






Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Certmaster CE Security+ Domain 4.0 Security Operation Test.
Typology: Exams
1 / 12
This page cannot be seen from the preview
Don't miss anything!







The chief information officer (CIO) wants to expand the company's ability to accurately identify vulnerabilities across the company. The CIO wants to be able to scan client PCs, mobile devices, servers, routers, and switches. What type of scanner are they looking to institute? - ANSWER - A. Network vulnerability scanner A financial services company is decommissioning many servers that contain highly sensitive financial information. The company's data protection policy stipulates the need to use the most secure data destruction methods and comply with strict regulatory requirements. The company also has a significant environmental sustainability commitment and seeks to minimize waste wherever possible. What should the company's primary course of action be during this process?
realistic incident that allows for hands-on demonstrations without engaging in a full-blown simulation and that doesn't require extensive investment and planning. Which IRP exercise is the BEST option for this company? - ANSWER - D. Walkthrough A technology firm's network security specialist notices a sudden increase in unidentified activities on the firm's Security Event and Incident Management (SIEM) incident tracking system. An unknown entity or process also increases the number of reported incidents. The specialist decides to investigate these incidents. Which combination of data sources would provide a balanced perspective to support the investigation? - ANSWER - B. System- specific security logs, which track system-level operations; logs generated by applications running on hosts; and real-time reports from the SIEM solution, summarizing incidents. A proprietary software remains mission-critical ten years after its in-house creation. The software requires an exception to the rules as it cannot use the latest in-use operating system (OS) version. How can the IT department protect this mission-critical software and reduce its exposure factor? (Select the two best options.) - ANSWER - A. Network segmentation C. Compensating controls A system administrator has seen repeated positive vulnerability messages only to discover that no vulnerability exists. The vulnerability messages repeat daily for several days, causing the system administrators to ignore them. What can the system administrator do to combat false positives? (Select the two best options.) - ANSWER - A. Review logs B. Use different scanners A global financial institution with a vast network of offices and data centers has faced increasing cybersecurity threats. The organization's IT team realizes that privileged accounts are a prime target for hackers, and manually managing them poses a significant risk. The company implemented a Privileged Access Management (PAM) solution to strengthen its security posture. As part of the implementation, the IT team focuses on password vaulting, a critical component of PAM. As part of the advanced - ANSWER - B. Securely store and manage privileged account credentials An IT admin has been testing a newly released software patch and discovered an exploitable vulnerability. The manager directs the IT admin to immediately report to Common Vulnerability Enumeration (CVE), utilizing the common vulnerability scoring system (CVSS) to base the score for the vulnerability. What could happen if there are delays in completing the report? (Select the two best options.) - ANSWER - A. Can lead to delays in remediation D. Increase window of opportunity for attackers A technician is modifying controls to increase security on messaging services. Which of the following options check to define rules for handling messages, such as moving messages to quarantine or spam, rejecting them outright, or tagging the message? - ANSWER - D. DMARC In a large corporate office, employees use various devices such as laptops, smartphones, and tablets that support both Bluetooth and Wi-Fi connectivity. The office implements strict security measures to protect sensitive data and ensure compliance with industry regulations. However,
A software engineer is reviewing the various capabilities of automation and scripting. What capability does the use of security groups allow for automation and scripting? - ANSWER - A. It assists in reducing the possibility of unauthorized access or excessive permissions. A global corporation has faced numerous cyber threats and is now prioritizing the security of its servers. The corporation's IT security expert recommends a strategy to improve server security. Which of the following options is likely to be the MOST effective? - ANSWER - D. Implement a secure baseline, consistently apply updates and patches, and adhere to hardening guidelines. An organization implemented a BYOD policy for employees to use their mobile devices for work- related tasks. The organization's IT department identified concerns about the security risks associated with BYOD. They determined that employees' mobile devices must meet the security requirements to protect sensitive company data. Considering the scenario, which of the following measures is the MOST effective way to enhance the security of employees' mobile devices under the BYOD policy? - ANSWER - C. Using MDM solutions to centrally control employees' mobile devices An organization needs a solution for controlling and monitoring all inbound and outbound web content, analyzing web requests, blocking access based on various criteria, and offering detailed logging and reporting of web activity. Which of the following solutions is the MOST suitable in this situation? - ANSWER - C. Centralized web filtering A security operations analyst at a financial institution analyzes an incident involving unauthorized transactions. The analyst suspects that a malware infection on one of the endpoints might have led to the unauthorized access. To identify the root cause and trace the activities of the suspected malware, which combination of data sources should the analyst primarily consider? - ANSWER - D. Endpoint logs, log files generated by the OS components of the affected host computer, and logs from the host- based intrusion detection system. After experiencing a catastrophic server failure in the headquarters building, what can the company use to monitor notable events such as port failure, chassis overheating, power failure, or excessive CPU utilization? - ANSWER - D. SNMP trap A company plans to upgrade its wireless network infrastructure to improve connectivity and security. The IT team wants to ensure that the new network design provides adequate coverage, minimizes interference, and meets security standards. To achieve this, they conduct a site survey and create a heat map of the area. What is the primary purpose of conducting a site survey and creating a heat map for the company's wireless network upgrade? - ANSWER - D. To assess wireless signal coverage, identify dead zones, and optimize access point placement for the upgrade The IT department of a medium-sized company is exploring various mobile solutions to improve productivity and enable employees to work efficiently on their mobile devices. They aim to choose a solution ensuring data security and seamless integration with the existing infrastructure. The team has narrowed the options to three potential mobile solutions: MDM,
MAM, and COPE. Each solution offers different features and functionalities, and the IT team is assessing which one BEST meets the company's
access only when necessary, minimizing the exposure of privileged accounts. The team is aware that this approach can significantly improve security by limiting the window of oppor - ANSWER - A. JIT permissions reduce unauthorized access risk by granting temporary access only when necessary. A company merged with another company and is reviewing and combining both companies' procedures for incident response. What should the joined companies have at the end of this preparation phase? - ANSWER - C. Incident response plan Which web filtering feature is the MOST effective for organizations aiming to mitigate malware infections or violate the company's Internet usage policy? - ANSWER - A. Uniform Resource Locator scanning In a medium-sized tech company, employees have different roles and responsibilities requiring access to specific resources and data. The IT team is implementing security measures to control access effectively and reduce the risk of unauthorized activities. What security measure could the IT team implement in the tech company to control access effectively and minimize the risk of unauthorized activities? - ANSWER - D. The principle of least privilege to grant employees the minimum needed access based on job roles An organization is creating a quick reference guide to assist team members when addressing common vulnerabilities and exposures across the enterprise. What does the Forum of Incident Response and Security Teams maintain that generates metrics of a score from 0 to 10? -
A cybersecurity manager is preparing to begin working when a police officer comes through the door waving a warrant. The officer states that the company is under investigation for suspicious activities relating to recent overseas sales, and they are taking the servers with them. What gives police officers the right to take the servers? - ANSWER - A. Data acquisition (incorrect) B. Due process (incorrect) An incident response analyst investigates a suspected network breach in the organization. With access to a Security Information and Event Management (SIEM) tool that aggregates and correlates data from multiple sources, which combination of data sources should the analyst primarily consider to trace the origin and pathway of the breach? - ANSWER - B. Trace the origin through logs of network-based vulnerability scanners, firewall logs, and OS-specific security logs A senior security analyst is refining the incident response processes for a large organization that recently implemented a Security Information and Event Management (SIEM) system. During a simulation of a cybersecurity incident, the analyst observed that the SIEM system generated several alerts that were false positives, leading to unnecessary consumption of resources. On which step should the analyst focus to improve the efficiency of the alert response and remediation process? - ANSWER - D. Enhancing the validation and quarantine processes in the alert response What type of log file is application-managed rather than through an operating system and may
use Event Viewer or syslog to write event data in a standard format? - ANSWER - B. Application logs An organization is increasing security on corporate email exchanges after being a target in a whaling campaign. Which of the following options is an email authentication method that helps detect and prevent sender address forgery? - ANSWER - A. SPF A tech company is in the process of decommissioning a fleet of old servers. It wants to ensure that sensitive data stored on these servers is fully eliminated and is not accessible in the event of unauthorized attempts. What primary process should the company implement before disposing or repurposing these servers? - ANSWER - C. Sanitizing the servers The cybersecurity expert at a technology firm recommends adding another layer of protection to employee accounts. The expert suggests a physical device that users can insert or tap on compatible systems to verify their identity alongside a password. The proposed solution should not rely on biometric data and should produce time-sensitive codes or be an app/software on personal devices. Which authentication method is the cybersecurity expert recommending for the employees? - ANSWER - D. Security keys In a company, different departments actively access various cloud-based applications and services to perform their tasks efficiently. The company's security team has concerns about the growing complexity and risks of managing user credentials across multiple platforms. To address this concern proactively, the team implements a modern authentication solution that actively provides Single Sign-On (SSO) capabilities, ensuring enhanced user convenience and security. In this scenario, which technology should the organization proactively employ for federation and enabling SSO capabilities effectively across the diverse range of cloud- based applications? - ANSWER - D. OAuth An organization reviews recent audit results of monitoring solutions used to protect the company's infrastructure and learns that detection tools are reporting a high volume of false positives. Which alert tuning techniques can reduce the volume of false positives? (Select the three best options.) - ANSWER - B. Refining detection rules and muting alert levels C. Redirecting sudden alert "floods" to a dedicated group D. Redirecting infrastructure-related alerts to a dedicated group The IT team of a medium-sized business is planning to enhance network security. They want to enforce minimum security controls and configurations across all network devices, including firewalls, routers, and switches. What should they establish to achieve this objective? - ANSWER - A. Network security baselines A technician is deploying centralized web filtering techniques across the enterprise. What technique employs factors such as the website's URL, domain, IP address, content category, or even specific keywords within the web content? - ANSWER - D. Block rules In a multinational corporation, employees across various departments regularly access many cloud-based applications to fulfill their tasks
need to adjust other wireless security settings to effectively complement WPA3 and create a robust network for all employees to access critical company resources securely. What considerations should the network administrator consider when implementing WPA3 and adjusting wireless security settings? (Select the two best options.) - ANSWER - B. Enabling media access control address filtering to restrict access to authorized devices C. Implementing 802.1X authentication for user devices A Security Operations Center (SOC) manager notices a significant increase in unclassified events on the incident handler's Security Event and Incident Management (SIEM) dashboard. At the same time, someone or something raises the number of incidents. The manager investigates these incidents further to ensure efficient and timely incident response. Which combination of data sources would provide the MOST comprehensive view to support the manager's investigation? - ANSWER - B. OS-specific security logs, log files generated by applications and services running on hosts, and automated reports from the SIEM tool A security administrator reviews the configuration of a newly implemented Security Information and Event Management (SIEM) system. The SIEM system collects and correlates data from various sources, such as network sensors, application logs, and host logs. The administrator notices that some network devices, like switches and routers, do not directly support the installed agents for data collection. What approach should the administrator consider to ensure the inclusion of these devices' logs in the SIEM system? - ANSWER - A. Configuring the devices to push log changes to the SIEM server using a listener/collector approach A healthcare organization is retiring an old database server that housed sensitive patient information. It aims to ensure that this information is completely irretrievable. What key process should the organization prioritize before disposing of this server? - ANSWER - B. Secure destruction of all data stored on the server A company's network has experienced increased infiltration due to employees accessing dangerous websites from different content categories. The company has decided to enhance its security by implementing reputation- based filtering and content categorization in its web filtering system. Which of the following BEST compares these features? - ANSWER - C. Reputation-based filtering evaluates sites by past behavior; content categorization sorts by themes like adult content. A tech department evaluates the benefits of automation and scripting after recently acquiring new funding. What capability within automation and scripting allows developers to regularly merge their changes back to the main code branch and evaluate each merge automatically to help detect and fix integration problems? - ANSWER - C. Continuous integration and testing A company has added several new assets and software to its system and is meeting to review its risk matrix. It wants to ensure risk management efforts focus on vulnerabilities most likely impacting its operations significantly. What is this commonly referred to as? - ANSWER - A. Prioritization
After a recent breach, an organization mandates increased monitoring of corporate email accounts. What can the organization use that mediates the copying of tagged data to restrict it to authorized media and services and monitors statistics for policy violations? - ANSWER - C. DLP A forensic analyst at an international law enforcement agency investigates a sophisticated cyber-espionage case. The analyst must uncover the timeline of document interactions, detect concealed or system-protected files, interpret categories of digital events, and trace digital breadcrumbs left behind during media uploads on social platforms. What combination of data sources would provide the MOST comprehensive information for this multifaceted investigation? - ANSWER - A. File metadata and event logs (incorrect) After a breach, an organization implements new multifactor authentication (MFA) protocols. What MFA philosophy incorporates using a smart card or key fob to support authentication? - ANSWER - A. Something you have In a medium-sized company, the IT department manages access to various systems and resources for employees. The team wants to enhance the security posture by implementing better access controls. They use rule-based access controls and time-of-day restrictions to achieve this goal. What are the IT department's objectives in implementing rule-based access controls and time-of-day restrictions? (Select the two best options.) - ANSWER - A. To define specific access rules based on employees' roles and responsibilities B. To eliminate the need for user authentication and simplify access management (incorrect) A technician wants to implement automation within the team's workspace. How does complexity impact automation and orchestration?