Black Friday Day Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

Question # 6

A systems analyst is responsible for generating a new digital forensics chain-of-custody form Which of the following should the analyst Include in this documentation? (Select TWO).

A.

The order of volatility

B.

A checksum

C.

The location of the artifacts

D.

The vendor's name

E.

The date and time

F.

A warning banner

Full Access
Question # 7

An organization has been experiencing outages during holiday sales and needs to ensure availability of its point-of-sale systems The IT administrator has been asked to improve both server-data fault tolerance and site availability under high consumer load Which of the following are the BEST options to accomplish this objective'? (Select TWO)

A.

Load balancing

B.

Incremental backups

C.

UPS

D.

RAID

E.

Dual power supply

F.

NIC teaming

Full Access
Question # 8

Which of the following environments minimizes end-user disruption and is MOST likely to be used to assess the impacts of any database migrations or major system changes by using the final version of the code?

A.

Staging

B.

Test

C.

Production

D.

Development

Full Access
Question # 9

A security manager for a retailer needs to reduce the scope of a project to comply with PCI DSS. The PCI data is located in different offices than where credit cards are accepted. All the offices are connected via MPLS back to the primary datacenter. Which of the following should the security manager implement to achieve the objective?

A.

Segmentation

B.

Containment

C.

Geofencing

D.

Isolation

Full Access
Question # 10

A security analyst is configuring a large number of new company-issued laptops. The analyst received the following requirements:

• The devices will be used internationally by staff who travel extensively.

• Occasional personal use is acceptable due to the travel requirements.

• Users must be able to install and configure sanctioned programs and productivity suites.

• The devices must be encrypted

• The devices must be capable of operating in low-bandwidth environments.

Which of the following would provide the GREATEST benefit to the security posture of the devices?

A.

Configuring an always-on VPN

B.

Implementing application whitelisting

C.

Requiring web traffic to pass through the on-premises content filter

D.

Setting the antivirus DAT update schedule to weekly

Full Access
Question # 11

A security engineer has enabled two-factor authentication on all workstations. Which of the following approaches are the MOST secure? (Select TWO).

A.

Password and security question

B.

Password and CAPTCHA

C.

Password and smart card

D.

Password and fingerprint

E.

Password and one-time token

F.

Password and voice

Full Access
Question # 12

A network engineer needs to create a plan for upgrading the wireless infrastructure in a large office Priority must be given to areas that are currently experiencing latency and connection issues. Which of the following would be the BEST resource for determining the order of priority?

A.

Nmapn

B.

Heat maps

C.

Network diagrams

D.

Wireshark

Full Access
Question # 13

A cybersecurity department purchased o new PAM solution. The team is planning to randomize the service account credentials of the Windows server first. Which of the following would be the BEST method to increase the security on the Linux server?

A.

Randomize the shared credentials

B.

Use only guest accounts to connect.

C.

Use SSH keys and remove generic passwords

D.

Remove all user accounts.

Full Access
Question # 14

A company's Chief Information Security Officer (CISO) recently warned the security manager that the company’s Chief Executive Officer (CEO) is planning to publish a controversial option article in a national newspaper, which may result in new cyberattacks Which of the following would be BEST for the security manager to use in a threat mode?

A.

Hacktivists

B.

White-hat hackers

C.

Script kiddies

D.

Insider threats

Full Access
Question # 15

A network administrator has been asked to design a solution to improve a company's security posture The administrator is given the following, requirements?

• The solution must be inline in the network

• The solution must be able to block known malicious traffic

• The solution must be able to stop network-based attacks

Which of the following should the network administrator implement to BEST meet these requirements?

A.

HIDS

B.

NIDS

C.

HIPS

D.

NIPS

Full Access
Question # 16

The facilities supervisor for a government agency is concerned about unauthorized access to environmental systems in the event the staff WiFi network is breached. Which of the blowing would BEST address this security concern?

A.

install a smart meter on the staff WiFi.

B.

Place the environmental systems in the same DHCP scope as the staff WiFi.

C.

Implement Zigbee on the staff WiFi access points.

D.

Segment the staff WiFi network from the environmental systems network.

Full Access
Question # 17

Which of the following types of controls is a CCTV camera that is not being monitored?

A.

Detective

B.

Deterrent

C.

Physical

D.

Preventive

Full Access
Question # 18

After consulting with the Chief Risk Officer (CRO). a manager decides to acquire cybersecurity insurance for the company Which of the following risk management strategies is the manager adopting?

A.

Risk acceptance

B.

Risk avoidance

C.

Risk transference

D.

Risk mitigation

Full Access
Question # 19

A security analyst needs to perform periodic vulnerability scans on production systems. Which of the following scan Types would produce the BEST vulnerability scan report?

A.

Port

B.

Intrusive

C.

Host discovery

D.

Credentialed

Full Access
Question # 20

An organization routes all of its traffic through a VPN Most users are remote and connect into a corporate datacenter that houses confidential information There is a firewall at the Internet border followed by a DIP appliance, the VPN server and the datacenter itself. Which of the following is the WEAKEST design element?

A.

The DLP appliance should be integrated into a NGFW.

B.

Split-tunnel connections can negatively impact the DLP appliance's performance

C.

Encrypted VPN traffic will not be inspected when entering or leaving the network

D.

Adding two hops in the VPN tunnel may slow down remote connections

Full Access
Question # 21

Which of the following provides the BEST protection for sensitive information and data stored in cloud-based services but still allows for full functionality and searchability of data within the cloud-based services?

A.

Data encryption

B.

Data masking

C.

Anonymization

D.

Tokenization

Full Access
Question # 22

A security analyst is performing a packet capture on a series of SOAP HTTP requests for a security assessment. The analyst redirects the output to a file After the capture is complete, the analyst needs to review the first transactions quickly and then search the entire series of requests for a particular string Which of the following would be BEST to use to accomplish the task? (Select TWO).

A.

head

B.

Tcpdump

C.

grep

D.

rail

E.

curl

F.

openssi

G.

dd

Full Access
Question # 23

A cyberthreat intelligence analyst is gathering data about a specific adversary using OSINT techniques. Which of the following should the analyst use?

A.

Internal log files

B.

Government press releases

C.

Confidential reports

D.

Proprietary databases

Full Access
Question # 24

A smart retail business has a local store and a newly established and growing online storefront. A recent storm caused a power outage to the business and the local ISP, resulting in several hours of lost sales and delayed order processing. The business owner now needs to ensure two things:

* Protection from power outages

* Always-available connectivity In case of an outage

The owner has decided to implement battery backups for the computer equipment Which of the following would BEST fulfill the owner's second need?

A.

Lease a point-to-point circuit to provide dedicated access.

B.

Connect the business router to its own dedicated UPS.

C.

Purchase services from a cloud provider for high availability

D Replace the business's wired network with a wireless network.

Full Access
Question # 25

After a hardware incident, an unplanned emergency maintenance activity was conducted to rectify the issue. Multiple alerts were generated on the SIEM during this period of time. Which of the following BEST explains what happened?

A The unexpected traffic correlated against multiple rules, generating multiple alerts.

B. Multiple alerts were generated due to an attack occurring at the same time.

C. An error in the correlation rules triggered multiple alerts.

D. The SIEM was unable to correlate the rules, triggering the alerts.

Full Access
Question # 26

The new Chief Executive Officer (CEO) of a large company has announced a partnership with a vendor that will provide multiple collaboration applications t

make remote work easier. The company has a geographically dispersed staff located in numerous remote offices in different countries. The company's IT

administrators are concerned about network traffic and load if all users simultaneously download the application. Which of the following would work BEST to

allow each geographic region to download the software without negatively impacting the corporate network?

A.

Update the host IDS rules.

B.

Enable application whitelisting.

C.

Modify the corporate firewall rules.

D.

Deploy all applications simultaneously.

Full Access
Question # 27

Entering a secure area requires passing through two doors, both of which require someone who is already inside to initiate access. Which of the following types of physical security controls does this describe?

A.

Cameras

B.

Faraday cage

C.

Access control vestibule

D.

Sensors

E.

Guards

Full Access
Question # 28

A user's PC was recently infected by malware. The user has a legacy printer without vendor support, and the user's OS is fully patched. The user downloaded a driver package from the internet. No threats were found on the downloaded file, but during file installation, a malicious runtime threat was detected. Which of the following is MOST likely cause of the infection?

A.

The driver has malware installed and was refactored upon download to avoid detection.

B.

The user's computer has a rootkit installed that has avoided detection until the new driver overwrote key files.

C.

The user's antivirus software definition were out of date and were damaged by the installation of the driver

D.

The user's computer has been infected with a logic bomb set to run when new driver was installed.

Full Access
Question # 29

A security analyst is investigating a vulnerability in which a default file permission was set incorrectly. The company uses non-credentialed scanning for vulnerability management.

Which of the following tools can the analyst use to verify the permissions?

A.

ssh

B.

chmod

C.

1s

D.

setuid

E.

nessus

F.

nc

Full Access
Question # 30

Developers are writing code and merging it into shared repositories several times a day, where it is tested automatically. Which of the following concepts does this BEST represent?

A.

Functional testing

B.

Stored procedures

C.

Elasticity

D.

Continuous integration

Full Access
Question # 31

A multinational organization that offers web-based services has datacenters that are located only in the United States; however, a large number of its customers are in Australia, Europe, and China. Payments for services are managed by a third party in the United Kingdom that specializes in payment gateways. The management team is concerned the organization is not compliant with privacy laws that cover some of its customers. Which of the following frameworks should

the management team follow?

A.

Payment Card Industry Data Security Standard

B.

Cloud Security Alliance Best Practices

C.

ISO/IEC 27032 Cybersecurity Guidelines

D.

General Data Protection Regulation

Full Access
Question # 32

A remote user recently took a two-week vacation abroad and brought along a corporate-owned laptop. Upon returning to work, the user has been unable to connect the laptop to the VPN. Which of the following is the MOST likely reason for the user's inability to connect the laptop to the VPN? (Select TWO).

A.

Due to foreign travel, the user's laptop was isolated from the network.

B.

The user's laptop was quarantined because it missed the latest patch update.

C.

The VPN client was blacklisted.

D.

The user's account was put on a legal hold.

E.

The laptop is still configured to connect to an international mobile network operator.

F.

The user in unable to authenticate because they are outside of the organization's mobile geofencing configuration.

Full Access
Question # 33

A security researching is tracking an adversary by noting its attack and techniques based on its capabilities, infrastructure, and victims. Which of the following is the researcher MOST likely using?

A.

The Diamond Model of intrusion Analysis

B.

The Cyber Kill Chain\

C.

The MITRE CVE database

D.

The incident response process

Full Access
Question # 34

O: 433

Which of the following holds staff accountable while escorting unauthorized personnel?

A.

Locks

B.

Badges

C.

Cameras

D.

Visitor logs

Full Access
Question # 35

The spread of misinformation surrounding the outbreak of a novel virus on election day ted to eligible voters choosing not to take the risk of going to the polls This is an example of:

A.

prepending.

B.

an influence campaign

C.

a watering-hole attack

D.

intimidation

E.

information elicitation

Full Access
Question # 36

Which two features are available only in next-generation firewalls? (Choose two )

A.

deep packet inspection

B.

packet filtering

C.

application awareness

D.

stateful inspection

E.

virtual private network

Full Access
Question # 37

When implementing automation with loT devices, which of the following should be considered FIRST to keep the network secure?

A.

Z-Wave compatibility

B.

Network range

C.

Zigbee configuration

D.

Communication protocols

Full Access
Question # 38

A company is implementing a new SIEM to log and send alerts whenever malicious activity is blocked by its antivirus and web content filters. Which of the following is the primary use case for this scenario?

A.

Implementation of preventive controls

B.

Implementation of detective controls

C.

Implementation of deterrent controls

D.

Implementation of corrective controls

Full Access
Question # 39

Which of the following is an example of risk avoidance?

A.

Installing security updates directly in production to expedite vulnerability fixes

B.

Buying insurance to prepare for financial loss associated with exploits

C.

Not installing new software to prevent compatibility errors

D.

Not taking preventive measures to stop the theft of equipment

Full Access
Question # 40

A security administrator is trying to determine whether a server is vulnerable to a range of attacks. After using a tool, the administrator obtains the following output:

Which of the following attacks was successfully implemented based on the output?

A.

Memory leak

B.

Race conditions

C.

SQL injection

D.

Directory traversal

Full Access
Question # 41

A security administrator has noticed unusual activity occurring between different global instances and workloads and needs to identify the source of the unusual traffic. Which of the following log sources would be BEST to show the source of the unusual traffic?

A.

HIDS

B.

UEBA

C.

CASB

D.

VPC

Full Access
Question # 42

Which of the following terms should be included in a contract to help a company monitor the ongoing security maturity of a new vendor?

A.

A right-to-audit clause allowing for annual security audits

B.

Requirements for event logs to be kept for a minimum of 30 days

C.

Integration of threat intelligence in the company's AV

D.

A data-breach clause requiring disclosure of significant data loss

Full Access
Question # 43

A developer is building a new portal to deliver single-pane-of-glass management capabilities to customers with multiple firewalls. To Improve the user experience, the developer wants to implement an authentication and authorization standard that uses security tokens that contain assertions to pass user Information between nodes. Which of the following roles should the developer configure to meet these requirements? (Select TWO).

A.

Identity processor

B.

Service requestor

C.

Identity provider

D.

Service provider

E.

Tokenized resource

F.

Notarized referral

Full Access
Question # 44

The Chief Information Security Officer wants to pilot a new adaptive, user-based authentication method. The concept Includes granting logical access based on physical location and proximity. Which of the following Is the BEST solution for the pilot?

A.

Geofencing

B.

Self-sovereign identification

C.

PKl certificates

D.

SSO

Full Access
Question # 45

A retail company that is launching a new website to showcase the company's product line and other information for online shoppers registered the following URLs:

Which of the following should the company use to secure its website rf the company is concerned with convenience and cost?

A.

A self-signed certificate

B.

A root certificate

C.

A code-signing certificate

D.

A wildcard certificate

E.

An extended validation certificate

Full Access
Question # 46

An organization is concerned that is hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities?

A.

Hping3 –s comptia, org –p 80

B.

Nc -1 –v comptia, org –p 80

C.

nmp comptia, org –p 80 –aV

D.

nslookup –port=80 comtia.org

Full Access
Question # 47

An organization that is located in a flood zone is MOST likely to document the concerns associated with the restoration of IT operation in a:

A.

business continuity plan

B.

communications plan.

C.

disaster recovery plan.

D.

continuity of operations plan

Full Access
Question # 48

The website http://companywebsite.com requires users to provide personal information including security responses, for

registration. which of the following would MOST likely cause a date breach?

A.

LACK OF INPUT VALIDATION

B.

OPEN PERMISSIONS

C.

UNSCECURE PROTOCOL

D.

MISSING PATCHES

Full Access
Question # 49

A security analyst is performing a forensic investigation compromised account credentials. Using the Event Viewer, the analyst able to detect the following message, ‘’Special privileges assigned to new login.’’ Several of these messages did not have a valid logon associated with the user before these privileges were assigned. Which of the following attacks is MOST likely being detected?

A.

Pass-the-hash

B.

Buffer overflow

C.

Cross-site scripting

D.

Session replay

Full Access
Question # 50

Which of the following would MOST likely support the integrity of a voting machine?

A.

Asymmetric encryption

B.

Blockchain

C.

Transport Layer Security

D.

Perfect forward secrecy

Full Access
Question # 51

A security audit has revealed that a process control terminal is vulnerable to malicious users installing and executing software on the system. The terminal is beyond end-of-life support and cannot be upgraded, so it is placed on a projected network segment. Which of the following would be MOST effective to implement to further mitigate the reported vulnerability?

A.

DNS sinkholding

B.

DLP rules on the terminal

C.

An IP blacklist

D.

Application whitelisting

Full Access
Question # 52

A user recently entered a username and password into a recruiting application website that had been forged to look like the legitimate site Upon investigation, a security analyst the identifies the following:

• The legitimate websites IP address is 10.1.1.20 and eRecruit local resolves to the IP

• The forged website's IP address appears to be 10.2.12.99. based on NetFtow records

• AH three at the organization's DNS servers show the website correctly resolves to the legitimate IP

• DNS query logs show one of the three DNS servers returned a result of 10.2.12.99 (cached) at the approximate time of the suspected compromise.

Which of the following MOST likely occurred?

A.

A reverse proxy was used to redirect network traffic

B.

An SSL strip MITM attack was performed

C.

An attacker temporarily pawned a name server

D.

An ARP poisoning attack was successfully executed

Full Access
Question # 53

Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the read data?

A.

Data encryption

B.

Data masking

C.

Data deduplication

D.

Data minimization

Full Access
Question # 54

A university with remote campuses, which all use different service providers, loses Internet connectivity across all locations. After a few minutes, Internet and VoIP services are restored, only to go offline again at random intervals, typically within four minutes of services being restored. Outages continue throughout the day, impacting all inbound and outbound connections and services. Services that are limited to the local LAN or WiFi network are not impacted, but all WAN and VoIP services are affected.

Later that day, the edge-router manufacturer releases a CVE outlining the ability of an attacker to exploit the SIP protocol handling on devices, leading to resource exhaustion and system reloads. Which of the following BEST describe this type of attack? (Choose two.)

A.

DoS

B.

SSL stripping

C.

Memory leak

D.

Race condition

E.

Shimming

F.

Refactoring

Full Access
Question # 55

A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logon attempts to access the departed executive's accounts. Which of the following security practices would have addressed the issue?

A.

A non-disclosure agreement

B.

Least privilege

C.

An acceptable use policy

D.

Ofboarding

Full Access
Question # 56

Which of the following will MOST likely adversely impact the operations of unpatched traditional programmable-logic controllers, running a back-end LAMP server and OT systems with human-management interfaces that are accessible over the Internet via a web interface? (Choose two.)

A.

Cross-site scripting

B.

Data exfiltration

C.

Poor system logging

D.

Weak encryption

E.

SQL injection

F.

Server-side request forgery

Full Access
Question # 57

A software developer needs to perform code-execution testing, black-box testing, and non-functional testing on a new product before its general release. Which of the following BEST describes the tasks the developer is conducting?

A.

Verification

B.

Validation

C.

Normalization

D.

Staging

Full Access
Question # 58

A security administrator suspects an employee has been emailing proprietary information to a competitor. Company policy requires the administrator to capture an exact copy of the employee’s hard disk. Which of the following should the administrator use?

A.

dd

B.

chmod

C.

dnsenum

D.

logger

Full Access
Question # 59

A RAT that was used to compromise an organization’s banking credentials was found on a user’s computer. The RAT evaded antivirus detection. It was installed by a user who has local administrator rights to the system as part of a remote management tool set. Which of the following recommendations would BEST prevent this from reoccurring?

A.

Create a new acceptable use policy.

B.

Segment the network into trusted and untrusted zones.

C.

Enforce application whitelisting.

D.

Implement DLP at the network boundary.

Full Access
Question # 60

Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in a software company’s final software releases? (Select TWO.)

A.

Unsecure protocols

B.

Use of penetration-testing utilities

C.

Weak passwords

D.

Included third-party libraries

E.

Vendors/supply chain

F.

Outdated anti-malware software

Full Access
Question # 61

A root cause analysis reveals that a web application outage was caused by one of the company’s developers uploading a newer version of the third-party libraries that were shared among several applications. Which of the following implementations would be BEST to prevent the issue from reoccurring?

A.

CASB

B.

SWG

C.

Containerization

D.

Automated failover

Full Access
Question # 62

Which of the following would be the BEST method for creating a detailed diagram of wireless access points and hot-spots?

A.

Footprinting

B.

White-box testing

C.

A drone/UAV

D.

Pivoting

Full Access
Question # 63

The IT department’s on-site developer has been with the team for many years. Each time an application is released, the security team is able to identify multiple vulnerabilities. Which of the following would BEST help the team ensure the application is ready to be released to production?

A.

Limit the use of third-party libraries.

B.

Prevent data exposure queries.

C.

Obfuscate the source code.

D.

Submit the application to QA before releasing it.

Full Access
Question # 64

A system administrator needs to implement an access control scheme that will allow an object’s access policy be determined by its owner. Which of the following access control schemes BEST fits the requirements?

A.

Role-based access control

B.

Discretionary access control

C.

Mandatory access control

D.

Attribute-based access control

Full Access
Question # 65

A network administrator has been alerted that web pages are experiencing long load times. After determining it is not a routing or DNS issue, the administrator logs in to the router, runs a command, and receives the following output:

Which of the following is the router experiencing?

A.

DDoS attack

B.

Memory leak

C.

Buffer overflow

D.

Resource exhaustion

Full Access
Question # 66

A cybersecurity analyst reviews the log files from a web server and sees a series of files that indicates a directory-traversal attack has occurred. Which of the following is the analyst MOST likely seeing?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 67

A security assessment determines DES and 3DES at still being used on recently deployed production servers. Which of the following did the assessment identify?

A.

Unsecme protocols

B.

Default settings

C.

Open permissions

D.

Weak encryption

Full Access
Question # 68

A startup company is using multiple SaaS and IaaS platform to stand up a corporate infrastructure and build out a customer-facing web application. Which of the following solutions would be BEST to provide security, manageability, and visibility into the platforms?

A.

SIEM

B.

DLP

C.

CASB

D.

SWG

Full Access
Question # 69

A large industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs the company's security manager notices the generator's IP is sending packets to an internal file server's IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?

A.

Segmentation

B.

Firewall whitelisting

C.

Containment

D.

isolation

Full Access