Filters
Question type
Study Flashcards

The process of passively gathering information prior to launching a cyberattack is called:


A) tailgating.
B) reconnaissance.
C) pharming.
D) prepending.

E) A) and B)
F) None of the above

Correct Answer

verifed

verified

An organization has various applications that contain sensitive data hosted in the cloud. The company's leaders are concerned about lateral movement across applications of different trust levels. Which of the following solutions should the organization implement to address the concern?


A) ISFW
B) UTM
C) SWG
D) CASB

E) None of the above
F) A) and D)

Correct Answer

verifed

verified

Which of the following is the purpose of a risk register?


A) To define the level or risk using probability and likelihood
B) To register the risk with the required regulatory agencies
C) To identify the risk, the risk owner, and the risk measures
D) To formally log the type of risk mitigation strategy the organization is using

E) A) and D)
F) B) and C)

Correct Answer

verifed

verified

In which of the following situations would it be BEST to use a detective control type for mitigation?


A) A company implemented a network load balancer to ensure 99.999% availability of its web application.
B) A company designed a backup solution to increase the chances of restoring services in case of a natural disaster.
C) A company purchased an application-level firewall to isolate traffic between the accounting department and the information technology department.
D) A company purchased an IPS system, but after reviewing the requirements, the appliance was supposed to monitor, not block, any traffic.
E) A company purchased liability insurance for flood protection on all capital assets.

F) A) and B)
G) A) and E)

Correct Answer

verifed

verified

An organization's help desk is flooded with phone calls from users stating they can no longer access certain websites. The help desk escalates the issue to the security team, as these websites were accessible the previous day. The security analysts run the following command: ipconfig /flushdns , but the issue persists. Finally, an analyst changes the DNS server for an impacted machine, and the issue goes away. Which of the following attacks MOST likely occurred on the original DNS server?


A) DNS cache poisoning
B) Domain hijacking
C) Distributed denial-of-service
D) DNS tunneling

E) A) and B)
F) B) and D)

Correct Answer

verifed

verified

A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because the score allows the organization to better:


A) validate the vulnerability exists in the organization's network through penetration testing.
B) research the appropriate mitigation techniques in a vulnerability database.
C) find the software patches that are required to mitigate a vulnerability.
D) prioritize remediation of vulnerabilities based on the possible impact.

E) A) and B)
F) All of the above

Correct Answer

verifed

verified

After reading a security bulletin, a network security manager is concerned that a malicious actor may have breached the network using the same software flaw. The exploit code is publicly available and has been reported as being used against other industries in the same vertical. Which of the following should the network security manager consult FIRST to determine a priority list for forensic review?


A) The vulnerability scan output
B) The IDS logs
C) The full packet capture data
D) The SIEM alerts

E) A) and B)
F) None of the above

Correct Answer

verifed

verified

A security administrator needs to create a RAID configuration that is focused on high read speeds and fault tolerance. It is unlikely that multiple drives will fail simultaneously. Which of the following RAID configurations should the administrator use?


A) RAID 0
B) RAID 1
C) RAID 5
D) RAID 10

E) B) and D)
F) All of the above

Correct Answer

verifed

verified

A development team employs a practice of bringing all the code changes from multiple team members into the same development project through automation. A tool is utilized to validate the code and track source code through version control. Which of the following BEST describes this process?


A) Continuous delivery
B) Continuous integration
C) Continuous validation
D) Continuous monitoring

E) B) and C)
F) A) and D)

Correct Answer

verifed

verified

Showing 121 - 129 of 129

Related Exams

Exam 1

CompTIA A+ Certification Exam: Core 1

471 Questions

Exam 2

CompTIA A+ Certification Exam: Core 2

409 Questions

Exam 3

CompTIA Advanced Security Practitioner (CASP+) CAS-003

442 Questions

Exam 4

CompTIA Advanced Security Practitioner (CASP+) CAS-004

107 Questions

Exam 5

CompTIA Cloud Essentials+

165 Questions

Exam 6

CompTIA CySA+ Certification Exam (CS0-002)

294 Questions

Exam 7

CompTIA Cloud+ (CV0-002)

48 Questions

Exam 8

CompTIA Cloud+

67 Questions

Exam 9

CompTIA IT Fundamentals

387 Questions

Exam 10

CompTIA Network+

829 Questions

Exam 11

CompTIA Project+

540 Questions

Exam 12

CompTIA PenTest+ Certification Exam

165 Questions

Exam 13

CompTIA Server+

66 Questions

Exam 14

CompTIA Server+ Certification Exam

779 Questions

Exam 15

CompTIA Security+

1164 Questions

Exam 17

CompTIA CTT+ Essentials

378 Questions

Exam 18

CompTIA Linux+

252 Questions

Show Answer