security+9

100問 • 2年前

問題一覧

QUESTION 809 A vulnerability has been discovered anda known patch to address the vulnerability does not exist. Which of the following controls works BEST until a proper fix is released?

Compensating

A company wants to build a new website to sell products online. The website will host a storefront application that will allow visitors to add products to a shopping cart and pay for the products using a credit card. Which of the following protocols would be the MOST secure to implement?

TLS

QUESTION 811 Which of the following is the FIRST environment in which proper, secure coding should be practiced?

Development

QUESTION 812 A company is under investigation for possible fraud. As part of the investigation. the authorities need to review all emails and ensure data is not deleted. Which of the following should the company implement to assist in the investigation?

Legal hold

QUESTION 813 The new Chief Information Security Officer at a company has asked the security team to implement stronger user account policies. The new policies require: - Users to choose a password unique to their last ten passwo rds - Users to not log in from certain high risk countries Which of the following should the security team implement? (Choose two.)

Password history, Geofencing

QUESTION 814 Which of the following secure application development concepts aims to block verbose error messages from being shown in a user's interface?

Prevention of information exposure

QUESTION 815 Which of the following is the MOST likely reason for securing an air gapped laboratory HVAC system?

To avoid data leakage

QUESTION 816 An untrusted SSL certificate was discovered during the most recent vulnerability scan. A secuity analyst determines the certificate is signed properly and is a valid wildcard. This same certificate is installed on the other company servers without issue. Which of the following is the MOST likely reason for this finding?

The required intermediate certificate is not loaded as part of the certificate chain.

QUESTION 817 Which of the following supplies non-repudiation during a forensics investigation?

Using a SHA 2 signature of a drive image

QUESTION 818 Which of the following uses SAML for authentication?

Federation

QUESTION 819 Which of the following processes will eliminate data using a method that will allow the storage device to be reused after the process is complete?

Overwriting

QUESTION 820 A company discovered that terabytes of data have been exfiltrated over the past year after an emplovee clicked on an email link. The threat continued to evolve and remain undetected until a security analyst noticed an abnormal amount of external connections when the employee was not working. Which of the following is the MOST likely threat actor?

APT

QUESTION 821 An organization is planning to roll out a new mobile device policy and issue each employee a new laptop. These laptops would access the users' corporate operating system remotely and allow them to use the laptops for purposes outside of their job roles. Which of the following deployment models is being utilized?

COPE and VDI

QUESTION 822 A Chief Security Officer is looking for a solution that can provide increased scalability and flexibility for back-end infrastructure, allowing it to be updated and modified without disruption to services. The security architect would like the solution selected to reduce the back-end server resources and has highlighted that session persistence is not important for the applications running on the back-end servers. Which of the following would BEST meet the requirements?

Reverse proxy

QUESTION 823 A recent phishing campaign resulted in several compromised user accounts. The security incident response team has been tasked with reducing the manual labor of filtering through all the phishing emails as they arrive and blocking the sender's email address, along with other time consuming mitigation actions. Which of the following can be configured to streamline those tasks?

SOAR playbook

QUESTION 824 Which of the following is a security best practice that ensures the integrity of aggregated log files within a SIEM?

Set up hashing on the source log file servers that complies with local regulatory requirements,

QUESTION 825 A company recently experienced an inside attack using a corporate machine that resulted in data compromise. Analysis indicated an unauthorized change to the software circumvented technological protection measures. The analyst was tasked with determining the best method to ensure the integrity of the systems remains intact and local and remote boot attestation can take place. Which of the following would provide the BEST solution?

TPM

QUESTION 826 A SOC operator is receiving continuous alerts from multiple Linux systems indicating that unsuccessful SSH attempts to a functional user ID have been attempted on each one of them in a short period of time. Which of the following BEST explains this behavior?

Password spraying

QUESTION 827 Which of the following social engineering attacks BEST describes an email that is primarily intended to mislead recipients into forwarding the email to others?

Hoaxing

QUESTION 828 Which of the following can work as an authentication method and as an alerting mechanism for unauthorized access attempts?

Push notifications

QUESTION 829 Which of the following is a risk that is specifically associated with hosting applications in the public cloud?

Shared tenancy

QUESTION 830 Which of the following is an effective tool to stop or prevent the exfiltration of data from a network?

DLP

image

Impossible travel time

QUESTION 832 An attacker has successfully exfiltrated several non salted password hashes from an online system. Given the logs below:

Dictionary

QUESTION 833 A security analyst wants to reference a standard to develop a risk management program. Which of the following is the BEST source for the analyst to use?

ISO 31000

QUESTION 834 Against the recommendation of the IT security analyst, a company set all user passwords on a server as P@55worD'. Upon review of the /etc/passwd file, an attacker found the following: alice:a8df3b6c4fd75f0617431fd248f35191 df8d237f bob:2d250c5b2976b03d757f324ebd59340df96aa05e chris:ea981ec3285421d014108089f3f3f997ceOf4150 Which of the following BEST explains why the encrypted passwords do not match?

Salting

QUESTION 835 PIl. Which of the following would be the BEST solution to install on the employees' workstations to prevent information from leaving the company's network?

DLP

QUESTION 836 On the way into a secure building, an unknown individual strikes up a conversation with an employee. The employee scans the required badge at the door while the unknown individual holds the door open, seemingly out of courtesy, for the employee. Which of the following social engineering techniques is being utilized?

Tailgating

QUESTION 837 Two hospitals merged into a single organization. The privacy officer requested a review of all records to ensure encryption was used during record storage, in compliance with regulations. During the review, the officer discovered that medical diagnosis codes and patient names were left unsecured. Which of the following types of data does this combination BEST represent?

Personal health information

QUESTION 838 A security analyst has been tasked with ensuring all programs that are deployed into the enterprise have been assessed in a runtime environment. Any critical issues found in the program must be sent back to the developer for verification and remediation. Which of the following BEST describes the type of assessment taking place?

Dynamic code analysis

QUESTION 839 A security analyst is reviewing the vulnerability scan report for a web server following an incident. The vulnerability that was used to exploit the server is present in historical vulnerability scan reports, and a patch is available for the vulnerability. Which of the following is the MOST likely cause?

Security patches were uninstalled due to user impact.

QUESTION 840 Which of the following BEST describes the process of documenting who has access to evidence?

Chain of custody

QUESTION 841 A systems engineer wants to leverage a cloud-based architecture with low latency between network-connected devices that also reduces the bandwidth that is required by performing analytics directly on the endpoints. Which of the following would BEST meet the requirements? (Choose two.)

Hybrid cloud, Fog computing

QUESTION 842 Which of the following is a policy that provides a greater depth and breadth of knowledge across an organization?

Job rotation policy

QUESTION 843 A company acquired several other small companies. The company that acquired the others is transitioning network services to the cloud. The company wants to make sure that performance and security remain intact. Which of the following BEST meets both requirements?

Integration and auditing

QUESTION 844 A security engineer must deploy two wireless routers in an office suite. Other tenants in the office building should not be able to connect to this wireless network. Which of the following protocols should the engineer implement to ensure the STRONGEST encryption?

WPA2

QUESTION 845 A company recently decided to allow its employees to use their personally owned devices for tasks like checking email and messaging via mobile applications. The company would like to use MDM, but employees are concerned about the loss of personal data. Which of the following should the T department implement to BEST protect the company against company data loss while still addressing the employees' concerns?

Configure the MDM software to enforce the use of PINS to access the phone.

QUESTION 846 A penetration tester is brought on site to conduct a full attack simulation at a hospital. The penetration tester notices a WAP that is hanging from the drop ceiling by its cabling and is reachable. Which of the following recommendations would the penetration tester MOST likely make given this observation?

Secure the access point and cabling inside the drop ceiling.

QUESTION 847 A security engineer is concerned that the strategy for detection on endpoints is too heavily dependent on previously defined attacks. The engineer would like a tool to monitor for changes to key files and network traffic on the device. Which of the following tools BEST addresses both detection and prevention?

HIPS

QUESTION 848 An organization is repairing the damage after an incident. Which of the following controls is being implemented?

Corrective

QUESTION 849 An organization is tuning SIEM rules based off of threat intelligence reports. Which of the following phases of the incident response process does this scenario represent?

Preparation

QUESTION 850 A security team suspects that the cause of recent power consumption overloads is the unauthorized use of empty power outlets in the network rack. Which of the following options will mitigate this issue without compromising the number of outlets available?

Installing a managed PDU

QUESTION 851 A company recently experienced a major breach. An investigation concludes that customer credit card data was stolen and exfiltrated through a dedicated business partner connection to a vendor, who is not held to the same security control standards. Which of the following is the MOST Iikely source of the breach?

Cryptographic downgrade

QUESTION 852 A systems engineer is building a new system for production. Which of the following is the FINAL step to be performed prior to promoting to production?

Run a vulnerability scan.

QUESTION 853 The Chief information Security Officer has directed the security and networking team to retire the use of shared passwords on routers and switches. Which of the following choices BEST meets the requirements?

TACACS+

QUESTION 854 A store receives reports that shoppers' credit card information is being stolen. Upon further analysis, those same shoppers also withdrew money from an ATM in that store. The attackers are using the targeted shoppers' credit card information to make online purchases. Which of the following attacks is the MOST probable cause?

Card skimming

QUESTION 855 Which of the following controls would be the MOST COst-effective and time-efficient to deter rusions at the perimeter of a restricted, remote military training area? (Choose two.)

Barricades, Motion sensors

QUESTION 856 A Chief lnformation Officer is concerned about employees using company-issued laptops lo steal data when accessing network shares. Which of the following should the company Implement?

DLP

QUESTION 858 A company's public-facing website, https://www.organization.com, has an IP address of 166.18.75.6. However, over the past hour the SOC has received reports of the site's homepage displaying incorrect information. A quick nslookup search shows https://www.organization.com is pointing to 151.191.122.115. Which of the following is occurring?

DNS spoofing

image

CSRF

QUESTION 861 A junior security analyst is reviewing web server logs and identifies the following pattern in the log file: http://Comptia.org/…/…/…/etc/passwd Which of the following types of attacks is being attempted and how can it be mitigated?

Directory traversal implement a WAF

QUESTION 862 Employees at a company are receiving unsolicited text messages on their corporate cell phones. The unsolicited text messages contain a password reset Link. Which of the attacks is being used to target the company?

Smishing

QUESTION 863 Which of the following involves the inclusion of code in the main codebase as soon as it is written?

Continuous integration

QUESTION 864 An information security manager for an organization is completing a PCI DSS self-assessment for the first time. Which of the is following MOST likely reason for this type of assessment?

The organization is expecting to process credit card information.

QUESTION 865 A security engineer is hardening existing solutions to reduce application vulnerabilties. Which of the following solutions should the engineer implement FIRST? (Choose two.)

Auto-update, Secure cookies

QUESTION 866 A security analyst reviews a company's authentication logs and notices multiple authentication failures. The authentication failures are from different usernames that share the same source lP address. Which of the password attacks is MOST likely happening?

Spraying

QUESTION 867 An employee received multiple messages on a mobile device. The messages instructing the employee to pair the device to an unknown device. Which of the following BEST describes What a malicious person might be doing to cause this issue to occur?

Bluesnarfing

QUESTION 868 A network engineer and a security engineer are discussing ways to monitor network operations. Which of the following is the BEST method?

Enable SNMPV3 With passwords.

QUESTION 869 Which of the following authentication methods is considered to be the LEAST secure?

SMS

QUESTION 870 Which of the following incident response steps occurs before containment?

ldentification

QUESTION 871 Which of the following BEST describes data streams that are compiled through artificial intelligence that provides insight on current cyber intrusions, phishing, and other malicious cyber activity?

Threat feeds

QUESTION 872 Which of the technologies is used to actively monitor for specific file types being transmitted on the network?

Data loss prevention

QUESTION 873 As part of the building process for a web application, the compliance team requires that all PKI certificates are rotated annually and can only contain wildcards at the secondary subdomain level. Which of the following certificate properties will meet these requirements? A. https//.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022 B. https:/lapp1.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022 C. https://". app1.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022 D. https://. comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2023

QUESTION 874 A security administrator wants to implement a program that tests a user's ability to recognize attacks over the organization's email system. Which of the following would be BEST suited for this task?

Phishing campaign

QUESTION 875 A third party asked a user to share a public key for secure communication. Which of the following file formats should the user choose to share the key?

.cer

QUESTION 876 A security analyst needs an overview of vulnerabilities for a host on the network. Which of the following is the BEST type of scan for the analyst to run to discover which vulnerable services are running?

Internal

QUESTION 877 Which of the following identifies the point in time when an organization will recover data in the event of an outage?

RPO

QUESTION 878 Which of the following is required in order for an IDS and a WAF to be effective on https traffic?

TLS inspection

QUESTION 879 Which of the following BEST describes a technique that compensates researchers for finding vulnerabilities?

Bug bounty

QUESTION 880 A security architect is implementing a new email architecture for a company. Due to security concerns, the Chief Information Security Officer would like the new architecture to support email encryption, as well as provide for digital signatures. Which of the following should the architect implement?

S/MIME

Which of the following controls would provide the BEST protection against tailgating?

Access control vestibule

QUESTION 882 A security engineer is reviewing the logs from a SAML application that is configured to use MFA, during this review the engineer notices a high volume of successful logins that did not require MFA from users who were traveling internationally. The application, which can be accessed without a VPB, has a policy that allows time-based tokens to be generated. Users who changed locations should be required to reauthenticate but have been Which of the following statements BEST explains the issue?

The user's IP address is changing between logins, bur the application is not invalidating the token

QUESTION 883 The help desk has received calls from users in multiple locations who are unable to access core network services The network team has identified and turned off the network switches using remote commands. Which of the following actions should the network team take NEXT?

Initiate the organization's incident response plan.

QUESTION 884 A security researcher is using an adversary's infrastructure and HTTPS and creating a named group to track those targeted. Which of the following is the researcher MOST likely using?

The Diamond Model of Intrusion Analysis

QUESTION 885 The compliance team requires an annual recertification of privileged and non-privileged user access. However, multiple users who left the company six months ago still have access. Which of the following would have prevented this compliance violation?

Account audits

QUESTION 886 Which of the following roles would MOST likely have direct access to the senior management team?

Data protection officer

QUESTION 887 During a forensic investigation, a security analyst discovered that the following command was on a compromised host: crackmapexec smb 192.168.10.232 -u localadmin -H 0A3CE8D07A46E51070F0359E0A5E6 Which of the following attacks occurred?

Pass the hash

QUESTION 888 A user attempts to load a web-based application, but the expected login screen does not appear. A help desk analyst troubleshoots the issue by running the following command and reviewing the output on the user's PC: user> nalookup software-solution. com Server: rogue. comptia. com Address: 172.16.1.250 Non-authoritative answer: Name: software-solution. com Address: l0.20.10.10 The help desk analyst then runs the same command on the local PC: helpdesk> nslookup software-solution.com Server: dns.comptia. com Address: 172.1l6.1.1 Non-authoritative answer: Name : software-solution. com Address: 172.16.1.10 Which of the following BEST describes the attack that is being detected?

DNS poisoning

QUESTION 890 A business is looking for a cloud service provider that offers a la carte services, including cloud backups, VM elasticity, and secure networking. Which of the following cloud service provider types should the business engage?

XaaS

QUESTION 891 A security analyst notices that specific files are being deleted each time a systems administrator is on vacation. WNhich of the following BEST describes the type of malware that is running?

Logic bomb

QUESTION 892 Which of the following can reduce vulnerabilities by avoiding code reuse?

Code obfuscation

QUESTION 893 A security administrator needs to block a TCP connection using the corporate firewall. Because this connection is potentially a threat, the administrator does not want to send back an RST. Which of the following actions in the firewall rule would work BEST?

Drop

QUESTION 894 A security team discovered a large number of company-issued devices with non-work-related software installed. Which of the following policies would MOST likely contain language that would prohibit this activity?

AUP

QUESTION 895 A retail store has a business requirement to deploy a kiosk computer in an open area. The kiosk computer's operating system has been hardened and tested. A security engineer is concerned that someone could use removable media to install a rootkit. Which of the following should the security engineer configure to BEST protect the kiosk computer?

Measured boot

QUESTION 896 An organization wants to enable built-in FDE on all laptops. Which of the following should the organization ensure is installed on all laptops?

TPM

QUESTION 897 A security analyst needs to centrally manage credentials and permissions to the company's network devices. The following security requirements must be met: - All actions performed by the netwOrk staff must be logged. - Per-command pe rmissions must be possible. - The authentication server and the devices must communicate through TCP. Which of the following authentication protocols should the analyst choose?

TACACS+

QUESTION 898 An organization recently released a software assurance policy that requires developers to run code scans each night on the repository. After the first night, the security team alerted the developers that more than 2,000 findings were reported and need to be addressed. Which of the following is the MOST likely cause for the high number of findings?

The vulnerability scanner was not properly configured and generated a high number of false positives.

QUESTION 899 A major manufacturing company updated its internal infrastructure and just recently started to allow OAuth applications to access corporate data. Data leakage is now being reported. Which of the following MOST likely caused the issue?

Unmodified default settings

QUESTION 900 An organization is moving away from the use of client-side and server-side certificates for EAP. The company would like for the new EAP solution to have the ability to detect rogue access points. Which of the following would accomplish these requirements?

EAP-FAST

QUESTION 901 A security team is engaging a third-party vendor to do a penetration test of a new proprietary application prior to its release. Which of the following documents would the third-party vendor MOST likely be required to review and sign?

NDA

QUESTION 902 During a Chief Information Security Officer (CISO) convention to discuss security awareness, the attendees are provided with a network connection to use as a resOurce. As the convention progresses, one of the attendees starts to notice delavs in the connection, and the HTTPS Site requests are reverting to HTTP. Which of the following BEST describes what is happening?

A SSL/TLS downgrade

QUESTION 903 Audit logs indicate an administrative account that belongs to a security engineer has been locked out multiple times during the day. The security engineer has been on vacation for a few days. Which of the following attacks can the account lockout be attributed to?

Brute-force

QUESTION 904 After installing a patch on a security appliance, an organization realized a massive data exfiltration had occurred. Which of the following BEST describes the incident?

Supply chain attack

QUESTION 905 Physical access to the organization's servers in the data center requires entry and exit through multiple access points: a lobby, an access control vestibule, three doors leading to the server floor, a door to the server floor itself, and eventually to a caged area solely for the organization's hardware. Which of the following controls is described in this scenario?

Preventive

QUESTION 906 A company is switching to a remote work model for all employees. All company and employee resources will be in the cloud. Employees must use their personal computers to access the cloud computing environment. The company will manage the operating system. Which of the following deployment models is the company implementing?

VDI

QUESTION 907 A security administrator needs to inspect in-transit files on the enterprise network to search for Pl, credit card data, and classification words. Which of the following would be the BEST to use?

Network DLP solution

QUESTION 908 The Chief Executive Officer announced a new partnership with a strategic vendor and asked the Chief Information Security Officer to federate user digital identities using SAML-based protocols. Which of the following will this enable?

SSO

An employee's company account was used in a data breach. Interviews with the employee revealed: - The employee was able to avoid changing passwords by using a previous - The account was accessed from a hostile. foreign nation, but the passwOrd again. employee has never traveled to any other countries Which of the following can be implemented to prevent these issues from reoccurring'? (choose two.)

Geofencing, Password history

QUESTION 910 A candidate attempts to go to http://comptia.org but accidentally visits http://comptiia.org. The malicious website looks exactly like the legitimate website. Which of the following BEST describes this type of attack? Explanation: Typosquating is a type of cyber attack where an attacker creates a domain name that is similar to a legitimate domain name, but with a slight variation, such as a misspelling, in order to trick users into visiting the malicious site. In this case, the malicious site "comptiia.org" is designed to look like the legitimate site "comptia.org", in an attempt to steal sensitive information or perfornmnother malicious activities.

Typosquatting

100

QUESTION 911 The marketing department at a retail Company wants to publish an internal website to the internat so it is reachable by a limited number of specitiC, external service providers in a secure manner. Which of the following configurations would be BEST to fulfil this requirement2

NAC

security+1

security+1

security+2

security+2

security+6

security+6

security+7

security+7

security+8

security+8

security+10

security+10

security+11

security+11

security+12

security+12

cysa+1

cysa+1

cysa+2

cysa+2

cysa+3

cysa+3

A+1

A+1

問題一覧

QUESTION 809 A vulnerability has been discovered anda known patch to address the vulnerability does not exist. Which of the following controls works BEST until a proper fix is released?

Compensating

TLS

QUESTION 811 Which of the following is the FIRST environment in which proper, secure coding should be practiced?

Development

Legal hold

Password history, Geofencing

QUESTION 814 Which of the following secure application development concepts aims to block verbose error messages from being shown in a user's interface?

Prevention of information exposure

QUESTION 815 Which of the following is the MOST likely reason for securing an air gapped laboratory HVAC system?

To avoid data leakage

The required intermediate certificate is not loaded as part of the certificate chain.

QUESTION 817 Which of the following supplies non-repudiation during a forensics investigation?

Using a SHA 2 signature of a drive image

QUESTION 818 Which of the following uses SAML for authentication?

Federation

QUESTION 819 Which of the following processes will eliminate data using a method that will allow the storage device to be reused after the process is complete?

Overwriting

APT

COPE and VDI

Reverse proxy

SOAR playbook

QUESTION 824 Which of the following is a security best practice that ensures the integrity of aggregated log files within a SIEM?

Set up hashing on the source log file servers that complies with local regulatory requirements,

TPM

Password spraying

QUESTION 827 Which of the following social engineering attacks BEST describes an email that is primarily intended to mislead recipients into forwarding the email to others?

Hoaxing

QUESTION 828 Which of the following can work as an authentication method and as an alerting mechanism for unauthorized access attempts?

Push notifications

QUESTION 829 Which of the following is a risk that is specifically associated with hosting applications in the public cloud?

Shared tenancy

QUESTION 830 Which of the following is an effective tool to stop or prevent the exfiltration of data from a network?

DLP

image

Impossible travel time

QUESTION 832 An attacker has successfully exfiltrated several non salted password hashes from an online system. Given the logs below:

Dictionary

QUESTION 833 A security analyst wants to reference a standard to develop a risk management program. Which of the following is the BEST source for the analyst to use?

ISO 31000

Salting

QUESTION 835 PIl. Which of the following would be the BEST solution to install on the employees' workstations to prevent information from leaving the company's network?

DLP

Tailgating

Personal health information

Dynamic code analysis

Security patches were uninstalled due to user impact.

QUESTION 840 Which of the following BEST describes the process of documenting who has access to evidence?

Chain of custody

Hybrid cloud, Fog computing

QUESTION 842 Which of the following is a policy that provides a greater depth and breadth of knowledge across an organization?

Job rotation policy

Integration and auditing

WPA2

Configure the MDM software to enforce the use of PINS to access the phone.

Secure the access point and cabling inside the drop ceiling.

HIPS

QUESTION 848 An organization is repairing the damage after an incident. Which of the following controls is being implemented?

Corrective

QUESTION 849 An organization is tuning SIEM rules based off of threat intelligence reports. Which of the following phases of the incident response process does this scenario represent?

Preparation

Installing a managed PDU

Cryptographic downgrade

QUESTION 852 A systems engineer is building a new system for production. Which of the following is the FINAL step to be performed prior to promoting to production?

Run a vulnerability scan.

TACACS+

Card skimming

QUESTION 855 Which of the following controls would be the MOST COst-effective and time-efficient to deter rusions at the perimeter of a restricted, remote military training area? (Choose two.)

Barricades, Motion sensors

QUESTION 856 A Chief lnformation Officer is concerned about employees using company-issued laptops lo steal data when accessing network shares. Which of the following should the company Implement?

DLP

DNS spoofing

image

CSRF

Directory traversal implement a WAF

Smishing

QUESTION 863 Which of the following involves the inclusion of code in the main codebase as soon as it is written?

Continuous integration

QUESTION 864 An information security manager for an organization is completing a PCI DSS self-assessment for the first time. Which of the is following MOST likely reason for this type of assessment?

The organization is expecting to process credit card information.

QUESTION 865 A security engineer is hardening existing solutions to reduce application vulnerabilties. Which of the following solutions should the engineer implement FIRST? (Choose two.)

Auto-update, Secure cookies

Spraying

Bluesnarfing

QUESTION 868 A network engineer and a security engineer are discussing ways to monitor network operations. Which of the following is the BEST method?

Enable SNMPV3 With passwords.

QUESTION 869 Which of the following authentication methods is considered to be the LEAST secure?

SMS

QUESTION 870 Which of the following incident response steps occurs before containment?

ldentification

Threat feeds

QUESTION 872 Which of the technologies is used to actively monitor for specific file types being transmitted on the network?

Data loss prevention

Phishing campaign

QUESTION 875 A third party asked a user to share a public key for secure communication. Which of the following file formats should the user choose to share the key?

.cer

Internal

QUESTION 877 Which of the following identifies the point in time when an organization will recover data in the event of an outage?

RPO

QUESTION 878 Which of the following is required in order for an IDS and a WAF to be effective on https traffic?

TLS inspection

QUESTION 879 Which of the following BEST describes a technique that compensates researchers for finding vulnerabilities?

Bug bounty

S/MIME

Which of the following controls would provide the BEST protection against tailgating?

Access control vestibule

The user's IP address is changing between logins, bur the application is not invalidating the token

Initiate the organization's incident response plan.

QUESTION 884 A security researcher is using an adversary's infrastructure and HTTPS and creating a named group to track those targeted. Which of the following is the researcher MOST likely using?

The Diamond Model of Intrusion Analysis

Account audits

QUESTION 886 Which of the following roles would MOST likely have direct access to the senior management team?

Data protection officer

Pass the hash

DNS poisoning

XaaS

Logic bomb

QUESTION 892 Which of the following can reduce vulnerabilities by avoiding code reuse?

Code obfuscation

Drop

AUP

Measured boot

QUESTION 896 An organization wants to enable built-in FDE on all laptops. Which of the following should the organization ensure is installed on all laptops?

TPM

TACACS+

The vulnerability scanner was not properly configured and generated a high number of false positives.

Unmodified default settings

EAP-FAST

NDA

A SSL/TLS downgrade

Brute-force

QUESTION 904 After installing a patch on a security appliance, an organization realized a massive data exfiltration had occurred. Which of the following BEST describes the incident?

Supply chain attack

Preventive

VDI

Network DLP solution

SSO

Geofencing, Password history

Typosquatting

100

NAC