A network administrator has been alerted that web pages are experiencing long load times. After determining it is not a routing or DNS issue, the administrator logs in to the router, runs a command, and receives the following output:
CPU 0 percent busy, from 300 sec ago
1 sec ave: 99 percent busy
5 sec ave: 97 percent busy
1 min ave: 83 percent busy
Which of the following is the router experiencing?

A. DDoS attack

B. Memory leak

C. Buffer over flow

D. Resource exhaustion

A security analyst needs to be able to search and correlate logs from multiple sources in a single tool. Which of the following would BEST allow a security analyst to have this ability?

A. SOAR

B. SIEM

C. Log collectors

D. Network-attached storage

A company is under investigation for possible fraud. As part of the investigation, the authorities need to review all emails and ensure data is not deleted. Which of the following should the company implement to assist in the investigation?

A. Legal hold

B. Chain of custody

C. Data loss prevention

D. Content filter

Which of the following is the MOST effective control against zero-day vulnerabilities?

A. Network segmentation

B. Patch management

C. Intrusion prevention system

D. Multiple vulnerability scanners

Which of the following examples would be best mitigated by input sanitization?

A. nmap -p- 10.11.1.130

B. Email message: “Click this link to get your free gift card.”

C. Browser message: “Your connection is not private.”

Which of the following would be the BEST resource for a software developer who is looking to improve secure coding practices for web applications?

A. OWASP

B. Vulnerability scan results

C. NIST CSF

D. Third-party libraries

Two organizations plan to collaborate on the evaluation of new SIEM solutions for their respective companies. A combined effort from both organizations' SOC teams would speed up the effort. Which of the following can be written to document this agreement?

A. MOU

B. ISA

C. SLA

D. NDA

The Chief Information Security officer wants to put security measures in place to protect P

A. The organization needs to use its existing labeling and classification system to accomplish this goal. Which of the following would most likely be configured to meet the requirements?

B. Tokenization

C. S/MIME

D. DLP

E. MFA

A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirement?

A. Asymmetric

B. Symmetric

C. Homomorphic

D. Ephemeral

A security analyst is assessing a new y developed web application by testing SQL injection, CSRF, and XML injection. Which of the follow ng frameworks should the analyst consider?

A. ISO

B. MITRE ATT&CK

C. OWASP

D. NIST

In which of the following scenarios is tokenization the best privacy technique to use?

A. Providing pseudo-anonymization for social media user accounts

B. Serving as a second factor for authentication requests

C. Enabling established customers to safely store credit card information

D. Masking personal information inside databases by segmenting data

A company is switching to a remote work model for all employees. All company and employee resources will be in the cloud. Employees must use their personal computers to access the cloud computing environment. The company will manage the operating system. Which of the following deployment models is the company implementing?

A. CYOD

B. MDM

C. COPE

D. VDI

Which of the following would provide guidelines on how to label new network devices as part of the initial configuration?

A. IP schema

B. Application baseline configuration

C. Standard naming convention policy

D. Wireless LAN and network perimeter diagram

A software company adopted the following processes before releasing software to production:
· Peer review
· Static code scanning
· Signing
A considerable number of vulnerabilities are still being detected when code is executed on production. Which of the following security tools can improve vulnerability detection on this environment?

A. File integrity monitoring for the source code

B. Dynamic code analysis tool

C. Encrypted code repository

D. Endpoint detection and response solution

A security analyst reviews web server logs and notices the following lines:

Which of the following vulnerabilities is the attacker trying to exploit?

A. Token reuse

B. SQLi

C. CSRF

D. XSS

An external vendor recently visited a company's headquarters for a presentation. Following the visit, a member of the hosting team found a file that the external vendor left behind on a server. The file contained detailed architecture information and code snippets. Which of the following data types best describes this file?

A. Government

B. Public

C. Proprietary

D. Critical

A security analyst needs to harden access to a network. One of the requirements is to authenticate users with smart cards. Which of the following should the analyst enable to best meet this requirement?

A. CHAP

B. PEAP

C. MS-CHAPv2

D. EAP-TLS

An administrator is investigating an incident and discovers several users' computers were infected with malware after viewing files that were shared with them. The administrator discovers no degraded performance in the infected machines and an examination of the log files does not show excessive failed logins. Which of the following attacks is most likely the cause of the malware?

A. Malicious flash drive

B. Remote access Trojan

C. Brute-forced password

D. Cryptojacking

Which of the following is a reason to publish files' hashes?

A. To validate the integrity of the files

B. To verify if the software was digitally signed

C. To use the hash as a software activation key

D. To use the hash as a decryption passphrase

Which of the following is a security best practice that ensures the integrity of aggregated log files within a SIEM?

A. Set up hashing on the source log file servers that complies with local regulatory requirements.

B. Back up the aggregated log files at least two times a day or as stated by local regulatory requirements.

C. Write protect the aggregated log files and move them to an isolated server with limited access.

D. Back up the source log files and archive them for at least six years or in accordance with local regulatory requirements.

A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company information on user devices. Which of the following solutions would BEST support the policy?

A. Mobile device management

B. Full-device encryption

C. Remote wipe

D. Biometrics

A security operations technician is searching the log named /var/messages for any events that were associated with a workstation with the IP address 10.1.1.1. Which of the following would provide this information?

A. cat /var/messages | grep 10.1.1.1

B. grep 10.1.1.1 | cat /var/messages

C. grep /var/messages | cat 10.1.1.1

D. cat 10.1.1.1 | grep /var/messages

A company wants to simplify the certificate management process. The company has a single domain with several dozen subdomains, all of which are publicly accessible on the internet. Which of the following BEST describes the type of certificate the company should implement?

A. Subject alternative name

B. Wildcard

C. Self-signed

D. Domain validation

When a newly developed application was tested, a specific internal resource was unable to be accessed. Which of the following should be done to ensure the application works correctly?

A. Modify the allow/deny list for those specific resources.

B. Follow the secure coding practices for the internal resource.

C. configure the application in a sandbox environment.

D. Utilize standard network protocols.

Which of the following is used to ensure that evidence is admissible in legal proceedings when it is collected and provided to the authorities?

A. Chain of custody

B. Legal hold

C. Event log

D. Artifacts

During a forensic investigation, a security analyst discovered that the following command was run on a compromised host:
crackmapexec smb 192.168.10.232 -u localadmin -H 0A3CE8D07A46E5C51070F03593E0A5E6
Which of the following attacks occurred?

A. Buffer over flow

B. Pass the hash

C. SQL injection

D. Replay attack

A company is implementing a DLP solution on the file server. The file server has PII, financial information, and health information stored on it. Depending on what type of data that is hosted on the file server, the company wants different DLP rules assigned to the data. Which of the following should the company do to help accomplish this goal?

A. Classify the data.

B. Mask the data.

C. Assign the application owner.

D. Perform a risk analysis.

An analyst is reviewing logs associated with an attack. The logs indicate an attacker downloaded a malicious file that was quarantined by the AV solution. The attacker utilized a local non-administrative account to restore the malicious file to a new location. The file was then used by another process to execute a payload.
Which of the following attacks did the analyst observe?

A. Privilege escalation

B. Request forgeries

C. Injection

D. Replay attack

A grocery store is expressing security and reliability concerns regarding the on-site backup strategy currently being performed by locally attached disks. The main concerns are the physical security of the backup media and the durability of the data stored on these devices. Which of the following is a cost-effective approach to address these concerns?

A. Enhance resiliency by adding a hardware RAI

B. Move data to a tape library and store the tapes off-site.

C. Install a local network-attached storage.

D. Migrate to a cloud backup solution.

A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops. No known indicators of compromise have been found on the network. Which of the following should the team do first to secure the environment?

A. Contain the impacted hosts.

B. Add the malware to the application blocklist.

C. Segment the core database server.

D. Implement firewall rules to block outbound beaconing.

A security analyst is assessing several company rewalls. Which of the following tools would the analyst most likely use to generate custom packets to use during the assessment?

A. hping

B. Wireshark

C. PowerShell

D. netstat

Which of the following documents provides guidance regarding the recommended deployment of network security systems from the manufacturer?

A. Cloud control matrix

B. Reference architecture

C. NIST RMF

D. CIS Top 20

Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data processors?

A. SSAE SOC 2

B. PCI DSS

C. GDPR

D. ISO 31000

The Chief Compliance officer from a bank has approved a background check policy for all new hires. Which of the following is the policy MOST likely protecting against?

A. Preventing any current employees’ siblings from working at the bank to prevent nepotism

B. Hiring an employee who has been convicted of theft to adhere to industry compliance

C. Filtering applicants who have added false information to resumes so they appear better quali ed

D. Ensuring no new hires have worked at other banks that may be trying to steal customer information C

Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server?

A. The document is a honey file and is meant to attract the attention of a cyberintruder.

B. The document is a backup file if the system needs to be recovered.

C. The document is a standard file that the OS needs to verify the login credentials.

D. The document is a keylogger that stores all keystrokes should the account be compromised.

Which of the following best describes the situation where a successfully onboarded employee who is using a fingerprint reader is denied access at the company's main gate?

A. Crossover error rate

B. False match rate

C. False rejection

D. False positive

A network engineer and a security engineer are discussing ways to monitor network operations. Which of the following is the BEST method?

A. Disable Telnet and force SS

B. Establish a continuous ping.

C. Utilize an agentless monitor.

D. Enable SNMPv3 with passwords.

An organization is concerned that its hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities?

A. hping3 -S comptia-org -p 80

B. nc -l -v comptia.org -p 80

C. nmap comptia.org -p 80 -sV

D. nslookup ­port=80 comptia.org

The Chief Information Security officer is concerned about employees using personal email rather than company email to communicate with clients and sending sensitive business information and PII. Which of the following would be the BEST solution to install on the employees' workstations to prevent information from leaving the company's network?

A. HIPS

B. DLP

C. HIDS

D. EDR

Joe, a user at a company, clicked an email link that led to a website that infected his workstation. Joe was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and it has continued to evade detection. Which of the following should a security administrator implement to protect the environment from this malware?

A. Install a definition-based antivirus.

B. Implement an IDS/IPS.

C. Implement a heuristic behavior-detection solution.

D. Implement CASB to protect the network shares.

A security analyst is concerned about critical vulnerabilities that have been detected on some applications running inside containers. Which of the following is the
BEST remediation strategy?

A. Update the base container Image and redeploy the environment.

B. Include the containers in the regular patching schedule for servers.

C. Patch each running container individually and test the application.

D. Update the host in which the containers are running.

During a recent security incident at a multinational corporation a security analyst found the following logs for an account called user:

Which of the following account policies would BEST prevent attackers from logging in as user?

A. Impossible travel time

B. Geofencing

C. Time-based logins

D. Geolocation

A software company has a shared codebase for multiple projects using the following strategy:
· Unused features are deactivated but still present on the code.
· New customer requirements trigger additional development work.
Which of the following will most likely occur when the company uses this strategy?

A. Malicious code

B. Dead code

C. Outsourced code

D. Code obfuscation

An employee received multiple messages on a mobile device. The messages were instructing the employee to pair the device to an unknown device. Which of the follow ng best describes what a malicious person might be doing to cause this issue to occur?

A. Jamming

B. Bluesnar ng

C. Evil twin attack

D. Rogue access point

A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because the score allows the organization to better:

A. validate the vulnerability exists in the organization’s network through penetration testing.

B. research the appropriate mitigation techniques in a vulnerability database.

C. find the software patches that are required to mitigate a vulnerability.

D. prioritize remediation of vulnerabilities based on the possible impact.

Which of the following environments utilizes a subset of customer data and is most likely to be used to assess the impacts of major system upgrades and demonstrate system features?

A. Development

B. Test

C. Production

D. Staging

An audit identified PII being utilized in the development environment of a critical application. The Chief Privacy officer (CPO) is adamant that this data must be removed; however, the developers are concerned that without real data they cannot perform functionality tests and search for specific data. Which of the following should a security professional implement to best satisfy both the CPO's and the development team's requirements?

A. Data purge

B. Data encryption

C. Data masking

D. Data tokenization

A news article states hackers have been selling access to IoT camera feeds. Which of the following is the MOST likely reason for this issue?

A. Outdated software

B. Weak credentials

C. Lack of encryption

D. Backdoors

A security engineer needs to implement an MDM solution that complies with the corporate mobile device policy. The policy states that in order for mobile users to access corporate resources on their devices, the following requirements must be met:
· Mobile device OSs must be patched up to the latest release.
· A screen lock must be enabled (passcode or biometric).
· Corporate data must be removed if the device is reported lost or stolen.
Which of the following controls should the security engineer configure? (Choose two.)

A. Containerization

B. Storage segmentation

C. Posturing

D. Remote wipe

E. Full-device encryption

F. Geofencing

A security analyst is scanning a company's public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?

A. Changing the remote desktop port to a non-standard number

B. Setting up a VPN and placing the jump server inside the firewall

C. Using a proxy for web connections from the remote desktop server

D. Connecting the remote server to the domain and increasing the password length B