A company just implemented a new telework policy that allows employees to use personal devices for official email and file sharing while working from home. Some of the requirements are: -Employees must provide an alternate work location (i.e., a home address) - Employees must install software on the device that will prevent the loss of proprietary data but will not restrict any other software from being installed. Which of the following BEST describes the MDM options the company is using?

A security administrator is analyzing the corporate wireless network. The network only has two access points running on channels 1 and 11. While using airodump-ng, the administrator notices other access points are running with the same corporate ESSID on all available channels and with the same BSSID of one of the legitimate access points. Which of the folowing attacks is happening on the corporate network?

During a security assessment, a security analyst finds a file with overly permissive permissions. Which of the following tools will allow the analyst to reduce the permissions for the existing users and groups and remove the set-user-ID bit from the file?

A company has discovered unauthorized devices are using its WiFi network, and it wants to harden the access point to improve security. Which of the following configuration should an analyst enable to improve security (Select Two)?

A security engineer obtained the following output from a threat intelligence source that recently performed an attack on the company's server: GET index.php?page=..2. .2f..2f..2f. .2t. .2f..2f..2£..2fetc2fpasswd GET index.php?page=..2f. .2f. .2f. .2f..2f. .2f. .2f..2f..2..2fetc2fpasswd GET index.php?page=..2f..2f..2f..2f..2f. .2f. .2f..2f..2f..2f..2fetc2fpasswd Which of the following BEST describes this kind of attack?

The spread of misinformation surrounding the outbreak of a novel virus on election day led to eligible voters choosing not to take the risk of going the polls. This is an example of:

A security engineer is installing a WAF to protect the company's website from malicious web requests over SSL. Which of the following is needed to meet the objective?

An enterprise needs to keep cryptographic keys ina safe manner. Which of the following network appliances can achieve this goal?

Ann, a forensic analyst, needs to prove that the data she originally acquired has remained unchanged while in her custody. Which of the following should Ann use?

The following are the logs of a successful attack. [DATAJ attacking service ftp on port 21 (ATTEMPT] 09:00:01UTC target 192.168.50.1- login "admin" -pass "p855wOrd" [ATTEMPT] 09:00:01UTC target 192. 168.50.1 - 1login "admin"-pass "AcCe 55" [ATTEMPT] 09:00:01UTC target 192.168.50.1- login "admin" -pass "All0w!" [ATTEMPT) 09:00:01UTC target 192.168.50.1- login "admin" -pass "FTPL0gin !" [ATTEMPT) 09:00:01UTC target 192.168.50.1- login "admin" -pass "L3TM3 1N!" (21) [ftp] host: 192.168.50.1 login: admin password: L3tM3IN! 1 of 1 target successfully completed, 1 valid password found in <1 second Which of the following controls would be BEST to use to prevent such a breach in the future?

An organization recently acquired an ISO 27001 certification. Which of the following would MOST likely be considered a benefit of this certification?

Which of the following is the MOST secure but LEAST expensive data destruction method for data that is stored on hard drives?

Server administrators want to configure a cloud solution so that computing memory and processor usage is maximized most efficiently across a number or virtual servers. They also need to avoid potential denial-of-service situations caused by availability. Which of the following should administrators configure to maximize system availability while efficiently utilizing available computing power?

A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?

A security researcher has alerted an organization that its sensitive user data was found for sale on a website. Which of the following should the organization use to inform the affected parties?

A company wants to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategy to implement?

While investigating a recent security incident, a security analyst decides to view all network connections on a particular server, Which of the following would provide the desired information?

Joe, an employee, is transferring departments and is providing copies of his files to a network share folder for his previous team to access. Joe is granting read-write-execute permissions to his manager but giving read-only access to the rest of the team. Which of the following access controls is Joe using?

When implementing automation with loT devices, which of the following should be considered FIRST to keep the network secure?

A new vuinerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned that servers in the company's DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN. Which of the following TCP ports should be blocked for all external inbound connections DMZ as a workaround to protect the servers? (Choose two.)

A major clothing company recently lost a large amount of proprietary information The security fficer must find a solution to ensure this never happens again. Which of the following is the BEST technical implementation to prevent this from happening again?

Which of the following types of attacks is specific to the individual it targets?

A financial analyst has been accused of violating the company's AUP and there is forensic evidence to substantiate the allegation. Which of the following would dispute the analyst's claim of innocence?

A large financial services firm recently released information regarding a security bfeach within its corporate network that began several years before. During the time frame in which the breach occurred, indicators show an attacker gained administrative access to the network through a file download from a social media site and subsequently installed it without the user's knowledge. Since the compromise, the attacker was able to take command and control of the computer systems anonymously while obtaining sensitive corporate and personal employee information. Which of the following methods did the attacker MOST likely use to gam access?

QUESTION 431 A security administrator is setting up a SIEM to help monitor for notable events across the enterprise. Which of the following control types does this BEST represent?

Which of the following BEST describes a social-engineering attack that relies on an executive at a small business visiting a fake banking website where credit card and account details are harvested?

Which of the following cryptographic concepts would a security engineer utilize while implementing non-repudiation? (Select TWo)

A systems administrator is considering different backup solutions for the IT infrastructure. The company is looking for a solution that offers the fastest recovery time while also saving the most nount of storage used to maintain the backups. Which of the following recovery solutions would be the BEST option to meet these requirements?

A retail company that is launching a new website to showcase the company's product line and other information for online shoppers registered the following URLS: -www.companysite.com -shop.companysite.com -about-US.companysite.com -contact-US.Companysite.com -secure-logon.companysite.com Which of the following should the company use to secure its website if the company is concerned with convenience and cost?

An organization would like to remediate the risk associated with its cloud service provider not meeting its advertised 99.999% availability metrics. Which of the following should the organization consult for the exact requirements for the cloud provider?

A network analyst is setting up a wireless access point for a home office in a remote, rural location. The requirement is that users need to connect to the access point securely but do not want to have to remember passwords. Which of the following should the network analyst enable to meet the requirement?

A security analyst wants to verify that a client-server (non-web) application is sending encrypted traffic. Which of the following should the analyst use?

A security engineer needs to create a network segment that can be used for servers that require connections from untrusted networks. When of the following should the engineer implement?

During an incident, a company's CIRT determines it is necessary to observe the continued network-based transactions betweena callback domain and the malware running on an enterprise PC. Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?

A company has three technicians who share the same credentials for troubleshooting system. Every time credentials are changed, the new ones are sent by email to all three technicians. The security administrator has become aware of this situation and wants to implement a solution to mitigate the risk. Which of the following is the BEST solution for company to implement?

An enterprise has hired an outside security firm to faclitate penetration testing on its network and applications. The firm has agreed to pay for each vulnerability that is discovered. Which of the following BEST represents the type of testing that is being used?

If a current private key is compromised, which of the following would ensure it cannot be used to decrypt all historical data?

After a hardware incident, an unplanned emergency maintenance activity was conducted to rectify the issue. Multiple alerts were generated on SIEM during this period of time. Which of the following BEST explains what happened?

QUESTION 444 Which of the following environments utilizes dummy data and is MOST likely to be installed locally on a system that allows code to be assessed directly and modified easily with each build?

A company is implementing a new SIEM to log and send alerts whenever malicious activity is blocked by its antivirus and web content filters. Which of the following is the primary use case for this scenario?

A developer is concerned about people downloading fake malware-infected replicas of a popular game. Which of the following should the developer do to help verify legitimate versions of the game for users?

After segmenting the network, the network manager wants to control the traffic between the segments. Which of the following should the manager use to control the network traffic?

An organization discovered a disgruntled employee exfiltrated a large amount of Pll data by uploading files Which of the following controls should the organization consider to mitigate this risk?

An attack relies on an end user visiting a website the end user would typically visit, however, the site is compronised and uses vulnerabilities in the end users browser to deploy malicious software. Which of the blowing types of attack does this describe?

A Chief Security Officer (CSO) has asked a technician to devise a solution that can detect unauthorized execution privileges from the OS in both executable and data files, and can work in conjunction with proxies or UTM. Which of the following would BEST meet the CSO's requirements?

An organization has various applications that contain sensitive data hosted in the cloud. The company's leaders are concerned about lateral movement across applications of different trust levels. Which of the following solutions should the organization implement to address the Concern?

A forensics investigator is examining a number of unauthorized payments that were reported on the company's website. Some unusual log entries show users received an email for an unwanted mailing list and clicked on a link to attempt to unsubscribe. One of the users reported the email to the phishing team, and the forwarded email revealed the link to be: <a href="https:// www..company. com/payto. do? routing=00001111 kacct=2222 3334 6a mount250">Click here to unsubscribe</a> Which of the following will the forensics investigator MOST likely determine has occurred?

Ann, a customer, received a notification from her mortgage company stating her Pll may be shared with partners, affliates, and associates to maintain day-to-day business operations. Which of the following documents did Ann received?

Which of the following would BEST identify and remediate a data-loss event in an enterprise using third-party, web-based services and file-sharing platforms?

QUESTION 457 While reviewing pcap data, a network security analyst is able to locate plaintext usernames and passwords being sent from workstations to network witches. Which of the following is the securityanalyst MOST likely observing?

QUESTION 458 n organization is concerned about hackers potentially entering a facility and plugging in a remotely accessible Kali Linux box. Which of the following should be the first lines of defense against such an attack? (Choose two.)

QUESTION 459 A security analyst is hardening a network infrastructure. The analyst is given the following requirements: - Preserve the use of public IP addresses assigned to equipment on the cOre router. - Enable "in transport" encryption protection to the web server with the strongest ciphers. Which of the following should the analyst implement to meet these requirements? (Choose two.)

QUESTION 460 During an investigation, a security manager receives notification from local authorities mat company proprietary data was found on a former employees home computer. The former employee's corporate workstation has since been repurposed, and the data on the hard drive has been overwritten. Which of the following would BEST provide the security manager with enough details determine when the data was removed from the company network?

QUESTION 461 The security team receiveda report of copyright infringement from the IP space of the corporate network. The report provided a precise time stamp for the incident as well as the name of the copyrighted file. The analyst has been tasked with determining the infringing source machine and instructed to implement measures to prevent such incidents from occurring again. Which of the following is MOST capable of accomplishing both tasks?

QUESTION 462 A company recently experienced an attack during which its main website was directed to the attacker's web server, allowing the attacker to harvest credentials from unsuspecting customers. Which of the following should the company implement to prevent this type of attack occurring in the future?

QUESTION 463 A security researching is trackiņg an adversary by noting its attack and techniques based on its capabilities, infrastructure, and victims. Which of the following is the researcher MOST likely using?

QUESTION 464 Security analyst must enforce policies to harden an MOM infrastructure. The requirements are as follows: Ensure mobile devices can be traded and wiped. Confirm mobile devices are encrypted. Which of the following should the analyst enable on all the devices to meet these requirements?

Image

An engineer needs to deploy a security measure to identify and prevent data tampering within the enterprise. Which of the following will accomplish this goal?

QUESTION 466 An organization is building backup server rooms in geographically diverse locations. The Chief Information Security Officer implemented a requirement on the project that states the new hardware cannot be susceptible to the same vulnerabilities in the existing server room. Which of the following should the systems engineer consider?

QUESTION 468 When planning to builda virtual environment, an administrator need to achieve the following: - Establish polices in Limit who can create new VMs. -Allocate resources according to actual utilization. -Require justification for requests outside of the standard requirements. - Create standardized categories based on size and resource requirements. Which of the following is the administrator MOST likely trying to do?

QUESTION 469 The SIEM at an organization has detected suspicious traffic coming froma workstation in its internal network. An analyst in the SOC investigates the workstation and discovers malware that is associated with a botnet is installed on the device. A review of the logs on the workstation reveals that the privileges of the local account were escalated to a local administrator. To which of the following groups should the analyst report this real-world event?

QUESTION 470 A security analyst has received several reports of an issue on an internal web application. Users state they are having to provide their credentials twice to log in. The analyst checks with the application team and notes this is not an expected behavior. After looking at several logs, the analyst decides to run some commands on the gateway and obtains the following output: Internet address Physical address Type 192.168. 1.1 ff-ec-ab-00-aa-78 dynamic 192.168.1.5 ff-00-5e-48-00-fb dynamic 192.168.1.8 00-0c-29-la-e7-fa dynamic 192.168.1.10 fc-41-5e-48-00-ff dynamic 224.215.54.47 fc-00-5e-48-00-fb static Which of the following BEST describes the attack the company is experiencing?

QUESTION 471 While investigating a data leakage incident a security analyst reviews access control to cloud hosted data. The following information was presented in a security posture report: -Policy to control external application integration: Admin authorizedonly - 47 active integration to third-party applications 2 applications authorized by admin -45 applications authorized by users - 32 OAuth apps authorize to access data Based on the report, which of the following was the MOST likely attack vector Used against the company?

QUESTION 472 Which of the following corporate policies is used to help prevent employee fraud and to detect system log modifications or other malicious activity based on tenure?

QUESTION 473 Which of the following holds staff accountable while escorting unauthorized personnel?

QUESTION 474 An analyst is generating a security report for the management team. Security guidelines recommend disabling all listening unencrypted services. Given this output from Nmap: PORT STATE 21/tcp filtared 22/tcp open 23/tcp open 443/tcp open Which of the following should the analyst recommend to disable?

QUESTION 475 A security analyst is Investigating a malware incident at a company. The malware ls accessing a command-and-control website at www.comptia.com. All outbound Internet traffic is logged to a syslog server and stored in logfiles/messages. Which of the following commands would be BEST for the analyst to use on the syslog server to search for recent traffic to the command-and-control website? A. head -500 www.coaptiaeom I grep /logfiles/nessages B. cat /1ogtiles/mes sages t tail -$00 .mptia.com C. tail -500 Aogfiles/nessages grep w.comptia.com D. grep-500 /legiles/uessages cat ww. comptia.com

QUESTION 476 Which of the following function as preventive, detective, and deterrent controls to reduce the risk of physical theft? (Choose two.)

QUESTION 477 The Chief Information Security Officer wants to pilot a new adaptive, user-based authentication method. The concept Includes granting logical access based on physical location and proximity. Which of the following ls the BEST solution for the pilot?

QUESTION 478 A Chief Information Officer receives an email stating a database will be encrypted within 24 hours unless a payment of $20,000 is credited to the account mentioned In the email. This BEST describes a scenario related to:

QUESTION 479 A cyber threat intelligence analyst is gathering data about a specific adversary using OSINT techniques. Which of the following should the analyst use?

QUESTION 480 Which of the following would satisty three-factor authentication?

QUESTION 481 Which two features are available only in next-generation firewalls? (Choose two)

QUESTION 482 A developer is building a new portal to deliver single-pane-of-glass management capabilities to Customers with multiple firewals. To improve the user experience, the developer wants to implement an authentication and authorization standard that uses security tokens that contain assertions to pass user Information between nodes. Which of the following roles should the developer configure to meet these requirements? (Choose two.)

QUESTION 483 A security analyst was depioying a new website and found a connection atempting to authenticate on the sile's portal. While ivestigating the incident, the analyst identified the following input in the username field: admin’ or 1=1 - - Which of the following BEST explains this type of atack?

QUESTION 484 Which of the following uses six initial steps that provide basic control over system security by including hardware and software inventory, vulnerability management, and continuous monitoring to minimize risk in all network environments?

QUESTION 485 Developers are writing code and merging it into shared repositories several timesa day, where it is tested automatically. Which of the following concepts does this BEST represent?

QUESTION 486 Which of the following environments would MOST likely be used to assess the execution of component parts of a system at both the hardware and software levels and to measure performance characteristics?

QUESTION 487 Rermote workers in an organization use company-provided laptops with locally instaled applications and localy stored data Users can store data on a remote server using an encrypted connection. The organization discovered data stored on a laptop had been made available to the public. Which of the folowing security solutions would mitigate the risk of future data disclosures?

QUESTION 488 Which of the following describes a maintenance metric that measures the average time required to troubleshoot and restore failed equipment?

QUESTION 489 Which of the following isa difference between a DRP and a BCP?

QUESTION 490 A grocery store is expressing security and reliability concerns regarding the on-site backup strategy currently being performed by locally attached disks. The main concerns are the physical security of the backup media and the durability of the data stored on these devices. Which of the following is a cost-effective approach to address these concerns?

QUESTION 491 A systems administrator is looking for a solution that will help prevent OAuth applications from being leveraged by hackers to trick users into authorizing the use of their corporatę credentials. Which of the following BEST descritbes this solution?

QUESTION 492 Which of the following is an example of risk avoidance?

QUESTION 493 Which of the following BEST describes the method a security analyst would use to confirm a file that is downloaded from a trusted security website is not altered in transit or corrupted using a verified checksum?

QUESTION 494 A bad actor tries to persuade someone to provide financial information over the phone in order to gain access to funds. Which of the following types of attacks does this scenario describe?

QUESTION 495 During an incident, an EDR system detects an increase in the number of encrypted outbound connections from multiple hosts. A firewall is also reporting an increase in outbound connections that use random high ports. An analyst plans to review the correlated logs to find the source of the incident. Which of the following tools will BEST assist the analyst?

QUESTION 496 Which of the following threat actors is MOST likely to be motivated by ideology?

QUESTION 497 A company wants to deploy systems alongside production systems in order to entice threat actors and to learn more about attackers. Which of the following BÉST describe these systems?

QUESTION 498 A new security engineer has started hardening systerns. One of the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability to use SCP to transter files to the NAS, even though the data is still viewable from the users PCs. Which of the following is the MOST likely cause of this issue?

QUESTION 499 Customers reported their antivirus software flagged one of the company's primary software products as suspicious. The company's Chief Information Security Officer has tasked the developer with determining a method to create a trust model between the software and the customer's antivirus software. Which of the following would be the BEST solution?

QUESTION 500 Users reported several suspicious activities within the last two weeks that resulted in several unauthorized transactions. Upon investigation, the security analyst found the fallowing: -Multiple reports of breached credentials within that time peiod -Traffic being redirected in certain parts of the network -Fraudulent emails being sent by various interaL users without their Consent. Which of the following types of attacks was MOST likely used?

image

QUESTION 502 A company's cybersecurity department is looking for a new solution to maintain high availability. Which of the following can be utilized to build a solution? (Select Two)

QUESTION 503 A user's PC was recently infected by malware. The user has a legacy printer without vendor support, and the user's OS is fully patched. The user downloaded a driver package from the internet. No threats were found on the downloaded file, but during file installation, a malicious runtime threat was detected. Which of the following is MOST likely cause of the infection?

QUESTION 504 Which of the following controls would BEST identiíy and report malicious insider activities?

QUESTION 505 A security analyst is investigating a phishing email that contains a malicious document directed to the company's Chief Executive Oficer (CE). Which of the following should the analyst pertorm to understand the threat and retrieve possible loCs?

QUESTICON 506 A SOC is currently being outsourced. Which of the following is being used?

QUESTION 507 A company is considering transitioning to the cloud. The company employs individuals from various locations around the world. The company does not want to increase its on premises infrastructure blueprint and only wants to pay for additional compute power required. Which of the following solutions would BEST meet the needs of the company?