0% found this document useful (0 votes)

58 views

CompTIA Security Plus Practice Questions and Answers

CompTia Security + Questions and Answers latest and previous version 601

Uploaded by

Thokozani Ntshangase

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

58 views

CompTIA Security Plus Practice Questions and Answers

CompTia Security + Questions and Answers latest and previous version 601

Uploaded by

Thokozani Ntshangase

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 102

1

A user is attempting to navigate to a website from inside the company network using a desktop. When the user types in the URL, https://www.site.com, the user is
presented with a certiﬁcate mismatch warning from the browser. The user does not receive a warning when visiting http://www.anothersite.com. Which of the
following describes this attack?
A.On-path
B.Domain hijacking
C.DNS poisoning
D.Evil twin

Which of the following tools is effective in preventing a user from accessing unauthorized removable media?

A.USB data blocker

B.Faraday cage

C.Proximity reader

D.Cable lock

A Chief Security Officer is looking for a solution that can provide increased scalability and ﬂexibility for back-end infrastructure, allowing it to be
updated and modiﬁed without disruption to services. The security architect would like the solution selected to reduce the back-end server
resources and has highlighted that session persistence is not important for the applications running on the back-end servers. Which of the
following would BEST meet the requirements?

A.Reverse proxy

B.Automated patch management

C.Snapshots

D.NIC teaming

A security analyst is reviewing application logs to determine the source of a breach and locates the following log:
https://www.comptia.com/login.php?id='%20or%20'1'1='1Which of the following has been observed?

A.DLL Injection

B.API attack

C.SQLi

D.XSS
2

An audit identiﬁed PII being utilized in the development environment of a critical application. The Chief Privacy Officer (CPO) is adamant that this
data must be removed; however, the developers are concerned that without real data they cannot perform functionality tests and search for
speciﬁc data. Which of the following should a security professional implement to BEST satisfy both the CPO's and the development team's
requirements?

A.Data anonymization

B.Data encryption

C.Data masking

D.Data tokenization

A forensics investigator is examining a number of unauthorized payments that were reported on the company's website. Some unusual log entries
show users received an email for an unwanted mailing list and clicked on a link to attempt to unsubscribe. One of the users reported the email to
the phishing team, and the forwarded email revealed the link to be: <a
href="https://www.company.com/payto.do?routing=00001111&acct=22223334&amount=250">Click here to unsubscribe</a>Which of the
following will the forensics investigator MOST likely determine has occurred?

A.SQL injection

B.Broken authentication

C.XSS

D.XSRF

A.Data anonymization

B.Data encryption

C.Data masking

D.Data tokenization

A.SQL injection

B.Broken authentication

C.XSS

D.XSRF (XSRF (Cross-Site Request Forgery))

A company is implementing a DLP solution on the file server. The file server has PII, financial information, and health information stored on it.
Depending on what type of data that is hosted on the file server, the company wants different DLP rules assigned to the data. Which of the
following should the company do to help accomplish this goal?

A.Classify the data.

B.Mask the data.

C.Assign the application owner.

D.Perform a risk analysis.

A report delivered to the Chief Information Security Officer (CISO) shows that some user credentials could be exﬁltrated. The report also indicates
that users tend to choose the same credentials on different systems and applications. Which of the following policies should the CISO use to
prevent someone from using the exﬁltrated credentials?

A.MFA

B.Lockout

C.Time-based logins

D.Password history

A company wants to simplify the certiﬁcate management process. The company has a single domain with several dozen subdomains, all of which
are publicly accessible on the internet. Which of the following BEST describes the type of certiﬁcate the company should implement?

A.Subject alternative name

B.Wildcard

C.Self-signed

D.Domain validation

Explanation:

A Wildcard Certificate allows a single certificate to cover multiple subdomains of a domain. In this case, since the company has a single domain
with several dozen subdomains, a wildcard certificate would simplify the management by allowing a single certificate to cover all subdomains
under the main domain (e.g., *.example.com).

Which of the following is an effective tool to stop or prevent the exﬁltration of data from a network?

A.DLP

B.NIDS

C.TPM

D.FDE

A. DLP (Data Loss Prevention)

Explanation:

Data Loss Prevention (DLP) is a security tool specifically designed to monitor, detect, and prevent the unauthorized transfer or exfiltration of
sensitive data from a network. DLP can block or alert on actions that involve copying, sending, or uploading sensitive information, such as credit
card numbers, personal identifiable information (PII), or intellectual property, to unauthorized locations or external devices.
4

Several attempts have been made to pick the door lock of a secure facility. As a result, the security engineer has been assigned to implement a
stronger preventative access control. Which of the following would BEST complete the engineer's assignment?

A.Replacing the traditional key with an RFID key

B.Installing and monitoring a camera facing the door

C.Setting motion-sensing lights to illuminate the door on activity

D.Surrounding the property with fencing and gates

Explanation:

RFID (Radio Frequency Identiﬁcation) keys provide a more secure, controlled, and traceable method of access compared to traditional
mechanical keys. Replacing the traditional key with an RFID key would:

• Prevent lock-picking: Since RFID keys do not rely on physical locks, they cannot be picked like traditional door locks.

• Enable access control: RFID systems can provide detailed logs of who entered and when, improving the ability to track access and detect
suspicious behavior.

• Increase security: RFID systems can be paired with other methods like PINs or biometrics to create multi-factor authentication, adding
another layer of security.

Which of the following can be used by a monitoring tool to compare values and detect password leaks without providing the actual credentials?

A.Hashing

B.Tokenization

C.Masking

D.Encryption

A. Hashing

Explanation:

Hashing is a one-way cryptographic process that converts a password or other sensitive data into a ﬁxed-length string of characters, which is not
reversible. When used by monitoring tools, hashing allows the system to compare hashed versions of passwords (or other sensitive values)
without ever needing access to the actual credentials. This way, even if a password leak occurs, the actual password remains protected because
only the hash values are being stored and compared.

A security engineer is building a file transfer solution to send files to a business partner. The users would like to drop off the files in a specific
directory and have the server send the file to the business partner. The connection to the business partner is over the internet and needs to be
secure. Which of the following can be used?

A.S/MIME

B.LDAPS

C.SSH

D.SRTP

The correct answer is:

C. SSH

Explanation:

SSH (Secure Shell) is the most appropriate choice for securely transferring ﬁles over the internet. SSH provides a secure channel over an
unsecured network by using encryption, ensuring that the ﬁle transfer is protected during transmission.
5

An administrator needs to protect user passwords and has been advised to hash the passwords. Which of the following BEST describes what the
administrator is being advised to do?

A.Perform a mathematical operation on the passwords that will convert them into unique strings.

B.Add extra data to the passwords so their length is increased, making them harder to brute force.

C.Store all passwords in the system in a rainbow table that has a centralized location.

D.Enforce the use of one-time passwords that are changed for every login session.

Which of the following would be indicative of a hidden audio ﬁle found inside of a piece of source code?

A.Steganography

B.Homomorphic encryption

C.Cipher suite

D.Blockchain

A. Steganography

Explanation:

Steganography is the practice of hiding data within other data, often in ways that make it difficult to detect. In the context of this question,
steganography would involve embedding an audio ﬁle or other types of ﬁles (like images, text, or even audio) within a piece of source code, making
it hidden or obscured from casual inspection.

A user enters a username and a password at the login screen for a web portal. A few seconds later the following message appears on the
screen:Please use a combination of numbers, special characters, and letters in the password ﬁeld.Which of the following concepts does this
message describe?

A.Password complexity

B.Password reuse

C.Password history

D.Password age

The correct answer is:

A. Password complexity

Explanation:

The message "Please use a combination of numbers, special characters, and letters in the password ﬁeld" is requesting the user to create a
password that meets certain complexity
6

A company recently experienced an inside attack using a corporate machine that resulted in data compromise. Analysis indicated an unauthorized
change to the software circumvented technological protection measures. The analyst was tasked with determining the best method to ensure the
integrity of the systems remains intact and local and remote boot attestation can take place. Which of the following would provide the BEST
solution?

A.HIPS

B.FIM

C.TPM

D.DLP

C. TPM (Trusted Platform Module)

Explanation:

TPM (Trusted Platform Module) is a hardware-based security feature designed to ensure the integrity of systems and provide secure local and
remote boot attestation. TPM stores cryptographic keys, performs hardware-based encryption, and validates the integrity of the boot process. It
helps in ensuring that the system has not been tampered with during boot-up by performing attestation—a process where the TPM veriﬁes that the
software running on the system (including the BIOS and operating system) has not been altered in any unauthorized way.

Which of the following is a reason to publish ﬁles' hashes?

A.To validate the integrity of the ﬁles

B.To verify if the software was digitally signed

C.To use the hash as a software activation key

D.To use the hash as a decryption passphrase

A. To validate the integrity of the ﬁles

Explanation:

Publishing file hashes is primarily done to validate the integrity of the files. When a file's hash is calculated and published, users or systems can
later recompute the hash of the file they have and compare it with the published hash. If the hashes match, it indicates that the file has not been
altered, ensuring its integrity. This is commonly done for software downloads, security patches, or any critical files to ensure that they have not
been tampered with or corrupted.

A security manager has tasked the security operations center with locating all web servers that respond to an unsecure protocol. Which of the
following commands could an analyst run to ﬁnd the requested servers?

A.nslookup 10.10.10.0

B.nmap -p 80 10.10.10.0/24

C.pathping 10.10.10.0 -p 80

D.ne -l -p 80

B. nmap -p 80 10.10.10.0/24

Explanation:

nmap (Network Mapper) is a powerful tool used for network discovery and security auditing. The command nmap -p 80 10.10.10.0/24 is
speciﬁcally designed to scan port 80, which is commonly used for HTTP, the unencrypted (insecure) version of web traffic.

Which biometric error would allow an unauthorized user to access a system?

A.False acceptance

B.False entrance

C.False rejection

D.False denial

A. False acceptance

Explanation:

A false acceptance occurs when a biometric system incorrectly grants access to an unauthorized user. This is a type of error where the system
mistakenly accepts an individual's biometric input (such as a ﬁngerprint, facial scan, or iris scan) as valid, even though the person is not authorized
to access the system. This is a security risk, as it would allow an unauthorized user to bypass the biometric authentication and gain access.
7

A company is auditing the manner in which its European customers' personal information is handled. Which of the following should the company
consult?

A.GDPR

B.ISO

C.NIST

D.PCI DSS

A. GDPR

Explanation:

The General Data Protection Regulation (GDPR) is the regulation in the European Union (EU) that governs the processing of personal data of EU
citizens. It sets guidelines for the collection, storage, handling, and protection of personal information to ensure privacy rights are upheld. GDPR
applies to all companies that process personal data of individuals located in the EU, regardless of where the company itself is based.

Which of the following are common VoIP-associated vulnerabilities? (Choose two.)

A.SPIM

B.Vishing

C.Hopping

D.Phishing

E.Credential harvesting

F.Tailgating

B. Vishing
E. Credential harvesting

Explanation:

1. Vishing (Voice Phishing): This is a type of social engineering attack where attackers use voice calls (often over VoIP systems) to trick
individuals into disclosing sensitive information, such as personal or ﬁnancial details. Vishing is a signiﬁcant risk in VoIP systems since
attackers can easily spoof caller ID or use VoIP to make large volumes of calls at a low cost, targeting individuals or businesses.

2. Credential harvesting: This refers to the practice of collecting usernames, passwords, and other authentication information, often through
phishing, social engineering, or exploiting weaknesses in VoIP systems. VoIP systems, if improperly secured, can be vulnerable to such
attacks where attackers can gain access to user credentials, either through exploiting VoIP service ﬂaws or through phishing attempts
targeting VoIP users.

Which of the following describes the exploitation of an interactive process to gain access to restricted areas?

A.Persistence

B.Buffer overﬂow

C.Privilege escalation

D.Pharming

C. Privilege escalation

Explanation:

Privilege escalation refers to the exploitation of a vulnerability or ﬂaw in a system to gain higher-level permissions than originally granted. This can
involve an attacker moving from a lower-privileged user account to one with administrative or root access, allowing them to access restricted areas
or perform actions that would normally be prohibited.
8

An organization is planning to open other data centers to sustain operations in the event of a natural disaster. Which of the following
considerations would BEST support the organization's resiliency?

A.Geographic dispersal

B.Generator power

C.Fire suppression

D.Facility automation

A. Geographic dispersal

Explanation:

Geographic dispersal refers to the practice of distributing data centers across different geographic locations, often in different regions or
countries. This approach helps ensure that if one data center is affected by a natural disaster, such as a ﬂood, earthquake, or hurricane, the other
data centers are likely to remain operational. This strategy is critical for resiliency because it minimizes the impact of localized events and ensures
business continuity by maintaining operational capacity in alternative, unaffected locations.

A security engineer is deploying a new wireless network for a company. The company shares office space with multiple tenants. Which of the
following should the engineer conﬁgure on the wireless network to ensure that conﬁdential data is not exposed to unauthorized users?

A.EAP

B.TLS

C.HTTPS

D.AES

D. AES

Explanation:

When deploying a wireless network in an environment with multiple tenants, it's crucial to ensure that the wireless network is secure and that
conﬁdential data is protected from unauthorized access. AES (Advanced Encryption Standard) is the encryption protocol that should be
conﬁgured on the wireless network to protect data in transit.

The Chief Compliance Officer from a bank has approved a background check policy for all new hires. Which of the following is the policy MOST
likely protecting against?

A.Preventing any current employees' siblings from working at the bank to prevent nepotism

B.Hiring an employee who has been convicted of theft to adhere to industry compliance

C.Filtering applicants who have added false information to resumes so they appear better qualiﬁed

D.Ensuring no new hires have worked at other banks that may be trying to steal customer information

The background check policy is most likely protecting the bank from hiring individuals who have been convicted of theft or fraud in order to
ensure compliance with industry standards and avoid risks associated with insider threats, such as ﬁnancial crimes or theft.
9

Several employees received a fraudulent text message from someone claiming to be the Chief Executive Officer (CEO). The message stated:
“I’m in an airport right now with no access to email. I need you to buy gift cards for employee recognition awards. Please send the gift cards to
following email address.”
Which of the following are the best responses to this situation? (Choose two).

• A. Cancel current employee recognition gift cards.

• B. Add a smishing exercise to the annual company training. Most Voted

• C. Issue a general email warning to the company. Most Voted

• D. Have the CEO change phone numbers.

• E. Conduct a forensic investigation on the CEO’s phone.

• F. Implement mobile device management.

A company is required to use certiﬁed hardware when building networks. Which of the following best addresses the risks associated with procuring
counterfeit hardware?

• A. A thorough analysis of the supply chain Most Voted

• B. A legally enforceable corporate acquisition policy

• C. A right to audit clause in vendor contracts and SOWs

• D. An in-depth penetration test of all suppliers and vendors

Which of the following provides the details about the terms of a test with a third-party penetration tester?

• A. Rules of engagement Most Voted

• B. Supply chain analysis

• C. Right to audit clause

• D. Due diligence

A penetration tester begins an engagement by performing port and service scans against the client environment according to the rules of
engagement. Which of the following reconnaissance types is the tester performing?

• A. Active

• B. Passive

• C. Defensive

• D. Offensive

Which of the following is required for an organization to properly manage its restore process in the event of system failure?

• A. IRP

• B. DRP

• C. RPO

• D. SDLC

B. DRP (Disaster Recovery Plan): The DRP is speciﬁcally designed to help organizations recover from a system failure or disaster. It outlines
procedures for restoring IT infrastructure, systems, and data to ensure business continuity. This plan is essential for managing restore processes in
the event of system failure.

Which of the following vulnerabilities is associated with installing software outside of a manufacturer’s approved software repository?

• A. Jailbreaking

• B. Memory injection

• C. Resource reuse

• D. Side loading Most Voted

D. Side loading: Side loading refers to the practice of installing apps or software on a device from a source other than the manufacturer’s official
app store or software repository. This is a signiﬁcant security risk, as apps obtained through side loading may not undergo the same vetting process
for security and could contain malware or vulnerabilities.
10

A security analyst is reviewing the following logs:

Which of the following attacks is most likely occurring?

• A. Password spraying

• B. Account forgery

• C. Pass-the-hash

• D. Brute-force

A. Password Spraying:

Password spraying involves attempting a small number of commonly used passwords across many accounts, rather than trying many passwords
on a single account. Logs for password spraying typically show failed login attempts for multiple accounts with the same password.

An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the
analyst to evaluate?

• A. Secured zones

• B. Subject role Most Voted

• C. Adaptive identity

• D. Threat scope reduction

C. Adaptive identity:

• Adaptive identity is a key concept in Zero Trust that involves dynamically adjusting access based on continuous identity veriﬁcation and
context (e.g., user behavior, device health, location). In the data plane, this would mean continuously verifying and adapting to the context
in which data is accessed, ensuring that only authorized users and devices are allowed to interact with the data, and restricting access
based on real-time conditions.

• This directly supports Zero Trust principles of "never trust, always verify," especially in the context of data interactions and ensuring that
only authorized entities can access sensitive data under speciﬁc conditions.

An engineer needs to ﬁnd a solution that creates an added layer of security by preventing unauthorized access to internal company
resources. Which of the following would be the best solution?

• A. RDP server

• B. Jump server Most Voted

• C. Proxy server

• D. Hypervisor

The Jump server is the most appropriate solution for preventing unauthorized access to internal company resources. By requiring users to
go through a controlled, monitored intermediary, it adds a secure layer that reduces the risk of unauthorized access or direct exposure to
critical systems.

A company’s web ﬁlter is conﬁgured to scan the URL for strings and deny access when matches are found. Which of the following search
strings should an analyst employ to prohibit access to non-encrypted websites?

• A. encryption=off

• B. http:// Most Voted

• C. www.*.com

• D. :443

B. http://: This is the correct choice because HTTP (HyperText Transfer Protocol) is the non-encrypted version of web traffic, while HTTPS
(HyperText Transfer Protocol Secure) is the encrypted version. URLs that begin with http:// are unencrypted and should be blocked. This
string matches the protocol for non-secure web traffic, making it a suitable ﬁlter to block access to non-encrypted websites.
11

During a security incident, the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9. A security
analyst is creating an inbound firewall rule to block the IP address from accessing the organization’s network. Which of the following fulfills this
request?

A. access-list inbound deny ip source 0.0.0.0/0 destination 10.1.4.9/32

B. access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0 Most Voted

C. access-list inbound permit ip source 10.1.4.9/32 destination 0.0.0.0/0

D. access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32

B. access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0:

• This rule is correct. It denies any traffic from the malicious IP address (10.1.4.9/32) to any destination (0.0.0.0/0), effectively blocking this
IP address from accessing your network. The source is set to the malicious IP, and the destination is set to all IP addresses, which is what
you need for blocking inbound traffic from this address.

A company needs to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary. Which
of the following methods is most secure?

• A. Implementing a bastion host

• B. Deploying a perimeter network

• C. Installing a WAF

• D. Utilizing single sign-on

The most secure method to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary
is A. Implementing a bastion host. This approach ensures that administrative access is tightly controlled and monitored, while restricting
unnecessary traffic.

A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee’s corporate laptop. The
security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation.
Which of the following logs should the analyst use as a data source?

• A. Application

• B. IPS/IDS

• C. Network

• D. Endpoint Most Voted

The most relevant data source for understanding the behavior of an executable running on the employee's laptop is D. Endpoint logs. These logs
provide the most detailed information on the processes and actions taking place directly on the device, which is necessary to continue the
investigation into potential malicious activity.

A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks.
SIEM alerts have not yet been conﬁgured. Which of the following best describes what the security analyst should do to identify this behavior?

• A. Digital forensics

• B. E-discovery

• C. Incident response

• D. Threat hunting

The best course of action for the security analyst to identify the new behavior and tactic used by malicious actors is D. Threat hunting. This
proactive method allows the analyst to actively search for suspicious activity and identify potential threats before formal alerts or detections are in
place.
12

A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?

• A. Accept

• B. Transfer Most Voted

• C. Mitigate

• D. Avoid

A security administrator would like to protect data on employees’ laptops. Which of the following encryption techniques should the security
administrator use?

• A. Partition

• B. Asymmetric

• C. Full disk Most Voted

• D. Database

The most appropriate encryption technique to protect data on employees’ laptops is C. Full disk encryption. It ensures that the entire drive,
including all ﬁles and operating system data, is encrypted, providing comprehensive protection for data at rest.

Which of the following security control types does an acceptable use policy best represent?

• A. Detective

• B. Compensating

• C. Corrective

• D. Preventive

An acceptable use policy (AUP) is a preventive control because it is designed to prevent unauthorized, unethical, or risky behavior before it
occurs. By setting clear expectations for acceptable behavior, the organization can minimize the likelihood of security incidents related to
improper use of company resources. Therefore, the correct answer is D. Preventive.

An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of
the help desk software. Which of the following security techniques is the IT manager setting up?

A. Hardening

B. Employee monitoring

C. Conﬁguration enforcement

D. Least privilege

The IT manager is applying the principle of least privilege by restricting access to the help desk software’s administrator console to only the
necessary personnel (the IT manager and help desk lead). This approach ensures that users only have the permissions they need to perform their
roles, reducing the potential attack surface and preventing unauthorized actions. Therefore, the correct answer is D. Least privilege.

Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?

• A. Risk tolerance

• B. Risk transfer

• C. Risk register Most Voted

• D. Risk analysis

The risk register is the document that best ﬁts the description of tracking and documenting risks, assigning responsible parties, and setting
thresholds for response. It is a key component of risk management and is widely used for organizing and managing risks throughout their lifecycle.
Therefore, the correct answer is C. Risk register.
13

Which of the following should a security administrator adhere to when setting up a new set of ﬁrewall rules?

• A. Disaster recovery plan

• B. Incident response procedure

• C. Business continuity plan

• D. Change management procedure

When setting up new ﬁrewall rules, the security administrator should adhere to the change management procedure to ensure that the changes
are made in a controlled and accountable manner, with proper testing and approval. This process helps minimize risks and ensures that the
organization's security posture is strengthened without introducing unintended vulnerabilities or disruptions. Therefore, the correct answer is D.
Change management procedure.

A company is expanding its threat surface program and allowing individuals to security test the company’s internet-facing application. The
company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is
setting up?

• A. Open-source intelligence

• B. Bug bounty Most Voted

• C. Red team

• D. Penetration testing

A bug bounty program is a type of initiative where organizations offer rewards or compensation to individuals (often called "security researchers"
or "ethical hackers") for identifying and reporting vulnerabilities in their systems or applications. In this case, the company is compensating
researchers based on the vulnerabilities they discover in the company's internet-facing application, which matches the description of a bug
bounty program.

Which of the following threat actors is the most likely to use large ﬁnancial resources to attack critical systems located in other countries?

• A. Insider

• B. Unskilled attacker

• C. Nation-state Most Voted

• D. Hacktivist

The most likely threat actor to use large ﬁnancial resources to attack critical systems in other countries is a nation-state. Nation-state actors
possess the necessary resources, expertise, and motivations to carry out sophisticated attacks on infrastructure in foreign countries. Therefore,
the correct answer is C. Nation-state.

Which of the following enables the use of an input ﬁeld to run commands that can view or manipulate data?

• A. Cross-site scripting

• B. Side loading

• C. Buffer overﬂow

• D. SQL injection

SQL injection is the attack that enables the use of input ﬁelds to run commands that can view or manipulate data, making D. SQL injection the
correct answer.

Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company data.
Which of the following is the type of data these employees are most likely to use in day-to-day work activities?

• A. Encrypted

• B. Intellectual property Most Voted

• C. Critical

• D. Data in transit

Employees in the research and development business unit are most likely working with intellectual property (IP) on a day-to-day basis, as this
type of data is central to their work in creating and protecting innovations. Therefore, the correct answer is B. Intellectual property.
14

A company has begun labeling all laptops with asset inventory stickers and associating them with employee IDs. Which of the following security
beneﬁts do these actions provide? (Choose two.)

• A. If a security incident occurs on the device, the correct employee can be notiﬁed. Most Voted

• B. The security team will be able to send user awareness training to the appropriate device.

• C. Users can be mapped to their devices when conﬁguring software MFA tokens.

• D. User-based ﬁrewall policies can be correctly targeted to the appropriate laptops.

• E. When conducting penetration testing, the security team will be able to target the desired laptops.

• F. Company data can be accounted for when the employee leaves the organization. Most Voted

A technician wants to improve the situational and environmental awareness of existing users as they transition from remote to in-office work.
Which of the following is the best option?

• A. Send out periodic security reminders.

• B. Update the content of new hire documentation.

• C. Modify the content of recurring training. Most Voted

• D. Implement a phishing campaign.

The best approach to improving situational and environmental awareness for existing users transitioning from remote to in-office work is to
modify the content of recurring training (option C). This provides the opportunity for structured, ongoing learning that can be tailored to the
speciﬁc needs of the transition and the changing work environment. Therefore, the correct answer is C. Modify the content of recurring training.

A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of
incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors. Which of the
following should the systems administrator use?

• A. Packet captures

• B. Vulnerability scans

• C. Metadata

• D. Dashboard

A dashboard (option D) is the best tool for presenting cybersecurity incident data to the board of directors. It allows for clear, visually appealing,
and easy-to-understand reports that are appropriate for a high-level audience. Therefore, the correct answer is D. Dashboard

A systems administrator receives the following alert from a ﬁle integrity monitoring tool:
The hash of the cmd.exe ﬁle has changed.
The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely
occurred?

• A. The end user changed the ﬁle permissions.

• B. A cryptographic collision was detected.

• C. A snapshot of the ﬁle system was taken.

• D. A rootkit was deployed.

Given the context of the alert, where the hash of a critical system ﬁle (cmd.exe) has changed, and no patches were applied recently, the most likely
cause of this is the deployment of a rootkit (option D). Rootkits are known for modifying critical system ﬁles while remaining hidden from
detection, making them a plausible explanation for this behavior. Therefore, the correct answer is D. A rootkit was deployed.

Which of the following roles, according to the shared responsibility model, is responsible for securing the company’s database in an IaaS model for
a cloud environment?

• A. Client Most Voted

• B. Third-party vendor

• C. Cloud provider

• D. DBA
15

In the IaaS model, the client is responsible for securing the database because the cloud provider only manages the infrastructure (hardware,
networking, and virtualization). Therefore, the correct answer is A. Client.

Question #40Topic 1

A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following
documents should the company provide to the client?

• A. MSA

• B. SLA

• C. BPA

• D. SOW

The SOW (Statement of Work) is the correct document to provide because it includes detailed information about the project, including costs,
timelines, and deliverables. Therefore, the correct answer is D. SOW.

A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings indicated
that a web application form field is vulnerable to cross-site scripting. Which of the following application security techniques should the security
analyst recommend the developer implement to prevent this vulnerability?

• A. Secure cookies

• B. Version control

• C. Input validation Most Voted

• D. Code signing

To prevent Cross-Site Scripting (XSS) vulnerabilities, the most effective technique is input validation. This ensures that any user input is checked,
sanitized, and made safe before it is processed or displayed by the application, effectively mitigating the risk of XSS attacks. Therefore, the correct
answer is C. Input validation.

Which of the following must be considered when designing a high-availability network? (Choose two).

• A. Ease of recovery Most Voted

• B. Ability to patch

• C. Physical isolation

• D. Responsiveness Most Voted

• E. Attack surface

• F. Extensible authentication

The two most relevant factors to consider when designing a high-availability network are A. Ease of recovery and D. Responsiveness. These
ensure that the network can recover quickly from failures and maintain a high level of performance and availability.

A technician needs to apply a high-priority patch to a production system. Which of the following steps should be taken ﬁrst?

• A. Air gap the system.

• B. Move the system to a different network segment.

• C. Create a change control request. Most Voted

• D. Apply the patch to the system.

When applying patches to a production system, especially high-priority ones, it is crucial to follow formal processes to ensure that the patching
does not disrupt business operations, introduce new issues, or affect other systems. Change control is a critical part of this process.

Which of the following describes the reason root cause analysis should be conducted as part of incident response?

• A. To gather IoCs for the investigation

• B. To discover which systems have been affected

• C. To eradicate any trace of malware on the network

• D. To prevent future incidents of the same nature

Root cause analysis (RCA) is an essential part of the incident response process because its primary goal is to identify the underlying cause of an
incident, rather than just addressing the symptoms. By determining the root cause, organizations can take steps to prevent similar incidents from
happening in the future.

Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?

A. Fines

B. Audit ﬁndings

C. Sanctions

D. Reputation damage

The most likely immediate outcome if a large bank fails an internal PCI DSS compliance assessment is A. Fines, as PCI DSS non-compliance can
lead to ﬁnancial penalties imposed by the card brands or the PCI Security Standards Council. Therefore, A. Fines is the correct answer

A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the
business in the case of a disruption. Which of the following best describes this step?

• A. Capacity planning Most Voted

• B. Redundancy

• C. Geographic dispersion

• D. Tabletop exercise

Capacity planning is the process of determining the necessary resources, including staff, to maintain critical business functions in the event of a
disruption. Therefore, the correct answer is A. Capacity planning

A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by
individuals in high-risk countries. Which of the following is the most effective way to limit this access?

A. Data masking

B. Encryption

C. Geolocation policy Most Voted

D. Data sovereignty regulation

To prevent access to sensitive documents from high-risk countries, the most effective control is implementing a geolocation policy. This type of
policy restricts or controls access based on the geographical location of the user attempting to access the system, typically using the IP address or
other location-based data to determine whether to allow access.

Which of the following is a hardware-speciﬁc vulnerability?

• A. Firmware version Most Voted

• B. Buffer overﬂow

• C. SQL injection

• D. Cross-site scripting

Firmware version vulnerabilities are directly related to the hardware and its low-level software, making it a hardware-speciﬁc vulnerability.
Therefore, the correct answer is A. Firmware version.

While troubleshooting a ﬁrewall conﬁguration, a technician determines that a “deny any” policy should be added to the bottom of the ACL. The
technician updates the policy, but the new policy causes several company servers to become unreachable.
Which of the following actions would prevent this issue?

• A. Documenting the new policy in a change request and submitting the request to change management

• B. Testing the policy in a non-production environment before enabling the policy in the production network Most Voted

• C. Disabling any intrusion prevention signatures on the “deny any” policy prior to enabling the new policy

• D. Including an “allow any” policy above the “deny any” poli

The correct approach is to test the new policy in a non-production environment before applying it to the production network. This allows the
technician to verify that the change will not disrupt normal operations or block critical services. Therefore, the correct answer is B. Testing the
policy in a non-production environment before enabling the policy in the production network.
17

An organization is building a new backup data center with cost-beneﬁt as the primary requirement and RTO and RPO values around two days.
Which of the following types of sites is the best for this scenario?

• A. Real-time recovery

• B. Hot

• C. Cold

• D. Warm

For an organization that has RTO and RPO values around two days and is focused on cost-beneﬁt, a warm site is the best choice. It provides a
good balance of recovery speed and cost, meeting the organization’s recovery objectives without the high costs associated with hot sites or real-
time recovery. Therefore, the correct answer is D. Warm.

A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes
this policy?

• A. Enumeration

• B. Sanitization Most Voted

• C. Destruction

• D. Inventory

The most accurate term for the process of securely wiping data from hard drives before sending decommissioned systems to recycling is
sanitization. Therefore, the correct answer is B. Sanitization

A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data
classiﬁcations should be used to secure patient data?

• A. Private

• B. Critical

• C. Sensitive Most Voted

• D. Public

Patient data, especially in a healthcare context, is highly sensitive and protected by strict regulations to ensure privacy and security. The
classiﬁcation Sensitive is the most appropriate term for this type of data because it indicates that the data must be handled with a high degree of
conﬁdentiality and security to prevent unauthorized access, disclosure, or misuse.

A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations. Which of the following should the hosting
provider consider ﬁrst?

• A. Local data protection regulations Most Voted

• B. Risks from hackers residing in other countries

• C. Impacts to existing contractual obligations

• D. Time zone differences in log correlation

The ﬁrst thing the hosting provider should consider when expanding to new international locations is local data protection regulations.
Compliance with these laws ensures that the provider operates legally and avoids costly penalties. Therefore, the correct answer is A. Local data
protection regulations.

Which of the following would be the best way to block unknown programs from executing?

• A. Access control list

• B. Application allow list Most Voted

• C. Host-based ﬁrewall

• D. DLP solution

An application allow list (also known as a whitelist) is a security measure where only approved programs are allowed to run on a system. This
method blocks any unknown or unapproved applications from executing, providing an effective way to prevent malicious or unauthorized programs
from running on a system.
18

A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering.
Which of the following teams will conduct this assessment activity?

• A. White

• B. Purple

• C. Blue

• D. Red

A. White:

• White teams are typically the defenders or security experts who are not actively involved in conducting offensive tests. They might provide
support, oversight, or act as the evaluators of the red team's activities, but they do not perform the actual offensive tests themselves.

B. Purple:

• Purple teams focus on the collaboration between red teams (offensive) and blue teams (defensive). They work to improve the effectiveness
of both by facilitating communication and ensuring that the red team's ﬁndings help improve the blue team's defenses. Purple teams are
not typically the ones conducting the offensive activities like penetration testing and social engineering.

C. Blue:

• Blue teams are responsible for defensive security activities, such as monitoring, defending against, and responding to attacks. Their
primary role is to detect and mitigate security incidents and vulnerabilities rather than conducting offensive assessments.

D. Red:

• Red teams are the correct answer. They conduct offensive security assessments, including penetration testing (to identify vulnerabilities
and exploit them) and social engineering (to test how well employees are trained to resist tactics like phishing or pretexting). They simulate
adversarial attacks in a controlled manner to help organizations improve their security posture.

A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most
appropriate?

• A. Testing input validation on the user input ﬁelds

• B. Performing code signing on company-developed software Most Voted

• C. Performing static code analysis on the software

• D. Ensuring secure cookies are use

Code signing is the best way to ensure that the software is authentic and has not been tampered with since its creation. This method provides a
trusted means of verifying both the origin and integrity of the software. Therefore, the correct answer is B. Performing code signing on company-
developed software.

Which of the following can be used to identify potential attacker activities without affecting production servers?

• A. Honeypot Most Voted

• B. Video surveillance

• C. Zero Trust

• D. Geofencing

A honeypot is a decoy system or network resource that is intentionally set up to attract and trap attackers. Its purpose is to simulate a vulnerable
or valuable target to divert potential attackers from real systems and to monitor their activities in a controlled, non-production environment. By
monitoring interactions with the honeypot, security teams can gather valuable insights into attacker tactics, techniques, and procedures (TTPs)
without affecting the production systems.

During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response
activities describes this process?

• A. Analysis Most Voted

• B. Lessons learned

• C. Detection

• D. Containment

The activity that describes the process of understanding the source of the incident is analysis, where the incident response team investigates
and determines how and why the incident occurred. Therefore, the correct answer is A. Analysis.
19

A security practitioner completes a vulnerability assessment on a company’s network and ﬁnds several vulnerabilities, which the operations team
remediates. Which of the following should be done next?

• A. Conduct an audit.

• B. Initiate a penetration test.

• C. Rescan the network. Most Voted

• D. Submit a report.

After the operations team has remediated the vulnerabilities identiﬁed during the vulnerability assessment, the next logical step is to rescan the
network to verify that the vulnerabilities have been successfully addressed. This rescan ensures that the remediation efforts have been effective
and that no new vulnerabilities were introduced in the process. It also helps conﬁrm that the system is now secure, or if there are still outstanding
issues that need attention.

An administrator was notiﬁed that a user logged in remotely after hours and copied large amounts of data to a personal device.
Which of the following best describes the user’s activity?

• A. Penetration testing

• B. Phishing campaign

• C. External audit

• D. Insider threat

The user's activity of copying large amounts of data to a personal device after hours is best classiﬁed as an insider threat, as it involves an
authorized user engaging in suspicious or unauthorized activity. Therefore, the correct answer is D. Insider threat.

Which of the following allows for the attribution of messages to individuals?

• A. Adaptive identity

• B. Non-repudiation Most Voted

• C. Authentication

• D. Access logs

Non-repudiation is a security principle that ensures that a person cannot deny the validity of their actions. In the context of messages or
communications, non-repudiation guarantees that the sender of a message cannot later deny having sent it, and similarly, the recipient
cannot deny having received it. This principle is often achieved through techniques such as digital signatures or secure logging mechanisms,
which provide proof of the origin and integrity of the message.

Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modiﬁed?

• A. Automation Most Voted

• B. Compliance checklist

• C. Attestation

• D. Manual audit

The best way to consistently determine whether security settings on servers have been modiﬁed on a daily basis is automation. Automated tools
can continuously monitor servers for changes, providing real-time feedback and alerts without requiring manual effort. Therefore, the correct
answer is A. Automation.

Which of the following tools can assist with detecting an employee who has accidentally emailed a ﬁle containing a customer’s PII?

• A. SCAP

• B. NetFlow

• C. Antivirus

• D. DLP

Data Loss Prevention (DLP) tools are speciﬁcally designed to detect and prevent unauthorized transmission of sensitive data, such as Personally
Identiﬁable Information (PII), outside of an organization. DLP solutions can monitor email traffic and other communication channels, scanning for
sensitive information like social security numbers, credit card details, or customer PII. When such data is detected, DLP systems can alert
administrators, block the transmission, or encrypt the content to prevent accidental or malicious data leakage.
20

An organization recently updated its security policy to include the following statement:
Regular expressions are included in source code to remove special characters such as $, |, ;. &, `, and ? from variables set by forms in a web
application.
Which of the following best explains the security technique the organization adopted by making this addition to the policy?

• A. Identify embedded keys

• B. Code debugging

• C. Input validation Most Voted

• D. Static code analysis

C. Input validation:

• Input validation is the practice of checking and sanitizing user input to ensure that it adheres to expected formats and does not contain
harmful data. By using regular expressions to ﬁlter out special characters, the organization is applying input validation to ensure that only
safe data is accepted by the web application. This helps prevent common attacks that exploit improper input handling.

A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through
rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing
message. Which of the following should the analyst do?

• A. Place posters around the office to raise awareness of common phishing activities.

• B. Implement email security ﬁlters to prevent phishing emails from being delivered.

• C. Update the EDR policies to block automatic execution of downloaded programs.

• D. Create additional training for users to recognize the signs of phishing attempts.

To reduce the impact of phishing attacks after users have clicked on links, updating the EDR policies to block the automatic execution of
downloaded programs provides the most effective defense. This helps prevent malicious code from running and causing further damage.
Therefore, the best answer is C. Update the EDR policies to block automatic execution of downloaded programs.

Which of the following has been implemented when a host-based ﬁrewall on a legacy Linux system allows connections from only speciﬁc internal
IP addresses?

• A. Compensating control

• B. Network segmentation

• C. Transfer of risk

• D. SNMP traps

By configuring the host-based firewall to only allow connections from specific internal IP addresses, the system is being isolated or segmented
from other parts of the network. This limits access and is a form of network segmentation. Therefore, the correct answer is B. Network
segmentation.

The management team notices that new accounts that are set up manually do not always have correct access or permissions.
Which of the following automation techniques should a systems administrator use to streamline account creation?

• A. Guard rail script

• B. Ticketing workﬂow

• C. Escalation script

• D. User provisioning script

The best option for streamlining account creation and ensuring correct access and permissions is D. User provisioning script. This automation
technique speciﬁcally addresses the need to consistently and correctly set up user accounts with the appropriate access.

A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis. Which of the following types of controls
is the company setting up?

• A. Corrective

• B. Preventive

• C. Detective Most Voted

• D. Deterrent
21

A SIEM (Security Information and Event Management) system is primarily used to detect and monitor security-related events within an
organization's network and systems. When the company sets up a SIEM system and assigns an analyst to review the logs on a weekly basis, it is
implementing a detective control.

A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these
requirements?

• A. Serverless framework Most Voted

• B. Type 1 hypervisor

• C. SD-WAN

• D. SDN

In a serverless environment, cloud providers such as AWS (Lambda), Azure Functions, and Google Cloud Functions handle all the infrastructure
management, automatically scaling to meet demand and charging based on resource usage. This is cost-effective because you only pay for the
execution time of the functions, and there is no need to manage or provision servers. This solution is ideal for low-cost application hosting as
requested in the scenario.

A security operations center determines that the malicious activity detected on a server is normal. Which of the following activities describes the
act of ignoring detected activity in the future?

• A. Tuning

• B. Aggregating

• C. Quarantining

• D. Archiving

Tuning refers to the process of adjusting or configuring security monitoring tools, such as SIEM (Security Information and Event Management)
systems, to filter out false positives or non-malicious activities that are incorrectly flagged as security incidents. In the context of the question,
since the malicious activity detected on the server is determined to be normal, tuning would involve adjusting the detection rules or filters so that
similar activities are not flagged as incidents in the future.

Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?

• A. Hacktivist

• B. Whistleblower

• C. Organized crime

• D. Unskilled attacker

Organized crime groups are often well-funded and highly skilled, and they may be hired by foreign governments to carry out attacks
against critical systems located in other countries. These groups have the resources, expertise, and motivation to conduct sophisticated
cyberattacks, such as stealing intellectual property, launching cyber espionage operations, or disrupting critical infrastructure.
Governments may hire these groups for various reasons, including plausible deniability or leveraging the group's expertise in conducting
cybercrime activities.

Which of the following is used to add extra complexity before using a one-way data transformation algorithm?

• A. Key stretching

• B. Data masking

• C. Steganography

• D. Salting

Salting refers to the process of adding random data (known as a "salt") to input data (such as a password) before applying a one-way data
transformation algorithm (like a hash function). The purpose of salting is to ensure that even if two users have the same input (e.g., the same
password), their resulting hashes will be different, due to the unique salt value added to each input. This adds extra complexity and security
to the hashing process, making it more difficult for attackers to use precomputed tables (like rainbow tables) to reverse the hash and
retrieve the original data.
22

An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the
log-in information but received a “page not found” error message. Which of the following types of social engineering attacks occurred?

• A. Brand impersonation

• B. Pretexting

• C. Typosquatting

• D. Phishing

An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one
device with the IP address 10.50.10.25. Which of the following ﬁrewall ACLs will accomplish this goal?

• A. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53

Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port 53

• B. Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53

Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

• C. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53

Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53

• D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53

Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

Option D is the correct answer because it ensures that only the device with IP address 10.50.10.25 can send outbound DNS traffic on port 53,
while all other outbound DNS traffic is blocked.

A data administrator is conﬁguring authentication for a SaaS application and would like to reduce the number of credentials employees need to
maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this
functionality?

• A. SSO Most Voted

• B. LEAP

• C. MFA

• D. PEAP

• The correct answer is A. SSO (Single Sign-On).

• Explanation:
• Single Sign-On (SSO) is a method of authentication that allows users to access multiple applications with a single set of credentials, typically their
domain credentials. When a user logs in once to a central authentication system (such as their company's Active Directory), they are automatically
authenticated across all linked applications, including SaaS applications, without needing to log in separately to each one. This reduces the number
of credentials users need to maintain and simplifies the authentication process.

Which of the following scenarios describes a possible business email compromise attack?

• A. An employee receives a gift card request in an email that has an executive’s name in the display ﬁeld of the email.

• B. Employees who open an email attachment receive messages demanding payment in order to access ﬁles.

• C. A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account. Most
Voted

• D. An employee receives an email with a link to a phishing site that is designed to look like the company’s email portal.

A company prevented direct access from the database administrators’ workstations to the network segment that contains database servers.
Which of the following should a database administrator use to access the database servers?

• A. Jump server Most Voted

• B. RADIUS

• C. HSM

• D. Load balancer
23

An organization’s internet-facing website was compromised when an attacker exploited a buffer overﬂow. Which of the following should the
organization deploy to best protect against similar attacks in the future?

• A. NGFW

• B. WAF Most Voted

• C. TLS

• D. SD-WAN

A Web Application Firewall (WAF) is specifically designed to protect web applications from common exploits, including buffer overflow attacks,
which often target vulnerabilities in application code. WAFs sit between a web application and incoming traffic, inspecting HTTP/HTTPS requests
and responses to identify and block malicious activity or patterns indicative of exploits like buffer overflows, SQL injection, cross-site scripting
(XSS), and other web-based attacks.

An employee receives a text message that appears to have been sent by the payroll department and is asking for credential veriﬁcation. Which of
the following social engineering techniques are being attempted? (Choose two.)

• A. Typosquatting

• B. Phishing

• C. Impersonation Most Voted

• D. Vishing

• E. Smishing Most Voted

• F. Misinformation

• A. Cancel current employee recognition gift cards.

• B. Add a smishing exercise to the annual company training. Most Voted

• C. Issue a general email warning to the company. Most Voted

• D. Have the CEO change phone numbers.

• E. Conduct a forensic investigation on the CEO’s phone.

• F. Implement mobile device management.

A company is required to use certiﬁed hardware when building networks. Which of the following best addresses the risks associated with procuring
counterfeit hardware?

• A. A thorough analysis of the supply chain

• B. A legally enforceable corporate acquisition policy

• C. A right to audit clause in vendor contracts and SOWs

• D. An in-depth penetration test of all suppliers and vendors

A thorough analysis of the supply chain is the most effective way to address the risks associated with procuring counterfeit hardware. By
scrutinizing the supply chain, a company can ensure that each component is sourced from reputable suppliers and that there are proper controls
in place to verify the authenticity of the hardware at every stage, from manufacturing to delivery.
24

Which of the following provides the details about the terms of a test with a third-party penetration tester?

• A. Rules of engagement Most Voted

• B. Supply chain analysis

• C. Right to audit clause

• D. Due diligence

Rules of Engagement (RoE) deﬁne the terms and scope of an engagement between a company and a third-party penetration tester. These rules
are a set of mutually agreed-upon guidelines that clarify the expectations and boundaries for the penetration test. This includes:

• Scope of the test (which systems and networks are in scope)

• Testing methods (whether social engineering, external/internal testing, etc.)

• Authorization (ensuring that the tester has permission to test the systems)

• Timing (when the test can be performed)

• Reporting (how vulnerabilities should be reported, and the format of the report)

• Escalation procedures (how to handle unexpected results, e.g., discovering critical vulnerabilities)

• A. Active Most Voted

• B. Passive

• C. Defensive

• D. Offensive

Which of the following is required for an organization to properly manage its restore process in the event of system failure?

• A. IRP

• B. DRP Most Voted

• C. RPO

• D. SDLC

A Disaster Recovery Plan (DRP) is a critical document that outlines how an organization will recover and restore its IT systems, data, and
infrastructure in the event of a disaster or system failure. The DRP includes processes for backing up data, restoring systems, and ensuring that
business operations can continue or quickly resume after an outage or disaster.

Which of the following vulnerabilities is associated with installing software outside of a manufacturer’s approved software repository?

• A. Jailbreaking

• B. Memory injection

• C. Resource reuse

• D. Side loading

• Side loading refers to the practice of installing or running applications from unofficial sources or outside the manufacturer’s approved software
repository. This can expose a system to various risks, including the installation of malicious software, because the application is not subject to the
security checks and reviews that are typically applied to software distributed through official channels (such as the Apple App Store or Google Play
Store).
• When software is side-loaded, it bypasses the official app stores’ security controls, such as code scanning for malware or security vulnerabilities,
potentially allowing attackers to introduce harmful code into the system.
25

A security analyst is reviewing the following logs:

Which of the following attacks is most likely occurring?

• A. Password spraying Most Voted

• B. Account forgery

• C. Pass-the-hash

• D. Brute-force

An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the
analyst to evaluate?

• A. Secured zones

• B. Subject role Most Voted

• C. Adaptive identity

• D. Threat scope reduction

C. Adaptive identity is the most relevant for evaluating the implementation of Zero Trust principles within the data plane because it involves
dynamically assessing and verifying the identity of users, devices, or systems trying to access resources, which aligns with the core Zero Trust
principle of "never trust, always verify."

An engineer needs to ﬁnd a solution that creates an added layer of security by preventing unauthorized access to internal company resources.
Which of the following would be the best solution?

• A. RDP server

• B. Jump server Most Voted

• C. Proxy server

• D. Hypervisor

A company’s web ﬁlter is conﬁgured to scan the URL for strings and deny access when matches are found. Which of the following search strings
should an analyst employ to prohibit access to non-encrypted websites?

• A. encryption=off

• B. http://

• C. www.*.com

• D. :443

• A. access-list inbound deny ip source 0.0.0.0/0 destination 10.1.4.9/32

• B. access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0

• C. access-list inbound permit ip source 10.1.4.9/32 destination 0.0.0.0/0

• D. access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32

A company needs to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary. Which
of the following methods is most secure?

• A. Implementing a bastion host Most Voted

• B. Deploying a perimeter network

• C. Installing a WAF

• D. Utilizing single sign-on

A bastion host is a specialized server designed to provide a secure access point into a network for administrative tasks. It acts as a gateway,
allowing authorized users to connect to internal systems, while minimizing the exposure of the internal network to external threats. By using a
bastion host, only speciﬁc, trusted users can access critical internal resources, and the traffic allowed through the security boundary is limited to
what is absolutely necessary for administrative functions.

• A. Application

• B. IPS/IDS

• C. Network

• D. Endpoint

• A. Digital forensics

• B. E-discovery

• C. Incident response

• D. Threat hunting

A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?

• A. Accept

• B. Transfer

• C. Mitigate

• D. Avoid

A security administrator would like to protect data on employees’ laptops. Which of the following encryption techniques should the security
administrator use?

• A. Partition

• B. Asymmetric

• C. Full disk Most Voted

• D. Database

Which of the following security control types does an acceptable use policy best represent?

• A. Detective

• B. Compensating

• C. Corrective

• D. Preventive

• A. Hardening

• B. Employee monitoring
27

• C. Conﬁguration enforcement

• D. Least privilege

Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?

• A. Risk tolerance

• B. Risk transfer

• C. Risk register Most Voted

• D. Risk analysis

Which of the following should a security administrator adhere to when setting up a new set of ﬁrewall rules?

• A. Disaster recovery plan

• B. Incident response procedure

• C. Business continuity plan

• D. Change management procedur

When setting up a new set of ﬁrewall rules, the security administrator should follow a change management procedure to ensure that changes to
the network security conﬁguration are handled properly and systematically. This process includes proper documentation, testing, approval, and
communication, minimizing the risk of errors, downtime, or security vulnerabilities. Change management helps to ensure that the changes are
well-structured, and that they do not disrupt business operations or introduce new risks.

A company has begun labeling all laptops with asset inventory stickers and associating them with employee IDs. Which of the following security
beneﬁts do these actions provide? (Choose two.)

• A. If a security incident occurs on the device, the correct employee can be notiﬁed. Most Voted

• B. The security team will be able to send user awareness training to the appropriate device.

• C. Users can be mapped to their devices when conﬁguring software MFA tokens.

• D. User-based ﬁrewall policies can be correctly targeted to the appropriate laptops.

• E. When conducting penetration testing, the security team will be able to target the desired laptops.

• F. Company data can be accounted for when the employee leaves the organization

• A. Secure cookies

• B. Version control

• C. Input validation Most Voted

• D. Code signing

Input validation is the primary defense against XSS attacks. It involves ensuring that the data entered into form ﬁelds (or any user-supplied input)
is validated, sanitized, and escaped before being used in a web application. This prevents potentially malicious scripts from being executed.

A technician needs to apply a high-priority patch to a production system. Which of the following steps should be taken ﬁrst?

• A. Air gap the system.

• B. Move the system to a different network segment.

• C. Create a change control request. Most Voted

• D. Apply the patch to the system.

In summary, the ﬁrst step before applying a patch is to create a change control request to ensure the change is formally authorized and
managed.

Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?

• A. Fines
28

• B. Audit ﬁndings Most Voted

• C. Sanctions

• D. Reputation damage

Summary: The most immediate outcome of a failed internal PCI DSS compliance assessment would be audit ﬁndings, which are actionable
items to correct before external audits or further consequences occur.

11. A healthcare organization is reviewing its authentication protocols to secure access to electronic health records (EHR) systems and other
sensitive medical databases. The organization aims to protect patient data and ensure compliance with health data protection regulations. Which
TWO of the following authentication protocols should be prioritized for implementation to achieve these objectives? (SELECT TWO)

A. Utilizing Fast Identity Online (FIDO) protocols for strong, phishing-resistant authentication.

B. Implementing Lightweight Directory Access Protocol (LDAP) for efficient user and resource management.

C. Adopting Time-based One-Time Password (TOTP) algorithm for generating dynamic, time-sensitive passwords.

D. Applying Extensible Authentication Protocol (EAP) for securing wireless network access to medical databases.

The two protocols that should be prioritized are:

• A. FIDO for strong, phishing-resistant authentication.

• C. TOTP for dynamic, time-sensitive passwords (2FA).

12. A security analyst at a corporation discovers that an attacker has been sending emails to employees that appear to come from the CEO, asking
for sensitive company information. The analyst determines that the attacker is using email address spooﬁng. What is the MOST effective measure
the corporation should implement to prevent such email forgery attacks?

A. Enable spam ﬁlters to block emails from unknown external sources.

B. Implement Domain-based Message Authentication, Reporting, and Conformance (DMARC).

C. Encrypt all outgoing and incoming emails within the corporation.

D. Conduct regular security awareness training for employees on identifying phishing emails.

The MOST effective measure the corporation should implement to prevent email forgery attacks like email address spooﬁng is:

B. Implement Domain-based Message Authentication, Reporting, and Conformance (DMARC)

A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations. Which of the following should the hosting
provider consider ﬁrst?

• A. Local data protection regulations

• B. Risks from hackers residing in other countries

• C. Impacts to existing contractual obligations

• D. Time zone differences in log correlation

Local data protection regulations should be the ﬁrst consideration because compliance with privacy and data sovereignty laws is mandatory
for a legal and secure expansion into new international markets.

Which of the following has been implemented when a host-based ﬁrewall on a legacy Linux system allows connections from only speciﬁc internal
IP addresses?

• A. Compensating control Most Voted

• B. Network segmentation

• C. Transfer of risk

• D. SNMP traps

• When a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses, this is an example of network
segmentation.

A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these
requirements?
29

• A. Serverless framework Most Voted

• B. Type 1 hypervisor

• C. SD-WAN

• D. SDN

A serverless framework is a cloud-based application-hosting solution that allows developers to build and deploy applications without managing
servers. It abstracts away the underlying infrastructure, enabling you to focus on writing code rather than worrying about server provisioning,
scaling, or maintenance.

A user is attempting to navigate to a website from inside the company network using a desktop. When the user types in the URL,
https://www.site.com, the user is presented with a certiﬁcate mismatch warning from the browser. The user does not receive a warning when
visiting http://www.anothersite.com. Which of the following describes this attack?

A.On-path

B.Domain hijacking

C.DNS poisoning

D.Evil twin

Which of the following tools is effective in preventing a user from accessing unauthorized removable media?

A.USB data blocker

B.Faraday cage

C.Proximity reader

D.Cable lock

A.Reverse proxy

B.Automated patch management

C.Snapshots

D.NIC teaming

A reverse proxy (A) is the best choice because it provides the required scalability, ﬂexibility, and server resource reduction for back-end
infrastructure, with no need for session persistence.

Which of the following describes a social engineering technique that seeks to exploit a person's sense of urgency?

A.A phishing email stating a cash settlement has been awarded but will expire soon

B.A smishing message stating a package is scheduled for pickup

C.A vishing call that requests a donation be made to a local charity

D.A SPIM notiﬁcation claiming to be undercover law enforcement investigating a cybercrime

The phishing email claiming a cash settlement that will expire soon is the classic example of a social engineering technique that exploits a
person's sense of urgency, making option A the correct answer.
30

A.DLL Injection

B.API attack

C.SQLi

D.XSS

A.Data anonymization

B.Data encryption

C.Data masking

D.Data tokenization

Data masking involves obscuring sensitive personal data (such as PII) in a way that retains the format and realism of the data, while protecting
privacy. This allows developers to work with data that appears real but does not expose sensitive information.

A.Classify the data.

B.Mask the data.

C.Assign the application owner.

D.Perform a risk analysis.

In order to implement different Data Loss Prevention (DLP) rules based on the type of data (e.g., PII, ﬁnancial information, and health
information), the company needs to classify the data.

A.SQL injection

B.Broken authentication

C.XSS

D.XSRF

The forensics investigator is most likely to determine that an XSRF (Cross-Site Request Forgery) attack has occurred, as the user was tricked
into clicking a link that unknowingly triggered a payment transaction, exploiting their authenticated session.
31

A.MFA

B.Lockout

C.Time-based logins

D.Password history

To prevent the use of exﬁltrated credentials, the Chief Information Security Officer (CISO) should use Multi-Factor Authentication (MFA). MFA is a
method that requires users to provide more than one way to verify their identity, such as entering a password and a one-time code. Time-based
one-time passwords (TOTPs) are a common type of one-time code used for MFA

A.Subject alternative name

B.Wildcard

C.Self-signed

D.Domain validation

B- Wildcard SSL(Secure Sockets Layer) Certiﬁcate: Wildcard SSL certiﬁcates are for a single domain and all its subdomains.

Which of the following is an effective tool to stop or prevent the exﬁltration of data from a network?

A.DLP

B.NIDS

C.TPM

D.FDE

Data loss prevention (DLP) makes sure that users do not send sensitive or critical information outside the corporate network.

A.Replacing the traditional key with an RFID key

B.Installing and monitoring a camera facing the door

C.Setting motion-sensing lights to illuminate the door on activity

D.Surrounding the property with fencing and gates

Selected Answer: A

Replacing the traditional key with an RFID key - For this question, there is mention of "attempts have been made to pick the door lock". Out of the
options provided, only the option to replace the current door key with an RFID key directly addresses this issue. The other options can be viewed as
preventative access control systems/ deterrents as well.
32

Which of the following can be used by a monitoring tool to compare values and detect password leaks without providing the actual credentials?

A.Hashing

B.Tokenization

C.Masking

D.Encryption

Selected Answer: A

Hashing, is the answer. Why? Because, with Hashing the tool can identify a credential without knowing the exact credential , by a mathematical
method (ex: multiply the credential by a number, and all different credentials have different results). comparing the Hashing of the local credential
with the Hashing of the web credentials the tool can extrapolate if the credential was compromised.

An administrator needs to protect user passwords and has been advised to hash the passwords. Which of the following BEST describes what the
administrator is being advised to do?

A.Perform a mathematical operation on the passwords that will convert them into unique strings.

B.Add extra data to the passwords so their length is increased, making them harder to brute force.

C.Store all passwords in the system in a rainbow table that has a centralized location.

D.Enforce the use of one-time passwords that are changed for every login session.

Hashing converts passwords into unique, ﬁxed-length strings (hash values). The process uses a hash function like SHA-256 or bcrypt to ensure
that even if two identical passwords are hashed, they result in the same hash. These hashes are stored in the system rather than the actual
passwords themselves.

Which of the following would be indicative of a hidden audio ﬁle found inside of a piece of source code?

A.Steganography

B.Homomorphic encryption

C.Cipher suite

D.Blockchain

Steganography is the technique of hiding data within other data, such as embedding a hidden audio ﬁle within a piece of source code. The goal of
steganography is to conceal the existence of the data so that it is not easily detectable by unauthorized individuals or systems.

A.Password complexity

B.Password reuse

C.Password history

D.Password age
33

A.HIPS

B.FIM

C.TPM

D.DLP

A TPM (Trusted Platform Module) is a hardware-based security solution that provides critical features like secure boot, attestation, and data
integrity veriﬁcation. It is used to ensure the integrity of systems by securely storing cryptographic keys and performing operations like measuring
system integrity during boot processes and verifying that the system has not been tampered with.

Which of the following is a reason to publish ﬁles' hashes?

A.To validate the integrity of the ﬁles

B.To verify if the software was digitally signed

C.To use the hash as a software activation key

D.To use the hash as a decryption passphrase

Publishing files' hashes is a common practice used to validate the integrity of files and ensure that they have not been tampered with or corrupted.
A hash value is a unique fixed-size string of characters generated from the contents of a file using a cryptographic hashing algorithm. Even a minor
change in the file's content will result in a completely different hash value.

A.nslookup 10.10.10.0

B.nmap -p 80 10.10.10.0/24

C.pathping 10.10.10.0 -p 80

D.ne -l -p 80

A.nslookup 10.10.10.0

B.nmap -p 80 10.10.10.0/24

C.pathping 10.10.10.0 -p 80

D.ne -l -p 80

Selected Answer: B

Answer: nmap -p 80 10.10.10.0/24 - Nmap or network mapper is a network discovery and security auditing tool mainly used to ﬁnd services, hosts,
and open ports on a network. In this case, nmap will check for the HTTP port 80.
34

Which biometric error would allow an unauthorized user to access a system?

A.False acceptance

B.False entrance

C.False rejection

D.False denial

where an interloper is accepted (Type II error or false match rate [FMR]). FAR is measured as a percentage. False rejection cause inconvenience to
users, but false acceptance can lead to security breaches, and so is usually considered the most important metric.

A company is auditing the manner in which its European customers' personal information is handled. Which of the following should the company
consult?

A.GDPR

B.ISO

C.NIST

D.PCI DSS

Which of the following are common VoIP-associated vulnerabilities? (Choose two.)

A.SPIM

B.Vishing

C.Hopping

D.Phishing

E.Credential harvesting

F.Tailgating

• SPIM

Unsolicited commercial instant messages or presence subscription requests that can reduce resource availability and production. While not a
network compromise by itself, it can potentially lead to one.

• Vishing

Phone call scams that use VoIP features like caller ID spooﬁng and automated systems to trick victims into sharing sensitive information. Vishing
fraudsters may pose as employees of a legitimate organization, such as a bank or the police, to obtain personal and ﬁnancial information
35

Which of the following describes the exploitation of an interactive process to gain access to restricted areas?

A.Persistence

B.Buffer overﬂow

C.Privilege escalation

D.Pharming

Privilege escalation refers to the exploitation of a vulnerability or ﬂaw in a system to gain higher levels of access or permissions than originally
granted. In the context of an "interactive process," it typically means gaining unauthorized access to restricted areas of a system by elevating
privileges—whether that's from a normal user account to an administrator account or from a limited set of resources to full control over the
system.

A.Geographic dispersal

B.Generator power

C.Fire suppression

D.Facility automation

Explanation:

Geographic dispersal refers to the practice of placing data centers in multiple, geographically separate locations to mitigate the impact of
natural disasters or other localized disruptions. By spreading the data centers across different regions or areas, an organization can ensure that if
one data center is affected by a disaster (e.g., earthquake, hurricane, ﬂood), the others remain operational, maintaining business continuity.

A.EAP

B.TLS

C.HTTPS

D.AES

D. AES

Explanation:

AES (Advanced Encryption Standard) is a symmetric encryption algorithm used to protect data conﬁdentiality. In the context of wireless
networks, AES is commonly used in conjunction with Wi-Fi Protected Access II (WPA2) or WPA3 security protocols to encrypt the data
transmitted over the wireless network. This ensures that even if unauthorized users can intercept the wireless signal, the data they capture will be
unreadable without the encryption key.
36

The Chief Compliance Officer from a bank has approved a background check policy for all new hires. Which of the following is the policy MOST
likely protecting against?

A.Preventing any current employees' siblings from working at the bank to prevent nepotism

B.Hiring an employee who has been convicted of theft to adhere to industry compliance

C.Filtering applicants who have added false information to resumes so they appear better qualiﬁed

D.Ensuring no new hires have worked at other banks that may be trying to steal customer information

An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should
be disabled.Which of the following can be used to accomplish this task?

A.Application allow list

B.SWG

C.Host-based ﬁrewall

D.VPN

C. Host-based ﬁrewall

Explanation:

A host-based firewall is software or hardware-based security that controls network traffic to and from a specific server. It allows administrators to
configure firewall rules at the individual server level, such as restricting which ports are open or closed.

A technician was dispatched to complete repairs on a server in a data center. While locating the server, the technician entered a restricted area
without authorization. Which of the following security controls would BEST prevent this in the future?

A.Use appropriate signage to mark all areas.

B.Utilize cameras monitored by guards.

C.Implement access control vestibules.

D.Enforce escorts to monitor all visitors.

C. Implement access control vestibules

Explanation:

Access control vestibules are secure entryways that prevent unauthorized access by ensuring that only authorized individuals can pass through
to restricted areas. These vestibules typically have two-door systems or turnstiles, where one door cannot open until the other is closed, ensuring
that only those who have been granted access can enter. This physical control is effective in ensuring that individuals cannot simply walk into
restricted areas, even if they inadvertently try to enter.

Which of the following would detect intrusions at the perimeter of an airport?

A.Signage

B.Fencing

C.Motion sensors

D.Lighting

E.Bollards

C. Motion sensors

Explanation:

Motion sensors are electronic devices designed to detect movement in a speciﬁc area. At the perimeter of an airport, motion sensors can be
strategically placed along fences or walls to detect any unauthorized movement. They are effective in alerting security personnel when an
intruder is attempting to breach the perimeter. This makes them an ideal choice for intrusion detection at the perimeter of a secured facility like
an airport.
37

A security analyst is concerned about critical vulnerabilities that have been detected on some applications running inside containers. Which of the
following is theBEST remediation strategy?

A.Update the base container Image and redeploy the environment.

B.Include the containers in the regular patching schedule for servers.

C.Patch each running container individually and test the application.

D.Update the host in which the containers are running.

Updating the base image addresses the root cause of the vulnerability by ﬁxing the container image that is being used across all deployments. It
ensures that all newly created containers will beneﬁt from the updated and patched version of the software or application.

An organization has decided to purchase an insurance policy because a risk assessment determined that the cost to remediate the risk is greater
than the ﬁve- year cost of the insurance policy. The organization is enabling risk:

A.avoidance.

B.acceptance.

C.mitigation.

D.transference.

A security analyst receives an alert from the company's SIEM that anomalous activity is coming from a local source IP address of 192.168.34.26.
The ChiefInformation Security Officer asks the analyst to block the originating source. Several days later, another employee opens an internal
ticket stating that vulnerability scans are no longer being performed properly. The IP address the employee provides is 192.168.34.26. Which of the
following describes this type of alert?

A.True negative

B.True positive

C.False positive

D.False negative

The false positive in this context means the security system incorrectly identiﬁed benign activity (vulnerability scans) as a security threat, causing
an unnecessary action (blocking the IP).

The subsequent discovery that the IP address is used by a legitimate process (vulnerability scans) conﬁrms that the alert was a false positive

A security analyst wants to reference a standard to develop a risk management program. Which of the following is the BEST source for the analyst
to use?

A.SSAE SOC 2

B.ISO 31000

C.NIST CSF

D.GDPR

Explanation:

ISO 31000 is an international standard for risk management. It provides guidelines and a framework for identifying, assessing, managing, and
monitoring risks in an organization. ISO 31000 is a comprehensive and widely recognized standard that can be used to develop a risk
management program across various types of organizations and industries.
38

The Chief Information Security Officer (CISO) requested a report on potential areas of improvement following a security incident. Which of the
following incident response processes is the CISO requesting?

A.Lessons learned

B.Preparation

C.Detection

D.Containment

E.Root cause analysis

Lessons learned involves reviewing the entire incident lifecycle, from detection to resolution, identifying gaps in policies, procedures, tools, or
training, and applying those lessons to enhance future security practices.

A company is providing security awareness training regarding the importance of not forwarding social media messages from unveriﬁed sources.
Which of the following risks would this training help to prevent?

A.Hoaxes

B.SPIMs

C.Identity fraud

D.Credential harvesting

Training employees about the dangers of forwarding social media messages from unveriﬁed sources helps prevent hoaxes, which are false or
misleading messages, often with the intent to deceive or cause unnecessary panic. Hoaxes can spread quickly through social media and other
communication channels, and forwarding them without veriﬁcation can lead to the rapid dissemination of misinformation.

A security analyst is receiving numerous alerts reporting that the response time of an internet-facing application has been degraded. However, the
internal network performance was not degraded. Which of the following MOST likely explains this behavior?

A.DNS poisoning

B.MAC ﬂooding

C.DDoS attack

D.ARP poisoning

A Distributed Denial of Service (DDoS) attack involves overwhelming a target server, application, or network with an excessive amount of traffic,
causing performance degradation or making the service unavailable. In this scenario, the application is internet-facing, and the alerts indicate
degraded response time for this application, but there is no impact on the internal network performance. This suggests that the problem is
speciﬁcally affecting the external availability of the service, which is a typical outcome of a DDoS attack.

Which of the following will increase cryptographic security?

A.High data entropy

B.Algorithms that require less computing power

C.Longer key longevity

D.Hashing

Explanation:

High data entropy refers to the level of randomness or unpredictability in data. In cryptographic terms, higher entropy means more randomness,
which is crucial for ensuring that cryptographic keys, IVs (initialization vectors), and other secrets used in encryption and hashing are difficult to
predict or guess.
39

Which of the following statements BEST describes zero-day exploits?

A.When a zero-day exploit is discovered, the system cannot be protected by any means.

B.Zero-day exploits have their own scoring category in CVSS.

C.A zero-day exploit is initially undetectable, and no patch for it exists.

D.Discovering zero-day exploits is always performed via bug bounty programs.

company wants to restrict emailing of PHI documents. The company is implementing a DLP solution. In order to restrict PHI documents, which of
the following should be performed FIRST?

A.Retention

B.Governance

C.Classiﬁcation

D.Change management

C. Classiﬁcation

Explanation:

Before implementing a Data Loss Prevention (DLP) solution to restrict the emailing of Protected Health Information (PHI) documents, the first
step is to classify the data. Classification involves categorizing documents and data based on their sensitivity and ensuring that PHI is properly
identified as confidential and subject to strict handling and transmission rules.

A security analyst is investigating some users who are being redirected to a fake website that resembles www.comptia.org. The following output
was found on the naming server of the organization:

Which of the following attacks has taken place?

• A. Domain reputation

• B. Domain hijacking

• C. Disassociation

• D. DNS poisoning
• Selected Answer: D
• DNS server cache poisoning aims to corrupt the records held by the DNS server itself. This can be accomplished by performing DoS
against the server that holds the authorized records for the domain, and then spoofing replies to requests from other name servers.
Another attack involves getting the victim name server to respond to a recursive query from the attacking host. A recursive query compels
the DNS server to query the authoritative server for the answer on behalf of the client.
40

Which of the following is the BEST example of a cost-effective physical control to enforce a USB removable media restriction policy?

A.Putting security/antitamper tape over USB ports, logging the port numbers, and regularly inspecting the ports

B.Implementing a GPO that will restrict access to authorized USB removable media and regularly verifying that it is enforced

C.Placing systems into locked, key-controlled containers with no access to the USB ports

D.Installing an endpoint agent to detect connectivity of USB and removable media

• Cost-effective: This approach does not require specialized software, devices, or infrastructure. Security tape is relatively inexpensive, and
the inspection process, while manual, is not resource-heavy.

• Physical control: It's a direct physical deterrent that can block access to USB ports.

• Enforceability: This option works by physically limiting access to the ports, which can be monitored and documented through periodic
checks.

A company suspects that some corporate accounts were compromised. The number of suspicious logins from locations not recognized by the users is
increasing.Employees who travel need their accounts protected without the risk of blocking legitimate login requests that may be made over new sign-in
properties. Which of the following security controls can be implemented?

A.Enforce MFA when an account request reaches a risk threshold.

B.Implement geofencing to only allow access from headquarters.
C.Enforce time-based login requests that align with business hours.
D.Shift the access control scheme to a discretionary access control.

Option A (Enforce MFA when an account request reaches a risk threshold) is the best approach because it provides an adaptive security
mechanism that can handle suspicious logins while minimizing the impact on legitimate users, especially those who may be traveling or working in
new locations.

An organization wants to participate in threat intelligence information sharing with peer groups. Which of the following would MOST likely meet the
organization's requirement?

A.Perform OSINT investigations.

B.Subscribe to threat intelligence feeds.

C.Submit RFCs.

D.Implement a TAXII server.

A TAXII server is a client that exchanges standardized and anonymized cyber threat intelligence among users. It works as a venue for sharing and
collecting Indicators of compromise, which have been anonymized to protect privacy.

Which of the following is the MOST effective control against zero-day vulnerabilities?

A.Network segmentation

B.Patch management

C.Intrusion prevention system

D.Multiple vulnerability scanners

An IPS can be more effective in detecting and blocking zero-day attacks because many advanced IPS systems use behavioral analysis, anomaly
detection, and heuristic methods to identify suspicious activities and potential exploits, even if they don't have a signature for a speciﬁc zero-day
vulnerability. While an IPS isn't foolproof, it can help detect and block exploit attempts that take advantage of unknown vulnerabilities by analyzing
patterns and behaviors indicative of exploitation.
41

Which of the following is the GREATEST security concern when outsourcing code development to third-party contractors for an internet-facing
application?

A.Intellectual property theft

B.Elevated privileges

C.Unknown backdoor

D.Quality assurance

The GREATEST security concern when outsourcing code development to third-party contractors for an internet-facing application is the possibility
of an unknown backdoor being introduced into the code. An unknown backdoor refers to unauthorized access points deliberately inserted into the
software without the knowledge or consent of the organization.

An organization has hired a red team to simulate attacks on its security posture. Which of the following will the blue team do after detecting an
IoC?

A.Reimage the impacted workstations.

B.Activate runbooks for incident response.

C.Conduct forensics on the compromised system.

D.Conduct passive reconnaissance to gather information.

When the blue team (the defensive security team) detects an Indicator of Compromise (IoC) during a red team exercise, the next logical step is to
activate their incident response procedures, which are often documented in runbooks. Runbooks are predeﬁned procedures that guide the blue
team through various incident response steps, including containment, eradication, and recovery.

An amusement park is implementing a biometric system that validates customers' fingerprints to ensure they are not sharing tickets. The
park's owner values customers above all and would prefer customers' convenience over security. For this reason, which of the following
features should the security team prioritizeFIRST?

A.Low FAR

B.Low efficacy

C.Low FRR

D.Low CER

For an amusement park where customer convenience is prioritized, the security team should focus on ensuring a low FRR to minimize
customer frustration and delays, ensuring the fingerprint system doesn't unfairly reject legitimate customers.

1. You web application developers come to you and request affinity scheduling from the load balance, Why does a web application benefit
from affinity shedulling?

Affinity scheduling, often referred to as session persistence or sticky sessions, is a load balancing technique where requests from a
particular user (or client) are consistently routed to the same server during their session. This can be highly beneficial for web applications,

1. Software or hadware appliance responsible for balancing user requests and network traffic among several different physical or
virtualized hosts

The software or hardware appliance responsible for balancing user requests and network traffic among several different physical or
virtualized hosts is called a Load Balancer.
42
43
44
45
46
47
48
49
50
51
52
53
54

A compensating control is a security measure put in place to offset the deficiency or gap in an existing control. These controls are
designed to reduce the risk to an acceptable level when the primary control is not sufficient or feasible to implement.

A deterrent control is a type of preventive control designed to deter individuals from performing malicious activities by making them aware of
the potential consequences or the presence of a security measure that can thwart their attempt.
55

Public ledgers are primarily associated with cryptocurrency and are used to track transactions on blockchain networks. A public ledger is a
decentralized, transparent, and immutable record of all transactions that have occurred within a particular cryptocurrency system (such as
Bitcoin, Ethereum, etc.).
56

• Data integrity protection: Hashing is used to ensure that data has not been altered.

• Cryptographic representation: A hash is a secure, irreversible representation of data.

• Fixed-length output: Hash functions always produce a hash of a fixed length, no matter the size of the input.

• Change Management is a formalized process within ITIL (Information Technology Infrastructure Library) and other frameworks used to
manage changes to the IT infrastructure. It ensures that changes are made in a controlled and systematic way, minimizing the impact
on the organization’s operations.

Authentication is the process of verifying the identity of a user, system, or entity to ensure that they are who they claim to be. This process
involves checking credentials such as passwords, biometrics, digital certificates, or security tokens to grant access to systems, data, or
services.
57

HSM (Hardware Security Module):

• Use Case for Web Applications: HSMs are widely used for securing web applications, especially when they require the management
and protection of sensitive cryptographic keys (e.g., private keys for SSL/TLS certificates, encryption keys for databases, or API key
management).

• ECB is considered the weakest because it does not provide any protection against patterns in the plaintext. In contrast, OFB, CBC,
and CTR all introduce some form of randomness or chaining to prevent identical plaintext blocks from resulting in identical ciphertext,
making them much more secure than ECB.
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

During an incident response process involving a laptop, a host was identified as the entry point for malware. The management team would
like to have the laptop restored and given back to the user. The cybersecurity analyst would like to continue investigating the intrusion on the
host. Which of the following would allow the analyst to continue the investigation and also return the laptop to the user as soon as possible?

A.dd
B.memdump

C.tcpdump

D.head

An attacker browses a company's online job board attempting to find any relevant information regarding the technologies the company uses.
Which of the following BEST describes this social engineering technique?
A.Hoax

B.Reconnaissance

C.Impersonation

D.Pretexting
82

A security engineer must deploy two wireless routers in an office suite. Other tenants in the office building should not be able to connect to
this wireless network.Which of the following protocols should the engineer implement to ensure the STRONGEST encryption?
A.WPS
B.WPA2

C.WAP

D.HTTPS

An analyst is reviewing logs associated with an attack. The logs indicate an attacker downloaded a malicious file that was quarantined by the
AV solution. The attacker utilized a local non-administrative account to restore the malicious file to a new location. The file was then used by
another process to execute a payload.Which of the following attacks did the analyst observe?

A.Privilege escalation

B.Request forgeries
C.Injection

D.Replay attack

Which of the following control types fixes a previously identified issue and mitigates a risk?

A.Detective

B.Corrective
C.Preventative

D.Finalized

The Chief Information Security Officer (CISO) of a bank recently updated the incident response policy. The CISO is concerned that members
of the incident response team do not understand their roles. The bank wants to test the policy but with the least amount of resources or
impact. Which of the following BEST meets the requirements?

A.Warm site failover

B.Tabletop walk-through

C.Parallel path testing

D.Full outage simulation

Which of the following is used to ensure that evidence is admissible in legal proceedings when it is collected and provided to the authorities?

A.Chain of custody

B.Legal hold

C.Event log
D.Artifacts

An organization would like to give remote workers the ability to use applications hosted inside the corporate network. Users will be allowed to
use their personal computers, or they will be provided organization assets. Either way, no data or applications will be installed locally on any
user systems. Which of the following mobile solutions would accomplish these goals?

A.VDI

B.MDM

C.COPE

D.UTM
83

An attacker has determined the best way to impact operations is to infiltrate third-party software vendors. Which of the following vectors is
being exploited?
A.Social media

B.Cloud
C.Supply chain

D.Social Engineering

A user reports falling for a phishing email to an analyst. Which of the following system logs would the analyst check FIRST?
A.DNS
B.Message gateway

C.Network

D.Authentication

Which of the following prevents an employee from seeing a colleague who is visiting an inappropriate website?

A.Job rotation policy

B.NDA

C.AUP

D.Separation of duties policy

Which of the following is the MOST effective way to detect security flaws present on third-party libraries embedded on software before it is
released into production?

A.Employ different techniques for server- and client-side validations

B.Use a different version control system for third-party libraries

C.Implement a vulnerability scan to assess dependencies earlier on SDLC

D.Increase the number of penetration tests before software release

A security analyst is receiving several alerts per user and is trying to determine if various logins are malicious. The security analyst would like
to create a baseline of normal operations and reduce noise. Which of the following actions should the security analyst perform?
A.Adjust the data flow from authentication sources to the SIEM.

B.Disable email alerting and review the SIEM directly.

C.Adjust the sensitivity levels of the SIEM correlation engine.

D.Utilize behavioral analysis to enable the SIEM's learning mode.

After a recent external audit, the compliance team provided a list of several non-compliant, in-scope hosts that were not encrypting cardholder
data at rest. Which of the following compliance frameworks would address the compliance team's GREATEST concern?
A.PCI DSS

B.GDPR
C.ISO 27001

D.NIST CSF

A.PCI DSS

B.GDPR

C.ISO 27001

D.NIST CSF
84

A company acquired several other small companies. The company that acquired the others is transitioning network services to the cloud. The
company wants to make sure that performance and security remain intact. Which of the following BEST meets both requirements?

A.High availability
B.Application security

C.Segmentation
D.Integration and auditing

An annual information security assessment has revealed that several OS-level configurations are not in compliance due to outdated
hardening standards the company is using. Which of the following would be BEST to use to update and reconfigure the OS-level security
configurations?
• A. CIS benchmarks

• B. GDPR guidance

• C. Regional regulations
• D. ISO 27001 standards

CIS Benchmarking -> CIS Benchmarks from the Center of Internet Security (CIS) are a set of globally recognized and consensus-driven best
practices to help security practitioners implement and manage their cybersecurity defenses.

Which of the following controls is used to make an organization initially aware of a data compromise?

A.Protective

B.Preventative

C.Corrective

D.Detective

Detective control identifies security events that have already occurred. Intrusion detection systems are detective controls.
======================= Preventative Controls - acts to eliminate or reduce the likelihood that an attack can succeed. A preventative
control operates before an attack can take place. They are comparing the configurations to a secure guideline to ensure no gaps. Meaning
they are pre-emptively hardening their systems against future attack vectors. Corrective Controls - controls that remediate security issues that
have already occurred. Restoring backups after a ransomware attack is an example of a corrective control.

A Chief Information Security Officer wants to ensure the organization is validating and checking the integrity of zone transfers. Which of the
following solutions should be implemented?

A.DNSSEC

B.LDAPS

C.NGFW

D.DLP
"Domain Name System Security Extensions (DNSSEC) A suite of security extensions proposed and used by the US government and other
entities that allows for secure DNS queries and zone transfers. DNSSEC provides the capability to authenticate DNS information from known
and trusted servers."

A security architect is required to deploy to conference rooms some workstations that will allow sensitive data to be displayed on large
screens. Due to the nature of the data, it cannot be stored in the conference rooms. The file share is located in a local data center. Which of
the following should the security architect recommend to BEST meet the requirement?

A.Fog computing and KVMs

B.VDI and thin clients

C.Private cloud and DLP

D.Full drive encryption and thick clients
85

A social media company based in North America is looking to expand into new global markets and needs to maintain compliance with
international standards.With which of the following is the company's data protection officer MOST likely concerned?
A.NIST Framework

B.ISO 27001
C.GDPR

D.PCI-DSS

A network engineer created two subnets that will be used for production and development servers. Per security policy production and
development servers must each have a dedicated network that cannot communicate with one another directly. Which of the following should
be deployed so that server administrators can access these devices?

A.VLANs

B.Internet proxy servers

C.NIDS
D.Jump servers
A jump server, jump host or jump box is a system on a network used to access and manage devices in a separate security zone. A jump
server is a hardened and monitored device that spans two dissimilar security zones and provides a controlled means of access between them

A web server has been compromised due to a ransomware attack. Further investigation reveals the ransomware has been in the server for
the past 72 hours. The systems administrator needs to get the services back up as soon as possible. Which of the following should the
administrator use to restore services to a secure state?

A.The last incremental backup that was conducted 72 hours ago

B.The last known-good configuration

C.The last full backup that was conducted seven days ago

D.The baseline OS configuration

A user's account is constantly being locked out. Upon further review, a security analyst found the following in the SIEM:

Which of the following describes what is occurring?

• A. An attacker is utilizing a password-spraying attack against the account.

• B. An attacker is utilizing a dictionary attack against the account.

• C. An attacker is utilizing a brute-force attack against the account. Most Voted

• D. An attacker is utilizing a rainbow table attack against the account.

Brute Force -> will try any password combination, resulting with a lock out most of the time
86

Which of the following processes will eliminate data using a method that will allow the storage device to be reused after the process is
complete?
A.Pulverizing
B.Overwriting

C.Shredding

D.Degaussing

Overwriting is a process that replaces existing data on a storage device with new data, making the original information unrecoverable. This
method allows the storage device to be reused after the process, as the physical structure of the device remains intact.

A security analyst is tasked with defining the "something you are" factor of the company's MFA settings. Which of the following is BEST to use
to complete the configuration?

A.Gait analysis
B.Vein

C.Soft token
D.HMAC-based, one-time password
"Something you are" in MFA refers to biometric factors that are inherent to the individual. Vein recognition, which uses unique patterns of
veins in a person’s hand or finger, is a strong biometric authentication method.

A company is moving its retail website to a public cloud provider. The company wants to tokenize credit card data but not allow the cloud
provider to see the stored credit card information. Which of the following would BEST meet these objectives?

A.WAF

B.CASB

C.VPN

D.TLS

A CASB can provide tokenization of sensitive data, such as credit card information, before it is stored in the cloud. This allows the company to
maintain control over and protect the data by ensuring that the cloud provider cannot view or access the original credit card information. A
CASB can act as an intermediary, enforcing security policies and providing data protection capabilities, including encryption and tokenization,
specifically tailored for cloud environments.

• A. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53

Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port 53
• B. Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53
Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

• C. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53

Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53

• D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53

Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?

• A. Hacktivist

• B. Whistleblower

• C. Organized crime

• D. Unskilled attacker

Which of the following is used to add extra complexity before using a one-way data transformation algorithm?

• A. Key stretching

• B. Data masking

• C. Steganography

• D. Salting
87

• Which of the following types of identification methods can be performed on a deployed application during runtime?
• ADynamic analysis

• BCode review

• CPackage monitoring

• DBug bounty

• Expose Correct Answer

• Answer : A
• Dynamic analysis is performed on software during execution to identify vulnerabilities based on how the software behaves in real-world scenarios. It is
useful in detecting security issues that only appear when the application is running.
Which of the following is the best way to provide secure remote access for employees while minimizing the exposure of a company's internal
network?

AVPN

BLDAP

CFTP

DRADIUS

Answer : A

A VPN (Virtual Private Network) is a secure method to provide employees with remote access to a company's network. It encrypts data,
protecting it from interception and ensuring secure communication between the user and the internal network.

An administrator must replace an expired SSL certificate. Which of the following does the administrator need to create the new SSL
certificate?
A CSR
B OCSP

C Key

D CRL

Answer : A

A Certificate Signing Request (CSR) is a request sent to a certificate authority (CA) to issue an SSL certificate. The CSR contains information
like the public key, which will be part of the certificate.

Which of the following strategies should an organization use to efficiently manage and analyze multiple types of logs?

A Deploy a SIEM solution

B Create custom scripts to aggregate and analyze logs

C Implement EDR technology

D Install a unified threat management appliance

Answer : A

Deploying a Security Information and Event Management (SIEM) solution allows for efficient log aggregation, correlation, and analysis across
an organization's infrastructure, providing real-time security insights.

A customer has a contract with a CSP and wants to identify which controls should be implemented in the IaaS enclave. Which of the following
is most likely to contain this information?

A Statement of work

B Responsibility matrix

C Service-level agreement

D Master service agreement

Answer : B
A responsibility matrix clarifies the division of responsibilities between the cloud service provider (CSP) and the customer, ensuring that each
party understands and implements their respective security controls.
88

A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following
documents should the company provide to the client?
• A. MSA

• B. SLA

• C. BPA

• D. SOW

An SOW is a document that outlines the specifics of a project, including the scope of work, deliverables, cost, and time frame for completion.
This is the appropriate document to provide a client with detailed information about what will be done, the timeline, and the associated costs.

Which of the following roles, according to the shared responsibility model, is responsible for securing the company’s database in an IaaS
model for a cloud environment?
• A. Client

• B. Third-party vendor
• C. Cloud provider

• D. DBA
• A. Client
• In an IaaS (Infrastructure as a Service) model, the cloud provider is responsible for securing the underlying infrastructure (such as servers,
networking, and storage), while the client (the organization using the cloud) is responsible for securing the data, applications, and databases running
on that infrastructure. This includes configuring the database, applying patches, managing access controls, and ensuring overall security.

A systems administrator receives the following alert from a file integrity monitoring tool:
The hash of the cmd.exe file has changed.
The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most
likely occurred?

• A. The end user changed the file permissions.

• B. A cryptographic collision was detected.

• C. A snapshot of the file system was taken.

• D. A rootkit was deployed.

A rootkit is a type of malicious software designed to hide its presence and gain unauthorized access to a system. It can alter system files,
such as cmd.exe, to carry out malicious activities while trying to evade detection by hiding in system logs or other tools. The change in the
hash of a critical system file like cmd.exe without any corresponding patch being applied suggests that an attacker might have tampered with
the file, possibly deploying a rootkit.

A company has begun labeling all laptops with asset inventory stickers and associating them with employee IDs. Which of the following
security benefits do these actions provide? (Choose two.)

• A. If a security incident occurs on the device, the correct employee can be notified.

• B. The security team will be able to send user awareness training to the appropriate device.

• C. Users can be mapped to their devices when configuring software MFA tokens.

• D. User-based firewall policies can be correctly targeted to the appropriate laptops.

• E. When conducting penetration testing, the security team will be able to target the desired laptops.
• F. Company data can be accounted for when the employee leaves the organization.

• A. Active

• B. Passive

• C. Defensive

• D. Offensive

Port and service scanning involves actively probing the target environment to identify open ports, running services, and other network-related
information. This is considered active reconnaissance because the tester is directly interacting with the target system, sending packets or
requests that can be logged or detected by the target.
89

Which of the following is required for an organization to properly manage its restore process in the event of system failure?
• A. IRP

• B. DRP

• C. RPO

• D. SDLC
• B. DRP (Disaster Recovery Plan)
• A Disaster Recovery Plan (DRP) outlines the procedures and processes for restoring IT systems and data in the event of a system failure, natural
disaster, or other disruptions. It is essential for organizations to have a DRP in place to ensure a structured and efficient recovery process.

Which of the following vulnerabilities is associated with installing software outside of a manufacturer’s approved software repository?

• A. Jailbreaking

• B. Memory injection

• C. Resource reuse

• D. Side loading

An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for
the analyst to evaluate?

• A. Secured zones

• B. Subject role
• C. Adaptive identity

• D. Threat scope reduction

A. Secured zones

In a Zero Trust architecture, secured zones are crucial for segmenting the network and enforcing strict access controls at each zone. The data plane is
responsible for transmitting data between different components, so securing these zones ensures that only authorized users or systems can access or interact
with the data at different points in the network.

An engineer needs to find a solution that creates an added layer of security by preventing unauthorized access to internal company
resources. Which of the following would be the best solution?
• A. RDP server

• B. Jump server

• C. Proxy server

• D. Hypervisor

A jump server (also known as a bastion host) is a secure, intermediary server that acts as a gateway between an internal network and
external access. It is used to provide controlled access to internal resources by requiring authentication to the jump server before users can
access more sensitive systems. The jump server adds an extra layer of security by preventing direct access to internal company resources,
reducing the attack surface.

A company needs to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary.
Which of the following methods is most secure?

• A. Implementing a bastion host

• B. Deploying a perimeter network

• C. Installing a WAF

• D. Utilizing single sign-on

A bastion host (also known as a jump server) is a server specifically designed to provide administrative access to internal resources from
an external network, such as the internet. It is placed at the security boundary and acts as a gateway to internal systems, reducing the
exposure of internal resources. Access to the internal network is typically restricted to the bastion host, and all administrative tasks are
performed through it.
90

A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings
indicated that a web application form field is vulnerable to cross-site scripting. Which of the following application security techniques should
the security analyst recommend the developer implement to prevent this vulnerability?

• A. Secure cookies
• B. Version control
• C. Input validation

• D. Code signing

Input validation is the most effective application security technique for preventing cross-site scripting vulnerabilities by ensuring that user
input is both safe and appropriate.

An organization’s internet-facing website was compromised when an attacker exploited a buffer overflow. Which of the following should the
organization deploy to best protect against similar attacks in the future?
• A. NGFW

• B. WAF

• C. TLS

• D. SD-WAN
A Web Application Firewall (WAF) is designed to protect web applications by filtering and monitoring HTTP requests and can specifically
detect and block common web-based attacks, including buffer overflow attacks. A WAF provides application-layer security and inspects
incoming traffic to identify and mitigate malicious requests, such as those exploiting input vulnerabilities in web applications.

An organization implemented a process that compares the settings currently configured on systems against secure configuration guidelines in
order to identify any gaps. Which of the following control types has the organization implemented?

A.Compensating

B.Corrective
C.Preventive

D.Detective

A Detective control identifies and detects any deviations from established secure configuration guidelines, allowing the organization to
identify gaps or vulnerabilities after they have occurred. This aligns with the process of comparing current system configurations against
security standards to identify issues.

The Chief Information Security Officer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS
applications to be blocked from user access. Which of the following is the BEST security solution to reduce this risk?

A.CASB

B.VPN concentrator

C.MFA

D.VPC endpoint
The BEST security solution to reduce the risk of shadow IT, especially in relation to unsanctioned high-risk SaaS applications, is A. CASB
(Cloud Access Security Broker).

A CASB provides visibility into cloud application usage across an organization and helps enforce security policies related to cloud services,
including identifying and controlling access to unsanctioned or risky SaaS applications. It allows organizations to monitor and block
unauthorized cloud apps, which directly addresses the issue of shadow IT.

A technician enables full disk encryption on a laptop that will be taken on a business trip. Which of the following does this process BEST
protect?

A.Data in transit

B.Data in processing

C.Data at rest

D.Data tokenization

Data at rest refers to data that is stored on a device, such as files saved on a hard drive or SSD. Full disk encryption ensures that the data
stored on the laptop is protected, even if the device is lost or stolen while on a business trip. It encrypts the entire disk, making it unreadable
without the appropriate decryption key or password.
91

A company would like to provide employees with computers that do not have access to the internet in order to prevent information
from being leaked to an online forum. Which of the following would be best for the systems administrator to implement?
A. Air gap
B. Jump server
C. Logical segmentation
D. Virtualization

An air gap is a security measure where a computer or network is physically isolated from unsecured networks, such as the internet. This
ensures that the system cannot send or receive data over the internet, thereby preventing any potential information leakage.

An administrator needs to perform server hardening before deployment. Which of the followingsteps should the administrator
take? (Select two)

A. Disable default accounts.

B. Add the server to the asset inventory.
C. Remove unnecessary services.
D. Document default passwords.
E. Send server logs to the SIEM.E. Join the server to the corporate domain.
A. Disable default accounts – Default accounts, such as those created during installation or by the manufacturer, often have well-known
passwords or permissions that attackers can exploit. Disabling these accounts helps reduce the attack surface.

C. Remove unnecessary services – Unnecessary services and features increase the attack surface of the server. By removing or disabling
services that are not required for the server's intended function, the administrator reduces potential entry points for attackers.

Which of the following tasks is typically included in the BIA process?

A. Estimating the recovery time of systems

B. Identifying the communication strategy
C. Evaluating the risk management plan
D. Establishing the backup and recovery procedures
E. Developing the incident response plan

Answer : A

A Business Impact Analysis (BIA) focuses on identifying the critical functions and systems of an organization and estimating the impact of a
disruption on those functions. One of the key tasks in a BIA is to determine the Recovery Time Objective (RTO), which is the estimated time
required to restore a system or process after a disruption. This is crucial for planning recovery priorities and ensuring continuity of critical
operations.

Which of the following describes effective change management procedures?

A. Approving the change after a successful deployment

B. Having a backout plan when a patch fails
C. Using a spreadsheet for tracking changes
D. Using an automatic change control bypass for security updates
Answer : B

B. Having a backout plan when a patch fails

In effective change management procedures, a backout plan (or rollback plan) is essential. This plan outlines the steps to revert the system
to its previous state if a change, such as a patch or update, causes unexpected issues or fails. This minimizes downtime and helps maintain
stability and continuity.

A security administrator is configuring fileshares. The administrator removed the default permissionsand added permissions for
only users who will need to access the fileshares as part of their jobduties. Which of the following best describes why the
administrator performed these actions?

A. Encryption standard compliance

B. Data replication requirements
C. Least privilege
D. Access control monitoring
92

A security analyst was called to investigate a file received directly from a hardware manufacturer. The analyst is trying to determine whether
the file was modified in transit before installation on the user's computer. Which of the following can be used to safely assess the file?
A.Check the hash of the installation file.

B.Match the file names.

C.Verify the URL download location.

D.Verify the code signing certificate.

A. Check the hash of the installation file.

To verify if a file has been altered during transit, comparing the file's hash with the hash provided by the manufacturer is an effective
approach. Hash functions generate a unique digital fingerprint for the file, and any modification—even a minor one—will result in a different
hash value. This makes it a reliable way to confirm file integrity.

A help desk technician receives a phone call from someone claiming to be a part of the organization's cybersecurity incident response team.
The caller asks the technician to verify the network's internal firewall IP Address. Which of the following is the technician's BEST course of
action?

A.Direct the caller to stop by the help desk in person and hang up declining any further requests from the caller.
B.Ask for the caller's name, verify the person's identity in the email directory, and provide the requested information over the phone.

C.Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the
organization's cybersecurity officer.
D.Request the caller send an email for identity verification and provide the requested information via email to the caller.

Which of the following would BEST provide detective and corrective controls for thermal regulation?

• A. A smoke detector

• B. A fire alarm

• C. An HVAC system Most Voted

• D. A fire suppression system

• E. Guards

An HVAC system is designed to control the environment in which it works. It achieves this by controlling the temperature (THERMAL) of a
room through heating and cooling. It also controls the humidity level in that environment by controlling the movement and distribution of air
inside the room. So it provides detective and corrective controls for THERMAL regulation.

Which of the following is a benefit of including a risk management framework into an organization's security approach?

A.It defines expected service levels from participating supply chain partners to ensure system outages are remediated in a timely manner.

B.It identifies specific vendor products that have been tested and approved for use in a secure environment.

C.It provides legal assurances and remedies in the event a data breach occurs.

D.It incorporates control, development, policy, and management activities into IT operations.

A risk management framework incorporates various control, development, policy, and management activities into an organization's IT
operations. It provides a structured approach to identifying and managing risks, which includes defining risk appetite, risk assessment
methodologies, risk treatment strategies, and risk monitoring and reporting.
93

An organization maintains several environments in which patches are developed and tested before being deployed to an operational status.
Which of the following is the environment in which patches will be deployed just prior to being put into an operational status?
A.Development

B.Test
C.Production

D.Staging

the prior stage to operational (production stage) is the staging where it is deployed for final validation

During a trial, a judge determined evidence gathered from a hard drive was not admissible. Which of the following BEST explains this
reasoning?

A.The forensic investigator forgot to run a checksum on the disk image after creation.
B.The chain of custody form did not note time zone offsets between transportation regions.

C.The computer was turned off, and a RAM image could not be taken at the same time.

D.The hard drive was not properly kept in an antistatic bag when it was moved.

An organization wants to implement a biometric system with the highest likelihood that an unauthorized user will be denied access. Which of
the following should the organization use to compare biometric solutions?

A.FRR

B.Difficulty of use

C.Cost
D.FAR

E.CER
To implement a biometric system with the highest likelihood that an unauthorized user will be denied access, the organization should compare
biometric solutions based on the D. FAR (False Acceptance Rate).

A company recently experienced a significant data loss when proprietary information was leaked to a competitor. The company took special
precautions by using proper labels; however, email filter logs do not have any record of the incident. An investigation confirmed the corporate
network was not breached, but documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud
storage. Which of the following is the BEST remediation for this data leak?

A.User training
B.CASB

C.MDM

D.DLP

An attacker was eavesdropping on a user who was shopping online. The attacker was able to spoof the IP address associated with the
shopping site. Later, the user received an email regarding the credit card statement with unusual purchases. Which of the following attacks
took place?

A.On-path attack

B.Protocol poisoning

C.Domain hijacking

D.Bluejacking

Correct Answer:A
94

A company is considering transitioning to the cloud. The company employs individuals from various locations around the world. The company
does not want to increase its on premises infrastructure blueprint and only wants to pay for additional compute power required. Which of the
following solutions would BEST meet the needs of the company?

A.Private cloud
B.Hybrid environment
C.Managed security service provider

D.Hot backup site

After multiple on premises security solutions were migrated to the cloud, the incident response time increased. The analysts are spending a
long time trying to trace information on different cloud consoles and correlating data in different formats. Which of the following can be used to
optimize the incident response time?

A.CASB

B.VPC

C.SWG

D.CMS
A. CASB (Cloud Access Security Broker)

A CASB provides centralized visibility, control, and security policy enforcement across multiple cloud services. It can integrate data from
different cloud environments into a unified console, streamlining data correlation and analysis. This reduces the time analysts spend gathering
and reconciling data across disparate systems, thereby speeding up incident response.

Which of the following control types would be BEST to use in an accounting department to reduce losses from fraudulent transactions?

A.Recovery

B.Deterrent

C.Corrective
D.Detective

A company is receiving emails with links to phishing sites that look very similar to the company's own website address and content. Which of
the following is theBEST way for the company to mitigate this attack?

A.Create a honeynet to trap attackers who access the VPN with credentials obtained by phishing.

B.Generate a list of domains similar to the company's own and implement a DNS sinkhole for each.
C.Disable POP and IMAP on all Internet-facing email servers and implement SMTPS.

D.Use an automated tool to flood the phishing websites with fake usernames and passwords.

A SOC operator is receiving continuous alerts from multiple Linux systems indicating that unsuccessful SSH attempts to a functional user ID
have been attempted on each one of them in a short period of time. Which of the following BEST explains this behavior?

A.Rainbow table attack

B.Password spraying

C.Logic bomb

D.Malware bot

A tax organization is working on a solution to validate the online submission of documents. The solution should be carried on a portable USB
device that should be inserted on any computer that is transmitting a transaction securely. Which of the following is the BEST certificate for
these requirements?

A.User certificate

B.Self-signed certificate
C.Computer certificate

D.Root certificate
95

A routine audit of medical billing claims revealed that several claims were submitted without the subscriber's knowledge. A review of the audit
logs for the medical billing company's system indicated a company employee downloaded customer records and adjusted the direct deposit
information to a personal bank account.Which of the following does this action describe?
A.Insider threat

B.Social engineering

C.Third-party risk

D.Data breach

recent audit cited a risk involving numerous low-criticality vulnerabilities created by a web application using a third-party library. The
development staff state there are still customers using the application even though it is end of life and it would be a substantial burden to
update the application for compatibility with more secure libraries. Which of the following would be the MOST prudent course of action?
A.Accept the risk if there is a clear road map for timely decommission.

B.Deny the risk due to the end-of-life status of the application.

C.Use containerization to segment the application from other applications to eliminate the risk.

D.Outsource the application to a third-party developer group.

A security analyst is evaluating solutions to deploy an additional layer of protection for a web application. The goal is to allow only encrypted
communications without relying on network devices. Which of the following can be implemented?
A.HTTP security header

B.DNSSEC implementation

C.SRTP

D.S/MIME

When enabled on the server, HTTP Strict Transport Security (HSTS), part of HTTP Security header, enforces the use of encrypted HTTPS
connections instead of plain-text HTTP communication.

A company labeled some documents with the public sensitivity classification. This means the documents can be accessed by:

A.employees of other companies and the press.

B.all members of the department that created the documents.

C.only the company's employees and those listed in the document.

D.only the individuals listed in the documents.

A help desk technician receives an email from the Chief Information Officer (CIO) asking for documents. The technician knows the CIO is on

vacation for a few weeks. Which of the following should the technician do to validate the authenticity of the email?

Check the metadata in the email header of the received path in reverse order to follow the email's path.
B.

Hover the mouse over the CIO's email address to verify the email address.

Look at the metadata in the email header and verify the ‫ג‬€From: ‫ג‬€ line matches the CIO's email address.

Forward the email to the CIO and ask if the CIO sent the email requesting the documents.
96

Which of the following is the MOST relevant security check to be performed before embedding third-party libraries in developed code?
• A. Check to see if the third party has resources to create dedicated development and staging environments.

• B. Verify the number of companies that downloaded the third-party code and the number of contributions on the code repository.

• C. Assess existing vulnerabilities affecting the third-party code and the remediation efficiency of the libraries' developers. Most Voted

• D. Read multiple penetration-testing reports for environments running software that reused the library.

Which of the following cloud models provides clients with servers, storage, and networks but nothing else?
A. SaaS

B. PaaS

C. IaaS

D. DaaS

C. IaaS (Infrastructure as a Service)

IaaS provides clients with fundamental IT resources such as servers, storage, and networks, allowing them to build their own platforms and
applications on top of this infrastructure. It doesn’t include the applications or development tools found in other models like SaaS (Software as
a Service) or PaaS (Platform as a Service).

Which of the following will MOST likely adversely impact the operations of unpatched traditional programmable-logic controllers, running a
backend

LAMP server and OT systems with human-management interfaces that are accessible over the Internet via a web interface? (Choose two.)

A. Cross-site scripting

B. Data exfiltration
C. Poor system logging

D. Weak encryption

E. SQL injection

F. Server-side request forgery

SQL Injection (E):

• A common vulnerability in backend LAMP (Linux, Apache, MySQL, PHP) servers. Attackers can exploit SQL injection to manipulate the
database, retrieve sensitive data, or modify the system. This is particularly dangerous for systems with weak or no patching.

Server-Side Request Forgery (SSRF) (F):

• Allows attackers to trick the server into making unauthorized requests to internal or external services. Since OT systems and human-
machine interfaces are accessible over the internet, SSRF can be used to target unpatched systems and potentially gain control over
critical infrastructure.

A Chief Security Office's (CSO's) key priorities are to improve preparation, response, and recovery practices to minimize system downtime
and enhance organizational resilience to ransomware attacks. Which of the following would BEST meet the CSO's objective

A. Use email-filtering software and centralized account management, patch high-risk systems, and restrict administration privileges on

fileshares.

B. Purchase cyber insurance from a reputable provider to reduce expenses during an incident.
C. Invest in end-user awareness training to change the long-term culture and behavior of staff and executives, reducing the organization's

susceptibility to phishing attacks.

D. Implement application whitelisting and centralized event-log management, and perform regular testing and validation of full backups.

A company's help desk has received calls about the wireless network being down and users being unable to connect to it. The network
administrator says all access points are up and running. One of the help desk technicians notices the affected users are working in a building
near the parking lot. Which of the following is the most likely reason for the outage?

• A. Someone near the building is jamming the signal. Most Voted

• B. A user has set up a rogue access point near the building.

• C. Someone set up an evil twin access point in the affected area.

• D. The APs in the affected area have been unplugged from the network.
97

A network engineer is troubleshooting wireless network connectivity issues that were reported by users. The issues are occurring only in the
section of the building that is closest to the parking lot. Users are intermittently experiencing slow speeds when accessing websites and are
unable to connect to network drives. The issues appear to increase when laptop users return to their desks after using their devices in other
areas of the building. There have also been reports of users being required to enter their credentials on web pages in order to gain access to
them. Which of the following is the MOST likely cause of this issue?
• A. An external access point is engaging in an evil-twin attack. Most Voted

• B. The signal on the WAP needs to be increased in that section of the building.

• C. The certificates have expired on the devices and need to be reinstalled.

• D. The users in that section of the building are on a VLAN that is being blocked by the firewall

A security administrator suspects an employee has been emailing proprietary information to a competitor. Company policy requires the

administrator to capture an exact copy of the employee's hard disk. Which of the following should the administrator use?
A. dd

B. chmod

C. dnsenum

D. logger
dd is a command-line utility used to create exact copies of storage devices, including hard disks. It is commonly used for disk imaging in
forensic investigations to ensure an exact replica of the drive is captured without altering the original data, which is critical for maintaining
evidence integrity.

A security administrator is reissuing a former employee's laptop. Which of the following is the best combination of data handling activities for
the administrator to perform? (Choose two.)

• A. Data retention

• B. Certification
• C. Destruction

• D. Classification

• E. Sanitization

• F. Enumeration

Destruction (C):

• This involves securely erasing sensitive data to ensure it cannot be recovered. It is critical to destroy any data that is no longer needed
and prevent unauthorized access to sensitive or proprietary information.

Sanitization (E):

• Sanitization is the process of thoroughly cleaning the laptop’s storage to remove all traces of data, making it safe for reuse. Methods
include overwriting data, cryptographic erasure, or factory resets, depending on the sensitivity of the previous data and company
policies.

Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data processors?

A. SSAE SOC 2
B. PCI DSS

C. GDPR

D. ISO 31000

The General Data Protection Regulation (GDPR) is a European Union regulation that specifically outlines the roles and responsibilities of
data controllers and data processors in handling personal data. It defines:

• Data Controller: The entity that determines the purposes and means of processing personal data.

• Data Processor: The entity that processes personal data on behalf of the controller.

GDPR provides strict guidelines on data protection, privacy rights, and the obligations of both parties to ensure compliance and protect
personal data

Phishing and spear-phishing attacks have been occurring more frequently against a company's staff. Which of the following would MOST
likely
98

Phishing and spear-phishing attacks have been occurring more frequently against a company's staff. Which of the following would MOST
likely help mitigate this issue?
A.DNSSEC and DMARC

B. DNS query logging

C. Exact mail exchanger records in the DNS

D. The addition of DNS conditional forwarders

DNSSEC (Domain Name System Security Extensions):

• Protects against DNS spoofing and ensures that users are directed to the correct domain, reducing the risk of phishing attacks that rely
on fake websites.

DMARC (Domain-based Message Authentication, Reporting, and Conformance):

• Works with SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to authenticate email senders and block spoofed
emails, which are often used in phishing and spear-phishing attacks.

On which of the following is the live acquisition of data for forensic analysis MOST dependent? (Choose two.)
A. Data accessibility

B. Legal hold

C. Cryptographic or hash algorithm

D. Data retention legislation

E. Value and volatility of data

F. Right-to-audit clauses

Data accessibility (A):

• Live acquisition requires access to the system or device to capture volatile data, such as data in RAM or active processes. If the data
isn't accessible due to encryption, permissions, or other barriers, acquisition cannot proceed.

Value and volatility of data (E):

• Volatile data, such as data in memory or open network connections, is highly transient and can be lost if not captured immediately. Live
acquisition prioritizes this type of data because of its fleeting nature and its forensic value in reconstructing events.

A security auditor is reviewing vulnerability scan data provided by an internal security team. Which of the following BEST indicates that valid

credentials were used?

A. The scan results show open ports, protocols, and services exposed on the target host

B. The scan enumerated software versions of installed programs

C. The scan produced a list of vulnerabilities on the target host

D. The scan identified expired SSL certificates

B. The scan enumerated software versions of installed programs

Explanation:

Using valid credentials during a vulnerability scan allows the scanner to access detailed information about the system, such as installed
software and their versions. This level of insight typically requires authenticated access to the target system.
99

Which of the following BEST explains the difference between a data owner and a data custodian?

A. The data owner is responsible for adhering to the rules for using the data, while the data custodian is responsible for determining the

corporate governance regarding the data

B. The data owner is responsible for determining how the data may be used, while the data custodian is responsible for implementing the

protection to the data

C.The data owner is responsible for controlling the data, while the data custodian is responsible for maintaining the chain of custody when

handling the data

D.The data owner grants the technical permissions for data access, while the data custodian maintains the database access controls to the

Data

A network engineer needs to build a solution that will allow guests at the company's headquarters to access the Internet via WiFi. This
solution

should not allow access to the internal corporate network, but it should require guests to sign off on the acceptable use policy before
accessing

the Internet. Which of the following should the engineer employ to meet these requirements?

A. Implement open PSK on the APs

B. Deploy a WAF

C. Configure WIPS on the APs

D. Install a captive portal

Explanation:

• A captive portal is a web page that users are automatically directed to when attempting to connect to a guest WiFi network.

• It typically requires users to agree to terms, such as an acceptable use policy, before granting Internet access.

• This solution is commonly used for guest networks to enforce access policies without providing access to the internal corporate
network.

A network administrator needs to build out a new datacenter, with a focus on resiliency and uptime. Which of the following would BEST meet
this

objective?

(Choose two.)

A. Dual power supply

B. Off-site backups
C. Automatic OS upgrades

D. NIC teaming

E. Scheduled penetration testing

F. Network-attached storage

Several employees return to work the day after attending an industry trade show. That same day, the security manager notices several
malware alerts coming from each of the employee's workstations. The security manager investigates but finds no signs of an attack on the
perimeter firewall or the NIDS. Which of the following is MOST likely causing the malware alerts?

A. A worm that has propagated itself across the intranet, which was initiated by presentation media

B. A malicious PowerShell script that was attached to an email and transmitted to multiple employees

C. A Trojan that has passed through and executed malicious code on the hosts

D. A USB flash drive that is trying to run malicious code but is being blocked by the host firewall

After reading a security bulletin, a network security manager is concerned that a malicious actor may have breached the network using the
same
software flaw.

The exploit code is publicly available and has been reported as being used against other industries in the same vertical. Which of the
following
100

should the network security manager consult FIRST to determine a priority list for forensic review?
A. The vulnerability scan output

B. The IDS logs

C. The full packet capture data

D. The SIEM alerts

A financial organization has adopted a new secure, encrypted document-sharing application to help with its customer loan process. Some
important PII needs to be shared across this new platform, but it is getting blocked by the DLP systems. Which of the following actions will
BEST allow the PII to be shared with the secure application without compromising the organization's security posture?
A. Configure the DLP policies to allow all PII

B. Configure the firewall to allow all ports that are used by this application

C. Configure the antivirus software to allow the application

D. Configure the DLP policies to whitelist this application with the specific PII

E. Configure the application to encrypt the PII

To balance security and functionality, the best approach is to update the Data Loss Prevention (DLP) policies to explicitly allow the secure
application to handle specific types of Personally Identifiable Information (PII).

A company processes highly sensitive data and senior management wants to protect the sensitive data by utilizing classification labels. Which
of the following access control schemes would be BEST for the company to implement?

A. Discretionary
B. Rule-based
C. Role-based
* D. Mandatory

Mandatory Access Control (MAC) is the best choice for protecting highly sensitive data with classification labels. Here's why:

1. Data Classification:

o MAC is designed for environments where data is classified (e.g., Top Secret, Confidential, Public).

o Access to data is determined based on predefined security labels and the user's clearance level.

2. Which of the following policies would help an organization identify and mitigate potential single points of failure in
the company’s IT/security operations?
3. A. Least privilege
B. Awareness training
* C. Separation of duties
D. Mandatory vacation
A researcher has been analyzing large data sets for the last ten months. The researcher works with colleagues from other institutions and

typically connects via

SSH to retrieve additional data. Historically, this setup has worked without issue, but the researcher recently started getting the following

message:

Which of the following network attacks is the researcher MOST likely experiencing?

A. MAC cloning
B. Evil twin

C. Man-in-the-middle
101

D. ARP poisoning
The message described suggests that the researcher is likely seeing an SSH warning indicating that the host key of the server has changed
or is being impersonated. This is a strong indicator of a man-in-the-middle (MITM) attack, where an attacker intercepts and potentially alters
the communication between the researcher and the intended server.

An organization is developing an authentication service for use at the entry and exit ports of country borders. The service will use data feeds

obtained from passport systems, passenger manifests, and high-definition video feeds from CCTV systems that are located at the ports. The

service will incorporate machine- learning techniques to eliminate biometric enrollment processes while still allowing authorities to identify

passengers with increasing accuracy over time. The more frequently passengers travel, the more accurately the service will identify them.
Which

of the following biometrics will MOST likely be used, without the need for enrollment? (Choose two.)

A. Voice
B. Gait

C. Vein
D. Facial

E. Retina

F. Fingerprint

Facial recognition (D):

• High-definition CCTV feeds can capture facial features, making this a suitable choice.

• Machine learning can enhance recognition accuracy over time as the system builds a database of faces from repeated travel
instances.

Gait recognition (B):

• Gait (the way a person walks) is a unique behavioral biometric that doesn't require direct interaction or enrollment.

• High-definition video feeds can analyze and recognize walking patterns even from a distance.

An organization needs to implement more stringent controls over administrator/root credentials and service accounts. Requirements for the

project include:

✑ Check-in/checkout of credentials

✑ The ability to use but not know the password

✑ Automated password changes

✑ Logging of access to credentials

Which of the following solutions would meet the requirements?

A. OAuth 2.0

B. Secure Enclave

C. A privileged access management system

D. An OpenID Connect authentication system

A Privileged Access Management (PAM) system is specifically designed to provide stringent controls over privileged accounts (like
admin/root credentials and service accounts).

On which of the following is the live acquisition of data for forensic analysis MOST dependent? (Choose two.)

A. Data accessibility
B. Legal hold
C. Cryptographic or hash algorithm
D. Data retention legislation
E. Value and volatility of data
F. Right-to-audit clauses

 Data Accessibility (A):

• Live acquisition requires access to the target system to collect data such as memory contents, active processes, or network
connections. Without proper access, live data acquisition is not possible.

 Value and Volatility of Data (E):

102

• Volatile data (e.g., data in RAM or live network sessions) is transient and can be lost if not captured immediately. Its importance and
short lifespan make it a critical focus of live acquisition efforts

Full Download Mike Meyers' CompTIA Security+ Certification Guide, Second Edition (Exam SY0-501) Mike Meyers PDF
No ratings yet
Full Download Mike Meyers' CompTIA Security+ Certification Guide, Second Edition (Exam SY0-501) Mike Meyers PDF
56 pages
5.Sc 900 Master Cheat Sheet
No ratings yet
5.Sc 900 Master Cheat Sheet
48 pages
PDF SSCP Systems Security Certified Practitioner all in one exam guide 3rd Edition Gibson download
No ratings yet
PDF SSCP Systems Security Certified Practitioner all in one exam guide 3rd Edition Gibson download
65 pages
C700 PerformanceAssessment
100% (1)
C700 PerformanceAssessment
18 pages
Presentation PPT On Cybersecurity.
88% (8)
Presentation PPT On Cybersecurity.
22 pages
CompTIA-CS0-002-Dump 2
No ratings yet
CompTIA-CS0-002-Dump 2
55 pages
Comptia Testkings cv0-003 Sample Question 2023-May-01 by Enoch 88q Vce
No ratings yet
Comptia Testkings cv0-003 Sample Question 2023-May-01 by Enoch 88q Vce
12 pages
AZURE AZ 500 STUDY GUIDE-1: Microsoft Certified Associate Azure Security Engineer: Exam-AZ 500
From Everand
AZURE AZ 500 STUDY GUIDE-1: Microsoft Certified Associate Azure Security Engineer: Exam-AZ 500
Mamta Devi
No ratings yet
SY0-601 Exam - Free Actual Q&as, Page 1 - ExamTopics
No ratings yet
SY0-601 Exam - Free Actual Q&as, Page 1 - ExamTopics
188 pages
Computer Security
0% (2)
Computer Security
6 pages
Comptia 220-701: Exam Name: Comptia A+ Essentials (2009) Q & A: 511 Q&As
No ratings yet
Comptia 220-701: Exam Name: Comptia A+ Essentials (2009) Q & A: 511 Q&As
5 pages
SY0-601 Exam - Free Actual Q&As, Page 1 - ExamTopics
No ratings yet
SY0-601 Exam - Free Actual Q&As, Page 1 - ExamTopics
180 pages
SY0-601 en
No ratings yet
SY0-601 en
210 pages
SEcurity+ Questions
No ratings yet
SEcurity+ Questions
17 pages
Certified Information Systems Auditor Exam Prep And Dumps Exam Review Guide for ISACA CISA Exam PART 3
From Everand
Certified Information Systems Auditor Exam Prep And Dumps Exam Review Guide for ISACA CISA Exam PART 3
Byte Books
No ratings yet
Cloud: Get All The Support And Guidance You Need To Be A Success At Using The CLOUD
From Everand
Cloud: Get All The Support And Guidance You Need To Be A Success At Using The CLOUD
John Hawkins
No ratings yet
Certified Information Systems Auditor Exam Prep And Dumps Exam Review Guide for ISACA CISA Exam PART 2
From Everand
Certified Information Systems Auditor Exam Prep And Dumps Exam Review Guide for ISACA CISA Exam PART 2
Byte Books
No ratings yet
CYBER SECURITY HANDBOOK Part-2: Lock, Stock, and Cyber: A Comprehensive Security Handbook
From Everand
CYBER SECURITY HANDBOOK Part-2: Lock, Stock, and Cyber: A Comprehensive Security Handbook
Poonam Devi
No ratings yet
SY0-601 Exam - Update 23 Januari 2023
No ratings yet
SY0-601 Exam - Update 23 Januari 2023
539 pages
Expert Veri Ed, Online, Free.: Topic 1 - Single Topic
No ratings yet
Expert Veri Ed, Online, Free.: Topic 1 - Single Topic
4 pages
Expert Veri Ed, Online, Free.: Custom View Settings
No ratings yet
Expert Veri Ed, Online, Free.: Custom View Settings
4 pages
Expert Veri Ed, Online, Free.: Custom View Settings
No ratings yet
Expert Veri Ed, Online, Free.: Custom View Settings
4 pages
PCCSA
No ratings yet
PCCSA
6 pages
SY0-601 724题
100% (1)
SY0-601 724题
1,156 pages
How To Create Setup File (.Exe) With Database in Visual Studio 2010 - MY
No ratings yet
How To Create Setup File (.Exe) With Database in Visual Studio 2010 - MY
10 pages
CompTIA Security+-1xd
No ratings yet
CompTIA Security+-1xd
80 pages
CompTIA SY0-701 Vjan-2024 by - Koanxy 37q
No ratings yet
CompTIA SY0-701 Vjan-2024 by - Koanxy 37q
17 pages
CompTIA SY0 601 Exams4Sure
No ratings yet
CompTIA SY0 601 Exams4Sure
281 pages
DumpsFinal PDF
No ratings yet
DumpsFinal PDF
168 pages
[Ebooks PDF] download CASP Practice Tests 1st Edition Nadean H. Tanner full chapters
100% (1)
[Ebooks PDF] download CASP Practice Tests 1st Edition Nadean H. Tanner full chapters
62 pages
ITF+ CompTIA IT Fundamentals All-in-One Exam Guide, Second Edition (Exam FC0-U61) Mike Meyers - Ebook PDF 2024 Scribd Download
100% (5)
ITF+ CompTIA IT Fundamentals All-in-One Exam Guide, Second Edition (Exam FC0-U61) Mike Meyers - Ebook PDF 2024 Scribd Download
51 pages
Try Latest & Free CompTIA CySA+ CS0-002 Real Dumps
No ratings yet
Try Latest & Free CompTIA CySA+ CS0-002 Real Dumps
11 pages
CompTIA - SY0-701.vJun-2024.by .Davac .94q
100% (1)
CompTIA - SY0-701.vJun-2024.by .Davac .94q
51 pages
Cyber Security Plan
No ratings yet
Cyber Security Plan
4 pages
Security+ 601 Practice Questions - Sample Questions - Training - CompTIA
No ratings yet
Security+ 601 Practice Questions - Sample Questions - Training - CompTIA
5 pages
Cyber Security Course
No ratings yet
Cyber Security Course
5 pages
Technical University
No ratings yet
Technical University
847 pages
CompTIA CySA+ Cybersecurity Analyst Certification Passport (Exam CS0-002) Bobby E. Rogers download pdf
100% (5)
CompTIA CySA+ Cybersecurity Analyst Certification Passport (Exam CS0-002) Bobby E. Rogers download pdf
62 pages
PASS The CompTIA Security+ Exam SY0-501 by Gaber, Hazim (Gaber, Hazim)
No ratings yet
PASS The CompTIA Security+ Exam SY0-501 by Gaber, Hazim (Gaber, Hazim)
926 pages
CAP Complete Test Prep Study Guide Practice Questions and Answers To Help You Pass The Certified Authorization Professional Certification Exam On Your First Try by Beckett, Maxwell (Beckett, Maxwell)
No ratings yet
CAP Complete Test Prep Study Guide Practice Questions and Answers To Help You Pass The Certified Authorization Professional Certification Exam On Your First Try by Beckett, Maxwell (Beckett, Maxwell)
51 pages
220 701
No ratings yet
220 701
283 pages
sy0-701_2 3
No ratings yet
sy0-701_2 3
11 pages
Penetration Testing
No ratings yet
Penetration Testing
12 pages
Certified Secure Computer User: What Is CSCU? Course Content Who's It For?
No ratings yet
Certified Secure Computer User: What Is CSCU? Course Content Who's It For?
1 page
Ethical Issues For IT Security Professionals
No ratings yet
Ethical Issues For IT Security Professionals
5 pages
CompTIA PracticeTest SY0-401 v2016-08-12 by Jeremiah 530q PDF
No ratings yet
CompTIA PracticeTest SY0-401 v2016-08-12 by Jeremiah 530q PDF
233 pages
Download full CASP Practice Tests 1st Edition Nadean H. Tanner ebook all chapters
100% (2)
Download full CASP Practice Tests 1st Edition Nadean H. Tanner ebook all chapters
55 pages
Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks Lab Manual, Sixth Edition (Exam N10-008), 6th Edition Mike Meyers & Jonathan S. Weissman - The ebook is ready for instant download and access
75% (4)
Mike Meyers CompTIA Network+ Guide to Managing and Troubleshooting Networks Lab Manual, Sixth Edition (Exam N10-008), 6th Edition Mike Meyers & Jonathan S. Weissman - The ebook is ready for instant download and access
48 pages
Practice Test 1 CS0-003
No ratings yet
Practice Test 1 CS0-003
36 pages
N+ Syllabus
50% (2)
N+ Syllabus
3 pages
Download full Cybersecurity Readiness First Edition Dave Chatterjee ebook all chapters
100% (3)
Download full Cybersecurity Readiness First Edition Dave Chatterjee ebook all chapters
55 pages
Master of Science in Cyber Security and Information Assurance
No ratings yet
Master of Science in Cyber Security and Information Assurance
3 pages
SY0-071-Module 3 Powerpoint Slides
No ratings yet
SY0-071-Module 3 Powerpoint Slides
232 pages
SY0-071-Module 4 Powerpoint Slides
No ratings yet
SY0-071-Module 4 Powerpoint Slides
358 pages
LAB6
No ratings yet
LAB6
3 pages
Palo Alto Network
No ratings yet
Palo Alto Network
4 pages
9780138225575_Sample
No ratings yet
9780138225575_Sample
91 pages
CompTIA Security+ Study Guide SY0-501
No ratings yet
CompTIA Security+ Study Guide SY0-501
37 pages
Downloadable_Official_CompTIA_CySA+_Exam_CS0_003_Student_Guide
No ratings yet
Downloadable_Official_CompTIA_CySA+_Exam_CS0_003_Student_Guide
394 pages
Certificado Penetration Testing and Ethical Hacking
No ratings yet
Certificado Penetration Testing and Ethical Hacking
1 page
Cs0-002 Dumps Comptia Cybersecurity Analyst (Cysa+) Certification Exam
No ratings yet
Cs0-002 Dumps Comptia Cybersecurity Analyst (Cysa+) Certification Exam
13 pages
701 Final Exam
No ratings yet
701 Final Exam
174 pages
2021 KAPSABET COMPUTER Paper1 Mark Scheme Teacher - Co .Ke
No ratings yet
2021 KAPSABET COMPUTER Paper1 Mark Scheme Teacher - Co .Ke
14 pages
Social Engineering
No ratings yet
Social Engineering
2 pages
Css 4th Quarter Week 1
No ratings yet
Css 4th Quarter Week 1
6 pages
Lecture 13 - Authentication
No ratings yet
Lecture 13 - Authentication
35 pages
Web Based Open Risk Assessment Framework For ISO 27001
No ratings yet
Web Based Open Risk Assessment Framework For ISO 27001
88 pages
Security in Computing: More Academy
No ratings yet
Security in Computing: More Academy
5 pages
Leaked Babuk Code Ignites VMware ESXi Ransomware
No ratings yet
Leaked Babuk Code Ignites VMware ESXi Ransomware
2 pages
Datasheet Wandera Mobilethreatdefense Brochures
No ratings yet
Datasheet Wandera Mobilethreatdefense Brochures
2 pages
SQL Injection 101
No ratings yet
SQL Injection 101
19 pages
Cyber Safety Awareness
No ratings yet
Cyber Safety Awareness
16 pages
Pre D. El. Ed. Form
No ratings yet
Pre D. El. Ed. Form
4 pages
CCNA 4 Final Exam Answers (A) - 1
No ratings yet
CCNA 4 Final Exam Answers (A) - 1
8 pages
Lec 01
No ratings yet
Lec 01
13 pages
NETWORK_SECURITY-1
No ratings yet
NETWORK_SECURITY-1
26 pages
5.Audit and Penetration Testing
No ratings yet
5.Audit and Penetration Testing
3 pages
Threat Hunting Via Network Traffic Analysis!
No ratings yet
Threat Hunting Via Network Traffic Analysis!
61 pages
ids_unit-3
No ratings yet
ids_unit-3
33 pages
Organized Crime 4
No ratings yet
Organized Crime 4
5 pages
Cyber Security Roadmap
100% (3)
Cyber Security Roadmap
50 pages
TCGVRT0007 Advisory FINAL
No ratings yet
TCGVRT0007 Advisory FINAL
2 pages
How HTTPS Protocol Works
No ratings yet
How HTTPS Protocol Works
13 pages
Chapter1 2020
No ratings yet
Chapter1 2020
15 pages
An Automated Detection System of Cross Site Request Forgery (CSRF) Vulnerability in Web Applications
100% (1)
An Automated Detection System of Cross Site Request Forgery (CSRF) Vulnerability in Web Applications
5 pages
Cryptography and Network Security
No ratings yet
Cryptography and Network Security
18 pages
Equifax
No ratings yet
Equifax
10 pages
It Era Assessment
No ratings yet
It Era Assessment
23 pages
PASSIVE VOICE SHORT TEST
No ratings yet
PASSIVE VOICE SHORT TEST
1 page
Guia Do TryHackme
No ratings yet
Guia Do TryHackme
3 pages

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.