1) A user recent an SMS on a mobile phone that asked for bank delays.Which of the following social-engineering techniques was used in this case? a) SPIM b) Vishing c) Spear phishing d) Smishing 2) A security administrator needs to create a RAID configuration that is focused on high read speeds and fault tolerance. It is unlikely that multiple drivers will fail simultaneously. Which of the following RAID configurations should the administration use? a) RAID 0 b) RAID 1 c) RAID 5 d) RAID 10 3) A user is concerned that a web application will not be able to handle unexpected or random input without crashing. Which of the following BEST describes the type of testing the user should perform? a) code signing b) fuzzing c) manual code analysis d) dynamic code analysis 4) A security administrator checks the table of a network switch, which shows the following output:Which of the following is happening to this switch? a) MAC Flooding b) DNS poisoning c) MAC cloning d) ARP poisoning 5) A company needs to centralize its logs to create a baseline and have visibility on its security events. Which of the following technologies will accomplish this objective? a) Security information and event management b) WAF(web application firewall) c) a vulnerability scanner d) NGFW 6) The SOC is reviewing process and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. The allowed the malware to spread to additional hosts before it was contained. Which of the following would be BEST to improve the incident response process? a) updating playbooks with better decision points b) dividing the network into trusted and untrusted zones c) providing additional end-user training on acceptable use d) implementing manual quarantining of infected hosts 7) An organization has been experiencing outages during holiday sales and needs to ensure the availability of its point-of-sale systems. The IT administrator has been asked to improve both server-data fault tolerance and site availability under high consumer load. Which of the following are the BEST options to accomplish this objective? (Select TWO) a) load balancing b) incremental backups c) UPS d) RAID e) Dual power supply f) NIC teaming 8) In the middle of a cybersecurity, a security engineer removes the infected devices from the network and lock down all compromised accounts. In which of the following incident response phases is the security engineer currently operating? a) identification b) preparation c) eradication d) recovery e) containment 9) An organization has a growing workforce that is mostly driven by additions to the sales department. Each newly hired salesperson relies on a mobile device to conduct business. The Chief Information Officer (CIO) is wondering if the organization may need to scale down just as quickly as it scaled up. The ClO is also concerned about the organization's security and customer privacy. Which of the following would be BEST to address the ClO's concerns? a) Disallow new hires from using mobile devices for six months b) Select four devices for the sales department to use in a CYOD model c) Implement BYOD for the sates department while leveraging the MDM d) Deploy mobile devices using the COPE methodology 10) A public relations team will be taking a group of guests on a tour through the facility of a large ecommerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboards are cleaned and all desks are cleared. The company is MOST likely trying to protect against. a) Loss of proprietary information b) Damage to the company's reputation c) Social engineering d) Credential Exposure 11) A network engineer needs to create a plan for upgrading the wireless infrastructure in a large office Priority must be given to areas that are currently experiencing latency and connection issues. Which of the following would be the BEST resource for determining the order of priority? a) Nmap b) Heat maps c) Network diagrams d) Wireshark 12) A security analyst is preparing a threat for an upcoming internal penetration test. The analyst needs to identify a method for determining the tactics, techniques, and procedures of a threat against the organization's network. Which of the following will the analyst MOST likely use to accomplish the objective? a) a table exercise b) NST CSF c) MTRE att$ck d) OWASP 13) A security analyst has received an alert about PII being sent via email. The analyst's Chief information Security Officer (CISO) has made it clear that PII must be handled with extreme care From which of the following did the alert MOST likely originate? a) S/MIME b) DLP c) IMAP d) HIDS 14) A document that appears to be malicious has been discovered in an email that was sent to a company's Chief Financial Officer (CFO).Which of the following would be BEST to allow a security analyst to gather information and confirm it is a malicious document without executing any code it may contain? a) open document on an air-gapped network b) view document's metadata for origin clues c) serach for mathing files hashes on malware websites d) detonate the document in an analysis sandbox 15) A network engineer notices the VPN concentrator overloaded and crashes on days when there are a lot of remote workers. Senior management has placed greater importance on the availability of VPN resources for the remote workers than the security of the end users' traffic. Which of the following would be BEST to solve this issue? a) IPsec b) Always On c) Split tunneling d) L2TP 16) A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would BEST detect the presence of a rootkit in the future? a) FDE (full disk encryption) b) NIDS (network intrusion device) c) EDR (end point detection response) d) DLP (data loss prevention) 17) A security administrator currently spends a large amount of time on common security tasks, such aa report generation, phishing investigations, and user provisioning and deprovisioning This prevents the administrator from spending time on other security projects. The business does not have the budget to add more staff members. Which of the following should the administrator implement? a) DAC b) ABAC c) SCAP d) SOAR 18) A security analyst sees the following log output while reviewing web logs:Which of the following mitigation strategies would be BEST to prevent this attack from being successful? a) secure cookies b) input validation c) code signing d) stored procedures 19) A Chief Information Security Officer (CISO) is concerned about the organization's ability to continue business operation in the event of a prolonged DDoS attack on its local datacenter that consumes database resources. Which of the following will the CISO MOST likely recommend to mitigate this risk? a) Upgrade the bandwidth available into the datacenter b) Implement a hot-site failover location c) Switch to a complete SaaS offering to customers d) Implement a challenge response test on all end-user queries 20) An organization is concerned that its hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities? a) Hping3 -s comptia, org -p 80 b) Nc -1 v comptia, org p 80 c) nmap comptia, org p 80 aV d) nslookup port=80 comtia.org 21) The SOC is reviewing process and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. The allowed the malware to spread to additional hosts before it was contained. Which of the following would be BEST to improve the incident response process? a) updating the playbooks with better decision points b) Dividing the network into trusted and untrusted zones c) Providing addition end-user training on acceptavle use d) implementing manual wuarantining of infected hosts 22) An organization has been experiencing outages during holiday sales and needs to ensure the availability of its point-of-sale systems. The IT administrator has been asked to improve both server-data fault tolerance and site availability under high consumer load. Which of the following are the BEST options to accomplish this objective? (Select TWO) a) Load balancing b) Incremental backups c) UPS d) RAID e) Dual power supply f) NIC teaming 23) In the middle of a cybersecurity, a security engineer removes the infected devices from the network and lock down all compromised accounts. In which of the following incident response phases is the security engineer currently operating? a) Identification b) Preparation c) Eradication d) Recovery e) Containment 24) An organization has a growing workforce that is mostly driven by additions to the sales department. Each newly hired salesperson relies on a mobile device to conduct business. The Chief Information Officer (CIO) is wondering it the organization may need to scale down just as quickly as it scaled up. The ClO is also concerned about the organization's security and customer privacy. Which of the following would be BEST to address the ClO's concerns? a) A. Disallow new hires from using mobile devices for six months b) B. Select four devices for the sales department to use in a CYOD model c) C. Implement BYOD for the sates department while leveraging the MDM d) D. Deploy mobile devices using the COPE methodology 25) A public relations team will be taking a group of guests on a tour through the facility of a large ecommerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboards are cleaned and all desks are cleared. The company is MOST likely trying to protect against a) loss of proprietary information b) Damage to the company's reputation c) social engineering d) credential exposure 26) A network engineer needs to create a plan for upgrading the wireless infrastructure in a large office Priority must be given to areas that are currently experiencing latency and connection issues. Which of the following would be the BEST resource for determining the order of priority? a) NMAP b) hear maps c) network Diagrams d) Wireshark 27) A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would BEST detect the presence of a rootkit in the future? a) FDE b) NIDS c) EDR d) DLP 28) A Chief Information Security Officer (CISO) is concerned about the organization's ability to continue business operation in the event of a prolonged DDoS attack on its local datacenter that consumes database resources. Which of the following will the CISO MOST likely recommend to mitigate this risk? a) upgrade the bandwith available into the datacenter b) implement a hot-site failover location c) switch to a complete SaaS offering to customers d) implement a challenge response test on all end-user queries 29) An incident response technician collected a mobile device during an investigation. Which of the following should the technician do to maintain chain of custody? a) A. Document the collection and require a sign-off when possession changes. b) B. Lock the device in a safe or other secure location to prevent theft or alteration. c) C. Place the device in a Faraday cage to prevent corruption of the data. d) D. Record the collection in a blockchain-protected public ledger. 30) An organization's RPO for a critical system is two hours. The system is used Monday through Friday, from 9:00 am to 5:00 pm. Currently, the organization performs a full backup every Saturday that takes four hours to complete. Which of the following additional backup implementations would be the BEST way for the analyst to meet the business requirements? a) A. Incremental backups Monday through Friday at 6:00 p.m and differential backups hourly b) B. Full backups Monday through Friday at 6:00 p.m and incremental backups hourly. c) C. incremental backups Monday through Friday at 6:00 p.m and full backups hourly. d) D. Full backups Monday through Friday at 6:00 p.m and differential backups hourly. 31) A security analyst discovers that a company username and password database was posted on an internet forum. The username and passwords are stored in plan text.Which of the following would mitigate the damage done by this type of data exfiltration in the future? a) A. Create DLP controls that prevent documents from leaving the network b) B. Implement salting and hashing c) C. Configure the web content filter to block access to the forum. d) D. Increase password complexity requirements 32) After a ransomware attack a forensics company needs to review a cryptocurrency transaction between the victim and the attacker. Which of the following will the company MOST likely review to trace this transaction? a) the public ledger b) the Netflow data c) a checksum d) the event log 33) Which of the following is a team of people dedicated testing the effectiveness of organizational security programs by emulating the techniques of potential attackers? a) Red team b) White team c) Blue team d) Purple team 34) Which of the following job roles would sponsor data quality and data entry initiatives that ensure business and regulatory requirements are met? a) the data owner b) the data processor c) the data steward d) the data privacy officer 35) A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logon attempts to access the departed executive's accounts. Which of the following security practices would have addressed the issue? a) A non-disclosure agreement b) Least Privilege c) an acceptable use policy d) offboarding 36) A network administrator would like to configure a site-to-site VPN utilizing iPSec.The administrator wants the tunnel to be established with data integrity encryption, authentication and anti- replay functions.Which of the following should the administrator use when configuring the VPN? a) AH (authentication header) b) EDR(endpoint detection response c) ESP(encapsulating security payload d) DNSSEC 37) The following is an administrative control that would be MOST effective to reduce the occurrence of malware execution? a) Security awareness training b) frequency of NIDS updates c) change control procedures d) EDR reporting cycle 38) The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve in the environment patient data, particularly at shared terminals. The Chief Risk Officer (CRO) isconcerned that training and guidance have been provided to frontline staff, and a risk analysis has not been performedWhich of the following is the MOST likely cause of the CRO's concerns? a) SSO would simplify username and password management, making it easier for hackers to pass guess accounts. b) SSO would reduce password fatigue, but staff would still need to remember more complex passwords. c) SSO would reduce the password complexity for frontline staff. d) SSO would reduce the resilience and availability of system if the provider goes offline. 39) A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of power surge or other fault situation. The switch was installed on a wired network in a hospital and is monitored by the facilities department via a cloud application. The security administrator isolated the switch on a separate VLAN and set up a patch routine. Which of the following steps should also be taken to harden the smart switch? a) set up an air gap for the switch b) change the default password for the switch c) place the switch in a faraday cage d) install a cable lock on the switch 40) Which of the following describes the BEST approach for deploying application patches? a) Apply the patches to systems in a testing environment then to systems in a staging environment, and finally to production systems. b) B. Test the patches in a staging environment, develop against them in the development environment, and then apply them to the production systems c) C. Test the patches m a test environment apply them to the production systems and then apply them to a staging environment d) D. Apply the patches to the production systems apply them in a staging environment, and then test all of them in a testing environment 41) A security engineer needs to enhance MFA access to sensitive areas in a building. A key card and fingerprint scan are already in use. Which of the following would add another factor of authentication? a) hard token b) Retina scan c) SMS text d) Keypad pin 42) A symmetric encryption algorithm is BEST suited for: a) key-exchange scalability b) protecting large amounts of data c) providing hashing capabilities d) implementing non-repudiation 43) A company has limited storage available and online presence that cannot for more than four hours. Which of the following backup methodologies should the company implement to allow for the FASTEST database restore time In the event of a failure, which being maindful of the limited available storage space? a) A. Implement fulltape backup every Sunday at 8:00 p.m and perform nightly tape rotations. b) B. Implement different backups every Sunday at 8:00 and nightly incremental backups at 8:00 p.m c) C. Implement nightly full backups every Sunday at 8:00 p.m d) D. Implement full backups every Sunday at 8:00 p.m and nightly differential backups at 8:00 44) A security analyst is reviewing information regarding recent vulnerabilities. Which of the following will the analyst MOST likely consult to validate which platforms have been affected? a) OSINT b) SIEM c) CVSS d) CVE 45) A security analyst needs to produce a document that details how a security incident occurred, the steps that were taken for recovery, and how future incidents can be avoided. During which of the following stages of the response process will this activity take place? a) Recovery b) Identification c) Lessons Learned d) Preparation 46) A critical file server is being upgraded and the systems administrator must determine which RAID level the new server will need to achieve parity and handle two simultaneous disk failures. Which of the following RAID levels meets this requirements? a) RAID 0+1 b) RAID 2 c) RAID 5 d) RAID 6 47) Which of the following provides the BEST protection for sensitive information and data stored in cloud-based services but still allows for full functionality and searchability of data within the cloudbased services? a) Data encryption b) Data masking c) Anonymization d) Tokenization 48) A company uses wireless tor all laptops and keeps a very detailed record of its assets, along with a comprehensive list of devices that are authorized to be on the wireless network. The Chief Information Officer (CIO) is concerned about a script kiddie potentially using an unauthorized device to brute force the wireless PSK and obtain access to the internal network. Which of the following should the company implement to BEST prevent this from occurring? a) a BPDU gaurd b) WPA-EAP c) IP filtering d) A WIDS 49) Which of the following would be BEST to establish between organizations that have agreed cooperate and are engaged in early discussion to define the responsibilities of each party, but do not want to establish a contractually binding agreement? a) An SLA b) An NDA c) A BPA d) An MOU 50) A Chief Executive Officer's (CEO) personal information was stolen in a social engineering attack. Which of the following sources would reveal if the CEO's personal information is for sale? a) Automated information sharing b) Open-source intelligence c) the dark web d) Vulnerability databases

Κατάταξη

Οπτικό στυλ

Επιλογές

Αλλαγή προτύπου

Επαναφορά αυτόματα αποθηκευμένου: ;