351-375 Flashcards
A new security engineer has started hardening systems. One of the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability to use SCP to transfer files to the NAS, even though the data is still viewable from the users’ PCs. Which of the following is the MOST likely cause of this issue?
A. TFTP was disabled on the local hosts.
B. SSH was turned off instead of modifying the configuration file.
C. Remote login was disabled in the networkd.conf instead of using the sshd.conf.
D. Network services are no longer running on the NAS.
B. SSH was turned off instead of modifying the configuration file.
An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given the documentation only available to the customers of the applications. Which of the following BEST represents the type of testing that will occur?
A. Bug bounty
B. Black-box
C. Gray-box
D. White-box
C. Gray-box
A network engineer and a security engineer are discussing ways to monitor network operations. Which of the following is the BEST method?
A. Disable Telnet and force SSH.
B. Establish a continuous ping.
C. Utilize an agentless monitor.
D. Enable SNMPv3 with passwords.
C. Utilize an agentless monitor.
A security analyst is looking for a solution to help communicate to the leadership team the severity levels of the organization’s vulnerabilities. Which of the following would BEST meet this need?
A. CVE
B. SIEM
C. SOAR
D. CVSS
D. CVSS
A company is switching to a remote work model for all employees. All company and employee resources will be in the cloud. Employees must use their personal computers to access the cloud computing environment. The company will manage the operating system. Which of the following deployment models is the company implementing?
A. CYOD
B. MDM
C. COPE
D. VDI
D. VDI
A security administrator needs to inspect in-transit files on the enterprise network to search for PII, credit card data, and classification words. Which of the following would be the BEST to use?
A. IDS solution
B. EDR solution
C. HIPS software solution
D. Network DLP solution
D. Network DLP solution
The Chief Executive Officer announced a new partnership with a strategic vendor and asked the Chief Information Security Officer to federate user digital identities using SAML-based protocols. Which of the following will this enable?
A. SSO
B. MFA
C. PKI
D. DLP
A. SSO
An employee’s company account was used in a data breach. Interviews with the employee revealed:
- The employee was able to avoid changing passwords by using a previous password again.
- The account was accessed from a hostile, foreign nation, but the employee has never traveled to any other countries.
Which of the following can be implemented to prevent these issues from reoccurring? (Choose two.)
A. Geographic dispersal
B. Password complexity
C. Password history
D. Geotagging
E. Password lockout
F. Geofencing
C. Password history
F.Geofencing
A large industrial system’s smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the company’s security manager notices the generator’s IP is sending packets to an internal file server’s IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?
A. Segmentation
B. Firewall allow list
C. Containment
D. Isolation
A. Segmentation
Which of the following technologies is used to actively monitor for specific file types being transmitted on the network?
A. File integrity monitoring
B. Honeynets
C. Tcpreplay
D. Data loss prevention
D. Data loss prevention
As part of the building process for a web application, the compliance team requires that all PKI certificates are rotated annually and can only contain wildcards at the secondary subdomain level. Which of the following certificate properties will meet these requirements?
A. HTTPS://.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022
B. HTTPS://app1.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022
C. HTTPS://.app1.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022
D. HTTPS://*.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2023
C. HTTPS://*.app1.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022
A global pandemic is forcing a private organization to close some business units and reduce staffing at others. Which of the following would be BEST to help the organization’s executives determine their next course of action?
A. An incident response plan
B. A communication plan
C. A disaster recovery plan
D. A business continuity plan
D. A business continuity plan
A cybersecurity analyst reviews the log files from a web server and sees a series of files that indicate a directory traversal attack has occurred. Which of the following is the analyst MOST likely seeing?
A. http://sample.url.com/
B. http://sample.url.com/someotherpageonsite/../../../etc/shadow
C. http://sample.url.com/select-from-database-where-password-null
D. http://redirect.sameple.url.sampleurl.com/malicious-dns-redirect
B. http://sample.url.com/someotherpageonsite/../../../etc/shadow
A candidate attempts to go to http://comptia.org but accidentally visits http://comptiia.org. The malicious website looks exactly like the legitimate website. Which of the following BEST describes this type of attack?
A. Reconnaissance
B. Impersonation
C. Typosquatting
D. Watering-hole
C. Typosquatting
The marketing department at a retail company wants to publish an internal website to the internet so it is reachable by a limited number of specific, external service providers in a secure manner. Which of the following configurations would be BEST to fulfil this requirement?
A. NAC
B. ACL
C. WAF
D. NAT
B. ACL