Question 1

A Chief Information Officer (CIO) asks the company's security specialist if the company should spend any funds on malware protection for a specific server. Based on a risk assessment, the ARO value of a malware infection for a server is 5 and the annual cost for the malware protection is $2500. Which of the following SLE values warrants a recommendation against purchasing the malware protection?

Accepted Answer

The answer of A Chief Information Officer (CIO) asks the...

Question 2

A security administrator has written a script that will automatically upload binary and text-based configuration files onto a remote server using a scheduled task. The configuration files contain sensitive information. Which of the following should the administrator use? (Select TWO)

Accepted Answer

The answer of A security administrator has written a script...

Question 3

A company has noticed multiple instances of proprietary information on public websites. It has also observed an increase in the number of email messages sent to random employees containing malicious links and PDFs. Which of the following changes should the company make to reduce the risks associated with phishing attacks? (Select TWO)

Accepted Answer

Blocking access to personal email on corporate systems can prevent employees from accessing potentially harmful phishing emails. Updating corporate policy to prohibit access to social media websites can reduce the risk of employees being targeted by phishing attacks through these platforms.

Question 4

A systems administrator is configuring a system that uses data classification labels. Which of the following will the administrator need to implement to enforce access control?

Accepted Answer

Mandatory access control (MAC) is used to enforce access control based on data classification labels, ensuring that access permissions are strictly adhered to according to the classification level.

Question 5

A recent internal audit is forcing a company to review each internal business unit's VMs because the cluster they are installed on is in danger of running out of computer resources. Which of the following vulnerabilities exist?

Accepted Answer

System sprawl refers to the situation where an organization has more systems, such as virtual machines, than it can effectively manage, leading to resource constraints and inefficiencies.

Question 6

A company wants to implement an access management solution that allows employees to use the same usernames and passwords for multiple applications without having to keep multiple credentials synchronized. Which of the following solutions would BEST meet these requirements?

Accepted Answer

Single Sign-On (SSO) allows users to authenticate once and gain access to multiple applications without needing to manage multiple sets of credentials.

Question 7

Ann is the IS manager for several new systems in which the classification of the systems' data are being decided. She is trying to determine the sensitivity level of the data being processed. Which of the following people should she consult to determine the data classification?

Accepted Answer

The data owner is responsible for determining the classification of the data, as they understand the data's value and sensitivity.

Question 8

A security administrator learns that PII, which was gathered by the organization, has been found in an open forum. As a result, several C-level executives found their identities were compromised, and they were victims of a recent whaling attack. Which of the following would prevent these problems in the future? (Select TWO).

Accepted Answer

Implementing an email DLP (Data Loss Prevention) can help prevent sensitive information from being leaked through emails. A spam filter can help prevent phishing and whaling attacks by filtering out malicious emails before they reach the executives.

Question 9

A cybersecurity analyst is looking into the payload of a random packet capture file that was selected for analysis. The analyst notices that an internal host had a socket established with another internal host over a non-standard port. Upon investigation, the origin host that initiated the socket shows this output:  Given the above output, which of the following commands would have established the questionable socket?

Accepted Answer

The answer of A cybersecurity analyst is looking into the...

Question 10

A security technician has been receiving alerts from several servers that indicate load balancers have had a significant increase in traffic. The technician initiates a system scan. The scan results illustrate that the disk space on several servers has reached capacity. The scan also indicates that incoming internet traffic to the servers has increased. Which of the following is the MOST likely cause of the decreased disk space?

Accepted Answer

The answer of A security technician has been receiving alerts...

Question 11

A company wants to ensure confidential data from storage media is sanitized in such a way that the drive cannot be reused. Which of the following method should the technician use?

Accepted Answer

Shredding physically destroys the storage media, ensuring that the data cannot be recovered and the drive cannot be reused.

Question 12

An audit reported has identifies a weakness that could allow unauthorized personnel access to the facility at its main entrance and from there gain access to the network. Which of the following would BEST resolve the vulnerability?

Accepted Answer

A mantrap is a physical security mechanism that controls access to a facility by allowing only one person to enter at a time, thereby preventing unauthorized access.

Question 13

An analyst receives an alert from the SIEM showing an IP address that does not belong to the assigned network can be seen sending packets to the wrong gateway. Which of the following network devices is misconfigured and which of the following should be done to remediate the issue?

Accepted Answer

The router is misconfigured and the correct subnet should be placed on the interface.

Question 14

A software development manager is taking over an existing software development project. The team currently suffers from poor communication due to a long delay between requirements documentation and feature delivery. This gap is resulting in an above average number of security-related bugs making it into production. Which of the following development methodologies is the team MOST likely using now?

Accepted Answer

The Waterfall methodology is characterized by a linear and sequential approach, where each phase must be completed before the next begins. This often leads to long delays between requirements gathering and feature delivery, which can result in communication issues and increased bugs.

Question 15

When performing data acquisition on a workstation, which of the following should be captured based on memory volatility? (Choose two.)

Accepted Answer

RAM and swap/pagefile are both volatile memory, meaning that their contents are lost when the computer is turned off. Therefore, it is important to capture these contents when performing data acquisition on a workstation.

Question 16

An organization is expanding its network team. Currently, it has local accounts on all network devices, but with growth, it wants to move to centrally managed authentication. Which of the following are the BEST solutions for the organization? (Select TWO)

Accepted Answer

TACACS+ and RADIUS are both centralized authentication protocols that can be used to manage network device authentication.

Question 17

A systems administrator has isolated an infected system from the network and terminated the malicious process from executing. Which of the following should the administrator do NEXT according to the incident response process?

Accepted Answer

The answer of A systems administrator has isolated an infected...

Question 18

A security analyst is securing smartphones and laptops for a highly mobile workforce. Priorities include: Remote wipe capabilities Geolocation services Patch management and reporting Mandatory screen locks Ability to require passcodes and pins Ability to require encryption Which of the following would BEST meet these requirements?

Accepted Answer

Implementing Mobile Device Management (MDM) software would best meet these requirements as it provides remote wipe capabilities, geolocation services, patch management, mandatory screen locks, passcode enforcement, and encryption requirements.

Question 19

A systems administrator wants to implement a wireless protocol that will allow the organization to authenticate mobile devices prior to providing the user with a captive portal login. Which of the following should the systems administrator configure?

Accepted Answer

RADIUS generally includes 802.1X that pre-authenticates devices.

Question 20

A security analyst is reviewing the following output from an IPS:  Given this output, which of the following can be concluded? (Choose two.)

Accepted Answer

The answer of A security analyst is reviewing the following...

Exam 15: CompTIA Security+