Question 1

The Chief Information Officer (CIO) for a large manufacturing organization has noticed a significant number of unknown devices with possible malware infections are on the organization's corporate network. Which of the following would work BEST to prevent the issue?

Accepted Answer

Reconfiguring the Network Access Control (NAC) solution to prevent access based on a full device profile and ensuring antivirus is installed would best prevent unknown devices with malware from accessing the network.

Question 2

A bad actor bypasses authentication and reveals all records in a database through an SQL injection. Implementation of which of the following would work BEST to prevent similar attacks in the future?

Accepted Answer

Strict input validation is the best method to prevent SQL injection attacks as it ensures that only properly formatted data is accepted, preventing malicious SQL code from being executed.

Question 3

A security analyst received a series of antivirus alerts from a workstation segment, and users reported ransomware messages. During lessons-learned activities, the analyst determines the antivirus was able to alert to abnormal behavior but did not stop this newest variant of ransomware. Which of the following actions should be taken to BEST mitigate the effects of this type of threat in the future?

Accepted Answer

Enabling sandboxing technology allows suspicious files to be executed in a controlled environment, helping to detect and prevent new variants of malware like ransomware before they can cause harm.

Question 4

A security analyst is attempting to utilize the following threat intelligence for developing detection capabilities: APT X's approach to a target would be sending a phishing email to the target after conducting active and passive reconnaissance. Upon successful compromise, APT X conducts internal reconnaissance and attempts to move laterally by utilizing existing resources. When APT X finds data that aligns to its objectives, it stages and then exfiltrates data sets in sizes that can range from 1GB to 5GB. APT X also establishes several backdoors to maintain a C2 presence in the environment. In which of the following phases in this APT MOST likely to leave discoverable artifacts?

Accepted Answer

APT X is most likely to leave discoverable artifacts during the data collection/exfiltration phase, as this involves staging and transferring data, which can be detected through network monitoring and data loss prevention tools.

Question 5

An executive assistant wants to onboard a new cloud-based product to help with business analytics and dashboarding. Which of the following would be the BEST integration option for this service?

Accepted Answer

Utilizing the cloud product's API is the best option as it allows for seamless, supported, and ongoing integrations, ensuring that data is transferred efficiently and securely without manual intervention.

Question 6

Which of the following sources would a security analyst rely on to provide relevant and timely threat information concerning the financial services industry?

Accepted Answer

Information sharing and analysis centers (ISACs) are industry-specific organizations that provide timely threat information and analysis to their members, making them a reliable source for security analysts in the financial services industry.

Question 7

An organization used a third party to conduct a security audit and discovered several deficiencies in the cybersecurity program. The findings noted many external vulnerabilities that were not caught by the vulnerability scanning software, numerous weaknesses that allowed lateral movement, and gaps in monitoring that did not detect the activity of the auditors. Based on these findings, which of the following would be the BEST long-term enhancement to the security program?

Accepted Answer

The answer of An organization used a third party to...

Question 8

A custom script currently monitors real-time logs of a SAMIL authentication server to mitigate brute-force attacks. Which of the following is a concern when moving authentication to a cloud service?

Accepted Answer

The answer of A custom script currently monitors real-time logs...

Question 9

A security analyst is investigating malicious traffic from an internal system that attempted to download proxy avoidance as identified from the firewall logs, but the destination IP is blocked and not captured. Which of the following should the analyst do?

Accepted Answer

Determining if DNS logging is enabled can help identify the domain names associated with the malicious traffic, providing more context about the attempted connections.

Question 10

A security analyst is scanning the network to determine if a critical security patch was applied to all systems in an enterprise. The organization has a very low tolerance for risk when it comes to resource availability. Which of the following is the BEST approach for configuring and scheduling the scan?

Accepted Answer

The answer of A security analyst is scanning the network...

Question 11

A security analyst is reviewing the following requirements for new time clocks that will be installed in a shipping warehouse: The clocks must be configured so they do not respond to ARP broadcasts. The server must be configured with static ARP entries for each clock. Which of the following types of attacks will this configuration mitigate?

Accepted Answer

This configuration mitigates spoofing attacks, specifically ARP spoofing, by ensuring that the clocks do not respond to ARP broadcasts and using static ARP entries to prevent unauthorized devices from impersonating the clocks.

Question 12

An analyst is reviewing the following code output of a vulnerability scan:  Which of the following types of vulnerabilities does this MOST likely represent?

Accepted Answer

The answer of An analyst is reviewing the following code...

Question 13

An information security analyst on a threat-hunting team is working with administrators to create a hypothesis related to an internally developed web application. The working hypothesis is as follows: Due to the nature of the industry, the application hosts sensitive data associated with many clients and is a significant target. The platform is most likely vulnerable to poor patching and inadequate server hardening, which expose vulnerable services. The application is likely to be targeted with SQL injection attacks due to the large number of reporting capabilities within the application. As a result, the systems administrator upgrades outdated service applications and validates the endpoint configuration against an industry benchmark. The analyst suggests developers receive additional training on implementing identity and access management, and also implements a WAF to protect against SQL injection attacks. Which of the following BEST represents the technique in use?

Accepted Answer

The actions taken, such as upgrading outdated services, validating configurations, and implementing a WAF, are aimed at reducing vulnerabilities and thus reducing the attack surface area.

Question 14

Which of the following should a database administrator implement to BEST protect data from an untrusted server administrator?

Accepted Answer

Data encryption ensures that even if an untrusted server administrator accesses the data, they cannot read it without the decryption key.

Question 15

A large organization wants to move account registration services to the cloud to benefit from faster processing and elasticity. Which of the following should be done FIRST to determine the potential risk to the organization?

Accepted Answer

Identifying the business processes that will be migrated and their criticality is essential to understand the potential impact and risk to the organization, which will guide further risk assessment and mitigation strategies.

Question 16

An organization wants to move non-essential services into a cloud computing environment. Management has a cost focus and would like to achieve a recovery time objective of 12 hours. Which of the following cloud recovery strategies would work BEST to attain the desired outcome?

Accepted Answer

A warm disaster recovery site provides a balance between cost and recovery time, allowing for a 12-hour recovery time objective while being more cost-effective than a hot site.

Question 17

An analyst is searching a log for potential credit card leaks. The log stores all data encoded in hexadecimal. Which of the following commands will allow the security analyst to confirm the incident?

Accepted Answer

The command "cat log |xxd -r -p | egrep '[0-9]{16}'" decodes the hexadecimal data and then searches for sequences of 16 digits, which is the typical length of a credit card number.

Question 18

A security analyst is required to stay current with the most recent threat data and intelligence reports. When gathering data, it is MOST important for the data to be:

Accepted Answer

The most important aspects of threat data and intelligence reports are that they are relevant to the current security environment and accurate to ensure effective decision-making and response.

Question 19

A forensic analyst took an image of a workstation that was involved in an incident. To BEST ensure the image is not tampered with, the analyst should use:

Accepted Answer

The answer of A forensic analyst took an image of...

Question 20

An information security analyst discovered a virtual machine server was compromised by an attacker. Which of the following should be the FIRST step to confirm and respond to the incident?

Accepted Answer

Taking a snapshot of the virtual machine is the first step to preserve the current state for forensic analysis and investigation before making any changes or taking further actions.

Exam 5: CompTIA Cloud Essentials+