During a chief information, security officer (ciso) convention to discuss security awareness that tendons are provided with a network connection to use as a resource ethic and mention progress one of the attendance start to notice delays in the connection and the HTTPS site request are retrieving the HTTP which of the following best describes what happening?

A security administrator wants to implement a program that test a users ability to recognize attacks over the organizations email system. which of the following would be best suited for this task?

The financial institution would like to store its customer data in the cloud, but still allow the data to be accessed and manipulated while encrypted doing so, which prevent the cloud service providers from being able to this cipher the data due to eat sensitivity. A financial institution is not concerned about computational overhead and slow speech, which of the following cryptographic techniques best meet the requirement?

The chief technology offer of a local college would like visitors to utilize the schools Wi-Fi, but must be able to associate potential, malicious activity to a specific weak person which of the following would best allow this objective to be met?

A company would like to provide flexibility for employees on device preference. However, the company is concerned about supporting too many different types of hardware, which of the following deployment models will provide the needed flexibility with the greatest amount of control and security over company data and infrastructure.

An organization wants to enable build in FDE on all laptops which of the following should be organization ensure is installed on all laptops?

The compliance team is requires an annual recertification of privileged and non-privileged user access. However, multiple users who left the company six months ago, still have access, which of the following would have prevented this compliance violation.

A security engineer is installing a WAF to protect the companies website from malicious web requests over SSL which of the following is needed to meet the objective ?

During a security assessment, a security analyst finds a file with overly permissive permissions, which of the following tools will allow the analyst to reduce the permission for the existing users and groups, and remove the set user ID from the file?

which of the following must be in place before implementing A BCP?

which of the following provides a catalog of security and privacy controls related to the United States federal information systems .

Retail company that is launching a new website to showcase the company’s product line and other information for online shoppers registered the following urls: * www.companysite.com * shop.companysite.com *about-us.companysite.com *secure-logon.companysite.com which of the following should the company use to secure its website if the company is concerned with convenience and cost?

an employees account was used in data breach interviews with the employee revealed: • the employer was able to avoid changing passwords by using a previous password again. • the account was accessed from a hostile foreign nation but the employee has never traveled to any other countries. which of the following can be implemented to prevent this issues from reoccurring? (select two)

Security architect is implementing a new email architecture for a company. due to security concerns. The chief information security officer would like the new architecture to support email encryption, as well as provide for digital signatures, which of the following should the architect implement.

A user attempts to load a web based application, but the expected login screen does not appear. to help desk analysts troubleshoot the issue by running the following command, and reviewing the output of the users pc user>nslookup software-solution.com server: rogue.CompTIA.com address: 172.16.1.250 name: software-solution.com address: 10.20.10.10 The help desk analyst then runs the same command on the local pc helpdesk>nslookup software-solution.com server:dns.comptia.com address: 172.16.1.10 non-authoritative answer: name: software-solution.com Adress: 172.16.1.10 which of the following best describes that deck that is been detected?

The chief information security officer(ciso) has decided to reorganize security staff to concentrate on incident respond and to outsource outbound Internet URL categorization and filtering to an outside company. Additionally, the CISO would like this solution to provide the same protection even when a company laptop or mobile device is away from a home office. which off the following should the CISO choose?

A security engineer is hardening existing solution to reduce application on abilities, which of the following solutions should be engineer, implement first? (Select two)

Per company security policy, IT staff members are required to have separate credentials to perform administrative functions using just-in-time permissions. which of the following solutions is the company implementing?

A security analyst is running vulnerability scan to check for missing patches during a suspected security incident. during which of the following phases of the response process is this activity most likely occurring?

third-party ask a user to share a public key for secure communication. which of the following file format should the user choose to share the key.

a user reports trouble using a corporate laptop to let the phrases and respond slowly when writing documents, and mouse pointer occasionally disappears . Which of the following is most likely the issue?

a Security researcher has a alerted an organization that its sensitive user data was found for sale on the website which of the following should the organization use to inform affected parties?

An employee received multiple messages on model device, the message instructing the employee to pair the device to an unknown device which of the following best describes what a malicious person may be doing to cause this issue to occur?

A company is required to continue using legacy software to support a critical service, which of the following best explains the risk of this practice ?

a security manager needs to assess the security posture of one of the organizations vendors the contract with the vendor does not allow for auditing of the vendors security controls.which of the following should be the manager request to complete the assessment?

accompany recently experienced a major breach. an investigation concludes that customer credit card data was stolen and exfiltrated through a dedicated business partner connection to a vendor, who is not held to the same security control standards. which of the following is the most likely source of the breach?

A helpdesk technician received an email from chief information officer (CIO), asking for documents. the technician knows that the CIO is on vacation for a few weeks. which of the following should the technician due to validate the authenticity of the email?

Which of the following describes a maintenance metric measures the average time required to troubleshoot and restored failed equipment?

a network analyst is setting up a wireless access point for a home office in a remote rural location. The requirement is that users need to connect to the access point securely but do not want to have to remember passwords. which of the following should the network analyst enable to meet the requirement?

After segmenting the network, the network manager want to control the traffic between the segments. which of the following should the manager use to control the network traffic?

a Large enterprise has moved its data to the cloud behind strong authentication and encryption. a sales Director recently had a laptop stolen, and later, enterprise data was found to have been compromised from a local database. which of the following was the most likely cause?

A company is concerned about individuals driving a car into the building to gain access which of the following security control would work best to prevent this from happening ?

Employees at the company are receiving an unsolicited text messages on their corporate cell phones. The unsolicited text message contain a password reset link. which of the tax is being used to target the company?

The company is planning to install a guest wireless network so visitors will be able to access the Internet. The stakeholders want the network to be easy to connect so time is not wasted during meetings. the WAP’s are configured so that power levels and antennas cover only the conference rooms where visitors will attend meetings. which of the following would best protect the company’s internal wireless network against visitors accessing company resources?

Which of the following environments can be stood up in a short period of time utilizes either dummy data or actual data, and is used to demonstrate and model system capabilities and and functionality for a fixed agreed-upon duration of time?

A security assessment found that several embedded systems are running insecure protocols. These systems were purchased two years ago and the company that developed them is no longer in business. Which of the following constraints best describes the reason the findings cannot be remediated?

A systems analyst determines the source of a high number of connections, to a web server that were initiated by 10 different IP addresses that belong to a network block in a specific country. which of the following techniques will the systems analyst most likely implement to address this issue?

A software company is analyzing a process that detects software vulnerabilities at the earliest stage possible to goal is to scan the source looking for unsecure practices and weaknesses before the application is deployed in a runtime environment, which of the following would best assist the company with this objective ?

The company recently decided to allow its employees to use their personally owned devices for tasks. Like checking email and messaging via mobile applications. The company would like to use MDM, but employees are concerned about the loss of personal data. which of the following should the IT department implement to best protect the company against company data loss while still addressing employees concerns?

An organization recently acquired an ISO 27001 certification, which of the following would most likely be considered a benefit of this certification?

a Security engineer needs to create a network segment that can be used for servers that require connection from untrusted networks. which of the following should the engineer implement?

A company reduced the area utilized in its datacenter by creating virtual networking through automation and by creating provisioning routes and rules through scripting. which of the following does this example describes?

an organization is moving away from the use of client-site and server-site certificates for EAP. The company would like for the new EHP solution to have the ability to detect a rogue access point. which of the following would accomplish this requirements?

A chief information officer is concerned about employees using company issued laptops to steal data when assessing network shares. which of the following should the company implement?

An organization wants to integrate its incident response processes into a workflow with automated decision points and actions based on predefined playbooks. which of the following should the organization implement?

A security analyst needs an overview of vulnerabilities for a host on the network. which of the following is the best type of scan for the analyst to run to discover which vulnerable services are running?

Which of the following identifies the point in time when an organization will recover data in the event of an outage?

A company recently experienced an attack during which its main website was directed to the attacker's web server, allowing the attacker to harvest credentials from unsuspecting customers. Which of the following should the company implement to prevent this type of attack from occurring in the future?

A security analyst must enforce policies to harden an MDM infrastructure. The requirements are as follows: * Ensure mobile devices can be tracked and wiped. * Confirm mobile devices are encrypted. Which of the following should the analyst enable on all the devices to meet these requirements?

Which of the following function as preventive, detective, and deterrent controls to reduce the risk of physical theft? (Select TWO).

A security incident has been resolved Which of the following BEST describes the importance of the final phase of the incident response plan?

The technology department at a large global company is expanding its Wi-Fi network infrastructure at the headquarters building. Which of the following should be closely coordinated between the technology, cybersecurity, and physical security departments?

The security team received a report of copyright infringement from the IP space of the corporate network. The report provided a precise time stamp for the incident as well as the name of the copyrighted files. The analyst has been tasked with determining the infringing source machine and instructed to implement measures to prevent such incidents from occurring again. Which of the following is MOST capable of accomplishing both tasks?

Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in a software company's final software releases? (Select TWO.)

Which of the following is required in order for an IDS and a WAF to be effective on HTTPS traffic?

which of the following in a forensic investigation should be priorities based on the order of volatility? (select two).

A security engineer needs to build a splution to satisfy regulatory requirements that stale certain critical servers must be accessed using MFA However, the critical servers are older and are unable to support the addition of MFA, Which of the following will the engineer MOST likely use to achieve this objective?

An employee receives an email stating he won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm the employee's identity before sending him the prize. Which of the following BEST describes this type of email?

A backdoor was detected in the containerized application environment. The investigation detected that a zero-day vulnerability was introduced when the latest container image version was downloaded from a public registry. Which of the following is the BEST solution to prevent this type of incident from occurring again?

A company acquired several other small companies The company that acquired the others is transitioning network services to the cloud. The company wants to make sure that performance and security remain intact. Which of the following BEST meets both requirements?

A store receives reports that shoppers' credit card information is being stolen. Upon further analysis, those same shoppers also withdrew money from an ATM in that store. The attackers are using the targeted shoppers' credit card information to make online purchases. Which of the following attacks is the MOST probable cause?

A desktop support technician recently installed a new document-scanning software program on a computer. However, when the end user tried to launch the program, it did not respond. Which of the following is MOST likely the cause?

Which of the following environments utilizes dummy data and is MOST likely to be installed locally on a system that allows code to be assessed directly and modified easily with each build?

A bad actor tries to persuade someone to provide financial information over the phone in order to gain access to funds. Which of the following types of attacks does this scenario describe?

A security analyst has received several reports of an issue on an internal web application. Users state they are having to provide their credentials twice to log in. The analyst checks with the application team and notes this is not an expected behavior. After looking at several logs, the analyst decides to run some commands on the gateway and obtains the following output: Internet address 192.168.1.1 192.168.1.5 192.168.1.8 192.168.1.10 224.215.54.47 Physical address ff-00-5e-48-00- fb 00-0G-29-1a-e7-fa fc-41-5e-48-00-ff fc-00-5e-48-00-fb ff-ec-ab-00-aa-78 dynamic dynamic dynamic dynamic static Which of the following BEST describes the attack the company is experiencing?

A company wants to modify its current backup strategy to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategy

Which of the following is a risk that is specifically associated with hosting applications in the public cloud

A company was compromised, and a security analyst discovered the attacker was able to get access to a service account. The following logs were discovered during the investigation: User account 'JHDoe' does not exist... User account VMAdmin' does not exist.. User account 'tomcat' Wrong passwOrd... User account Admin' does not exist... Which of the following MOST likely would have prevented the attacker from learning the service account name?

As part of the building process for a web application, the compliance team requires that all PKI certificates are rotated annually and can only contain wildcards at the secondary subdomain level. Which of the following certificate properties will meet these requirements?

Remote workers in an organization use company-provided laptops with locally installed applications and locally stored data. Users can store data on a remote server using an encrypted connection. The organization discovered data stored on a laptop had been made available to the public Which of the following security solutions would mitigate the risk of future data disclosures?

Which of the following is the most secure but least expensive data destruction method for the data that is stored on hard drive?

an organization discovered a disgruntled employee exfiltrated a large amount of PII data by uploading files. which of the following controls should the organization consider to mitigate this risk?

as part of company’s ongoing SOC maturation process, the company wants to implement a method to share, cyber treat intelligence data with outside security partners, which of the following will the company most likely implement ?

which of the following incident response steps occurs before containment ?

which of the following environments would most likely be used to assess the execution of component part of a system at both the hardware and software levels, and to measure performance characteristics ?

Customer has reported that an organizations website displayed an image of a smiley face rather than they expected webpage for a short time two days earlier security analyst reviews, log tries and sees the following around the time of the incident. which of the following is most likely occurring?

A company has discovered unauthorized devices are using its Wi-Fi network, and it wants to harden access point to improve security, which of the following configurations should an analysis enable to improve security?(select two)

A company recently experienced an attack during which the main website was directed to the attacker web server, allowing the attacker to harvest credential from unsuspecting customers, which of the following should the company implement to prevent this type of attack from occurring in the future

A system engineer is building a new system for production which of the following is the final step to be performed prior to promotion to production?

an application on her report, suspicious activity on the internal financial application from various internal users within the past 14 days as security analyst notice the following : * financial transactions were occurring during irregular time frames and outside of business hours by unauthorized users. * internal users in question, where changing their passwords frequently during that time period. * Jump box that several domain administrator users use to connect to remote device was recently compromised. * the authentication method used in the environment is NTLM. Which of the following types of attacks is most likely being used to gain an authorized access?

A dynamic application, vulnerability scan identified code injection could be performed using a web form. which of the following will be the best remediation to prevent this vulnerability?

A company installed several crosscut shredder’s as part of increased information security practices targeting data leakage risks. which of the following will this practice reduce?

While reviewing PCAP data, a network security analyst is able to locate plain text usernames and passwords being sent from workstations to network witches. which of the following is the security analyst most likely observing?

Which of the following authentication methods sends out a unique password, to be used within a specific number of seconds?

And network, engineer and security engineer are discussing ways to monitor network operations, which of the following is the best method?

A global company is experiencing unauthorized logging due to credential theft and account lockout caused by brute-force attacks. The company is considering implementing a third-party identity provider to help mitigate these attacks. which of the following would be the best control for the company to require from prospective vendors?

A chief information officer receives an email stating a database will be encrypted within 24 hours unless the payment of $20,000 is credited to the account mentioned in the email this best described as a scenario related to ?

The client sent several inquiries to a project manager about the delinquent delivery status of some critical reports. The project manager claimed the reports were previously sent via email, but then quickly generated and backdated the reports before submitting them as a plain text within the body of a new email message thread, which of the following actions most likely supports an investigation for fraudulent submission?

A major clothing company recently lost a large amount of proprietary information. The security officer must find a solution to ensure this never happens again.

Which of the following involves the inclusion of cold in the main codebase as soon as it is written?

during an investigation, the incident response team discovers that multiple administrator accounts were suspected of being compromised. The host audit logs indicate a repeated brute force attack on a single administrator account, followed by suspicious login from unfamiliar geographic locations. which of the following data source would be best to use assess the account impacted by this attack?

The chief information, security officer wants to pilot a new adaptive, user based authentication method. The concept includes granting logical access based on physical location and proximity. which of the following is the best solution for the pilot?

Which of the following authentication methods is considered to be the least secure?

Which of the following controls would provide the best protection against tailgating?

The SIEM add an organization has detected, suspicious traffic coming from workstation in internal network, an analyst in the SOC investigates the workstation and discovers malware that is associated with botnet is installed on the device. A review of The logs on the workstation reveals that the privileges of the local account were escalated to a local administrator. To which of the following groups should the analyst report this real world event?

Which of the following should a technician consider when selecting on encryption method for data that needs to remain confidential for a specific length of time?

After a phishing scam for a users credentials, the red team was able to craft a payload to deploy on a server. the attack allowed the installation of malicious software that initiate a new remote session. Which of the following types of attacks has occurred?

An organization would like to remediate the risk associated with its cloud service provider not meeting it’s advertised 99.9999% availability metrics. which of the following should the organization consult for the exact requirements for the cloud provider?

Which of the following best describes the team that acts as a referee during a penetration -testing exercise?

During a forensic investigation, a security analyst discovered that the following command was run on a compromised host: crackmapexec smb 192.168.10.232 -u localadmin -H OA3CE8DO7A46E5C51070F03593EOA5E6 Which of the following attacks occurred?