Q61.A security team will be outsourcing several key functions to a third party and will require that:

• Several of the functions will carry an audit burden
• Attestations will be performed several times a year
• Reports will be generated on a monthly basis

Which of the following best describes the document that is used to define these requirements and stipulate how and when they are performed by the third party?

A. MOU
B. AUP
C. SLA
D. MSA

Q62.A report delivered to the Chief Information Security Officer (CISO) shows that some user credentials could be exfiltrated. The report also indicates that users tend to choose the same credentials on different systems and applications. Which of the following policies should the CISO use to prevent someone from using the exfiltrated credentials?

A. MFA
B. Lockout
C. Time-based logins
D. Password history

Q63.A security analyst is reviewing computer logs because a host was compromised by malware. After the computer was infected it displayed an error screen and shut down. Which of the following should the analyst review first to determine more information?

A. Dump file
B. System log
C. Web application log
D. Security log

Q64.Which of the following control types is patch management classified under?

A. Deterrent
B. Physical
C. Corrective
D. Detective

Q65.Which of the following provides the BEST protection for sensitive information and data stored in cloud-based services but still allows for full functionality and searchability of data within the cloud-based services?

A. Data encryption
B. Data masking
C. Anonymization
D. Tokenization

Q66.Which of the following roles would most likely have direct access to the senior management team?

A. Data custodian
B. Data owner
C. Data protection officer
D. Data controller

Q67.A company is looking to migrate some servers to the cloud to minimize its technology footprint. The company has 100 databases that are on premises. Which of the following solutions will require the LEAST management and support from the company?

A. SaaS
B. IaaS
C. PaaS
D. SDN

Q68.Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company’s final software releases? (Choose two.)

A. Unsecure protocols
B. Use of penetration-testing utilities
C. Weak passwords
D. Included third-party libraries
E. Vendors/supply chain
F. Outdated anti-malware software

Q69.A user s laptop constantly disconnects from the Wi-Fi network. Once the laptop reconnects, the user can reach the internet but cannot access shared folders or other network resources. Which of the following types of attacks is the user most likely experiencing?

A. Bluejacking
B. Jamming
C. Rogue access point
D. Evil twin

Q70.Which of the following rales is responsible for defining the protection type and classification type for a given set of files?

A. General counsel
B. Data owner
C. Risk manager
D. Chief Information Officer

Q71.Which of the following documents specifies what to do in the event of catastrophic loss of a physical or virtual system?

A. Data retention plan
B. Incident response plan
C. Disaster recovery plan
D. Communication plan

Q72.A security administrator examines the ARP table of an access switch and sees the following output:

A. DDoS on Fa0/2 port
B. MAC flooding on Fa0/2 port
C. ARP poisoning on Fa0/1 port
D. DNS poisoning on port Fa0/1

Q73.A cloud service provider has created an environment where customers can connect existing local networks to the cloud for additional computing resources and block internal HR applications from reaching the cloud. Which of the following cloud models is being used?

A. Public
B. Community
C. Hybrid
D. Private

Q74.Which of the following measures the average time that equipment will operate before it breaks?

A. SLE
B. MTBF
C. RTO
D. ARO

Q75.Which of the following incident response phases should the proper collection of the detected IoCs and establishment of a chain of custody be performed before?

A. Containment
B. Identification
C. Preparation
D. Recovery

Q76.A security administrator needs to add fault tolerance and load balancing to the connection from the file server to the backup storage. Which of the following is the best choice to achieve this objective?

A. Multipath
B. RAID
C. Segmentation
D. 802.11

Q77.A security analyst is using OSINT to gather information to verify whether company data is available publicly. Which of the following is the best application for the analyst to use?

A. theHarvester
B. Cuckoo
C. Nmap
D. Nessus

Q78.A Chief Information Security Officer (CISO) wants to implement a new solution that can protect against certain categories of websites whether the employee is in the office or away. Which of the following solutions should the CISO implement?

A. WAF
B. SWG
C. VPN
D. HIDS

Q79.Unauthorized devices have been detected on the internal network. The devices’ locations were traced to Ethernet ports located in conference rooms. Which of the following would be the best technical controls to implement to prevent these devices from accessing the internal network?

A. NAC
B. DLP
C. IDS
D. MFA

Q80.Which of the following security controls can be used to prevent multiple people from using a unique card swipe and being admitted to a secure entrance?

A. Visitor logs
B. Faraday cages
C. Access control vestibules
D. Motion detection sensors

Q81.An employee who is using a mobile device for work, is required to use a fingerprint to unlock the device. Which of the following is this an example of?

A. Something you know
B. Something you are
C. Something you have
D. Somewhere you are

Q82.Stakeholders at an organization must be kept aware of any incidents and receive updates on status changes as they occur. Which of the following plans would fulfill this requirement?

A. Communication plan
B. Disaster recovery plan
C. Business continuity plan
D. Risk plan

Q83.A small, local company experienced a ransomware attack. The company has one web-facing server and a few workstations. Everything is behind an ISP firewall. A single web-facing server is set up on the router to forward all polls so that the server is viewable from the internet. The company uses an older version of third-party software to manage the website. The assets were never patched. Which of the following should be done to prevent an attack like this from happening again? (Choose three.)

A. install DLP software to prevent data loss
B. Use the latest version of software
C. Install a SIEM device
D. Implement MDM
E. Implement a screened subnet for the web server
F. Install an endpoint security solution
G. Update the website certificate and revoke the existing ones
H. Deploy additional network sensors

Q84.The marketing department at a retail company wants to publish an internal website to the internet so it is reachable by a limited number of specific, external service providers in a secure manner. Which of the following configurations would be BEST to fulfil this requirement?

A. NAC
B. ACL
C. WAF
D. NAT

Q85.The help desk has received calls from users in multiple locations who are unable to access core network services. The network team has identified and turned off the network switches using remote commands. Which of the following actions should the network team take NEXT?

A. Disconnect all external network connections from the firewall.
B. Send response teams to the network switch locations to perform updates.
C. Turn on all the network switches by using the centralized management software.
D. Initiate the organization’s incident response plan.

Q86.A company is looking to migrate some servers to the cloud to minimize its technology footprint. The company has a customer relationship management system on premises. Which of the following solutions will require the LEAST infrastructure and application support from the company?

A. SaaS
B. IaaS
C. PaaS
D. SDN

Q87.An analyst receives multiple alerts for beaconing activity for a host on the network. After analyzing the activity, the analyst observes the following activity:

* A user enters comptia.org into a web browser.
* The website that appears is not the comptia.org site.
* The website is a malicious site from the attacker.
* Users in a different office are not having this issue.

Which of the following types of attacks was observed?

A. On-path attack
B. DNS poisoning
C. Locator (URL) redirection
D. Domain hijacking

Q88.An audit identified PII being utilized in the development environment of a critical application. The Chief Privacy Officer (CPO) is adamant that this data must be removed; however, the developers are concerned that without real data they cannot perform functionality tests and search for specific data. Which of the following should a security professional implement to BEST satisfy both the CPO’s and the development team’s requirements?

A. Data anonymization
B. Data encryption
C. Data masking
D. Data tokenization

Q89.Which of the following would BEST provide a systems administrator with the ability to more efficiently identify systems and manage permissions and policies based on location, role, and service level?

A. Standard naming conventions
B. Domain services
C. Baseline configurations
D. Diagrams

Q90.A security engineer is deploying a new wireless network for a company. The company shares office space with multiple tenants. Which of the following should the engineer configure on the wireless network to ensure that confidential data is not exposed to unauthorized users?

A. EAP
B. TLS
C. HTTPS
D. AES

Q91.A security analyst needs to implement an MDM solution for BYOD users that will allow the company to retain control over company emails residing on the devices and limit data exfiltration that might occur if the devices are lost or stolen. Which of the following would BEST meet these requirements? (Choose two.)

A. Full device encryption
B. Network usage rules
C. Geofencing
D. Containerization
E. Application approve list
F. Remote control

Q92.A network-connected magnetic resonance imaging (MRI) scanner at a hospital is controlled and operated by an outdated and unsupported specialized Windows OS. Which of the following is MOST likely preventing the IT manager at the hospital from upgrading the specialized OS?

A. The time needed for the MRI vendor to upgrade the system would negatively impact patients.
B. The MRI vendor does not support newer versions of the OS.
C. Changing the OS breaches a support SLA with the MRI vendor.
D. The IT team does not have the budget required to upgrade the MRI scanner.

Q93.A digital forensics team at a large company is investigat ng a case in which malicious code was down oaded over an HTTPS connection and was running in memory, but was never committed to disk. Which of the following techniques should the team use to obtain a sample of the malware binary?

A. pcap reassembly
B. SSD snapshot
C. Image volatile memory
D. Extract from checksums

Q94.A manufacturing company has several one-off legacy information systems that cannot be migrated to a newer OS due to software compatibility issues. The OSs are still supported by the vendor, but the industrial software is no longer supported. The Chief Information Security Officer has created a resiliency plan for these systems that will allow OS patches to be installed in a non-production environment, while also creating backups of the systems for recovery. Which of the following resiliency techniques will provide these capabilities?

A. Redundancy
B. RAID 1+5
C. Virtual machines
D. Full backups

Q94.A manufacturing company has several one-off legacy information systems that cannot be migrated to a newer OS due to software compatibility issues. The OSs are still supported by the vendor, but the industrial software is no longer supported. The Chief Information Security Officer has created a resiliency plan for these systems that will allow OS patches to be installed in a non-production environment, while also creating backups of the systems for recovery. Which of the following resiliency techniques will provide these capabilities?

A. Redundancy
B. RAID 1+5
C. Virtual machines
D. Full backups

Q95.A security analyst reviews web server logs and notices the following lines:

Which of the following vulnerabilities is the attacker trying to exploit?

A. Token reuse
B. SQLi
C. CSRF
D. XSS

Q96.Which of the following is a security implication of newer ICS devices that are becoming more common in corporations?

A. Devices with cellular communication capabilities bypass traditional network security controls
B. Many devices do not support elliptic-curve encryption algorithms due to the overhead they require
C. These devices often lack privacy controls and do not meet newer compliance regulations
D. Unauthorized voice and audio recording can cause loss of intellectual property

Q97.A company policy requires third-party suppliers to self-report data breaches within a specific time frame. Which of the following third-party risk management policies is the company complying with?

A. MOU
B. SLA
C. EOL
D. NDA

Q98.Which of the following is required in order for an IDS and a WAF to be effective on HTTPS traffic?

A. Hashing
B. DNS sinkhole
C. TLS inspection
D. Data masking

Q99.While troubleshooting service disruption on a mission-critical server, a technician discovered the user account that was configured to run automated processes was disabled because the user s password failed to meet password complexity requirements. Which of the following would be the best solution to securely prevent future issues?

A. Using an administrator account to run the processes and disabling the account when it is not in use
B. Implementing a shared account the team can use to run automated processes
C. Configuring a service account to run the processes
D. Removing the password complexity requirements for the user account

Q100.Which of the following procedures would be performed after the root cause of a security incident has been identified to help avoid future incidents from occurring?

A. Walk-throughs
B. Lessons learned
C. Attack framework alignment
D. Containment

Q101.A security administrator is integrating several segments onto a single network. One of the segments, which includes legacy devices, presents a significant amount of risk to the network. Which of the follow ng would allow users to access to the legacy devices without compromising the security of the entire network?

A. NIDS
B. MAC filtering
C. Jump server
D. IPSec
E. NAT gateway

Q102.Which of the following would a security analyst use to determine if other companies in the same sector have seen similar malicious activity against their systems?

A. Vulnerability scanner
B. Open-source intelligence
C. Packet capture
D. Threat feeds

Q103.A security administrator installed a new web server. The administrator did this to increase the capacity for an application due to resource exhaustion on another server. Which of the following algorithms should the administrator use to split the number of the connections on each server in half?

A. Weighted response
B. Round-robin
C. Least connection
D. Weighted least connection

Q104.During a Chief Information Security Officer (CISO) convention to discuss security awareness, the attendees are provided with a network connection to use as a resource. As the convention progresses, one of the attendees starts to notice delays in the connection, and the HTTPS site requests are reverting to HTTP. Which of the following BEST describes what is happening?

A. Birthday collision on the certificate key
B. DNS hijacking to reroute traffic
C. Brute force to the access point
D. A SSL/TLS downgrade

Q105.Which of the following types of disaster recovery plan exercises requires the least interruption to IT operations?

A. Parallel
B. Full-scale
C. Tabletop
D. Simulation

Q106.Which of the follow ng disaster recovery sites is the most cost effective to operate?

A. Warm site
B. Cold site
C. Hot site
D. Hybrid site

Q107.A security operations center wants to implement a solution that can execute files to test for malicious activity. The solution should provide a report of the files’ activity against known threats. Which of the following should the security operations center implement?

A. the Harvester
B. Nessus
C. Cuckoo
D. Sn1per

Q108.A security administrator would like to ensure all cloud servers will have software preinstalled for facilitating vulnerability scanning and continuous monitoring. Which of the following concepts should the administrator utilize?

A. Provisioning
B. Staging
C. Staging
D. Quality assurance

Q109.A network architect wants a server to have the ability to retain network availability even if one of the network switches it is connected to goes down. Which of the following should the architect implement on the server to achieve this goal?

A. RAID
B. UPS
C. NIC teaming
D. Load balancing

Q110.An employee received multiple messages on a mobile device. The messages were instructing the employee to pair the device to an unknown device. Which of the follow ng best describes what a malicious person might be doing to cause this issue to occur?

A. Jamming
B. Bluesnarfing
C. Evil twin attack
D. Rogue access point

Q111.Security analysts have noticed the network becomes flooded with malicious packets at specific times of the day. Which of the following should the analysts use to investigate this issue?

A. Web metadata
B. Bandwidth monitors
C. System files
D. Correlation dashboards

Q112.An attacker is targeting a company. The attacker notices that the company’s employees frequently access a particular website. The attacker decides to infect the website with malware and hopes the employees’ devices will also become infected. Which of the follow ng techniques is the attacker using?

A. Watering-hole attack
B. Pretexting
C. Typosquatting
D. Impersonation

Q113.An employee used a corporate mobile device during a vacation. Multiple contacts were modified in the device during the employee’s vacation. Which of the following attack methods did an attacker use to insert the contacts without having physical access to the device?

A. Jamming
B. Bluejacking
C. Disassociation
D. Evil twin

Q114.A security administrator wants to implement a program that tests a user’s ability to recognize attacks over the organization’s email system. Which of the following would be best suited for this task?

A. Social media analysis
B. Annual information security training
C. Gamification
D. Phishing campaign

Q115.A security analyst is reviewing packet capture data from a compromised host on the network. In the packet capture, the analyst locates packets that contain large amounts of text. Which of the following is most likely installed on the compromised host?

A. Keylogger
B. Spyware
C. Trojan
D. Ransomware

Q116.An organization needs to implement more stringent controls over administrator/root credentials and service accounts. Requirements for the project include:

• Check-in/checkout of credentials
• The ability to use but not know the password
• Automated password changes
• Logging of access to credentials

Which of the following solutions would meet the requirements?

A. OAuth 2.0
B. Secure Enclave
C. A privileged access management system
D. An OpenID Connect authentication system

Q117.A user is having network connectivity issues when working from a coffee shop. The user has used the coffee shop as a workspace for several months without any issues. None of the other customers at the coffee shop are experiencing these issues. A help desk analyst at the user’s company reviews the following Wi-Fi log:

Which of the following best describes what is causing this issue?

A. Another customer has configured a rogue access point.
B. The coffee shop network is using multiple frequencies.
C. A denial-of-service attack by disassociation is occurring.
D. An evil twin access point is being utilized.

Q118.Which of the following is a physical security control that ensures only the authorized user is present when gaining access to a secured area?

A. A biometric scanner
B. A smart card reader
C. A PKI token

Q119.During a forensic investigation, a security analyst discovered that the following command was run on a compromised host:

crackmapexec smb 192.168.10.232 -u localadmin -H 0A3CE8D07A46E5C51070F03593E0A5E6

Which of the following attacks occurred?

A. Buffer overflow
B. Pass the hash
C. SQL injection
D. Replay attack

Q120.A company is moving to new location. The systems administrator has provided the following server room requirements to the facilities staff:

• Consistent power levels in case of brownouts or voltage spikes
• A minimum of 30 minutes runtime following a power outage
• Ability to trigger graceful shutdowns of critical systems

Which of the following would BEST meet the requirements?

A. Maintaining a standby, gas-powered generator
B. Using large surge suppressors on computer equipment
C. Configuring managed PDUs to monitor power levels
D. Deploying an appropriately sized, network-connected UPS device