Comptia 251-300

Question 1

Which of the following environments utilizes dummy data and is MOST likely to be installed locally on a system that allows code to be assessed directly and modified easily with each build?

A. Production
B. Test
C. Staging
D. Development

Answer 1

B. Test

Question 2

An analyst receives multiple alerts for beaconing activity for a host on the network. After analyzing the activity, the analyst observes the following activity:

• A user enters comptia.org into a web browser.
• The website that appears is not the comptia.org site.
• The website is a malicious site from the attacker.
• Users in a different office are not having this issue.

Which of the following types of attacks was observed?

A. On-path attack
B. DNS poisoning
C. Locator (URL) redirection
D. Domain hijacking

Answer 2

C. Locator (URL) redirection

Question 3

Which of the following in the incident response process is the BEST approach to improve the speed of the identification phase?

A. Activate verbose logging in all critical assets.
B. Tune monitoring in order to reduce false positive rates.
C. Redirect all events to multiple syslog servers.
D. Increase the number of sensors present on the environment.

Answer 3

B. Tune monitoring in order to reduce false positive rates.

Question 4

A security administrator is analyzing the corporate wireless network. The network only has two access points running on channels 1 and 11. While using airodump-ng, the administrator notices other access points are running with the same corporate ESSID on all available channels and with the same BSSID of one of the legitimate access points. Which of the following attacks is happening on the corporate network?

A. On-path
B. Evil twin
C. Jamming
D. Rogue access point
E. Disassociation

Answer 4

B. Evil twin

Question 5

When implementing automation with IoT devices, which of the following should be considered FIRST to keep the network secure?

A. Z-Wave compatibility
B. Network range
C. Zigbee configuration
D. Communication protocols

Answer 5

D. Communication protocols

Question 6

An organization is concerned that its hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities?

A. hping3 -S comptia-org -p 80
B. nc -l -v comptia.org -p 80
C. nmap comptia.org -p 80 -sV
D. nslookup –port=80 comptia.org

Answer 6

C. nmap comptia.org -p 80 -sV

Question 7

A news article states hackers have been selling access to IoT camera feeds. Which of the following is the MOST likely reason for this issue?

A. Outdated software
B. Weak credentials
C. Lack of encryption
D. Backdoors

Answer 7

B. Weak credentials

Question 8

A company wants to build a new website to sell products online. The website will host a storefront application that will allow visitors to add products to a shopping cart and pay for the products using a credit card. Which of the following protocols would be the MOST secure to implement?

A. SSL
B. SFTP
C. SNMP
D. TLS

Answer 8

D. TLS

Question 9

An IT manager is estimating the mobile device budget for the upcoming year. Over the last five years, the number of devices that were replaced due to loss, damage, or theft steadily increased by 10%. Which of the following would BEST describe the estimated number of devices to be replaced next year?

A. ALE
B. ARO
C. RPO
D. SLE

Answer 9

A. ALE

Question 10

An organization is repairing the damage after an incident. Which of the following controls is being implemented?

A. Detective
B. Preventive
C. Corrective
D. Compensating

Answer 10

C. Corrective

Question 11

A Chief Executive Officer’s (CEO) personal information was stolen in a social-engineering attack. Which of the following sources would reveal if the CEO’s personal information is for sale?

A. Automated information sharing
B. Open-source intelligence
C. The dark web
D. Vulnerability databases

Answer 11

C. The dark web

Question 12

Which of the following typically uses a combination of human and artificial intelligence to analyze event data and take action without intervention?

A. TTP
B. OSINT
C. SOAR
D. SIEM

Answer 12

C. SOAR

Question 13

A security analyst has been tasked with creating a new WiFi network for the company. The requirements received by the analyst are as follows:

• Must be able to differentiate between users connected to WiFi
• The encryption keys need to change routinely without interrupting the users or forcing reauthentication
• Must be able to integrate with RADIUS
• Must not have any open SSIDs

Which of the following options BEST accommodates these requirements?

A. WPA2-Enterprise
B. WPA3-PSK
C. 802.11n
D. WPS

Answer 13

A. WPA2-Enterprise

Question 14

A security administrator is trying to determine whether a server is vulnerable to a range of attacks. After using a tool, the administrator obtains the following output:

Which of the following attacks was successfully implemented based on the output?

A. Memory leak
B. Race conditions
C. SQL injection
D. Directory traversal

Answer 14

D. Directory traversal

Question 15

A Chief Security Officer is looking for a solution that can reduce the occurrence of customers receiving errors from back-end infrastructure when systems go offline unexpectedly. The security architect would like the solution to help maintain session persistence. Which of the following would BEST meet the requirements?

A. Reverse proxy
B. NIC teaming
C. Load balancer
D. Forward proxy

Answer 15

A. Reverse proxy

Question 16

A well-known organization has been experiencing attacks from APTs. The organization is concerned that custom malware is being created and emailed into the company or installed on USB sticks that are dropped in parking lots. Which of the following is the BEST defense against this scenario?

A. Configuring signature-based antivirus to update every 30 minutes
B. Enforcing S/MIME for email and automatically encrypting USB drives upon insertion
C. Implementing application execution in a sandbox for unknown software
D. Fuzzing new files for vulnerabilities if they are not digitally signed

Answer 16

C. Implementing application execution in a sandbox for unknown software

Question 16

Which of the following should an organization consider implementing in the event executives need to speak to the media after a publicized data breach?

A. Incident response plan
B. Business continuity plan
C. Communication plan
D. Disaster recovery plan

Answer 16

C. Communication plan

Question 17

A company is implementing BYOD and wants to ensure all users have access to the same cloud-based services. Which of the following would BEST allow the company to meet this requirement?

A. IaaS
B. PaaS
C. MaaS
D. SaaS

Answer 17

B. PaaS

Question 18

During a recent security incident at a multinational corporation a security analyst found the following logs for an account called user:

Which of the following account policies would BEST prevent attackers from logging in as user?

A. Impossible travel time
B. Geofencing
C. Time-based logins
D. Geolocation

Answer 18

A. Impossible travel time

Question 19

An organization is tuning SIEM rules based off of threat intelligence reports. Which of the following phases of the incident response process does this scenario represent?

A. Lessons learned
B. Eradication
C. Recovery
D. Preparation

Answer 19

D. Preparation

Question 20

The database administration team is requesting guidance for a secure solution that will ensure confidentiality of cardholder data at rest only in certain fields in the database schema. The requirement is to substitute a sensitive data field with a non-sensitive field that is rendered useless if a data breach occurs. Which of the following is the BEST solution to meet the requirement?

A. Tokenization
B. Masking
C. Full disk encryption
D. Mirroring

Answer 20

A. Tokenization

Question 21

A company’s security team received notice of a critical vulnerability affecting a high-profile device within the web infrastructure. The vendor patch was just made available online but has not yet been regression tested in development environments. In the interim, firewall rules were implemented to reduce the access to the interface affected by the vulnerability. Which of the following controls does this scenario describe?

A. Deterrent
B. Compensating
C. Detective
D. Preventive

Answer 21

B. Compensating

Question 22

A security analyst is reviewing the following command-line output:

Which of the following is the analyst observing?

A. ICMP spoofing
B. URL redirection
C. MAC address cloning
D. DNS poisoning

Answer 22

C. MAC address cloning

Question 23

A company was recently breached, Part of the company’s new cybersecurity strategy is to centralize the logs from all security devices. Which of the following components forwards the logs to a central source?

A. Log enrichment
B. Log aggregation
C. Log parser
D. Log collector

Answer 23

D. Log collector

Question 24

Which of the following is the MOST likely reason for securing an air-gapped laboratory HVAC system?

A. To avoid data leakage
B. To protect surveillance logs
C. To ensure availability
D. To facilitate third-party access

Answer 24

A. To avoid data leakage

Question 25

A user forwarded a suspicious email to the security team. Upon investigation, a malicious URL was discovered. Which of the following should be done FIRST to prevent other users from accessing the malicious URL?

A. Configure the web content filter for the web address.
B. Report the website to threat intelligence partners.
C. Set the SIEM to alert for any activity to the web address.
D. Send out a corporate communication to warn all users of the malicious email.

Answer 25

A. Configure the web content filter for the web address.

Question 26

A systems analyst is responsible for generating a new digital forensics chain-of-custody form. Which of the following should the analyst include in this documentation? (Choose two.)

A. The order of volatility
B. A CRC32 checksum
C. The provenance of the artifacts
D. The vendor’s name
E. The date and time
F. A warning banner

Answer 26

A. The order of volatility
E. The date and time

Question 27

An organization is migrating several SaaS applications that support SSO. The security manager wants to ensure the migration is completed securely. Which of the following application integration aspects should the organization consider before focusing into underlying implementation details? (Choose two.)

A. The back-end directory source
B. The identity federation protocol
C. The hashing method
D. The encryption method
E. The registration authority
F. The certificate authority

Answer 27

B. The identity federation protocol
D. The encryption method

Question 28

A security analyst has been tasked with finding the maximum amount of data loss that can occur before ongoing business operations would be impacted. Which of the following terms BEST defines this metric?

A. MTTR
B. RTO
C. RPO
D. MTBF

Answer 28

D. MTBF

Question 29

The IT department’s on-site developer has been with the team for many years. Each time an application is released, the security team is able to identify multiple vulnerabilities. Which of the following would BEST help the team ensure the application is ready to be released to production?

A. Limit the use of third-party libraries.
B. Prevent data exposure queries.
C. Obfuscate the source code.
D. Submit the application to QA before releasing it.

Answer 29

D. Submit the application to QA before releasing it.

Question 30

During a security incident investigation, an analyst consults the company’s SIEM and sees an event concerning high traffic to a known, malicious command-and-control server. The analyst would like to determine the number of company workstations that may be impacted by this issue. Which of the following can provide this information?

A. WAF logs
B. DNS logs
C. System logs
D. Application logs

Answer 30

B. DNS logs

Question 31

A company has a flat network that is deployed in the cloud. Security policy states that all production and development servers must be segmented. Which of the following should be used to design the network to meet the security requirements?

A. CASB
B. VPC
C. Perimeter network
D. WAF

Answer 31

D. WAF

Question 32

A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company information on user devices. Which of the following solutions would BEST support the policy?

A. Mobile device management
B. Full-device encryption
C. Remote wipe
D. Biometrics

Answer 32

A. Mobile device management

Question 33

A new plug-and-play storage device was installed on a PC in the corporate environment. Which of the following safeguards will BEST help to protect the PC from malicious files on the storage device?

A. Change the default settings on the PC.
B. Define the PC firewall rules to limit access.
C. Encrypt the disk on the storage device.
D. Plug the storage device in to the UPS.

Answer 33

C. Encrypt the disk on the storage device.

Question 34

A company wants to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategy to implement?

A. Incremental backups followed by differential backups
B. Full backups followed by incremental backups
C. Delta backups followed by differential backups
D. Incremental backups followed by delta backups
E. Full backups followed by differential backups

Answer 34

E. Full backups followed by differential backups

Question 35

The compliance team requires an annual recertification of privileged and non-privileged user access. However, multiple users who left the company six months ago still have access. Which of the following would have prevented this compliance violation?

A. Account audits
B. AUP
C. Password reuse
D. SSO

Answer 35

A. Account audits

Question 36

A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area. Which of the following would MOST likely have prevented this breach?

A. A firewall
B. A device pin
C. A USB data blocker
D. Biometrics

Answer 36

C. A USB data blocker

Question 37

The manager who is responsible for a data set has asked a security engineer to apply encryption to the data on a hard disk. The security engineer is an example of a __________.

A. data controller.
B. data owner.
C. data custodian.
D. data processor.

Answer 37

B. data owner.

Question 38

An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft. Which of the following would be the MOST acceptable?

A. SED
B. HSM
C. DLP
D. TPM

Answer 38

B. HSM

Question 39

After segmenting the network, the network manager wants to control the traffic between the segments. Which of the following should the manager use to control the network traffic?

A. A DMZ
B. A VPN
C. A VLAN
D. An ACL

Answer 39

D. An ACL

Question 40

Which of the following BEST helps to demonstrate integrity during a forensic investigation?

A. Event logs
B. Encryption
C. Hashing
D. Snapshots

Answer 40

C. Hashing

Question 41

Which of the following BEST describes when an organization utilizes a ready-to-use application from a cloud provider?

A. IaaS
B. SaaS
C. PaaS
D. XaaS

Answer 41

B. SaaS

Question 42

A network administrator has been alerted that web pages are experiencing long load times. After determining it is not a routing or DNS issue, the administrator logs in to the router, runs a command, and receives the following output:

CPU 0 percent busy, from 300 sec ago
1 sec ave: 99 percent busy
5 sec ave: 97 percent busy
1 min ave: 83 percent busy

Which of the following is the router experiencing?

A. DDoS attack
B. Memory leak
C. Buffer overflow
D. Resource exhaustion

Answer 42

D. Resource exhaustion

Question 42

Which of the following would be MOST effective to contain a rapidly spreading attack that is affecting a large number of organizations?

A. Machine learning
B. DNS sinkhole
C. Blocklist
D. Honeypot

Answer 42

C. Blocklist

Question 43

The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, including during a pandemic or crisis. However, the CEO is concerned that some staff members may take advantage of the flexibility and work from high-risk countries while on holiday or outsource work to a third-party organization in another country. The Chief Information Officer (CIO) believes the company can implement some basic controls to mitigate the majority of the risk. Which of the following would be BEST to mitigate the CEO’s concerns? (Choose two.)

A. Geolocation
B. Time-of-day restrictions
C. Certificates
D. Tokens
E. Geotagging
F. Role-based access controls

Answer 43

C. Certificates
E. Geotagging

Question 44

While checking logs, a security engineer notices a number of end users suddenly downloading files with the .tar.gz extension. Closer examination of the files reveals they are PE32 files. The end users state they did not initiate any of the downloads. Further investigation reveals the end users all clicked on an external email containing an infected MHT file with an href link a week prior. Which of the following is MOST likely occurring?

A. A RAT was installed and is transferring additional exploit tools.
B. The workstations are beaconing to a command-and-control server.
C. A logic bomb was executed and is responsible for the data transfers.
D. A fileless virus is spreading in the local network environment

Answer 44

D. A fileless virus is spreading in the local network environment

Question 45

A business is looking for a cloud service provider that offers a la carte services, including cloud backups, VM elasticity, and secure networking. Which of the following cloud service provider types should the business engage?

A. IaaS
B. PaaS
C. XaaS
D. SaaS

Answer 45

A. IaaS

Question 46

A research company discovered that an unauthorized piece of software has been detected on a small number of machines in its lab. The researchers collaborate with other machines using port 445 and on the Internet using port 443. The unauthorized software is starting to be seen on additional machines outside of the lab and is making outbound communications using HTTPS and SMB. The security team has been instructed to resolve the problem as quickly as possible while causing minimal disruption to the researchers. Which of the following contains the BEST course of action in this scenario?

A. Update the host firewalls to block outbound SMB.
B. Place the machines with the unapproved software in containment.
C. Place the unauthorized application in a blocklist.
D. Implement a content filter to block the unauthorized software communication.

Answer 46

A. Update the host firewalls to block outbound SMB.

Question 47

A security analyst has been reading about a newly discovered cyberattack from a known threat actor. Which of the following would BEST support the analyst’s review of the tactics, techniques, and protocols the threat actor was observed using in previous campaigns?

A. Security research publications
B. The MITRE ATT&CK framework
C. The Diamond Model of Intrusion Analysis
D. The Cyber Kill Chain

Answer 47

B. The MITRE ATT&CK framework

Question 48

A security analyst is hardening a network infrastructure. The analyst is given the following requirements:

• Preserve the use of public IP addresses assigned to equipment on the core router.
• Enable “in transport” encryption protection to the web server with the strongest ciphers.

Which of the following should the analyst implement to meet these requirements? (Choose two.)

A. Configure VLANs on the core router.
B. Configure NAT on the core router.
C. Configure BGP on the core router.
D. Enable AES encryption on the web server.
E. Enable 3DES encryption on the web server.
F. Enable TLSv2 encryption on the web server.

Answer 48

B. Configure NAT on the core router.
F. Enable TLSv2 encryption on the web server.