Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

CompTIA SY0-701 CompTIA Security+ Exam 2026 Exam Practice Test

Demo: 266 questions
Total 887 questions

CompTIA Security+ Exam 2026 Questions and Answers

Question 1

A company wants to protect a specialized legacy platform that controls the physical flow of gas inside of pipes. Which of the following environments does the company need to secure to best achieve this goal?

Options:

A.

IaaS

B.

SCADA

C.

SDN

D.

IoT

Question 2

While investigating a recent security breach an analyst finds that an attacker gained access by SOL infection through a company website. Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?

Options:

A.

Secure cookies

B.

Input sanitization

C.

Code signing

D.

Blocklist

Question 3

An IT security team is concerned about the confidentiality of documents left unattended in MFPs. Which of the following should the security team do to mitigate the situation?

Options:

A.

Educate users about the importance of paper shredder devices.

B.

Deploy an authentication factor that requires ln-person action before printing.

C.

Install a software client m every computer authorized to use the MFPs.

D.

Update the management software to utilize encryption.

Question 4

During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?

Options:

A.

Analysis

B.

Lessons learned

C.

Detection

D.

Containment

Question 5

A security analyst is evaluating a SaaS application that the human resources department would like to implement. The analyst requests a SOC 2 report from the SaaS vendor. Which of the following processes is the analyst most likely conducting?

Options:

A.

Internal audit

B.

Penetration testing

C.

Attestation

D.

Due diligence

Question 6

A security administrator is reissuing a former employee ' s laptop. Which of the following is the best combination of data handling activities for the administrator to perform? (Select two).

Options:

A.

Data retention

B.

Certification

C.

Tokenization

D.

Classification

E.

Sanitization

F.

Enumeration

Question 7

The security team notices that the Always On VPN solution sometimes fails to connect. This leaves remote users unprotected because they cannot connect to the on-premises web proxy. Which of the following changes will best provide web protection in this scenario?

Options:

A.

Implement network access control.

B.

Configure the local gateway to point to the VPN.

C.

Create a public NAT to the on-premises proxy.

D.

Install a host-based content filtering solution.

Question 8

A company ' s website is www. Company. com Attackers purchased the domain wwww. company.com Which of the following types of attacks describes this example?

Options:

A.

Typosquatting

B.

Brand Impersonation

C.

On-path

D.

Watering-hole

Question 9

A company is working with a vendor to perform a penetration test Which of the following includes an estimate about the number of hours required to complete the engagement?

Options:

A.

SOW

B.

BPA

C.

SLA

D.

NDA

Question 10

Which of the following cryptographic solutions protects data at rest?

Options:

A.

Digital signatures

B.

Full disk encryption

C.

Private key

D.

Steganography

Question 11

Which of the following is the best way to validate the integrity and availability of a disaster recovery site?

Options:

A.

Lead a simulated failover.

B.

Conduct a tabletop exercise.

C.

Periodically test the generators.

D.

Develop requirements for database encryption.

Question 12

Which of the following is the best method to reduce the attack surface of an enterprise network?

Options:

A.

Disable unused network services on servers.

B.

Use port security for wired connections.

C.

Change default passwords for network printers.

D.

Create a guest wireless network for visitors.

Question 13

Which of the following actions must an organization take to comply with a person ' s request for the right to be forgotten?

Options:

A.

Purge all personally identifiable attributes.

B.

Encrypt all of the data.

C.

Remove all of the person’s data.

D.

Obfuscate all of the person’s data.

Question 14

Which of the following threat actors would most likely target an organization by using a logic bomb within an internally-developed application?

Options:

A.

Nation-state

B.

Trusted insider

C.

Organized crime group

D.

Hacktivist

Question 15

A security analyst receives an alert from a web server that contains the following logs:

GET /image?filename=../../../etc/passwd

Host: AcmeInc.web.net

useragent: python-request/2.27.1

GET /image?filename=../../../etc/shadow

Host: AcmeInc.web.net

useragent: python-request/2.27.1

Which of the following attacks is being attempted?

Options:

A.

File injection

B.

Privilege escalation

C.

Directory traversal

D.

Cookie forgery

Question 16

A store is setting up wireless access for their employees. Management wants to limit the number of access points while ensuring all areas of the store are covered. Which of the following tools will help management determine the number of access points needed?

Options:

A.

Signal locator

B.

WPA3

C.

Heat map

D.

Site survey

Question 17

An alert references attacks associated with a zero-day exploit. An analyst places a bastion host in the network to reduce the risk. Which type of control is being implemented?

Options:

A.

Compensating

B.

Detective

C.

Operational

D.

Physical

Question 18

Which of the following would be the best ways to ensure only authorized personnel can access a secure facility? (Select two).

Options:

A.

Fencing

B.

Video surveillance

C.

Badge access

D.

Access control vestibule

E.

Sign-in sheet

F.

Sensor

Question 19

An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a “page not found” error message. Which of the following types of social engineering attacks occurred?

Options:

A.

Brand impersonation

B.

Pretexting

C.

Typosquatting

D.

Phishing

Question 20

A security analyst learns that an attack vector, used as part of a recent incident, was a well-known IoT device exploit. The analyst needs to review logs to identify the time of the initial exploit. Which of the following logs should the analyst review first?

Options:

A.

Endpoint

B.

Application

C.

Firewall

D.

NAC

Question 21

After multiple phishing simulations, the Chief Security Officer announces a new program that incentivizes employees to not click phishing links in the upcoming quarter. Which of the following security awareness execution techniques does this represent?

Options:

Question 22

Which of the following is most likely to be used as a just-in-time reference document within a security operations center?

Options:

A.

Change management policy

B.

Risk profile

C.

Playbook

D.

SIEM profile

Question 23

Which of the following is an algorithm performed to verify that data has not been modified?

Options:

A.

Hash

B.

Code check

C.

Encryption

D.

Checksum

Question 24

A security analyst scans a company ' s public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?

Options:

A.

Changing the remote desktop port to a non-standard number

B.

Setting up a VPN and placing the jump server inside the firewall

C.

Using a proxy for web connections from the remote desktop server

D.

Connecting the remote server to the domain and increasing the password length

Question 25

A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do?

Options:

A.

Place posters around the office to raise awareness of common phishing activities.

B.

Implement email security filters to prevent phishing emails from being delivered

C.

Update the EDR policies to block automatic execution of downloaded programs.

D.

Create additional training for users to recognize the signs of phishing attempts.

Question 26

Which of the following is the act of proving to a customer that software developers are trained on secure coding?

Options:

A.

Assurance

B.

Contract

C.

Due diligence

D.

Attestation

Question 27

As part of new compliance audit requirements, multiple servers need to be segmented on different networks and should be reachable only from authorized internal systems. Which of the following would meet the requirements?

Options:

A.

Configure firewall rules to block external access to Internal resources.

B.

Set up a WAP to allow internal access from public networks.

C.

Implement a new IPSec tunnel from internal resources.

D.

Deploy an Internal Jump server to access resources.

Question 28

Which of the following would be best suited for constantly changing environments?

Options:

A.

RTOS

B.

Containers

C.

Embedded systems

D.

SCADA

Question 29

An external security assessment report indicates a high click rate on suspicious emails. The Chief Intelligence Security Officer (CISO) must reduce this behavior. Which of the following should the CISO do first?

Options:

A.

Update the acceptable use policy.

B.

Deploy a password management solution.

C.

Issue warning letters to affected users.

D.

Implement a phishing awareness campaign.

Question 30

The Chief Information Security Officer of an organization needs to ensure recovery from ransomware would likely occur within the organization ' s agreed-upon RPOs end RTOs. Which of the following backup scenarios would best ensure recovery?

Options:

A.

Hourly differential backups stored on a local SAN array

B.

Dally full backups stored on premises in magnetic offline media

C.

Daly differential backups maintained by a third-party cloud provider

D.

Weekly full backups with daily incremental stored on a NAS drive

Question 31

Which of the following objectives is best achieved by a tabletop exercise?

Options:

A.

Familiarizing participants with the incident response process

B.

Deciding red and blue team rules of engagement

C.

Quickly determining the impact of an actual security breach

D.

Conducting multiple security investigations in parallel

Question 32

A company asks a vendor to help its internal red team with a penetration test without providing too much detail about the infrastructure. Which of the following penetration testing methods does this scenario describe?

Options:

A.

Passive reconnaissance

B.

Partially-known environment

C.

Integrated testing

D.

Defensive testing

Question 33

An organization is implementing a COPE mobile device management policy. Which of the following should the organization include in the COPE policy? (Select two).

Options:

A.

Remote wiping of the device

B.

Data encryption

C.

Requiring passwords with eight characters

D.

Data usage caps

E.

Employee data ownership

F.

Personal application store access

Question 34

A security team identifies a vulnerability in an application that the developers will not be able to patch for six months. Which of the following should the security team use to document this vulnerability?

Options:

A.

Risk register

B.

Patching schedule

C.

Vulnerability matrix

D.

Change management procedure

Question 35

During a recent log review, an analyst discovers evidence of successful injection attacks. Which of the following will best address this issue?

Options:

A.

Authentication

B.

Secure cookies

C.

Static code analysis

D.

Input validation

Question 36

A company installed cameras and added signs to alert visitors that they are being recorded. Which of the following controls did the company implement? (Select two).

Options:

A.

Directive

B.

Deterrent

C.

Preventive

D.

Detective

E.

Corrective

F.

Technical

Question 37

Which of the following cryptographic methods is preferred for securing communications with limited computing resources?

Options:

A.

Hashing algorithm

B.

Public key infrastructure

C.

Symmetric encryption

D.

Elliptic curve cryptography

Question 38

During a SQL update of a database, a temporary field that was created was replaced by an attacker in order to allow access to the system. Which of the following best describes this type of vulnerability?

Options:

A.

Race condition

B.

Memory injection

C.

Malicious update

D.

Side loading

Question 39

A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors. Which of the following should the systems administrator use?

Options:

A.

Packet captures

B.

Vulnerability scans

C.

Metadata

D.

Dashboard

Question 40

Which of the following is a possible consequence of a VM escape?

Options:

A.

Malicious instructions can be inserted into memory and give the attacker elevated permissions.

B.

An attacker can access the hypervisor and compromise other VMs.

C.

Unencrypted data can be read by a user in a separate environment.

D.

Users can install software that is not on the manufacturer ' s approved list.

Question 41

A security company informs its customers of a new vulnerability that affects web applications. The vulnerability does not have an available patch at the moment. Which of the following best describes this vulnerability?

Options:

A.

Zero-day

B.

XSS

C.

SQLi

D.

Buffer overflow

Question 42

A Chief Security Officer signs off on a request to allow inbound SMB and RDP from the internet to a single VLAN. Which of the following is the most likely explanation for this activity?

Options:

A.

The company built a new file-sharing site.

B.

The organization is preparing for a penetration test.

C.

The security team is integrating with an SASE platform.

D.

The security team created a honeynet.

Question 43

Following a security review, an organization must ensure users verify their identities against the company ' s identity services with individual credentials leveraging WPA2-Enterprise for wireless access. Which of the following configuration steps correctly applies RADIUS in this environment?

Options:

A.

Enabling 802.1X authentication and integrating it with the corporate directory

B.

Installing self-signed certificates on all user devices

C.

Enabling MAC filters for all wireless clients

D.

Configuring the wireless controller to require multifactor authentication

Question 44

A security analyst must select a metric to determine the required investment in technology based on past availability incidents. Which of the following is the most relevant value to help select technology that mitigates risk and considers reliability?

Options:

A.

MTBF

B.

RTO

C.

ALE

D.

RPO

Question 45

Which of the following security concepts is accomplished when granting access after an individual has logged into a computer network?

Options:

A.

Authorization

B.

Identification

C.

Non-repudiation

D.

Authentication

Question 46

Which of the following describes the reason for using an MDM solution to prevent jailbreaking?

Options:

A.

To secure end-of-life devices from incompatible firmware updates

B.

To avoid hypervisor attacks through VM escape

C.

To eliminate buffer overflows at the application layer

D.

To prevent users from changing the OS of mobile devices

Question 47

Which of the following would enable a data center to remain operational through a multiday power outage?

Options:

A.

Generator

B.

Uninterruptible power supply

C.

Replication

D.

Parallel processing

Question 48

The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?

Options:

A.

Shadow IT

B.

Insider threat

C.

Data exfiltration

D.

Service disruption

Question 49

A legacy device is being decommissioned and is no longer receiving updates or patches. Which of the following describes this scenario?

Options:

A.

End of business

B.

End of testing

C.

End of support

D.

End of life

Question 50

After reviewing the following vulnerability scanning report:

Server:192.168.14.6

Service: Telnet

Port: 23 Protocol: TCP

Status: Open Severity: High

Vulnerability: Use of an insecure network protocol

A security analyst performs the following test:

nmap -p 23 192.168.14.6 —script telnet-encryption

PORT STATE SERVICE REASON

23/tcp open telnet syn-ack

I telnet encryption:

| _ Telnet server supports encryption

Which of the following would the security analyst conclude for this reported vulnerability?

Options:

A.

It is a false positive.

B.

A rescan is required.

C.

It is considered noise.

D.

Compensating controls exist.

Question 51

An administrator wants to perform a risk assessment without using proprietary company information. Which of the following methods should the administrator use to gather information?

Options:

A.

Network scanning

B.

Penetration testing

C.

Open-source intelligence

D.

Configuration auditing

Question 52

Which of the following must be considered when designing a high-availability network? (Select two).

Options:

A.

Ease of recovery

B.

Ability to patch

C.

Physical isolation

D.

Responsiveness

E.

Attack surface

F.

Extensible authentication

Question 53

Which of the following vulnerabilities is exploited when an attacker overwrites a register with a malicious address?

Options:

A.

VM escape

B.

SQL injection

C.

Buffer overflow

D.

Race condition

Question 54

A company is in the process of cutting jobs to manage costs. The Chief Information Security Officer is concerned about the increased risk of an insider threat. Which of the following will most likely help the security awareness team address this potential threat?

Options:

A.

Immediately disable the accounts of staff who are likely to be terminated.

B.

Train supervisors to identify and manage disgruntled employees.

C.

Configure DLP to monitor staff who will be terminated.

D.

Raise awareness for business leaders on social engineering techniques.

Question 55

A recent penetration test identified that an attacker could flood the MAC address table of network switches. Which of the following would best mitigate this type of attack?

Options:

A.

Load balancer

B.

Port security

C.

IPS

D.

NGFW

Question 56

An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?

Options:

A.

Hardening

B.

Employee monitoring

C.

Configuration enforcement

D.

Least privilege

Question 57

Which of the following should a security team do first before a new web server goes live?

Options:

A.

Harden the virtual host.

B.

Create WAF rules.

C.

Enable network intrusion detection.

D.

Apply patch management

Question 58

Which of the following is a prerequisite for a DLP solution?

Options:

A.

Data destruction

B.

Data sanitization

C.

Data classification

D.

Data masking

Question 59

A security engineer needs to quickly identify a signature from a known malicious file. Which of the following analysis methods would the security engineer most likely use?

Options:

A.

Static

B.

Sandbox

C.

Network traffic

D.

Package monitoring

Question 60

A security analyst is reviewing the following logs:

Which of the following attacks is most likely occurring?

Options:

A.

Password spraying

B.

Account forgery

C.

Pass-t he-hash

D.

Brute-force

Question 61

A database administrator is updating the company ' s SQL database, which stores credit card information for pending purchases. Which of the following is the best method to secure the data against a potential breach?

Options:

A.

Hashing

B.

Obfuscation

C.

Tokenization

D.

Masking

Question 62

Which of the following is the best reason to perform a tabletop exercise?

Options:

A.

To address audit findings

B.

To collect remediation response times

C.

To update the IRP

D.

To calculate the ROI

Question 63

A company receives an alert that a widely used network device vendor has been banned by the government. What will general counsel most likely be concerned with during hardware refresh?

Options:

A.

Sanctions

B.

Data sovereignty

C.

Cost of replacement

D.

Loss of license

Question 64

Which of the following concepts protects sensitive information from unauthorized disclosure?

Options:

A.

Integrity

B.

Availability

C.

Authentication

D.

Confidentiality

Question 65

Which of the following best describes a common use of OSINT?

Options:

A.

Monitoring internal systems and network traffic to detect abnormal behavior

B.

Installing and configuring security patches to fix known vulnerabilities

C.

Collecting information from public platforms to find possible security exposures

D.

Encrypting sensitive company data and storing it securely in the cloud

Question 66

Which of the following is the best safeguard to protect against an extended power failure?

Options:

A.

Off-site backups

B.

Batteries

C.

Uninterruptible power supplies

D.

Generators

Question 67

An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?

Options:

A.

ACL

B.

DLP

C.

IDS

D.

IPS

Question 68

Client files can only be accessed by employees who need to know the information and have specified roles in the company. Which of the following best describes this security concept?

Options:

A.

Availability

B.

Confidentiality

C.

Integrity

D.

Non-repudiation

Question 69

An organization has recently decided to implement SSO. The requirements are to leverage access tokens and focus on application authorization rather than user authentication. Which of the following solutions would the engineering team most likely configure?

Options:

A.

LDAP

B.

Federation

C.

SAML

D.

OAuth

Question 70

Which of the following is a type of vulnerability that involves inserting scripts into web-based applications in order to take control of the client ' s web browser?

Options:

A.

SQL injection

B.

Cross-site scripting

C.

Zero-day exploit

D.

On-path attack

Question 71

A university employee logged on to the academic server and attempted to guess the system administrators ' log-in credentials. Which of the following security measures should the university have implemented to detect the employee ' s attempts to gain access to the administrators ' accounts?

Options:

A.

Two-factor authentication

B.

Firewall

C.

Intrusion prevention system

D.

User activity logs

Question 72

Which of the following can be used to compromise a system that is running an RTOS?

Options:

A.

Cross-site scripting

B.

Memory injection

C.

Replay attack

D.

Ransomware

Question 73

A security analyst learns that an attack vector, which was used as a part of a recent incident, was a well-known IoT device exploit. The analyst needs to review logs to identify the time of initial exploit. Which of the following logs should the analyst review first?

Options:

A.

Wireless access point

B.

Switch

C.

Firewall

D.

NAC

Question 74

A company ' s end users are reporting that they are unable to reach external websites. After reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk, and memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of DNS queries sent to this server. Which of the following best describes what the security analyst is seeing?

Options:

A.

Concurrent session usage

B.

Secure DNS cryptographic downgrade

C.

On-path resource consumption

D.

Reflected denial of service

Question 75

Which of the following methods would most likely be used to identify legacy systems?

Options:

A.

Bug bounty program

B.

Vulnerability scan

C.

Package monitoring

D.

Dynamic analysis

Question 76

An IT manager is increasing the security capabilities of an organization after a data classification initiative determined that sensitive data could be exfiltrated from the environment. Which of the following solutions would mitigate the risk?

Options:

A.

XDR

B.

SPF

C.

DLP

D.

DMARC

Question 77

Which of the following must be considered when designing a high-availability network? (Choose two).

Options:

A.

Ease of recovery

B.

Ability to patch

C.

Physical isolation

D.

Responsiveness

E.

Attack surface

F.

Extensible authentication

Question 78

A company is concerned about the theft of client data from decommissioned laptops. Which of the following is the most cost-effective method to decrease this risk?

Options:

A.

Wiping

B.

Recycling

C.

Shredding

D.

Deletion

Question 79

Which of the following vulnerabilities will lead to a successful attack that injects < IMG src= ' http://attackersite.net/mycode.sh ' > into a web application?

Options:

A.

Directory traversal

B.

Buffer overflow

C.

SQLi

D.

XSS

Question 80

Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?

Options:

A.

Preparation

B.

Recovery

C.

Lessons learned

D.

Analysis

Question 81

An administrator has configured a quarantine subnet for all guest devices that connect to the network. Which of the following would be best for the security team to configure on the MDM before allowing access to corporate resources?

Options:

A.

Device fingerprinting

B.

Compliance attestation

C.

NAC

D.

802.1X

Question 82

Which of the following should be used to ensure that a new software release has not been modified before reaching the user?

Options:

A.

Tokenization

B.

Encryption

C.

Hashing

D.

Obfuscation

Question 83

Which of the following is an example of a data protection strategy that uses tokenization?

Options:

A.

Encrypting databases containing sensitive data

B.

Replacing sensitive data with surrogate values

C.

Removing sensitive data from production systems

D.

Hashing sensitive data in critical systems

Question 84

Which of the following should be deployed on an externally facing web server in order to establish an encrypted connection?

Options:

A.

Public key

B.

Private Key

C.

Asymmetric key

D.

Symmetric key

Question 85

A security administrator is deploying a DLP solution to prevent the exfiltration of sensitive customer data. Which of the following should the administrator do first?

Options:

A.

Block access to cloud storage websites.

B.

Create a rule to block outgoing email attachments.

C.

Apply classifications to the data.

D.

Remove all user permissions from shares on the file server.

Question 86

An organization authorizes system deployment on the network after reducing the number of Category 1 vulnerabilities to zero. Which of the following is this scenario an example of?

Options:

A.

Risk avoidance

B.

Risk tolerance

C.

Risk transference

D.

Risk reporting

Question 87

A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?

Options:

A.

Accept

B.

Transfer

C.

Mitigate

D.

Avoid

Question 88

While reviewing logs, a security administrator identifies the following code:

< script > function(send_info) < /script >

Which of the following best describes the vulnerability being exploited?

Options:

A.

XSS

B.

SQLi

C.

DDoS

D.

CSRF

Question 89

A security manager wants to reduce the number of steps required to identify and contain basic threats. Which of the following will help achieve this goal?

Options:

A.

SOAR

B.

SIEM

C.

DMARC

D.

NIDS

Question 90

A systems administrator just purchased multiple network devices. Which of the following should the systems administrator perform to prevent attackers from accessing the devices by using publicly available information?

Options:

A.

Install endpoint protection

B.

Disable ports/protocols

C.

Change default passwords

D.

Remove unnecessary software

Question 91

An organization is leveraging a VPN between its headquarters and a branch location. Which of the following is the VPN protecting?

Options:

A.

Data in use

B.

Data in transit

C.

Geographic restrictions

D.

Data sovereignty

Question 92

A wireless administrator sets up a new network in a small office using a password. The network must reduce the impact of brute-force attacks if the password is subjected to over-the-air interception. Which of the following security settings will help achieve this goal?

Options:

A.

WIPS

B.

SSO

C.

WPS

D.

SAE

Question 93

Which of the following is the most relevant reason a DPO would develop a data inventory?

Options:

A.

To manage data storage requirements better

B.

To determine the impact in the event of a breach

C.

To extend the length of time data can be retained

D.

To automate the reduction of duplicated data

Question 94

An MSSP manages firewalls for hundreds of clients. Which of the following tools would be most helpful to create a standard configuration template in order to improve the efficiency of firewall changes?

Options:

A.

SNMP

B.

Benchmarks

C.

Netflow

D.

SCAP

Question 95

A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?

Options:

A.

Clustering servers

B.

Geographic dispersion

C.

Load balancers

D.

Off-site backups

Question 96

Which of the following provides the best protection against unwanted or insecure communications to and from a device?

Options:

A.

System hardening

B.

Host-based firewall

C.

Intrusion detection system

D.

Anti-malware software

Question 97

Which of the following explains how regular patching helps mitigate risks when securing an enterprise environment?

Options:

A.

It improves server performance by reducing software bugs.

B.

It addresses known software vulnerabilities before they are exploited.

C.

It eliminates the need for firewalls and intrusion detection.

D.

It removes the need for antivirus tools.

Question 98

A security analyst is creating base for the server team to follow when hardening new devices for deployment. Which of the following beet describes what the analyst is creating?

Options:

A.

Change management procedure

B.

Information security policy

C.

Cybersecurity framework

D.

Secure configuration guide

Question 99

Which of the following describes the process of concealing code or text inside a graphical image?

Options:

A.

Symmetric encryption

B.

Hashing

C.

Data masking

D.

Steganography

Question 100

A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these requirements?

Options:

A.

Serverless framework

B.

Type 1 hvpervisor

C.

SD-WAN

D.

SDN

Question 101

Which of the following best describe a penetration test that resembles an actual external attach?

Options:

A.

Known environment

B.

Partially known environment

C.

Bug bounty

D.

Unknown environment

Question 102

Which of the following describes a situation where a user is authorized before being authenticated?

Options:

A.

Privilege escalation

B.

Race condition

C.

Tailgating

D.

Impersonation

Question 103

A certificate authority needs to post information about expired certificates. Which of the following would accomplish this task?

Options:

A.

TPM

B.

CRL

C.

PKI

D.

CSR

Question 104

A Chief Information Security Officer wants to monitor the company ' s servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?

Options:

A.

Logging all NetFlow traffic into a SIEM

B.

Deploying network traffic sensors on the same subnet as the servers

C.

Logging endpoint and OS-specific security logs

D.

Enabling full packet capture for traffic entering and exiting the servers

Question 105

During a penetration test in a hypervisor, the security engineer is able to inject a malicious payload and access the host filesystem. Which of the following best describes this vulnerability?

Options:

A.

VM escape

B.

Cross-site scripting

C.

Malicious update

D.

SQL injection

Question 106

The analyst wants to move data from production to the UAT server for testing the latest release. Which of the following strategies to protect data should the analyst use?

Options:

A.

Data masking

B.

Data tokenization

C.

Data obfuscation

D.

Data encryption

Question 107

Which of the following best describes the concept of information being stored outside of its country of origin while still being subject to the laws and requirements of the country of origin?

Options:

A.

Data sovereignty

B.

Geolocation

C.

Intellectual property

D.

Geographic restrictions

Question 108

An employee who was working remotely lost a mobile device containing company data. Which of the following provides the best solution to prevent future data loss?

Options:

A.

MDM

B.

DLP

C.

FDE

D.

EDR

Question 109

After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?

Options:

A.

Insider threat

B.

Email phishing

C.

Social engineering

D.

Executive whaling

Question 110

Which of the following is the final step of the modem response process?

Options:

A.

Lessons learned

B.

Eradication

C.

Containment

D.

Recovery

Question 111

Which of the following is a use of CVSS?

Options:

A.

To determine the cost associated with patching systems

B.

To identify unused ports and services that should be closed

C.

To analyze code for defects that could be exploited

D.

To prioritize the remediation of vulnerabilities

Question 112

Which of the following would most likely be used by attackers to perform credential harvesting?

Options:

A.

Social engineering

B.

Supply chain compromise

C.

Third-party software

D.

Rainbow table

Question 113

Which of the following attacks primarily targets insecure networks?

Options:

A.

Evil twin

B.

Impersonation

C.

Watering hole

D.

Pretexting

Question 114

Which of the following would be the best way to test resiliency in the event of a primary power failure?

Options:

A.

Parallel processing

B.

Tabletop exercise

C.

Simulation testing

D.

Production failover

Question 115

A company recently decided to allow employees to work remotely. The company wants to protect us data without using a VPN. Which of the following technologies should the company Implement?

Options:

A.

Secure web gateway

B.

Virtual private cloud end point

C.

Deep packet Inspection

D.

Next-gene ration firewall

Question 116

A company performs a vulnerability assessment and gets the following results:

Vulnerability | Server location | CVSS score

1 | Internet | 9.8

2 | Internal | 4.0

3 | Internet | 4.0

4 | Internal | 9.8

Which of the following vulnerabilities should the company patch first?

Options:

A.

1

B.

2

C.

3

D.

4

Question 117

A security analyst locates a potentially malicious video file on a server and needs to identify both the creation date and the file ' s creator. Which of the following actions would most likely give the security analyst the information required?

Options:

A.

Obtain the file ' s SHA-256 hash.

B.

Use hexdump on the file ' s contents.

C.

Check endpoint logs.

D.

Query the file ' s metadata.

Question 118

Which of the following considerations is the most important for an organization to evaluate as it establishes and maintains a data privacy program?

Options:

A.

Reporting structure for the data privacy officer

B.

Request process for data subject access

C.

Role as controller or processor

D.

Physical location of the company

Question 119

Which of the following should a security operations center use to improve its incident response procedure?

Options:

A.

Playbooks

B.

Frameworks

C.

Baselines

D.

Benchmarks

Question 120

While troubleshooting a firewall configuration, a technician determines that a “deny any” policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable.

Which of the following actions would prevent this issue?

Options:

A.

Documenting the new policy in a change request and submitting the request to change management

B.

Testing the policy in a non-production environment before enabling the policy in the production network

C.

Disabling any intrusion prevention signatures on the ' deny any* policy prior to enabling the new policy

D.

Including an ' allow any1 policy above the ' deny any* policy

Question 121

During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Oncethe password is created, the company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user ' s intranet account? (Select two).

Options:

A.

Federation

B.

Identity proofing

C.

Password complexity

D.

Default password changes

E.

Password manager

F.

Open authentication

Question 122

A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations. Which of the following should the hosting provider consider first?

Options:

A.

Local data protection regulations

B.

Risks from hackers residing in other countries

C.

Impacts to existing contractual obligations

D.

Time zone differences in log correlation

Question 123

A security analyst is investigating a workstation that is suspected of outbound communication to a command-and-control server. During the investigation, the analyst discovered that logs on the endpoint were deleted. Which of the following logs would the analyst most likely look at next?

Options:

A.

IPS

B.

Firewall

C.

ACL

D.

Windows security

Question 124

Which of the following is used to quantitatively measure the criticality of a vulnerability?

Options:

A.

CVE

B.

CVSS

C.

CIA

D.

CERT

Question 125

A security engineer receives reports of unauthorized devices on the organization ' s network. Which of the following best describes a secure and effective way to mitigate the risks?

Options:

A.

Deploy a NAC solution to block wireless connections until devices can be verified against the baseline configuration.

B.

Set the NAC solution to only accept handshakes initiated from a static set of IP addresses.

C.

Configure a NAC solution to enforce 802.1X authentication with device certificates and implement endpoint security checks.

D.

Implement a NAC solution that redirects all devices to the guest Wi-Fi for holding until a security analyst can validate the security compliance.

Question 126

The management team notices that new accounts that are set up manually do not always have correct access or permissions.

Which of the following automation techniques should a systems administrator use to streamline account creation?

Options:

A.

Guard rail script

B.

Ticketing workflow

C.

Escalation script

D.

User provisioning script

Question 127

Which of the following should an internal auditor check for first when conducting an audit of the organization’s risk management program?

Options:

A.

Policies and procedures

B.

Asset management

C.

Vulnerability assessment

D.

Business impact analysis

Question 128

A security analyst is investigating an alert that was produced by endpoint protection software. The analyst determines this event was a false positive triggered by an employee who attempted to download a file. Which of the following is the most likely reason the download was blocked?

Options:

A.

A misconfiguration in the endpoint protection software

B.

A zero-day vulnerability in the file

C.

A supply chain attack on the endpoint protection vendor

D.

Incorrect file permissions

Question 129

To which of the following security categories does an EDR solution belong?

Options:

A.

Physical

B.

Operational

C.

Managerial

D.

Technical

Question 130

A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?

Options:

A.

Cross-site scripting

B.

Buffer overflow

C.

Jailbreaking

D.

Side loading

Question 131

A security engineer is working to address the growing risks that shadow IT services are introducing to the organization. The organization has taken a cloud-first approach end does not have an on-premises IT infrastructure. Which of the following would best secure the organization?

Options:

A.

Upgrading to a next-generation firewall

B.

Deploying an appropriate in-line CASB solution

C.

Conducting user training on software policies

D.

Configuring double key encryption in SaaS platforms

Question 132

Which of the following should a technician perform to verify the integrity of a file transferred from one device to another?

Options:

A.

Authentication

B.

Obfuscation

C.

Hashing

D.

Encryption

Question 133

An IT team rolls out a new management application that uses a randomly generated MFA token sent to the administrator’s phone. Despite this new MFA precaution, there is a security breach of the same software. Which of the following describes this kind of attack?

Options:

A.

Smishing

B.

Typosquatting

C.

Espionage

D.

Pretexting

Question 134

A security audit of an organization revealed that most of the IT staff members have domain administrator credentials and do not change the passwords regularly. Which of the following solutions should the security learn propose to resolve the findings in the most complete way?

Options:

A.

Creating group policies to enforce password rotation on domain administrator credentials

B.

Reviewing the domain administrator group, removing all unnecessary administrators, and rotating all passwords

C.

Integrating the domain administrator ' s group with an IdP and requiring SSO with MFA for all access

D.

Securing domain administrator credentials in a PAM vault and controlling access with role-based access control

Question 135

A security manager created new documentation to use in response to various types of security incidents. Which of the following is the next step the manager should take?

Options:

A.

Set the maximum data retention policy.

B.

Securely store the documents on an air-gapped network.

C.

Review the documents ' data classification policy.

D.

Conduct a tabletop exercise with the team.

Question 136

Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked.

Which of the following changes would allow users to access the site?

Options:

A.

Creating a firewall rule to allow HTTPS traffic

B.

Configuring the IPS to allow shopping

C.

Tuning the DLP rule that detects credit card data

D.

Updating the categorization in the content filter

Question 137

A security analyst is reviewing the following logs about a suspicious activity alert for a user ' s VPN log-ins. Which of the following malicious activity indicators triggered the alert?

✅Log Summary:

User logs in fromChicago, ILmultiple times, then suddenly a successful login appears fromRome, Italy, followed again by Chicago logins — all within ashort time span.

Options:

A.

Impossible travel

B.

Account lockout

C.

Blocked content

D.

Concurrent session usage

Question 138

A company that has a large IT operation is looking to better control, standardize, and lower the time required to build new servers. Which of the following architectures will best achieve the company’s objectives?

Options:

A.

IoT

B.

IaC

C.

PaaS

D.

ICS

Question 139

A company decides to purchase an insurance policy. Which of the following risk management strategies is this company implementing?

Options:

A.

Mitigate

B.

Accept

C.

Avoid

D.

Transfer

Question 140

An accounting employee recently used software that was not approved by the company. Which of the following risks does this most likely represent?

Options:

A.

Unskilled attacker

B.

Hacktivist

C.

Shadow IT

D.

Supply chain

Question 141

An organization recently started hosting a new service that customers access through a web portal. A security engineer needs to add to the existing security devices a new solution to protect this new service. Which of the following is the engineer most likely to deploy?

Options:

A.

Layer 4 firewall

B.

NGFW

C.

WAF

D.

UTM

Question 142

Which of the following best distinguishes hacktivists from insider threats?

Options:

A.

Hacktivists often act based on ideological or political beliefs rather than organizational access.

B.

Hacktivists are generally employed by the target organization at the time of attack.

C.

Hacktivists often target organizations without prior access or internal affiliation.

D.

Hacktivists are primarily motivated by personal conflicts or employment-related dissatisfaction.

Question 143

A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware?

Options:

A.

A thorough analysis of the supply chain

B.

A legally enforceable corporate acquisition policy

C.

A right to audit clause in vendor contracts and SOWs

D.

An in-depth penetration test of all suppliers and vendors

Question 144

Which of the following strategies most effectively protects sensitive data at rest in a database?

Options:

A.

Hashing

B.

Masking

C.

Tokenization

D.

Obfuscation

Question 145

Which of the following best represents how frequently an incident is expected to happen each year?

Options:

A.

RTO

B.

ALE

C.

SLE

D.

ARO

Question 146

Executives at a company are concerned about employees accessing systems and information about sensitive company projects unrelated to the employees ' normal job duties. Which of the following enterprise security capabilities will the security team most likely deploy to detect that activity?

Options:

A.

UBA

B.

EDR

C.

NAC

D.

DLP

Question 147

Which of the following agreements defines response time, escalation, and performance metrics?

Options:

A.

BPA

B.

MOA

C.

NDA

D.

SLA

Question 148

Which of the following is a key reason to follow data retention policies during asset decommissioning?

Options:

A.

To ensure data is securely destroyed when no longer needed

B.

To make backup copies of all company data before disposing of hardware

C.

To allow employees to access old files even after the hardware is recycled

D.

To keep all customer data available in case it is required in the future

Question 149

An office wants to install a Wi-Fi network. The security team must ensure a secure design. The access points will be more powerful and use WPA3 with a 16-character randomized key. Which of the following should the security team do next?

Options:

A.

Create a heat map of the building perimeter.

B.

Deploy IPSec tunnels from each access point to the controller.

C.

Enable WPA2-PSK with a 24-character randomized key.

D.

Disable SSH administration on all access points.

Question 150

A company wants to ensure that only authorized devices can enter an environment. Which of the following will the company most likely use to implement the control?

Options:

A.

Access lists

B.

Remote connection

C.

Screened subnets

D.

Centralized proxy

Question 151

A security analyst reviews logs and finds a large number of malicious requests that have caused performance issues on the company ' s site. Which of the following would have most likely prevented this attack?

Options:

A.

IPSec

B.

TLS

C.

SDN

D.

WAF

Question 152

Which of the following best describe the benefits of a microservices architecture when compared to a monolithic architecture? (Select two).

Options:

A.

Easter debugging of the system

B.

Reduced cost of ownership of the system

C.

Improved scalability of the system

D.

Increased compartmentalization of the system

E.

Stronger authentication of the system

F.

Reduced complexity of the system

Question 153

Which of the following best describes the importance of implementing filesystem journaling?

Options:

A.

Replication to a secondary form of media reduces the risk of failure when the secondary media is remote.

B.

The recovery time always exceeds the RTO and RPO requirements during system downtime.

C.

A point-in-time backup provides faster data recovery if data on a disk is corrupted.

D.

A log of changes can enable recovery to a desired state after a failure.

Question 154

An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic. Which of the following will help achieve these objectives?

Options:

A.

Deploying a SASE solution to remote employees

B.

Building a load-balanced VPN solution with redundant internet

C.

Purchasing a low-cost SD-WAN solution for VPN traffic

D.

Using a cloud provider to create additional VPN concentrators

Question 155

Which of the following best explains a core principle of a Zero Trust security model?

Options:

A.

Devices connected to the internal network are automatically trusted after initial authentication.

B.

Access to resources is granted only after strict identity verification and continuous monitoring.

C.

Security policies require multifactor authentication for remote access to sensitive data.

D.

Network access is limited by role, and access controls are reviewed on a regular schedule.

Question 156

Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?

Options:

A.

Insider

B.

Unskilled attacker

C.

Nation-state

D.

Hacktivist

Question 157

During a penetration test, a vendor attempts to enter an unauthorized area using an access badge Which of the following types of tests does this represent?

Options:

A.

Defensive

B.

Passive

C.

Offensive

D.

Physical

Question 158

Several customers want an organization to verify its security controls are operating effectively and have requested an independent opinion. Which of the following is the most efficient way to address these requests?

Options:

A.

Hire a vendor to perform a penetration test.

B.

Perform an annual self-assessment.

C.

Allow each client the right to audit.

D.

Provide a third-party attestation report.

Question 159

Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?

Options:

A.

Automation

B.

Compliance checklist

C.

Attestation

D.

Manual audit

Question 160

A company is in the process of cutting jobs to manage costs. The Chief Information Security Officer is concerned about the increased risk of an insider threat. Which of the following would most likely help the security awareness team address this potential threat?

Options:

A.

Immediately disable the accounts of staff who are likely to be terminated.

B.

Train supervisors to identify and manage disgruntled employees.

C.

Configure DLP to monitor staff who will be terminated.

D.

Raise awareness for business leaders on social engineering techniques.

Question 161

A company wants to reduce the time and expense associated with code deployment. Which of the following technologies should the company utilize?

Options:

A.

Serverless architecture

B.

Thin clients

C.

Private cloud

D.

Virtual machines

Question 162

Which of the following describes the difference between encryption and hashing?

Options:

A.

Encryption protects data in transit, while hashing protects data at rest.

B.

Encryption replaces cleartext with ciphertext, while hashing calculates a checksum.

C.

Encryption ensures data integrity, while hashing ensures data confidentiality.

D.

Encryption uses a public-key exchange, while hashing uses a private key.

Question 163

Which of the following best explains why an organization would choose a warm site for disaster recovery?

Options:

A.

It reduces complexity by replicating data in real time across identical environments.

B.

It eliminates the need for backup testing by using cloud-native infrastructure.

C.

It offers fully automated fail over with no manual intervention required.

D.

It balances cost and recovery time by maintaining partially configured systems.

Question 164

Which of the following would best ensure a controlled version release of a new software application?

Options:

A.

Business continuity planning

B.

Quantified risk analysis

C.

Static code analysis

D.

Change management procedures

Question 165

Which of the following most securely protects data at rest?

Options:

A.

TLS 1.2

B.

AES-256

C.

Masking

D.

Salting

Question 166

A recent black-box penetration test of http://example.com discovered that external

website vulnerabilities exist, such as directory traversals, cross-site scripting, cross-site forgery, and insecure protocols.

You are tasked with reducing the attack space and enabling secure protocols.

INSTRUCTIONS

Part 1

Use the drop-down menus to select the appropriate technologies for each location to implement a secure and resilient web architecture. Not all technologies will be used, and technologies may be used multiple times.

Part 2

Use the drop-down menus to select the appropriate command snippets from the drop-down menus. Each command section must be filled.

Options:

Question 167

An employee receives a text message from an unknown number claiming to be the company ' s Chief Executive Officer and asking the employee to purchase several gift cards. Which of the following types of attacks does this describe?

Options:

A.

Vishing

B.

Smishing

C.

Pretexting

D.

Phishing

Question 168

Which of the following is an example of a false negative vulnerability detection in a scan report?

Options:

A.

A vulnerability that does not actually exist

B.

A vulnerability that has already been remediated

C.

A result that shows no known vulnerability

D.

A zero-day vulnerability with a known remediation

Question 169

A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

Options:

A.

Testing input validation on the user input fields

B.

Performing code signing on company-developed software

C.

Performing static code analysis on the software

D.

Ensuring secure cookies are use

Question 170

Which of the following most accurately describes the order in which a security engineer should implement secure baselines?

Options:

A.

Deploy, maintain, establish

B.

Establish, maintain, deploy

C.

Establish, deploy, maintain

D.

Deploy, establish, maintain

Question 171

Which of the following should an organization use to protect its environment from external attacks conducted by an unauthorized hacker?

Options:

A.

ACL

B.

IDS

C.

HIDS

D.

NIPS

Question 172

A company wants to get alerts when others are researching and doing reconnaissance on the company One approach would be to host a part of the Infrastructure online with known vulnerabilities that would appear to be company assets. Which of the following describes this approach?

Options:

A.

Watering hole

B.

Bug bounty

C.

DNS sinkhole

D.

Honeypot

Question 173

A security team wants to work with the development team to ensure WAF policies are automatically created when applications are deployed. Which concept describes this capability?

Options:

A.

IaC

B.

IoT

C.

IoC

D.

IaaS

Question 174

An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC’s memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?

Options:

A.

Privilege escalation

B.

Buffer overflow

C.

SQL injection

D.

Pass-the-hash

Question 175

An organization experiences data loss after several employees traveled to an area that is well-known for corporate espionage. The employees always used VPNs when connected to the hotel Wi-Fi, logged off their machines when not in use, and kept their doors locked when leaving their devices unattended. Which of the following will best prevent data loss events in the future?

Options:

A.

Data sanitization

B.

WAF

C.

FDE

D.

Split tunneling

Question 176

An organization issued new laptops to all employees and wants to provide web filtering both in and out of the office without configuring additional access to the network. Which of the following types of web filtering should a systems administrator configure?

Options:

A.

Agent-based

B.

Centralized proxy

C.

URL scanning

D.

Content categorization

Question 177

A security analyst investigates an incident in which a PowerShell script was identified as a potential IoC. Which of the following will best help the analyst identify an attempt to compromise the system?

Options:

A.

SNMP logs

B.

Firewall logs

C.

EDR logs

D.

IPS logs

Question 178

A Chief Information Security Officer (CISO) develops information security policies that relate to the software development methodology. Which of the following will the CISO most likely include in the organization ' s documentation?

Options:

A.

Peer review requirements

B.

Multifactor authentication

C.

Branch protection tests

D.

Secrets management configurations

Question 179

A company deploys a new server that a client must be able to access it at all times. Which of the following will support this availability requirement?

Options:

A.

Proxy server

B.

Jump server

C.

Geographic restrictions

D.

Load balancer

Question 180

Which of the following is die most important security concern when using legacy systems to provide production service?

Options:

A.

Instability

B.

Lack of vendor support

C.

Loss of availability

D.

Use of insecure protocols

Question 181

An administrator is reviewing a single server ' s security logs and discovers the following;

Which of the following best describes the action captured in this log file?

Options:

A.

Brute-force attack

B.

Privilege escalation

C.

Failed password audit

D.

Forgotten password by the user

Question 182

In which of the following will unencrypted PLC management traffic most likely be found?

Options:

A.

SDN

B.

IoT

C.

VPN

D.

SCADA

Question 183

A security administrator is implementing encryption on all hard drives in an organization. Which of the following security concepts is the administrator applying?

Options:

A.

Integrity

B.

Authentication

C.

Zero Trust

D.

Confidentiality

Question 184

A company needs to determine whether authentication weaknesses in a customer-facing web application exist. Which of the following is the best technique to use?

Options:

A.

Static analysis

B.

Packet capture

C.

Agent-based scanning

D.

Dynamic analysis

E.

Network-based scanning

Question 185

A security analyst investigates abnormal outbound traffic from a corporate endpoint. The traffic is encrypted and uses non-standard ports. Which of the following data sources should the analyst use first to confirm whether this traffic is malicious?

Options:

A.

Application logs

B.

Vulnerability scans

C.

Endpoint logs

D.

Packet captures

Question 186

An organization is required to provide assurance that its controls are properly designed and operating effectively. Which of the following reports will best achieve the objective?

Options:

A.

Red teaming

B.

Penetration testing

C.

Independent audit

D.

Vulnerability assessment

Question 187

Which of the following makes Infrastructure as Code (IaC) a preferred security architecture over traditional infrastructure models?

Options:

A.

Common attacks are less likely to be effective.

B.

Configuration can be better managed and replicated.

C.

Outsourcing to a third party with more expertise in network defense is possible.

D.

Optimization can occur across a number of computing instances.

Question 188

Which of the following best explains a concern with OS-based vulnerabilities?

Options:

A.

An exploit would give an attacker access to system functions that span multiple applications.

B.

The OS vendor ' s patch cycle is not frequent enough to mitigate the large number of threats.

C.

Most users trust the core operating system features and may not notice if the system has been compromised.

D.

Exploitation of an operating system vulnerability is typically easier than any other vulnerability.

Question 189

Which of the following is the most likely motivation for a company administrator to look at an employee ' s personal information in a database?

Options:

A.

Ideological differences

B.

General curiosity

C.

Gain influence

D.

Intellectual property

Question 190

A company is aware of a given security risk related to a specific market segment. The business chooses not to accept responsibility and target their services to a different market segment. Which of the following describes this risk management strategy?

Options:

A.

Exemption

B.

Exception

C.

Avoid

D.

Transfer

Question 191

Which of the following should be used to select a label for a file based on the file ' s value, sensitivity, or applicable regulations?

Options:

A.

Verification

B.

Certification

C.

Classification

D.

Inventory

Question 192

A company receives an alert that a network device vendor, which is widely used in the enterprise, has been banned by the government.

Which of the following will the company ' s general counsel most likely be concerned with during a hardware refresh of these devices?

Options:

A.

Sanctions

B.

Data sovereignty

C.

Cost of replacement

D.

Loss of license

Question 193

Which of the following would help ensure a security analyst is able to accurately measure the overall risk to an organization when a new vulnerability is disclosed?

Options:

A.

A full inventory of all hardware and software

B.

Documentation of system classifications

C.

A list of system owners and their departments

D.

Third-party risk assessment documentation

Question 194

A bank set up a new server that contains customers ' Pll. Which of the following should the bank use to make sure the sensitive data is not modified?

Options:

A.

Full disk encryption

B.

Network access control

C.

File integrity monitoring

D.

User behavior analytics

Question 195

Which of the following security controls would best guard a payroll system against insider manipulation threats?

Options:

A.

Compensating

B.

Deterrent

C.

Detective

D.

Corrective

Question 196

The Chief Information Security Officer (CISO) requires that new servers include hardware-level memory encryption. Which of the following data states does the CISO want to protect?

Options:

A.

Data in use

B.

Data at rest

C.

Data in transit

D.

Data sovereignty

Question 197

In order to strengthen a password and prevent a hacker from cracking it, a random string of 36 characters was added to the password. Which of the following best describes this technique?

Options:

A.

Key stretching

B.

Tokenization

C.

Data masking

D.

Salting

Question 198

While troubleshooting an internal resource ' s poor performance for an end user, a network engineer performs a traceroute on the end device and receives the following output:

C:\User > tracert 10.100.15.20

Tracing route to [internal.resource.org] 10.100.15.20

over a maximum of 30 hops:

1 200 ms 200 ms 200 ms 10.20.10.10

2 5 ms 3 ms 3 ms 10.20.10.1

3 20 ms 20 ms 10 ms 10.25.10.10

4 10 ms 8 ms 10 ms 10.30.110.1

5 5 ms 6 ms 3 ms 10.100.15.20

The engineer performs a traceroute from a device that is not experiencing poor performance but is connected to the same port. The engineer receives the following output:

C:\Engineer > tracert 10.100.15.20

Tracing route to [internal.resource.org] 10.100.15.20

over a maximum of 30 hops:

1 5 ms 3 ms 3 ms 10.20.10.1

2 20 ms 20 ms 10 ms 10.25.10.10

3 10 ms 8 ms 10 ms 10.30.110.1

4 5 ms 6 ms 3 ms 10.100.15.20

Which of the following is most likely occurring?

Options:

A.

ARP cache poisoning

B.

On-path attack

C.

Resource exhaustion

D.

DNS spoofing

Question 199

Which of the following allows for the attribution of messages to individuals?

Options:

A.

Adaptive identity

B.

Non-repudiation

C.

Authentication

D.

Access logs

Question 200

A security team installs an IPS on an organization ' s network and needs to configure the system to detect and prevent specific network attacks. Which of the following settings should the team configure first within the IPS?

Options:

A.

Allow list policies

B.

Packet Inspection

C.

Logging and reporting

D.

Firewall rules

Question 201

Which of the following involves an attempt to take advantage of database misconfigurations?

Options:

A.

Buffer overflow

B.

SQL injection

C.

VM escape

D.

Memory injection

Question 202

A security analyst must identify abnormal behavior on the server. Which of the following does the analyst most likely need to do?

Options:

A.

Disable unnecessary ports.

B.

Patch the system.

C.

Establish baselines.

D.

Perform alert tuning.

Question 203

An employee used a company ' s billing system to issue fraudulent checks. The administrator is looking for evidence of other occurrences of this activity. Which of the following should the administrator examine?

Options:

A.

Application logs

B.

Vulnerability scanner logs

C.

IDS/IPS logs

D.

Firewall logs

Question 204

While reviewing a recent compromise, a forensics team discovers that there are hard-coded credentials in the database connection strings. Which of the following assessment types should be performed during software development to prevent this from reoccurring?

Options:

A.

Vulnerability scan

B.

Penetration test

C.

Static analysis

D.

Quality assurance

Question 205

Which of the following best explains a concern with OS-based vulnerabilities?

Options:

A.

An exploit will give an attacker access to system functions that span multiple applications.

B.

The OS vendor ' s patch cycle is not frequent enough to mitigate the large number of threats.

C.

Most users trust the core operating system features and may not notice if the system has been compromised.

D.

Exploitation of an operating system vulnerability is typically easier than any other vulnerability.

Question 206

A user is attempting to patch a critical system, but the patch fails to transfer. Which of the following access controls is most likely inhibiting the transfer?

Options:

A.

Attribute-based

B.

Time of day

C.

Role-based

D.

Least privilege

Question 207

A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 002.1X for access control. To be allowed on the network, a device must have a Known hardware address, and a valid user name and password must be entered in a captive portal. The following is the audit report:

Which of the following is the most likely way a rogue device was allowed to connect?

Options:

A.

A user performed a MAC cloning attack with a personal device.

B.

A DMCP failure caused an incorrect IP address to be distributed

C.

An administrator bypassed the security controls for testing.

D.

DNS hijacking let an attacker intercept the captive portal traffic.

Question 208

An administrator is installing an SSL certificate on a new system. During testing, errors indicate that the certificate is not trusted. The administrator has verified with the issuing CA and has validated the private key. Which of the following should the administrator check for next?

Options:

A.

If the wildcard certificate is configured

B.

If the certificate signing request is valid

C.

If the root certificate is installed

D.

If the public key is configured

Question 209

A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies.

Which of the following is the most important consideration during development?

Options:

A.

Scalability

B.

Availability

C.

Cost

D.

Ease of deployment

Question 210

Which of the following is prevented by proper data sanitization?

Options:

A.

Hackers ' ability to obtain data from used hard drives

B.

Devices reaching end-of-life and losing support

C.

Disclosure of sensitive data through incorrect classification

D.

Incorrect inventory data leading to a laptop shortage

Question 211

A user would like to install software and features that are not available with a smartphone ' s default software. Which of the following would allow the user to install unauthorized software and enable new features?

Options:

A.

SOU

B.

Cross-site scripting

C.

Jailbreaking

D.

Side loading

Question 212

During a risk treatment exercise, an administrator discovers a risk that cannot be mitigated. Which of the following best describes this situation?

Options:

A.

Residual risk

B.

Risk appetite

C.

Reviewed risk

D.

Risk register

Question 213

An organization has a new regulatory requirement to implement corrective controls on a financial system. Which of the following is the most likely reason for the new requirement?

Options:

A.

To defend against insider threats altering banking details

B.

To ensure that errors are not passed to other systems

C.

To allow for business insurance to be purchased

D.

To prevent unauthorized changes to financial data

Question 214

A security analyst has determined that a security breach would have a financial impact of $15,000 and is expected to occur twice within a three-year period. Which of the following is the ALE for this risk?

Options:

A.

$7,500

B.

$10,000

C.

$15,000

D.

$30,000

Question 215

Which of the following security controls is a company implementing by deploying HIPS? (Select two)

Options:

A.

Directive

B.

Preventive

C.

Physical

D.

Corrective

E.

Compensating

F.

Detective

Question 216

An organization is adopting cloud services at a rapid pace and now has multiple SaaS applications in use. Each application has a separate log-in. so the security team wants to reduce the number of credentials each employee must maintain. Which of the following is the first step the security team should take?

Options:

A.

Enable SAML

B.

Create OAuth tokens.

C.

Use password vaulting.

D.

Select an IdP

Question 217

Which of the following best explains how open service ports increase an organization ' s attack surface?

Options:

A.

They are commonly overlooked by endpoint antivirus tools during scans.

B.

They can make the company’s remote entry point available to the internet.

C.

They enable automatic application updates to reduce vulnerability windows.

D.

They can expose unnecessary services to unauthorized access if not properly restricted.

Question 218

A security analyst reviews firewall configurations and finds that firewalls are configured to fail-open mode in the event of a crash. Which of the following describes the security risk associated with this configuration?

Options:

A.

There may be increased latency during failover.

B.

Authentication tokens may be invalidated during an outage.

C.

Traffic will bypass inspection during a failure.

D.

All encrypted traffic will be blocked during an outage.

Question 219

During a routine audit, an analyst discovers that a department at a high school uses a simul-ation program that was not properly vetted before deployment.

Which of the following threats is this an example of?

Options:

A.

Espionage

B.

Data exfiltration

C.

Shadow IT

D.

Zero-day

Question 220

An administrator learns that users are receiving large quantities of unsolicited messages. The administrator checks the content filter and sees hundreds of messages sent to multiple users. Which of the following best describes this kind of attack?

Options:

A.

Watering hole

B.

Typosquatting

C.

Business email compromise

D.

Phishing

Question 221

After completing an annual external penetration test, a company receives the following guidance:

Decommission two unused web servers currently exposed to the internet.

Close 18 open and unused ports found on their existing production web servers.

Remove company email addresses and contact info from public domain registration records.

Which of the following does this represent?

Options:

A.

Attack surface reduction

B.

Vulnerability assessment

C.

Tabletop exercise

D.

Business impact analysis

Question 222

Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day-to-day work activities?

Options:

A.

Encrypted

B.

Intellectual property

C.

Critical

D.

Data in transit

Question 223

A store is setting up wireless access for employees. Management wants to limit the number of access points while ensuring full coverage. Which tool will help determine how many access points are needed?

Options:

A.

Signal locator

B.

WPA3

C.

Heat map

D.

Site survey

Question 224

A company plans to secure its systems by:

Preventing users from sending sensitive data over corporate email

Restricting access to potentially harmful websites

Which of the following features should the company set up? (Select two).

Options:

A.

DLP software

B.

DNS filtering

C.

File integrity monitoring

D.

Stateful firewall

Question 225

A security professional discovers a folder containing an employee ' s personal information on the enterprise ' s shared drive. Which of the following best describes the data type the securityprofessional should use to identify organizational policies and standards concerning the storage of employees ' personal information?

Options:

A.

Legal

B.

Financial

C.

Privacy

D.

Intellectual property

Question 226

A vendor salesperson is a personal friend of a company’s Chief Financial Officer (CFO). The company recently made a large purchase from the vendor, which was directly approved by the CFO. Which of the following best describes this situation?

Options:

A.

Rules of engagement

B.

Conflict of interest

C.

Due diligence

D.

Contractual impact

E.

Reputational damage

Question 227

Prior to implementing a design change, the change must go through multiple steps to ensure that it does not cause any security issues. Which of the following is most likely to be one of those steps?

Options:

A.

Management review

B.

Load testing

C.

Maintenance notifications

D.

Procedure updates

Question 228

After an audit, an administrator discovers all users have access to confidential data on a file server. Which of the following should the administrator use to restrict access to the data quickly?

Options:

A.

Group Policy

B.

Content filtering

C.

Data loss prevention

D.

Access control lists

Question 229

Which of the following activities should a systems administrator perform to quarantine a potentially infected system?

Options:

A.

Move the device into an air-gapped environment.

B.

Disable remote log-in through Group Policy.

C.

Convert the device into a sandbox.

D.

Remote wipe the device using the MDM platform.

Question 230

A security architect wants to prevent employees from receiving malicious attachments by email. Which of the following functions should the chosen solution do?

Options:

A.

Apply IP address reputation data.

B.

Tap and monitor the email feed.

C.

Scan email traffic inline.

D.

Check SPF records.

Question 231

An attacker floods an organization ' s VoIP phone system with thousands of requests. This causes legitimate calls to drop or fail to connect. Analysis shows the attacker faked internal extensions to trick users into answering calls and sharing sensitive information. Which of the following types of attacks has the attacker used in this incident? (Select two).

Options:

A.

SIP spoofing attack

B.

On-path attack

C.

Packet sniffing attack

D.

Vishing attack

E.

Denial-of-service attack

F.

Supply chain attack

Question 232

Which of the following metrics impacts the backup schedule as part of the BIA?

Options:

A.

RTO

B.

RPO

C.

MTTR

D.

MTBF

Question 233

Which of the following should be used to prevent changes to system-level data?

Options:

A.

NIDS

B.

DLP

C.

NAC

Question 234

An administrator has identified and fingerprinted specific files that will generate an alert if an attempt is made to email these files outside of the organization. Which of the following best describes the tool the administrator is using?

Options:

A.

DLP

B.

SNMP traps

C.

SCAP

D.

IPS

Question 235

A security officer is implementing a security awareness program and is placing security-themed posters around the building and is assigning online user training. Which of the following would the security officer most likely implement?

Options:

A.

Password policy

B.

Access badges

C.

Phishing campaign

D.

Risk assessment

Question 236

Which of the following is a type of vulnerability that refers to the unauthorized installation of applications on a device through means other than the official application store?

Options:

A.

Cross-site scripting

B.

Buffer overflow

C.

Jailbreaking

D.

Side loading

Question 237

A systems administrator wants to use a technical solution to explicitly define file permissions for the entire team. Which of the following should the administrator implement?

Options:

A.

ACL

B.

Monitoring

C.

Isolation

D.

HIPS

Question 238

A company prepares for an upcoming regulatory audit. The company wants to perform a gap analysis in the most cost-effective way. Which of the following will help the company achieve this goal?

Options:

A.

Internal self-assessment

B.

Active reconnaissance

C.

Red team penetration test

D.

Tabletop exercise

Question 239

Two companies are in the process of merging. The companies need to decide how to standardize their information security programs. Which of the following would best align the security programs?

Options:

A.

Shared deployment of CIS baselines

B.

Joint cybersecurity best practices

C.

Both companies following the same CSF

D.

Assessment of controls in a vulnerability report

Question 240

Which of the following is used to validate a certificate when it is presented to a user?

Options:

A.

OCSP

B.

CSR

C.

CA

D.

CRC

Question 241

A new corporate policy requires all staff to use multifactor authentication to access company resources. Which of the following can be utilized to set up this form of identity and access management? (Select two)

Options:

A.

Authentication tokens

B.

Least privilege

C.

Biometrics

D.

LDAP

E.

Password vaulting

F.

SAML

Question 242

An accountant is transferring information to a bank over FTP. Which of the following mitigations should the accountant use to protect the confidentiality of the data?

Options:

A.

Tokenization

B.

Data masking

C.

Encryption

D.

Obfuscation

Question 243

At the start of a penetration test, the tester checks OSINT resources for information about the client environment. Which of the following types of reconnaissance is the tester performing?

Options:

A.

Active

B.

Passive

C.

Offensive

D.

Defensive

Question 244

Employees sign an agreement that restricts specific activities when leaving the company. Violating the agreement can result in legal consequences. Which of the following agreements does this best describe?

Options:

A.

SLA

B.

BPA

C.

NDA

D.

MOA

Question 245

Which of the following describes the procedures a penetration tester must follow while conducting a test?

Options:

A.

Rules of engagement

B.

Rules of acceptance

C.

Rules of understanding

D.

Rules of execution

Question 246

Which of the following outlines the configuration, maintenance, and security roles between a cloud service provider and the customer?

Options:

A.

Service-level agreement

B.

Responsibility matrix

C.

Memorandum of understanding

D.

Non-disclosure agreement

Question 247

An organization wants to deploy software in a container environment to increase security. Which of the following will limit the organization ' s ability to achieve this goal?

Options:

A.

Regulatory compliance

B.

Patch availability

C.

Kernel version

D.

Monolithic code

Question 248

Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included. Which of the following best describes how the controls should be set up?

Options:

A.

Remote access points should fail closed.

B.

Logging controls should fail open.

C.

Safety controls should fail open.

D.

Logical security controls should fail closed.

Question 249

Which of the following is a common data removal option for companies that want to wipe sensitive data from hard drives in a repeatable manner but allow the hard drives to be reused?

Options:

A.

Sanitization

B.

Formatting

C.

Degaussing

D.

Defragmentation

Question 250

Which of the following elements of digital forensics should a company use If It needs to ensure the integrity of evidence?

Options:

A.

Preservation

B.

E-discovery

C.

Acquisition

D.

Containment

Question 251

Which of the following is a reason why a forensic specialist would create a plan to preserve data after an modem and prioritize the sequence for performing forensic analysis?

Options:

A.

Order of volatility

B.

Preservation of event logs

C.

Chain of custody

D.

Compliance with legal hold

Question 252

A security analyst estimates that a small security incident will cost $10,000 and will occur twice per year. The analyst recommends a budget of $20,000 for next year. Which of the following does the $10,000 represent?

Options:

A.

ARO

B.

SLE

C.

ALE

D.

RPO

Question 253

A few weeks after deploying additional email servers, a company begins to receive complaints that messages are going into recipients’ spam folders. Which of the following needs to be updated?

Options:

A.

CNAME

B.

SMTP

C.

DLP

D.

SPF

Question 254

A program manager wants to ensure contract employees can only use the company’s computers Monday through Friday from 9 a.m. to 5 p.m. Which of the following would best enforce this access control?

Options:

A.

Creating a GPO for all contract employees and setting time-of-day log-in restrictions

B.

Creating a discretionary access policy and setting rule-based access for contract employees

C.

Implementing an OAuth server and then setting least privilege for contract employees

D.

Implementing SAML with federation to the contract employees ' authentication server

Question 255

A company wants to update its disaster recovery plan to include a dedicated location for immediate continued operations if a catastrophic event occurs. Which of the following options is best to include in the disaster recovery plan?

Options:

A.

Hot site

B.

Warm site

C.

Geolocation

D.

Cold site

Question 256

A security engineer needs to analyze the implications of moving proprietary company data from a local server to a public cloud storage service. Which of the following actions should the engineer take first?

Options:

A.

Create an architecture diagram of cloud storage solutions.

B.

Migrate sample data to the cloud to run security tests.

C.

Agree on data classification labels with stakeholders.

D.

Make a backup of the data on cloud-neutral storage.

Question 257

An employee clicks a malicious link in an email that appears to be from the company ' s Chief Executive Officer. The employee ' s computer is infected with ransomware that encrypts the company ' s files. Which of the following is the most effective way for the company to prevent similar incidents in the future?

Options:

A.

Security awareness training

B.

Database encryption

C.

Segmentation

D.

Reporting suspicious emails

Question 258

After a series of account compromises and credential misuse, a company hires a security manager to develop a security program. Which of the following steps should the security manager take first to increase security awareness?

Options:

A.

Evaluate tools that identify risky behavior and distribute reports on the findings.

B.

Send quarterly newsletters that explain the importance of password management.

C.

Develop phishing campaigns and notify the management team of any successes.

D.

Update policies and handbooks to ensure all employees are informed of the new procedures.

Question 259

An organization experiences a suspected data breach that affects sensitive client information. The incident response team must preserve logs, server images, and email communications related to the breach. Which of the following best describes this course of action?

Options:

A.

Maintaining the chain of custody

B.

Performing root cause analysis

C.

Enforcing a legal hold

D.

Conducting a containment activity

Question 260

A security analyst wants to better understand the behavior of users and devices in order to gain visibility into potential malicious activities. The analyst needs a control to detect when actions deviate from a common baseline Which of the following should the analyst use?

Options:

A.

Intrusion prevention system

B.

Sandbox

C.

Endpoint detection and response

D.

Antivirus

Question 261

An organization wants to ensure the integrity of compiled binaries in the production environment. Which of the following security measures would best support this objective?

Options:

A.

Input validation

B.

Code signing

C.

SQL injection

D.

Static analysis

Question 262

A security analyst sees an increase of vulnerabilities on workstations after a deployment of a company group policy. Which of the following vulnerability types will the analyst most likely find on the workstations?

Options:

A.

Misconfiguration

B.

Zero-day

C.

Malicious update

D.

Supply chain

Question 263

Which of the following agreements defines response time, escalation points, and performance metrics?

Options:

A.

BPA

B.

MOA

C.

NDA

D.

SLA

Question 264

A network manager wants to protect the company ' s VPN by implementing multifactor authentication that uses:

. Something you know

. Something you have

. Something you are

Which of the following would accomplish the manager ' s goal?

Options:

A.

Domain name, PKI, GeolP lookup

B.

VPN IP address, company ID, facial structure

C.

Password, authentication token, thumbprint

D.

Company URL, TLS certificate, home address

Question 265

Which of the following explains why an attacker cannot easily decrypt passwords using a rainbow table attack?

Options:

A.

Digital signatures

B.

Salting

C.

Hashing

D.

Perfect forward secrecy

Question 266

Which of the following architectures is most suitable to provide redundancy for critical business processes?

Options:

A.

Network-enabled

B.

Server-side

C.

Cloud-native

D.

Multitenant

Demo: 266 questions
Total 887 questions