Question 1

The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, including during a pandemic or crisis. However, the CEO is concerned that some staff members may take advantage of the flexibility and work from high-risk countries while on holiday or outsource work to a third-party organization in another country. The Chief Information Officer (CIO) believes the company can implement some basic controls to mitigate the majority of the risk. Which of the following would be BEST to mitigate the CEO's concerns? (Choose two.)

Accepted Answer

Geolocation and time-of-day restrictions can help mitigate the CEO's concerns by ensuring that staff members are working from authorized locations and during approved hours.

Question 2

A security analyst is investigating a call from a user regarding one of the websites receiving a 503: Service Unavailable error. The analyst runs a netstat-an command to discover if the web server is up and listening. The analyst receives the following output: TCP 10.1.5.2:80 192.168.2.112:60973 TIME_WAIT TCP 10.1.5.2:80 192.168.2.112:60974 TIME_WAIT TCP 10.1.5.2:80 192.168.2.112:60975 TIME_WAIT TCP 10.1.5.2:80 192.168.2.112:60976 TIME_WAIT TCP 10.1.5.2:80 192.168.2.112:60977 TIME_WAIT TCP 10.1.5.2:80 192.168.2.112:60978 TIME_WAIT Which of the following types of attack is the analyst seeing?

Accepted Answer

The TIME_WAIT state indicates that the server is handling many connections and is likely overwhelmed, which is characteristic of a Denial of Service (DoS) attack.

Question 3

A security technician has been given the task of preserving emails that are potentially involved in a dispute between a company and a contractor. Which of the following BEST describes this forensic concept?

Accepted Answer

A legal hold is a process that ensures that all relevant information is preserved for litigation. It is the best description of the forensic concept of preserving emails for a dispute.

Question 4

A technician is recommending preventive physical security controls for a server room. Which of the following would the technician MOST likely recommend? (Choose two.)

Accepted Answer

The answer of A technician is recommending preventive physical security...

Question 5

A security operations team recently detected a breach of credentials. The team mitigated the risk and followed proper processes to reduce risk. Which of the following processes would BEST help prevent this issue from happening again?

Accepted Answer

Conducting a "lessons learned" session helps the team analyze what went wrong, understand the root cause, and implement measures to prevent similar breaches in the future.

Question 6

An organization is developing its mobile device management policies and procedures and is concerned about vulnerabilities that are associated with sensitive data being saved to a mobile device, as well as weak authentication when using a PIN. As part of some discussions on the topic, several solutions are proposed. Which of the following controls, when required together, will address the protection of data-at-rest as well as strong authentication? (Choose two.)

Accepted Answer

The answer of An organization is developing its mobile device...

Question 7

A company recently installed fingerprint scanners at all entrances to increase the facility's security. The scanners were installed on Monday morning, and by the end of the week it was determined that 1.5% of valid users were denied entry. Which of the following measurements do these users fall under?

Accepted Answer

FRR (False Rejection Rate) refers to the percentage of valid users who are incorrectly denied access by a biometric system, which matches the scenario described.

Question 8

Which of the following is the MOST significant difference between intrusive and non-intrusive vulnerability scanning?

Accepted Answer

Intrusive vulnerability scanning actively interacts with the system, potentially disrupting operations, while non-intrusive scanning is passive and less likely to cause disruptions.

Question 9

During a risk assessment, results show that a fire in one of the company's datacenters could cost up to $20 million in equipment damages and lost revenue. As a result, the company insures the datacenter for up to $20 million damages for the cost of $30,000 a year. Which of the following risk response techniques has the company chosen?

Accepted Answer

The company has chosen transference as the risk response technique by purchasing insurance to transfer the financial risk of a fire to the insurance company.

Question 10

A salesperson often uses a USB drive to save and move files from a corporate laptop. The coprorate laptop was recently updated, and now the files on the USB are read-only. Which of the following was recently added to the laptop?

Accepted Answer

Data Loss Prevention (DLP) software could have been added to the laptop, which can enforce policies that make files on external drives read-only to prevent data exfiltration.

Question 11

A small retail business has a local store and a newly established and growing online storefront. A recent storm caused a power outage to the business and the local ISP, resulting in several hours of lost sales and delayed order processing. The business owner now needs to ensure two things: Protection from power outages Always-available connectivity in case of an outage The owner has decided to implement battery backups for the computer equipment. Which of the following would BEST fulfill the owner's second need?

Accepted Answer

Purchasing services from a cloud provider for high availability ensures that the online storefront remains accessible even if local connectivity is lost, as cloud providers typically have redundant systems and multiple data centers to maintain service availability.

Question 12

A systems administrator needs to install the same X.509 certificate on multiple servers. Which of the following should the administrator use?

Accepted Answer

The answer of A systems administrator needs to install the...

Question 13

Using an ROT13 cipher to protect confidential information for unauthorized access is known as:

Accepted Answer

ROT13 is a simple letter substitution cipher that is used to obfuscate text, making it harder to read without actually encrypting it securely.

Question 14

Which of the following is an example of resource exhaustion?

Accepted Answer

Resource exhaustion occurs when a system's resources are depleted, such as when a penetration tester requests every available IP address from a DHCP server, exhausting its IP address pool.

Question 15

A forensics analyst is investigating a hard drive for evidence of suspected illegal activity. Which of the following should the analyst do FIRST?

Accepted Answer

Creating a hash of the hard drive should be done first to ensure data integrity and to provide a baseline for verifying that the data has not been altered during the investigation.

Question 16

Which of the following policies would help an organization identify and mitigate potential single points of failure in the company's IT/security operations?

Accepted Answer

Separation of duties helps ensure that no single individual has control over all aspects of any critical process, reducing the risk of a single point of failure.

Question 17

A technician has installed a new AAA server, which will be used by the network team to control access to a company's routers and switches. The technician completes the configuration by adding the network team members to the NETWORK_TEAM group, and then adding the NETWORK_TEAM group to the appropriate ALLOW_ACCESS access list. Only members of the network team should have access to the company's routers and switches.  Members of the network team successfully test their ability to log on to various network devices configured to use the AAA server. Weeks later, an auditor asks to review the following access log sample:  Which of the following should the auditor recommend based on the above information?

Accepted Answer

The answer of A technician has installed a new AAA...

Question 18

A recent penetration test revealed several issues with a public-facing website used by customers. The testers were able to: Enter long lines of code and special characters Crash the system Gain unauthorized access to the internal application server Map the internal network The development team has stated they will need to rewrite a significant portion of the code used, and it will take more than a year to deliver the finished product. Which of the following would be the BEST solution to introduce in the interim?

Accepted Answer

The answer of A recent penetration test revealed several issues...

Question 19

The application team within a company is asking the security team to investigate why its application is slow after an upgrade. The source of the team's application is 10.13.136.9, and the destination IP is 10.17.36.5. The security analyst pulls the logs from the endpoint security software but sees nothing is being blocked. The analyst then looks at the UTM firewall logs and sees the following:  Which of the following should the security analyst request NEXT based on the UTM firewall analysis?

Accepted Answer

The answer of The application team within a company is...

Question 20

A systems administrator needs to configure an SSL remote access VPN according to the following organizational guidelines: The VPN must support encryption of header and payload. The VPN must route all traffic through the company's gateway. Which of the following should be configured on the VPN concentrator?

Accepted Answer

The answer of A systems administrator needs to configure an...

Exam 15: CompTIA Security+