comptia security plus

A company has hired a third-party to gather information about the company's servers and data. This third-party will not have direct access to the company's internal network

but they can gather information from any other source. Which of the following would BEST describe this approach?

A company's email server has received an email from a third-party

but the origination server does not match the list of authorized devices. Which of the following would determine the disposition of this message?

Which of these threat actors would be MOST likely to attack systems for direct financial gain?

Organized crime

A security administrator has examined a server recently compromised by an attacker

and has determined the system was exploited due to a known operating system vulnerability. Which of the following would BEST describe this finding?

A city is building an ambulance service network for emergency medical dispatching. Which of the following should have the highest priority?

System availability

A system administrator receives a text alert when access rights are changed on a database containing private customer information. Which of the following would describe this alert?

Automation

A security administrator is concerned about the potential for data exfiltration using external storage drives. Which of the following would be the BEST way to prevent this method of data exfiltration?

Create an operating system security policy to block the use of removable media

A company creates a standard set of government reports each calendar quarter. Which of the following would describe this type of data?

Regulated

A user connects to a third-party website and receives the message: Your connection is not private. NET::ERR_CERT_INVALID. Which of the following attacks would be the MOST likely reason for this message?

On-path

Which of the following would be the BEST way to provide a website login using existing credentials from a third-party site?

Federation

A system administrator is working on a contract that will specify a minimum required uptime for a set of Internet-facing firewalls. The administrator needs to know how often the firewall hardware is expected to fail between repairs. Which of the following would BEST describe this information?

MTBF

An attacker calls into a company's help desk and pretends to be the director of the company's manufacturing department. The attacker states that they have forgotten their password and they need to have the password reset quickly for an important meeting. What kind of attack would BEST describe this phone call?

Social engineering

Two companies have been working together for a number of months and they would now like to qualify their partnership with a broad formal agreement between both organizations. Which of the following would describe this agreement?

MOA

Which of the following would explain why a company would automatically add a digital signature to each outgoing email message?

Integrity

The embedded OS in a company's time clock appliance is configured to reset the file system and reboot when a file system error occurs. On one of the time clocks this file system error occurs during the startup process and causes the system to constantly reboot. Which of the following BEST describes this issue?

Race condition

A recent audit has found that existing password policies do not include any restrictions on password attempts and users are not required to periodically change their passwords. Which of the following would correct these policy issues? (Select TWO)

Password expiration and Account lockout

What kind of security control is associated with a login banner?

Deterrent

An internal audit has discovered four servers that have not been updated in over a year and it will take two weeks to test and deploy the latest patches. Which of the following would be the best way to quickly respond to this situation in the meantime?

Move the servers to a protected segment

A business manager is documenting a set of steps for processing orders if the primary Internet connection fails. Which of these would BEST describe these steps?

Continuity of operations

A company would like to examine the credentials of each individual entering the data center building. Which of the following would BEST facilitate this requirement?

Access control vestibule

A company stores some employee information in encrypted form but other public details are stored as plaintext. Which of the following would BEST describe this encryption strategy?

Record

A company would like to minimize database corruption if power is lost to a server. Which of the following would be the BEST strategy to follow?

Journaling

A company is creating a security policy for corporate mobile devices requiring automatic locking after a predefined time period

location traceability

A security engineer runs a monthly vulnerability scan. The scan doesn't list any vulnerabilities for Windows servers but a significant vulnerability was announced last week and none of the servers are patched yet. Which of the following best describes this result?

False negative

An IT help desk is using automation to improve the response time for security events. Which of the following use cases would apply to this process?

Escalation

A network administrator would like each user to authenticate with their corporate username and password when connecting to the company's wireless network. Which of the following should the network administrator configure on the wireless access points?

802.1X

A company's VPN service performs a posture assessment during the login process. Which of the following mitigation techniques would this describe?

Configuration enforcement

A user has assigned individual rights and permissions to a file on their network drive. The user adds three additional individuals to have read-only access to the file. Which of the following would describe this access control model?

Discretionary

A remote user has received a text message with a link to login and confirm their upcoming work schedule. Which of the following would BEST describe this attack?

Smishing

A company is formalizing the design and deployment process used by their application programmers. Which of the following policies would apply?

Development lifecycle

A security administrator has copied a suspected malware executable from a user's computer and is running the program in a sandbox. Which of the following would describe this part of the incident response process?

Containment

A server administrator at a bank has noticed a decrease in the number of visitors to the bank's website. Additional research shows that users are being directed to a different IP address than the bank's web server. Which of the following would MOST likely describe this attack?

DNS poisoning

Which of the following considerations are MOST commonly associated with a hybrid cloud model?

Network protection mismatches

A company hires a large number of seasonal employees and their system access should normally be disabled when the employee leaves the company. The security administrator would like to verify that their systems cannot be accessed by any of the former employees. Which of the following would be the BEST way to provide this verification?

Validate the offboarding processes and procedures

Which of the following is used to describe how cautious an organization might be to taking a specific risk?

Risk appetite

A technician is applying a series of patches to fifty web servers during a scheduled maintenance window. After patching and rebooting the first server the web service fails with a critical error. Which of the following should the technician do NEXT?

Follow the steps listed in the backout plan

An attacker has discovered a way to disable a server by sending specially crafted packets from many remote devices to the operating system. When the packet is received the system crashes and must be rebooted to restore normal operations. Which of the following would BEST describe this attack?

DDoS

A data breach has occurred in a large insurance company. A security administrator is building new servers and security systems to get all of the financial systems back online. Which part of the incident response process would BEST describe these actions?

Recovery

A network team has installed new access points to support an application launch. In less than 24 hours the wireless network was attacked and private company information was accessed. Which of the following would be the MOST likely reason for this breach?

Misconfiguration

An organization has identified a significant vulnerability in an Internet-facing firewall. The firewall company has stated the firewall is no longer available for sale and there are no plans to create a patch for this vulnerability. Which of the following would BEST describe this issue?

End-of-life

A company has decided to perform a disaster recovery exercise during an annual meeting with the IT directors and senior directors. A simulated disaster will be presented and the participants will discuss the logistics and processes required to resolve the disaster. Which of the following would BEST describe this exercise?

Tabletop exercise

A security administrator needs to block users from visiting websites hosting malicious software. Which of the following would be the BEST way to control this access?

DNS filtering

A system administrator has been called to a system with a malware infection. As part of the incident response process the administrator has imaged the operating system to a known-good version. Which of these incident response steps is the administrator following?

Recovery

A company has placed a SCADA system on a segmented network with limited access from the rest of the corporate network. Which of the following would describe this process?

Hardening

An administrator is viewing a security log showing hundreds of failed password attempts from a single IP address against the root account via SSH. Which of the following would describe this attack?

Brute force

During a morning login process a user's laptop was moved to a private VLAN and a series of updates were automatically installed. Which of the following would describe this process?

Configuration enforcement

Which of the following describes two-factor authentication?

A Windows Domain requires a password and smart card

A company is deploying a new application to all employees in the field where the company does not have a way to manage the devices in the field team members have many different kinds of mobile devices and the same device needs to be used for both corporate and private use. Which of the following deployment models would address these concerns?

COPE

An organization is installing a UPS for their new data center. Which of the following would BEST describe this control type?

Compensating

A manufacturing company would like to track the progress of parts used on an assembly line. Which of the following technologies would be the BEST choice for this task?

Blockchain

A company's website has been compromised and the website content has been replaced with a political message. Which of the following threat actors would be the MOST likely culprit?

Hacktivist

A Linux administrator is downloading an updated version of her Linux distribution. The download site shows a link to the ISO and a SHA256 hash value. Which of these would describe the use of this hash value?

Verifies that the file was not corrupted during the file transfer

A company's security policy requires that login access should only be available if a person is physically within the same building as the server. Which of the following would be the BEST way to provide this requirement?

Biometric scanner

A development team has installed a new application and database to a cloud service. After running a vulnerability scanner the database is available for anyone to query without any authentication. Which of these vulnerabilities is MOST associated with this issue?

Open permissions

Employees of an organization have received an email with a link offering a cash bonus for completing an internal training course. Which of the following would BEST describe this email?

Phishing campaign

Which of the following risk management strategies would include the purchase and installation of an NGFW?

Mitigate

An organization is implementing a security model where all application requests must be validated at a policy enforcement point. Which of the following would BEST describe this model?

Zero trust

A company is installing a new application in a public cloud. Which of the following determines the assignment of data security in this cloud infrastructure?

Responsibility matrix

When decommissioning a device a company documents the type and size of storage drive the amount of RAM and any installed adapter cards. Which of the following describes this process?

Enumeration

An attacker has sent more information than expected in a single API call and this has allowed the execution of arbitrary code. Which of the following would BEST describe this attack?

Buffer overflow

A company encourages users to encrypt all of their confidential materials on a central server. The organization would like to enable key escrow as a backup option. Which of these keys should the organization place into escrow?

Private

A company is in the process of configuring and enabling host-based firewalls on all user devices. Which of the following threats is the company addressing?

Instant messaging

A manufacturing company would like to use an existing router to separate a corporate network from a manufacturing floor. Both networks use the same physical switch and the company does not want to install any additional hardware. Which of the following would be the BEST choice for this segmentation?

Create separate VLANs for the corporate network and the manufacturing floor

An organization needs to provide a remote access solution for a newly deployed cloud-based application designed to be used by mobile field service technicians. Which of the following would be the best option for this requirement?

SASE

A company is implementing a quarterly security awareness campaign. Which of the following would MOST likely be part of this campaign?

Suspicious message reports from users

A recent report shows the return of a vulnerability that was previously patched four months ago. After researching this issue the security team has found a recent patch has reintroduced this vulnerability on the servers. Which of the following should the security administrator implement to prevent this issue from occurring in the future?

Change management

A security manager would like to ensure that unique hashes are used with an application login process. Which of the following would be the BEST way to add random data when generating a set of stored password hashes?

Salting

Which cryptographic method is used to add trust to a digital certificate?

Digital signature

A company is using SCAP as part of their security monitoring processes. Which of the following would BEST describe this implementation?

Automate the validation and patching of security issues

An organization maintains a large database of customer information for sales tracking and customer support. Which person in the organization would be responsible for managing the access rights to this data?

Data custodian

An organization's content management system currently labels files and documents as Public and Restricted. On a recent update a new classification type of Private was added. Which of the following would be the MOST likely reason for this addition?

Expanded privacy compliance

A corporate security team would like to consolidate and protect the private keys across all of their web servers. Which of these would be the BEST way to securely store these keys?

Integrate an HSM

A user with restricted access typed USER77' OR '1'='1 in a search field of an internal web-based application and all database records were displayed. Which of the following would BEST describe this search?

SQL injection

A user has opened a helpdesk ticket complaining of poor system performance

excessive pop up messages

A web-based manufacturing company processes monthly charges to credit card information saved in the customer's profile. All of the customer information is encrypted and protected with additional authentication factors. Which of the following would be the justification for these security controls?

Compliance reporting

A security manager has created a report showing intermittent network communication from certain workstations on the internal network to one external IP address at random times during the day. Which of the following would be the MOST likely reason for these traffic patterns?

Keylogger

The security policies in a manufacturing company prohibit the transmission of customer information. However a security administrator has received an alert that credit card numbers were transmitted as an email attachment. Which of the following was the MOST likely source of this alert message?

DLP

A security administrator has configured a virtual machine in a screened subnet with a guest login account and no password. Which of the following would be the MOST likely reason for this configuration?

The server is a honeypot for attracting potential attackers

A security administrator is configuring a DNS server with a SPF record. Which of the following would be the reason for this configuration?

List all servers authorized to send emails

A company would like to securely deploy applications without the overhead of installing a virtual machine for each system. Which of the following would be the BEST way to deploy these applications?

Containerization

A company has just purchased a new application server and the security director wants to determine if the system is secure. The system is currently installed in a test environment. Which of the following would be the BEST way to determine if any part of the system can be exploited?

Penetration test

A security administrator has performed an audit of the organization's production web servers and the results have identified default configurations web services running from a privileged account and inconsistencies with SSL certificates. Which of the following would be the BEST way to resolve these issues?

Server hardening

A shipping company stores information in small regional warehouses around the country. The company maintains an IPS at each warehouse to watch for suspicious traffic patterns. Which of the following would BEST describe the security control used at the warehouse?

Detective

The Vice President of Sales has asked the IT team to create daily backups of the sales data. The Vice President is an example of a:

Data owner

A security engineer is preparing to conduct a penetration test of a third-party website. Part of the preparation involves reading through social media posts for information about this site. Which of the following describes this practice?

OSINT

A company would like to orchestrate the response when a virus is detected on company devices. Which of the following would be the BEST way to implement this function?

Escalation scripting

A user in the accounting department has received a text message from the CEO requesting payment by cryptocurrency for a recently purchased tablet. Which of the following would BEST describe this attack?

Smishing

A company has been informed of a hypervisor vulnerability that could allow users on one virtual machine to access resources on another virtual machine. Which of the following would BEST describe this vulnerability?

Escape

While working from home users are attending a project meeting over a web conference. When typing in the meeting link the browser is unexpectedly directed to a different website. Users in the office do not have any issues. Which of the following would be the MOST likely reason?

DNS poisoning

A company is launching a new internal application that will not start until a username and password is entered and a smart card is plugged into the computer. Which of the following BEST describes this process?

Authentication

An online retailer is planning a penetration test and a third-party organization will be performing the test. The online retailer has provided only the Internet-facing IP addresses for their public web servers. What penetration testing methodology is the online retailer using?

Partially known environment

A manufacturing company produces radar used by commercial and military organizations. A recently proposed policy change would allow the use of mobile devices inside the facility. Which of the following would be the MOST significant threat vector issue associated with this change?

Loss of intellectual property

Which of the following would be the BEST way for an organization to verify the digital signature provided by an external email server?

Check the DKIM record

A company is using older operating systems for their web servers and are concerned of their stability during periods of high use. Which of the following should the company use to maximize the uptime and availability of this service?

Load balancer

A user in the accounting department would like to email a spreadsheet with sensitive information to a list of third-party vendors. Which of the following would be the BEST way to protect the data in this email?

Asymmetric encryption

A system administrator would like to segment the network to give the marketing accounting and manufacturing departments their own private network with restricted communication between departments. Which of the following should be configured?

VLAN

A technician at an MSP has been asked to manage devices on a third-party private network and needs command line access to internal routers switches and firewalls. Which of the following would provide the necessary access?

Jump server

A transportation company is installing new wireless access points in their corporate office. The manufacturer estimates the access points will operate an average of 100

000 hours before a hardware-related outage. Which of the following describes this estimate?

A security administrator is creating a policy to prevent the disclosure of credit card numbers in a customer support application where users would only be able to view the last four digits. Which of the following would provide this functionality?

Masking

A user is authenticating through the use of a PIN and a fingerprint. Which of the following would describe these authentication factors?

Something you know and something you are