Q1.An organization wants to quickly assess how effectively the IT team hardened new laptops. Which of the following would be the best solution to perform this assessment?
A. Install a SIEM tool and properly configure it to read the OS configuration files
B. Load current baselines into the existing vulnerability scanner
C. Maintain a risk register with each security control marked as compliant or non-compliant
D. Manually review the secure configuration guide checklists
Q2.Two hospitals merged into a single organization. The privacy officer requested a review of all records to ensure encryption was used during record storage, in compliance with regulations. During the review, the officer discovered that medical diagnosis codes and patient names were left unsecured. Which of the following types of data does this combination BEST represent?
A. Personal health information
B. Personally identifiable information
C. Tokenized data
D. Proprietary data
Q3.Which of the following supplies non-repudiation during a forensics investigation?
A. Dumping volatile memory contents first
B. Duplicating a drive with dd
C. Using a SHA-2 signature of a drive image
D. Logging everyone in contact with evidence
E. Encrypting sensitive data
Q4.Which of the following describes a social engineering technique that seeks to exploit a person’s sense of urgency?
A. A phishing email stating a cash settlement has been awarded but will expire soon
B. A smishing message stating a package is scheduled for pickup
C. A vishing call that requests a donation be made to a local charity
D. A SPIM notification claiming to be undercover law enforcement investigating a cybercrime
Q5.A web server has been compromised due to a ransomware attack. Further investigation reveals the ransomware has been in the server for the past 72 hours. The systems administrator needs to get the services back up as soon as possible. Which of the following should the administrator use to restore services to a secure state?
A. The last incremental backup that was conducted 72 hours ago
B. The last known-good configuration
C. The last full backup that was conducted seven days ago
D. The baseline OS configuration
Q6.A Chief Security Officer is looking for a solution that can provide increased scalability and flexibility for back-end infrastructure, allowing it to be updated and modified without disruption to services. The security architect would like the solution selected to reduce the back-end server resources and has highlighted that session persistence is not important for the applications running on the back-end servers. Which of the following would BEST meet the requirements?
A. Reverse proxy
B. Automated patch management
C. Snapshots
D. NIC teaming
Q7.A company acquired several other small companies. The company that acquired the others is transitioning network services to the cloud. The company wants to make sure that performance and security remain intact. Which of the following BEST meets both requirements?
A. High availability
B. Application security
C. Segmentation
D. Integration and auditing
Q8.A help desk technician receives an email from the Chief Information Officer (CIO) asking for documents. The technician knows the CIO is on vacation for a few weeks. Which of the following should the technician do to validate the authenticity of the email?
A. Check the metadata in the email header of the received path in reverse order to follow the email’s path.
B. Hover the mouse over the CIO’s email address to verify the email address.
C. Look at the metadata in the email header and verify the ג€From:ג€ line matches the CIO’s email address.
D. Forward the email to the CIO and ask if the CIO sent the email requesting the documents.
Q9.A recent audit cited a risk involving numerous low-criticality vulnerabilities created by a web application using a third-party library. The development staff state there are still customers using the application even though it is end of life and it would be a substantial burden to update the application for compatibility with more secure libraries. Which of the following would be the MOST prudent course of action?
A. Accept the risk if there is a clear road map for timely decommission.
B. Deny the risk due to the end-of-life status of the application.
C. Use containerization to segment the application from other applications to eliminate the risk.
D. Outsource the application to a third-party developer group.
Q10.An organization wants to implement a biometric system with the highest likelihood that an unauthorized user will be denied access. Which of the following should the organization use to compare biometric solutions?
A. FRR
B. Difficulty of use
C. Cost
D. FAR
E. CER
Q11.Which of the following is the MOST effective control against zero-day vulnerabilities?
A. Network segmentation
B. Patch management
C. Intrusion prevention system
D. Multiple vulnerability scanners
Q12.A company is launching a website in a different country in order to capture user information that a marketing business can use. The company itself will not be using the information. Which of the following roles is the company assuming?
A. Data owner
B. Data processor
C. Data steward
D. Data collector
Q13.A user is attempting to navigate to a website from inside the company network using a desktop. When the user types in the URL, https://www.site.com, the user is presented with a certificate mismatch warning from the browser. The user does not receive a warning when visiting http://www.anothersite.com. Which of the following describes this attack?
A. On-path
B. Domain hijacking
C. DNS poisoning
D. Evil twin
Q14.While preparing a software inventory report, a security analyst discovers an unauthorized program installed on most of the company’s servers. The program utilizes the same code signing certificate as an application deployed to only the accounting team. After removing the unauthorized program, which of the following mitigations should the analyst implement to BEST secure the server environment?
A. Revoke the code signing certificate used by both programs.
B. Block all unapproved file hashes from installation
C. Add the accounting application file hash to the allowed list.
D. Update the code signing certificate for the approved application.
Q15.A network manager is concerned that business may be negatively impacted if the firewall in its data center goes offline. The manager would like to implement a high availability pair to:
A. decrease the mean time between failures.
B. remove the single point of failure.
C. cut down the mean time to repair.
D. reduce the recovery time objective.
Q16.An organization is concerned about intellectual property theft by employees who leave the organization. Which of the following should the organization MOST likely implement?
A. CBT
B. NDA
C. MOU
D. AUP
Q17.Which of the following organizations sets frameworks and controls for optimal security configuration on systems?
A. ISO
B. GDPR
C. PCI DSS
D. NIST
Q18.A security investigation revealed that malicious software was installed on a server using a server administrator’s credentials. During the investigation, the server administrator explained that Telnet was regularly used to log in. Which of the following most likely occurred?
A. A spraying attack was used to determine which credentials to use
B. A packet capture tool was used to steal the password
C. A remote-access Trojan was used to install the malware
D. A dictionary attack was used to log in as the server administrator
Q19.A security analyst is assessing a new y developed web application by testing SQL injection, CSRF, and XML injection. Which of the following frameworks should the analyst consider?
A. ISO
B. MITRE ATT&CK
C. OWASP
D. NIST
Q20.An employee’s company email is configured with conditional access and requires that MFA is enabled and used. An example of MFA is a phone call and:
A. a push notification
B. a password
C. an SMS message
D. an authentication application
Q21.To mitigate the impact of a single VM being compromised by another VM on the same hypervisor, an administrator would like to utilize a technical control to further segregate the traffic. Which of the following solutions would BEST accomplish this objective?
A. Install a hypervisor firewall to filter east-west traffic
B. Add more VLANs to the hypervisor network switches
C. Move exposed or vulnerable VMs to the DMZ
D. Implement a Zero Trust policy and physically segregate the hypervisor server.
Q22.The new Chief Information Security Officer at a company has asked the security team to implement stronger user account policies. The new policies require:
* Users to choose a password unique to their last ten passwords
* Users to not log in from certain high-risk countries
Which of the following should the security team implement? (Choose two.)
A. Password complexity
B. Password history
C. Geolocation
D. Geofencing
E. Geotagging
F. Password reuse
Q23.Which of the following is a benefit of including a risk management framework into an organization’s security approach?
A. It defines expected service levels from participating supply chain partners to ensure system outages are remediated in a timely manner.
B. It identifies specific vendor products that have been tested and approved for use in a secure environment.
C. It provides legal assurances and remedies in the event a data breach occurs.
D. It incorporates control, development, policy, and management activities into IT operations.
Q24.A network engineer receives a call regarding multiple LAN-connected devices that are on the same switch. The devices have suddenly been experiencing speed and latency issues while connecting to network resources. The engineer enters the command show mac address-table and reviews the following output:
Which of the following best describes the attack that is currently in progress’?
A. MAC flooding
B. Evil twin
C. ARP poisoning
D. DHCP spoofing
Q25.A database administrator wants to grant access to an application that will be reading and writing data to a database. The database is shared by other applications also used by the finance department. Which of the following account types is MOST appropriate for this purpose?
A. Service
B. Shared
C. Generic
D. Admin
Q26.An organization recently released a software assurance policy that requires developers to run code scans each night on the repository. After the first night, the security team alerted the developers that more than 2,000 findings were reported and need to be addressed. Which of the following is the MOST likely cause for the high number of findings?
A. The vulnerability scanner was not properly configured and generated a high number of false positives.
B. Third-party libraries have been loaded into the repository and should be removed from the codebase.
C. The vulnerability scanner found several memory leaks during runtime, causing duplicate reports for the same issue.
D. The vulnerability scanner was not loaded with the correct benchmarks and needs to be updated.
Q27.A security analyst needs to centrally manage credentials and permissions to the company’s network devices. The following security requirements must be met:
• All actions performed by the network staff must be logged.
• Per-command permissions must be possible.
• The authentication server and the devices must communicate through TCP.
Which of the following authentication protocols should the analyst choose?
A. Kerberos
B. CHAP
C. TACACS+
D. RADIUS
Q28.An organization wants to enable built-in FDE on all laptops. Which of the following should the organization ensure is installed on all laptops?
A. TPM
B. CA
C. SAML
D. CRL
Q29.A security engineer is reviewing the logs from a SAML application that is configured to use MFA. During this review, the engineer noticed a high volume of successful logins that did not require MFA from users who were traveling internationally. The application, which can be accessed without a VPN, has a policy that allows time-based tokens to be generated. Users who change locations should be required to re-authenticate but have been able to log in without doing so. Which of the following statements BEST explains the issue?
A. OpenID is mandatory to make the MFA requirements work.
B. An incorrect browser has been detected by the SAML application.
C. The access device has a trusted certificate installed that is overwriting the session token.
D. The user’s IP address is changing between logins, but the application is not invalidating the token.
Q30.A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly. Which of the following technologies should the IT manager use when implementing MFA?
A. One-time passwords
B. Email tokens
C. Push notifications
D. Hardware authentication
Q31.A Chief Information Security Officer (CISO) is evaluating the dangers involved in deploying a new ERP system for the company. The CISO categorizes the system, selects the controls that apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system. Which of the following is the CISO using to evaluate the environment for this new ERP system?
A. The Diamond Model of Intrusion Analysis
B. CIS Critical Security Controls
C. NIST Risk Management Framework
D. ISO 27002
Q32.Ann, a customer, received a notification from her mortgage company stating her PII may be shared with partners, affiliates, and associates to maintain day-to-day business operations. Which of the following documents did Ann receive?
A. An annual privacy notice
B. A non-disclosure agreement
C. A privileged-user agreement
D. A memorandum of understanding
Q33.Which of the following would be the BEST resource for a software developer who is looking to improve secure coding practices for web applications?
A. OWASP
B. Vulnerability scan results
C. NIST CSF
D. Third-party libraries
Q34.Which of the following BEST describes data streams that are compiled through artificial intelligence that provides insight on current cyberintrusions, phishing, and other malicious cyber activity?
A. Intelligence fusion
B. Review reports
C. Log reviews
D. Threat feeds
Q35.Which of the following is a targeted attack aimed at compromising users within a specific industry or group?
A. Watering hole
B. Typosquatting
C. Hoax
D. Impersonation
Q36.A technician was dispatched to complete repairs on a server in a data center. While locating the server, the technician entered a restricted area without authorization. Which of the following security controls would BEST prevent this in the future?
A. Use appropriate signage to mark all areas.
B. Utilize cameras monitored by guards.
C. Implement access control vestibules.
D. Enforce escorts to monitor all visitors.
Q37.Which of the following are common VoIP-associated vulnerabilities? (Choose two.)
A. SPIM
B. Vishing
C. Hopping
D. Phishing
E. Credential harvesting
F. Tailgating
Q38.A retail store has a business requirement to deploy a kiosk computer in an open area. The kiosk computer’s operating system has been hardened and tested. A security engineer is concerned that someone could use removable media to install a rootkit. Which of the following should the security engineer configure to BEST protect the kiosk computer?
A. Measured boot
B. Boot attestation
C. UEFI
D. EDR
Q39.Which of the following secure coding techniques makes compromised code more difficult for hackers to use?
A. Obfuscation
B. Normalization
C. Execution
D. Reuse
Q40.The Chief Information Security Officer (CISO) has requested that a third-party vendor provide supporting documents that show proper controls are in place to protect customer data. Which of the following would be BEST for the third-party vendor to provide to the CISO?
A. GDPR compliance attestation
B. Cloud Security Alliance materials
C. SOC 2 Type 2 report
D. NIST RMF workbooks
Q41.A new security engineer has started hardening systems. One of the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability to use SCP to transfer files to the NAS, even though the data is still viewable from the users’ PCs. Which of the following is the MOST likely cause of this issue?
A. TFTP was disabled on the local hosts.
B. SSH was turned off instead of modifying the configuration file.
C. Remote login was disabled in the networkd.conf instead of using the sshd.conf.
D. Network services are no longer running on the NAS.
Q42.A security administrator performs weekly vulnerability scans on all cloud assets and provides a detailed report. Which of the following describes the administrator’s activities?
A. Continuous deployment
B. Continuous integration
C. Data owners
D. Data processor
Q43.Which of the following is the BEST example of a cost-effective physical control to enforce a USB removable media restriction policy?
A. Putting security/antitamper tape over USB ports, logging the port numbers, and regularly inspecting the ports
B. Implementing a GPO that will restrict access to authorized USB removable media and regularly verifying that it is enforced
C. Placing systems into locked, key-controlled containers with no access to the USB ports
D. Installing an endpoint agent to detect connectivity of USB and removable media
Q44.A security team discovered a large number of company-issued devices with non-work-related software installed. Which of the following policies would MOST likely contain language that would prohibit this activity?
A. NDA
B. BPA
C. AUP
D. SLA
Q45.A security administrator needs to block a TCP connection using the corporate firewall. Because this connection is potentially a threat, the administrator does not want to send back an RST. Which of the following actions in the firewall rule would work BEST?
A. Drop
B. Reject
C. Log alert
D. Permit
Q46.Which of the following is an example of risk avoidance?
A. Installing security updates directly in production to expedite vulnerability fixes
B. Buying insurance to prepare for financial loss associated with exploits
C. Not installing new software to prevent compatibility errors
D. Not taking preventive measures to stop the theft of equipment
Q47.The technology department at a large global company is expanding its Wi-Fi network infrastructure at the headquarters building. Which of the following should be closely coordinated between the technology, cybersecurity, and physical security departments? Select 1
A. Authentication protocol
B. Encryption type
C. WAP placement
D. VPN configuration
Q48.Which of the following can reduce vulnerabilities by avoiding code reuse?
A. Memory management
B. Stored procedures
C. Normalization
D. Code obfuscation
Q49.Which of the following involves the inclusion of code in the main codebase as soon as it is written?
A. Continuous monitoring
B. Continuous deployment
C. Continuous validation
D. Continuous integration
Q50.A security analyst notices that specific files are being deleted each time a systems administrator is on vacation. Which of the following BEST describes the type of malware that is running?
A. Fileless virus
B. Logic bomb
C. Keylogger
D. Ransomware
Q51.An attacker replaces a digitally signed document with another version that goes unnoticed. Upon reviewing the document’s contents, the author notices some additional verbiage that was not originally in the document but cannot validate an integrity issue. Which of the following attacks was used?
A. Crypto Malware
B. Hash substitution
C. Collision
D. Phishing
Q52.A company’s Chief Information Officer (CIO) is meeting with the Chief Information Security Officer (CISO) to plan some activities to enhance the skill levels of the company’s developers. Which of the following would be MOST suitable for training the developers?
A. A capture-the-flag competition
B. A phishing simulation
C. Physical security training
D. Basic awareness training
Q53.Which of the following is an administrative control that would be MOST effective to reduce the occurrence of malware execution?
A. Security awareness training
B. Frequency of NIDS updates
C. Change control procedures
D. EDR reporting cycle
Q54.A company recently set up an e-commerce portal to sell its product online. The company wants to start accepting credit cards for payment, which requires compliance with a security standard. Which of the following standards must the company comply with before accepting credit cards on its e-commerce platform?
A. PCI DSS
B. ISO 22301
C. ISO 27001
D. NIST CSF
Q55.A recent security assessment revealed that an actor exploited a vulnerable workstation within an organization and has persisted on the network for several months. The organization realizes the need to reassess its security strategy for mitigating risks within the perimeter. Which of the following solutions would BEST support the organization’s strategy?
A. FIM
B. DLP
C. EDR
D. UTM
Q56.An organization is concerned that its hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities?
A. hping3 ג€”S comptia.org ג€”p 80
B. nc ג€”l ג€”v comptia.org ג€”p 80
C. nmap comptia.org ג€”p 80 ג€”sV
D. nslookup ג€”port=80 comptia.org
Q57.While reviewing the wireless router, a systems administrator of a small business determines someone is spoofing the MAC address of an authorized device. Given the table below:
Which of the following should be the administrator’s NEXT step to detect if there is a rogue system without impacting availability?
A. Conduct a ping sweep,
B. Physically check each system.
C. Deny internet access to the “UNKNOWN” hostname.
D. Apply MAC filtering.
Q58.A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process. Which of the following methods would BEST accomplish this goal?
A. Salting the magnetic strip information
B. Encrypting the credit card information in transit
C. Hashing the credit card numbers upon entry
D. Tokenizing the credit cards in the database
Q59.A Chief Information Security Officer (CISO) is concerned about the organization’s ability to continue business operations in the event of a prolonged DDoS attack on its local datacenter that consumes database resources. Which of the following will the CISO MOST likely recommend to mitigate this risk?
A. Upgrade the bandwidth available into the datacenter.
B. Implement a hot-site failover location.
C. Switch to a complete SaaS offering to customers.
D. Implement a challenge response test on all end-user queries.
Q60.A host was infected with malware. During the incident response, Joe, a user, reported that he did not receive any emails with links, but he had been browsing the internet all day. Which of the following would MOST likely show where the malware originated?
A. The DNS logs
B. The web server logs
C. The SIP traffic logs
D. The SNMP logs
