security+7

100問 • 2年前

問題一覧

QUESTION 608 A company wants the ability to restrict web access and monitor the websites that employees visit. Which of the following would BEST meet these requirements?

internet proxy

QUESTION 609 A security analyst has been tasked with creating a new WiFi network for the company. The requirements received by the analyst are as follows: -Must be able to differentiate between users connected to WiFi - The encryption keys need to change routinely without interrupting the users or fOrcing reauthentication - Must be able to integrate with RADIUS - Must not have any open SSIDS Which of the following options BEST accommodates these requirements?

WPA2-Enterprise

QUESTION 610 An application owner reports suspicious activity on an internal financial application from various internal users within the past 14 days. A security analyst notices the following: - Financial transactions were occurring during irregular time frames and outside of business hours by unauthorized users. - Internal users in question were changing their passwords frequently during that time period. -A jump box that several domain administrator users Use to connect to remote devices was recently compromised. - The authentication method used in the environment is NTLM. Which of the following types of attacks is MOST likely being used to gain unauthorized access?

Pass-the-hash

QUESTION 611 A systems administrator is troubleshootinga server's connection to an internal web server. The administrator needs to determine the correct ports to use. Which of the following tools BEST shows which ports on the web server are in a listening state?

Netstat

QUESTION 612 Which of the following describes the continuous delivery software development methodology?

Agile

QUESTION 613 An attacker was eavesdropping on a user who was shopping online. The attacker was able to spoof the IP address associated with the shopping site. Later, the user received an email regarding the credit card statement with unusual purchases. Which of the following attacks took place?

On-path attack

QUESTION 614 A company needs to validate its updated incident response plan using a real-world scenario that will test decision points and relevant incident response actions without interrupting daily operations. Which of the following would BEST meet the company's requirements?

Tabletop exercise

QUESTION 615 A company is looking to migrate some servers to the cloud to minimize its technology footprint. The company has 100 databases that are on premises. Which of the following solutions will require the LEAST management and support from the company?

SaaS

QUESTION 616 All security analysts workstations at a company have network access to a critical server VLAN. The information security manager wants to further enhance the controls by requiring that all access to the secure VLAN be authorized only from a given single location. Which of the following will the information security manager MOST likely implement?

A forward proxy server

QUESTION 617 The technology department at a large global company is expanding its Wi-Fi network infrastructure at the headquarters building. Which of the following should be closely coordinated between the technology, cybersecurity, and physical security departments?

WAP placement

QUESTION 618 Which of the following BEST reduces the security risks introduced when running systems have expired vendor support and lack an immediate replacement?

Implement proper network access restrictions

QUESTION 619 An organization wants to implement a biometric system with the highest likelihood that an unauthorized user will be denied access. Which of the following should the organization use to compare biometric solutions?

FAR

QUESTION 622 A junior security analyst is conducting an analysis after passwords were changed on multiple accounts without users' interaction. The SIEM have multiple login entries with the following text: euspicious event - usex: scheduledtac ks succecs fully authenticata on AD on abnoxmal time suspicious event- user: scheduledtas ks failed to execute c:\weekly_checkups \amazing-3rdparty-donain-as sessnant.py suspicíous event - user: scheduledt as ks falled to execute c:\weekly checkups \secureyoarAD-3rdparty-complLance.sh suepicious event - usert 9cheduledt as ks guccess fully executed c\weekly checkups\amazLng- 3rdparty-donain-aosessnent -py Which of the following is the MOST likely attack conducted on the environment?

Malicious script

QUESTION 620 Which of the following environments minimizes end user disruption and is MOST likely to be used to assess the impacts of any database migrations or major system changes by using the final version of the code in an operationally representative environment?

Staging

QUESTION 621 A database administrator wants to grant access to an application that will be reading and writing data to a database. The database is shared by other applications also used by the finance department. Which of the following account types Is MOST appropriate for this purpose?

Service

QUESTION 623 A Company is receiving emails with links to phishing sites that look very similar to the companv's own website address and content. Which of the following is the BEST way for the company to mitigate this attack?

Generate a list of domains similar to the company's own and implement a DNS sinkhole for each.

QUESTION 624 As part of a security compliance assessment, an auditor performs automated vulnerability scans. In addition, which of the following should the auditor do to complete the assessment?

Log analysis

QUESTION 625 After multiple on premises security solutions were migrated to the cloud, the incident response time increased. The analyst are spending a long time to trace information on different cloud consoles and correlating data in different formats. Which of the following can be used to optimize the incident response time?

CASB

QUESTION 626 Which of the following is the MOST relevant security check to be performed before embedding third-parry libraries in developed code?

Assess existing vulnerabilities affecting the third-parry code and the remediation efficiency of the libraries' developers.

QUESTION 627 Certain users are reporting their accounts are being used to send unauthorized emails and conduct suspicious activities. After further investigation, a security analyst notices the following: - All users share workstations throughout the day. - Endpoint protection was disabled on several wOrkstations throughout the network. - Travel times on logins from the affected users are impossible. -Sensitive data is being uploaded to external sites -All user account passwords were forced to be reset and the issue Continued. Which of the following attacks is being used to compromise the user accounts?

Keylogger

QUESTION 628 Which of the following is the MOST likely reason for securing an air-gapped laboratory HVAC system?

To avoid data leakage

QUESTION 629 An application developer accidentally uploaded a company's code-signing certificate private key to a public web server. The company is concerned about malicious use of its certificate. Which of the following should the company do FIRST?

Revoke the code-signing certificate.

QUESTION 630 A security analyst is investigating some users who are being redirected to a fake website that resembles www.comptia.org. The following output was found on the naming server of the organization:

DNS Poisoning

QUESTION 631 The Chief Information Security Officer (CISO) requested a report on potential areas of improvement following a security incident. Which of the following incident response processes is the CISO requesting?

Lessons learned

QUESTION 632 While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is alerted to a subsequent token reuse moments later on a different service using the same single sign-on method. Which of the following would BEST detect a malicious actor?

Utilizing SIEM correlation engines

QUESTION 633 An administrator is experiencing issues when trying to upload a support file to a vendor. A pop-up message reveals that a payment card number was found in the file, and the file upload was blocked. Which of the following controls is most likely causing this issue and should be checked FIRST?

DLP

QUESTION 634 After returning from a conference, a user's laptop has been operating slower than normal and overheating, and the fans have been running constantly. During the diagnosis process, an unknown piece of hardware is found connected to the laptop's motherboard. Which of the following attack vectors was exploited to install the hardware?

Direct access

QUESTION 635 Which of the following policies establishes rules to measure third-party work tasks and ensure deliverables are provided within a specific time line?

SLA

image

DNS poisoning

Which of the following in a forensic investigation should be priorities based on the order of volatility?

Ram, Cache

QUESTION 638 A security forensics analyst is examining a virtual server. The analyst wants to preserve the present state of the virtual server, including memory contents. Which of the following backup types should be used?

Snapshot

QUESTION 639 A security manager needs to assess the security posture of one of the organization's vendors. The contract with the vendor does not allow for auditing of the vendor's security controls. Which of the following should the manager request to complete the assessment?

A SOC 2 Type 2 report

QUESTION 640 A security monitoring company offers a service that alerts ifs customers if their credit cards have been stolen. Which of the following is the MOST likely source of this information?

The dark web

QUESTION 641 Which of the following would MOST likely be identified by a credentialed scan but would be missed by an uncredentialed scan?

Missing patches for third-party software on Windows workstations and servers.

QUESTION 642 Multiple business accounts were compromised a few days after a public website had its credentials database leaked on the Internet. No business emails were identified in the breach, but the security team thinks that the list of passwords exposed was later used to compromise business accounts. Which of the following would mitigate the issue?

Password history

QUESTION 643 After gaining access to a dual-homed (i.e., wired and wireless) multifunction device by exploiting a vulnerability in the device's firmware, a penetration tester then gains shell access on another networked asset. This technique is an example of:

pivoting

An organization has hired a red team to simulate attacks on its security posture. Which of the following will the blue team do after detecting an loC?

Activate runbooks for incident response

QUESTION 645 A security analyst was called to Investigate a file received directly from a hardware manufacturer. The analyst is trying to determine whether the file was modified in transit before installation on the user's computer. Which of the following can be used to safely assess the file?

Check the hash of the installation file

QUESTION 646 After a recent security breach, a security analyst reports that several administrative usernames and passwords are being sent via cleartext across the network to access network devices over port 23. Which of the following should be implemented so all credentials sent over the network are encrypted when remotely accessing and configuring network devices?

SSH

QUESTION 647 A security administrator has discovered that workstations on the LAN are becoming infected with malware. The cause of the infections appears to be users receiving phishing emails that are bypassing the current email-filtering technology. As a result, users are being tricked into clicking on malicious URLS, as no internal controls currently exist in the environment to evaluate their safety. Which of the following would be BEST to implement to address the issue?

HIDS

QUESTION 648 Which of the following are common VolP-associated vulnerabilities? (Choose two.)

Vishing, Credential harvesting

QUESTION 649 A customer service representative reported an unusual text message that was sent to the help desk. The message contained an unrecognized invoice number with a large balance due and a link to click for more details. Which of the following BEST describes this technique?

Smishing

QUESTION 650 A security manager has tasked the security operations center with locating all web servers that respond to an unsecure protocol. Which of the following commands could an analyst run to find requested servers?

nmap -p 80 10.10.10.0/24

QUESTION 651 Which of the following would detect intrusions at the perimeter of an airport?

Fencing

QUESTION 652 A loud service provider has created an environment where Customers can connect existing local networks to the cloud for additional computing resources and block internal HR applications from reaching the cloud. Which of the following cloud models is being used?

Hybrid

QUESTION 653 Developers are about to release a financial application, but the number of fields on the forms that could be abused by an attacker is troubling. Which of the following techniques should be used to address this vulnerability ?

Implement input validation

QUESTION 654 A research company discovered that an unauthorized piece of software has been detected on a small number of machines in its lab. The researchers collaborate with other machines using port 445 and on the Internet using port 443. The unauthorized software is starting to be seen on additional machines outside of the lab and is making outbound communications using HTTPS and SMB. The security team has been instructed to resolve the problem as quickly as possible causing minimal disruption to the researchers. Which of the following contains the BEST course of action in this scenario?

Place the unauthorized application in a blocklist.

QUESTION 655 Due to unexpected circumstances, an IT company must vacate its main office, forcing all operations to alternate, off-site locations. Which of the following will the company MOST likely reference for guidance during this change?

The business continuity plan

QUESTION 656 A DBA reports that several production server hard drives were wiped over the weekend. The DBA also reports that several Linux servers were unavailable due to system files being deleted unexpectedly. A security analyst verified that software was configured to delete data deliberately from those servers. No backdoors to any servers were found. Which of the following attacks was MOST likely used to cause the data loss?

Logic Bomb

QUESTION 657 Digial signatures use asymmetric encrvption. This means the message is encrypted with:

the sender's private key and decrypted with the sender's public key.

QUESTION 658 A help desk technician receives a phone call from someone claiming to be a part of the organizations cybersecurity incident response team. The caller asks the technician to verify networks internal firewall IP address. Which of the following is the technicians BEST course of action?

write down the phone number of the caller if possible, the name of the person requesting the information. Hang-up, and notify the organizations cybersecurity officer

QUESTION 659 An employee received a word processing file that was delivered as an email attachment. The subject line and email content enticed the employee to open the attachment. Which of the following attack vectors BEST matches this malware?

Macro-enabled file

QUESTION 660 Which of the following is the BEST example of a cost-effective physical control to enforce a USB removable media restriction policy?

implementing a GPO that will restrict access to authorized USB removable media and regularly verifying that it is enforced

QUESTION 661 The SOC for a large MSSP in a meeting to discuss the lessons learned from a recent incident that took much too long to resolve. This type of incident has become more common over weeks and is consuming large amounts of the analysts time due to manual tasks being performed. Which of the following solutions should the SOC consider to BEST improve its response time?

implement a SOAR with customizable playbooks

QUESTION 662 A security analyst is investigating suspicious traffic on the web server located at IP address 10.10.1.1. A search of the WAF logs reveals the following output: WHICH of the following is MOST likely occurring?

SQLi attack

QUESTION 663 Which of the following is an example of transference of risk?

purchasing insurance

QUESTION 664 A security engineer was assigned to implement a solution to prevent attackers from gaining access by pretending to be authorized users. Which of the following technologies meets the requirement?

MFA

QUESTION 665 A tax organization is working on a solution to validate the online submission of documents. The solution should be carried on a portable USB device that should be inserted on any computer that is transmitting a transaction securely. Which of the following is the BEST certificate for these requirements?

user certificate

QUESTION 666 During a trial, a judge determined evidence gathered from a hard drive was not admissible. Which of the folowing BEST explains this reasoning?

the chain of custody form did not note time zone offsets between transportation regions

QUESTION 667 A security analyst needs to be able to search and correlate logs from multiple sources in a single tool. Which of the following would BEST allow a security analyst to have this ability?

SIEM

QUESTION 668 The chief information security officer (CISO) has requested that a third-party vendor provide supporting documents that show proper controls are in place to protect customer data which of the following would be BEST for the third-party vendor to provide the CISO?

GDPR compliance attestation

QUESTION 669 An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has not received information about the internal architecture. Which of the following best represents the type of testing that will occur?

Black-box

QUESTION 670 A security analyst is reviewing application logs to determine the source of a breach and locates the following log: https://www.comptia. com/login. ph?id='$20or$20'1'1='1 Which Of the following has been observed?

SQLİ

QUESTION 671 A security analyst is receiving numerous alerts reporting that the response time of an internet- facing application has been degraded. However, the internal network performance has degraded. Which of the following MOST likely explains this behavior?

DDoS attack

QUESTION 672 Which of the following explains why RTO is included in a BIA?

It identifies the amount of allowable downtime for an application or system,

QUESTION 673 A company recently moved into a new annex of the building. Following the move, the help desk received reports of week Wi-Fi signals from users in that part of the building. Which of the following is the MOST likely cause of this issue?

WAP placement

QUESTION 674 Which of the following is a benefit of including a risk management framework into an organizations security approach?

it incorporates control development, policy, and management activities into IT operations

QUESTION 675 A security analyst is evaluating solutions to deploy an additional layer of protection for a web application. The goal is to allow only encrypted communications without relying on devices. Which of the following can be implemented?

HTTP security header

QUESTION 676 An IT security manager requests a report on company information that is publicly available. The managers concern is that malicious actors will be able to access the data without in active reconnaissance. Which of the following is the most efficient approach to perform the analysis?

Provide a domain parameter to theharvester tool

QUESTION 677 Which of the following documents provides expectations at a technical level for quality, availability, and responsibilities?

SLA

QUESTION 678 A security policy states that common words should not be used as passwords. A security auditor was able to perform a dictionary attack against corporate credentials. Which of the following controls was being violated?

password complexity

QUESTION 679 A technician enables full disk encryption on a laptop that will be taken on a business trip. Which of the following does this process BEST protect?

data at rest

QUESTION 680 In a phishing attack, the perpetrator is pretending to be someone in a position of power in an effort to influence the target to click or follow the desired response. Which of the following principles is being used?

Intimidation

QUESTION 681 A company is working on mobile device security after a report revealed that users granted non-verified software access to corporate data. Which of the following is the most enforced security control to mitigate this risk?

block access to application stores

QUESTION 682 A company labeled some documents with the public sensitivity classification. This means the documents can be accessed by?

employees of other companies and the press

QUESTION 683 A security engineer is building a file transfer solution to send files to a business partner. The users would like to drop off the files in a specific directory and have the server send to the businesS partner. The connection to the business partner is over the internet and needs to be secure. Which of the following can be used?

SSH

QUESTION 684 A security incident has been resolved. Which of the following BEST described the importance of final phase of the incident response plan?

it examines and documents how well the team responded, discovers what caused the incident, and determines how the incident can be avoided in the future

QUESTION 685 A business operations manager is concerned that a PC that is critical to business operations will have a costly hardware failure soon. The manager is looking for options to continue business operations without incurring large costs. Which of the following would mitigate the managers concerns?

perform a physical-to-virtual migration

QUESTION 686 An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled. Which of the following can be used to accomplish this task?

Host-based firewall

QUESTION 687 A company is implementing BYOD and wants to ensure all users have access to the same cloud. based services. Which of the following would BEST allow the company to meet this requirement?

SaaS

QUESTION 688 Which of the following control Types would be BEST to use in an accounting department to reduce losses from fraudulent transactions?

Detective

QUESTION 689 The database administration team is requesting guidance for a secure solution that will ensure confidentiality of cardholder data at rest only in certain fields in the database schema. The requirement is to substitute a sensitive data field with a non-sensitive field that is rendered useless if a data breach occurs. Which of the following is the BEST solution to meet the requirement?

Tokenization

QUESTION 690 A SOC operator is analyzing a log file that contains the following entries: (06-Apr-2021-18: 00: 06] GET /index . php /. .1. 1. .1. .le.l- .Jetc/passwd [06-Apr-2021-18:01:07) GET /index. phpl. . l. .l. .t. .l. -l. . letc/shadow [o6-Apr-2021-18 : 01:26] GET /index .php/../..l../ .t. .]..l. .J. ./. .l. .Jetc/passud (06-Apr-2021-18:02:16] GET /index.php? varl=; cat /ete/passwd: &var2-=78 65tgydk [O6-Apr-2021-18: 02 :56] GET /index . php ?varl=; cat /etc/shadow; &var2-7865tgydk

Command injection and irectory traversal attempts

QUESTION 691 Which of the following actions would be recommended to improve an incident response process?

Train the team to identify the difference between events and incidents

QUESTION 692 An organization would like to give remote workers the ability to use applications hosted inside the corporate network. Users will be allowed to use their personal computers or they will be provided organization assets. Either way no data or applications wil be installed locally on any user systems. Which of the following mobile solutions would accomplish these goals?

VDI

QUESTION 693 The Chief Information Security Officer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access. Which of the following is the BEST security solution to reduce this risk?

CASB

QUESTION 694 Which of the following would BEST provide detective and corrective controls for thermal regulation?

An HVAC system

QUESTION 695 Which of the following statements BEST describes zero-day exploits?

A zero-day exploit is initially undetectable and no patch for it exists

QUESTION 696 An organization discovered files with proprietary financial data have been deleted. The files have been recovered from backup, but every time the Chief Financial Officer logs in to the file server, the same files are deleted again. No other users are experiencing this issue. Which of the following types of malware is MOST likely causing this behavior?

Logic bomb

QUESTION 697 An IT manager is estimating the mobile device budget for the upcoming year. Over the last five years, the number of devices that were replaced due to loss damage or theft steadily increased by 10%. Which of the following would BEST describe the estimated number of devices to be replaced next year?

ARO

QUESTION 698 Which of the following is assured when a user signs an email using a private key?

Non-repudiation

QUESTION 699 An organization implemented a process that compares the settings Currently configured on systems against secure configuration guidelines in order to identify any gaps. Which of the following control types has the organization implemented?

Preventive

QUESTION 700 A company wants to improve end users' experiences when they log in to a trusted partner website. The company does not want the users to be issued separate credentials for the partner website. Which of the following should be implemented to allow users to authenticate using their own credentials to log in to the trusted partner's website?

Federation

QUESTION 701 Which of the following would be the BEST way to analyze diskless malware that has infected a VDI?

Take a memory snapshot of the running system.

image

QUESTION 703 A report delivered to the Chief Information Security Officer (CISO) shows that some user credentials could be exfiltrated. The report also indicates that users tend to choose the same credentials on different systems and applications. Which of the following policies should the CISO use to prevent someone from using the exfiltrated credentials?

Password history

QUESTION 704 A user is attempting to navigate to a website from inside the company network using a desktop. When the user types in the URL. https://www.site.com, the user is presented with a certificate mismatch warning from the browser. The user does not receive a warning when visiting http://www.anothersite.com. Which of the following describes this attack?

DNS poisoning

A new company wants to avoid channel interference when building a WLAN. The company needs to know the radio frequency behavior, identify dead zones, and determine the best place for access points. Which of the following should be done FIRST?

Conduct a site survey.

QUESTION 706 Which of the following tools is effective in preventing a user from accessing unauthorized removable media?

USB data blocker

100

QUESTION 707 An engineer wants to inspect traffic to a cluster of web servers in a cloud environment. Which of the following solutions should the engineer implement?

WAF

security+1

security+1

security+2

security+2

security+6

security+6

security+8

security+8

security+9

security+9

security+10

security+10

security+11

security+11

security+12

security+12

cysa+1

cysa+1

cysa+2

cysa+2

cysa+3

cysa+3

A+1

A+1

問題一覧

QUESTION 608 A company wants the ability to restrict web access and monitor the websites that employees visit. Which of the following would BEST meet these requirements?

internet proxy

WPA2-Enterprise

Pass-the-hash

Netstat

QUESTION 612 Which of the following describes the continuous delivery software development methodology?

Agile

On-path attack

Tabletop exercise

SaaS

A forward proxy server

WAP placement

QUESTION 618 Which of the following BEST reduces the security risks introduced when running systems have expired vendor support and lack an immediate replacement?

Implement proper network access restrictions

FAR

Malicious script

Staging

Service

Generate a list of domains similar to the company's own and implement a DNS sinkhole for each.

QUESTION 624 As part of a security compliance assessment, an auditor performs automated vulnerability scans. In addition, which of the following should the auditor do to complete the assessment?

Log analysis

CASB

QUESTION 626 Which of the following is the MOST relevant security check to be performed before embedding third-parry libraries in developed code?

Assess existing vulnerabilities affecting the third-parry code and the remediation efficiency of the libraries' developers.

Keylogger

QUESTION 628 Which of the following is the MOST likely reason for securing an air-gapped laboratory HVAC system?

To avoid data leakage

Revoke the code-signing certificate.

DNS Poisoning

Lessons learned

Utilizing SIEM correlation engines

DLP

Direct access

QUESTION 635 Which of the following policies establishes rules to measure third-party work tasks and ensure deliverables are provided within a specific time line?

SLA

image

DNS poisoning

Which of the following in a forensic investigation should be priorities based on the order of volatility?

Ram, Cache

Snapshot

A SOC 2 Type 2 report

QUESTION 640 A security monitoring company offers a service that alerts ifs customers if their credit cards have been stolen. Which of the following is the MOST likely source of this information?

The dark web

QUESTION 641 Which of the following would MOST likely be identified by a credentialed scan but would be missed by an uncredentialed scan?

Missing patches for third-party software on Windows workstations and servers.

Password history

pivoting

An organization has hired a red team to simulate attacks on its security posture. Which of the following will the blue team do after detecting an loC?

Activate runbooks for incident response

Check the hash of the installation file

SSH

HIDS

QUESTION 648 Which of the following are common VolP-associated vulnerabilities? (Choose two.)

Vishing, Credential harvesting

Smishing

nmap -p 80 10.10.10.0/24

QUESTION 651 Which of the following would detect intrusions at the perimeter of an airport?

Fencing

Hybrid

Implement input validation

Place the unauthorized application in a blocklist.

The business continuity plan

Logic Bomb

QUESTION 657 Digial signatures use asymmetric encrvption. This means the message is encrypted with:

the sender's private key and decrypted with the sender's public key.

write down the phone number of the caller if possible, the name of the person requesting the information. Hang-up, and notify the organizations cybersecurity officer

Macro-enabled file

QUESTION 660 Which of the following is the BEST example of a cost-effective physical control to enforce a USB removable media restriction policy?

implementing a GPO that will restrict access to authorized USB removable media and regularly verifying that it is enforced

implement a SOAR with customizable playbooks

SQLi attack

QUESTION 663 Which of the following is an example of transference of risk?

purchasing insurance

MFA

user certificate

QUESTION 666 During a trial, a judge determined evidence gathered from a hard drive was not admissible. Which of the folowing BEST explains this reasoning?

the chain of custody form did not note time zone offsets between transportation regions

QUESTION 667 A security analyst needs to be able to search and correlate logs from multiple sources in a single tool. Which of the following would BEST allow a security analyst to have this ability?

SIEM

GDPR compliance attestation

Black-box

SQLİ

DDoS attack

QUESTION 672 Which of the following explains why RTO is included in a BIA?

It identifies the amount of allowable downtime for an application or system,

WAP placement

QUESTION 674 Which of the following is a benefit of including a risk management framework into an organizations security approach?

it incorporates control development, policy, and management activities into IT operations

HTTP security header

Provide a domain parameter to theharvester tool

QUESTION 677 Which of the following documents provides expectations at a technical level for quality, availability, and responsibilities?

SLA

password complexity

QUESTION 679 A technician enables full disk encryption on a laptop that will be taken on a business trip. Which of the following does this process BEST protect?

data at rest

Intimidation

block access to application stores

QUESTION 682 A company labeled some documents with the public sensitivity classification. This means the documents can be accessed by?

employees of other companies and the press

SSH

QUESTION 684 A security incident has been resolved. Which of the following BEST described the importance of final phase of the incident response plan?

it examines and documents how well the team responded, discovers what caused the incident, and determines how the incident can be avoided in the future

perform a physical-to-virtual migration

Host-based firewall

QUESTION 687 A company is implementing BYOD and wants to ensure all users have access to the same cloud. based services. Which of the following would BEST allow the company to meet this requirement?

SaaS

QUESTION 688 Which of the following control Types would be BEST to use in an accounting department to reduce losses from fraudulent transactions?

Detective

Tokenization

Command injection and irectory traversal attempts

QUESTION 691 Which of the following actions would be recommended to improve an incident response process?

Train the team to identify the difference between events and incidents

VDI

CASB

QUESTION 694 Which of the following would BEST provide detective and corrective controls for thermal regulation?

An HVAC system

QUESTION 695 Which of the following statements BEST describes zero-day exploits?

A zero-day exploit is initially undetectable and no patch for it exists

Logic bomb

ARO

QUESTION 698 Which of the following is assured when a user signs an email using a private key?

Non-repudiation

Preventive

Federation

QUESTION 701 Which of the following would be the BEST way to analyze diskless malware that has infected a VDI?

Take a memory snapshot of the running system.

image

Password history

DNS poisoning

Conduct a site survey.

QUESTION 706 Which of the following tools is effective in preventing a user from accessing unauthorized removable media?

USB data blocker

100

QUESTION 707 An engineer wants to inspect traffic to a cluster of web servers in a cloud environment. Which of the following solutions should the engineer implement?

WAF