2022 Update CompTIA Security+ SY0-601 Real Dumps

test2022-06-11T03:53:21+00:00

The latest CompTIA Security+ SY0-601 Real Dumps are new updated, it contains 581 questions and answers to help you best prepare for your test. If you’re looking for help with CompTIA Security+ SY0-601 test preparation and a guarantee of passing your exam, you’ve come to the right place. The purpose of this CompTIA Security+ SY0-601 dumps is to assist you practice well in the test preparation. These sample questions will give you an idea of the kind of questions you’ll see on the SY0-601 certification test. If you want more CompTIA Security+ SY0-601 questions with verified answers for the actual exam, you can get our full version to study.

Try free CompTIA Security+ SY0-601 practice exam to test yourself.

Page 1 of 14

1. An auditor is performing an assessment of a security appliance with an embedded OS that was vulnerable during the last two assessments.

Which of the following BEST explains the appliance’s vulnerable state?

The system was configured with weak default security settings.

The device uses weak encryption ciphers.

The vendor has not supplied a patch for the appliance.

The appliance requires administrative credentials for the assessment.

2. The board of doctors at a company contracted with an insurance firm to limit the organization’s liability.

Which of the following risk management practices does the BEST describe?

Transference

Avoidance

Mitigation

Acknowledgement

3. Users reported several suspicious activities within the last two weeks that resulted in several unauthorized transactions.

Upon investigation, the security analyst found the following:

✑ Multiple reports of breached credentials within that time period

✑ Traffic being redirected in certain parts of the network

✑ Fraudulent emails being sent by various internal users without their consent.

Which of the following types of attacks was MOST likely used?

Replay attack

Race condition

Cross site scripting

Request forgeries

4. A security administrator needs to create a RAID configuration that is focused on high read speeds and fault tolerance. It is unlikely that multiple drivers will fail simultaneously.

Which of the following RAID configurations should the administration use?

RA1D 0

RAID1

RAID 5

RAID 10

5. A security analyst has been asked to investigate a situation after the SOC started to receive alerts from the SIEM.

The analyst first looks at the domain controller and finds the following events:

To better understand what is going on, the analyst runs a command and receives the following output:

Based on the analyst’s findings, which of the following attacks is being executed?

Credential harvesting

Keylogger

Brute-force

Spraying

6. A company has discovered unauthorized devices are using its WiFi network, and it wants to harden the access point to improve security.

Which of the following configuration should an analyst enable to improve security? (Select Two)

RADIUS

PEAP

WPS

WEP-TKIP

SSL

WPA2-PSK

7. An enterprise needs to keep cryptographic keys in a safe manner.

Which of the following network appliances can achieve this goal?

HSM

CASB

TPM

DLP

8. Which of the following would be the BEST method for creating a detailed diagram of wireless access points and hot-spots?

Footprinting

White-box testing

A drone/UAV

Pivoting

9. Which of the following BEST describes a security exploit for which a vendor patch is not readily available?

Integer overflow

Zero-day

End of life

Race condition

10. Which of the following describes the ability of code to target a hypervisor from inside

Fog computing

VM escape

Software-defined networking

Image forgery

Container breakout

Page 2 of 14

11. A security an analyst needs to implement security features across smartphones. laptops, and tablets.

Which of the following would be the MOST effective across heterogeneous platforms?

Enforcing encryption

Deploying GPOs

Removing administrative permissions

Applying MDM software

12. An organization is developing a plan in the event of a complete loss of critical systems and data.

Which of the following plans is the organization MOST likely developing?

Incident response

Communications

Disaster recovery

Data retention

13. A cybersecurity administrator is using iptables as an enterprise firewall. The administrator created some rules, but the network now seems to be unresponsive All connections are being dropped by the firewall.

Which of the following would be the BEST option to remove the rules?

# iptables -t mangle -X

# iptables -F

# iptables -Z

# iptables -P INPUT -j DROP

14. Which of the following is the BEST reason to maintain a functional and effective asset management policy that aids in ensuring the security of an organization?

To provide data to quantity risk based on the organization's systems.

To keep all software and hardware fully patched for known vulnerabilities

To only allow approved, organization-owned devices onto the business network

To standardize by selecting one laptop model for all users in the organization

15. A user contacts the help desk to report the following:

✑ Two days ago, a pop-up browser window prompted the user for a name and password after connecting to the corporate wireless SSID. This had never happened before, but the user entered the information as requested.

✑ The user was able to access the Internet but had trouble accessing the department share until the next day.

✑ The user is now getting notifications from the bank about unauthorized transactions.

Which of the following attack vectors was MOST likely used in this scenario?

Rogue access point

Evil twin

DNS poisoning

ARP poisoning

16. A security analyst is preparing a threat for an upcoming internal penetration test. The analyst needs to identify a method for determining the tactics, techniques, and procedures of a threat against the organization’s network.

Which of the following will the analyst MOST likely use to accomplish the objective?

A table exercise

NST CSF

MTRE ATT$CK

OWASP

17. A Chief Information Security Officer (CISO) is evaluating the dangers involved in deploying a new ERP system for the company. The CISO categorizes the system, selects the controls that apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system.

Which of the following is the CISO using to evaluate the environment for this new ERP system?

The Diamond Model of Intrusion Analysis

CIS Critical Security Controls

NIST Risk Management Framework

ISO 27002

18. A cybersecurity administrator has a reduced team and needs to operate an on-premises network and security infrastructure efficiently. To help with the situation, the administrator decides to hire a service provider.

Which of the following should the administrator use?

SDP

AAA

IaaS

MSSP

Microservices

19. A security analyst is investigating an incident to determine what an attacker was able to do on a compromised laptop.

The analyst reviews the following SIEM log:

Which of the following describes the method that was used to compromise the laptop?

An attacker was able to move laterally from PC1 to PC2 using a pass-the-hash attack

An attacker was able to bypass application whitelisting by emailing a spreadsheet attachment with an embedded PowerShell in the file

An attacker was able to install malware to the CAasdf234 folder and use it to gam administrator nights and launch Outlook

An attacker was able to phish user credentials successfully from an Outlook user profile

20. A security engineer needs to build a solution to satisfy regulatory requirements that state certain critical servers must be accessed using MFA. However, the critical servers are older and are unable to support the addition of MFA.

Which of the following will the engineer MOST likely use to achieve this objective?

A forward proxy

A stateful firewall

A jump server

A port tap

Page 3 of 14

21. A company is required to continue using legacy software to support a critical service.

Which of the following BEST explains a risk of this practice?

Default system configuration

Unsecure protocols

Lack of vendor support

Weak encryption

22. The new Chief Executive Officer (CEO) of a large company has announced a partnership with a vendor that will provide multiple collaboration applications t make remote work easier. The company has a geographically dispersed staff located in numerous remote offices in different countries. The company's IT administrators are concerned about network traffic and load if all users simultaneously download the application.

Which of the following would work BEST to allow each geographic region to download the software without negatively impacting the corporate network?

Update the host IDS rules.

Enable application whitelisting.

Modify the corporate firewall rules.

Deploy all applications simultaneously.

23. Which of the following types of controls is a turnstile?

Physical

Detective

Corrective

Technical

24. A security administrator suspects an employee has been emailing proprietary information to a competitor. Company policy requires the administrator to capture an exact copy of the employee’s hard disk.

Which of the following should the administrator use?

chmod

dnsenum

logger

25. Joe, a user at a company, clicked an email link led to a website that infected his workstation. Joe, was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and It has continues to evade detection.

Which of the following should administrator implement to protect the environment from this malware?

Install a definition-based antivirus.

Implement an IDS/IPS

Implement a heuristic behavior-detection solution.

Implement CASB to protect the network shares.

26. An organization has implemented a two-step verification process to protect user access to data that 6 stored in the could Each employee now uses an email address of mobile number a code to access the data.

Which of the following authentication methods did the organization implement?

Token key

Static code

Push notification

HOTP

27. A security engineer needs to implement an MDM solution that complies with the corporate mobile device policy.

The policy states that in order for mobile users to access corporate resources on their devices the following requirements must be met:

• Mobile device OSs must be patched up to the latest release

• A screen lock must be enabled (passcode or biometric)

• Corporate data must be removed if the device is reported lost or stolen

Which of the following controls should the security engineer configure? (Select TWO)

Containerization

Storage segmentation

Posture checking

Remote wipe

Full-device encryption

Geofencing

28. A security analyst is investigating a phishing email that contains a malicious document directed to the company's Chief Executive Officer (CEO).

Which of the following should the analyst perform to understand the threat and retrieve possible IoCs?

Run a vulnerability scan against the CEOs computer to find possible vulnerabilities

Install a sandbox to run the malicious payload in a safe environment

Perform a traceroute to identify the communication path

Use netstat to check whether communication has been made with a remote host

29. A security analyst is reviewing logs on a server and observes the following output:

Which of the following is the security analyst observing?

A rainbow table attack

A password-spraying attack

A dictionary attack

A keylogger attack

30. When used at the design stage, which of the following improves the efficiency, accuracy, and speed of a database?

Tokenization

Data masking

Normalization

Obfuscation

Page 4 of 14

31. Which of the following authentication methods sends out a unique password to be used within a specific number of seconds?

TOTP

Biometrics

Kerberos

LDAP

32. A financial analyst is expecting an email containing sensitive information from a client. When the email arrives, the analyst receives an error and is unable to open the encrypted message.

Which of the following is the MOST likely cause of the issue?

The S/MME plug-in is not enabled.

The SLL certificate has expired.

Secure IMAP was not implemented

POP3S is not supported.

33. A user reports trouble using a corporate laptop. The laptop freezes and responds slowly when writing documents and the mouse pointer occasional disappears.

The task list shows the following results

Which of the following is MOST likely the issue?

RAT

PUP

Spyware

Keylogger

34. An analyst visits an internet forum looking for information about a tool. The analyst finds a threat that appears to contain relevant information.

One of the posts says the following:

Which of the following BEST describes the attack that was attempted against the forum readers?

SOU attack

DLL attack

XSS attack

API attack

35. A small company that does not have security staff wants to improve its security posture.

Which of the following would BEST assist the company?

MSSP

SOAR

IaaS

PaaS

36. A company was recently breached Part of the company's new cybersecurity strategy is to centralize the logs from all security devices.

Which of the following components forwards the logs to a central source?

Log enrichment

Log aggregation

Log parser

Log collector

37. A global pandemic is forcing a private organization to close some business units and reduce staffing at others.

Which of the following would be BEST to help the organization’s executives determine the next course of action?

An incident response plan

A communications plan

A disaster recovery plan

A business continuity plan

38. A university is opening a facility in a location where there is an elevated risk of theft The university wants to protect the desktops in its classrooms and labs.

Which of the following should the university use to BEST protect these assets deployed in the facility?

Visitor logs

Cable locks

Guards

Disk encryption

Motion detection

39. A security manager for a retailer needs to reduce the scope of a project to comply with PCI DSS. The PCI data is located in different offices than where credit cards are accepted. All the offices are connected via MPLS back to the primary datacenter.

Which of the following should the security manager implement to achieve the objective?

Segmentation

Containment

Geofencing

Isolation

40. Which of the following types of controls is a CCTV camera that is not being monitored?

Detective

Deterrent

Physical

Preventive

Page 5 of 14

41. A large industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs the company's security manager notices the generator's IP is sending packets to an internal file server's IP.

Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?

Segmentation

Firewall whitelisting

Containment

isolation

42. An attacker was easily able to log in to a company's security camera by performing a basic online search for a setup guide for that particular camera brand and model.

Which of the following BEST describes the configurations the attacker exploited?

Weak encryption

Unsecure protocols

Default settings

Open permissions

43. An analyst just discovered an ongoing attack on a host that is on the network.

The analyst observes the below taking place:

✑ The computer performance is slow

✑ Ads are appearing from various pop-up windows

✑ Operating system files are modified

✑ The computer is receiving AV alerts for execution of malicious processes

Which of the following steps should the analyst consider FIRST?

Check to make sure the DLP solution is in the active state

Patch the host to prevent exploitation

Put the machine in containment

Update the AV solution on the host to stop the attack

44. A security assessment determines DES and 3DES at still being used on recently deployed production servers.

Which of the following did the assessment identify?

Unsecme protocols

Default settings

Open permissions

Weak encryption

45. If a current private key is compromised, which of the following would ensure it cannot be used to decrypt all historical data?

Perfect forward secrecy

Elliptic-curve cryptography

Key stretching

Homomorphic encryption

46. A bad actor tries to persuade someone to provide financial information over the phone in order to gain access to funds.

Which of the following types of attacks does this scenario describe?

Vishing

Phishing

Spear phishing

Whaling

47. A company is setting up a web server on the Internet that will utilize both encrypted and unencrypted web-browsing protocols.

A security engineer runs a port scan against the server from the Internet and sees the following output:

Which of the following steps would be best for the security engineer to take NEXT?

Allow DNS access from the internet.

Block SMTP access from the Internet

Block HTTPS access from the Internet

Block SSH access from the Internet.

48. Several universities are participating in a collaborative research project and need to share compute and storage resources.

Which of the following cloud deployment strategies would BEST meet this need?

Private

Public

Hybrid

49. Several employees have noticed other bystanders can clearly observe a terminal where passcodes are being entered.

Which of the following can be eliminated with the use of a privacy screen?

Shoulder surfing

Spear phishing

Impersonation attack

Card cloning

50. A network administrator needs to build out a new datacenter, with a focus on resiliency and uptime.

Which of the following would BEST meet this objective? (Choose two.)

Dual power supply

Off-site backups

Automatic OS upgrades

NIC teaming

Scheduled penetration testing

Network-attached storage

Page 6 of 14

51. Employees are having issues accessing the company's website. Some employees report very slow performance, while others cannot the website at all. The web and security administrators search the logs and find millions of half-open connections to port 443 on the web server. Further analysis reveals thousands of different source IPs initiating this traffic.

Which of the following attacks is MOST likely occurring?

DDoS

Man-in-the-middle

MAC flooding

Domain hijacking

52. A security analyst is looking for a solution to help communicate to the leadership team the seventy levels of the organization’s vulnerabilities.

Which of the following would BEST meet this need?

CVE

SIEM

SOAR

CVSS

53. A security architect at a large, multinational organization is concerned about the complexities and overhead of managing multiple encryption keys securely in a multicloud provider environment. The security architect is looking for a solution with reduced latency to allow the incorporation of the organization's existing keys and to maintain consistent, centralized control and management regardless of the data location.

Which of the following would BEST meet the architect's objectives?

Trusted Platform Module

laaS

HSMaaS

PaaS

Key Management Service

54. Which of the following is a detective and deterrent control against physical intrusions?

An alarm

A fence

A sign

55. An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has only been given the documentation available to the customers of the applications.

Which of the following BEST represents the type of testing that will occur?

Bug bounty

Black-box

Gray-box

White-box

Red-team

56. A software developer needs to perform code-execution testing, black-box testing, and non-functional testing on a new product before its general release.

Which of the following BEST describes the tasks the developer is conducting?

Verification

Validation

Normalization

Staging

57. A security analyst is configuring a large number of new company-issued laptops.

The analyst received the following requirements:

• The devices will be used internationally by staff who travel extensively.

• Occasional personal use is acceptable due to the travel requirements.

• Users must be able to install and configure sanctioned programs and productivity suites.

• The devices must be encrypted

• The devices must be capable of operating in low-bandwidth environments.

Which of the following would provide the GREATEST benefit to the security posture of the devices?

Configuring an always-on VPN

Implementing application whitelisting

Requiring web traffic to pass through the on-premises content filter

Setting the antivirus DAT update schedule to weekly

58. The facilities supervisor for a government agency is concerned about unauthorized access to environmental systems in the event the staff WiFi network is breached.

Which of the blowing would BEST address this security concern?

install a smart meter on the staff WiFi.

Place the environmental systems in the same DHCP scope as the staff WiFi.

Implement Zigbee on the staff WiFi access points.

Segment the staff WiFi network from the environmental systems network.

59. Which of the following policies would help an organization identify and mitigate potential single points of failure in the company’s IT/security operations?

Least privilege

Awareness training

Separation of duties

Mandatory vacation

60. A global company is experiencing unauthorized logging due to credential theft and account lockouts caused by brute-force attacks. The company is considering implementing a third-party identity provider to help mitigate these attacks.

Which of the following would be the BEST control for the company to require from prospective vendors?

IP restrictions

Multifactor authentication

A banned password list

A complex password policy

Page 7 of 14

61. A security analyst sees the following log output while reviewing web logs:

Which of the following mitigation strategies would be BEST to prevent this attack from being successful?

Secure cookies

Input validation

Code signing

Stored procedures

62. An organization's Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained.

Which of the following roles would MOST likely include these responsibilities?

Data protection officer

Data owner

Backup administrator

Data custodian

Internal auditor

63. Which of the following scenarios BEST describes a risk reduction technique?

A security control objective cannot be met through a technical change, so the company purchases insurance and is no longer concerned about losses from data breaches.

A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation.

A security control objective cannot be met through a technical change, so the company changes as method of operation

A security control objective cannot be met through a technical change, so the Chief Information Officer (CIO) decides to sign off on the risk.

64. An attacker was easily able to log in to a company's security camera by performing a baste online search for a setup guide for that particular camera brand and model.

Which of the following BEST describes the configurations the attacker exploited?

Weak encryption

Unsecure protocols

Default settings

Open permissions

65. An external forensics investigator has been hired to investigate a data breach at a large enterprise with numerous assets. It is known that the breach started in the DMZ and moved to the sensitive information, generating multiple logs as the attacker traversed through the network.

Which of the following will BEST assist with this investigation?

Perform a vulnerability scan to identity the weak spots.

Use a packet analyzer to Investigate the NetFlow traffic.

Check the SIEM to review the correlated logs.

Require access to the routers to view current sessions.

66. A network engineer notices the VPN concentrator overloaded and crashes on days when there are a lot of remote workers. Senior management has placed greater importance on the availability of VPN resources for the remote workers than the security of the end users’ traffic.

Which of the following would be BEST to solve this issue?

iPSec

Always On

Split tunneling

L2TP

67. Which of the following types of attacks is specific to the individual it targets?

Whaling

Pharming

Smishing

Credential harvesting

68. An organization has implemented a policy requiring the use of conductive metal lockboxes for personal electronic devices outside of a secure research lab.

Which of the following did the organization determine to be the GREATEST risk to intellectual property when creating this policy?

The theft of portable electronic devices

Geotagging in the metadata of images

Bluesnarfing of mobile devices

Data exfiltration over a mobile hotspot

69. In which of the following common use cases would steganography be employed?

Obfuscation

Integrity

Non-repudiation

Blockchain

70. While reviewing the wireless router, the systems administrator of a small business determines someone is spoofing the MAC address of an authorized device.

Given the table below:

Which of the following should be the administrator's NEXT step to detect if there is a rogue system without impacting availability?

Conduct a ping sweep.

Physically check each system,

Deny Internet access to the "UNKNOWN" hostname.

Apply MAC filtering,

Page 8 of 14

71. Users have been issued smart cards that provide physical access to a building. The cards also contain tokens that can be used to access information systems. Users can log m to any thin client located throughout the building and see the same desktop each time.

Which of the following technologies are being utilized to provide these capabilities? (Select TWO)

COPE

VDI

GPS

TOTP

RFID

BYOD

72. A company needs to centralize its logs to create a baseline and have visibility on its security events.

Which of the following technologies will accomplish this objective?

Security information and event management

A web application firewall

A vulnerability scanner

A next-generation firewall

73. A company has decided to move its operations to the cloud. It wants to utilize technology that will prevent users from downloading company applications for personal use, restrict data that is uploaded, and have visibility into which applications are being used across the company.

Which of the following solutions will BEST meet these requirements?

An NGFW

A CASB

Application whitelisting

An NG-SWG

74. A development team employs a practice of bringing all the code changes from multiple team members into the same development project through automation. A tool is utilized to validate the code and track source code through version control.

Which of the following BEST describes this process?

Continuous delivery

Continuous integration

Continuous validation

Continuous monitoring

75. A public relations team will be taking a group of guest on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboars are cleaned and all desks are cleared. The company is MOST likely trying to protect against.

Loss of proprietary information

Damage to the company’s reputation

Social engineering

Credential exposure

76. A company's cybersecurity department is looking for a new solution to maintain high availability.

Which of the following can be utilized to build a solution? (Select Two)

A stateful inspection

IP hashes

A round robin

A VLAN

A DMZ

77. Which of the following function as preventive, detective, and deterrent controls to reduce the risk of physical theft? (Select TWO).

Mantraps

Security guards

Video surveillance

Fences

Bollards

Antivirus

78. Which of the following organizational policies are MOST likely to detect fraud that is being conducted by existing employees? (Select TWO).

Offboarding

Mandatory vacation

Job rotation

Background checks

Separation of duties

Acceptable use

79. A security analyst is reviewing the following attack log output:

Which of the following types of attacks does this MOST likely represent?

Rainbow table

Brute-force

Password-spraying

Dictionary

80. Which of the following will MOST likely adversely impact the operations of unpatched traditional programmable-logic controllers, running a back-end LAMP server and OT systems with human-management interfaces that are accessible over the Internet via a web interface? (Choose two.)

Cross-site scripting

Data exfiltration

Poor system logging

Weak encryption

SQL injection

Server-side request forgery

Page 9 of 14

81. A work wide manufacturing company has been experiencing email account compromised. In one incident, a user logged in from the corporate office in France, but then seconds later, the same user account attempted a login from Brazil.

Which of the following account policies would BEST prevent this type of attack?

Network location

Impossible travel time

Geolocation

Geofencing

82. Developers are writing code and merging it into shared repositories several times a day, where it is tested automatically.

Which of the following concepts does this BEST represent?

Functional testing

Stored procedures

Elasticity

Continuous integration

83. Which of the following often operates in a client-server architecture to act as a service repository. providing enterprise consumers access to structured threat intelligence data?

STIX

CIRT

OSINT

TAXII

84. A network administrator is setting up wireless access points in all the conference rooms and wants to authenticate device using PKI.

Which of the following should the administrator configure?

A captive portal

PSK

802.1X

WPS

85. CORRECT TEXT

A company recently added a DR site and is redesigning the network. Users at the DR site are having issues browsing websites.

INSTRUCTIONS

Click on each firewall to do the following:

✑ Deny cleartext web traffic.

✑ Ensure secure management protocols are used. Please Resolve issues at the DR site.

The ruleset order cannot be modified due to outside constraints.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

86. A critical file server is being upgraded and the systems administrator must determine which

RAID level the new server will need to achieve parity and handle two simultaneous disk failures.

Which of the following RAID levels meets this requirements?

RAID 0+1

RAID 2

RAID 5

RAID 6

87. DDoS attacks are causing an overload on the cluster of cloud servers. A security architect is researching alternatives to make the cloud environment respond to load fluctuation in a cost-effective way.

Which of the following options BEST fulfils the architect’s requirements?

An orchestration solution that can adjust scalability of cloud assets

Use of multipath by adding more connections to cloud storage

Cloud assets replicated on geographically distributed regions

An on-site backup that is deployed and only used when the load increases

88. A user must introduce a password and a USB key to authenticate against a secure computer, and authentication is limited to the state in which the company resides.

Which of the following authentication concepts are in use?

Something you know, something you have, and somewhere you are

Something you know, something you can do, and somewhere you are

Something you are, something you know, and something you can exhibit

Something you have, somewhere you are, and someone you know

89. An analyst is generating a security report for the management team. Security guidelines recommend disabling all listening unencrypted services.

Given this output from Nmap.

Which of the following should the analyst recommend to disable?

21/tcp

22/tcp

23/tcp

443/tcp

90. A company is implementing a new SIEM to log and send alerts whenever malicious activity is blocked by its antivirus and web content filters.

Which of the following is the primary use case for this scenario?

Implementation of preventive controls

Implementation of detective controls

Implementation of deterrent controls

Implementation of corrective controls

Page 10 of 14

91. A security analyst generated a file named host1.pcap and shared it with a team member who is going to use it for further incident analysis.

Which of the following tools will the other team member MOST likely use to open this file?

Autopsy

Memdump

FTK imager

Wireshark

92. The IT department at a university is concerned about professors placing servers on the university network in an attempt to bypass security controls.

Which of the following BEST represents this type of threat?

A script kiddie

Shadow IT

Hacktivism

White-hat

93. On which of the following is the live acquisition of data for forensic analysis MOST dependent? (Choose two.)

Data accessibility

Legal hold

Cryptographic or hash algorithm

Data retention legislation

Value and volatility of data

Right-to-audit clauses

94. The security team received a report of copyright infringement from the IP space of lire corporate network. The report provided a precise time stamp for the incident as well as the name of the copyrighted le. The analyst has been tasked with determining the infringing source machine and instructed to implement measures to prevent such incidents from occurring again.

Which of the following is MOST capable of accomplishing both tasks?

HIDS

Allow list

TPM

NGFW

95. A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external networks.

Which of the following methods would BEST prevent data? (Select TWO)

VPN

Drive encryption

Network firewall

File-level encryption

USB blocker

MFA

96. Ann, a forensic analyst, needs to prove that the data she originally acquired has remained unchanged while in her custody.

Which of the following should Ann use?

Chain of custody

Checksums

Non-repudiation

Legal hold

97. DRAG DROP

An attack has occurred against a company.

INSTRUCTIONS

You have been tasked to do the following:

Identify the type of attack that is occurring on the network by clicking on the attacker’s tablet and reviewing the output. (Answer Area 1).

Identify which compensating controls should be implemented on the assets, in order to reduce the effectiveness of future attacks by dragging them to the correct server.

(Answer area 2) All objects will be used, but not all placeholders may be filled. Objects may only be used once.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

98. An attacker is exploiting a vulnerability that does not have a patch available.

Which of the following is the attacker exploiting?

Zero-day

Default permissions

Weak encryption

Unsecure root accounts

99. Which of the following BEST describes the method a security analyst would use to confirm a file that is downloaded from a trusted security website is not altered in transit or corrupted using a verified checksum?

Hashing

Salting

Integrity

Digital signature

100. An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft.

Which of the following would be the MOST acceptable?

SED

HSM

DLP

TPM

Page 11 of 14

101. A company recently experienced an attack during which its main website was directed to the attacker’s web server, allowing the attacker to harvest credentials from unsuspecting customers.

Which of the following should the company implement to prevent this type of attack occurring in the future?

IPSec

SSL/TLS

DNSSEC

S/MIME

102. A security analyst reports a company policy violation in a case in which a large amount of sensitive data is being downloaded after hours from various mobile devices to an external site. Upon further investigation, the analyst notices that successful login attempts are being conducted with impossible travel times during the same time periods when the unauthorized downloads are occurring. The analyst also discovers a couple of WAPs are using the same SSID, but they have non-standard DHCP configurations and an overlapping channel.

Which of the following attacks is being conducted?

Evil twin

Jamming

DNS poisoning

Bluesnarfing

DDoS

103. An organization is concerned about intellectual property theft by employee who leave the organization.

Which of the following will be organization MOST likely implement?

CBT

NDA

MOU

AUP

104. A security analyst was deploying a new website and found a connection attempting to authenticate on the site's portal. While Investigating.

The incident, the analyst identified the following Input in the username field:

Which of the following BEST explains this type of attack?

DLL injection to hijack administrator services

SQLi on the field to bypass authentication

Execution of a stored XSS on the website

Code to execute a race condition on the server

105. A client sent several inquiries to a project manager about the delinquent delivery status of some critical reports. The project manager darned the reports were previously sent via email but then quickly generated and backdated the reports before submitting them via a new email message.

Which of the following actions MOST likely supports an investigation for fraudulent submission?

Establish chain of custody

Inspect the file metadata

Reference the data retention policy

Review the email event logs

106. The concept of connecting a user account across the systems of multiple enterprises is BEST known as:

federation.

a remote access policy.

multifactor authentication.

single sign-on.

107. The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve in the environment patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that training and guidance have been provided to frontline staff, and a risk analysis has not been performed.

Which of the following is the MOST likely cause of the CRO’s concerns?

SSO would simplify username and password management, making it easier for hackers to pass guess accounts.

SSO would reduce password fatigue, but staff would still need to remember more complex passwords.

SSO would reduce the password complexity for frontline staff.

SSO would reduce the resilience and availability of system if the provider goes offline.

108. A RAT that was used to compromise an organization’s banking credentials was found on a user’s computer. The RAT evaded antivirus detection. It was installed by a user who has local administrator rights to the system as part of a remote management tool set.

Which of the following recommendations would BEST prevent this from reoccurring?

Create a new acceptable use policy.

Segment the network into trusted and untrusted zones.

Enforce application whitelisting.

Implement DLP at the network boundary.

109. A recent audit cited a risk involving numerous low-criticality vulnerabilities created by a web application using a third-party library. The development staff state there are still customers using the application even though it is end of life and it would be a substantial burden to update the application for compatibility with more secure libraries.

Which of the following would be the MOST prudent course of action?

Accept the risk if there is a clear road map for timely decommission

Deny the risk due to the end-of-life status of the application.

Use containerization to segment the application from other applications to eliminate the risk

Outsource the application to a third-party developer group

110. A financial analyst has been accused of violating the company’s AUP and there is forensic evidence to substantiate the allegation.

Which of the following would dispute the analyst’s claim of innocence?

Legal hold

Order of volatility

Non-repudiation

Chain of custody

Page 12 of 14

111. A security analyst must determine if either SSH or Telnet is being used to log in to servers.

Which of the following should the analyst use?

logger

Metasploit

tcpdump

netstat

112. A security analyst is investigating a vulnerability in which a default file permission was set incorrectly. The company uses non-credentialed scanning for vulnerability management.

Which of the following tools can the analyst use to verify the permissions?

ssh

chmod

setuid

nessus

113. A company is launching a new internet platform for its clients. The company does not want to implement its own authorization solution but instead wants to rely on the authorization provided by another platform.

Which of the following is the BEST approach to implement the desired solution?

OAuth

TACACS+

SAML

RADIUS

114. An organization recently discovered that a purchasing officer approved an invoice for an amount that was different than the original purchase order. After further investigation a security analyst determines that the digital signature for the fraudulent invoice is exactly the same as the digital signature for the correct invoice that had been approved.

Which of the following attacks MOST likely explains the behavior?

Birthday

Rainbow table

Impersonation

Whaling

115. The following are the logs of a successful attack.

Which of the following controls would be BEST to use to prevent such a breach in the future?

Password history

Account expiration

Password complexity

Account lockout

116. An analyst needs to set up a method for securely transferring files between systems. One of the requirements is to authenticate the IP header and the payload.

Which of the following services would BEST meet the criteria?

TLS

PFS

ESP

117. Which of the following holds staff accountable while escorting unauthorized personnel?

Locks

Badges

Cameras

Visitor logs

118. A cybersecurity analyst needs to implement secure authentication to third-party websites without users’ passwords.

Which of the following would be the BEST way to achieve this objective?

OAuth

SSO

SAML

PAP

119. An organization plans to transition the intrusion detection and prevention techniques on a critical subnet to an anomaly-based system.

Which of the following does the organization need to determine for this to be successful?

The baseline

The endpoint configurations

The adversary behavior profiles

The IPS signatures

120. A grocery store is expressing security and reliability concerns regarding the on-site backup strategy currently being performed by locally attached disks. The main concerns are the physical security of the backup media and the durability of the data stored on these devices.

Which of the following is a cost-effective approach to address these concerns?

Enhance resiliency by adding a hardware RAI

Move data to a tape library and store the tapes off site

Install a local network-attached storage.

Migrate to a cloud backup solution

Page 13 of 14

121. Which of the following incident response steps involves actions to protect critical systems while maintaining business operations?

Investigation

Containment

Recovery

Lessons learned

122. A security analyst receives the configuration of a current VPN profile and notices the authentication is only applied to the IP datagram portion of the packet.

Which of the following should the analyst implement to authenticate the entire packet?

ESP

SRTP

LDAP

123. A network engineer is troubleshooting wireless network connectivity issues that were reported by users. The issues are occurring only in the section of the building that is closest to the parking lot. Users are intermittently experiencing slow speeds when accessing websites and are unable to connect to network drives. The issues appear to increase when laptop users return desks after using their devices in other areas of the building. There have also been reports of users being required to enter their credentials on web pages in order to gain access to them.

Which of the following is the MOST likely cause of this issue?

An external access point is engaging in an evil-twin attack.

The signal on the WAP needs to be increased in that section of the building.

The certificates have expired on the devices and need to be reinstalled.

The users in that section of the building are on a VLAN that is being blocked by the firewall.

124. An organization hired a consultant to assist with an active attack, and the consultant was able to identify the compromised accounts and computers.

Which of the following is the consultant MOST likely to recommend to prepare for eradication?

Quarantining the compromised accounts and computers, only providing them with network access

Segmenting the compromised accounts and computers into a honeynet so as to not alert the attackers.

Isolating the compromised accounts and computers, cutting off all network and internet access.

Logging off and deleting the compromised accounts and computers to eliminate attacker access.

125. A smart retail business has a local store and a newly established and growing online storefront. A recent storm caused a power outage to the business and the local ISP, resulting in several hours of lost sales and delayed order processing.

The business owner now needs to ensure two things:

* Protection from power outages

* Always-available connectivity In case of an outage

The owner has decided to implement battery backups for the computer equipment.

Which of the following would BEST fulfill the owner's second need?

Lease a point-to-point circuit to provide dedicated access.

Connect the business router to its own dedicated UP

Purchase services from a cloud provider for high availability D Replace the business's wired network with a wireless network.

126. Several large orders of merchandise were recently purchased on an e-commerce company's website. The totals for each of the transactions were negative values, resulting in credits on the customers' accounts.

Which of the following should be implemented to prevent similar situations in the future?

Ensure input validation is in place to prevent the use of invalid characters and values.

Calculate all possible values to be added together and ensure the use of the proper integer in the code.

Configure the web application firewall to look for and block session replay attacks.

Make sure transactions that are submitted within very short time periods are prevented from being processed.

127. An analyst Is generating a security report for the management team. Security guidelines recommend disabling all listening unencrypted services.

Given this output from Nmap:

Which of the following should the analyst recommend to disable?

21/tcp

22/tcp

23/tcp

443/tcp

128. Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data processors?

SSAE SOC 2

PCI DSS

GDPR

ISO 31000

129. Which of the following describes the BEST approach for deploying application patches?

Apply the patches to systems in a testing environment then to systems in a staging environment, and finally to production systems.

Test the patches in a staging environment, develop against them in the development environment, and then apply them to the production systems

Test the patches m a test environment apply them to the production systems and then apply them to a staging environment

Apply the patches to the production systems apply them in a staging environment, and then test all of them in a testing environment

130. A company would like to provide flexibility for employees on device preference. However, the company is concerned about supporting too many different types of hardware.

Which of the following deployment models will provide the needed flexibility with the GREATEST amount of control and security over company data and infrastructure?

BYOD

VDI

COPE

CYOD

Page 14 of 14

131. A cyberthreat intelligence analyst is gathering data about a specific adversary using OSINT techniques.

Which of the following should the analyst use?

Internal log files

Government press releases

Confidential reports

Proprietary databases

132. Accompany deployed a WiFi access point in a public area and wants to harden the configuration to make it more secure. After performing an assessment, an analyst identifies that the access point is

configured to use WPA3, AES, WPS, and RADIUS.

Which of the following should the analyst disable to enhance the access point security?

WPA3

AES

RADIUS

WPS

133. A company was compromised, and a security analyst discovered the attacker was able to get access to a service account.

The following logs were discovered during the investigation:

Which of the following MOST likely would have prevented the attacker from learning the service account name?

Race condition testing

Proper error handling

Forward web server logs to a SIEM

Input sanitization

134. A network administrator has been asked to install an IDS to improve the security posture of an organization.

Which of the following control types is an IDS?

Corrective

Physical

Detective

Administrative

135. Which of the following relets to applications and systems that are used within an organization without consent or approval?

Shadow IT

OSINT

Dark web

Insider threats

136. A network engineer at a company with a web server is building a new web environment with the following requirements:

✑ Only one web server at a time can service requests.

✑ If the primary web server fails, a failover needs to occur to ensure the secondary web server becomes the primary.

Which of the following load-balancing options BEST fits the requirements?

Cookie-based

Active-passive

Persistence

Round robin

137. HOTSPOT

A newly purchased corporate WAP needs to be configured in the MOST secure manner possible.

INSTRUCTIONS

Please click on the below items on the network diagram and configure them accordingly:

✑ WAP

✑ DHCP Server

✑ AAA Server

✑ Wireless Controller

✑ LDAP Server

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.