1) An organization is concerned that its hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities? a) Hping3 -s comptia, org -p 80  b) Nc -1 v comptia, org p 80  c) nmap comptia, org p 80 aV  d) nslookup port=80 comtia.org 2) An incident response technician collected a mobile device during an investigation. Which of the following should the technician do to maintain chain of custody? a) Document the collection and require a sign-off when possession changes.  b) Lock the device in a safe or other secure location to prevent theft or alteration.  c) Place the device in a Faraday cage to prevent corruption of the data.  d) Record the collection in a blockchain-protected public ledger. 3) An organization's RPO for a critical system is two hours. The system is used Monday through Friday, from 9:00 am to 5:00 pm. Currently, the organization performs a full backup every Saturday that takes four hours to complete. Which of the following additional backup implementations would be the BEST way for the analyst to meet the business requirements?  a) Incremental backups Monday through Friday at 6:00 p.m and differential backups hourly  b) Full backups Monday through Friday at 6:00 p.m and incremental backups hourly.  c) incremental backups Monday through Friday at 6:00 p.m and full backups hourly.  d) Full backups Monday through Friday at 6:00 p.m and differential backups hourly. 4) A security analyst discovers that a company username and password database was posted on an internet forum. The username and passwords are stored in plain text. Which of the following would mitigate the damage done by this type of data exfiltration in the future? a) Create DLP controls that prevent documents from leaving the network  b) Implement salting and hashing  c) Configure the web content filter to block access to the forum.  d) Increase password complexity requirements 5) After a ransomware attack a forensics company needs to review a cryptocurrency transaction between the victim and the attacker. Which of the following will the company MOST likely review to trace this transaction? a) The public ledger  b) The NetFlow data  c) A checksum  d) The event log 6) Which of the following is a team of people dedicated testing the effectiveness of organizational security programs by emulating the techniques of potential attackers? a) Red team  b) While team  c) Blue team  d) Purple team 7) Which of the following job roles would sponsor data quality and data entry initiatives that ensure business and regulatory requirements are met? a) The data owner  b) The data processor  c) The data steward d) The data privacy officer. 8) A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logon attempts to access the departed executive's accounts. Which of the following security practices would have addressed the issue? a) A non-disclosure agreement  b) Least privilege  c) An acceptable use policy  d) Off-boarding 9) A network administrator would like to configure a site-to-site VPN utilizing iPSec. The administrator wants the tunnel to be established with data integrity encryption, authentication and anti- replay functions. Which of the following should the administrator use when configuring the VPN? a) AH  b) EDR  c) ESP  d) DNSSEC 10) The following is an administrative control that would be MOST effective to reduce the occurrence of malware execution? a) Security awareness training  b) Frequency of NIDS updates  c) Change control procedures  d) EDR reporting cycle 11) The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve in the environment patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that training and guidance have been provided to frontline staff, and a risk analysis has not been performed. Which of the following is the MOST likely cause of the CRO's concerns? a) SSO would simplify username and password management, making it easier for hackers to pass guess accounts.  b) SSO would reduce password fatigue, but staff would still need to remember more complex passwords.  c) SSO would reduce the password complexity for frontline staff.  d) SSO would reduce the resilience and availability of system if the provider goes offline. 12) A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of power surge or other fault situation. The switch was installed on a wired network in a hospital and is monitored by the facilities department via a cloud application. The security administrator isolated the switch on a separate VLAN and set up a patch routine. Which of the following steps should also be taken to harden the smart switch? a) Set up an air gap for the switch.  b) Change the default password for the switch.  c) Place the switch In a Faraday cage.  d) Install a cable lock on the switch 13) Which of the following describes the BEST approach for deploying application patches? a) Apply the patches to systems in a testing environment then to systems in a staging environment, and finally to production systems.  b) Test the patches in a staging environment, develop against them in the development environment, and then apply them to the production systems  c) Test the patches m a test environment apply them to the production systems and then apply them to a staging environment  d) Apply the patches to the production systems apply them in a staging environment, and then test all of them in a testing environment 14) A security engineer needs to enhance MFA access to sensitive areas in a building. A key card and fingerprint scan are already in use. Which of the following would add another factor of authentication? a) Hard token  b) Retina scan  c) SMS text  d) Keypad PIN 15) A symmetric encryption algorithm is BEST suited for: a) key-exchange scalability.  b) protecting large amounts of data.  c) providing hashing capabilities d) implementing non-repudiation. 16) A company has limited storage available and online presence that cannot for more than four hours. Which of the following backup methodologies should the company implement to allow for the FASTEST database restore time In the event of a failure, which being maindful of the limited available storage space? a) Implement fulltape backup every Sunday at 8:00 p.m and perform nightly tape rotations.  b) Implement different backups every Sunday at 8:00 and nightly incremental backups at 8:00 p.m  c) Implement nightly full backups every Sunday at 8:00 p.m  d) Implement full backups every Sunday at 8:00 p.m and nightly differential backups at 8:00 17) A security analyst is reviewing information regarding recent vulnerabilities. Which of the following will the analyst MOST likely consult to validate which platforms have been affected? a) OSINT  b) SIEM  c) CVSS  d) CVE 18) A security analyst needs to produce a document that details how a security incident occurred, the steps that were taken for recovery, and how future incidents can be avoided. During which of the following stages of the response process will this activity take place? a) Recovery  b) Identification  c) Lessons learned  d) Preparation 19) A critical file server is being upgraded and the systems administrator must determine which RAID level the new server will need to achieve parity and handle two simultaneous disk failures. Which of the following RAID levels meets these requirements? a) RAID 0+1  b) RAID 2  c) RAID 5  d) RAID 6 20) Which of the following provides the BEST protection for sensitive information and data stored in cloud-based services but still allows for full functionality and searchability of data within the cloudbased services? a) Data encryption  b) Data masking  c) Anonymization  d) Tokenization

Security + (Part 8)

Bestenliste

Visueller Stil

Einstellungen

Vorlage ändern

Soll die automatisch gespeicherte Aktivität wiederhergestellt werden?