You have already completed the Test before. Hence you can not start it again.
Test is loading...
You must sign in or sign up to start the Test.
You have to finish following quiz, to start this Test:
Your results are here!! for" CompTIA SecurityX (CAS-005) Practice Test 2 "
0 of 65 questions answered correctly
Your time:
Time has elapsed
Your Final Score is : 0
You have attempted : 0
Number of Correct Questions : 0 and scored 0
Number of Incorrect Questions : 0 and Negative marks 0
Average score
Your score
CompTIA SecurityX
You have attempted: 0
Number of Correct Questions: 0 and scored 0
Number of Incorrect Questions: 0 and Negative marks 0
You can review your answers by clicking view questions. Important Note : Open Reference Documentation Links in New Tab (Right Click and Open in New Tab).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
Answered
Review
Question 1 of 65
1. Question
Your organization does not have an e-discovery process in place. Management has asked you to provide an explanation for why ediscovery is so important. What is the primary reason for this process?
Correct
The primary reason for having an e-discovery process is to provide evidence in a digital investigation.
Incorrect
The primary reason for having an e-discovery process is to provide evidence in a digital investigation.
Unattempted
The primary reason for having an e-discovery process is to provide evidence in a digital investigation.
Question 2 of 65
2. Question
You are working with a project team to deploy several new firewalls. The initiation stage is complete, and now the team is
engaged in the acquisition stage. Which step should the team complete as part of this stage?
Correct
During the acquisition stage, you should design the security architecture.
Incorrect
During the acquisition stage, you should design the security architecture.
Unattempted
During the acquisition stage, you should design the security architecture.
Question 3 of 65
3. Question
Your organization must comply with several industry and governmental standards to protect private and confidential
information. You must analyze which standards to implement. Which standards should you consider?
Correct
You should consider open standards, de facto standards, and de jure standards.
Incorrect
You should consider open standards, de facto standards, and de jure standards.
Unattempted
You should consider open standards, de facto standards, and de jure standards.
Question 4 of 65
4. Question
Which of the following is a cloud solution owned and managed by one company solely for that company’s use?
Correct
A private cloud is a solution owned and managed by one company solely for that company’s use. It provides the most control and security but also requires the biggest investment in both hardware and expertise.
Incorrect
A private cloud is a solution owned and managed by one company solely for that company’s use. It provides the most control and security but also requires the biggest investment in both hardware and expertise.
Unattempted
A private cloud is a solution owned and managed by one company solely for that company’s use. It provides the most control and security but also requires the biggest investment in both hardware and expertise.
Question 5 of 65
5. Question
The chief security officer wants to know the most popular biometric methods, based on user acceptance. Which of the
following is the most popular biometric method, based on user acceptance?
Correct
The following is a list of the most popular biometric methods, ranked by user acceptance, starting with the methods that are most popular: 1. Voice pattern 2. Keystroke pattern 3. Signature dynamics 4. Hand geometry 5. Hand print 930 6. Fingerprint 7. Iris scan 8. Retina scan
Incorrect
The following is a list of the most popular biometric methods, ranked by user acceptance, starting with the methods that are most popular: 1. Voice pattern 2. Keystroke pattern 3. Signature dynamics 4. Hand geometry 5. Hand print 930 6. Fingerprint 7. Iris scan 8. Retina scan
Unattempted
The following is a list of the most popular biometric methods, ranked by user acceptance, starting with the methods that are most popular: 1. Voice pattern 2. Keystroke pattern 3. Signature dynamics 4. Hand geometry 5. Hand print 930 6. Fingerprint 7. Iris scan 8. Retina scan
Question 6 of 65
6. Question
Management expresses concerns about using multitenant public cloud solutions to store organizational data. You explain that
tenant data in a multitenant solution is quarantined from other tenants’ data using tenant IDs in the data labels. What is this
condition referred to?
Correct
Data isolation ensures that tenant data in a multitenant solution is isolated from other tenants’ data via tenant IDs in the data labels.
Incorrect
Data isolation ensures that tenant data in a multitenant solution is isolated from other tenants’ data via tenant IDs in the data labels.
Unattempted
Data isolation ensures that tenant data in a multitenant solution is isolated from other tenants’ data via tenant IDs in the data labels.
Question 7 of 65
7. Question
During a recent data breach at your organization, a forensic expert was brought in to ensure that the evidence was retained in a proper manner. The forensic expert stressed the need to ensure the chain of custody. Which of the following components is not part of the chain of custody?
Correct
The chain of custody is not concerned with who detected the evidence. The chain of custody shows who controlled the evidence, who secured the evidence, and who obtained the evidence.
Incorrect
The chain of custody is not concerned with who detected the evidence. The chain of custody shows who controlled the evidence, who secured the evidence, and who obtained the evidence.
Unattempted
The chain of custody is not concerned with who detected the evidence. The chain of custody shows who controlled the evidence, who secured the evidence, and who obtained the evidence.
Question 8 of 65
8. Question
Which of the following is not an advantage of virtualization?
Correct
The same security issues that must be mitigated in the physical environment must also be addressed in the virtual network.
Incorrect
The same security issues that must be mitigated in the physical environment must also be addressed in the virtual network.
Unattempted
The same security issues that must be mitigated in the physical environment must also be addressed in the virtual network.
Question 9 of 65
9. Question
During the design of a new application, the programmers need to determine the performance and security impact of the new application on the enterprise. Who should collaborate with the programmers to determine this information?
Correct
The programmers should collaborate with the network administrator to determine the performance and security impact of the new application on the enterprise.
Incorrect
The programmers should collaborate with the network administrator to determine the performance and security impact of the new application on the enterprise.
Unattempted
The programmers should collaborate with the network administrator to determine the performance and security impact of the new application on the enterprise.
Question 10 of 65
10. Question
Your organization just deployed an enterprise instant messaging solution. The CIO is concerned about the transfer of worms, Trojans, and other malware through the IM connections. Which of the following would not be a measure that could help mitigate the introduction of malware through the IM system?
Correct
Although encryption would help prevent data leakage, it would do nothing to stop the introduction of malware through the IM connection.
Incorrect
Although encryption would help prevent data leakage, it would do nothing to stop the introduction of malware through the IM connection.
Unattempted
Although encryption would help prevent data leakage, it would do nothing to stop the introduction of malware through the IM connection.
Question 11 of 65
11. Question
Which of the following is a software layer that operates as a gatekeeper between the organization’s on-premise network and a
provider’s cloud environment?
Correct
A cloud security broker, or cloud access security broker (CASB), is a software layer that operates as a gatekeeper between an organization’s on-premise network and a provider’s cloud environment.
Incorrect
A cloud security broker, or cloud access security broker (CASB), is a software layer that operates as a gatekeeper between an organization’s on-premise network and a provider’s cloud environment.
Unattempted
A cloud security broker, or cloud access security broker (CASB), is a software layer that operates as a gatekeeper between an organization’s on-premise network and a provider’s cloud environment.
Question 12 of 65
12. Question
Which single sign-on system is used in both UNIX and Microsoft Active Directory?
Correct
AD uses the same authentication and authorization system used in UNIX: Kerberos. This system authenticates a user once and then, through the use of a ticket system, allows the user to perform all actions and access all resources to which he has been given permission without the need to authenticate again.
Incorrect
AD uses the same authentication and authorization system used in UNIX: Kerberos. This system authenticates a user once and then, through the use of a ticket system, allows the user to perform all actions and access all resources to which he has been given permission without the need to authenticate again.
Unattempted
AD uses the same authentication and authorization system used in UNIX: Kerberos. This system authenticates a user once and then, through the use of a ticket system, allows the user to perform all actions and access all resources to which he has been given permission without the need to authenticate again.
Question 13 of 65
13. Question
What documents the security requirements that a new asset must meet?
Correct
A security requirements traceability matrix (SRTM) documents the security requirements that a new asset must meet.
Incorrect
A security requirements traceability matrix (SRTM) documents the security requirements that a new asset must meet.
Unattempted
A security requirements traceability matrix (SRTM) documents the security requirements that a new asset must meet.
Question 14 of 65
14. Question
Your company is planning to procure a web conferencing system to cut costs on travel. You have been asked to investigate the
security issues that should be considered during this process. Which of the following is not an issue to consider?
Correct
While network performance may be a consideration in the selection of a product, it is the only issue listed here that is not a security issue.
Incorrect
While network performance may be a consideration in the selection of a product, it is the only issue listed here that is not a security issue.
Unattempted
While network performance may be a consideration in the selection of a product, it is the only issue listed here that is not a security issue.
Question 15 of 65
15. Question
In which attack does the attacker leave the VM’s normally isolated state and interact directly with the hypervisor?
Correct
In a VMEscape attack, the attacker “breaks out” of a VM’s normally isolated state and interacts directly with the hypervisor. Since VMs often share the same physical resources, if the attacker can discover how his VM’s virtual resources map to the physical resources, he will be able to conduct attacks directly on the real physical resources.
Incorrect
In a VMEscape attack, the attacker “breaks out” of a VM’s normally isolated state and interacts directly with the hypervisor. Since VMs often share the same physical resources, if the attacker can discover how his VM’s virtual resources map to the physical resources, he will be able to conduct attacks directly on the real physical resources.
Unattempted
In a VMEscape attack, the attacker “breaks out” of a VM’s normally isolated state and interacts directly with the hypervisor. Since VMs often share the same physical resources, if the attacker can discover how his VM’s virtual resources map to the physical resources, he will be able to conduct attacks directly on the real physical resources.
Question 16 of 65
16. Question
During a recent security analysis, you determined that users do not use authentication when accessing some private data. What should you do first?
Correct
You should first determine whether authentication can be used. Users should use authentication when accessing private or confidential data.
Incorrect
You should first determine whether authentication can be used. Users should use authentication when accessing private or confidential data.
Unattempted
You should first determine whether authentication can be used. Users should use authentication when accessing private or confidential data.
Question 17 of 65
17. Question
The email administrator has suggested that a technique called SPF should be deployed. What issue does this address?
Correct
Sender Policy Framework (SPF) is an email validation system that works by using DNS to determine whether an email sent by someone has been sent by a host sanctioned by that domain’s administrator. If it can’t be validated, it is not delivered to the recipient’s inbox.
Incorrect
Sender Policy Framework (SPF) is an email validation system that works by using DNS to determine whether an email sent by someone has been sent by a host sanctioned by that domain’s administrator. If it can’t be validated, it is not delivered to the recipient’s inbox.
Unattempted
Sender Policy Framework (SPF) is an email validation system that works by using DNS to determine whether an email sent by someone has been sent by a host sanctioned by that domain’s administrator. If it can’t be validated, it is not delivered to the recipient’s inbox.
Question 18 of 65
18. Question
Which of the following is a new breed of software that comes in
modules allowing for customization by the organization?
Correct
Tailored commercial (or commercial customized) software is a new breed of software that comes in modules, which can be combined to arrive at exactly the components required by the organization. It allows for customization by the organization.
Incorrect
Tailored commercial (or commercial customized) software is a new breed of software that comes in modules, which can be combined to arrive at exactly the components required by the organization. It allows for customization by the organization.
Unattempted
Tailored commercial (or commercial customized) software is a new breed of software that comes in modules, which can be combined to arrive at exactly the components required by the organization. It allows for customization by the organization.
Question 19 of 65
19. Question
As part of a new security initiative, you have been asked to provide data classifications for all organizational data that is stored on servers. As part of your research, you must interview the data owners. Which staff are most likely to be considered data owners?
Correct
The business unit managers and the chief information officer (CIO) are most likely to be considered data owners.
Incorrect
The business unit managers and the chief information officer (CIO) are most likely to be considered data owners.
Unattempted
The business unit managers and the chief information officer (CIO) are most likely to be considered data owners.
Question 20 of 65
20. Question
When using XACML as an access control policy language, which of the following is the entity that is protecting the resource that the subject (a user or an application) is attempting to access?
Correct
A policy enforcement point (PEP) is an entity that is protecting the resource that the subject (a user or an application) is attempting to access. When it receives a request from a subject, it creates an XACML request based on the attributes of the subject, the requested action, the resource, and other information.
Incorrect
A policy enforcement point (PEP) is an entity that is protecting the resource that the subject (a user or an application) is attempting to access. When it receives a request from a subject, it creates an XACML request based on the attributes of the subject, the requested action, the resource, and other information.
Unattempted
A policy enforcement point (PEP) is an entity that is protecting the resource that the subject (a user or an application) is attempting to access. When it receives a request from a subject, it creates an XACML request based on the attributes of the subject, the requested action, the resource, and other information.
Question 21 of 65
21. Question
Which technology uses chips and receivers to manage inventory?
Correct
Radio frequency identification (RFID) involves using chips and receivers to manage inventory.
Incorrect
Radio frequency identification (RFID) involves using chips and receivers to manage inventory.
Unattempted
Radio frequency identification (RFID) involves using chips and receivers to manage inventory.
Question 22 of 65
22. Question
Which of the following is a term used to describe the hardware, software, and/or firmware that implements cryptographic logic or cryptographic processes?
Correct
Crypto module is a term used to describe the hardware, software, and/or firmware that implements cryptographic logic or cryptographic processes. Several standards bodies can assess and rate these modules. Among them is the NIST, using the Federal Information Processing Standard (FIPS) Publication 140-2.
Incorrect
Crypto module is a term used to describe the hardware, software, and/or firmware that implements cryptographic logic or cryptographic processes. Several standards bodies can assess and rate these modules. Among them is the NIST, using the Federal Information Processing Standard (FIPS) Publication 140-2.
Unattempted
Crypto module is a term used to describe the hardware, software, and/or firmware that implements cryptographic logic or cryptographic processes. Several standards bodies can assess and rate these modules. Among them is the NIST, using the Federal Information Processing Standard (FIPS) Publication 140-2.
Question 23 of 65
23. Question
Which of the following is an example of a crypto processor?
Correct
An example is the Trusted Platform Module (TPM) on an endpoint device that stores RSA encryption keys specific to the host system for hardware authentication. Another example is the processors contained in hardware security modules.
Incorrect
An example is the Trusted Platform Module (TPM) on an endpoint device that stores RSA encryption keys specific to the host system for hardware authentication. Another example is the processors contained in hardware security modules.
Unattempted
An example is the Trusted Platform Module (TPM) on an endpoint device that stores RSA encryption keys specific to the host system for hardware authentication. Another example is the processors contained in hardware security modules.
Question 24 of 65
24. Question
Your company is determining what data to make accessible in the new cloud-based collaboration solution. Which of the following types of information should not be stored in a public cloud–based collaboration solution?
Correct
The following types of information should not be stored in a public cloud–based solution: Credit card information Trade secrets Financial data Health records State and federal government secrets Proprietary or sensitive data Personally identifiable information
Incorrect
The following types of information should not be stored in a public cloud–based solution: Credit card information Trade secrets Financial data Health records State and federal government secrets Proprietary or sensitive data Personally identifiable information
Unattempted
The following types of information should not be stored in a public cloud–based solution: Credit card information Trade secrets Financial data Health records State and federal government secrets Proprietary or sensitive data Personally identifiable information
Question 25 of 65
25. Question
A forensic investigator is collecting evidence of a recent attack at your organization. You are helping him preserve the evidence for use in the lawsuit that your company plans to bring against the attackers. Which of the following is not one of the five rules of evidence?
Correct
The five rules of evidence are as follows: Be authentic. Be accurate. Be complete. Be convincing. Be admissible.
Incorrect
The five rules of evidence are as follows: Be authentic. Be accurate. Be complete. Be convincing. Be admissible.
Unattempted
The five rules of evidence are as follows: Be authentic. Be accurate. Be complete. Be convincing. Be admissible.
Question 26 of 65
26. Question
Which statement is not true regarding an organization’s sales staff?
Correct
The sales staff’s devices are often targets for attackers.
Incorrect
The sales staff’s devices are often targets for attackers.
Unattempted
The sales staff’s devices are often targets for attackers.
Question 27 of 65
27. Question
Which of the following statements regarding the security requirements and responsibilities for personnel is true?
Correct
All personnel within an organization will have some level of security requirements & responsibilities.
Incorrect
All personnel within an organization will have some level of security requirements & responsibilities.
Unattempted
All personnel within an organization will have some level of security requirements & responsibilities.
Question 28 of 65
28. Question
Your organization is planning the deployment of a new remote assistance tool. The security team is trying to determine the level of encryption the selected product must support. Which of the following factors should be the most important consideration?
Correct
Many products implement proprietary encryption, but in regulated industries, this type of encryption may not be legal. Always use the level of encryption required by your industry, such as Advanced Encryption Standard (AES).
Incorrect
Many products implement proprietary encryption, but in regulated industries, this type of encryption may not be legal. Always use the level of encryption required by your industry, such as Advanced Encryption Standard (AES).
Unattempted
Many products implement proprietary encryption, but in regulated industries, this type of encryption may not be legal. Always use the level of encryption required by your industry, such as Advanced Encryption Standard (AES).
Question 29 of 65
29. Question
Your company performs a full backup on Mondays and a differential backup on all other days. You need to restore the data
to the state it was in on Thursday. How many backups do you need to restore?
Correct
You need to restore two backups: Monday’s full backup and Thursday’s differential backup.
Incorrect
You need to restore two backups: Monday’s full backup and Thursday’s differential backup.
Unattempted
You need to restore two backups: Monday’s full backup and Thursday’s differential backup.
Question 30 of 65
30. Question
Which organization issues RFCs?
Correct
The IETF issues RFCs.
Incorrect
The IETF issues RFCs.
Unattempted
The IETF issues RFCs.
Question 31 of 65
31. Question
As your enterprise has grown, it has become increasingly hard to access and manage resources. Users often have trouble locating printers, servers, and other resources. You have been asked to deploy a solution that will allow easy access to internal resources. Which solution should you deploy?
Correct
You should deploy Directory Services to allow easy access to internal resources.
Incorrect
You should deploy Directory Services to allow easy access to internal resources.
Unattempted
You should deploy Directory Services to allow easy access to internal resources.
Question 32 of 65
32. Question
Which of the following is typically used with big data?
Correct
Hadoop is an open-source software framework used for distributed storage and processing of big data.
Incorrect
Hadoop is an open-source software framework used for distributed storage and processing of big data.
Unattempted
Hadoop is an open-source software framework used for distributed storage and processing of big data.
Question 33 of 65
33. Question
You would like to prevent users from using a password again when it is time to change their passwords. What policy do you
need to implement?
Correct
Password history controls the amount of time until a password can be reused. Password policies usually remember a certain number of previously used passwords.
Incorrect
Password history controls the amount of time until a password can be reused. Password policies usually remember a certain number of previously used passwords.
Unattempted
Password history controls the amount of time until a password can be reused. Password policies usually remember a certain number of previously used passwords.
Question 34 of 65
34. Question
Which of the following utilizes software to perform integration without hardware changes?
Correct
Hyperconvergence takes convergence a step further, utilizing software to perform integration without hardware changes. It utilizes virtualization as well. It integrates numerous services that are managed from a single interface.
Incorrect
Hyperconvergence takes convergence a step further, utilizing software to perform integration without hardware changes. It utilizes virtualization as well. It integrates numerous services that are managed from a single interface.
Unattempted
Hyperconvergence takes convergence a step further, utilizing software to perform integration without hardware changes. It utilizes virtualization as well. It integrates numerous services that are managed from a single interface.
Question 35 of 65
35. Question
Which of the following entails determining the devices in the network, their connectivity relationships to one another, and the
internal IP addressing scheme in use?
Correct
Topology discovery is the process of identifying the devices and their connectivity relationship with one another. It entails attempting to create a map of the network.
Incorrect
Topology discovery is the process of identifying the devices and their connectivity relationship with one another. It entails attempting to create a map of the network.
Unattempted
Topology discovery is the process of identifying the devices and their connectivity relationship with one another. It entails attempting to create a map of the network.
Question 36 of 65
36. Question
A corporate forensic investigator has been asked to acquire five forensic images of an employee database application. There are three images to capture in the United States, one in the United Kingdom, and one in Germany. Upon completing the work, the forensics investigator saves the images to a local workstation. Which of the following types of concerns should the forensic investigator have about this work assignment?
Correct
Incorrect
Unattempted
Question 37 of 65
37. Question
The Chief Information Security Officer (CISO) for an organization wants to develop custom IDS rulesets faster, prior to new rules being released by IDS vendors. Which of the following BEST meets this objective?
Correct
Incorrect
Unattempted
Question 38 of 65
38. Question
An external red team is brought into an organization to perform a penetration test of a new network-based application. The organization deploying the network application wants the red team to act like remote, external attackers, and instructs the team to use a black-box approach. Which of the following is the BEST methodology for the red team to follow?
Correct
Incorrect
Unattempted
Question 39 of 65
39. Question
Legal authorities notify a company that its network has been compromised for the second time in two years. The investigation shows the attackers were able to use the same vulnerability on different systems in both attacks. Which of the following would have allowed the security team to use historical information to protect against the second attack?
Correct
Incorrect
Unattempted
Question 40 of 65
40. Question
A company’s Chief Operating Officer (COO) is concerned about the potential for competitors to infer proprietary information gathered from employees’ social media accounts. Which of the following methods should the company use to gauge its own social media threat level without targeting individual employees?
Correct
Incorrect
Unattempted
Question 41 of 65
41. Question
An engineer is reviewing the security architecture for an enterprise network. During the review, the engineer notices an undocumented node on the network. Which of the following approaches can be utilized to determine how this node operates? (Choose two.)
Correct
Incorrect
Unattempted
Question 42 of 65
42. Question
After several industry comnpetitors suffered data loss as a result of cyebrattacks, the Chief Operating Officer (COO) of a company reached out to the information security manager to review the organization’s security stance. As a result of the discussion, the COO wants the organization to meet the following criteria: ? Blocking of suspicious websites ? Prevention of attacks based on threat intelligence ? Reduction in spam ? Identity-based reporting to meet regulatory compliance ? Prevention of viruses based on signature ? Protect applications from web-based threats Which of the following would be the BEST recommendation the information security manager could make?
Correct
Incorrect
Unattempted
Question 43 of 65
43. Question
First responders, who are part of a core incident response team, have been working to contain an outbreak of ransomware that also led to data loss in a rush to isolate the three hosts that were calling out to the NAS to encrypt whole directories, the hosts were shut down immediately without investigation and then isolated. Which of the following were missed? (Choose two.)
Correct
Incorrect
Unattempted
Question 44 of 65
44. Question
A development team is testing an in-house-developed application for bugs. During the test, the application crashes several times due to null pointer exceptions. Which of the following tools, if integrated into an IDE during coding, would identify these bugs routinely?
Correct
Incorrect
Unattempted
Question 45 of 65
45. Question
The marketing department has developed a new marketing campaign involving significant social media outreach. The campaign includes allowing employees and customers to submit blog posts and pictures of their day-to-day experiences at the company. The information security manager has been asked to provide an informative letter to all participants regarding the security risks and how to avoid privacy and operational security issues. Which of the following is the MOST important information to reference in the letter?
Correct
Incorrect
Unattempted
Question 46 of 65
46. Question
A penetration tester noticed special characters in a database table. The penetration tester configured the browser to use an HTTP interceptor to verify that the front-end user registration web form accepts invalid input in the user’s age field. The developer was notified and asked to fix the issue. Which of the following is the MOST secure solution for the developer to implement?
Correct
Incorrect
Unattempted
Question 47 of 65
47. Question
A recent overview of the network’s security and storage applications reveals a large amount of data that needs to be isolated for security reasons. Below are the critical applications and devices configured on the network: ? Firewall ? Core switches ? RM server ? Virtual environment ? NAC solution The security manager also wants data from all critical applications to be aggregated to correlate events from multiple sources. Which of the following must be configured in certain applications to help ensure data aggregation and data isolation are implemented on the critical applications and devices? (Select TWO).
Correct
Incorrect
Unattempted
Question 48 of 65
48. Question
An external red team member conducts a penetration test, attempting to gain physical access to a large organization’s server room in a branch office. During reconnaissance, the red team member sees a clearly marked door to the server room, located next to the lobby, with a tumbler lock. Which of the following is BEST for the red team member to bring on site to open the locked door as quickly as possible without causing significant damage?
Correct
Incorrect
Unattempted
Question 49 of 65
49. Question
A recent security assessment revealed a web application may be vulnerable to clickjacking. According to the application developers, a fix may be months away. Which of the following should a security engineer configure on the web server to help mitigate the issue?
Correct
Incorrect
Unattempted
Question 50 of 65
50. Question
A Chief Security Officer (CSO) is reviewing the organization’s incident response report from a recent incident. The details of the event indicate: 1. A user received a phishing email that appeared to be a report from the organization’s CRM tool. 2. The user attempted to access the CRM tool via a fraudulent web page but was unable to access the tool. 3. The user, unaware of the compromised account, did not report the incident and continued to use the CRM tool with the original credentials. 4. Several weeks later, the user reported anomalous activity within the CRM tool. 5. Following an investigation, it was determined the account was compromised and an attacker in another country has gained access to the CRM tool. 6. Following identification of corrupted data and successful recovery from the incident, a lessons learned activity was to be led by the CSO. Which of the following would MOST likely have allowed the user to more quickly identify the unauthorized use of credentials by the attacker?
Correct
Incorrect
Unattempted
Question 51 of 65
51. Question
An organization enables BYOD but wants to allow users to access the corporate email, calendar, and contacts from their devices. The data associated with the user’s accounts is sensitive, and therefore, the organization wants to comply with the following requirements: ? Active full-device encryption ? Enabled remote-device wipe ? Blocking unsigned applications ? Containerization of email, calendar, and contacts Which of the following technical controls would BEST protect the data from attack or loss and meet the above requirements?
Correct
Incorrect
Unattempted
Question 52 of 65
52. Question
A regional business is expecting a severe winter storm next week. The IT staff has been reviewing corporate policies on how to handle various situations and found some are missing or incomplete. After reporting this gap in documentation to the information security manager, a document is immediately drafted to move various personnel to other locations to avoid downtime in operations. This is an example of:
Correct
Incorrect
Unattempted
Question 53 of 65
53. Question
A Chief Information Security Officer (CISO) is reviewing the controls in place to support the organization’s vulnerability management program. The CISO finds patching and vulnerability scanning policies and procedures are in place. However, the CISO is concerned the organization is siloed and is not maintaining awareness of new risks to the organization. The CISO determines systems administrators need to participate in industry security events. Which of the following is the CISO looking to improve?
Correct
Incorrect
Unattempted
Question 54 of 65
54. Question
An information security manager is concerned that connectivity used to configure and troubleshoot critical network devices could be attacked. The manager has tasked a network security engineer with meeting the following requirements: ? Encrypt all traffic between the network engineer and critical devices. ? Segregate the different networking planes as much as possible. ? Do not let access ports impact configuration tasks. Which of the following would be the BEST recommendation for the network security engineer to present?
Correct
Incorrect
Unattempted
Question 55 of 65
55. Question
An internal application has been developed to increase the efficiency of an operational process of a global manufacturer. New code was implemented to fix a security bug, but it has caused operations to halt. The executive team has decided fixing the security bug is less important than continuing operations. Which of the following would BEST support immediate rollback of the failed fix? (Choose two.)
Correct
Incorrect
Unattempted
Question 56 of 65
56. Question
A network engineer is attempting to design-in resiliency characteristics for an enterprise network’s VPN services. If the engineer wants to help ensure some resilience against zero-day vulnerabilities exploited against the VPN implementation, which of the following decisions would BEST support this objective?
Correct
Incorrect
Unattempted
Question 57 of 65
57. Question
A systems administrator recently joined an organization and has been asked to perform a security assessment of controls on the organization’s file servers, which contain client data from a number of sensitive systems. The administrator needs to compare documented access requirements to the access implemented within the file system. Which of the following is MOST likely to be reviewed during the assessment? (Select two.)
Correct
Incorrect
Unattempted
Question 58 of 65
58. Question
A security administrator is advocating for enforcement of a new policy that would require employers with privileged access accounts to undergo periodic inspections and review of certain job performance data. To which of the following policies is the security administrator MOST likely referring?
Correct
Incorrect
Unattempted
Question 59 of 65
59. Question
Following a recent data breach, a company has hired a new Chief Information Security Officer (CISO). The CISO is very concerned about the response time to the previous breach and wishes to know how the security team expects to react to a future attack. Which of the following is the BEST method to achieve this goal while minimizing disruption?
Correct
Incorrect
Unattempted
Question 60 of 65
60. Question
An internal staff member logs into an ERP platform and clicks on a record. The browser URL changes to: URL: http://192.168.0.100/ERP/accountId=5&action=SELECT Which of the following is the MOST likely vulnerability in this ERP platform?
Correct
Incorrect
Unattempted
Question 61 of 65
61. Question
A manufacturing company recently recovered from an attack on its ICS devices. It has since reduced the attack surface by isolating the affected components. The company now wants to implement detection capabilities. It is considering a system that is based on machine learning. Which of the following features would BEST describe the driver to adopt such nascent technology over mainstream commercial IDSs?
Correct
Incorrect
Unattempted
Question 62 of 65
62. Question
A laptop is recovered a few days after it was stolen. Which of the following should be verified during incident response activities to determine the possible impact of the incident?
Correct
Incorrect
Unattempted
Question 63 of 65
63. Question
The Chief Financial Officer (CFO) of a major hospital system has received a ransom letter that demands a large sum of cryptocurrency be transferred to an anonymous account. If the transfer does not take place within ten hours, the letter states that patient information will be released on the dark web. A partial listing of recent patients is included in the letter. This is the first indication that a breach took place. Which of the following steps should be done FIRST?
Correct
Incorrect
Unattempted
Question 64 of 65
64. Question
Legal counsel has notified the information security manager of a legal matter that will require the preservation of electronic records for 2000 sales force employees. Source records will be email, PC, network shares, and applications. After all restrictions have been lifted, which of the following should the information manager review?
Correct
Incorrect
Unattempted
Question 65 of 65
65. Question
An online bank has contracted with a consultant to perform a security assessment of the bank’s web portal. The consultant notices the login page is linked from the main page with HTTPS, but when the URL is changed to HTTP, the browser is automatically redirected back to the HTTPS site. Which of the following is a concern for the consultant, and how can it be mitigated?
Correct
Incorrect
Unattempted
X
Use Page numbers below to navigate to other practice tests
