https://www.udemy.com/course/comptia-security-sy0-701-comprehensive-practice-exams-2024/learn/quiz/6338550/results#overview
CompTIA Security+ SY0-701 Full-Length Practice Exam 3 (90 questions) – Results
Back to result overview
Attempt 1
All domains
- 90 all
- 0 correct
- 0 incorrect
- 90 skipped
- 0 marked
Collapse all questions
Question 1Skipped
An administrator wants to access multiple vulnerable computers from a single device and control access to these systems using SSH. Which of the following technologies is MOST likely being used?
Proxy server
Explanation
A proxy server is used to act as an intermediary between a user and the internet, providing anonymity and security. While it can control access to certain websites or resources, it is not typically used to access and control multiple vulnerable computers using SSH.
NGFW
Explanation
Next-Generation Firewalls (NGFW) are advanced security solutions that combine traditional firewall capabilities with additional features such as intrusion prevention, application control, and more. While NGFWs are essential for network security, they are not typically used for accessing and controlling multiple vulnerable computers using SSH.
DDoS
Explanation
Distributed Denial of Service (DDoS) attacks involve overwhelming a target system with a flood of internet traffic, causing it to become slow or unresponsive. DDoS attacks are malicious in nature and are not used for legitimate access and control of multiple vulnerable computers using SSH.
Correct answer
Jump server
Explanation
A jump server, also known as a bastion host, is a secure computer that is used as an intermediary to access and manage other devices in a network. It provides a controlled access point for administrators to connect to multiple systems, including vulnerable computers, using protocols like SSH. This makes it the most likely technology being used in this scenario.
Question 2Skipped
A user is browsing websites and encounters the following pop-up message in their browser: <script>alert(“HACKED!”)</script>. Which of the following BEST describes this attack?
Forgery
Explanation
Forgery typically refers to the act of creating a fake or unauthorized copy of something, such as a document or signature. It is not related to the scenario described in the question where a pop-up message containing a script is encountered while browsing websites.
Race condition
Explanation
A race condition occurs when the outcome of a program depends on the sequence or timing of uncontrollable events. It is not applicable to the situation where a pop-up message with a script is displayed in the user’s browser while browsing websites.
Correct answer
XSS
Explanation
Cross-Site Scripting (XSS) is a type of attack where malicious scripts are injected into web pages viewed by other users. In this scenario, the pop-up message containing a script that says "HACKED!" is a clear indication of an XSS attack, making this choice the correct answer.
SQL injection
Explanation
SQL injection is a type of attack that targets databases by inserting malicious SQL code into input fields. While SQL injection is a common attack vector, it is not relevant to the scenario where a pop-up message with a script is displayed in the user’s browser.
Question 3Skipped
An attacker exploited a vulnerability in a web-based application to gain privileged access. The exploit included code that caused the RAM to overflow into other areas of surplus memory. Which of the following attacks is being carried out?
Malicious code
Explanation
Malicious code refers to any code that is designed to cause harm or exploit vulnerabilities in a system. While the attacker in this scenario did use malicious code to gain privileged access, the specific attack being carried out involves causing the RAM to overflow, which is indicative of a buffer overflow attack.
Credential replay
Explanation
Credential replay attacks involve capturing authentication credentials (such as usernames and passwords) and replaying them to gain unauthorized access to a system. In this scenario, the attacker is not replaying credentials but instead exploiting a vulnerability in the web-based application to overflow the RAM, indicating a buffer overflow attack.
On-path
Explanation
On-path attacks involve intercepting and manipulating network traffic between two parties. In this scenario, the attacker is not intercepting network traffic but rather exploiting a vulnerability in the application to overflow the RAM, which is characteristic of a buffer overflow attack.
Correct answer
Buffer overflow
Explanation
Buffer overflow attacks occur when a program writes more data to a buffer than it can hold, causing the excess data to overflow into adjacent memory locations. In this scenario, the attacker exploited a vulnerability in the web-based application to overflow the RAM, which is a classic sign of a buffer overflow attack.
Question 4Skipped
An attacker captured a user’s session hash and sent it to the server, authenticating themselves as the original user. Which of the following would have BEST prevented this type of attack?
Patching
Explanation
Patching refers to the process of updating software to fix security vulnerabilities. While patching is essential for overall security, it would not directly prevent an attacker from capturing a user’s session hash and impersonating the user.
Correct answer
VPN
Explanation
VPN (Virtual Private Network) creates a secure encrypted connection over a less secure network, such as the internet. By using a VPN, all data transmitted between the user’s device and the server is encrypted, making it much more difficult for an attacker to intercept and capture the user’s session hash.
RADIUS
Explanation
RADIUS (Remote Authentication Dial-In User Service) is a networking protocol that provides centralized authentication, authorization, and accounting management for users who connect and use a network service. While RADIUS is important for user authentication, it would not directly prevent an attacker from capturing a user’s session hash.
IPS
Explanation
IPS (Intrusion Prevention System) is a security tool that monitors network traffic for malicious activity and can take actions to prevent attacks. While an IPS can help detect and block certain types of attacks, it may not specifically prevent an attacker from capturing a user’s session hash and impersonating the user.
Question 5Skipped
An organization wants to implement a control to deter attackers from entering a particular location. Which of the following BEST meets the organization’s requirements?
Lighting
Explanation
Lighting can help improve visibility and deter potential attackers, but it may not be the most effective control for physically preventing access to a specific location. While it can be a part of a comprehensive security strategy, it may not meet the organization’s specific requirement in this scenario.
Infrared sensor
Explanation
Infrared sensors can detect motion and presence in a specific area, but they may not physically prevent attackers from entering a location. While they can be part of an overall security system, they may not be the best option for physically deterring access to a particular location.
Correct answer
Fencing
Explanation
Fencing is a physical barrier that can effectively deter attackers from entering a specific location. It provides a clear boundary and obstacle that can prevent unauthorized access. In this scenario, fencing would be the best choice to meet the organization’s requirement of deterring attackers from entering the location.
Bollards
Explanation
Bollards are sturdy, short, vertical posts that can be used to control or direct traffic and prevent vehicles from entering a specific area. While bollards can be effective in certain situations, they may not be the best choice for deterring attackers from physically entering a location on foot. In this scenario, fencing would be a more suitable option for meeting the organization’s requirements.
Question 6Skipped
A data center technician wants to fully isolate a network from the Internet while working with a limited budget. Which of the following techniques would BEST meet the technician’s needs?
VLAN
Explanation
VLANs are used to logically segment a network, but they do not provide full isolation from the Internet. VLANs can help control traffic within a network, but they do not completely prevent access to the Internet.
Screened subnet
Explanation
A screened subnet, also known as a demilitarized zone (DMZ), is used to provide a layer of security between the internal network and the Internet. While it can help protect the internal network, it does not provide full isolation from the Internet.
Correct answer
Air gap
Explanation
An air gap is a physical security measure that completely isolates a network from the Internet by ensuring there is no physical or logical connection between the two. This technique provides the highest level of isolation and security, making it the best option for the technician’s needs.
Cold site
Explanation
A cold aisle is a term used in data center design to describe the aisle between server racks where cool air is supplied. It is not a technique used to isolate a network from the Internet and does not provide the level of security needed in this scenario.
Question 7Skipped
A systems administrator is performing malware analysis using virtual machines. Before executing the malware, the administrator captures a point-in-time copy of the machine’s current state. Which of the following is the administrator MOST likely creating?
Offsite backup
Explanation
Offsite backup refers to the process of storing data at a remote location separate from the primary data source. While it is a good practice for data protection and disaster recovery, it is not directly related to capturing a point-in-time copy of a virtual machine’s current state for malware analysis.
Correct answer
Snapshot
Explanation
Snapshot is the correct choice in this scenario. A snapshot is a point-in-time copy of a virtual machine’s current state, including its memory, settings, and disk contents. It allows the administrator to revert the virtual machine back to that specific state if needed, making it ideal for malware analysis and testing.
Cloud backup
Explanation
Cloud backup involves storing data in a cloud-based storage service for data protection and disaster recovery purposes. While it is a viable option for backing up data, it is not specifically related to capturing a point-in-time copy of a virtual machine’s state for malware analysis.
Onsite backup
Explanation
Onsite backup refers to the process of storing data backups on-premises, typically in a physical location within the organization’s premises. While onsite backups are important for data protection, they are not the most likely option for capturing a point-in-time copy of a virtual machine’s current state for malware analysis using virtual machines.
Question 8Skipped
An administrator is developing a disaster recovery plan for an organization using multiple hot sites, each located 90 miles apart. They want to ensure continuous uptime across all sites, even if one becomes unavailable due to a disaster. Which of the following would BEST meet this requirements?
UPS
Explanation
UPS (uninterruptible power supply) is a device that provides emergency power to a load when the input power source fails. While UPS can help maintain power during short outages, it does not directly address the need for continuous uptime across multiple sites in the event of a disaster.
Off-site backup
Explanation
Off-site backup is a method of storing data backups at a separate location from the primary site. While off-site backups are essential for disaster recovery, they do not ensure continuous uptime across multiple sites in the event of a disaster.
Correct answer
Geographic dispersion
Explanation
Geographic dispersion involves spreading critical resources, such as data centers or servers, across multiple locations that are geographically distant from each other. This approach helps ensure continuous uptime across all sites, even if one becomes unavailable due to a disaster, making it the best option to meet the requirements of the scenario.
Generator
Explanation
A generator is a device that can provide backup power during outages by converting mechanical energy into electrical energy. While generators are essential for maintaining power during extended outages, they do not address the need for continuous uptime across multiple sites in the event of a disaster like geographic dispersion does.
Question 9Skipped
A security analyst seeks to deploy a security device that can block data at the application layer of the OSI model. The device should also offer threat protection and application visibility. Which of the following technologies would BEST meet the analyst’s requirements?
UTM
Explanation
UTM (Unified Threat Management) devices typically provide a combination of security features such as firewall, intrusion detection and prevention, antivirus, content filtering, and VPN capabilities. While UTM devices offer threat protection, they may not always provide granular application layer control and visibility required for blocking data at the application layer of the OSI model.
WAF
Explanation
WAF (Web Application Firewall) is specifically designed to protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. While WAFs offer application layer protection and visibility, they are focused on web applications and may not provide comprehensive threat protection or visibility for all types of applications.
Correct answer
NGFW
Explanation
NGFW (Next-Generation Firewall) devices combine traditional firewall capabilities with additional features such as application control, intrusion prevention, SSL inspection, and advanced threat protection. NGFWs are designed to provide visibility and control at the application layer of the OSI model, making them an ideal choice for blocking data at the application layer while offering threat protection and application visibility.
HIPS
Explanation
HIPS (Host-based Intrusion Prevention System) is a security mechanism that monitors and analyzes the internals of a computing system to detect and prevent malicious activity. While HIPS can offer protection at the host level, it may not provide the application layer visibility and control required to block data at the application layer of the OSI model.
Question 10Skipped
An organization finds its current authentication methods insufficient and seeks to enhance security. They currently authenticate users using retina scans, smart cards, and passwords. Which of the following would BEST provide additional authentication?
Something you have
Explanation
"Something you have" refers to physical objects that a user possesses, such as smart cards or tokens. Since the organization already uses smart cards for authentication, adding another physical object would not provide additional security in this scenario.
Something you are
Explanation
"Something you are" refers to biometric authentication methods, such as retina scans. The organization already uses retina scans for authentication, so adding another biometric method would not enhance security beyond what is already in place.
Correct answer
Somewhere you are
Explanation
"Somewhere you are" refers to location-based authentication methods, such as geofencing or IP address verification. By implementing location-based authentication, the organization can add an additional layer of security by ensuring that users are accessing resources from approved locations.
Something you know
Explanation
"Something you know" refers to knowledge-based authentication methods, such as passwords. Since the organization already uses passwords for authentication, adding another knowledge-based method would not significantly improve security.
Question 11Skipped
An organization managing thousands of computers wants to verify the integrity of each device remotely, ensuring that no firmware has been altered. Which of the following technologies would BEST support this functionality?
HSM
Explanation
HSM (Hardware Security Module) is primarily used to secure cryptographic keys and perform cryptographic operations. While it can enhance security in various ways, it is not specifically designed to verify the integrity of firmware on remote devices.
FIM
Explanation
FIM (File Integrity Monitoring) is a technology that monitors and detects changes to files and system configurations. While it can help ensure the integrity of files and configurations on a device, it may not be the best choice for verifying firmware integrity on remote devices.
Correct answer
TPM
Explanation
TPM (Trusted Platform Module) is a hardware-based security chip that provides a secure environment for storing cryptographic keys, passwords, and other sensitive data. It can be used to verify the integrity of firmware on remote devices by securely storing measurements of the firmware and comparing them for changes.
DLP
Explanation
DLP (Data Loss Prevention) is a technology designed to prevent unauthorized data transfer or leakage. While it plays a crucial role in data security, it is not specifically tailored to verifying the integrity of firmware on remote devices.
Question 12Skipped
An organization’s users exchange information using public and private keys. The private key is used for encryption, while the public key is used for decryption. Which of the following BEST describes this encryption?
Hashing
Explanation
Hashing is a process that takes input data and produces a fixed-size string of bytes, which is typically used for data integrity verification and password storage. It is not related to the process described in the question where the private key is used for encryption and the public key is used for decryption.
Symmetric
Explanation
Symmetric encryption uses the same key for both encryption and decryption processes. In the scenario described in the question, different keys (private and public) are used for encryption and decryption, making it an asymmetric encryption process rather than symmetric.
Transport
Explanation
Transport encryption refers to the secure transmission of data over a network, typically using protocols like TLS or SSL to encrypt data during transit. While encryption is involved, it does not specifically involve the use of public and private keys for encryption and decryption as described in the question.
Correct answer
Asymmetric
Explanation
Asymmetric encryption, also known as public-key encryption, involves the use of a pair of keys – a public key for encryption and a private key for decryption. This aligns with the scenario described in the question where users exchange information using public and private keys for encryption and decryption.
Question 13Skipped
A network administrator wants to ensure that all users acknowledge and agree to the conditions defining acceptable behavior when using their devices on the network. Which of the following would BEST enforce this requirement?
NDA
Explanation
NDA (Non-Disclosure Agreement) is a legal contract that outlines confidential material, knowledge, or information that the parties wish to share with one another for certain purposes. It is not directly related to enforcing acceptable behavior requirements for network device usage.
Correct answer
AUP
Explanation
AUP (Acceptable Use Policy) is a document that outlines the rules and guidelines for using the organization’s IT resources, including network devices. By requiring users to acknowledge and agree to the AUP, the network administrator can enforce acceptable behavior requirements effectively.
SLA
Explanation
SLA (Service Level Agreement) is a contract between a service provider and a customer that defines the level of service expected from the service provider. It does not specifically address acceptable behavior requirements for network device usage.
BPA
Explanation
BPA (Business Partner Agreement) is a legal document that outlines the terms and conditions of a partnership between two businesses. It is not directly related to enforcing acceptable behavior requirements for network device usage among users.
Question 14Skipped
Users prefer to log in to a website using their existing credentials from a third-party service rather than creating a new account. Which of the following BEST describes this process?
Attestation
Explanation
Attestation is the process of confirming the identity of a user or device. It does not specifically relate to the process of logging in to a website using existing credentials from a third-party service.
Correct answer
SSO
Explanation
Single Sign-On (SSO) is the process that allows users to access multiple applications with one set of login credentials. It enables users to log in once and access multiple services without the need to re-enter credentials. This best describes the process of logging in to a website using existing credentials from a third-party service.
OAuth
Explanation
OAuth is an open standard for access delegation, commonly used for authorization purposes. While it can be used in the context of logging in to a website using existing credentials from a third-party service, it is not the best description of the process.
SAML
Explanation
Security Assertion Markup Language (SAML) is an XML-based standard for exchanging authentication and authorization data between parties. While it can be used for single sign-on and authentication, it is not the best description of the process of logging in to a website using existing credentials from a third-party service.
Question 15Skipped
A user wants to install a website certificate but needs an organization to digitally verify its authenticity. The user also requires the certificate to be issued and installed as quickly as possible. Which of the following is the user requesting?
Wildcard
Explanation
Wildcard certificates are used to secure a domain and all its subdomains with a single certificate. They are not related to the user’s request for digital verification and quick issuance of the certificate.
Third-party
Explanation
Third-party certificates are issued by a trusted third-party Certificate Authority (CA) to verify the authenticity of a website. While they provide digital verification, they may not necessarily be issued and installed quickly as requested by the user.
Correct answer
CSR
Explanation
Certificate Signing Request (CSR) is a message sent from an applicant to a Certificate Authority (CA) to apply for a digital certificate. The user is requesting a CSR to be generated and submitted to a CA for digital verification and quick issuance of the certificate.
Self-signed
Explanation
Self-signed certificates are generated by the website owner without the involvement of a trusted third-party CA. While they can be issued quickly, they lack the digital verification provided by certificates issued by reputable CAs.
Question 16Skipped
A paper receipt displays asterisks to obscure sensitive credit card information, preventing full visibility of the data. Which of the following technologies is MOST likely being used?
Encryption
Explanation
Encryption is a method of converting data into a code to prevent unauthorized access. While encryption is commonly used to protect sensitive information, in this scenario, the sensitive credit card information is not being converted into a code but rather obscured from view using a different method.
Tokenization
Explanation
Tokenization is the process of replacing sensitive data with unique identifiers called tokens. While tokenization is commonly used to protect sensitive information, in this scenario, the credit card information is not being replaced with tokens but simply obscured from view.
Correct answer
Data masking
Explanation
Data masking is the process of hiding or obscuring specific data elements within a database or document to protect sensitive information. In this case, the use of asterisks to obscure the credit card information on the paper receipt aligns with the concept of data masking, making it the most likely technology being used.
Steganography
Explanation
Steganography is the practice of concealing messages or information within other non-secret data. While steganography is a valid method of hiding information, in this scenario, the credit card information is not being hidden within another form of data but simply obscured from view on the paper receipt.
Question 17Skipped
A penetration tester navigates from one system to another, identifying vulnerabilities along the way. They successfully exploit each system and gain root access. Which of the following techniques is being used?
Nation-state
Explanation
Nation-state attacks are typically carried out by government-sponsored groups targeting other nations, organizations, or individuals for political, economic, or military purposes. They involve sophisticated and long-term cyber operations, rather than the sequential exploitation of vulnerabilities by a penetration tester.
Active reconnaissance
Explanation
Active reconnaissance involves actively scanning and probing target systems to gather information about vulnerabilities, configurations, and potential entry points. While it is an essential part of the penetration testing process, it does not directly relate to the exploitation of vulnerabilities to gain root access.
On-path
Explanation
On-path attacks involve intercepting and manipulating network traffic between systems to eavesdrop, modify, or redirect communication. While this technique can be used in various types of attacks, it does not specifically refer to the sequential exploitation of vulnerabilities to gain root access as described in the question.
Correct answer
Privilege escalation
Explanation
Privilege escalation is the process of gaining higher levels of access or permissions on a system than originally intended by exploiting vulnerabilities or misconfigurations. In the context of the question, the penetration tester is using privilege escalation techniques to elevate their access from a standard user to root/administrator level on each system they compromise.
Question 18Skipped
A company seeks to lower its current risk posture by purchasing additional host-based intrusion prevention systems and firewalls. Which of the following risk strategies is the company implementing?
Correct answer
Mitigation
Explanation
By purchasing additional host-based intrusion prevention systems and firewalls, the company is implementing a mitigation strategy. This strategy aims to reduce the impact or likelihood of potential risks by implementing security controls to protect against threats.
Avoidance
Explanation
Avoidance involves completely avoiding or eliminating the risk by not engaging in the activities that pose the risk. Purchasing additional security measures does not align with an avoidance strategy, as the company is not avoiding the risk but rather reducing its impact through security controls.
Acceptance
Explanation
Acceptance involves acknowledging the existence of a risk and choosing not to take any action to mitigate it. By purchasing additional host-based intrusion prevention systems and firewalls, the company is not accepting the risk but actively taking steps to reduce it, making acceptance an incorrect choice in this scenario.
Transference
Explanation
Transference involves shifting the risk to a third party, such as through insurance or outsourcing. Purchasing additional security measures to protect against potential threats does not involve transferring the risk to another party, making transference an incorrect choice in this context.
Question 19Skipped
The incident response team has been alerted to a malware outbreak on the network. After identifying and removing the malware from all affected systems, they are now reviewing their response to determine areas for improvement. Which of the following steps is being conducted?
Eradication
Explanation
Eradication refers to the process of completely removing the malware from all affected systems. This step involves ensuring that all traces of the malware have been eliminated to prevent any further damage to the network.
Recovery
Explanation
Recovery involves restoring the affected systems and data to their pre-incident state. This step focuses on getting the network back up and running smoothly after the malware outbreak.
Correct answer
Lessons learned
Explanation
Lessons learned is the step where the incident response team reviews their response to the malware outbreak to identify areas for improvement. This process involves analyzing what went well and what could have been done better to enhance future incident response efforts.
Containment
Explanation
Containment is the initial step taken to prevent the malware from spreading further within the network. This involves isolating the affected systems and limiting the malware’s impact on other parts of the network.
Question 20Skipped
An organization wants a system where users are granted permissions based on their job roles, ensuring they have only the necessary access to perform their tasks. Which of the following would BEST meet the organization’s requirements? (Choose two.)
LDAP
Explanation
LDAP (Lightweight Directory Access Protocol) is a protocol used for accessing and maintaining directory services. While LDAP can be used for user authentication and authorization, it does not directly align with the organization’s requirement of granting permissions based on job roles.
Attribute-based access control
Explanation
Attribute-based access control (ABAC) is a method of granting access to resources based on attributes associated with users and resources. While ABAC can be effective in certain scenarios, it may not be the best fit for the organization’s specific requirement of assigning permissions based on job roles.
Correct selection
Role-based access control
Explanation
Role-based access control (RBAC) is a method of restricting system access based on the roles of individual users within an organization. RBAC aligns well with the organization’s requirement of granting permissions based on job roles, ensuring that users have only the necessary access to perform their tasks.
SLA
Explanation
SLA (Service Level Agreement) is a contract between a service provider and a customer that outlines the level of service expected. While SLAs are important for defining service expectations, they are not directly related to granting permissions based on job roles.
Decomissioning
Explanation
Decommissioning refers to the process of retiring or removing a system or service from operation. While decommissioning is an important aspect of IT operations, it is not directly related to the organization’s requirement of granting permissions based on job roles.
Correct selection
Least privilege
Explanation
Least privilege is a security principle that states that users should be granted the minimum level of access required to perform their tasks. Implementing least privilege aligns well with the organization’s requirement of ensuring users have only the necessary access based on their job roles.
Question 21Skipped
A penetration tester is reviewing the results of a vulnerability scan and observes findings categorized as “Critical,” “High,” and “Low.” Which of the following is being described?
False positive
Explanation
A false positive occurs when a vulnerability scan incorrectly identifies a non-existent vulnerability as present in the system. This choice does not align with the scenario described in the question, where actual vulnerabilities are categorized based on their severity levels.
CVE
Explanation
CVE (Common Vulnerabilities and Exposures) is a list of publicly known cybersecurity vulnerabilities that are assigned unique identifiers. While CVEs may be associated with the vulnerabilities found during the scan, they do not directly correspond to the severity levels mentioned in the question.
Exposure factor
Explanation
Exposure factor refers to the percentage of a system that would be impacted by a specific vulnerability if exploited. It is not related to the categorization of vulnerabilities based on their severity levels, as described in the question.
Correct answer
CVSS
Explanation
CVSS (Common Vulnerability Scoring System) is a framework used to assess the severity of vulnerabilities based on various factors such as exploitability, impact, and complexity. The categorization of vulnerabilities as “Critical,” “High,” and “Low” aligns with the severity levels determined by the CVSS scoring system. Therefore, this choice is correct in the context of the scenario described in the question.
Question 22Skipped
An employee secretly gathers and exfiltrates user information, selling the data on the dark web for a set price. Which of the following BEST describes this individual?
Organized crime
Explanation
Organized crime typically involves groups or networks of individuals working together to commit crimes for financial gain. While the individual in the scenario is engaging in criminal activity by selling user information, the description does not indicate any collaboration or coordination with others, making this choice incorrect.
Hacktivist
Explanation
Hacktivists are individuals or groups who use hacking techniques to promote a social or political agenda. The individual in the scenario is motivated by personal gain rather than a specific cause or ideology, making this choice incorrect.
Correct answer
Insider threat
Explanation
Insider threat refers to individuals within an organization who misuse their access and privileges to cause harm, whether intentionally or unintentionally. The employee in the scenario is abusing their access to gather and sell user information, making this choice the best description of the individual’s actions.
Shadow IT
Explanation
Shadow IT refers to the use of unauthorized or unapproved technology or software within an organization. While the individual in the scenario is engaging in unauthorized activity by exfiltrating user information, the term "shadow IT" specifically refers to technology usage rather than the actions described in the scenario, making this choice incorrect.
Question 23Skipped
A network administrator wants to manage the policy engine remotely. Which of the following is the administrator MOST likely overseeing?
Correct answer
Control plane
Explanation
The control plane is responsible for managing and controlling the overall behavior of the network, including policies, routing decisions, and network configurations. By managing the policy engine remotely, the administrator is most likely overseeing the control plane to ensure that the network operates according to the defined policies.
Zero Trust
Explanation
Zero Trust is a security model that requires strict identity verification for every person and device trying to access resources on a network, regardless of their location. While Zero Trust is important for network security, it is not directly related to managing the policy engine remotely.
Data plane
Explanation
The data plane, also known as the forwarding plane, is responsible for the actual forwarding of data packets within the network based on the rules and decisions made by the control plane. Managing the policy engine remotely is more closely related to the control plane than the data plane.
Subject
Explanation
A subject in the context of security refers to an entity that can access objects or resources within a system. While subjects are important for enforcing security policies, managing the policy engine remotely is more related to overseeing the control plane’s operations.
Question 24Skipped
A recent malware outbreak has infected millions of workstations globally. All compromised machines establish connections to a well-known IP address and launch attacks on a popular website. Which of the following BEST describes this process?
Resource reuse
Explanation
Resource reuse typically refers to the efficient use of system resources to minimize waste and improve performance. In the context of the given scenario, the compromised machines are not reusing resources but rather actively engaging in malicious activities.
Malicious code
Explanation
Malicious code refers to code that is designed to cause harm, steal data, or disrupt normal operations. While the malware outbreak in the scenario involves malicious code, the specific behavior of establishing connections to an IP address and launching attacks on a website is better described by a DDoS.
Correct answer
DDoS
Explanation
DDoS (Distributed Denial of Service) is the most appropriate description for the process outlined in the scenario. In a DDoS attack, multiple compromised machines, often part of a botnet, flood a target server or network with an overwhelming amount of traffic, causing it to become slow or unavailable to legitimate users.
Resource consumption
Explanation
Resource consumption typically refers to the utilization of system resources by legitimate processes or applications. In the scenario described, the compromised machines are not simply consuming resources but actively participating in a coordinated attack on a specific target.
Question 25Skipped
An attacker discovered a vulnerability in which one service relies on another and successfully prevented the first service from executing, causing the system to crash. Which of the following is being exploited?
Buffer overflow
Explanation
Buffer overflow is a type of vulnerability where a program writes more data to a buffer than it can hold, leading to memory corruption. This vulnerability is not related to one service relying on another and causing the system to crash.
Malicious update
Explanation
Malicious update refers to unauthorized changes made to a system or software, which can lead to security breaches or system malfunctions. While this can be a form of exploitation, it is not directly related to one service relying on another and causing a system crash.
Memory injection
Explanation
Memory injection involves injecting malicious code into a process’s memory space to manipulate its behavior. While this can lead to system crashes or security breaches, it is not specifically related to one service relying on another and causing the system to crash.
Correct answer
Race condition
Explanation
Race condition occurs when two or more processes or threads attempt to access shared resources or data at the same time, leading to unpredictable behavior. In this scenario, the attacker exploited the race condition by preventing one service from executing, causing the system to crash.
Question 26Skipped
A user installs an application and receives a UAC prompt indicating that Microsoft has verified the application’s authenticity. Which of the following is being described?
Least privilege
Explanation
Least privilege refers to the principle of providing users with only the minimum level of access or permissions necessary to perform their tasks. While UAC prompts are related to user permissions, the prompt indicating Microsoft’s verification of the application’s authenticity is not directly related to least privilege.
Secure cookies
Explanation
Secure cookies are used to enhance the security of web applications by storing session information securely. However, the UAC prompt indicating Microsoft’s verification of the application’s authenticity is not related to secure cookies.
Correct answer
Code signing
Explanation
Code signing involves digitally signing software to confirm its authenticity and integrity. When a user receives a UAC prompt indicating that Microsoft has verified the application’s authenticity, it means that the application has been signed with a digital certificate to ensure its trustworthiness.
Root of trust
Explanation
Root of trust refers to a foundational element in a security system that is inherently trusted. While code signing can be part of establishing a root of trust, the UAC prompt specifically mentioning Microsoft’s verification of the application’s authenticity is more closely related to code signing than the concept of root of trust.
Question 27Skipped
Users utilize a service that stores all passwords in an encrypted format and automatically authenticates them to websites they’ve visited before. Which of the following is being used?
SSO
Explanation
SSO (Single Sign-On) is a method that allows users to access multiple applications with one set of login credentials. It does not specifically involve storing passwords in an encrypted format or automatically authenticating users to websites they’ve visited before.
Correct answer
Password vaulting
Explanation
Password vaulting is the correct choice as it refers to a service that securely stores passwords in an encrypted format and automatically authenticates users to websites they’ve visited before. This helps users manage and protect their passwords while providing convenient access to their accounts.
SAML
Explanation
SAML (Security Assertion Markup Language) is a standard for exchanging authentication and authorization data between parties. While it is related to authentication, it is not specifically focused on storing passwords in an encrypted format or automatically authenticating users to websites they’ve visited before.
Secure cookies
Explanation
Secure cookies are used to store user-specific information on the client-side for authentication and session management. While they play a role in user authentication, they do not specifically involve storing passwords in an encrypted format or automatically authenticating users to websites they’ve visited before.
Question 28Skipped
A cybersecurity company is looking to purchase insurance in case of ransomware attacks. Which of the following BEST describes this risk?
Risk mitigation
Explanation
Risk mitigation involves taking proactive measures to reduce the impact or likelihood of a risk. In the case of ransomware attacks, this could include implementing cybersecurity protocols, conducting regular security audits, and training employees on how to recognize and respond to potential threats.
Risk acceptance
Explanation
Risk acceptance is the decision to acknowledge a risk and its potential consequences without taking any action to address it. By purchasing insurance for ransomware attacks, the cybersecurity company is actively taking steps to mitigate the financial impact of such an event, rather than simply accepting the risk.
Risk reporting
Explanation
Risk reporting involves documenting and communicating information about risks within an organization. While it is important for the cybersecurity company to report on the risk of ransomware attacks to stakeholders, purchasing insurance is a practical step to transfer the financial risk associated with such attacks to an insurance provider.
Correct answer
Risk transference
Explanation
Risk transference involves transferring the financial consequences of a risk to another party, such as an insurance company. By purchasing insurance for ransomware attacks, the cybersecurity company is effectively transferring the financial risk of potential attacks to the insurance provider, allowing them to focus on their core business operations without the fear of significant financial loss in the event of an attack.
Question 29Skipped
An employee discovered a USB drive in a park and plugged it into their computer. PowerShell was triggered, and commands began executing automatically. Which of the following is MOST likely happening?
Logic bomb
Explanation
A logic bomb is a type of malware that is designed to execute a specific malicious action when certain conditions are met, such as a particular date or time. In this scenario, the immediate execution of commands upon connecting the USB drive is more indicative of an active and immediate threat posed by malicious code rather than a delayed trigger set by a logic bomb.
Rootkit
Explanation
Rootkits are malicious software designed to conceal unauthorized access to a computer system. While rootkits can enable the execution of commands and control over a system, the automatic execution of commands triggered by the USB drive insertion suggests the presence of actively running malicious code rather than the stealthy persistence associated with rootkits.
Correct answer
Malicious code
Explanation
Malicious code encompasses any software or scripts intentionally created to harm computer systems or data. In this case, the automatic execution of commands upon plugging in the USB drive indicates the presence of malicious code actively running on the employee’s computer, posing an immediate threat to the system’s security and integrity.
Trojan
Explanation
Trojans are deceptive malware that masquerades as legitimate software to trick users into executing them, leading to unauthorized access or system damage. While Trojans can execute commands and perform malicious actions, the situation described, where commands are automatically running upon connecting the USB drive, aligns more closely with the presence of actively running malicious code rather than a Trojan disguised as benign software.
Question 30Skipped
An employee enters a building and swipes their smart card, while another individual exits and pretends to be a worker. Which of the following BEST describes what is happening?
Social engineering
Explanation
Social engineering involves manipulating individuals into divulging confidential information or performing actions that compromise security. While the scenario involves deception, the main focus is on impersonating a worker rather than manipulating someone to provide information.
Correct answer
Impersonation
Explanation
Impersonation is the act of pretending to be someone else in order to deceive others or gain unauthorized access. In this scenario, the individual is pretending to be a worker by taking advantage of the smart card system, making impersonation the most appropriate term to describe the situation.
Pretexting
Explanation
Pretexting involves creating a false scenario or pretext to deceive individuals into providing sensitive information. While there is deception involved in the scenario, the main action is the act of impersonating a worker rather than creating a false scenario.
Watering hole
Explanation
Watering hole attacks involve compromising a website or online resource that is frequently visited by a target group to infect their systems with malware. The scenario described does not involve an online attack but rather physical access to a building through impersonation.
Question 31Skipped
An administrator has purchased a new laptop and wants to minimize the threat associated with running unused or outdated applications. Which of the following is the administrator MOST likely removing?
Zero-day
Explanation
Zero-day vulnerabilities refer to security flaws that are unknown to the software vendor and are actively exploited by attackers. Removing zero-day vulnerabilities is important for minimizing security threats, but it is not directly related to running unused or outdated applications on a new laptop.
Malicious update
Explanation
Malicious updates are updates to software or applications that contain malware or other malicious code. While removing malicious updates is crucial for maintaining a secure system, it is not the primary concern when trying to minimize threats associated with running unused or outdated applications on a new laptop.
Rootkit
Explanation
Rootkits are malicious software that allows attackers to gain unauthorized access to a system and maintain control over it. While removing rootkits is essential for securing a system, it is not specifically related to minimizing threats associated with running unused or outdated applications on a new laptop.
Correct answer
Bloatware
Explanation
Bloatware refers to pre-installed software on a device that is unnecessary, unwanted, or outdated. Removing bloatware from a new laptop helps minimize the threat associated with running unused or outdated applications, as these programs can consume system resources, introduce security vulnerabilities, and impact system performance.
Question 32Skipped
A security analyst is examining the results of a vulnerability scan and notices that it failed to detect a recent high-severity exploit on a remote host. Which of the following is being described?
CVE
Explanation
CVE (Common Vulnerabilities and Exposures) is a dictionary of publicly known information security vulnerabilities and exposures. It is used to uniquely identify specific vulnerabilities that may exist in software or hardware products.
Correct answer
False negative
Explanation
A false negative occurs when a security tool or process fails to detect a real threat or vulnerability. In this case, the vulnerability scan failed to identify a high-severity exploit on a remote host, resulting in a false negative outcome.
CVSS
Explanation
CVSS (Common Vulnerability Scoring System) is a framework used to assess and prioritize the severity of security vulnerabilities. It provides a standardized method for rating vulnerabilities based on their potential impact and exploitability.
False positive
Explanation
A false positive occurs when a security tool or process incorrectly identifies a non-existent threat or vulnerability. In this scenario, if the vulnerability scan had mistakenly flagged a non-existent exploit on the remote host, it would have been considered a false positive.
Question 33Skipped
A user wants a way to quickly deploy a small, lightweight machine for testing applications and is considering using Docker or Kubernetes. Which of the following technologies is being described?
Correct answer
Containerization
Explanation
Containerization, as described in the question, involves using technologies like Docker or Kubernetes to quickly deploy lightweight, isolated environments for testing applications. Containers provide a way to package and run applications with their dependencies in a consistent and portable manner, making them ideal for rapid deployment and testing purposes.
Sandboxing
Explanation
Sandboxing typically refers to isolating an application or process from the rest of the system to prevent it from affecting other applications or the operating system. While containerization can be considered a form of sandboxing, the focus in this question is on deploying lightweight environments for testing applications rather than isolating individual processes.
Virtual machine
Explanation
Virtual machines involve running multiple operating systems on a single physical machine using a hypervisor. While virtual machines provide isolation and flexibility, they are typically heavier and slower to deploy compared to containerization technologies like Docker or Kubernetes, which are better suited for quick and lightweight deployments.
Real-time operating system
Explanation
Real-time operating systems are designed to provide predictable and deterministic responses to events, making them suitable for time-sensitive applications. However, they are not directly related to the scenario described in the question, which focuses on quickly deploying lightweight environments for testing applications using containerization technologies.
Question 34Skipped
An organization stores passwords using a one-way algorithm, where the passwords cannot be reversed and have a fixed length. Which of the following technologies is being described?
Correct answer
Hashing
Explanation
Hashing is the correct choice because it describes the process of converting passwords into a fixed-length string of characters using a one-way algorithm. This process ensures that the original password cannot be retrieved from the hash value, providing a secure way to store passwords.
Encryption
Explanation
Encryption involves converting data into a different format that can be reversed using a decryption key. Unlike hashing, encryption allows for the original data to be retrieved, which is not the case in the scenario described in the question.
Salting
Explanation
Salting is the process of adding random data to passwords before hashing them to make each password hash unique, even if the passwords are the same. While salting is often used in conjunction with hashing for added security, it is not the primary technology being described in the question.
Tokenization
Explanation
Tokenization involves replacing sensitive data with unique identifiers called tokens. It is commonly used to protect data in transit or at rest, but it is not the technology being described in the scenario where passwords are stored using a one-way algorithm with a fixed length.
Question 35Skipped
A security analyst notices multiple failed login attempts on an administrator account within a short period. The attempts try different password combinations until access is granted. Which of the following BEST describes this attack?
Keylogger
Explanation
A keylogger is a type of malware that records keystrokes on a compromised system, allowing attackers to capture sensitive information such as passwords. This attack does not involve capturing keystrokes but rather attempting different password combinations.
Credential replay
Explanation
Credential replay attacks involve capturing authentication credentials and reusing them to gain unauthorized access. In this scenario, the attacker is not capturing credentials to replay but rather attempting different password combinations until access is granted.
Spraying
Explanation
Password spraying is a type of attack where attackers try a small number of commonly used passwords against multiple accounts. In this case, the attacker is not using a small set of passwords but rather trying different combinations until access is granted.
Correct answer
Brute force
Explanation
Brute force attacks involve systematically trying all possible password combinations until the correct one is found. In this scenario, the attacker is using a brute force approach by trying different password combinations until access is granted.
Question 36Skipped
A network administrator is configuring a new router and wants to implement the most secure authentication available. The solution must protect against offline password cracking using Simultaneous Authentication of Equals. Which of the following is the administrator MOST likely implementing?
EAP
MDM
Correct answer
WPA3
RADIUS
Question 37Skipped
A security analyst is gathering logs from all devices on the network. The devices have software installed that automatically sends logs to the SIEM. Which of the following is installed on the devices?
802.1X
Explanation
802.1X is a network access control protocol that provides authentication to devices trying to connect to a network. It is not directly related to gathering logs from devices on the network.
NetFlow
Explanation
NetFlow is a network protocol used for collecting IP traffic information. While it can provide valuable network traffic data, it is not typically used for sending logs to a SIEM from devices.
Correct answer
Sensor
Explanation
A sensor is a software component installed on devices that automatically sends logs to the SIEM. It plays a crucial role in collecting and forwarding log data for analysis and monitoring.
SIEM
Explanation
SIEM (Security Information and Event Management) is a centralized platform that aggregates and analyzes security event data from various sources, including logs from devices. It is not installed on individual devices, but rather used to collect and analyze data from them.
Question 38Skipped
Which role manages the purposes and means by which data is processed?
Correct answer
Data controller
Explanation
A data controller is responsible for determining the purposes and means by which data is processed. They have the authority to make decisions about how and why data is processed, ensuring compliance with data protection regulations and privacy laws.
Data processor
Explanation
A data processor, on the other hand, is responsible for processing data on behalf of the data controller. They must follow the instructions provided by the data controller and ensure that data is processed securely and in accordance with legal requirements.
Data owner
Explanation
A data owner is the individual or entity that has ownership rights over the data. While they may have some control over how the data is used, they are not directly responsible for managing the purposes and means of data processing.
Data steward
Explanation
A data steward is responsible for overseeing the management and use of data within an organization. They focus on data quality, security, and compliance, but they do not have the authority to determine the purposes and means of data processing like a data controller does.
Question 39Skipped
Upon being hired, a user is required to sign an agreement stating they cannot share any company information. The company can sue the individual for millions if any information is disclosed. Which of the following documents is being described?
Rules of engagement
Explanation
Rules of engagement typically outline the guidelines and protocols for engaging in specific activities or projects within an organization. It does not specifically address the confidentiality of company information or the consequences of sharing such information.
Service-level agreement
Explanation
Service-level agreement (SLA) is a contract between a service provider and a customer that defines the level of service expected from the service provider. It does not pertain to the confidentiality of company information or the consequences of sharing such information.
Correct answer
Non-disclosure agreement
Explanation
Non-disclosure agreement (NDA) is a legal document that outlines confidential information that the parties wish to share with one another for certain purposes, but wish to restrict access to or by third parties. It typically includes provisions for penalties or legal action if the information is disclosed without authorization.
Memorandum of agreement
Explanation
Memorandum of agreement (MOA) is a document that outlines the terms and details of an agreement between parties. It does not specifically address the confidentiality of company information or the consequences of sharing such information.
Question 40Skipped
An organization evaluates all systems while applying a defense-in-depth strategy. They acknowledge that no security measure alone is sufficient to completely prevent a data breach. Which of the following BEST describes this approach?
Supply chain
Explanation
Supply chain refers to the network of all individuals, organizations, resources, activities, and technology involved in the creation and sale of a product. While supply chain security is important in preventing data breaches, it does not specifically relate to the defense-in-depth strategy described in the question.
EDR
Explanation
EDR (Endpoint Detection and Response) is a security technology that focuses on detecting and investigating suspicious activities on endpoints. While EDR is a valuable component of a defense-in-depth strategy, it does not fully capture the concept of using multiple layers of security to prevent data breaches.
Correct answer
Zero trust
Explanation
Zero trust is a security model based on the principle of maintaining strict access controls and not trusting any user or device by default, even if they are inside the network perimeter. This approach aligns with the defense-in-depth strategy described in the question, as it emphasizes the need for multiple layers of security to protect against data breaches.
XDR
Explanation
XDR (Extended Detection and Response) is a security technology that integrates multiple security products to provide a more comprehensive view of threats across different vectors. While XDR can enhance security posture, it does not specifically address the concept of defense-in-depth as described in the question.
Question 41Skipped
An attacker attempts to access multiple folders on an Apache web server. The administrator reviews the following web server logs:
[Status: 301, Size: 351, Words: 23, Lines: 10, Duration: 9ms]
- modules
[Status: 301, Size: 351, Words: 23, Lines: 10, Duration: 8ms]
- gallery
[Status: 301, Size: 349, Words: 23, Lines: 10, Duration: 0ms] - cache
[Status: 301, Size: 354, Words: 23, Lines: 10, Duration: 28ms] - phpmyadmin
Which of the following BEST describes the attack occurring?
Pass the hash
Explanation
Pass the hash is a type of attack where an attacker captures a hashed password and reuses it to authenticate as the user. This attack is not related to the information provided in the web server logs, which indicate attempts to access multiple folders on the Apache web server.
Correct answer
Directory traversal
Explanation
Directory traversal is a type of attack where an attacker tries to access files and directories that are outside the web root directory. The information in the web server logs, showing attempts to access different folders like modules, gallery, cache, and phpmyadmin, aligns with the behavior of a directory traversal attack.
Replay
Explanation
Replay attacks involve capturing network traffic and replaying it to impersonate a legitimate user. The information in the web server logs does not indicate any repeated or replayed requests, making a replay attack an unlikely scenario in this context.
Forgery
Explanation
Forgery attacks involve creating fake data or requests to deceive a system. The information in the web server logs does not suggest any falsified requests or data manipulation, making a forgery attack an unlikely explanation for the observed behavior.
Question 42Skipped
An organization acquires a domain name that closely resembles another organization’s domain. When users visit the site, they are redirected to an unexpected destination. Which of the following BEST describes this tactic?
Correct answer
Typosquatting
Explanation
Typosquatting is a tactic where malicious actors register domain names that closely resemble legitimate domain names to trick users into visiting their sites. By redirecting users to unexpected destinations, attackers can potentially steal sensitive information or distribute malware.
Shadow IT
Explanation
Shadow IT refers to the use of unauthorized software or services within an organization without the knowledge or approval of the IT department. While it is a security risk, it is not directly related to the scenario described in the question.
RADIUS
Explanation
RADIUS (Remote Authentication Dial-In User Service) is a networking protocol that provides centralized authentication, authorization, and accounting management for users who connect and use a network service. It is not relevant to the scenario of acquiring a domain name similar to another organization’s domain.
Dark web
Explanation
The dark web is a part of the internet that is not indexed by search engines and is often associated with illegal activities. While malicious actors may use the dark web to host fraudulent websites, it is not directly related to the tactic of registering a domain name similar to another organization’s domain for malicious purposes.
Question 43Skipped
Users receive an authentication code via a telephone system that reads it aloud. An attacker intercepts the call and gains access to the code. Which of the following BEST describes this type of attack?
Correct answer
On-path
Explanation
An on-path attack occurs when an attacker intercepts communication between two parties, such as intercepting a telephone call to gain access to an authentication code. In this scenario, the attacker is actively monitoring the communication channel to obtain sensitive information.
Default credentials
Explanation
Default credentials refer to the pre-configured usernames and passwords that are often used by manufacturers or system administrators. This type of attack is not relevant to the situation described in the question, where the attacker intercepts an authentication code during a telephone call.
Open service ports
Explanation
Open service ports refer to network ports that are accessible and actively listening for incoming connections. This type of attack involves exploiting vulnerabilities in open ports to gain unauthorized access to a system, which is not the case in the scenario where an attacker intercepts a telephone call for an authentication code.
Supply chain
Explanation
The supply chain attack involves targeting the software or hardware supply chain to introduce malicious components or compromise the integrity of the products. This type of attack is not applicable to the situation where an attacker intercepts a telephone call to obtain an authentication code.
Question 44Skipped
An organization is assessing its current status in comparison to its desired future outcome over the coming months. They are establishing a baseline to help achieve this goal. Which of the following is MOST likely taking place?
IaC
Explanation
IaC (Infrastructure as Code) is a method of managing and provisioning technology infrastructure through code and automation. While IaC is a valuable practice for ensuring consistency and efficiency in infrastructure management, it is not directly related to assessing current status or establishing a baseline for future goals.
RTOS
Explanation
RTOS (Real-Time Operating System) is an operating system designed to handle real-time applications with strict timing requirements. While RTOS is important for time-sensitive systems, it is not typically used for assessing current status or establishing baselines in an organization’s strategic planning.
Correct answer
Gap analysis
Explanation
Gap analysis is a process used to compare the current state of an organization with its desired future state. By identifying the gaps between the two, organizations can develop strategies to bridge those gaps and achieve their goals. This process is essential for establishing a baseline and tracking progress towards desired outcomes.
SLA
Explanation
SLA (Service Level Agreement) is a contract between a service provider and a customer that defines the level of service expected. While SLAs are important for setting expectations and ensuring service quality, they are not directly related to the process of assessing current status and establishing baselines for future goals.
Question 45Skipped
A penetration tester encounters the following login screen and executes an attack to bypass the authentication portal. Which of the following attacks is being used?
XSS
Explanation
XSS (Cross-Site Scripting) attacks involve injecting malicious scripts into web pages that are viewed by other users. This attack does not directly relate to bypassing a login portal, as it focuses on manipulating the behavior of the website itself rather than bypassing authentication mechanisms.
On-path
Explanation
On-path attacks involve intercepting and manipulating network traffic between two parties. While this type of attack can be used to capture login credentials, it does not directly relate to bypassing a login portal by exploiting vulnerabilities in the authentication process.
Correct answer
SQLi
Explanation
SQLi (SQL Injection) attacks involve inserting malicious SQL queries into input fields to manipulate the database backend of a web application. In this case, the penetration tester is likely exploiting a vulnerability in the login portal’s database query to bypass the authentication process and gain unauthorized access.
Pass the hash
Explanation
Pass the hash attacks involve using stolen password hashes to authenticate to a system without knowing the actual plaintext password. While this type of attack can be used to bypass authentication mechanisms, it typically does not involve directly exploiting vulnerabilities in a login portal like SQLi attacks do.
Question 46Skipped
A user wants to authenticate with a service using credentials from third-party providers. Which of the following authentication methods would BEST meet this requirement?
Correct answer
SAML
Explanation
SAML (Security Assertion Markup Language) is specifically designed for exchanging authentication and authorization data between parties, particularly in web-based applications. It allows users to authenticate with a service using credentials from third-party identity providers, making it the best choice for meeting the requirement in the question.
LDAP
Explanation
LDAP (Lightweight Directory Access Protocol) is a protocol used for accessing and maintaining distributed directory information services over an IP network. While LDAP can be used for authentication, it is not specifically designed for authenticating users with credentials from third-party providers, making it less suitable for the requirement in the question.
RADIUS
Explanation
RADIUS (Remote Authentication Dial-In User Service) is a networking protocol that provides centralized authentication, authorization, and accounting management for users who connect and use a network service. While RADIUS is commonly used for network access authentication, it is not designed for authenticating users with credentials from third-party providers, making it less ideal for the requirement in the question.
WPA3
Explanation
WPA3 (Wi-Fi Protected Access 3) is a security protocol used to secure Wi-Fi networks. While WPA3 provides secure authentication for Wi-Fi connections, it is not designed for authenticating users with credentials from third-party providers in the context of accessing a service, making it an incorrect choice for the requirement in the question.
Question 47Skipped
A network administrator has intentionally generated a set of fake usernames and passwords that do not grant access to any real resources. Later, the administrator detects an attempt to use these credentials on a Microsoft Access database. Which of the following BEST describes these credentials?
Correct answer
Honeytoken
Explanation
A honeytoken is a fake set of credentials or data intentionally created to detect unauthorized access attempts. In this scenario, the fake usernames and passwords are used as bait to identify potential attackers trying to gain access to the Microsoft Access database.
Honeyfile
Explanation
A honeyfile is a decoy file or document used to lure attackers and detect unauthorized access attempts. It is not specifically related to fake usernames and passwords like in this scenario.
Honeypot
Explanation
A honeypot is a security mechanism set up to detect, deflect, or study attempts at unauthorized use of information systems. While similar in concept to honeytokens, honeypots are typically entire systems or networks designed to lure attackers, not just fake credentials.
Honeynet
Explanation
A honeynet is a network set up with intentional vulnerabilities to attract attackers and study their behavior. It is a more extensive and complex security setup compared to honeytokens, which are focused on fake credentials.
Question 48Skipped
An attacker has connected a physical device to a laptop’s mouse, which goes unnoticed by the user. After a short period, the attacker successfully logs into their Facebook account using credentials captured through the device. Which of the following BEST describes the cause of this attack?
Rootkit
Explanation
A rootkit is a type of malicious software that is designed to gain unauthorized access to a system and remain undetected. While rootkits can be used to capture credentials and perform unauthorized actions, in this scenario, the attack involves capturing credentials through a physical device connected to the laptop’s mouse, which is more indicative of spyware.
Trojan
Explanation
A Trojan is a type of malware that disguises itself as a legitimate file or software to trick users into downloading and executing it. Trojans can be used to steal sensitive information, but in this case, the attack involves capturing credentials through a physical device connected to the laptop’s mouse, which aligns more with the behavior of spyware.
Bloatware
Explanation
Bloatware refers to software that is pre-installed on a device and consumes excessive resources, leading to decreased performance. Bloatware is not directly related to capturing credentials through a physical device connected to a laptop’s mouse, making it an incorrect choice for describing the cause of this attack.
Correct answer
Spyware
Explanation
Spyware is a type of malware that is designed to secretly monitor and collect information about a user’s activities without their knowledge or consent. In this scenario, the attacker successfully logs into the victim’s Facebook account using credentials captured through the device connected to the laptop’s mouse, indicating that spyware was used to capture and transmit the stolen credentials.
Question 49Skipped
Customer data is stored in a centralized network database and backed up using differential and incremental backup methods. Which of the following BEST describes this process?
Correct answer
Data at rest
Explanation
Differential and incremental backup methods are used to protect data stored in a centralized network database by creating copies of the data at different points in time. This process ensures that the most recent changes are backed up efficiently while minimizing storage space and backup time. Therefore, this choice accurately describes the process of backing up customer data in this scenario.
Data in motion
Explanation
Data in motion refers to data that is actively being transferred between systems or locations. In this scenario, the customer data is stored in a centralized network database and backed up using backup methods, which does not involve data actively moving between systems. Therefore, this choice does not accurately describe the process of backing up customer data in this scenario.
Hot site
Explanation
A hot site is a location that is fully equipped with necessary hardware, software, and data to resume operations in the event of a disaster. While backup methods are crucial for disaster recovery, the process of storing customer data in a centralized network database and backing it up using differential and incremental methods does not directly relate to a hot site. Therefore, this choice does not accurately describe the process in this scenario.
Data sovereignty
Explanation
Data sovereignty refers to the legal concept that data is subject to the laws and regulations of the country in which it is located. While data sovereignty is an important consideration for data protection and privacy, it does not directly relate to the process of storing customer data in a centralized network database and backing it up using differential and incremental methods. Therefore, this choice does not accurately describe the process in this scenario.
Question 50Skipped
An organization is assembling the required tools and personnel to be contacted in the event of an incident. Which incident response phase is currently taking place?
Recovery
Explanation
The recovery phase occurs after the incident has been contained and resolved. It involves restoring systems and data to normal operations and ensuring that any damage caused by the incident is mitigated.
Lessons learned
Explanation
The lessons learned phase occurs after the incident has been fully resolved and involves analyzing the incident response process to identify areas for improvement and best practices to apply in future incidents.
Correct answer
Preparation
Explanation
The preparation phase involves assembling the necessary tools, personnel, and resources to be contacted and utilized in the event of an incident. This phase focuses on proactive measures to ensure an effective and efficient response to incidents.
Containment
Explanation
The containment phase involves taking immediate actions to prevent the incident from spreading further and causing additional damage. It focuses on isolating the affected systems and limiting the impact of the incident.
Question 51Skipped
A user downloaded an application from a third-party store on their iOS device and installed custom firmware that removed all application restrictions. Which of the following BEST describes this firmware?
Zero-day
Explanation
Zero-day refers to a vulnerability that is unknown to the software vendor or the public. It is typically exploited by attackers before the vendor becomes aware of it and releases a patch. Zero-day vulnerabilities are not related to custom firmware that removes application restrictions on an iOS device.
Correct answer
Jailbreaking
Explanation
Jailbreaking is the process of removing software restrictions imposed by Apple on iOS devices. By jailbreaking the device and installing custom firmware, the user can bypass Apple’s restrictions and gain more control over the device. This allows for the installation of unauthorized apps and customization options that are not typically available on a non-jailbroken device.
SASE
Explanation
SASE (Secure Access Service Edge) is a networking model that combines network security functions with wide-area networking capabilities to support the dynamic secure access needs of organizations. It is not related to the process of installing custom firmware on an iOS device to remove application restrictions.
Side loading
Explanation
Side loading refers to the process of installing an application on a device from a source other than the official app store. While side loading can be used to install apps that are not available on the official store, it does not involve the installation of custom firmware that removes application restrictions, as described in the question.
Question 52Skipped
A security analyst is deploying new software within an organization to identify and alert the administrator of real-time threats. Which of the following controls is the analyst implementing?
Preventive
Explanation
Preventive controls are put in place to prevent security incidents from occurring. They aim to stop an attack before it happens by implementing measures such as access controls, encryption, and authentication mechanisms. In this scenario, the analyst is not implementing a control to prevent threats but rather to identify and alert the administrator of real-time threats.
Deterrent
Explanation
Deterrent controls are used to discourage potential attackers from targeting the organization’s systems or data. These controls often include warning signs, security cameras, and security guards. The analyst in this scenario is not implementing a control to deter attackers but rather to identify and alert the administrator of real-time threats.
Correct answer
Detective
Explanation
Detective controls are designed to identify security incidents after they have occurred. These controls include intrusion detection systems, security information and event management (SIEM) tools, and log monitoring. By deploying new software to identify and alert the administrator of real-time threats, the analyst is implementing a detective control.
Technical
Explanation
Technical controls refer to the use of technology to enforce security policies and protect systems and data. While the software being deployed by the analyst is a technical control, the specific purpose of this control is to detect and alert the administrator of real-time threats, making it more aligned with a detective control rather than a general technical control.
Question 53Skipped
An organization is partnering with a third-party provider to guarantee a specific level of system uptime. Which of the following BEST describes what the third party is offering?
MOU
Explanation
An MOU (Memorandum of Understanding) is a formal agreement between two or more parties outlining the terms and details of a partnership or collaboration. It is not specifically related to guaranteeing system uptime or service levels.
Elasticity
Explanation
Elasticity refers to the ability of a system to dynamically adjust resources based on demand. While elasticity can contribute to system uptime, it is not specifically related to guaranteeing a specific level of uptime as described in the question.
Correct answer
SLA
Explanation
An SLA (Service Level Agreement) is a contract between a service provider and a customer that outlines the level of service expected, including uptime guarantees, response times, and other performance metrics. In this scenario, the third-party provider is offering a specific level of system uptime through an SLA.
RFID
Explanation
RFID (Radio Frequency Identification) is a technology that uses electromagnetic fields to automatically identify and track tags attached to objects. It is not related to guaranteeing system uptime or service levels as described in the question.
Question 54Skipped
A manufacturing company has experienced multiple break-ins through the front door. They need a sensor capable of monitoring and detecting movement across a large geographical area. Which of the following BEST meets the company’s requirements?
Ultrasonic
Explanation
Ultrasonic sensors use sound waves to detect movement, making them more suitable for smaller, enclosed areas rather than large geographical areas. They may not be the best choice for monitoring movement across a large area like a front door of a manufacturing company.
Correct answer
Microwave
Explanation
Microwave sensors are capable of monitoring and detecting movement across a large geographical area, making them a suitable choice for the manufacturing company’s requirements. They can cover a wide range and are effective in detecting movement in outdoor environments.
Pressure
Explanation
Pressure sensors are designed to detect changes in pressure, such as when a door is opened or closed. While they can be useful for certain security applications, they may not be the most effective choice for monitoring movement across a large geographical area like the front door of a manufacturing company.
Infrared
Explanation
Infrared sensors detect heat signatures and movement based on infrared radiation. While they can be effective for detecting movement, they may not be the best choice for monitoring movement across a large geographical area, especially in outdoor environments where factors like temperature changes can affect their accuracy.
Question 55Skipped
A SOC analyst is monitoring SIEM logs and notices events appearing in real-time that should only occur during non-working hours. The timestamps on the logs differ from what is expected. Which of the following BEST describes what is happening?
Resource consumption
Explanation
Resource consumption typically refers to the utilization of system resources such as CPU, memory, or disk space. It is not directly related to the issue of events appearing in real-time during non-working hours with incorrect timestamps in SIEM logs.
Correct answer
Out-of-cycle logging
Explanation
Out-of-cycle logging is the most likely explanation for events appearing in real-time during non-working hours with incorrect timestamps in SIEM logs. This term refers to logs being generated outside of their expected schedule or cycle, which can indicate a potential security incident or misconfiguration.
Concurrent session usage
Explanation
Concurrent session usage refers to multiple users accessing a system or application at the same time. While this could potentially lead to discrepancies in logs, it is not the most accurate description of the situation where events are appearing in real-time during non-working hours with incorrect timestamps.
Missing logs
Explanation
Missing logs would imply that certain events or logs are not being captured or recorded by the SIEM system. In this scenario, the issue is not about missing logs but rather about events appearing in real-time during non-working hours with incorrect timestamps.
Question 56Skipped
A company CISO analyzes the public ledger, tracking real-time changes and transactions while providing integrity. Which of the following is the CISO most likely analyzing?
TPM
Explanation
TPM (Trusted Platform Module) is a hardware-based security solution that provides secure storage for cryptographic keys and ensures the integrity of the system. While TPM can be used for various security purposes, it is not typically associated with analyzing public ledgers or tracking real-time changes and transactions.
Correct answer
Blockchain
Explanation
Blockchain is a decentralized, distributed ledger technology that provides transparency, immutability, and integrity to transactions. It is commonly used for tracking real-time changes and transactions in a secure and transparent manner, making it the most likely option for the CISO to be analyzing in this scenario.
Secure enclave
Explanation
Secure enclave is a secure area within a processor that provides isolated execution for sensitive operations. While secure enclave can enhance security by protecting critical data and processes, it is not specifically designed for analyzing public ledgers or tracking real-time changes and transactions.
Certificate authority
Explanation
CA (Certificate Authority) is an entity that issues digital certificates to validate the identity of users, devices, or services in a network. While CAs play a crucial role in establishing trust and security in digital communications, they are not typically involved in analyzing public ledgers or tracking real-time changes and transactions.
Question 57Skipped
A Linux administrator has identified a zero-day exploit targeting Linux-based systems. To mitigate the risk, the administrator plans to replace some Linux-based computers with Windows OS. Which of the following BEST describes the action being taken?
Multi-cloud systems
Explanation
Multi-cloud systems refer to the use of multiple cloud service providers to host an organization’s data and applications. This choice does not accurately describe the action being taken by the Linux administrator to mitigate the zero-day exploit.
Fail over
Explanation
Fail over is a process where the workload is transferred from one system to another in case of a failure. This choice does not accurately describe the action being taken by the Linux administrator to mitigate the zero-day exploit.
Correct answer
Platform diversity
Explanation
Platform diversity involves using different operating systems or platforms to reduce the risk of a single vulnerability affecting all systems. In this case, replacing some Linux-based computers with Windows OS is a form of platform diversity to mitigate the risk of the zero-day exploit targeting Linux-based systems.
Continuity of operations
Explanation
Continuity of operations refers to the ability of an organization to continue essential functions during and after a disaster. While important for business continuity planning, this choice does not accurately describe the action being taken by the Linux administrator to mitigate the zero-day exploit.
Question 58Skipped
A hospital is dealing primarily with PHI and PII information from their customers. The hospital contacts a technician on the best way to classify the data they have. Which of the following BEST describes this data?
Confidential
Explanation
Confidential data typically refers to information that requires a high level of protection due to its sensitive nature. While PHI and PII information are important and should be protected, the term "confidential" may not fully capture the specific regulatory requirements and implications associated with this type of data.
Correct answer
Sensitive
Explanation
Sensitive data is the most appropriate classification for PHI and PII information as it accurately reflects the level of protection and privacy required for this type of data. Sensitive data includes information that, if disclosed, could result in harm, identity theft, or privacy violations.
Private
Explanation
Private data typically refers to personal information that individuals do not want to be shared publicly. While PHI and PII information are indeed private, the term "private" may not fully convey the legal and ethical responsibilities associated with handling this type of data in a healthcare setting.
Restricted
Explanation
Restricted data typically refers to information that has strict access controls and limited distribution. While PHI and PII information should be restricted in terms of access and sharing, the term "restricted" may not fully capture the specific regulatory requirements and privacy considerations associated with this type of data in a healthcare environment.
Question 59Skipped
A cybersecurity company is requiring users to retain all data at rest while ensuring that backups are conducted on a monthly basis. Which of the following BEST describes this requirement?
Assignment/accounting
Explanation
Assignment/accounting refers to the process of assigning and tracking resources or tasks to specific individuals or groups. It does not directly relate to the requirement of retaining data at rest and conducting monthly backups.
Correct answer
Data retention
Explanation
Data retention is the practice of storing data for a specific period of time, often for compliance or legal reasons. In this scenario, the requirement to retain all data at rest and conduct monthly backups aligns with the concept of data retention, making this choice the best description of the requirement.
Inventory
Explanation
Inventory involves tracking and managing assets or resources within an organization. While data retention and backups are related to managing data assets, the specific requirement mentioned in the question does not directly align with the concept of inventory.
Data classification
Explanation
Data classification involves categorizing data based on its sensitivity or importance. While data retention and backups are important considerations in data classification, the specific requirement of retaining all data at rest and conducting monthly backups is not solely focused on classifying data.
Question 60Skipped
A security engineer seeks to automate the detection and response process while conducting vulnerability scans on endpoint devices. Which of the following would BEST meet the engineer’s requirements?
EDR
Explanation
EDR (Endpoint Detection and Response) solutions are designed to monitor and respond to security threats on endpoint devices. While EDR can help with detecting and responding to vulnerabilities, it is more focused on threat detection and incident response rather than vulnerability scanning automation.
SDN
Explanation
SDN (Software-Defined Networking) is a network architecture approach that allows network administrators to programmatically control network behavior. While SDN can enhance network security and automation, it is not specifically designed for automating vulnerability scans on endpoint devices.
Correct answer
SCAP
Explanation
SCAP (Security Content Automation Protocol) is a standard that provides a framework for automating vulnerability management, measurement, and policy compliance evaluation. SCAP can automate vulnerability scans against endpoint devices and streamline the detection and response process, making it the best choice for the security engineer’s requirements.
SCADA
Explanation
SCADA (Supervisory Control and Data Acquisition) systems are used for monitoring and controlling industrial processes. While SCADA systems are important for critical infrastructure security, they are not designed for automating vulnerability scans on endpoint devices.
Question 61Skipped
A security auditor executed an operating system file, inadvertently spreading malware across the network. Upon reviewing the file, they discovered it had been previously tampered with. Which of the following would have MOST likely alerted the auditor before executing the file?
Antivirus
Explanation
Antivirus software is designed to detect and remove known malware from systems. While antivirus can be effective in identifying and removing malware, it may not have detected the tampering of the file before execution, as it primarily focuses on known threats rather than file integrity.
ACL
Explanation
Access Control Lists (ACLs) are used to control access to files and resources on a system. While ACLs can restrict access to files and prevent unauthorized modifications, they do not actively monitor file integrity or changes, so they would not have alerted the auditor before executing the file.
Correct answer
FIM
Explanation
File Integrity Monitoring (FIM) tools are specifically designed to monitor and detect changes to files and system configurations. FIM tools can alert users to unauthorized modifications or tampering with files, making them the most likely choice to have alerted the auditor before executing the file in this scenario.
CVE
Explanation
Common Vulnerabilities and Exposures (CVE) are publicly disclosed information about known cybersecurity vulnerabilities. While CVEs can provide valuable information about security vulnerabilities, they are not directly related to file integrity monitoring and would not have alerted the auditor before executing the tampered file.
Question 62Skipped
An application developer executes an application in a sandbox environment in real time. Which of the following BEST describes the type of analysis being conducted?
Parallel processing
Explanation
Parallel processing involves breaking down a task into smaller parts that can be executed simultaneously to improve performance. It is not directly related to the analysis of an application in a sandbox environment in real time.
Correct answer
Dynamic
Explanation
Dynamic analysis involves evaluating the behavior of an application while it is running in a live environment, such as a sandbox. This type of analysis allows for the observation of real-time interactions, inputs, and outputs.
Static
Explanation
Static analysis focuses on examining the code and structure of an application without executing it. It is typically done before runtime and does not involve running the application in a sandbox environment in real time.
Vulnerability scan
Explanation
Vulnerability scanning is a process of identifying security weaknesses and vulnerabilities in an application or system. While important for security assessments, it does not specifically describe the type of analysis conducted when running an application in a sandbox environment in real time.
Question 63Skipped
A company wants to ensure uptime for all Internet-facing servers. The solution must distribute traffic efficiently and prevent server overload. Which of the following would BEST meet this requirement?
UPS
Explanation
UPS (Uninterruptible Power Supply) is a device that provides emergency power to a load when the input power source fails. While UPS can help maintain uptime by preventing power outages from affecting servers, it does not distribute traffic efficiently or prevent server overload.
Correct answer
Load balancer
Explanation
A load balancer is a device or software application that distributes incoming network traffic across multiple servers. By balancing the load, a load balancer helps prevent server overload and ensures efficient distribution of traffic, making it the best choice to meet the company’s requirement for uptime for Internet-facing servers.
SD-WAN
Explanation
SD-WAN (Software-Defined Wide Area Network) is a technology that allows organizations to manage and optimize their WAN connections. While SD-WAN can improve network performance and reliability, it does not directly address the requirement of distributing traffic efficiently and preventing server overload for Internet-facing servers.
SASE
Explanation
SASE (Secure Access Service Edge) is a networking architecture that combines network security functions with WAN capabilities. While SASE can enhance security and network performance, it does not specifically focus on distributing traffic efficiently or preventing server overload for Internet-facing servers.
Question 64Skipped
A penetration tester is preparing to assess an organization’s network security. They have been provided with the company’s website name, www.digi.ninja. Which of the following BEST describes this type of testing?
Correct answer
Unknown environment
Explanation
Conducting a penetration test on an organization’s network security without prior knowledge or familiarity with the environment is considered testing in an unknown environment. In this scenario, the penetration tester has only been provided with the company’s website name, www.digi.ninja, and must gather information and assess the security posture without any pre-existing knowledge.
Known environment
Explanation
Testing in a known environment would involve the penetration tester having detailed information about the organization’s network infrastructure, systems, and security measures before conducting the assessment. In this case, the tester has limited information with only the company’s website name, www.digi.ninja, making it an unknown environment for testing.
Passive reconnaissance
Explanation
Passive reconnaissance involves gathering information about a target network or organization without directly interacting with the systems or triggering any alerts. In this scenario, the penetration tester is preparing to assess the organization’s network security, which goes beyond passive reconnaissance as it involves active testing and assessment.
Partially known environment
Explanation
Testing in a partially known environment would imply that the penetration tester has some information about the organization’s network infrastructure or security measures but not a comprehensive understanding. In this case, the tester only has the company’s website name, www.digi.ninja, which does not provide a complete picture of the environment, making it more aligned with an unknown environment for testing.
Question 65Skipped
Company users report being redirected to a competitor’s website after entering a specific website name. However, upon investigation, it is found that they are not typing the correct address. Which of the following BEST describes this situation?
Watering hole
Explanation
Watering hole attacks involve attackers compromising a website that is frequently visited by the target organization’s employees. The attackers then inject malicious code into the website to redirect users to a malicious site. This is not the case in the scenario described, as users are not being redirected from a compromised website.
Brand impersonation
Explanation
Brand impersonation refers to attackers creating fake websites or emails that mimic a legitimate brand to deceive users into providing sensitive information. In this scenario, users are not being tricked by a fake website, but rather making typographical errors when entering the website address.
Correct answer
Typosquatting
Explanation
Typosquatting, also known as URL hijacking, involves registering domain names that are similar to popular websites with the intention of capturing traffic from users who make typographical errors when entering the website address. This accurately describes the situation where users are being redirected to a competitor’s website due to entering the wrong address.
Pretexting
Explanation
Pretexting is a social engineering technique where attackers create a false scenario to manipulate individuals into providing confidential information. This does not apply to the scenario described, where users are simply making mistakes when typing a website address.
Question 66Skipped
A cybersecurity team detects a highly sophisticated and well-funded cyberattack targeting critical infrastructure. The attack involves zero-day exploits, advanced persistent threats (APTs), and extensive reconnaissance efforts. Which of the following BEST describes this threat?
Hacktivist
Explanation
Hacktivists are individuals or groups who use hacking techniques to promote a social or political agenda. They typically do not have the resources or capabilities to carry out highly sophisticated and well-funded cyberattacks targeting critical infrastructure. This choice does not accurately describe the threat scenario involving zero-day exploits, APTs, and extensive reconnaissance efforts.
Correct answer
Nation-state
Explanation
A nation-state threat refers to cyberattacks carried out by a government or state-sponsored entity. These threats are often highly sophisticated, well-funded, and strategically targeted at critical infrastructure or sensitive information. The use of zero-day exploits, APTs, and extensive reconnaissance efforts align with the characteristics of a nation-state threat, making this choice the best description of the scenario.
Insider threat
Explanation
An insider threat involves individuals within an organization who misuse their access to cause harm, steal data, or disrupt operations. While insider threats can be sophisticated and damaging, the scenario described in the question involves external actors utilizing advanced techniques and resources beyond the capabilities of an insider threat.
Organized crime
Explanation
Organized crime groups engage in cybercrime activities for financial gain, such as stealing personal information, conducting ransomware attacks, or selling stolen data on the dark web. While organized crime can pose significant cybersecurity threats, the level of sophistication, resources, and strategic targeting described in the question align more closely with a nation-state threat rather than an organized crime group.
Question 67Skipped
A penetration tester is scanning an organization’s network using specialized tools to identify open ports, running services, and potential vulnerabilities. The tester interacts with the target systems to gather information. Which of the following BEST describes this approach?
Unknown environment
Explanation
An unknown environment refers to a situation where the penetration tester has limited or no prior knowledge about the target systems, network architecture, or security controls in place. In this scenario, the tester is exploring the network to gather information and identify potential vulnerabilities.
Passive reconnaissance
Explanation
Passive reconnaissance involves gathering information about the target systems and network without directly interacting with them. This can include collecting publicly available information, analyzing network traffic, or monitoring communication channels to gain insights without alerting the target organization.
Known environment
Explanation
A known environment implies that the penetration tester has prior knowledge or access to information about the target systems, network configuration, or security measures in place. This can include insider information, documentation, or previous assessments that provide a baseline for the testing activities.
Correct answer
Active reconnaissance
Explanation
Active reconnaissance involves actively interacting with the target systems to gather information, identify open ports, running services, and potential vulnerabilities. This approach may include using specialized tools to scan the network, probing systems for weaknesses, and attempting to exploit security gaps to assess the overall security posture of the organization.
Question 68Skipped
A startup firm is considering how many employees to hire at the beginning of the month while staying within its limited budget. Which of the following BEST describes the firm’s approach?
Gap analysis
Explanation
Gap analysis involves assessing the current state and identifying the desired future state to determine the gaps that need to be addressed. It is typically used to analyze discrepancies in processes, performance, or capabilities, rather than determining the number of employees to hire within a budget constraint.
Tabletop
Explanation
Tabletop exercises are simulations of potential cybersecurity incidents or scenarios where participants discuss their responses and actions. This approach is not related to determining the number of employees to hire within a budget constraint at the beginning of the month.
SCAP
Explanation
Security Content Automation Protocol (SCAP) is a standard for automating vulnerability management, measurement, and policy compliance evaluation. It is not directly related to determining the number of employees to hire within a budget constraint for a startup firm.
Correct answer
Capacity planning
Explanation
Capacity planning involves forecasting the resources needed to meet future demand, such as determining the number of employees required to support business operations within budget constraints. This approach aligns with the startup firm’s consideration of how many employees to hire at the beginning of the month while staying within its limited budget.
Question 69Skipped
Two companies have shared their private keys with a third party, allowing them to decrypt the information at any time. Which term best describes how these keys are stored?
RA
Explanation
RA stands for Registration Authority, which is responsible for verifying the identity of individuals or entities before issuing digital certificates. It is not directly related to storing private keys for decryption purposes.
CSR
Explanation
CSR stands for Certificate Signing Request, which is a message sent from an applicant to a Certificate Authority (CA) to apply for a digital certificate. It does not involve storing private keys for decryption purposes.
Correct answer
Escrow
Explanation
Escrow is the correct term for storing private keys with a third party for decryption purposes. This allows the third party to access the keys in case of emergencies or legal requirements.
OCSP
Explanation
OCSP stands for Online Certificate Status Protocol, which is used to check the validity of digital certificates. It is not related to storing private keys for decryption purposes.
Question 70Skipped
Which of the following describes an attack where an attacker tries a set of passwords on one account before moving to the next account in an attempt to find a valid password?
Brute-force
Explanation
Brute-force attacks involve trying all possible combinations of passwords until the correct one is found. This is different from the scenario described in the question where the attacker tries a set of passwords on one account before moving to the next.
Correct answer
Spraying
Explanation
Spraying attacks involve trying a small set of commonly used passwords across multiple accounts before moving on to the next set of passwords. This aligns with the description provided in the question where the attacker tries a set of passwords on one account before moving to the next.
XSS
Explanation
XSS (Cross-Site Scripting) attacks involve injecting malicious scripts into web pages viewed by other users. This type of attack is not related to trying a set of passwords on multiple accounts as described in the question.
Birthday attack
Explanation
Birthday attacks involve finding two different inputs that produce the same hash output. This type of attack is not related to trying a set of passwords on multiple accounts as described in the question.
Question 71Skipped
A company aims to go beyond traditional detection software to defend against the latest advanced persistent threats. The solution must incorporate automation and behavior-based analytics. Which of the following BEST describes this security solution?
SCAP
Explanation
SCAP (Security Content Automation Protocol) is a set of standards that provide a way to automatically identify, measure, and standardize security configurations. While SCAP can help with automation, it does not specifically focus on behavior-based analytics or advanced persistent threats.
EDR
Explanation
EDR (Endpoint Detection and Response) solutions focus on detecting and responding to security incidents on endpoints. While EDR solutions can provide some level of automation and behavior-based analytics, they are primarily focused on endpoint security and may not be as comprehensive as the solution described in the question.
SELinux
Explanation
SELinux (Security-Enhanced Linux) is a security module that provides access control security policies. While SELinux can enhance security by enforcing mandatory access controls, it does not specifically address the need for automation and behavior-based analytics to defend against advanced persistent threats.
Correct answer
XDR
Explanation
XDR (Extended Detection and Response) is a security solution that goes beyond traditional endpoint detection and response (EDR) tools by incorporating automation, behavior-based analytics, and visibility across multiple security layers. XDR is designed to provide a more holistic approach to security that can help defend against advanced persistent threats.
Question 72Skipped
The Chief Information Officer of MarkdeMoras Corporation received a link asking them to "click here." After clicking the link, staff members began receiving strange emails appearing to come from the CIO. Which of the following is being described?
Phishing
Explanation
Phishing typically involves sending deceptive emails or messages to individuals in order to trick them into revealing sensitive information such as login credentials or personal details. In this scenario, the CIO receiving a suspicious link and staff members receiving strange emails after clicking the link aligns more with the concept of phishing.
Correct answer
Business email compromise
Explanation
Business email compromise (BEC) involves unauthorized access to a business email account for the purpose of conducting fraudulent activities. In this case, the CIO’s email account may have been compromised, leading to the sending of strange emails to staff members. This aligns with the description provided in the question.
Watering hole
Explanation
Watering hole attacks involve targeting a specific group of individuals by compromising websites they are likely to visit. This scenario does not match the description given in the question, as there is no mention of a compromised website or specific group being targeted.
Impersonation
Explanation
Impersonation involves pretending to be someone else in order to deceive individuals. While the strange emails appearing to come from the CIO may involve impersonation, the initial action of clicking a suspicious link and the subsequent emails being sent align more closely with the concept of business email compromise.
Question 73Skipped
An organization is deploying data loss prevention and other automation-based solutions to restrict users from deleting files that contain sensitive information. Which of the following BEST describes this implementation?
Correct answer
Guard rails
Explanation
Guard rails are automated solutions that restrict users from taking certain actions, such as deleting files containing sensitive information. They act as a safety mechanism to prevent accidental or intentional data loss, providing an additional layer of security for the organization’s data.
EDR
Explanation
EDR (Endpoint Detection and Response) solutions focus on detecting and responding to security incidents on endpoints. While they may have some capabilities related to file deletion prevention, they are not specifically designed to restrict users from deleting files containing sensitive information.
XDR
Explanation
XDR (Extended Detection and Response) solutions integrate multiple security products to provide a more comprehensive view of security incidents across different platforms and environments. While they may include features related to data loss prevention, they are not specifically focused on restricting users from deleting files containing sensitive information.
Permission restrictions
Explanation
Permission restrictions refer to controlling access to files and resources based on user permissions. While this is an important aspect of data security, it does not specifically address the implementation of automated solutions to restrict users from deleting files containing sensitive information.
Question 74Skipped
An authorized individual discovers a vulnerability in a Django-based platform but does not intend to exploit it. Instead, they report the issue to the company. Which of the following BEST describes this process?
Privilege escalation
Explanation
Privilege escalation refers to the act of exploiting a vulnerability to gain unauthorized access to resources that are normally restricted. In this scenario, the individual is not attempting to exploit the vulnerability for personal gain but is instead reporting it to the company, so privilege escalation does not apply.
Risk reporting
Explanation
Risk reporting involves identifying and communicating potential risks or vulnerabilities to relevant stakeholders within an organization. While the individual in this scenario is reporting a vulnerability, the term "risk reporting" typically refers to internal processes within an organization, not to external reporting of vulnerabilities.
Correct answer
Bug bounty program
Explanation
A bug bounty program is a formal initiative offered by organizations to incentivize individuals to report security vulnerabilities in their systems or software. Participants who responsibly disclose vulnerabilities are often rewarded with monetary compensation or recognition. In this case, the individual is reporting a vulnerability in a responsible manner, making bug bounty program the most appropriate description of the process.
OSINT
Explanation
OSINT (Open Source Intelligence) refers to the collection and analysis of information from publicly available sources to gather intelligence. While reporting a vulnerability may involve gathering information, OSINT specifically focuses on intelligence gathering from open sources, which is not the primary activity in this scenario.
Question 75Skipped
Please fill the blank field(s) in the statement with the right words.
DLP ensures sensitive data can’t be transmitted outside an organization through data loss __
Correct answer
prevention
Explanation
DLP ensures sensitive data can’t be transmitted outside an organization through data loss prevention/protection.
Question 76Skipped
An organization would like a way to continue business if a disaster occurs. All employees should be able to perform their jobs from home. Which of the following BEST describes this scenario?
Stakeholders
Explanation
Stakeholders are individuals or groups who have an interest in the organization and are affected by its actions. While stakeholders may be involved in decision-making processes related to business continuity, they are not directly related to ensuring that employees can work from home in the event of a disaster.
Incident response
Explanation
Incident response refers to the processes and procedures put in place to address and manage security incidents when they occur. While incident response may be part of the overall business continuity plan, it does not specifically address the need for employees to work from home in the event of a disaster.
Disaster recovery plan
Explanation
A disaster recovery plan outlines the steps and procedures to recover and restore critical systems and operations after a disaster. While important for overall business continuity, a disaster recovery plan does not specifically address the need for all employees to be able to work from home in the event of a disaster.
Correct answer
Continuity of operations
Explanation
Continuity of operations (COOP) refers to the ability of an organization to continue essential functions and operations during and after a disaster or emergency. In this scenario, ensuring that all employees can work from home in the event of a disaster aligns with the goal of maintaining continuity of operations.
Question 77Skipped
A user verifies a file’s integrity by generating a checksum for both files and confirming they produce the same output. Which of the following BEST describes the user’s actions?
E-discovery
Explanation
E-discovery refers to the process of identifying, collecting, and producing electronically stored information (ESI) for legal purposes, such as in litigation or investigations. It is not directly related to verifying file integrity through checksum generation.
Correct answer
Hashing
Explanation
Hashing is the correct choice as it refers to the process of generating a fixed-size string of characters (checksum) from data using a cryptographic hash function. By comparing the checksums of two files, a user can verify their integrity and ensure they have not been tampered with.
Chain of custody
Explanation
Chain of custody is a legal concept that refers to the chronological documentation or paper trail showing the seizure, custody, control, transfer, analysis, and disposition of physical or electronic evidence. It is not directly related to verifying file integrity through checksum generation.
Legal hold
Explanation
Legal hold is a process that an organization uses to preserve all forms of relevant information when litigation is reasonably anticipated. It is not directly related to verifying file integrity through checksum generation.
Question 78Skipped
A company wants to ensure the authenticity and integrity of documents sent via email. The solution must allow recipients to verify that the document has not been altered and confirms the sender’s identity. Which of the following BEST describes this solution?
Hashing
Explanation
Hashing is a method used to generate a fixed-size output (hash value) from an input data. While hashing can ensure data integrity by detecting changes in the document, it does not provide authentication of the sender’s identity, which is a requirement in this scenario.
Symmetric encryption
Explanation
Symmetric encryption is a method where the same key is used for both encryption and decryption of data. While symmetric encryption can protect the confidentiality of the document, it does not provide a way for recipients to verify the sender’s identity or ensure the integrity of the document.
Correct answer
Digital signatures
Explanation
Digital signatures use asymmetric encryption to provide both authentication and integrity of the document. The sender uses their private key to sign the document, and the recipient can verify the signature using the sender’s public key. This ensures that the document has not been altered and confirms the sender’s identity, making it the best solution for the scenario described.
Steganography
Explanation
Steganography is the practice of concealing messages or information within other non-secret data. While steganography can be used to hide the existence of the document itself, it does not provide a way for recipients to verify the integrity of the document or confirm the sender’s identity.
Question 79Skipped
A cloud security engineer is leveraging automation to receive updates on newly infected websites. Which of the following are key benefits of using automation and orchestration to efficiently handle repetitive tasks? (Choose three.)
Single point of failure
Explanation
Single point of failure is not a key benefit of using automation and orchestration. In fact, automation and orchestration help eliminate single points of failure by distributing tasks across multiple systems and ensuring redundancy.
Correct selection
Resource provisioning
Explanation
Resource provisioning is a key benefit of using automation and orchestration as it allows for the efficient allocation and management of resources, such as servers, storage, and networking components, based on predefined rules and policies.
Correct selection
Ticket escalation
Explanation
Ticket escalation is a key benefit of using automation and orchestration as it streamlines the process of escalating and resolving issues by automatically routing tickets to the appropriate teams or individuals based on predefined criteria.
Complexity
Explanation
Complexity is not a key benefit of using automation and orchestration. While automation and orchestration can help simplify and streamline complex processes, the goal is to reduce complexity and improve efficiency.
Correct selection
Continuous integration (CI)
Explanation
Continuous integration (CI) is a key benefit of using automation and orchestration as it enables the automated integration of code changes into a shared repository, allowing for faster development cycles and improved collaboration among team members.
Ongoing supportability
Explanation
Ongoing supportability is not a key benefit of using automation and orchestration. While automation and orchestration can improve the overall supportability of systems by automating repetitive tasks, the primary focus is on efficiency and scalability.
Question 80Skipped
An authorized hacker is conducting an attack on a company’s website. The hacker enters the following URL into the search bar: companywebsitename.com../../../../../../../etc/shadow. Which of the following types of attacks is being executed?
Reflected DDoS
Explanation
Reflected DDoS is a type of distributed denial-of-service attack where the attacker sends a large volume of traffic to a target website through multiple sources to overwhelm its resources. It is not related to the specific URL manipulation seen in this scenario.
Pass the hash
Explanation
Pass the hash is a technique used to authenticate to a system using the hash of the user’s password instead of the actual password. It is not related to the manipulation of directory traversal seen in the URL provided by the hacker.
SQL injection
Explanation
SQL injection is a type of attack where malicious SQL statements are inserted into an entry field for execution. It is not related to the manipulation of directory traversal seen in the URL provided by the hacker.
Correct answer
Directory traversal
Explanation
Directory traversal is a type of attack where an attacker tries to access files and directories that are outside the web server’s root directory. In this scenario, the hacker is attempting to access the sensitive file "/etc/shadow" by manipulating the URL with "../" sequences to navigate up the directory structure. This is a classic example of a directory traversal attack.
Question 81Skipped
A company is seeking a backup solution for disaster recovery and wants the data to be accessible at all times independent of location. Which of the following would best meet this requirement?
UPS
Explanation
A UPS (Uninterruptible Power Supply) is a device that provides emergency power to a load when the input power source fails. While a UPS can help maintain power during short outages, it is not a backup solution for disaster recovery that ensures data accessibility independent of location.
Snapshot
Explanation
A snapshot is a point-in-time copy of data that can be used for backup purposes. While snapshots can be helpful for data recovery, they are typically stored locally and may not provide the level of accessibility and location independence required for disaster recovery.
Generator
Explanation
A generator is a device that can provide backup power during extended outages or disasters. While a generator can help maintain power and keep systems running, it does not address the requirement of data accessibility independent of location for disaster recovery.
Correct answer
Cloud
Explanation
Cloud storage solutions offer the ability to store data remotely on servers maintained by a third-party provider. Cloud storage allows for data accessibility from anywhere with an internet connection, making it an ideal choice for disaster recovery scenarios where data needs to be available at all times independent of location.
Question 82Skipped
A cybersecurity company has sent drives to a data destruction company for disposal. The cybersecurity company requested documentation confirming that all data was completely erased from one of the destroyed drives. Which of the following BEST describes this documentation?
Sanitization
Explanation
Sanitization refers to the process of removing data from a storage device, making it unrecoverable. While this process is related to data erasure, it does not specifically address the documentation requested by the cybersecurity company for confirmation of data erasure on the destroyed drive.
Correct answer
Certification
Explanation
Certification is the correct choice as it refers to the documentation provided by the data destruction company confirming that all data on the destroyed drive has been completely erased. This documentation serves as proof that the data destruction process was successfully completed according to the cybersecurity company’s requirements.
Data retention
Explanation
Data retention is the practice of storing data for a specific period of time based on legal, regulatory, or business requirements. It is not directly related to the documentation requested by the cybersecurity company to confirm data erasure on the destroyed drive.
Destruction
Explanation
Destruction refers to the physical destruction of a storage device to ensure that data cannot be recovered. While the destroyed drive is part of the process, the documentation requested by the cybersecurity company specifically focuses on confirming that all data on the destroyed drive was completely erased, which is different from physical destruction.
Question 83Skipped
A password policy states that users cannot use the same password across multiple accounts. Which of the following BEST describes this policy?
Age
Explanation
Age refers to the length of time a password is valid before it must be changed. It does not relate to the concept of users not being able to use the same password across multiple accounts.
Expiration
Explanation
Expiration refers to the period after which a password must be changed. While it is related to password security, it does not specifically address the issue of users using the same password across multiple accounts.
Correct answer
Reuse
Explanation
Reuse is the correct choice as it directly addresses the policy of users not being allowed to use the same password across multiple accounts. This policy aims to enhance security by preventing the potential compromise of multiple accounts with a single password.
Account lockout
Explanation
Account lockout refers to the security measure that locks a user out of their account after a certain number of failed login attempts. While it is an important security feature, it is not directly related to the policy of users not being able to reuse the same password across multiple accounts.
Question 84Skipped
An organization wants to lower the cost of a website certificate and will only use it for communication with devices on the internal network. Which of the following BEST fulfills the organization’s needs?
Correct answer
Self-signed
Explanation
A self-signed certificate is a cost-effective option for internal network communication as it is generated by the organization itself without the need for a third-party Certificate Authority (CA). While it may not provide the same level of trust as a CA-signed certificate, it is suitable for internal use and can fulfill the organization’s needs to lower costs.
OCSP
Explanation
OCSP (Online Certificate Status Protocol) is used to check the validity of a certificate issued by a Certificate Authority. It is not directly related to lowering the cost of a website certificate or fulfilling the organization’s need for internal network communication. Therefore, it is not the best option in this scenario.
Root of trust
Explanation
Root of trust refers to the trust established by a CA at the root level of the certificate chain. While it is essential for validating the authenticity of certificates, it does not directly address the organization’s goal of lowering the cost of a website certificate for internal network communication. Therefore, it is not the best choice in this situation.
802.1X
Explanation
802.1X is a network access control protocol that provides authentication and authorization for devices trying to connect to a network. While it is important for securing network access, it is not directly related to lowering the cost of a website certificate or fulfilling the organization’s specific need for internal network communication. Therefore, it is not the best option in this scenario.
Question 85Skipped
A security administrator wants to isolate a network from the rest of the organization, designating it exclusively for VoIP traffic. Which of the following would provide this capability?
Screened subnet
Explanation
A screened subnet, formally known as a DMZ (Demilitarized Zone) is a network segment that sits between an organization’s internal network and an external network, typically the internet. It is used to host services that need to be accessible from the internet while keeping them separate from the internal network. It is not designed to segment internal network traffic for specific purposes like VOIP traffic.
VPN
Explanation
A VPN (Virtual Private Network) is a technology that allows users to securely connect to a private network over the internet. While it provides secure communication over the internet, it does not inherently segment network traffic within an organization for specific purposes like VOIP traffic.
Zero-trust
Explanation
Zero-trust is a security model that assumes no trust, even within the internal network, and requires verification for every user and device trying to access resources. While it enhances security by implementing strict access controls, it does not specifically address network segmentation for VOIP traffic.
Correct answer
VLAN
Explanation
VLAN (Virtual Local Area Network) is a method of segmenting a physical network into multiple logical networks. By creating separate VLANs for different types of traffic, such as VOIP traffic in this case, network administrators can control and prioritize traffic flow, enhancing security and performance. VLANs provide the functionality needed to segment a network for specific purposes like VOIP traffic.
Question 86Skipped
An organization is seeking a technology that can proactively detect and prevent threats on its network. Which of the following BEST describes the technology being used?
Correct answer
Inline
Explanation
Inline technology operates in real-time and actively inspects network traffic as it passes through the system. It can detect and prevent threats by analyzing the content of the traffic and taking immediate action to block malicious activity, making it an effective proactive security measure.
Behavior-based
Explanation
Behavior-based technology focuses on analyzing the behavior of users, applications, and devices on the network to detect anomalies or suspicious activities. While behavior-based solutions can be proactive in identifying potential threats based on deviations from normal behavior, they may not always be as immediate or real-time as inline technologies.
Signatures
Explanation
Signature-based technology relies on predefined patterns or signatures of known threats to detect and prevent malicious activity. While signature-based solutions are effective at identifying known threats, they may not be as proactive in detecting new or evolving threats that do not have existing signatures.
IDS
Explanation
An intrusion detection system (IDS) passively monitors network traffic for suspicious activity and alerts administrators to potential security incidents. While IDS can be a valuable tool for detecting threats, it is not as proactive as inline technologies that actively block malicious activity in real-time.
Question 87Skipped
A security analyst discovers that two different files produce the same output when processed through a cryptographic hashing algorithm. Which of the following BEST describes this issue?
Replay
Explanation
Replay attacks involve the interception and retransmission of data to gain unauthorized access. This issue occurs when an attacker captures data and reuses it to impersonate a legitimate user. It is not related to the scenario where two different files produce the same output in a cryptographic hashing algorithm.
Correct answer
Collision
Explanation
A collision occurs when two different inputs produce the same output in a cryptographic hashing algorithm. This issue can lead to security vulnerabilities as it undermines the integrity and authenticity of the data. It is the most appropriate description for the scenario described in the question.
Birthday
Explanation
The birthday attack is a type of cryptographic attack that exploits the birthday paradox to find collisions in hash functions more efficiently than a brute-force approach. While collisions are involved in both scenarios, the birthday attack specifically refers to a technique used to exploit collision vulnerabilities.
Amplified DDoS
Explanation
An Amplified DDoS (Distributed Denial of Service) attack involves amplifying the volume of traffic sent to a target, overwhelming its resources and causing a denial of service. This type of attack is not related to the scenario where two different files produce the same output in a cryptographic hashing algorithm.
Question 88Skipped
An organization wants to assess the technical competencies of its employees by sending out phishing emails. Which of the following BEST describes the activity being performed?
Business email compromise
Explanation
Business email compromise typically involves a cybercriminal gaining unauthorized access to a business email account to conduct fraudulent activities, such as wire transfer scams. It is not related to the scenario described in the question, which involves assessing employee competencies through phishing emails.
Correct answer
Simulation
Explanation
Simulation accurately describes the activity being performed in the scenario. By sending out phishing emails to employees, the organization is simulating a real-world phishing attack to test their awareness and response to such threats. This helps in evaluating the technical competencies of the employees in recognizing and handling phishing attempts.
Tabletop exercises
Explanation
Tabletop exercises involve scenario-based discussions to practice an organization’s response to various cybersecurity incidents, such as data breaches or ransomware attacks. While tabletop exercises are valuable for testing incident response plans, they are not directly related to the specific activity of sending out phishing emails to assess employee competencies.
Smishing
Explanation
Smishing refers to phishing attacks conducted through SMS or text messages. In the scenario described, the organization is using email as the medium to assess employee competencies, not text messages. Therefore, smishing is not the most accurate description of the activity being performed.
Question 89Skipped
A technician is assessing an organization’s layout to determine optimal locations for wireless access points (WAPs), after which they will install the wireless devices. Which of the following BEST describes this process?
Heat map
Explanation
A heat map is a visual representation of data where values are depicted by colors. While heat maps can be used in wireless network planning to visualize signal strength and coverage, they are not specifically related to assessing optimal locations for WAPs.
WPA3
Explanation
WPA3 (Wi-Fi Protected Access 3) is a security protocol designed to secure Wi-Fi networks. It is not directly related to the process of assessing and determining optimal locations for WAPs in an organization’s layout.
802.1X
Explanation
802.1X is a standard for port-based network access control that provides authentication to devices trying to connect to a network. It is not related to the process of assessing and determining optimal locations for WAPs in an organization’s layout.
Correct answer
Site survey
Explanation
A site survey is the process of assessing an organization’s layout to determine the best locations for wireless access points (WAPs) based on factors such as signal strength, coverage, interference, and user requirements. This process helps ensure optimal wireless network performance and coverage.
Question 90Skipped
After experiencing a ransomware attack, an organization seeks to implement a reliable backup solution. Which of the following BEST describes this control?
Compensating
Explanation
Compensating controls are put in place to mitigate risks that cannot be fully addressed by primary controls. They do not directly relate to implementing a reliable backup solution after a ransomware attack.
Deterrent
Explanation
Deterrent controls are designed to discourage potential attackers from targeting an organization. While implementing a reliable backup solution may deter attackers to some extent, it is not the primary purpose of this control.
Correct answer
Corrective
Explanation
Corrective controls are implemented to address the aftermath of a security incident, such as a ransomware attack. Implementing a reliable backup solution is a key corrective control to restore data and systems in case of an attack.
Technical
Explanation
Technical controls are security measures that are implemented using technology, such as firewalls, encryption, and access controls. While a reliable backup solution may involve technical components, simply labeling it as a technical control does not fully capture its purpose in the context of recovering from a ransomware attack.
