Title of test:


Other tests from this author

Creation Date: 15/06/2024

Category: Others

Number of questions: 60
Share the Test:
New CommentNuevo Comentario
No comments about this test.
Which of the following authentication methods is considered to be the LEAST secure? A) TOTP B) SMS C) HOTP D) Token key.
Which of the following can be used to calculate the total loss expected per year due to a threat targeting an asset? A) EF x asset value B) ALE / SLE C) MTBF x impact SLE x ARO .
Sales team members have been receiving threatening voicemail messages and have reported these incidents to the IT security team. Which of the following would be MOST appropriate for the IT security team to analyze? A) Access control C) Session Initiation Protocol traffic logs B) Syslog D) Application logs.
An analyst is working on an email security incident in which the target opened an attachment containing a worm. The analyst wants to implement mitigation techniques to prevent further spread. Which of the following is the best course of action for the analyst to take? A) Apply a DLP solution B) Implement network segmentation C) Utilize email content filtering. D) Isolate the infected attachment.
A security administrator needs a method to secure data in an environment that includes some form of checks so that the administrator can track any changes. Which of the following should the administrator set up to achieve this goal? A) SPF B) GPO C) NAC D) FIM.
A dynamic application vulnerability scan identified that code injection could be performed using a web form. Which of the following will be the best remediation to prevent this vulnerability? A) Implement input validations B) Deploy MFA C) Utilize a WAF D) Configure HIPS.
Which of the following strategies shifts risks that are not covered in an organization’s risk strategy? A) Risk transference B) Risk avoidance C) Risk mitigation D) Risk acceptance.
A bakery has a secret recipe that it wants to protect. Which of the following objectives should be added to the company’s security awareness training? A) Insider threat detection B) Risk analysis C) Phishing awareness D) Business continuity planning.
Which of the following agreements defines response time, escalation points, and performance metrics? A) BPA B) MOA C) NDA D) SLA.
A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO's report? A) Insider threat B) Hacktivist C) Nation-state D) Organized crime.
Which of the following is the correct order of volatility from most to least volatile? A) Memory, temporary filesystems, routing tables, disk, network storage B) Cache memory, temporary filesystems, disk, archival media C) Memory, disk temporary filesystems, cache, archival media D) Cache, disk, temporary filesystems, network storage, archival media.
A security professional wants to enhance the protection of a critical environment that is used to store and manage a company's encryption keys. The selected technology should be tamper resistant. Which of the following should the security professional implement to achieve the goal? A) DLP B) HSM C) CA D) FIM.
A junior security analyst is reviewing web server logs and identifies the following pattern in the log file: http://comptia.org/../../../etc/passwd Which of the following types of attacks is being attempted and how can it be mitigated? A) XSS; implement a SIEM B) CSRF; implement an IPS C) Directory traversal; implement a WAF D) SQL injection; implement an IDS.
An organization recently acquired an ISO 27001 certification. Which of the following would most likely be considered a benefit of this certification? A) It allows for the sharing of digital forensics data across organizations. B) It provides insurance in case of a data breach C) It provides complimentary training and certification resources to IT security staff D) It certifies the organization can work with foreign entities that require a security clearance E) It assures customers that the organization meets security standards.
A user downloaded an extension for a browser and the user’s device later became infected. The analyst who is investigating the incident saw various logs where the attacker was hiding activity by deleting data. The following was observed running: New-Partition -DiskNumber 2 -UseMaximumSize -AssignDriveLetter C| Format- Volume -DriveLetter C - FileSystemLabel "New"-FileSystem NTFS - Full -Force - Confirm:$false | Which of the following is the malware using to execute the attack? A) PowerShell B) Python C) Bash D) Macros.
A user would like to install software and features that are not available with a mobile device's default software. Which of the following would all the user to install unauthorized software and enable new features? A) SQLi B) Cross-site scripting C) Jailbreaking D) Side loading.
Which of the following threat actors is most likely to be motivated by ideology? A) Business competitor B) Hacktivist C) Criminal syndicate D) Script kiddie E) Disgruntled employee.
A company would like to provide flexibility for employees on device preference. However, the company is concerned about supporting too many different types of hardware. Which of the following deployment models will provide the needed flexibility with the greatest amount of control and security over company data and infrastructure? A) BYOD B) VDI C) COPE D) CYOD.
Which of the following describes the ability of code to target a hypervisor from inside a guest OS? A) Fog computing B) VM escape C) Software-defined networking D) Image forgery E) Container breakout.
An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization? A) Exception B) Segmentation C) Risk transfer D) Compensating controls.
An attacker is attempting to harvest user credentials on a client's website. A security analyst notices multiple attempts of random usernames and passwords. When the analyst types in a random username and password, the logon screen displays the following message: The username you entered does not exist. Which of the following should the analyst recommend be enabled? A) Input valuation B) Obfuscation C) Error handling D) Username lockout.
Which of the following exercises should an organization use to improve its incident response process? A) Tabletop B) Replication C) Failover D) Recovery.
A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering. Which of the following teams will conduct this assessment activity? A) White B) Purple C) Blue D) Red.
Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the real data? A) Data encryption B) Data masking C) Data deduplication D) Data minimization.
A company recently moved sensitive videos between on-premises, companyowned websites. The company then learned the videos had been uploaded and shared to the Internet. Which of the following would MOST likely allow the company to find the cause? A) Checksums B) Watermarks C) Order of volatility D) A log analysis E) A right-to-audit clause.
A public relations team will be taking a group of guests on a tour through the facility of a large e- commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboards are cleaned and all desks are cleared. The company is MOST likely trying to protect against: A) loss of proprietary information. B) damage to the company's reputation. C) social engineering. D) credential exposure.
Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server? A) The document is a honeyfile and is meant to attract the attention of a cyberintruder. B) The document is a backup file if the system needs to be recovered. C) The document is a standard file that the OS needs to verify the login credentials. D) The document is a keylogger that stores all keystrokes should the account be compromised.
A security analyst needs to generate a server certificate to be used for 802.1X and secure RDP connections. The analyst is unsure what is required to perform the task and solicits help from a senior colleague. Which of the following is the FIRST step the senior colleague will most likely tell the analyst to perform to accomplish this task? A) Create an OCSP. B) Generate a CSR. C) Create a CRL. D) Generate a .pfx file.
When selecting a technical solution for identity management, an architect chooses to go from an in-house solution to a third-party SaaS provider. Which of the following risk management strategies is this an example of? A) Acceptance B) Mitigation B) Mitigation D) Transference.
Which of the following describes the BEST approach for deploying application patches? A) Apply the patches to systems in a testing environment, then to systems in a staging environment, and finally to production system B) Test the patches in a staging environment, develop against them in the development environment, and then apply them to the production systems. C) Test the patches in a test environment, apply them to the production systems, and then apply them to a staging environment. D) Apply the patches to the production systems, apply them in a staging environment, and then test all of them in a testing environment.
A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery? Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis. Restrict administrative privileges and patch all systems and applications. Rebuild all workstations and install new antivirus software. Implement application whitelisting and perform user application hardening.
After entering a username and password, an administrator must draw a gesture on a touch screen. Which of the following demonstrates what the administrator is providing? A) Multifactor authentication B) Something you can do C) Biometrics D) Two-factor authentication.
A root cause analysis reveals that a web application outage was caused by one of the company's developers uploading a newer version of the third-party libraries that were shared among several applications. Which of the following implementations would be BEST to prevent this issue from reoccurring? A) CASB B) SWG C) Containerization D) Automated failover.
The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve security in the environment and protect patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that training and guidance have not been provided to frontline staff, and a risk analysis has not been performed. Which of the following is the MOST likely cause of the CRO's concerns? A) SSO would simplify username and password management, making it easier for hackers to guess accounts. B) SSO would reduce password fatigue, but staff would still need to remember more complex passwords. C) SSO would reduce the password complexity for frontline staff D) SSO would reduce the resilience and availability of systems if the identity provider goes offline.
A software developer needs to perform code-execution testing, black-box testing, and non- functional testing on a new product before its general release. Which of the following BEST describes the tasks the developer is conducting? A) Verification B) Validation C) Normalization D) Staging.
Joe, a user at a company, clicked an email link that led to a website that infected his workstation. Joe was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and it has continued to evade detection. Which of the following should a security administrator implement to protect the environment from this malware? A) Install a definition-based antivirus. B) Implement an IDS/IPS. C) Implement a heuristic behavior-detection solution. D) Implement CASB to protect the network shares.
A security engineer is reviewing log files after a third party discovered usernames and passwords for the organization's accounts. The engineer sees there was a change in the IP address for a vendor website one week earlier. This change lasted eight hours. Which of the following attacks was MOST likely used? A) Man-in-the-middle B) Spear-phishing C) Evil twin D) DNS poisoning .
A user recently entered a username and password into a recruiting application website that had been forged to look like the legitimate site. Upon investigation, a security analyst identifies the following: • The legitimate website's IP address is and eRecruit.local resolves to this IP. • The forged website's IP address appears to be, based on NetFlow records. • All three of the organization's DNS servers show the website correctly resolves to the legitimate IP. • DNS query logs show one of the three DNS servers returned a result of (cached) at the approximate time of the suspected compromise. Which of the following MOST likely occurred? A) A reverse proxy was used to redirect network traffic. B) An SSL strip MITM attack was performed. C) An attacker temporarily poisoned a name server. D) An ARP poisoning attack was successfully executed.
A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business customers. Due to the technical limitations of its customers, the company is unable to upgrade the encryption standard. Which of the following types of controls should be used to reduce the risk created by this scenario? A) Physical B) Detective C) Preventive D) Compensating .
Which of the following is a team of people dedicated to testing the effectiveness of organizational security programs by emulating the techniques of potential attackers? A) Red team B) White team C) Blue team D) Purple team.
A security assessment determines DES and 3DES are still being used on recently deployed production servers. Which of the following did the assessment identify? A) Unsecure protocols B) Default settings C) Open permissions D) Weak encryption.
The cost of removable media and the security risks of transporting data have become too great for a laboratory. The laboratory has decided to interconnect with partner laboratories to make data transfers easier and more secure. The Chief Security Officer (CSO) has several concerns about proprietary data being exposed once the interconnections are established. Which of the following security features should the network administrator implement to prevent unwanted data exposure to users in partner laboratories? A) VLAN zoning with a file-transfer server in an external-facing zone B) DLP running on hosts to prevent file transfers between networks C) NAC that permits only data-transfer agents to move data between networks D) VPN with full tunneling and NAS authenticating through the Active Directory.
A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because the score allows the organization to better: A) validate the vulnerability exists in the organization's network through penetration testing. B) research the appropriate mitigation techniques in a vulnerability database. C) find the software patches that are required to mitigate a vulnerability. D) prioritize remediation of vulnerabilities based on the possible impact.
A security analyst is performing a forensic investigation involving compromised account credentials. Using the Event Viewer, the analyst was able to detect the following message: "Special privileges assigned to new logon." Several of these messages did not have a valid logon associated with the user before these privileges were assigned. Which of the following attacks is MOST likely being detected? A) Pass-the-hash B) Buffer overflow C) Cross-site scripting D) Session replay.
Company engineers regularly participate in a public Internet forum with other engineers throughout the industry. Which of the following tactics would an attacker MOST likely use in this scenario? A) Watering-hole attack B) Credential harvesting C) Hybrid warfare D) Pharming.
As company uses wireless for all laptops and keeps a very detailed record of its assets, along with a comprehensive list of devices that are authorized to be on the wireless network. The Chief Information Officer (CIO) is concerned about a script kiddie potentially using an unauthorized device to brute force the wireless PSK and obtain access to the internal network. Which of the following should the company implement to BEST prevent this from occurring? A) A BPDU guard B) WPA-EAP C) IP filtering D) A WIDS.
In the middle of a cyberattack, a security engineer removes the infected devices from the network and locks down all compromised accounts. In which of the following incident response phases is the security engineer currently operating? A) Identification B) Preparation C) Lessons learned D) Eradication E) Recovery F) Containment .
A network administrator would like to configure a site-to-site VPN utilizing IPSec. The administrator wants the tunnel to be established with data integrity, encryption, authentication, and anti-replay functions. Which of the following should the administrator use when configuring the VPN? A) AH B) EDR C) ESP D) DNSSEC.
A security incident may have occurred on the desktop PC of an organization's Chief Executive Officer (CEO). A duplicate copy of the CEO's hard drive must be stored securely to ensure appropriate forensic processes and the chain of custody are followed. Which of the following should be performed to accomplish this task? A) Install a new hard drive in the CEO's PC, and then remove the old hard drive and place it in a tamper-evident bag. B) Connect a write blocker to the hard drive. Then, leveraging a forensic workstation, utilize the dd command in a live Linux environment to create a duplicate copy. C) Remove the CEO's hard drive from the PC, connect to the forensic workstation, and copy all the contents onto a remote fileshare while the CEO watches D) Refrain from completing a forensic analysis of the CEO's hard drive until after the incident is confirmed; duplicating the hard drive at this stage could destroy evidence. 869 CompTIA - SY0-601 Practice Questions - SecExams.com.
A security engineer at an offline government facility is concerned about the validity of an SSL certificate. The engineer wants to perform the fastest check with the least delay to determine if the certificate has been revoked. Which of the following would BEST meet these requirements? A) RA B) OCSP C) CRL D) CSR.
A security administrator needs to create a RAID configuration that is focused on high read speeds and fault tolerance. It is unlikely that multiple drives will fail simultaneously. Which of the following RAID configurations should the administrator use? A) RAID 0 B) RAID 1 C) RAID 5 D) RAID 10.
Which of the following algorithms has the SMALLEST key size? A) DES B) Twofish C) RSA D) AES.
A security audit has revealed that a process control terminal is vulnerable to malicious users installing and executing software on the system. The terminal is beyond end-of-life support and cannot be upgraded, so it is placed on a protected network segment. Which of the following would be MOST effective to implement to further mitigate the reported vulnerability? A) DNS sinkholing B) DLP rules on the terminal C) An IP blacklist D) Application whitelisting.
A document that appears to be malicious has been discovered in an email that was sent to a company's Chief Financial Officer (CFO). Which of the following would be BEST to allow a security analyst to gather information and confirm it is a malicious document without executing any code it may contain? A) Open the document on an air-gapped network. B) View the document's metadata for origin clues. C) Search for matching file hashes on malware websites. D) Detonate the document in an analysis sandbox.
A security analyst has received an alert about PII being sent via email. The analyst's Chief Information Security Officer (CISO) has made it clear that PII must be handled with extreme care. From which of the following did the alert MOST likely originate? A) S/MIME B) DLP C) IMAP D) HIDS.
A company has drafted an insider-threat policy that prohibits the use of external storage devices. Which of the following would BEST protect the company from data exfiltration via removable media? A) Monitoring large data transfer transactions in the firewall logs B) Developing mandatory training to educate employees about the removable media policy C) Implementing a group policy to block user access to system files D) Blocking removable-media devices and write capabilities using a host-based security tool.
After a ransomware attack, a forensics company needs to review a cryptocurrency transaction between the victim and the attacker. Which of the following will the company MOST likely review to trace this transaction? A) The public ledger B) The NetFlow data C) A checksum D) The event log.
A network administrator is setting up wireless access points in all the conference rooms and wants to authenticate devices using PKI. Which of the following should the administrator configure? A) A captive portal B) PSK C) 802.1X D) WPS.
Which of the following should a security administrator adhere to when setting up a new set of firewall rules? A) Disaster recovery plan B) Incident response procedure C) Business continuity plan D) Change management procedure .
During an engagement, penetration testers left USB keys that contained specially crafted malware in the company's parking lot. A couple days later, the malware contacted the command-and-control server, giving the penetration testers unauthorized access to the company endpoints. Which of the following will most likely be a recommendation in the engagement report? A) Conduct an awareness campaign on the usage of removable media. B) Issue a user guidance program focused on vishing campaigns. C) Implement more complex password management practices. D) Establish a procedure on identifying and reporting suspicious messages.
Report abuse