security+6

100問 • 2年前

問題一覧

QUESTION 506 A SOC is currently being outsourced. Which of the following is being used?

MSSP

QUESTION 507 A company is considering transitioning to the cloud. The company employs individuals from various locations around the world. The company does not want to increase its on premises infrastructure blueprint and only wants to pay for additional compute power required. Which of the following solutions would BEST meet the needs of the company?

Hybrid environment

QUESTION 508 An organization recently discovered that a purchasing officer approved an invoice for an amount that was different than the original purchase order. After further investigation a security analyst determines that the digital signature for the fraudulent invoice is exactly the same as the digital signature for the correct invoice that had been approved Which of the following attacks MOST likely explains the behavior?

Impersonation

QUESTION 509 Which of the following should a technician consider when selecting an encryption method for data that needs to remain confidential for a specific length of time?

The key length of the encryption algorithm

QUESTION 510 A security engineer is deploying a new wireless for a company. The company shares office space with multiple tenants. Which of the following should the engineer configured on the wireless network to ensure that confidential data is not exposed to unauthorized users?

AES

QUESTION 511 A user's account is constantly being locked out. Upon further review, a security analyst found the following in the SIEM:

An attacker is utilizing a brute-force attack against the account.

QUESTION 512 A company would like to provide flexibility for employees on device preference. However, the company is concerned about supporting too many different types of hardware. Which of the following deployment models will provide the needed flexibility with the GREATEST amount of control and security over company data and infrastructure?

CYOD

QUESTION 513 During an asset inventory, several assets, supplies, and miscellaneous items were noted as missing. The security manager has been asked to find an automated solution to detect any future theft of equipment. Which of the following would be BEST to implement?

Access control vestibule

QUESTION 514 Which of the following environments typicaly hosts the current version configurations and code compares user-story responses and workiow, and uses a modified version of actual data for testing?

Staging

QUESTION 515 A company installed several crosscut shredders as part of increased information security practices targeting data leakage risks. Which of the following will this practice reduce?

Dumpster diving

QUESTION 516 A client sent several inquiries to a project manager about the delinquent delivery status of some critical reports. The project manager claimed the reports were previously sent via email, but then quickly generated and backdated the reports before submitting them as plain text within the body of a new email message thread. Which of the following actions MOST Iikely supports an investigation for fraudulent submission ?

Inspect the file metadata.

QUESTION 517 A new plug-and-play storage device was installed on a PC in the corporate environment. Which of the following safeguards will BEST help to protect the PC from malicious files on the storage device?

Encrypt the disk on the storage device.

QUESTION 518 During a security incident investigation, an analyst consults the company's SIEM and sees an event concerning high traffic to a known, malicious command-and-control server. The analyst would like to determine the number of company workstations that may be impacted by this issue. Which of the following can provide the information?

DNS logs

QUESTION 519 A security analyst reports a company policy violation in a case in which a large amount of sensitive data is being downloaded after hours from various mobile devices to an external site. Upon further investigation, the analyst notices that successful login attempts are being conducted with impossible travel times during the same time periods when the unauthorized downloads are Occurring. The analyst also discovers a couple of WAPS are using the same SSID, but they have non-standard DHCP configurations and an overlapping channel. Which of the following attacks is being conducted?

Evil twin

QUESTION 520 Which of the following BEST helps to demonstrate integrity during a forensic investigation?

Hashing

QUESTION 521 Law enforcement officials sent a company a notification that states electronically stored information and paper documents cannot be destroyed. Which of the following explains this process?

Legal hold

QUESTION 522 Which of the following is a detective and deterrent control against physical intrusions?

An alarm

QUESTION 523 A systems analyst determines the source of a high number of connections to a web server that were initiated by ten different IP addresses that belong to a network block in a specific country. Which of the following techniques will the systems analyst MOST likely implement to address this issue?

Firewall rules

QUESTION 524 A security analyst generated a file named host1 .pcap and shared it with a team member who is going to use it for further incident analysis. Which of the following tools will the other team member MOST likely use to open this file?

Wireshark

QUESTION 525 Several universities are participating in a collaborative research project and need to share compute and storage resources. Which of the following cloud deployment strategies would BEST meet this need?

Community

QUESTION 526 A backdoor was detected on the containerized application environment. The investigation- detected that a zero-day vulnerability was introduced when the latest container image version was downloaded from a public registry. Which of the following is the BEST solution to prevent this type of incident from occurring again?

Enforce the use of a controlled trusted source of container images

QUESTION 527 A cybersecurity administrator needs to allow mobile BYOD devices to access network resources. As the devices are not enrolled to the domain and do not have policies applied to them, which of the following are best practices for authentication and infrastructure security? (Choose two.)

Use a captive portal for user authentication., Authenticate users using OAuth for more resiliency

QUESTION 528 A company recently suffereda breach in which an attacker was able to access the internal mail servers and directly access several user inboxes. A large number of email messages were later posted online. Which of the following would BEST prevent email contents from being released should another breach occur?

Implement S/MIME to encrypt the emails at rest

QUESTION 529 An organization wants to integrate its incident response processes into a workflow with automated decision points and actions based on predefined playbooks. Which of the following should the organization implement?

SOAR

QUESTION 530 As part of a company's ongoing SOC maturation process, the company wants to implement a method to share cyberthreat inteligence data with outside security partners. Which of the following will the company MOST likely implemernt?

TAXII

QUESTION 531 A security analyst is concerned about critical vulnerabilities that have been detected on some applications running inside containers. Which of the following is the BEST remediation strategy?

Patch each running container individually and test the application

QUESTION 532 A security analyst is investigating multiple hosts that are communicating to external IP addresses during the hours of 2:00 a.m - 4:00 am. The malware has evaded detection by traditional antivirus software. Which of the following types of malware is MOST likely infecting the hosts?

Logic bomb

QUESTION 533 The Chief Information Security Officer (CISO) has decided to reorganize security staff to concentrate on incident response and to outsource outbound Internet URL categorization and filtering to an outside company. Additionally, the CISO would like this solution to provide the same protections even when a company laptop or mobile device is away from a home office. Which of the following should the CISO choose?

Next-generation SWG

QUESTION 535 After a WiFi scan of a local office was conducted, an unknown wireless signal was identified Upon investigation, an unknown Raspberry Pi device was found connected to an Ethernet port using a single connection. Which of the following BEST describes the purpose of this device?

Rogue access point

QUESTION 536 A recent security audit revealed that a popular website with IP address 172.16.1.5 also has an FTP service that employees were using to store sensitive corporate data. The organizatior outbound firewall processes rules top-down. Which of the following would permit HTTP and HTTPS, while denying all other services for this host?

- access-rule permit tcp destination 172.16.1.5 port 80 -access-rule permit tcp destination 172.16.1.5 port 443 -access-rule deny top destination 172.16.1.5 port 21

QUESTION 537 A financial institution would like to store its customer data in a cloud but stll allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its senitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirement?

Homomorphic

QUESTION 538 An organization's Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained. Which of the following roles would MOST likely include these responsibilities?

Data custodian

QUESTION 539 A website developer who is concerned about theft cf the company's user database warns to protect weak passwords from ofline brute-force attacks. Which of the following be the BEST solution?

Lock accounts after five failed logons

image

RAT

QUESTION 541 Which of the following attacks MOST likely occurred on the user's internal network? Name: Wikipedia.org Address: 208.80.154.224

DNS poisoning

QUESTION 542 A company currently uses passwords for logging in to company-owned devices and wants to add a second authentication factor. Per corporate policy, users are not allowed to have smartphones at their desks. Which of the following would meet these requirements?

Smart card

QUESTION 543 A dynamic application vulnerability scan identified code injection could be performed using a web form. Which of the following will be BEST remediation to prevent this vulnerability?

Utilize a WAF

QUESTION 544 Which of the following would be used to find the MOST common web-application vulnerabilities?

OWASP

QUESTION 545 The board of doctors at a Company contracted with an insurance firm to limit the organization's liability. Which of the following risk management practices does the BEST describe?

Transference

QUESTION 546 Which of the following would be MOST effective to contain a rapidly attack that is affecting a large number of organiizations?

DNS sinkhole

QUESTION 547 An analyst just discovered an ongoing attack on a host that is on the network. The analyst observes the below taking place: - The computer performance is slow - Ads are appearing from various pop-up windows Operating system files are modified - The computer is receiving AV alerts for execution of malicious processes Which of the following steps should the analyst consider FIRST?

Put the machine in containment

QUESTION 548 Security analysts are conducing an investigation of an attack that occurred inside the organization's network. An attacker was able to connect network traffic between workstation throughout the network. The analysts review the following logs:

MAC flooding

QUESTION 549 The chief compliance officer from a bank has approved a backaround check policy for all new hires. Which of the following is the policy MOST likely protecting against?

Hiring an employee who has been convicted of theft to adhere to industry compliance

QUESTION 550 Which biometric error would allow an unauthorized user to access a system?

False acceptance

QUESTION 551 Which of the following would produce the closet experience of responding to an actual incident response scenario?

Simulation

QUESTION 552 An organization is concerned about intellectual property theft by employee who leave the organization. Which of the following will be organization MOST likely implement?

NDA

QUESTION 553 An organization maintains several environments in which patches are developed and tested before deployed to an operation status. Which of the following is the environment in which patches will be deployed just prior to being put into an operational status?

Staging

QUESTION 554 Which of the following control types would be BEST to use to identify violations and incidents?

Detective

QUESTION 555 A security manager runs Nessus scans of the network after every maintenance window. Which of the following is the security manger MOST likely trying to accomplish?

Verifying that system patching has effectively removed knows vulnerabilities

QUESTION 556 A penetration tester gains access to the network by exploiting a vulnerability on a public-facing web server. Which of the following techniques will the tester most likely perform NEXT?

Create a user account to maintain persistence

QUESTION 557 A news article states that a popular web browser deployed on all corporate PCs is vulnerable a zero-day attack. Which of the following MOST concern the Chief Information Security Officer about the information in the new article?

No patches are available for the web browser

QUESTION 558 DDOS attacks are causing an overload on the cluster of cloud servers. A security architect is researching alternatives to make the cloud environment respond to load fluctuation in a cost-effective way. Which of the following options BEST fulfils the architect's requirements?

An orchestration solution that can adjust scalability of cloud assets

QUESTION 559 Administrators have allowed employee to access their company email from personal computers. However, the administrators are concerned that these computes are another attach surface and can result in user accounts being breached by foreign actors. Which of the following actions would provide the MOST secure solution?

Enable an option in the administration center so accounts can be locked if they are accessed from different geographical areas

QUESTION 560 A security engineer needs to build a solution to satisfy regulatory requirements that state certain critical servers must be accessed using MFA. However, the critical servers are older and are unable to support the addition of MFA. Which of the following will the engineer MOST likely use to achieve this objective?

A jump server

QUESTION 561 A security analyst wants to fingerprint a web server. Which of the following tools will the security analyst MOST likely use to accomplish this task?

curl --head http://192.168.0.10

QUESTION 562 Which of the following provides a catalog of security and privacy controls related to the United States federal information systems?

NIST 800-53

QUESTION 563 An information security policy stales that separation of duties is required for all highly sensitive database changes that involve customers' financial data. Which of the following will this be BEST to prevent?

An insider threat

QUESTION 564 A security analyst receives an alert from the company's SIEM that anomalous activity is coming from a local source IP address of 192.168.34.26. The Chief Information Security Officer asks the analyst to block the originating source. Several days later another employee opens an internal ticket stating that vulnerability scans are no longer being performed properly. The IP address the employee provides is 192.168.34.26. Which of the following describes this type of alert?

False positive

QUESTION 565 Hackers recently attacked a company's network and obtained several unfavorable pictures from the Chief Executive Officer's workstation. The hackers are threatening to send the images to the press if a ransom is not paid. Which of the following is impacted the MOST?

Data exfiltration

A software company is analyzing a process that detects software vulnerabilities at the earliest stage possible. The goal is to scan the source looking for unsecure practices and weaknesses before the application is deployed in a runtime environment. Which of the following would BEST assist the company with this objective?

Use static code analysis

QUESTION 567 A company is providing security awareness training regarding the importance of not forwarding social media messages from unverified sources. Which of the following riskS Would this training help to prevent?

Hoaxes

QUESTION 568 A penetration tester was able to compromise an internal server and is now trying to pivot the Current session in a network lateral movement. Which of the following tools, if available on the server, will provide the MOST useful information for the next assessment step?

Nmap

QUESTION 569 discovered on a host and was not automatically deleted. Which of the following would be BEST for the analyst to perform?

Implement a network-wide scan for other instances of the malware.

QUESTION 570 Whlch of the followlng authentlcation methods sends out a unlque password to be used within a specific number of seconds?

TOTP

QUESTION 571 Which of the following must be in place before implementing a BCP?

BIA

QUESTION 572 A system that requires an operation availability of 99.99% and has an annual maintenance window available to patching and fixes will require the HIGHEST:

MTBF

QUESTION 573 A company reduced the area utilized in its datacenter by creating virtual networking through automation and by creating provisioning routes and rules through scripting. Which of the following does this example describe?

laC

QUESTION 574 As part of the lessons-learned phase, the SOC is tasked with building methods to detect if a previous incident is happening again. Which of the following would allow the security analyst to alert the SOC if an event is reoccurring?

Creating a playbook within the SOAR

QUESTION 575 An attacker browses a company's online job board attempting to find any relevant information regarding the technologies the compan uses, Which of the following BEST describes this social engineering technique?

Reconnaissance

QUESTION 576 A systems administrator is considering different backup solutions for the IT infrastructure. The Company is looking for a solution that offers the fastest recovery time while also saving the most amount of storage used to maintain the backups. Which of the following recovery solutions woula be the BEST option to meet these requirements?

Differential

QUESTION 578 A penetration tester successfully gained access to a company's network. The investigating analyst determines malicious traffic connected through the WAP despite filtering rules being in place. Logging in to the connected switch, the analyst sees the following in the ARP table: 10.10.0.33 a9:60:21: db:a9:83 10.10.0.97 50:4f:b1:55:ab:5d 10.10.0.70 10:b6:a8:1c:0a:33 10.10.0.51 50:4f:b1:55:ab:5d 10.10.0.42 d5:7d:fa:14:a5:46 Which of the following did the penetration tester MOST Iikely use?

MAC cloning

QUESTION 577 An organization wants seamless authentication to its applications. Which of the following should the organization employ to meet this requirement?

SSO

A recent audit cited a risk involving numerous low-criticality vulnerabilities created by a web application using a third-party library. The development staff state there are still customers using the application even though it is end or life and it would be a substantial burden to update the application for compatibility with more secure lilbraries. Which of the following would be the MOST prudent course of action?

Use containerization to segment the application from other applications to eliminate the risk

QUESTION 580 A Chief Information Security Officer (CISO) is evaluating the dangers involved in deploying a new ERP system for the company. The ClsO categorizes the system, selects the controls that apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system. Which of the following is the CISO using to evaluate the environment for this new ERP system?

NIST Risk Management Framework

QUESTION 581 During an investigation, the incident response team discovers that multiple administrator accounts were suspected of being compromised. The host audit logs indicate a repeated brute- force attack on a single administrator account followed by sUspicious logins from unfamiliar geographic locations. Which of the following data sources wOuld be BEST to use to assess the accounts impacted by this attack?

User behavior analytics

QUESTION 582 During an incident, an EDR system detects an increase in the number of encrypted outbound connections from multiple hosts. A irewall is also reporting an increase in outbound connections that use random high ports. An analyst plans to review the correlated logs to find the source of the incident. Which of the following tools will BEST assist the analyst?

A SIEM

QUESTION 584 A user's login credentials were recently compromised During the investigation, the security analyst determined the user input credentials into a pop-up window when prompted to confirm the username and password. However the trusted website does not use a pop-up for entering user credentials. Which of the following attacks occurred?

Cross-site scripting

QUESTION 585 A routine audit of medical billing claims revealed that several claims were submitted without the subscriber's knowledge. A review of the audit logs for the medical billing company's system indicated a company employee downloaded customer records and adjusted the direct deposit information to a personal bank account. Which of the folowing does this action describe?

Insider threat

QUESTION 586 During a recent penetration test, the tester discovers large amounts of data were exfiltrated over the course of 12 months via the Internet. The penetration tester stops the test to inform the client of the findings. Which of the following should be the client's NEXT step to mitigate the issue?

Perform containment on the critical servers and resources

QUESTION 587 Which of the following should be monitored by threat intelligence researchers who search for leaked credentials?

Dark web

QUESTION 588 Which of the following types of attacks is being attempted and how can it be mitigated? http/Comptia.org/../../../etc/passwd

Directory traversal: implement a WAF

QUESTION 589 Which of the following control types is focused primarily on reducing risk before an incident occurs?

Preventive

QUESTION 590 Per company security policy, IT staff members are required to have separate credentials to perform administrative functions using just-in-time permissions. Which of the following solutions is the company Implementing?

Privileged access management

QUESTION 591 A company Is planning to install a guest wireless network so visitors will be able to access the Internet. The stakeholders want the network to be easy to connect to so time is not wasted during meetings. The WAPS are configured so that power levels and antennas cover only the conference rooms where visitors will attend meetings. Which of the following would BEST protect the company's Internal wireless network against visitors accessing company resources?

Configure the guest wireless network to be on a separate VLAN from the company's intenal wireless network

QUESTION 592 Which of the following will Increase cryptographic security?

High data entropy

QUESTION 593 Which of the following components can be used to consolidate and forward inbound Internel! traffic to multiple cloud environments though a single firewall?

Transit gateway

QUESTION 594 A recent security breach exploited software vulnerabilities in the firewall and within the network management solution. Which of the following will MOST likely be used to identify when the breach occurred through each device?

SIEM correlation dashboards

QUESTION 595 The Chief Technology Officer of a local college would like visitors to utilize the school's WIFİ but must be able to associate potential malicious activity to a specific person. Which of the following would BEST allow this objective to be met?

Deploying a captive portal to capture visitors' MAC addresses and names

QUESTION 596 TWo organizations plan to collaborate on the evaluation of new SIEM solutions for their respective companies. A combined effort from both organizations' SOC teams would speed up the effort. Which of the following can be written to document this agreement?

MOU

QUESTION 597 Which of the following employee roles is responsible for protecting an organization's collected personal information?

DPO

QUESTION 598 A malware attack has corrupted 30TB of company data across al file servers. A systems administrator identifies the malware and contains the issue, but the data is unrecoverable. The administrator is not concerned about the data loss because the company has a system in place that will allow users to access the data that was backed up last night. Which of the following resiliency techniques did the administrator MOST likely use to prevent impacts to business operations after an attack?

RAID

A cybersecurity administrator needs to implement a Layer 7 security control on a network and block potential attacks. Which of the following can block an attack at Layer 7? (Choose two.)

NIPS, WAF

QUESTION 600 An organization is moving away from the use of client-side and server-side certificates for EAR. The company would like for the new EAP solution to have the ability to detect rogue access points. Which of the following would accomplish these requirements?

EAP-FAST

QUESTION 601 An amusement park is implementing a biometric system that validates customers' fingerprints to ensure they are not sharing tickets. The park's owner values customers above all and would prefer customers' convenience over security. For this reason, which of the following features should the security team prioritize FIRST?

Low FRR

QUESTION 602 A security proposal was set up to track requests for remote access by creating a baseline of the users' common sign-in properties. When a baseline deviation is detected, an MFA challenge will be triggered. Which of the following should be configured in order to deploy the proposal?

Context-aware authentication

QUESTION 603 A company recently experienced a significant data loss when proprietary Information was leaked a competitor. The company took special precautions by using proper labels; however, email filter logs do not have any record of the incident. An Investigation confirmed the corporate network was not breached, but documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage. Which of the following is the BEST remediation for this data leak?

DLP

QUESTION 604 The Chief Information Security Officer wants to prevent exfiltration of sensitive information from employee cell phones when using public USB power charging stations. Which of the following would be the BEST solution to implement?

USB data blocker

QUESTION 605 An organization is planning to open other data centers to sustain operations in the event of a natural disaster. Which of the following considerations would BEST support the organization's resiliency?

Geographic dispersal

QUESTION 606 A security analyst has been asked by the Chief Information Security Oficer to: - develop a secure method of providing centralized management of infrastructure - reduce the need to constantly replace aging end user machines -provide a consistent user desktop experience Which of the following BEST meets these requirements?

VDI

100

QUESTION 607 Historically, a company has had issues with users plugging in personally owned removable media devices into corporate computers. As a result, the threat of malware incidents is almost constant. Which of the following would BEST help prevent the malware from being installed on the computers?

EDR

security+1

security+1

security+2

security+2

security+7

security+7

security+8

security+8

security+9

security+9

security+10

security+10

security+11

security+11

security+12

security+12

cysa+1

cysa+1

cysa+2

cysa+2

cysa+3

cysa+3

A+1

A+1

問題一覧

QUESTION 506 A SOC is currently being outsourced. Which of the following is being used?

MSSP

Hybrid environment

Impersonation

QUESTION 509 Which of the following should a technician consider when selecting an encryption method for data that needs to remain confidential for a specific length of time?

The key length of the encryption algorithm

AES

QUESTION 511 A user's account is constantly being locked out. Upon further review, a security analyst found the following in the SIEM:

An attacker is utilizing a brute-force attack against the account.

CYOD

Access control vestibule

Staging

QUESTION 515 A company installed several crosscut shredders as part of increased information security practices targeting data leakage risks. Which of the following will this practice reduce?

Dumpster diving

Inspect the file metadata.

Encrypt the disk on the storage device.

DNS logs

Evil twin

QUESTION 520 Which of the following BEST helps to demonstrate integrity during a forensic investigation?

Hashing

Legal hold

QUESTION 522 Which of the following is a detective and deterrent control against physical intrusions?

An alarm

Firewall rules

Wireshark

Community

Enforce the use of a controlled trusted source of container images

Use a captive portal for user authentication., Authenticate users using OAuth for more resiliency

Implement S/MIME to encrypt the emails at rest

SOAR

TAXII

Patch each running container individually and test the application

Logic bomb

Next-generation SWG

Rogue access point

- access-rule permit tcp destination 172.16.1.5 port 80 -access-rule permit tcp destination 172.16.1.5 port 443 -access-rule deny top destination 172.16.1.5 port 21

Homomorphic

Data custodian

Lock accounts after five failed logons

image

RAT

QUESTION 541 Which of the following attacks MOST likely occurred on the user's internal network? Name: Wikipedia.org Address: 208.80.154.224

DNS poisoning

Smart card

QUESTION 543 A dynamic application vulnerability scan identified code injection could be performed using a web form. Which of the following will be BEST remediation to prevent this vulnerability?

Utilize a WAF

QUESTION 544 Which of the following would be used to find the MOST common web-application vulnerabilities?

OWASP

QUESTION 545 The board of doctors at a Company contracted with an insurance firm to limit the organization's liability. Which of the following risk management practices does the BEST describe?

Transference

QUESTION 546 Which of the following would be MOST effective to contain a rapidly attack that is affecting a large number of organiizations?

DNS sinkhole

Put the machine in containment

MAC flooding

QUESTION 549 The chief compliance officer from a bank has approved a backaround check policy for all new hires. Which of the following is the policy MOST likely protecting against?

Hiring an employee who has been convicted of theft to adhere to industry compliance

QUESTION 550 Which biometric error would allow an unauthorized user to access a system?

False acceptance

QUESTION 551 Which of the following would produce the closet experience of responding to an actual incident response scenario?

Simulation

QUESTION 552 An organization is concerned about intellectual property theft by employee who leave the organization. Which of the following will be organization MOST likely implement?

NDA

Staging

QUESTION 554 Which of the following control types would be BEST to use to identify violations and incidents?

Detective

QUESTION 555 A security manager runs Nessus scans of the network after every maintenance window. Which of the following is the security manger MOST likely trying to accomplish?

Verifying that system patching has effectively removed knows vulnerabilities

QUESTION 556 A penetration tester gains access to the network by exploiting a vulnerability on a public-facing web server. Which of the following techniques will the tester most likely perform NEXT?

Create a user account to maintain persistence

No patches are available for the web browser

An orchestration solution that can adjust scalability of cloud assets

Enable an option in the administration center so accounts can be locked if they are accessed from different geographical areas

A jump server

QUESTION 561 A security analyst wants to fingerprint a web server. Which of the following tools will the security analyst MOST likely use to accomplish this task?

curl --head http://192.168.0.10

QUESTION 562 Which of the following provides a catalog of security and privacy controls related to the United States federal information systems?

NIST 800-53

An insider threat

False positive

Data exfiltration

Use static code analysis

Hoaxes

Nmap

QUESTION 569 discovered on a host and was not automatically deleted. Which of the following would be BEST for the analyst to perform?

Implement a network-wide scan for other instances of the malware.

QUESTION 570 Whlch of the followlng authentlcation methods sends out a unlque password to be used within a specific number of seconds?

TOTP

QUESTION 571 Which of the following must be in place before implementing a BCP?

BIA

QUESTION 572 A system that requires an operation availability of 99.99% and has an annual maintenance window available to patching and fixes will require the HIGHEST:

MTBF

laC

Creating a playbook within the SOAR

Reconnaissance

Differential

MAC cloning

QUESTION 577 An organization wants seamless authentication to its applications. Which of the following should the organization employ to meet this requirement?

SSO

Use containerization to segment the application from other applications to eliminate the risk

NIST Risk Management Framework

User behavior analytics

A SIEM

Cross-site scripting

Insider threat

Perform containment on the critical servers and resources

QUESTION 587 Which of the following should be monitored by threat intelligence researchers who search for leaked credentials?

Dark web

QUESTION 588 Which of the following types of attacks is being attempted and how can it be mitigated? http/Comptia.org/../../../etc/passwd

Directory traversal: implement a WAF

QUESTION 589 Which of the following control types is focused primarily on reducing risk before an incident occurs?

Preventive

Privileged access management

Configure the guest wireless network to be on a separate VLAN from the company's intenal wireless network

QUESTION 592 Which of the following will Increase cryptographic security?

High data entropy

QUESTION 593 Which of the following components can be used to consolidate and forward inbound Internel! traffic to multiple cloud environments though a single firewall?

Transit gateway

SIEM correlation dashboards

Deploying a captive portal to capture visitors' MAC addresses and names

MOU

QUESTION 597 Which of the following employee roles is responsible for protecting an organization's collected personal information?

DPO

RAID

A cybersecurity administrator needs to implement a Layer 7 security control on a network and block potential attacks. Which of the following can block an attack at Layer 7? (Choose two.)

NIPS, WAF

EAP-FAST

Low FRR

Context-aware authentication

DLP

USB data blocker

Geographic dispersal

VDI

100

EDR