










Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Comptia Security Plus Domain 4 Ce
Typology: Exams
1 / 18
This page cannot be seen from the preview
Don't miss anything!











Question In a medium-sized company, the IT department manages access to various systems and resources for employees. The team wants to enhance the security posture by implementing better access controls. They use rule-based access controls and time-of-day restrictions to achieve this goal. What are the IT department's objectives in implementing rule-based access controls and time-of-day restrictions? (Select the two best options.) A.To define specific access rules based on employees' roles and r - A.To define specific access rules based on employees' roles and responsibilities D.To restrict access to critical systems during non-working hours to enhance security Question In a medium-sized organization, the IT department manages a wide range of applications employees use. Recently, the IT security team identified a growing number of security incidents related to malware infections and unauthorized access to sensitive data. They suspect that certain applications may be the entry point for these attacks. To mitigate the risks, the team wants to implement a security measure that isolates applications from the rest of the system to prevent potential threats - A.Sandboxing Question A cyber group is reviewing its web filtering capabilities after a recent breach. Which centralized web-filtering technique groups websites into categories such as social networking, gambling, and webmail? A.Block rules B.Content categorization C.Reputation-based filtering D.URL scanning - B.Content categorization A security administrator reviews the configuration of a newly implemented Security Information and Event Management (SIEM) system. The SIEM system collects and correlates data from various sources, such as network sensors, application logs, and host logs. The administrator notices that some network devices, like switches and routers, do not directly support the installed agents for data collection. What approach should the administrator consider to ensure the inclusion of these devices' logs i - A.Configuring the devices to push log changes to the SIEM server using a listener/collector approach Question An organization wants to enhance its cybersecurity by implementing web filtering. The company needs a solution that provides granular control over web traffic, ensures policy enforcement even when employees are off the corporate network, and can log and analyze Internet usage patterns. Which of the following strategies BEST meets these requirements? A.Reputation-based filtering B.Centralized web filtering C.Manual URL blockingD.Agent-based filtering
D.Agent-based filtering - D.Agent-based filtering Question A financial institution is preparing to decommission a number of its old servers. The servers contain sensitive customer data that needs proper handling to prevent unauthorized access or data breaches. Which strategy should the institution primarily employ to ensure the data on these servers stays irretrievable? A.Use a basic method of overwriting, such as zero filling, once. B.Leave the data on the servers, as the system will eventually overwrite it. C.Carry out a sanitization process - C.Carry out a sanitization process that includes multiple passes of overwriting and degaussing. Question The chief information officer (CIO) wants to expand the company's ability to accurately identify vulnerabilities across the company. The CIO wants to be able to scan client PCs, mobile devices, servers, routers, and switches. What type of scanner are they looking to institute? A.Network vulnerability scanner B.Package monitoring C.Credentialed scan D.Dynamic analysis - A.Network vulnerability scanner Question A tech department reviews the current model for incident response procedures in response to a serious incident at the company. What part of the process should they focus on for a review of data to determine the legitimacy of a genuine incident? A.Analysis B.Containment C.Eradication D.Detection - A Analysis D.Detection (Not) Question A company's network has experienced increased infiltration due to employees accessing dangerous websites from different content categories. The company has decided to enhance its security by implementing reputation-based filtering and content categorization in its web filtering system. Which of the following BEST compares these features? A.Reputation-based filtering sorts by content themes; content categorization rates by past behaviors. B.Reputation-based filtering permits executable - C. Reputation-based filtering evaluates sites by past behavior; content categorization sorts by themes like adult content. Reputation-based filtering assesses websites based on their historical behavior and reputation, while content categorization categorizes websites into thematic categories such as adult content, social media, etc. This comparison accurately describes the primary focus and purpose of each of these features.
A cyber technician is enhancing application security capabilities for corporate email accounts following a breach. Which of the following options leverages encryption features to enable email verification by allowing the sender to sign emails using a digital signature? A.DMARC B.DKIM C.SPF D.EDR - B.DKIM Question A proprietary software remains mission-critical ten years after its in-house creation. The software requires an exception to the rules as it cannot use the latest in-use operating system (OS) version. How can the IT department protect this mission-critical software and reduce its exposure factor? (Select the two best options.) A.Network segmentation B.Vulnerability feeds C.Compensating controls D.Patching - A.Network segmentation C.Compensating controls Question A cyber technician pulls logs on the new Apple iMacs to ensure the company's employees adhere to the policy. What log can provide the technician with the computer's attempted logins or denial when an employee attempts to access a file? A.Firewall logs B.Operating system-specific security logs C.Application logs D.Endpoint logs - B.Operating system-specific security logs Question The IT team of a medium-sized business is planning to enhance network security. They want to enforce minimum security controls and configurations across all network devices, including firewalls, routers, and switches. What should they establish to achieve this objective? A.Network security baselines B.Data encryption protocols C.Intrusion detection systems (IDS) D.Virtual private network (VPN) - A.Network security baselines The IT department of a medium-sized company is exploring various mobile solutions to improve productivity and enable employees to work efficiently on their mobile devices. They aim to choose a solution ensuring data security and seamless integration with the existing infrastructure. The team has narrowed the options to three potential mobile solutions: MDM, MAM, and COPE. Each solution offers different features and functionalities, and the IT team is assessing which one BEST meets the company's - A.MAM
Question A healthcare organization is retiring an old database server that housed sensitive patient information. It aims to ensure that this information is completely irretrievable. What key process should the organization prioritize before disposing of this server? A.Certification of the server's functionality B.Secure destruction of all data stored on the server C.Preservation of all data for future reference D.Repurposing of the server without any modifications - B.Secure destruction of all data stored on the server Question In a large corporate office, employees use various devices such as laptops, smartphones, and tablets that support both Bluetooth and Wi-Fi connectivity. The office implements strict security measures to protect sensitive data and ensure compliance with industry regulations. However, the IT team noticed some security concerns. What security risks is the IT team primarily concerned about regarding the use of Bluetooth and Wi-Fi in the corporate office? A.Unauthorized access and data inter - A.Unauthorized access and data interception 72.4% complete Question A large multinational company uses a cloud-based document storage system. The system provides access to documents by considering a combination of factors: the user's department, geographic location, the document's sensitivity level, and the current date and time. For example, only the finance department of a specific region can access its financial reports, and they can do so only during business hours. Which access control model does the company MOST likely use to manage - C.Attribute-based access control Question A security specialist is drafting a memorandum on secure data destruction for the organization after a recent breach. What benefit does the certification concept offer when evaluating appropriate disposal/decommissioning? A.It refers to policies and practices governing the storage and preservation of information within the organization for a set period of time. B.It refers to the documentation and verification of the data sanitization or destruction process. C.It is often based on lega - B.It refers to the documentation and verification of the data sanitization or destruction process. What type of log file is application-managed rather than through an operating system and may use Event Viewer or syslog to write event data in a standard format? A.Endpoint logs B.Application logs C.OS-specific security logs D.Firewall logs - B.Application logs Question
D.Endpoint logs, log files generated by the OS components of the affected host computer, and logs from the host-based intrusion detection system. 10.3% complete Question A company plans to upgrade its wireless network infrastructure to improve connectivity and security. The IT team wants to ensure that the new network design provides adequate coverage, minimizes interference, and meets security standards. To achieve this, they conduct a site survey and create a heat map of the area. What is the primary purpose of conducting a site survey and creating a heat map for the company's wireless network upgrade? A.To evaluate the performance and - D.To assess wireless signal coverage, identify dead zones, and optimize access point placement for the upgrade 27.6% complete Question An organization is increasing security on corporate email exchanges after being a target in a whaling campaign. Which of the following options is an email authentication method that helps detect and prevent sender address forgery? A.SPF B.EDR C.DKIM D.DMARC - A. SPF has gotta be it A chief security officer (CSO) is overseeing the deployment of a Security Information and Event Management (SIEM) system in a large organization with a mix of computer systems and network appliances. The CSO has concerns about the system resources that the data collection process on the individual computer systems utilizes. Which method should the CSO consider to minimize the resource usage on these systems while ensuring effective data collection for the SIEM system? A.Deploying additional SIEM - C.Implementing an agentless collection method on the computer systems Upon receiving new storage media drives for the department, an organization asks a software engineer to dispose of the old drives. When considering the various methods, what processes does sanitization involve? (Select the two best options.) A.It refers to the process of removing sensitive information from storage media to prevent unauthorized access or data breaches. B.Its process uses specialized techniques, such as data wiping, degaussing, or encryption. C.It involves the physical or electron - B.Its process uses specialized techniques, such as data wiping, degaussing, or encryption. A.It refers to the process of removing sensitive information from storage media to prevent unauthorized access or data breaches. An organization reviews recent audit results of monitoring solutions used to protect the company's infrastructure and learns that detection tools are reporting a high volume of false positives. Which alert tuning techniques can reduce the volume of false positives? (Select the three best options.)
A.Isolating sources of indicators, such as network addresses or files B.Refining detection rules and muting alert levels C.Redirecting sudden alert "floods" to a dedicated group D.Redirecting infrastru - B.Refining detection rules and muting alert levels C.Redirecting sudden alert "floods" to a dedicated group D.Redirecting infrastructure-related alerts to a dedicated group The IT security team at a large company is implementing more robust authentication measures to safeguard sensitive data and systems. The team is exploring multifactor authentication (MFA) options to bolster security. The company deals with highly confidential information and requires a robust solution. The team has narrowed the choices and is evaluating which aligns BEST with their security needs. Which multi-factor authentication method utilizes unique physical characteristics of individuals to - C.Biometrics Question In a company, different departments actively access various cloud-based applications and services to perform their tasks efficiently. The company's security team has concerns about the growing complexity and risks of managing user credentials across multiple platforms. To address this concern proactively, the team implements a modern authentication solution that actively provides Single Sign-On (SSO) capabilities, ensuring enhanced user convenience and security. In this scenario, which - D.OAuth A company merged with another company and is reviewing and combining both companies' procedures for incident response. What should the joined companies have at the end of this preparation phase? A.Playbook B.Communication plan C.Incident response plan D.Incident response lifecycle - C.Incident response plan Question A cyber technician pulls logs on the new Apple iMacs to ensure the company's employees adhere to the policy. What log can provide the technician with the computer's attempted logins or denial when an employee attempts to access a file? A.Firewall logs B.Operating system-specific security logs C.Application logs D.Endpoint logs - B.Operating system-specific security logs After finding some of the company's confidential data on the internet, a software team is drafting a policy on vulnerability response and remediation. What remediation practice refers to measures put in place to mitigate the risk of a vulnerability when the team cannot directly eliminate it? A.Insurance B.Patching
is the organization's IT infrastructure. What are two other environmental factors? (Select the two best options.) A.External threat landscape B.Regulatory/compliance environment C.Prioritization D.Risk tolerance - B.Regulatory/compliance environment A. External Threat Landscape A tech company is in the process of decommissioning a fleet of old servers. It wants to ensure that sensitive data stored on these servers is fully eliminated and is not accessible in the event of unauthorized attempts. What primary process should the company implement before disposing or repurposing these servers? A.Moving the servers to a secure storage location B.Deleting all the files on the servers C.Sanitizing the servers D.Selling the servers immediately - C.Sanitizing the servers As a company grows, so does its attack surface and the desirability for a malicious actor to compromise its systems. A company must monitor all software usage, secure applications, third-party software, libraries, and dependencies to keep systems secure. What are some ways to accomplish this? (Select the three best options.) A.Package monitoring B.Software Bill of Materials C.Software composition analysis D.Credentialed scan - A.Package monitoring B.Software Bill of Materials C.Software composition analysis A Security Operations Center (SOC) manager notices a significant increase in unclassified events on the incident handler's Security Event and Incident Management (SIEM) dashboard. At the same time, someone or something raises the number of incidents. The manager investigates these incidents further to ensure efficient and timely incident response. Which combination of data sources would provide the MOST comprehensive view to support the manager's investigation? A.Firewall logs, network traff - B.OS-specific security logs, log files generated by applications and services running on hosts, and automated reports from the SIEM tool? In a multinational corporation, employees across various departments regularly access many cloud-based applications to fulfill their tasks efficiently. The company's security team is grappling with managing user credentials securely and efficiently across these diverse platforms. They are actively looking to improve user authentication and streamline access to these applications while ensuring robust security measures are in place. In this scenario, what technology should the company implement t - B.SAML
Following an incident in which a company's incident response plan (IRP) failed, the response team made several updates and changes to the IRP. The CEO wants to test the IRP with a realistic incident that does not require extensive investment and planning. Which IRP exercise is the BEST option for this company? A.Training B.Tabletop Exercise C.Simulation D.Walkthrough - D. Walkthrough Question The network administrator of a small business needs to enhance the security of the business's wireless network. The primary goal is to implement Wi-Fi Protected Access 3 (WPA3) as the main security measure but recognize the need to adjust other wireless security settings to effectively complement WPA3 and create a robust network for all employees to access critical company resources securely. What considerations should the network administrator consider when implementing WPA3 and adjus - B.Enabling media access control address filtering to restrict access to authorized devices C.Implementing 802.1X authentication for user devices A cybersecurity responder surreptitiously monitors the activities of a hacker attempting infiltration. During this time, the cybersecurity responder prepared a containment and eradication plan. This is an example of what type of threat hunting technique? A.Intelligence fusion B.Maneuvering C.Threat data D.Countermeasures - B.Maneuvering A senior security analyst is refining the incident response processes for a large organization that recently implemented a Security Information and Event Management (SIEM) system. During a simulation of a cybersecurity incident, the analyst observed that the SIEM system generated several alerts that were false positives, leading to unnecessary consumption of resources. On which step should the analyst focus to improve the efficiency of the alert response and remediation process? A.Increasing th - D.Enhancing the validation and quarantine processes in the alert response A software engineer is reviewing the various capabilities of automation and scripting. What capability does the use of security groups allow for automation and scripting? A.It assists in reducing the possibility of unauthorized access or excessive permissions. B.It can monitor and enforce compliance and flag risky behaviors. C.It can create seamless workflows and facilitate the development of complex systems. D.It creates, modifies, or deletes user accounts and access rights. - A.It assists in reducing the possibility of unauthorized access or excessive permissions. The IT security team at a corporation has concerns about potential security risks on the cloud platform. They noticed that some employees have been able to submit malformed data,
B.Attestation C.Multifactor authentication D.Passwordless authentication - D.Passwordless authentication In a medium-sized company, the IT security team implements Privileged Access Management (PAM) tools to enhance security measures. The team is considering using just- in-time (JIT) permissions to reduce the risk of unauthorized access to critical systems and sensitive data. JIT permissions allow users to obtain temporary access only when necessary, minimizing the exposure of privileged accounts. The team is aware that this approach can significantly improve security by limiting the window of oppo - A.JIT permissions reduce unauthorized access risk by granting temporary access only when necessary. Question An IT admin has been testing a newly released software patch and discovered an exploitable vulnerability. The manager directs the IT admin to immediately report to Common Vulnerability Enumeration (CVE), utilizing the common vulnerability scoring system (CVSS) to base the score for the vulnerability. What could happen if there are delays in completing the report? (Select the two best options.) A.Can lead to delays in remediation B.Verification will resolve the vulnerability C.The vulner - A.Can lead to delays in remediation D.Increase window of opportunity for attackers In a medium-sized tech company, employees have different roles and responsibilities requiring access to specific resources and data. The IT team is implementing security measures to control access effectively and reduce the risk of unauthorized activities. What security measure could the IT team implement in the tech company to control access effectively and minimize the risk of unauthorized activities? A.Implement intrusion detection systems to monitor and identify potential security breaches B - D.The principle of least privilege to grant employees the minimum needed access based on job roles The board of directors for a tech support company presents the benefits of automation and orchestration enhancements for security operations to a new client. What are the benefits associated with automation in security operations? (Select the two best options.) A.Generate tickets B.Escalation C.Continuous integration and testing D.Enabling/disabling services and accesses - A.Generate tickets B.Escalation The IT team of a large multinational corporation is working to improve the security of their remote access services. They plan to implement Remote Authentication Dial-In User Service (RADIUS) to enhance the authentication process for remote users. RADIUS provides a centralized authentication and authorization mechanism for users connecting from various
locations. The IT team evaluated different authentication protocols alongside RADIUS to ensure a strong and secure remote access solution. Which - A.PEAP A multinational company worries that its IT department is getting complacent regarding cybersecurity. The company begins working with an outside company to create an incident in a sandbox environment to gauge the IT department's response to a strong attack. This situation represents what type of testing scenario? A.Walkthrough B.Tabletop exercise C.Simulation D.Communication plan - C.Simulation During routine monitoring, an incident response analyst at a prominent corporation notices suspicious network activity on a server. The analyst can access various network data sources. Which data sources would provide the MOST relevant information for the analyst to investigate and identify the potential threat actor and tools used in this activity? A.Packet captures B.Network logs C.Firewall logs D.Metadata - A.Packet captures A company recently faced a security breach through its network switch. They learned that the attacker was able to access the switch using the default credentials. Which of the following steps should the company take to improve the security of the switch and avoid such breaches in the future? A.Switch to wireless routers B.Change the switch to a different brand C.Change the default credentials of the switch D.Increase the number of devices that can connect to the switch - C.Change the default credentials of the switch In a small software development company, the development team has created a critical application that handles sensitive user data. The company's security policy mandates conducting a thorough application security assessment before deployment. To achieve this, the team employed a static code analysis tool, taking advantage of its primary feature. How can the development team utilize static code analysis in the critical application's software development process? A.To optimize the application's pe - C.To identify potential security vulnerabilities in the application's source code A technician is deploying centralized web filtering techniques across the enterprise. What stems from various factors, such as the website's URL, domain, IP address, content category, or even specific keywords within the web content? A.Content categorization B.Reputation-based filtering C.URL scanning D.Block rules -
sources would provide the MOST comprehensive information for this multifaceted investigation? A.File metadata and event logs B.Net - C.File metadata with extended attributes and network transaction logs An information security manager is fine-tuning a Security Information and Event Management (SIEM) system in a company that has recently experienced multiple cybersecurity incidents. The manager wants to ensure prompt detection of potential incidents for immediate investigation. Which approach should the manager consider to optimize the system's alerting capability? A.Enabling the SIEM system to send an alert for every received threat intelligence feed B.Setting the SIEM system to generate an a - C.Configuring the SIEM system to alert when multiple login failures for the At a large company, the IT department manages user accounts and permissions for the organization's various systems. The IT team employs a well-structured provisioning and de- provisioning process to create, modify, and remove user accounts and assign permissions to minimize potential security risks. Which statements related to user account provisioning and permission assignments are correct? (Select the two best options.) A.Provisioning and de-provisioning of user accounts involve creating, modif - A.Provisioning and de-provisioning of user accounts involve creating, modifying, and removing user accounts to maintain appropriate access levels. B.The principle of least privilege guides the assignment of permissions, ensuring users have only the necessary access for their job roles. A healthcare organization is preparing to decommission several servers containing sensitive patient information. The organization wants to ensure that it securely disposes of the data on these servers and properly documents this process. What should the organization primarily focus on to ensure secure data disposal and regulation compliance? A.Pass the servers to the IT team for random allocation among employees. B.Sell the servers as soon as possible to reclaim some of the initial investment. C - D.Obtain a certificate of destruction or sanitization from a third-party provider. An organization needs a solution for controlling and monitoring all inbound and outbound web content, analyzing web requests, blocking access based on various criteria, and offering detailed logging and reporting of web activity. Which of the following solutions is the MOST suitable in this situation? A.Manual URL blocking B.Agent-based filtering C.Centralized web filtering D.Content categorization - C.Centralized web filtering The IT team at a medium-sized company is upgrading its wireless network security to protect sensitive data and ensure secure communication between devices. They have decided to implement Wi-Fi Protected Access 3 (WPA3). What is the primary purpose of implementing WPA3 on the company's wireless network? A.To ensure seamless compatibility with legacy wireless devices
B.To increase the wireless network's speed and performance C.To enhance wireless network security with the latest encryption standar - C.To enhance wireless network security with the latest encryption standards A technician is modifying controls to increase security on messaging services. Which of the following options check to define rules for handling messages, such as moving messages to quarantine or spam, rejecting them outright, or tagging the message? A.DKIM B.SPF C.EDR D.DMARC - D.DMARC An organization is creating a quick reference guide to assist team members when addressing common vulnerabilities and exposures across the enterprise. What does the Forum of Incident Response and Security Teams maintain that generates metrics of a score from 0 to 10? A.CVE B.CVSS C.Vulnerability analysis D.OSINT - B.CVSS After a breach, an organization implements new multifactor authentication (MFA) protocols. What MFA philosophy incorporates using a smart card or key fob to support authentication? A.Something you have B.Something you are C.Somewhere you are D.Something you know - A.Something you have A system administrator has seen repeated positive vulnerability messages only to discover that no vulnerability exists. The vulnerability messages repeat daily for several days, causing the system administrators to ignore them. What can the system administrator do to combat false positives? (Select the two best options.) A.Review logs B.Use different scanners C.Use threat feeds D.Remediation efforts - A.Review logs B.Use different scanners What action of the incident response process removes affected components from the larger environment? A.Detection B.Eradication C.Containment D.Analysis - B.Eradication(wrong) C Cantainment