages from unverified sources. Which of the following risks would this training help to prevent?
A. oaxes
B. PIMs
C. dentity fraud
D. redential harvesting
View answer
Correct Answer: A
Question #40
Which of the following identifies the point in time when an organization will recover data in the event of an outage?
A. LE
B. PO
C. TBF
D. RO
View answer
Correct Answer: B
Question #41
Which of the following are common VoIP-associated vulnerabilities? (Choose two.)
A. ersistence
B. uffer overflow
C. rivilege escalation
D. harming
View answer
Correct Answer: AB
Question #42
A report delivered to the Chief Information Security Officer (CISO) shows that some user credentials could be exfiltrated. The report also indicates that users tend to choose the same credentials on different systems and applications. Which of the following policies should the CISO use to prevent someone from using the exfiltrated credentials?
A. FA
B. ockout
C. ime-based logins
D. assword history
View answer
Correct Answer: A
Question #43
A global pandemic is forcing a private organization to close some business units and reduce staffing at others. Which of the following would be BEST to help the organization's executives determine their next course of action?
A. n incident response plan
B. communication plan
C. disaster recovery plan
D. business continuity plan
View answer
Correct Answer: D
Question #44
Which of the following would be used to find the MOST common web-application vulnerabilities?
A. WASP
B. ITRE ATT&CK
C. yber Kill Chain
D. DLC
View answer
Correct Answer: A
Question #45
Which of the following can be used by a monitoring tool to compare values and detect password leaks without providing the actual credentials?
A. ashing
B. okenization
C. asking
D. ncryption
View answer
Correct Answer: A
Question #46
A candidate attempts to go to http://comptia.org but accidentally visits http://comptiia.org. The malicious website looks exactly like the legitimate website. Which of the following BEST describes this type of attack?
A. econnaissance
B. mpersonation
C. yposquatting
D. atering-hole
View answer
Correct Answer: C
Question #47
An organization wants to enable built-in FDE on all laptops. Which of the following should the organization ensure is installed on all laptops?
A. PM
B. A
C. AML
D. RL
View answer
Correct Answer: A
Question #48
A cybersecurity analyst at Company A is working to establish a secure communication channel with a counterpart at Company B, which is 3,000 miles (4,828 kilometers) away. Which of the following concepts would help the analyst meet this goal in a secure manner?
A. igital signatures
B. ey exchange
C. alting
D. PTP
View answer
Correct Answer: B
Question #49
A company recently experienced an inside attack using a corporate machine that resulted in data compromise. Analysis indicated an unauthorized change to the software circumvented technological protection measures. The analyst was tasked with determining the best method to ensure the integrity of the systems remains intact and local and remote boot attestation can take place. Which of the following would provide the BEST solution?
A. IPS
B. IM
C. PM
D. LP
View answer
Correct Answer: C
Question #50
A company recently implemented a patch management policy; however, vulnerability scanners have still been flagging several hosts, even after the completion of the patch process. Which of the following is the MOST likely cause of the issue?
A. he vendor firmware lacks support
B. ero-day vulnerabilities are being discovered
C. hird-party applications are not being patched
D. ode development is being outsourced
View answer
Correct Answer: C
Question #51
When implementing automation with IoT devices, which of the following should be considered FIRST to keep the network secure?
A. -Wave compatibility
B. etwork range
C. igbee configuration
D. ommunication protocols
View answer
Correct Answer: D
Question #52
An organization wants to quickly assess how effectively the IT team hardened new laptops. Which of the following would be the best solution to perform this assessment?
A. nstall a SIEM tool and properly configure it to read the OS configuration files
B. oad current baselines into the existing vulnerability scanner
C. aintain a risk register with each security control marked as compliant or non-compliant
D. anually review the secure configuration guide checklists
View answer
Correct Answer: B
Question #53
An organization is planning to roll out a new mobile device policy and issue each employee a new laptop. These laptops would access the users' corporate operating system remotely and allow them to use the laptops for purposes outside of their job roles. Which of the following deployment models is being utilized?
A. MDM and application management
B. BYOD and containers
C. COPE and VDI
D. CYOD and VMs
View answer
Correct Answer: B
Question #54
An audit identified PII being utilized in the development environment of a critical application. The Chief Privacy Officer (CPO) is adamant that this data must be removed; however, the developers are concerned that without real data they cannot perform functionality tests and search for specific data. Which of the following should a security professional implement to BEST satisfy both the CPO's and the development team's requirements?
A. ata anonymization
B. ata encryption
C. ata masking
D. ata tokenization
View answer
Correct Answer: A
Question #55
A security analyst wants to fingerprint a web server. Which of the following tools will the security analyst MOST likely use to accomplish this task?
A. map -pl-65535 192
B. ig 192
C. url --head http://192
D. ing 192
View answer
Correct Answer: C
Question #56
The Chief Information Security Officer (CISO) of a bank recently updated the incident response policy. The CISO is concerned that members of the incident response team do not understand their roles. The bank wants to test the policy but with the least amount of resources or impact. Which of the following BEST meets the requirements?
A. arm site failover
B. abletop walk-through
C. arallel path testing
D. ull outage simulation
View answer
Correct Answer: B
Question #57
A network manager is concerned that business may be negatively impacted if the firewall in its data center goes offline. The manager would like to implement a high availability pair to:
A. ecrease the mean time between failures
B. emove the single point of failure
C. ut down the mean time to repair
D. educe the recovery time objective
View answer
Correct Answer: B
Question #58
An attacker browses a company's online job board attempting to find any relevant information regarding the technologies the company uses. Which of the following BEST describes this social engineering technique?
A. oax
B. econnaissance
C. mpersonation
D. retexting
View answer
Correct Answer: B
Question #59
A security administrator is integrating several segments onto a single network. One of the segments, which includes legacy devices, presents a significant amount of risk to the network. Which of the follow ng would allow users to access to the legacy devices without compromising the security of the entire network?
A. IDS
B. AC filtering
C. ump server
D. PSec
E. AT gateway
View answer
Correct Answer: C
Question #60
A security analyst is evaluating solutions to deploy an additional layer of protection for a web application. The goal is to allow only encrypted communications without relying on network devices. Which of the following can be implemented?
A. TTP security header
B. NSSEC implementation
C. RTP
D. /MIME
View answer
Correct Answer: A
Question #61
Against the recommendation of the IT security analyst, a company set all user passwords on a server as `P@55w0rD`. Upon review of the /etc/passwd file, an attacker found the following: alice:a8df3b6c4fd75f0617431fd248f35191df8d237f bob:2d250c5b2976b03d757f324ebd59340df96aa05e chris:ea981ec3285421d014108089f3f3f997ce0f4150Which of the following BEST explains why the encrypted passwords do not match?
A. erfect forward secrecy
B. ey stretching
C. alting
D. ashing
View answer
Correct Answer: C
Question #62
An organization discovered files with proprietary financial data have been deleted. The files have been recovered from backup, but every time the Chief FinancialOfficer logs in to the file server, the same files are deleted again. No other users are experiencing this issue. Which of the following types of malware is MOST likely causing this behavior?
A. ogic bomb
B. ryptomalware
C. pyware
D. emote access Trojan
View answer
Correct Answer: A
Question #63
An attacker was eavesdropping on a user who was shopping online. The attacker was able to spoof the IP address associated with the shopping site. Later, the user received an email regarding the credit card statement with unusual purchases. Which of the following attacks took place?
A. n-path attack
B. rotocol poisoning
C. omain hijacking
D. luejacking
View answer
Correct Answer: A
Question #64
A security engineer was assigned to implement a solution to prevent attackers from gaining access by pretending to be authorized users. Which of the following technologies meets the requirement?
A. SO
B. DS
C. FA
D. PM
View answer
Correct Answer: C
Question #65
A forensic analyst needs to prove that data has not been tampered with since it was collected. Which of the following methods will the analyst MOST likely use?
A. ook for tampering on the evidence collection bag
B. ncrypt the collected data using asymmetric encryption
C. nsure proper procedures for chain of custody are being followed
D. alculate the checksum using a hashing algorithm
View answer
Correct Answer: D
Question #66
A security analyst has been tasked with ensuring all programs that are deployed into the enterprise have been assessed in a runtime environment. Any critical issues found in the program must be sent back to the developer for verification and remediation. Which of the following BEST describes the type of assessment taking place?
A. nput validation
B. ynamic code analysis
C. uzzing
D. anual code review
View answer
Correct Answer: B
Question #67
A network engineer created two subnets that will be used for production and development servers. Per security policy production and development servers must each have a dedicated network that cannot communicate with one another directly. Which of the following should be deployed so that server administrators can access these devices?
A. LANs
B. nternet proxy servers
C. IDS
D. ump servers
View answer
Correct Answer: D
Question #68
Which of the following supplies non-repudiation during a forensics investigation?
A. umping volatile memory contents first
B. uplicating a drive with dd
C. sing a SHA-2 signature of a drive image
D. ogging everyone in contact with evidence
E. ncrypting sensitive data
View answer
Correct Answer: C
Question #69
A SOC operator is analyzing a log file that contains the following entries:Which of the following explains these log entries?
A. QL injection and improper input-handling attempts
B. ross-site scripting and resource exhaustion attempts
C. ommand injection and directory traversal attempts
D. rror handling and privilege escalation attempts
View answer
Correct Answer: C
Question #70
A company labeled some documents with the public sensitivity classification. This means the documents can be accessed by:
A. mployees of other companies and the press
B. ll members of the department that created the documents
C. nly the company's employees and those listed in the document
D. nly the individuals listed in the documents
View answer
Correct Answer: A
Question #71
A help desk technician receives a phone call from someone claiming to be a part of the organization's cybersecurity incident response team. The caller asks the technician to verify the network's internal firewall IP Address. Which of the following is the technician's BEST course of action?
A. irect the caller to stop by the help desk in person and hang up declining any further requests from the caller
B. sk for the caller's name, verify the person's identity in the email directory, and provide the requested information over the phone
C. rite down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization's cybersecurity officer
D. equest the caller send an email for identity verification and provide the requested information via email to the caller
View answer
Correct Answer: D
Question #72
A security analyst is designing the appropriate controls to limit unauthorized access to a physical site. The analyst has a directive to utilize the lowest possible budget. Which of the following would BEST meet the requirements?
A. reventive controls
B. ompensating controls
C. eterrent controls
D. etective controls
View answer
Correct Answer: C
Question #73
Cloud security engineers are planning to allow and deny access to specific features in order to increase data security. Which of the following cloud features is the most appropriate to ensure access is granted properly?
A. PI integrations
B. uditing
C. esource policies
D. irtual networks
View answer
Correct Answer: C
Question #74
Which of the following would BEST provide a systems administrator with the ability to more efficiently identify systems and manage permissions and policies based on location, role, and service level?
A. tandard naming conventions
B. omain services
C. aseline configurations
D. iagrams
View answer
Correct Answer: B
Question #75
Which of the following documents provides guidance regarding the recommended deployment of network security systems from the manufacturer?
A. loud control matrix
B. eference architecture
C. IST RMF
D. IS Top 20
View answer
Correct Answer: B
Question #76
Which of the following social engineering attacks BEST describes an email that is primarily intended to mislead recipients into forwarding the email to others?
A. oaxing
B. harming
C. atering-hole
D. hishing
View answer
Correct Answer: A
Question #77
A security administrator is working on a solution to protect passwords stored in a database against rainbow table attacks. Which of the following should the administrator consider?
A. ashing
B. alting
C. ightweight cryptography
D. teganography
View answer
Correct Answer: B
Question #78
After gaining access to a dual-homed (i.e., wired and wireless) multifunction device by exploiting a vulnerability in the device's firmware, a penetration tester then gains shell access on another networked asset. This technique is an example of:
A. rivilege escalation
B. ootprinting
C. ersistence
D. ivoting
View answer
Correct Answer: D
Question #79
The new Chief Information Security Officer at a company has asked the security team to implement stronger user account policies. The new policies require:-Users to choose a password unique to their last ten passwords-Users to not log in from certain high-risk countriesWhich of the following should the security team implement? (Choose two.)
A. SAE SOC 2
B. CI DSS
C. DPR
D. SO 31000
View answer
Correct Answer: BC
Question #80
A security team will be outsourcing several key functions to a third party and will require that:•Several of the functions will carry an audit burden•Attestations will be performed several times a year•Reports will be generated on a monthly basisWhich of the following best describes the document that is used to define these requirements and stipulate how and when they are performed by the third party?
A. OU
B. UP
C. LA
D. SA
View answer
Correct Answer: C
Question #81
A security analyst has been reading about a newly discovered cyberattack from a known threat actor. Which of the following would BEST support the analyst's review of the tactics, techniques, and protocols the threat actor was observed using in previous campaigns?
A. ecurity research publications
B. he MITRE ATT&CK framework
C. he Diamond Model of Intrusion Analysis
D. he Cyber Kill Chain
View answer
Correct Answer: B
Question #82
A security administrator is trying to determine whether a server is vulnerable to a range of attacks. After using a tool, the administrator obtains the following output:Which of the following attacks was successfully implemented based on the output?
A. emory leak
B. ace conditions
C. QL injection
D. irectory traversal
View answer
Correct Answer: D
Question #83
Business partners are working on a security mechanism to validate transactions securely. The requirement is for one company to be responsible for deploying a trusted solution that will register and issue artifacts used to sign, encrypt, and decrypt transaction files. Which of the following is the BEST solution to adopt?
A. KI
B. lockchain
C. AML
D. Auth
View answer
Correct Answer: A
Question #84
Two hospitals merged into a single organization. The privacy officer requested a review of all records to ensure encryption was used during record storage, in compliance with regulations. During the review, the officer discovered that medical diagnosis codes and patient names were left unsecured. Which of the following types of data does this combination BEST represent?
A. ersonal health information
B. ersonally identifiable information
C. okenized data
D. roprietary data
View answer
Correct Answer: A
Question #85
A security analyst is investigating an incident to determine what an attacker was able to do on a compromised laptop. The analyst reviews the following SIEM log:Which of the following describes the method that was used to compromise the laptop?
A. n attacker was able to move laterally from PC1 to PC2 using a pass-the-hash attack
B. n attacker was able to bypass application whitelisting by emailing a spreadsheet attachment with an embedded PowerShell in the file
C. n attacker was able to install malware to the C:\\asdf234 folder and use it to gain administrator rights and launch Outlook
D. n attacker was able to phish user credentials successfully from an Outlook user profile
View answer
Correct Answer: B
Question #86
After multiple on premises security solutions were migrated to the cloud, the incident response time increased. The analysts are spending a long time trying to trace information on different cloud consoles and correlating data in different formats. Which of the following can be used to optimize the incident response time?
A. ASB
B. PC
C. WG
D. MS
View answer
Correct Answer: A
Question #87
HOTSPOT (Drag and Drop is not supported)Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.INSTRUCTIONSNot all attacks and remediation actions will be used.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #88
A security engineer is concerned that the strategy for detection on endpoints is too heavily dependent on previously defined attacks. The engineer would like a tool to monitor for changes to key files and network traffic on the device. Which of the following tools BEST addresses both detection and prevention?
A. IDS
B. IPS
C. V
D. GFW
View answer
Correct Answer: B
Question #89
A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company information on user devices. Which of the following solutions would BEST support the policy?
A. obile device management
B. ull-device encryption
C. emote wipe
D. iometrics
View answer
Correct Answer: A
Question #90
A security manager has tasked the security operations center with locating all web servers that respond to an unsecure protocol. Which of the following commands could an analyst run to find the requested servers?
A. slookup 10
B. map -p 80 10
C. athping 10
D. e -l -p 80
View answer
Correct Answer: B
Question #91
Which of the following should an organization consider implementing in the event executives need to speak to the media after a publicized data breach?
A. ncident response plan
B. usiness continuity plan
C. ommunication plan
D. isaster recovery plan
View answer
Correct Answer: C
Question #92
A user reset the password for a laptop but has been unable to log in to it since then. In addition, several unauthorized emails were sent on the user’s behalf recently. The security team investigates the issue and identifies the following findings:•Firewall logs show excessive traffic from the laptop to an external site.•Unknown processes were running on the laptop.•RDP connections that appeared to be authorized were made to other network devices from the laptop.•High bandwidth utilization alerts from that
A. orm
B. eylogger
C. rojan
D. ogic bomb
View answer
Correct Answer: C
Question #93
A security analyst is concerned about critical vulnerabilities that have been detected on some applications running inside containers. Which of the following is theBEST remediation strategy?
A. pdate the base container Image and redeploy the environment
B. nclude the containers in the regular patching schedule for servers
C. atch each running container individually and test the application
D. pdate the host in which the containers are running
View answer
Correct Answer: A
Question #94
A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned that servers in the company’s DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN. Which of the following TCP ports should be blocked for all external inbound connections to the DMZ as a
A. OAR playbook
B. DM policy
C. irewall rules
D. RL filter
E. IEM data collection
View answer
Correct Answer: BF
Question #95
A recent security breach exploited software vulnerabilities in the firewall and within the network management solution. Which of the following will MOST likely be used to identify when the breach occurred through each device?
A. IEM correlation dashboards
B. irewall syslog event logs
C. etwork management solution login audit logs
D. andwidth monitors and interface sensors
View answer
Correct Answer: A
Question #96
Which of the following control types is patch management classified under?
A. eterrent
B. hysical
C. orrective
D. etective
View answer
Correct Answer: C
Question #97
The compliance team requires an annual recertification of privileged and non-privileged user access. However, multiple users who left the company six months ago still have access. Which of the following would have prevented this compliance violation?
A. ccount audits
B. UP
C. assword reuse
D. SO
View answer
Correct Answer: A
Question #98
A security administrator is seeking a solution to prevent unauthorized access to the internal network. Which of the following security solutions should the administrator choose?
A. AC filtering
B. nti-malware
C. ranslation gateway
D. PN
View answer
Correct Answer: D
Question #99
During a trial, a judge determined evidence gathered from a hard drive was not admissible. Which of the following BEST explains this reasoning?
A. he forensic investigator forgot to run a checksum on the disk image after creation
B. he chain of custody form did not note time zone offsets between transportation regions
C. he computer was turned off, and a RAM image could not be taken at the same time
D. he hard drive was not properly kept in an antistatic bag when it was moved
View answer
Correct Answer: B
Question #100
Which of the following risk management strategies would an organization use to maintain a legacy system with known risks for operational purposes?
A. cceptance
B. ransference
C. voidance
D. itigation
View answer
Correct Answer: A
Question #101
A security analyst is receiving numerous alerts reporting that the response time of an internet-facing application has been degraded. However, the internal network performance was not degraded. Which of the following MOST likely explains this behavior?
A. NS poisoning
B. AC flooding
C. DoS attack
D. RP poisoning
View answer
Correct Answer: C
Question #102
Which of the following prevents an employee from seeing a colleague who is visiting an inappropriate website?
A. ob rotation policy
B. DA
C. UP
D. eparation of duties policy
View answer
Correct Answer: C
Question #103
Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?
A. reparation
B. ecovery
C. essons learned
D. nalysis
View answer
Correct Answer: A
Question #104
Which of the following is a physical security control that ensures only the authorized user is present when gaining access to a secured area?
A. biometric scanner
B. smart card reader
C. PKI token
D. PIN pad
View answer
Correct Answer: A
Question #105
An application developer accidentally uploaded a company's code-signing certificate private key to a public web server. The company is concerned about malicious use of its certificate. Which of the following should the company do FIRST?
A. elete the private key from the repository
B. erify the public key is not exposed as well
C. pdate the DLP solution to check for private keys
D. evoke the code-signing certificate
View answer
Correct Answer: D
Question #106
A network administrator has been alerted that web pages are experiencing long load times. After determining it is not a routing or DNS issue, the administrator logs in to the router, runs a command, and receives the following output:CPU 0 percent busy, from 300 sec ago1 sec ave: 99 percent busy5 sec ave: 97 percent busy1 min ave: 83 percent busyWhich of the following is the router experiencing?
A. DoS attack
B. emory leak
C. uffer overflow
D. esource exhaustion
View answer
Correct Answer: D
Question #107
The concept of connecting a user account across the systems of multiple enterprises is BEST known as:
A. ederation
B. remote access policy
C. ultifactor authentication
D. ingle sign-on
View answer
Correct Answer: A
Question #108
An untrusted SSL certificate was discovered during the most recent vulnerability scan. A security analyst determines the certificate is signed properly and is a valid wildcard. This same certificate is installed on the other company servers without issue. Which of the following is the MOST likely reason for this finding?
A. he required intermediate certificate is not loaded as part of the certificate chain
B. he certificate is on the CRL and is no longer valid
C. he corporate CA has expired on every server, causing the certificate to fail verification
D. he scanner is incorrectly configured to not trust this certificate when detected on the server
View answer
Correct Answer: A
Question #109
Which of the following is the BEST example of a cost-effective physical control to enforce a USB removable media restriction policy?
A. utting security/antitamper tape over USB ports, logging the port numbers, and regularly inspecting the ports
B. mplementing a GPO that will restrict access to authorized USB removable media and regularly verifying that it is enforced
C. lacing systems into locked, key-controlled containers with no access to the USB ports
D. nstalling an endpoint agent to detect connectivity of USB and removable media
View answer
Correct Answer: B
Question #110
An organization would like to remediate the risk associated with its cloud service provider not meeting its advertised 99.999% availability metrics. Which of the following should the organization consult for the exact requirements for the cloud provider?
A. LA
B. PA
C. DA
D. OU
View answer
Correct Answer: A
Question #111
A major political party experienced a server breach. The hacker then publicly posted stolen internal communications concerning campaign strategies to give the opposition party an advantage. Which of the following BEST describes these threat actors?
A. emi-authorized hackers
B. tate actors
C. cript kiddies
D. dvanced persistent threats
View answer
Correct Answer: B
Question #112
A customer service representative reported an unusual text message that was sent to the help desk. The message contained an unrecognized invoice number with a large balance due and a link to click for more details. Which of the following BEST describes this technique?
A. Vishing
B. Whaling
C. Phishing
D. Smishing
View answer
Correct Answer: D
Question #113
An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled.Which of the following can be used to accomplish this task?
A. pplication allow list
B. WG
C. ost-based firewall
D. PN
View answer
Correct Answer: B
Question #114
A security analyst has been asked by the Chief Information Security Officer to:? develop a secure method of providing centralized management of infrastructure? reduce the need to constantly replace aging end user machines? provide a consistent user desktop experienceWhich of the following BEST meets these requirements?
A. BYOD
B. Mobile device management
C. VDI
D. Containerization
View answer
Correct Answer: C
Question #115
During a security incident, the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network. Which of the following fulfills this request?
A. ccess-list inbound deny ip source 0
B. ccess-list inbound deny ip source 10
C. ccess-list inbound permit ip source 10
D. ccess-list inbound permit ip source 0
View answer
Correct Answer: B
Question #116
The Chief Information Security Officer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access. Which of the following is the BEST security solution to reduce this risk?
A. ASB
B. PN concentrator
C. FA
D. PC endpoint
View answer
Correct Answer: A
Question #117
A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?
A. rivate
B. ritical
C. ensitive
D. ublic
View answer
Correct Answer: A
Question #118
A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirement?
A. symmetric
B. ymmetric
C. omomorphic
D. phemeral
View answer
Correct Answer: C
Question #119
An engineer wants to inspect traffic to a cluster of web servers in a cloud environment. Which of the following solutions should the engineer implement?
A. ASB
B. AF
C. oad balancer
D. PN
View answer
Correct Answer: B
Question #120
An audit identified PII being utilized in the development environment of a critical application. The Chief Privacy Officer (CPO) is adamant that this data must be removed; however, the developers are concerned that without real data they cannot perform functionality tests and search for specific dat
A. ata anonymization
B. ata encryption
C. ata masking
D. ata tokenization
View answer
Correct Answer: A
Question #121
Which of the following BEST describes data streams that are compiled through artificial intelligence that provides insight on current cyberintrusions, phishing, and other malicious cyberactivity?
A. ntelligence fusion
B. eview reports
C. og reviews
D. hreat feeds
View answer
Correct Answer: D
Question #122
An organization has decided to purchase an insurance policy because a risk assessment determined that the cost to remediate the risk is greater than the five- year cost of the insurance policy. The organization is enabling risk:
A. voidance
B. cceptance
C. itigation
D. ransference
View answer
Correct Answer: D
Question #123
A company wants to build a new website to sell products online. The website will host a storefront application that will allow visitors to add products to a shopping cart and pay for the products using a credit card. Which of the following protocols would be the MOST secure to implement?
A. SL
B. FTP
C. NMP
D. LS
View answer
Correct Answer: D
Question #124
A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture?
A. atch availability
B. roduct software compatibility
C. ase of recovery
D. ost of replacement
View answer
Correct Answer: A
Question #125
A security operations technician is searching the log named /var/messages for any events that were associated with a workstation with the IP address 10.1.1.1. Which of the following would provide this information?
A. at /var/messages | grep 10
B. rep 10
C. rep /var/messages | cat 10
D. at 10
View answer
Correct Answer: A
Question #126
A security engineer is building a file transfer solution to send files to a business partner. The users would like to drop off the files in a specific directory and have the server send the file to the business partner. The connection to the business partner is over the internet and needs to be secure. Which of the following can be used?
A. /MIME
B. DAPS
C. SH
D. RTP
View answer
Correct Answer: C
Question #127
A security analyst is tasked with defining the "something you are" factor of the company's MFA settings. Which of the following is BEST to use to complete the configuration?
A. ait analysis
B. ein
C. oft token
D. MAC-based, one-time password
View answer
Correct Answer: B
Question #128
Which of the following would be the BEST way to analyze diskless malware that has infected a VDI?
A. hut down the VDI and copy off the event logs
B. ake a memory snapshot of the running system
C. se NetFlow to identify command-and-control IPs
D. un a full on-demand scan of the root volume
View answer
Correct Answer: B
Question #129
A company is implementing BYOD and wants to ensure all users have access to the same cloud-based services. Which of the following would BEST allow the company to meet this requirement?
A. aaS
B. aaS
C. aaS
D. aaS
View answer
Correct Answer: D
Question #130
Which of the following secure application development concepts aims to block verbose error messages from being shown in a user’s interface?
A. WASP
B. bfuscation/camouflage
C. est environment
D. revention of information exposure
View answer
Correct Answer: D
Question #131
An amusement park is implementing a biometric system that validates customers' fingerprints to ensure they are not sharing tickets. The park's owner values customers above all and would prefer customers' convenience over security. For this reason, which of the following features should the security team prioritizeFIRST?
A. ow FAR
B. ow efficacy
C. ow FRR
D. ow CER
View answer
Correct Answer: C
Question #132
A database administrator wants to grant access to an application that will be reading and writing data to a database. The database is shared by other applications also used by the finance department. Which of the following account types is MOST appropriate for this purpose?
A. ervice
B. hared
C. eneric
D. dmin
View answer
Correct Answer: A
Question #133
A report delivered to the Chief Information Security Officer (CISO) shows that some user credentials could be exfiltrated. The report also indicates that users tend to choose the same credentials on different systems and applications. Which of the following policies should the CISO use to prevent someone from using the exfiltrated credentials?
A. FA
B. ockout
C. ime-based logins
D. assword history
View answer
Correct Answer: A
Question #134
Which of the following can reduce vulnerabilities by avoiding code reuse?
A. emory management
B. tored procedures
C. ormalization
D. ode obfuscation
View answer
Correct Answer: D
Question #135
Which of the following organizations sets frameworks and controls for optimal security configuration on systems?
A. SO
B. DPR
C. CI DSS
D. IST
View answer
Correct Answer: D
Question #136
An organization is outlining data stewardship roles and responsibilities. Which of the following employee roles would determine the purpose of data and how to process it?
A. ata custodian
B. ata controller
C. ata protection officer
D. ata processor
View answer
Correct Answer: B
Question #137
Digital signatures use asymmetric encryption. This means the message is encrypted with:
A. he sender's private key and decrypted with the sender's public key
B. he sender's public key and decrypted with the sender's private key
C. he sender's private key and decrypted with the recipient's public key
D. he sender's public key and decrypted with the recipient's private key
View answer
Correct Answer: A
Question #138
An organization is concerned that its hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities?
A. ping3 -S comptia-org -p 80
B. c -l -v comptia
C. map comptia
D. slookup –port=80 comptia
View answer
Correct Answer: C
Question #139
An organization has expanded its operations by opening a remote office. The new office is fully furnished with office resources to support up to 50 employees working on any given day. Which of the following VPN solutions would BEST support the new office?
A. lways-on
B. emote access
C. ite-to-site
D. ull tunnel
View answer
Correct Answer: C
Question #140
Which of the following is an administrative control that would be MOST effective to reduce the occurrence of malware execution?
A. ecurity awareness training
B. requency of NIDS updates
C. hange control procedures
D. DR reporting cycle
View answer
Correct Answer: A
Question #141
An administrator is experiencing issues when trying to upload a support file to a vendor. A pop-up message reveals that a payment card number was found in the file, and the file upload was blocked. Which of the following controls is most likely causing this issue and should be checked FIRST?
A. LP
B. irewall rule
C. ontent filter
D. DM
E. pplication allow list
View answer
Correct Answer: A
Question #142
An organization’s Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained. Which of the following roles would MOST likely include these responsibilities?
A. ata protection officer
B. ata owner
C. ackup administrator
D. ata custodian
E. nternal auditor
View answer
Correct Answer: D
Question #143
Which of the following will increase cryptographic security?
A. igh data entropy
B. lgorithms that require less computing power
C. onger key longevity
D. ashing
View answer
Correct Answer: A
Question #144
A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process. Which of the following methods would BEST accomplish this goal?
A. alting the magnetic strip information
B. ncrypting the credit card information in transit
C. ashing the credit card numbers upon entry
D. okenizing the credit cards in the database
View answer
Correct Answer: D
Question #145
A junior security analyst is conducting an analysis after passwords were changed on multiple accounts without users' interaction. The SIEM have multiple login entries with the following text: suspicious event - user: scheduledtasks successfully authenticate on AD on abnormal time suspicious event - user: scheduledtasks failed to execute c:\weekly_checkups\amazing-3rdparty-domain-assessment.py suspicious event - user: scheduledtasks failed to execute c:\weekly_checkups\secureyourAD-3rdparty-compliance.sh sus
A. Malicious script
B. Privilege escalation
C. Domain hijacking
D. DNS poisoning
View answer
Correct Answer: A
Question #146
A penetration tester is brought on site to conduct a full attack simulation at a hospital. The penetration tester notices a WAP that is hanging from the drop ceiling by its cabling and is reachable. Which of the following recommendations would the penetration tester MOST likely make given this observation?
A. mploy a general contractor to replace the drop-ceiling tiles
B. lace the network cabling inside a secure conduit
C. ecure the access point and cabling inside the drop ceiling
D. tilize only access points that have internal antennas
View answer
Correct Answer: C
Question #147
Which of the following statements BEST describes zero-day exploits?
A. hen a zero-day exploit is discovered, the system cannot be protected by any means
B. ero-day exploits have their own scoring category in CVSS
C. zero-day exploit is initially undetectable, and no patch for it exists
D. iscovering zero-day exploits is always performed via bug bounty programs
View answer
Correct Answer: C
Question #148
A security analyst was called to investigate a file received directly from a hardware manufacturer. The analyst is trying to determine whether the file was modified in transit before installation on the user's computer. Which of the following can be used to safely assess the file?
A. heck the hash of the installation file
B. atch the file names
C. erify the URL download location
D. erify the code signing certificate
View answer
Correct Answer: A
Question #149
Which of the following tools is effective in preventing a user from accessing unauthorized removable media?
A. SB data blocker
B. araday cage
C. roximity reader
D. able lock
View answer
Correct Answer: A
Question #150
A user forwarded a suspicious email to the security team. Upon investigation, a malicious URL was discovered. Which of the following should be done FIRST to prevent other users from accessing the malicious URL?
A. onfigure the web content filter for the web address
B. eport the website to threat intelligence partners
C. et the SIEM to alert for any activity to the web address
D. end out a corporate communication to warn all users of the malicious email
View answer
Correct Answer: A
Question #151
A Chief Security Officer is looking for a solution that can reduce the occurrence of customers receiving errors from back-end infrastructure when systems go offline unexpectedly. The security architect would like the solution to help maintain session persistence. Which of the following would BEST meet the requirements?
A. everse proxy
B. IC teaming
C. oad balancer
D. orward proxy
View answer
Correct Answer: A

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.