Skip to main content
CertKiller44Sure
Home
Dashboard
My courses
Quiz #5
Security+
TestPrep
Quiz #5
Status Finished
Started Thursday, 10 April 2025, 8:49 PM
Completed Thursday, 10 April 2025, 9:32 PM
Duration 42 mins 35 secs
Marks 32.50/44.00
Grade 73.86 out of 100.00
Question 1
Correct
Which of the following should a security administrator adhere to when setting up a new set of firewall rules?
Question 1
A.
Disaster recovery plan
B.
Incident response procedure
C.
Business continuity plan
D.
Change management procedure
Feedback
The correct answer is: Change management procedure
Question 2
Correct
An organization would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network. Which of the following should the administrator use to accomplish this goal?
Question 2
A.
Segmentation
B.
Isolation
C.
Patching
D.
Encryption
Feedback
The correct answer is: Segmentation
Question 3
A company is expanding its threat surface program and allowing individuals to security test the company’s internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?
Question 3
A.
Open-source intelligence
B.
Bug bounty
C.
Red team
D.
Penetration testing
Feedback
The correct answer is: Bug bounty
Question 4
Correct
Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?
Question 4
A.
Insider
B.
Unskilled attacker
C.
Nation-state
D.
Hacktivist
Feedback
The correct answer is: Nation-state
Question 5
Correct
Which of the following enables the use of an input field to run commands that can view or manipulate data?
Question 5
A.
Cross-site scripting
B.
Side loading
C.
Buffer overflow
D.
SQL injection
Feedback
The correct answer is: SQL injection
Question 6
Correct
Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day-to-day work activities?
Question 6
A.
Encrypted
B.
Intellectual property
C.
Critical
D.
Data in transit
Feedback
The correct answer is: Intellectual property
Question 7
Partially correct
Mark 0.50 out of 1.00
Remove flag
A company has begun labeling all laptops with asset inventory stickers and associating them with employee IDs. Which of the following security benefits do these actions provide? (Select TWO).
Question 7Select one or more:
A.
If a security incident occurs on the device, the correct employee can be notified.
B.
The security team will be able to send user awareness training to the appropriate device.
C.
Users can be mapped to their devices when configuring software MFA tokens.
D.
User-based firewall policies can be correctly targeted to the appropriate laptops.
E.
When conducting penetration testing, the security team will be able to target the desired laptops.
F.
Company data can be accounted for when the employee leaves the organization.
Feedback
The correct answers are: If a security incident occurs on the device, the correct employee can be notified., Company data can be accounted for when the employee leaves the organization.
Question 8
Correct
A technician wants to improve the situational and environmental awareness of existing users as they transition from remote to in-office work. Which of the following is the best option?
Question 8
A.
Send out periodic security reminders.
B.
Update the content of new hire documentation.
C.
Modify the content of recurring training.
D.
Implement a phishing campaign
Feedback
The correct answer is: Modify the content of recurring training.
Question 9
A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors. Which of the following should the systems administrator use?
Question 9
A.
Packet captures
B.
Vulnerability scans
C.
Metadata
D.
Dashboard
Feedback
The correct answer is: Dashboard
Question 10
Correct
A systems administrator receives the following alert from a file integrity monitoring tool: The hash of the cmd.exe file has changed. The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?
Question 10
A.
The end user changed the file permissions.
B.
A cryptographic collision was detected.
C.
A snapshot of the file system was taken.
D.
A rootkit was deployed.
Feedback
The correct answer is: A rootkit was deployed.
Question 11
Which of the following roles, according to the shared responsibility model, is responsible for securing the company’s database in an IaaS model for a cloud environment?
Question 11
A.
Client
B.
Third-party vendor
C.
Cloud provider
D.
DBA
Feedback
The correct answer is: Client
Question 12
Correct
A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following documents should the company provide to the client?
Question 12
A.
MSA
B.
SLA
C.
BPA
D.
SOW
Feedback
The correct answer is: SOW
Question 13
Correct
Which of the following is used to quantitatively measure the criticality of a vulnerability?
Question 13
A.
CVE
B.
CVSS
C.
CIA
D.
CERT
Feedback
The correct answer is: CVSS
Question 14
Correct
A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings indicated that a web application form field is vulnerable to cross-site scripting. Which of the following application security techniques should the security analyst recommend the developer implement to prevent this vulnerability?
Question 14
A.
Secure cookies
B.
Version control
C.
Input validation
D.
Code signing
Feedback
The correct answer is: Input validation
Question 15
Remove flag
Which of the following must be considered when designing a high-availability network? (Select TWO).
Question 15Select one or more:
A.
Ease of recovery
B.
Ability to patch
C.
Physical isolation
D.
Responsiveness
E.
Attack surface
F.
Extensible authentication
Feedback
The correct answers are: Ease of recovery, Attack surface
Question 16
Correct
A technician needs to apply a high-priority patch to a production system. Which of the following steps should be taken first?
Question 16
A.
Air gap the system.
B.
Move the system to a different network segment.
C.
Create a change control request.
D.
Apply the patch to the system.
Feedback
The correct answer is: Create a change control request.
Question 17
Correct
Which of the following describes the reason root cause analysis should be conducted as part of incident response?
Question 17
A.
To gather loCs for the investigation
B.
To discover which systems have been affected
C.
To eradicate any trace of malware on the network
D.
To prevent future incidents of the same nature
Feedback
The correct answer is: To prevent future incidents of the same nature
Question 18
Correct
Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?
Question 18
A.
Fines
B.
Audit findings
C.
Sanctions
D.
Reputation damage
Feedback
The correct answer is: Fines
Question 19
Correct
A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?
Question 19
A.
Capacity planning
B.
Redundancy
C.
Geographic dispersion
D.
Tablet exercise
Feedback
The correct answer is: Capacity planning
Question 20
Correct
A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?
Question 20
A.
Data masking
B.
Encryption
C.
Geolocation policy
D.
Data sovereignty regulation
Feedback
The correct answer is: Geolocation policy
Question 21
Correct
Which of the following is a hardware-specific vulnerability?
Question 21
A.
Firmware version
B.
Buffer overflow
C.
SQL injection
D.
Cross-site scripting
Feedback
The correct answer is: Firmware version
Question 22
Correct
While troubleshooting a firewall configuration, a technician determines that a ”deny any” policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable. Which of the following actions would prevent this issue?
Question 22
A.
Documenting the new policy in a change request and submitting the request to change management
B.
Testing the policy in a non-production environment before enabling the policy in the production network
C.
Disabling any intrusion prevention signatures on the ‘deny any* policy prior to enabling the new policy
D.
Including an ‘allow any1 policy above the ‘deny any* policy
Feedback
The correct answer is: Testing the policy in a non-production environment before enabling the policy in the production network
Question 23
Correct
A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?
Question 23
A.
Testing input validation on the user input fields
B.
Performing code signing on company-developed software
C.
Performing static code analysis on the software
D.
Ensuring secure cookies are use
Feedback
The correct answer is: Performing code signing on company-developed software
Question 24
Correct
A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?
Question 24
A.
Default credentials
B.
Non-segmented network
C.
Supply chain vendor
D.
Vulnerable software
Feedback
The correct answer is: Supply chain vendor
Question 25
Correct
Which of the following can be used to identify potential attacker activities without affecting production servers?
Question 25
A.
Honey pot
B.
Video surveillance
C.
Zero Trust
D.
Geofencing
Feedback
The correct answer is: Honey pot
Question 26
During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?
Question 26
A.
Analysis
B.
Lessons learned
C.
Detection
D.
Containment
Feedback
The correct answer is: Analysis
Question 27
A security practitioner completes a vulnerability assessment on a company’s network and finds several vulnerabilities, which the operations team remediates. Which of the following should be done next?
Question 27
A.
Conduct an audit.
B.
Initiate a penetration test.
C.
Rescan the network.
D.
Submit a report.
Feedback
The correct answer is: Rescan the network.
Question 28
Correct
An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device. Which of the following best describes the user’s activity?
Question 28
A.
Penetration testing
B.
Phishing campaign
C.
External audit
D.
Insider threat
Feedback
The correct answer is: Insider threat
Question 29
Which of the following allows for the attribution of messages to individuals?
Question 29
A.
Adaptive identity
B.
Non-repudiation
C.
Authentication
D.
Access logs
Feedback
The correct answer is: Non-repudiation
Question 30
Correct
Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?
Question 30
A.
Automation
B.
Compliance checklist
C.
Attestation
D.
Manual audit
Feedback
The correct answer is: Automation
Question 31
Correct
Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer’s PII?
Question 31
A.
SCAP
B.
Net Flow
C.
Antivirus
D.
DLP
Feedback
The correct answer is: DLP
Question 32
An organization recently updated its security policy to include the following statement: Regular expressions are included in source code to remove special characters such as $, |, ;. &, `, and ? from variables set by forms in a web application. Which of the following best explains the security technique the organization adopted by making this addition to the policy?
Question 32
A.
Identify embedded keys
B.
Code debugging
C.
Input validation
D.
Static code analysis
Feedback
The correct answer is: Input validation
Question 33
A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do?
Question 33
A.
Place posters around the office to raise awareness of common phishing activities.
B.
Implement email security filters to prevent phishing emails from being delivered
C.
Update the EDR policies to block automatic execution of downloaded programs.
D.
Create additional training for users to recognize the signs of phishing attempts.
Feedback
The correct answer is: Update the EDR policies to block automatic execution of downloaded programs.
Question 34
Correct
A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks. Which of the following analysis elements did the company most likely use in making this decision?
Question 34
A.
IMTTR
B.
RTO
C.
ARO
D.
MTBF
Feedback
The correct answer is: ARO
Question 35
Correct
Which of the following security concepts is the best reason for permissions on a human resources fileshare to follow the principle of least privilege?
Question 35
A.
Integrity
B.
Availability
C.
Confidentiality
D.
Non-repudiation
Feedback
The correct answer is: Confidentiality
Question 36
Correct
Which of the following is the most likely to be included as an element of communication in a security awareness program?
Question 36
A.
Reporting phishing attempts or other suspicious activities
B.
Detecting insider threats using anomalous behavior recognition
C.
Verifying information when modifying wire transfer data
D.
Performing social engineering as part of third-party penetration testing
Feedback
The correct answer is: Reporting phishing attempts or other suspicious activities
Question 37
Correct
After a recent ransomware attack on a company’s system, an administrator reviewed the log files. Which of the following control types did the administrator use?
Question 37
A.
Compensating
B.
Detective
C.
Preventive
D.
Corrective
Feedback
The correct answer is: Detective
Question 38
Correct
Which of the following agreement types defines the time frame in which a vendor needs to respond?
Question 38
A.
SOW
B.
SLA
C.
MOA
D.
MOU
Feedback
The correct answer is: SLA
Question 39
A Chief Information Security Officer wants to monitor the company’s servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?
Question 39
A.
Logging all NetFlow traffic into a SIEM
B.
Deploying network traffic sensors on the same subnet as the servers
C.
Logging endpoint and OS-specific security logs
D.
Enabling full packet capture for traffic entering and exiting the servers
Feedback
The correct answer is: Enabling full packet capture for traffic entering and exiting the servers
Question 40
A company is developing a critical system for the government and storing project information on a fileshare. Which of the following describes how this data will most likely be classified? (Select TWO).
A. Private
B. Confidential
C. Public
D. Operational
E. Urgent
F. Restricted
Feedback
The correct answers are: Confidential, Restricted
Question 41
After reviewing the following vulnerability scanning report:
Server:192.168.14.6
Service: Telnet
Port: 23
Protocol: TCP
Status: Open
Severity: High
Vulnerability: Use of an insecure network protocol
A security analyst performs the following test:
nmap -p 23 192.168.14.6 —script telnet-encryption
PORT STATE SERVICE REASON
23/tcp open telnet syn-ack
I telnet encryption:
| _ Telnet server supports ==encryption==
Which of the following would the security analyst conclude for this reported vulnerability?
A. It is a false positive
B. A rescan is required.
C. It is considered noise.
D. Compensating controls exist.
Feedback
The correct answer is: It is a false positive
Question 42
A security consultant needs secure, remote access to a client environment. Which of the following should the security consultant most likely use to gain access?
A. EAP
B. DHCP
C. IPSec
D. NAT
Feedback
The correct answer is: IPSec
Question 43
Which of the following best practices gives administrators a ==set period to perform changes to an operational system== to ensure availability and minimize business impacts?
A. Impact analysis
B. Scheduled downtime
C. Backout plan
D. Change management boards
Feedback
The correct answer is: Scheduled downtime
Question 44
Which of the following actions could a security engineer take to ensure workstations and servers are properly ==monitored for unauthorized changes== and software?
A. Configure all systems to log scheduled tasks.
B. Collect and monitor all traffic exiting the network.
C. Block traffic based on known malicious signatures.
D. Install endpoint management software on all systems.
Feedback
The correct answer is: Install endpoint management software on all systems.
