security+8

100問 • 2年前

問題一覧

QUESTION 708 A user enters a username and a password at the login screen for a web portal. A few seconds later the following message appears on the screen: Please use a combination of numbers, special characters, and letters in the password field. Which of the following concepts does this message describe?

Password complexity

QUESTION 710 Data exfiltration analysis indicates that an attacker managed to download system configurationnotes from a web server. The web-server logs have been deleted, but analysts have determined that the system configuration notes were stored in the database administrator's folder on the web server. Which of the following attacks explains what occurred? (Choose two.)

Directory traversal, Privilege escalation

QUESTION 711 Which of the following is the MOST effective control against zero-day vulnerabilities?

Network segmentation

QUESTION 712 Which of the following organizations sets frameworks and controls for optimal security configuration on systems?

ISO

QUESTION 713 Which of the following describes the exploitation of an interactive process to gain access to restricted areas?

Privilege escalation

QUESTION 714 Which of the following is a known security risk associated with data archives that contain financial information?

Data can become a liability if archived longer than required by regulatory guidance

QUESTION 715 A large bank with two geographically dispersed data centers is concerned about major power disruptions at both locations. Every day each location experiences very brief outages that last for a few seconds. However, during the summer a high risk of intentional brownouts that last up to an hour exists, particularly at one of the locations near an industrial smelter. Which of the following is the BEST solution to reduce the risk of data loss?

UPS

QUESTION 716 Several universities are participating in a collaborative research project and need to share compute and storage resources. Which of the following cloud deployment strategies would BEST meet this need?

Community

QUESTION 717 An organization has activated an incident response plan due to a malware outbreak on its network. The organization has brought in a forensics team that has identiied an internet-facing Windows server as the likely point of initial compromise. The malware family that was detected is known to be distributed by manually logging on to servers and running the malicious code. Which of the folowing actions would be BEST to prevent reinfection from the infection vector?

Block port 3389 inbound from untrusted networks.

QUESTION 718 A Chief Security Officer (CSO) is concerned that cloud-based services are not adequately protected from advanced threats and malware. The CSO believes there is a high risk that a data breach could occur in the near future due to the lack of detective and preventive controls. Which of the following should be implemented to BEST address the CSO's concerns? (Choose two.)

A CASB, An NG-SWG

QUESTION 719 Field workers in an organization are issued mobile phones on a daily basis. All the work is nerormed within one city, and the mobile phones are not used for any purpose other than work. The organization does not want these phones used for personal purposes. The organization would like to issue the phones to workers as permanent devices so the phones do not need to be reissued every day. Given the conditions described, which of the following technologies would BEST meet these requirements?

Moble device management

QUESTION 720 During a recent incident an external attacker was able to exploit an SMB vulnerability over the internet. Which of the following action items should a security analyst perform FIRST to prevent this from occurring again?

Block unneeded TCP 445 connections

QUESTION 721 Business partners are working on a security mechanism to validate transactions securely. The requirement is for one company to be responsible for deploying a trusted solution that will register and issue artifacts used to sign, encrypt, and decrypt transaction files. Which of the following is the BEST solution to adopt?

PKI

QUESTION 722 An organizatíon wants to participate in threat intelligence information sharing with peer groups. Which of the following would MOST likely meet the organizations requirement?

Implement a TAXI| server

QUESTION 723 An organization has developed an application that needs a patch to fix a critical vulnerability. In which of the following environments should the patch be deployed LAST?

Production

QUESTION 724 Which of the following risk management strategies would an organization use to maintain a legacy system with known risks for operational purposes?

Acceptance

QUESTION 725 A social media company based in North America is looking to expand into new global markets and needs to maintain compliance with international standards. With which of the following is the company's data protection officer MOST likely concerned?

ISO 27001

QUESTION 726 Several users have opened tickets with the help desk. The help desk has reassigned the tickets to a security analyst for further review. The security analyst reviews the following metrics:

Corporate PCs have been turned into a botnet

QUESTION 727 A security analyst wants to fingerprint a web server. Which of the following tools will the security analyst MOST likely use to accomplish this task?

curl --head http://192.168.0.10

QUESTION 728 A security analyst is working on a project to implement a solution that monitors network communications and provides alerts when abnormal behavior is detected. Which of the following is the security analyst MOST Iikely implementing?

User behavior analysis

QUESTION 729 Which of the following provides a calculated value for known vulnerabilities so organizations can prioritize mitigation steps?

CVSS

QUESTION 730 A Chief lnformation Securityy Officer has defined resiliency requirements for a new data center architecture. The requirements are as follows: - Critical fileshares will remain accessible during and after a natural disaster - Five percent of hard disks can fail at any given time without impacting the data. -Systems will be forced to shut down gracefully when battery levels are below 20% Which of the following are required to BEST meet these objectives? (Select THREE)

RAID, UPS, Geographic dispersal

QUESTION 731 An administrator is configuring a firewall rule set for a subnet to only access DHCP, web pages,and SFTP, and to specifically block FTP. Which of the following would BEST accomplish this goal? A. [Permission Source Destination Port] Allow: Any Any 80 Allow: Any Any 443 Allow: Any Any 67 Allow: Any Any 68 Allow: Any Any 22 Deny: Any Any 21 Deny: Any Any B.[Permission Source Destination Port] Allow: Any Any 80 Allow: Any Any 443 Allow: Any Any 67 Allow: Any Any 68 Deny: Any Any 22 Allow: Any Any 21 Deny: Any Any C.[Permission Source Destination Port) Allow: Any Any 80 Allow: Any Any 443 Allow: Any Any 22 Deny: Any Any 67 Deny: Any Any 68 Deny: Any Any 21 Allow: Any Any D. [Permission Source Destination Port) Allow: Any Any 80 Allow: Any Any 443 Deny: Any Any 67 Allow: Any Any 68 Allow: Any Any 22 Allow: Any Any 21 Allow: Any Any

QUESTION 732 A forensic analyst needs to prove that data has not been tampered with since it was collected. Which of the following methods will the analyst MOST likely use?

Calculate the checksum using a hashing algorithm

QUESTION 733 A systems administrator reports degraded performance on a virtual server. The administrator increases the virtual memory allocation which improves conditions, but performance degrades again after a few days. The administrator runs an analysis tool and sees the following output: ==3214== timeAttend.exe analyzed ==3214== ERROR SUMMARY: ==3214== malloc/free: in use at exit: 4608 bytes in 18 blocks. ==3214== checked 82116 bytes ==3214== definitely lost: 4608 bytes in 18 blocks. The administrator terminates the timeAttend.exe observes system performance over the next few days, and notices that the system performance does not degrade. Which of the following issues is MOST likely occurring?

Memory leak

QUESTION 734 An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given all the developer's documentation about the internal architecture. Which of the following BEST represents the type of testing that will occur?

White-box

QUESTION 735 An organization has decided to purchase an insurance policy because a risk assessment determined that the cost to remediate the risk is greater than the five-year cost of the insurance policy. The organization is enabling risk:

transference

QUESTION 736 Which of the following is the GREATEST security concern when outsourcing code development to third-party contractors for an internet-facing application?

Unknown backdoor

QUESTION 737 A company is auditing the manner in which its European customers' personal intormation s handled. Which of the following should the company consult?

GDPR

QUESTION 738 A security analyst is designing the appropriate controls to limit unauthorized access to a physical site. The analyst has a directive to utilize the lowest possible budget. Which of the following would BEST meet the requirements?

Deterrent controls

QUESTION 739 An administrator needs to protect user passwords and has been advised to hash the passwords. Which of the following BEST describes what the administrator is being advised to do?

Perform a mathematical operation on the passwords that will convert them into unique strings.

QUESTION 740 Which of the following would BEST provide a systems administrator with the ability to more efficiently identify systems and manage permissions and policies based on location, role, and service level?

Standard naming conventions

QUESTION 741 During an incident response, an analyst applied rules to all inbound traffic on the border firewall and implemented ACLS on each critical server. Following an investigation, the company realizes it is still vulnerable because outbound traffic is not restricted, and the adversary is able to maintain a presence in the network. In which of the following stages of the Cyber Kill Chain is the adversary currently operating?

Command and control

Which of the following terms describes a broad range of information that is sensitive to a specific organization?

Proprietary

QUESTION 743 A company suspects that some corporate accounts were compromised. The number of suspicious logins from locations not recognized by the users is increasing. Employees who travel need their accounts protected without the risk of blocking legitimate login requests that may be made over new sign-in properties. Which of the following security controls can be implemented?

Enforce MFA when an account request reaches a risk threshold.

QUESTION 744 Which of the following would be indicative of a hidden audio file found inside of a piece of source code?

Steganography

QUESTION 745 A software company adopted the following processes before releasing software to production: - Peer review - Static code scanning - Signing A considerable number of vulnerabilities are still being detected when code is executed on production. Which of the following security tools can improve vulnerability detection on this environment?

File integrity monitonng for the source code

QUESTION 746 An organization is migrating several SaaS applications that support SSO. The security manager wants to ensure the migration is completed securely. Which of the following application integration aspects should the organization consider before focusing into underlying implementation details? (Choose two.)

The identity federation protocol, The certificate authority

QUESTION 747 A security analyst was asked to evaluate a potential attack that occurred on a publicly accessible section of the company's website. The malicious actor posted an entry in an attempt to trick users into cltckmg the following: https://www.cOmptla.com/contact- us/3Fname%3D%3CSscript%3Ealert (document. cookie) %3C%2Fscript%3E Which of the following was MOST likely observed?

XSS

QUESTION 748 During an incident response process involving a laptop, a host was identified as the entry point for malware. The management team would like to have the laptop restored and given back to the user. The cybersecurity analyst woud like to continue investigating the intrusion on the host. Which of the following would allow the analyst to continue the investigation and also return the laptop to the user as soon as possible?

QUESTION 749 A Chief Information Security Oficer wants to ensure the organization is validating and checking the Integrity of zone transfers. Which of the following solutions should be implemented?

DNSSEC

QUESTION 750 To reduce and limit software and infrastructure costs, the Chief Information Officer has requested to move email services to the cloud. The cloud provider and the organization must have security controls to protect sensitive data. Which of the following cloud services would BEST accommodate the request?

SaaS

QUESTION 751 An audit identified PIl being utlized in the development environment of a critical application. The Chief Privacy Officer (CPO) is adamant that this data must be removed; however, the developers are concerned that without real data they cannot perform functionality tests and search for specific data. Which of the following should a security professional implement to BEST satisfy both the CPO's and the development team's requirements?

Data anonymization

QUESTION 752 Which of the following are the BEST ways to implement remote home access to a company's intranet systems if establishing an always-on VPN is not an option? (Select Two)

Enable MFA for intranet systems, Install VPN concentrations at home offices

QUESTION 753 Which of the following control types fixes a previously identified issue and mitigates a risk?

Corrective

QUESTION 754 A security analyst has identified malware spreading through the corporate network and has activated the CSIRT Which of the following should the analyst do NEXT?

Attempt to quarantine all infected hosts to limit further spread.

image

LFI, Directory traversal

QUESTION 756 An attacker replaces a digitally signed document with another version that goes unnoticed. Upon reviewing the document's contents, the author notices some additional verbiage that was not originally in the document but cannot validate an integrity issue. Which of the following attacks was used?

Collision

QUESTION 757 During a recent security assessment, a vulnerability was found in a common OS, The OS vendor was unaware of the issue and promised to release a patch within next quarter. Which of the following BEST describes this type of vulnerability?

Zero day

QUESTION 758 A network engineer created two subnets that will be used for production and development servers. Per security policy, production and development servers must each have a dedicated network that cannot communicate with one another directly. Which of the following should be deployed so that server administrators can access these devices?

Jump servers

QUESTION 759 The Chief Information Security Officer (CISO) of a bank recently updated the incident response policy. The CISO is concerned that members of the incident response team do not understand their roles. The bank wants to test the policy but with the least amount of resources or impact. Which of the following BEST meets the requirements?

Tabletop walk-through

QUESTION 760 A company has a flat network in the cloud. The company needs to implement a solution to segment its production and non-production servers without migrating servers to a new network. Which of the following solutions should the company implement?

VLAN segmentation

A security analyst is tasked with defining the "something you are" factor of the company's MFA settings. Which of the following is BEST to use to complete the configuration?

Vein

QUESTION 762 A news article states hackers have been selling access to loT camera feeds. Which of the following is the Most likely reason for this issue?

Weak credentials

QUESTION 763 Which of the following prevents an employee from seeing a colleague who is visiting an inappropriate website?

AUP

QUESTION 764 Which of the following techniques eliminates the use of rainbow tables for password cracking?

Salting

QUESTION 765 A large financial services firm recently released information regarding a security breach within its corporate network that begarn several years before. During the time frame in which the breach occurred, indicators show an attacker gained administrative access to the network through a file downloaded from a social media site and subsequently installed it without the user's knowledge. Since the compromise, the attacker was able to take command and control the computer systems anonymously while obtaining sensitive corporate and personal employee information. Which of the following methods did the attacker MOST likely use to gain access?

A RAT

QUESTION 766 A security analyst is receiving several alerts per user and is trying to determine If various logins are malicious. The security analyst would like to create a baseline of normal operations and reduce noise. Which of the following actions should the security analyst perform?

Utilize behavioral analysis to enable the SIEM's learning mode.

QUESTION 767 Which of the following typically uses a combination of human and artificial intelligence to analyze event data and take action without intervention?

SOAR

QUESTION 768 While preparing a software Inventory report, a security analyst discovers an unauthorized program installed on most of the company's servers. The program utilizes the same code signing certificate as an application deployed to only the accounting team. Which of the following mitigations would BEST secure the server environment?

Revoke the code signing certificate used by both programs.

QUESTION 769 A security analyst in a SOC has been tasked with onboarding a new network into the SIEM. Which of the following BEST describes the information that should feed into a SIEM solution in order to adequately support an investigation?

Logs from each device type and security layer to provide correlation of events

QUESTION 770 Two hospitals merged into a single organization. The privacy officer requested a review of all records to ensure encryption was used during record storage, in compliance with regulations. During the review, the officer discovered thai medical diagnosis codes and patient names were left unsecured. Which of the following types of data does this combination BEST represent?

Personal health information

QUESTION 771 Which of the following is the MOST effective way to detect security flaws present on third-party libraries embedded on software before it is released into production?

Implement a vulnerability scan to assess dependencies earlier on SDLC.

QUESTION 772 A Chief Security Officer is looking for a solution that can reduce the occurrence of customers receiving errors from back-end infrastructure when systems go offline unexpectedly. The security architect would like the solution to help maintain session persistence. Which of the following would BEST meet the requirements?

Load balancer

QUESTION 773 Which of the following is a reason to publish files' hashes?

To validate the integrity of the files

QUESTION 774 A company is moving its retail website to a public cloud provider. The company wants to tokenize credit card data but not allow the cloud provider to see the stored credit card information. Which of the following would BEST meet these objectives?

CASB

QUESTION 775 A technician was dispatched to complete repairs on a server in a data center. While locating the server, the technician entered a restricted area without authorization. Which of the following security controls would BEST prevent this in the future?

Implement access control vestibules.

QUESTION 776 A user wanted to catch up on some work over the weekend but had issues logging in to the corporate network using a VPN. On Monday, the user openeda ticket for this issue but was able to log in successfully. Which of the following BEST describes the policy that is being implemented?

Time-based logins

Several attempts have been made to pick the door lock of a secure facility. As a result, the security engineer has been assigned to implement a stronger preventative access control. Which of the following would BEST complete the engineer's assignment?

Replacing the traditional key with an RFID key

QUESTION 778 A security analyst is evaluating the risks of authorizing multiple security solutions to collect data from the company's cloud environment Which of the following is an immediate consequence of these integrations?

Increase in the attack surface

QUESTION 779 Security analysts notice a server login from a user who has been on vacation for two weeks. The analysts confirm that the user did not log in to the system while on vacation. After reviewing packet capture logs, the analysts notice the following: username: …SmithJA… Password: 944d3697d8880ed401b5ba2c77811 Which of the following occurred?

An attacker used a pass-the-hash attack to gain access

QUESTION 780 A company's security team received notice of a critical vulnerability affecting a high-profile device within the web infrastructure. The vendor patch was just made available online but has not yet been regression tested in development environments. In the interim, firewall rules were implemented to reduce the access to the interface affected by the vulnerability. Which of the following controls does this scenario describe?

Compensating

QUESTION 781 After a recent external audit, the compliance team provided a list of several non-compliant, in-scope hosts that were not encrypting cardholder data at rest. Which of the following compliance frameworks would address the compliance team's GREATEST Concern?

PCI DSS

QUESTION 782 Which of the following is used to ensure that evidence is admissible in legal proceedings when it is collected and provided to the authorities?

Chain of custody

QUESTION 783 An analyst receives multiple alerts for beaconing activity for a host on the network, After analyzing the activity , the analyst observes the following activity: -A user enters comptia.Org into a web browser. - The website that appears is not the comptia.org site. - The website is a malicious site from the attacker. - Users in a different office are not having this issue. Which of the following types of attacks was observed?

DNS poisoning

QUESTION 784 A security analyst is tasked with classifying data to be stored on company servers. Which of the following should be classified as proprietary?

Marketing strategies

QUESTION 785 A security engineer is concerned about using an agent on devices that relies completely on defined known-bad signatures. The security engineer wants to implement a tool with multiple components including the ability to track, analyze, and monitor devices without reliance on definitions alone. Which of the following solutions BEST fits this use case?

EDR

QUESTION 786 should the security architect recommend to BEST meet the requirement?

VDl and thin clients

QUESTION 787 Which of the following should an organization consider implementing In the event executives need to speak to the media after a publicized data breach?

Communication plan

QUESTION 788 An analyst is reviewing logs associated with an attack. The logs indicate an attacker downloaded a malicious fle that was quarantined by the AV solution. The attacker utilized a local non-administrative account to restore the malicious file to a new location. The file was then used by another process to execute a payload. Which of the following attacks did the analyst observe?

Injection

QUESTION 789 The president of a regional bank likes to frequently provide SOC tours to potential investors. Which of the following policies BEST reduces the risk of malicious activity ocCurring after a tour?

Clean desk

QUESTION 790 A security analyst has been tasked with finding the maximum amount of data loss that can occur before ongoing business operations would beimpacted. Which of the following terms BEST defines this metric?

RPO

QUESTION 791 Which of the following can be used by a monitoring tool to compare values and detect password leaks without providing the actual credentials?

Hashing

QUESTION 792 An annual information security assessment has revealed that several OS-level configurations are not in compliance due to outdated hardening standards the company is using. Which of the following would be BEST to use to update and reconfigure the OS-level security configurations?

CIS benchmarks

QUESTION 793 A company wants to simplify the certificate management process. The company has a single domain with several dozen subdomains, all of which are publicly accessible on the internet. Which of the following BEST describes the type of certificate the company should implement?

Wildcard

QUESTION 794 Which of the following BEST describes when an organization utilizes a ready-to-use application from a cloud provider?

SaaS

QUESTION 795 A security analyst is reviewing web-application logs and finds the following log: https://www.comptia.org/ contact-us/%3Ffile%3D…%2F. A2F.A2Fescgs2Fpasswd Which of the following attacks is being observed?

Directory traversal

QUESTION 796 Which of the following describes a social engineering technique that seeks to exploit a person's sense of urgency?

A phishing email stating a cash settlement has been awarded but will expire soon

QUESTION 797 An organization just implemented a new security system. Local laws state that citizens must be notified prior to encountering the detection mechanism to deter malicious activities. Which of the following is being implemented?

Motion sensors with signage

QUESTION 798 Which of the following is a targeted attack aimed at compromising users withina specific industry or group?

Watering hole

QUESTION 799 Which of the following documents provides guidance regarding the recommended deployment of network security systems from the manufacturer?

NIST RMF

QUESTION 800 Users are presented with a banner upon each login to a workstation. The banner mentions that users are not entitled to any reasonable expectation of privacy and access is for authorized personnel only. In order to proceed past that banner. users must click the OK button. Which of the following is this an example of?

AUP

QUESTION 801 Which of the following is the BEST action to foster a consistent and auditable incident response process?

Rotate CIRT members to foster a shared responsibility model in the organization.

QUESTION 802 A user reports falling for a phishing email to an analyst. Which of the following systen logs would the analyst check FIRST?

Message gateway

QUESTION 803 A penetration tester is fuzzing an application to identify where the EIP of the stack is located on memory. Which of the following attacks is the penetration tester planning to execute?

Buffer overflow

QUESTION 804 A user forwarded a suspicious email to the security team, Upon investigation, a malicious URL was discovered. Which of the following should be done FIRST to prevent other users from accessing the malicious URL?

Configure the web content filter for the web address.

QUESTION 805 Which of the following in the incident response process is the BEST approach to improve the speed of the identification phase?

Tune monitoring in order to reduce false positive rates.

QUESTION 806 An attacker has determined the best way to impact operations is to infiltrate third-party software vendors. Which of the following vectors is being exploited?

Supply chain

QUESTION 807 Which of the following concepts BEST describes tracking and documenting changes to software and managing access to files and systems?

Version control

100

QUESTION 808 Which of the following controls is used to make an organization initially aware of a data compromise?

Detective

security+1

security+1

security+2

security+2

security+6

security+6

security+7

security+7

security+9

security+9

security+10

security+10

security+11

security+11

security+12

security+12

cysa+1

cysa+1

cysa+2

cysa+2

cysa+3

cysa+3

A+1

A+1

問題一覧

Password complexity

Directory traversal, Privilege escalation

QUESTION 711 Which of the following is the MOST effective control against zero-day vulnerabilities?

Network segmentation

QUESTION 712 Which of the following organizations sets frameworks and controls for optimal security configuration on systems?

ISO

QUESTION 713 Which of the following describes the exploitation of an interactive process to gain access to restricted areas?

Privilege escalation

QUESTION 714 Which of the following is a known security risk associated with data archives that contain financial information?

Data can become a liability if archived longer than required by regulatory guidance

UPS

Community

Block port 3389 inbound from untrusted networks.

A CASB, An NG-SWG

Moble device management

Block unneeded TCP 445 connections

PKI

QUESTION 722 An organizatíon wants to participate in threat intelligence information sharing with peer groups. Which of the following would MOST likely meet the organizations requirement?

Implement a TAXI| server

QUESTION 723 An organization has developed an application that needs a patch to fix a critical vulnerability. In which of the following environments should the patch be deployed LAST?

Production

QUESTION 724 Which of the following risk management strategies would an organization use to maintain a legacy system with known risks for operational purposes?

Acceptance

ISO 27001

Corporate PCs have been turned into a botnet

QUESTION 727 A security analyst wants to fingerprint a web server. Which of the following tools will the security analyst MOST likely use to accomplish this task?

curl --head http://192.168.0.10

User behavior analysis

QUESTION 729 Which of the following provides a calculated value for known vulnerabilities so organizations can prioritize mitigation steps?

CVSS

RAID, UPS, Geographic dispersal

QUESTION 732 A forensic analyst needs to prove that data has not been tampered with since it was collected. Which of the following methods will the analyst MOST likely use?

Calculate the checksum using a hashing algorithm

Memory leak

White-box

transference

QUESTION 736 Which of the following is the GREATEST security concern when outsourcing code development to third-party contractors for an internet-facing application?

Unknown backdoor

QUESTION 737 A company is auditing the manner in which its European customers' personal intormation s handled. Which of the following should the company consult?

GDPR

Deterrent controls

QUESTION 739 An administrator needs to protect user passwords and has been advised to hash the passwords. Which of the following BEST describes what the administrator is being advised to do?

Perform a mathematical operation on the passwords that will convert them into unique strings.

Standard naming conventions

Command and control

Which of the following terms describes a broad range of information that is sensitive to a specific organization?

Proprietary

Enforce MFA when an account request reaches a risk threshold.

QUESTION 744 Which of the following would be indicative of a hidden audio file found inside of a piece of source code?

Steganography

File integrity monitonng for the source code

The identity federation protocol, The certificate authority

XSS

QUESTION 749 A Chief Information Security Oficer wants to ensure the organization is validating and checking the Integrity of zone transfers. Which of the following solutions should be implemented?

DNSSEC

SaaS

Data anonymization

QUESTION 752 Which of the following are the BEST ways to implement remote home access to a company's intranet systems if establishing an always-on VPN is not an option? (Select Two)

Enable MFA for intranet systems, Install VPN concentrations at home offices

QUESTION 753 Which of the following control types fixes a previously identified issue and mitigates a risk?

Corrective

QUESTION 754 A security analyst has identified malware spreading through the corporate network and has activated the CSIRT Which of the following should the analyst do NEXT?

Attempt to quarantine all infected hosts to limit further spread.

image

LFI, Directory traversal

Collision

Zero day

Jump servers

Tabletop walk-through

VLAN segmentation

A security analyst is tasked with defining the "something you are" factor of the company's MFA settings. Which of the following is BEST to use to complete the configuration?

Vein

QUESTION 762 A news article states hackers have been selling access to loT camera feeds. Which of the following is the Most likely reason for this issue?

Weak credentials

QUESTION 763 Which of the following prevents an employee from seeing a colleague who is visiting an inappropriate website?

AUP

QUESTION 764 Which of the following techniques eliminates the use of rainbow tables for password cracking?

Salting

A RAT

Utilize behavioral analysis to enable the SIEM's learning mode.

QUESTION 767 Which of the following typically uses a combination of human and artificial intelligence to analyze event data and take action without intervention?

SOAR

Revoke the code signing certificate used by both programs.

Logs from each device type and security layer to provide correlation of events

Personal health information

QUESTION 771 Which of the following is the MOST effective way to detect security flaws present on third-party libraries embedded on software before it is released into production?

Implement a vulnerability scan to assess dependencies earlier on SDLC.

Load balancer

QUESTION 773 Which of the following is a reason to publish files' hashes?

To validate the integrity of the files

CASB

Implement access control vestibules.

Time-based logins

Replacing the traditional key with an RFID key

Increase in the attack surface

An attacker used a pass-the-hash attack to gain access

Compensating

PCI DSS

QUESTION 782 Which of the following is used to ensure that evidence is admissible in legal proceedings when it is collected and provided to the authorities?

Chain of custody

DNS poisoning

QUESTION 784 A security analyst is tasked with classifying data to be stored on company servers. Which of the following should be classified as proprietary?

Marketing strategies

EDR

QUESTION 786 should the security architect recommend to BEST meet the requirement?

VDl and thin clients

QUESTION 787 Which of the following should an organization consider implementing In the event executives need to speak to the media after a publicized data breach?

Communication plan

Injection

Clean desk

RPO

QUESTION 791 Which of the following can be used by a monitoring tool to compare values and detect password leaks without providing the actual credentials?

Hashing

CIS benchmarks

Wildcard

QUESTION 794 Which of the following BEST describes when an organization utilizes a ready-to-use application from a cloud provider?

SaaS

Directory traversal

QUESTION 796 Which of the following describes a social engineering technique that seeks to exploit a person's sense of urgency?

A phishing email stating a cash settlement has been awarded but will expire soon

Motion sensors with signage

QUESTION 798 Which of the following is a targeted attack aimed at compromising users withina specific industry or group?

Watering hole

QUESTION 799 Which of the following documents provides guidance regarding the recommended deployment of network security systems from the manufacturer?

NIST RMF

AUP

QUESTION 801 Which of the following is the BEST action to foster a consistent and auditable incident response process?

Rotate CIRT members to foster a shared responsibility model in the organization.

QUESTION 802 A user reports falling for a phishing email to an analyst. Which of the following systen logs would the analyst check FIRST?

Message gateway

QUESTION 803 A penetration tester is fuzzing an application to identify where the EIP of the stack is located on memory. Which of the following attacks is the penetration tester planning to execute?

Buffer overflow

Configure the web content filter for the web address.

QUESTION 805 Which of the following in the incident response process is the BEST approach to improve the speed of the identification phase?

Tune monitoring in order to reduce false positive rates.

QUESTION 806 An attacker has determined the best way to impact operations is to infiltrate third-party software vendors. Which of the following vectors is being exploited?

Supply chain

QUESTION 807 Which of the following concepts BEST describes tracking and documenting changes to software and managing access to files and systems?

Version control

100

QUESTION 808 Which of the following controls is used to make an organization initially aware of a data compromise?

Detective