Question 1

A security analyst on the threat-hunting team has developed a list of unneeded, benign services that are currently running as part of the standard OS deployment for workstations. The analyst will provide this list to the operations team to create a policy that will automatically disable the services for all workstations in the organization. Which of the following BEST describes the security analyst's goal?

Accepted Answer

C

Question 2

A Chief Information Security Officer (CISO) wants to upgrade an organization's security posture by improving proactive activities associated with attacks from internal and external threats. Which of the following is the MOST proactive tool or technique that feeds incident response capabilities?

Accepted Answer

Threat hunting involves developing hypotheses and actively seeking out potential threats before they manifest into incidents, making it a proactive approach to enhance incident response capabilities.

Question 3

Which of the following software security best practices would prevent an attacker from being able to run arbitrary SQL commands within a web application? (Choose two.)

Accepted Answer

Parameterized queries prevent SQL injection by separating SQL logic from data input, while input validation ensures only valid data is processed, reducing the risk of malicious SQL commands.

Question 4

A security analyst suspects a malware infection was caused by a user who downloaded malware after clicking http://<malwaresource>/a.php in a phishing email. To prevent other computers from being infected by the same malware variation, the analyst should create a rule on the __________.

Accepted Answer

The answer of A security analyst suspects a malware infection...

Question 5

A security analyst received a SIEM alert regarding high levels of memory consumption for a critical system. After several attempts to remediate the issue, the system went down. A root cause analysis revealed a bad actor forced the application to not reclaim memory. This caused the system to be depleted of resources. Which of the following BEST describes this attack?

Accepted Answer

The answer of A security analyst received a SIEM alert...

Question 6

While planning segmentation for an ICS environment, a security engineer determines IT resources will need access to devices within the ICS environment without compromising security. To provide the MOST secure access model in this scenario, the jumpbox should be __________.

Accepted Answer

Placing the jumpbox in an isolated network segment, authenticated on the IT side, and forwarded into the ICS network provides a secure access model by minimizing direct exposure of the ICS network to IT resources, while still allowing necessary access.

Question 7

A development team uses open-source software and follows an Agile methodology with two-week sprints. Last month, the security team filed a bug for an insecure version of a common library. The DevOps team updated the library on the server, and then the security team rescanned the server to verify it was no longer vulnerable. This month, the security team found the same vulnerability on the server. Which of the following should be done to correct the cause of the vulnerability?

Accepted Answer

The answer of A development team uses open-source software and...

Question 8

An information security analyst is compiling data from a recent penetration test and reviews the following output:  The analyst wants to obtain more information about the web-based services that are running on the target. Which of the following commands would MOST likely provide the needed information?

Accepted Answer

The answer of An information security analyst is compiling data...

Question 9

A security analyst is providing a risk assessment for a medical device that will be installed on the corporate network. During the assessment, the analyst discovers the device has an embedded operating system that will be at the end of its life in two years. Due to the criticality of the device, the security committee makes a risk-based policy decision to review and enforce the vendor upgrade before the end of life is reached. Which of the following risk actions has the security committee taken?

Accepted Answer

The answer of A security analyst is providing a risk...

Question 10

Which of the following would MOST likely be included in the incident response procedure after a security breach of customer PII?

Accepted Answer

Public relations would likely be involved to manage communication and maintain the company's reputation after a security breach involving customer PII.

Question 11

Which of the following roles is ultimately responsible for determining the classification levels assigned to specific data sets?

Accepted Answer

The answer of Which of the following roles is ultimately...

Question 12

A security technician is testing a solution that will prevent outside entities from spoofing the company's email domain, which is comptia.org . The testing is successful, and the security technician is prepared to fully implement the solution. Which of the following actions should the technician take to accomplish this task?

Accepted Answer

The correct answer is A because adding a TXT record to the DNS with the specified value will implement the SPF record and prevent email spoofing.

Question 13

A cybersecurity analyst has access to several threat feeds and wants to organize them while simultaneously comparing intelligence against network traffic. Which of the following would BEST accomplish this goal?

Accepted Answer

The answer of A cybersecurity analyst has access to several...

Question 14

A security analyst is trying to determine if a host is active on a network. The analyst first attempts the following:  The analyst runs the following command next:  Which of the following would explain the difference in results?

Accepted Answer

The answer of A security analyst is trying to determine...

Question 15

An information security analyst is reviewing backup data sets as part of a project focused on eliminating archival data sets. Which of the following should be considered FIRST prior to disposing of the electronic data?

Accepted Answer

The answer of An information security analyst is reviewing backup...

Question 16

A compliance officer of a large organization has reviewed the firm's vendor management program but has discovered there are no controls defined to evaluate third-party risk or hardware source authenticity. The compliance officer wants to gain some level of assurance on a recurring basis regarding the implementation of controls by third parties. Which of the following would BEST satisfy the objectives defined by the compliance officer? (Choose two.)

Accepted Answer

The answer of A compliance officer of a large organization...

Question 17

A security analyst reviews the following aggregated output from an Nmap scan and the border firewall ACL:  Which of the following should the analyst reconfigure to BEST reduce organizational risk while maintaining current functionality?

Accepted Answer

The answer of A security analyst reviews the following aggregated...

Question 18

An information security analyst observes anomalous behavior on the SCADA devices in a power plant. This behavior results in the industrial generators overheating and destabilizing the power supply. Which of the following would BEST identify potential indicators of compromise?

Accepted Answer

Wireshark is a network protocol analyzer that can capture and analyze packets, making it suitable for identifying potential indicators of compromise between SCADA devices and the management system.

Question 19

A storage area network (SAN) was inadvertently powered off while power maintenance was being performed in a datacenter. None of the systems should have lost all power during the maintenance. Upon review, it is discovered that a SAN administrator moved a power plug when testing the SAN's fault notification features. Which of the following should be done to prevent this issue from reoccurring?

Accepted Answer

Ensuring both power supplies on the SAN are serviced by separate circuits provides redundancy, so if one circuit fails, the other can maintain power, preventing a complete power loss.

Question 20

During an investigation, a security analyst determines suspicious activity occurred during the night shift over the weekend. Further investigation reveals the activity was initiated from an internal IP going to an external website. Which of the following would be the MOST appropriate recommendation to prevent the activity from happening in the future?

Accepted Answer

Blocking traffic from the specific IP addresses with a firewall rule would prevent the suspicious activity from occurring again by stopping the internal IP from reaching the external website.

Exam 5: CompTIA Cloud Essentials+