淘宝店铺:https://shop63989109.taobao.com/ SY0-601 CompTIA Security+ 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #1 A user is attempting to navigate to a website from inside the company network using a desktop. When the user types in the URL, https://www.site.com, the user is presented with a certi cate mismatch warning from the browser. The user does not receive a warning when visiting http://www.anothersite.com. Which of the following describes this attack? on-path attack 路徑攻擊 A. On-path B. Domain hijacking 域名劫持 C. DNS poisoning DNS投毒 D. Evil twin 店 店 铺 Correct Answer: B 铺 ; ; 学 学 习 Community vote distribution Highly Voted 小 店 66 C (63%) comeragh 习 小 店 B (25%) 8% 66 1 year ago Selected Answer: C I would go with C/DNS poisoning here. upvoted 24 times SolventCourseisSCAM Highly Voted 11 months, 2 weeks ago C is the correct answer. By the way, there is a course in north carolina and they are receiving $4000 in advance and showing you 6-hour prerecorded videos every saturday. There is no human intervention and no update over time. They are lying and giving you fake promises before signing up to course and then there is no contact after you became member. Be careful because they are completely SCAMMER. upvoted 17 times Skymaster8182 Most Recent 2 weeks, 1 day ago Domain hijacking will not necessarily cause a "Certificate Mismatch" so the Answer should DEFINITELY be "C" DNS Poisoning. Hijacking can just be as simple as "You know the User / Password" to Log into the Website to edit it which alone won't necessarily cause a "Mismatch Certificate". With DNS Poisoning you are actually Compromising the Website which trigger a "Certificate Mismatch" to prompt. I honestly people would put MORE effort into explaining why an answer is right or wrong vs saying what the answer is. upvoted 2 times sirpetey 2 weeks, 2 days ago Selected Answer: C "presented with a certificate mismatch warning" Is the key term, which means that the website is taking the user to another website (DNS poisoning) upvoted 1 times HCM1985 3 weeks, 5 days ago I don't know. This question is kinda of weird, specially because the second URL is http, not https, therefore it would NEVER give a warning. If I assume that there could be some typos in it (like the second URL is https and the address is another.site.com) then I would probably go with C, but how it is written it could be either A, B or C (more likely B or C). upvoted 3 times ebukiba 1 month ago 店 店 铺 铺attack. DNS poisoning is a form of DNS The correct answer is "C - DNS poisoning". In this scenario, the user is experiencing a DNS poisoning ; ; website. In this case, the attacker has attack where an attacker 学 modifies the DNS records of a website in an attempt to redirect users to a malicious 学 习 for "www.site.com", causing the user's browser to display a certificate mismatch 习 Meanwhile, the attacker has poisoned the DNS records warning. 小 小 not poisoned the records for "www.anothersite.com", so the user can still access that website without issue. 店 店 upvoted 3 times 66 66 Selected Answer: C sarah2023 1 month, 1 week ago Selected Answer: C C DNS poisoning upvoted 2 times awasthi21 1 month, 2 weeks ago Selected Answer: C I would go with C, fake website by hacker injecting DNS of his own. upvoted 3 times kintis8804 1 month, 2 weeks ago should I study the community answer or the right answer? upvoted 3 times MostofMichelle 1 month ago 淘宝店铺:https://shop63989109.taobao.com/ community answer. The answers on the test are wrong on purpose for copyright reasons. upvoted 5 times RevolutionaryAct 1 month, 2 weeks ago Selected Answer: B The answer is B Domain Hijack because the question discusses certificates. If it was a DNS poisoning (affects your system) then it'd be cache related or ARP, but since it is certificates with one working and one not then it is a hijacking of site.com https://www.malwarebytes.com/cybersecurity/business/what-is-dnshijacking#:~:text=DNS%20hijacking%20and%20DNS%20cache,actors%20corrupt%20the%20DNS%20cache. upvoted 6 times RevolutionaryAct 1 month, 2 weeks ago The answer is B Domain Hijack because the question discusses certificates. If it was a DNS poisoning (affects your system) then it'd be cache related or ARP, but since it is certificates with one working and one not then it is a hijacking of site.com 店 铺 店 铺 ; ; https://www.malwarebytes.com/cybersecurity/business/what-is-dns学 学 习 习 hijacking#:~:text=DNS%20hijacking%20and%20DNS%20cache,actors%20corrupt%20the%20DNS%20cache. 小 小 upvoted 3 times 店 店 66 66 Faisel 1 month, 3 weeks ago Selected Answer: D Answe is D, Explanation: DNS poisoning is the attack where the attacker manipulate the DNS to redirect users to another website ( malicious website ). upvoted 1 times Faisel 1 month, 3 weeks ago Sorry answer is C upvoted 2 times Cubicalplayer 1 month, 3 weeks ago Confirmed with my instructor it is indeed C./DNS poisoning. I thought personally it was DNS hijacking (which is more of like stealing a deed and turns into a civil matter basically, think Ozark on Netflix when Marty stole the deed for the strip club basically making him the owner) upvoted 2 times Protract8593 2 months ago ChatGPT's answer (as of 7/22/2023): Based on the provided information, the most likely attack described is C. DNS poisoning (also known as DNS spoofing). DNS poisoning occurs when an attacker maliciously modifies the DNS (Domain Name System) records to redirect users to fake or unauthorized websites. In this case, the user is attempting to navigate to "https://www.site.com," but the browser presents a certificate mismatch warning. This warning indicates that the SSL/TLS certificate presented by the website does not match the expected certificate for "www.site.com," which suggests that the user might have been redirected to a different, potentially malicious, website. On the other hand, "http://www.anothersite.com" does not trigger the certificate mismatch warning, likely because the connection is not encrypted using SSL/TLS (no "https"), so there's no certificate exchange involved. This suggests that the user might be accessing the real "http://www.anothersite.com." So, in this scenario, the most suitable answer is C. DNS poisoning. upvoted 2 times Faisel 2 months, 1 week ago DNS Poisoning is the answer (c) upvoted 1 times 店 铺 reverse01 3 months ago ; The answer is B. Domain 学 Hijacking. 习 upvoted 1 times 小 店 1 week ago ApplebeesWaiter1122 3 months, 66 店 铺 ; 学 习 小 店 66 Selected Answer: C The scenario describes a situation where the user is presented with a certificate mismatch warning when trying to access a website using HTTPS. This could indicate that the DNS resolution for the website has been manipulated, leading to the user being redirected to a different IP address or server controlled by an attacker. This type of attack is known as DNS poisoning, where the attacker maliciously modifies the DNS records to redirect users to fraudulent or malicious websites. upvoted 3 times 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #2 Which of the following tools is effective in preventing a user from accessing unauthorized removable media? A. USB data blocker B. Faraday cage C. Proximity reader D. Cable lock Correct Answer: A 店 店 铺 Community vote distribution ; 学 习 铺 ; 学 习 A (100%) 小 小 店 stoneface 店 66 Highly Voted 66 1 year ago Selected Answer: A USB data blocker -> A USB data blocker, also known as a “USB condom” (really, no kidding!), is a device that allows you to plug into USB charging ports including charging kiosks, and USB ports on gadgets owned by other people. The main purpose of using one is to eliminate the risk of infecting your phone or tablet with malware, and even prevent hackers to install/execute any malicious code to access your data. upvoted 14 times i_luv_stoneface 7 months, 1 week ago do u wear condom upvoted 6 times comeragh Highly Voted 1 year ago Selected Answer: A A is the only reasonable answer here I believe upvoted 10 times ebukiba Most Recent 1 month ago A is correct. upvoted 2 times D111111 1 month, 1 week ago Guys, I must say, if you browse all 600 questions that are attached to this site and listen to the community dialogue you'll pass easily. With no base I went in four days from clueless to passing, just follow the discussions and you'll do fine. upvoted 6 times sarah2023 1 month, 1 week ago A usb data blocker upvoted 1 times Protract8593 2 months ago 店 铺 Selected Answer: A ; ChatGPT answer as of 7/22/2023: 学 店 习 preventing a user from accessing unauthorized removable media is: The tool that is effective in 小 店 66 A. USB data blocker 铺 ; 学 习 小 店 66 A USB data blocker, also known as a USB data isolator or USB condom, is a hardware device that blocks data transfer between a USB port and a USB device while still allowing power to flow through. It is commonly used to protect against potential threats from public charging stations or untrusted USB ports, where unauthorized data transfer or malware infection could occur. By using a USB data blocker, users can charge their devices safely without risking data theft or unauthorized access to their removable media. The other options listed (B. Faraday cage, C. Proximity reader, D. Cable lock) are not specifically designed to prevent access to unauthorized removable media. So, the correct answer is A. USB data blocker. upvoted 1 times Faisel 2 months, 1 week ago Selected Answer: A A for sure 淘宝店铺:https://shop63989109.taobao.com/ upvoted 1 times reverse01 3 months ago USB Blocker. The answer is A. upvoted 1 times ApplebeesWaiter1122 3 months, 1 week ago Selected Answer: A The most effective tool among the options listed for preventing a user from accessing unauthorized removable media is a USB data blocker. A USB data blocker, also known as a USB condom or USB defender, is a small device that blocks data transfer while allowing charging capabilities. It achieves this by disabling the data pins in a USB connection, preventing any data exchange between the device and the computer. This prevents the risk of malware infection or unauthorized data transfer when connecting to unknown or potentially compromised USB devices. upvoted 1 times CyberMrT 5 months ago 店 铺 A is correct 店 铺 Selected Answer: A ; ; 学 学 习 upvoted 1 times 习 小 小 店 mosher21 5 months, 1 week ago 店 Selected Answer: A 66 66 The question wording makes no sense at all but considering options it can only be A. upvoted 2 times leobro 5 months, 1 week ago Selected Answer: A I go with A upvoted 1 times NoSoyCerebrito 5 months, 3 weeks ago Selected Answer: A A. USB data blocker upvoted 1 times princajen 6 months, 2 weeks ago Selected Answer: A A. USB data blocker upvoted 1 times Ahmed_aldouky 7 months ago Selected Answer: A A is only logical answer in the potions . upvoted 1 times YoungNoble 7 months ago Per question A is the right Answer upvoted 1 times Proctored_Expert 9 months, 1 week ago Selected Answer: A One tool that is effective in preventing a user from accessing unauthorized removable media is a USB data blocker. A USB data blocker is a device that is designed to block data transfer between a USB device and a computer, while still allowing power to flow through the connection. This can be useful in preventing users from accessing unauthorized removable media, such as USB drives, external hard drives, and other types of storage devices. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #3 擴展性 靈活性 A Chief Security O cer is looking for a solution that can provide increased scalability and exibility for back-end infrastructure, allowing it to be updated and modi ed without disruption to services. The security architect would like the solution selected to reduce the back-end server resources and has highlighted that session persistence is not important for the applications running on the back-end servers. Which of the following would BEST meet the requirements? A. Reverse proxy 反向代理 B. Automated patch management C. Snapshots 店 店 铺 D. NIC teaming 铺 ; ; 学 学 习 习 小 Correct Answer: C 店 66 Community vote distribution A (94%) ender1701 小 店 Highly Voted 66 6% 1 year ago Selected Answer: A I'm not sure who the "expert verifier" is for some of these answers, but there are multiple questions that have the wrong answer selected, such as this question being labeled as answer "C", when the real answer is "A". A snapshot doesn't do anything listed in the question, it's just a snap of the state of a server at a specific time, used to restore from backup. I advise all participants on this site to check your answers. upvoted 36 times BholroBadsha 5 days, 18 hours ago Thanks man , i was upset for most of my answers getting wrong , even questions are very odd. upvoted 1 times ronah 11 months, 2 weeks ago here is the thing about this website. the comptia allow these sites as long they don't give the right answer. This is the only place people made a comment or argue their answer. AND it does help you to search also the right answer. Where on earth do you get a questions like these? upvoted 33 times Ribeiro19 Highly Voted 1 year ago Selected Answer: A its the way to distribute load across different servers, at the same time you can remove from the cluster each server that you want to update. upvoted 20 times Papee 11 months, 1 week ago why this is not NIC Teaming ? Any body with a better explanation upvoted 2 times Mercious 8 months, 1 week ago They're looking for ways to provide increased scalability and flexibility for back-end infrastructure, not availability or fault tolerance. NIC Teaming does not provide increased scalability and flexibility. upvoted 4 times 店 店 铺 NIC Teaming speed ; combines the throughput of 2 or more network adapters to provide a higher 铺 ;than a single connection. This would help 学the speed, but the requirements between the CSO and architect were increase scalability, 学 increase flexibility, allowed to with increasing 习 习 insignificant for the backend make changes without service disruption, reduce back-end server resources, and session persistence being 小 applications. Since increased 店 speed is not a requirement, NIC Teaming would NOT be the correct answer.小店 66 66 upvoted 7 times nerdboy1992 9 months, 2 weeks ago Joe1984 1 year ago Agreed answer is A upvoted 5 times Qinin Most Recent 2 weeks, 5 days ago Selected Answer: A Answer:A upvoted 1 times david124 4 weeks ago Selected Answer: A Based on the requirements provided, a Reverse Proxy would be the best choice to meet the objectives of both the Chief Security Officer and the security architect. Here's a breakdown of why each option may or may not suit your needs: 淘宝店铺:https://shop63989109.taobao.com/ A. Reverse Proxy: Increased Scalability: Reverse proxies can distribute incoming requests to various back-end servers, improving scalability and ensuring high availability. Flexibility for Updates: Since the reverse proxy handles client requests, backend servers can be taken down for maintenance or updates without causing service disruption. Reduced Server Resources: By caching content and offloading SSL termination, reverse proxies can reduce the load on back-end servers. Session Persistence Not Important: A reverse proxy can operate without needing to maintain session persistence, aligning with your requirement. upvoted 4 times ebukiba 1 month ago A is correct upvoted 1 times 店 店 铺 铺 ; ; 学 学 CharlieHope1Pass 1 month, 2 weeks ago 习 习 A is defo the answer! I have no clue how a snap is going to do anything! upvoted 1 times 小 小 店 店 66 Protract8593 2 months ago 66 Selected Answer: A A reverse proxy acts as an intermediary server between clients and back-end servers. It receives requests from clients, forwards those requests to the appropriate back-end servers, and then sends the responses back to the clients. Reverse proxies are often used for load balancing, security, and improving performance. 1. Increased scalability and flexibility: Reverse proxies can distribute client requests across multiple back-end servers, providing increased scalability. They also allow for easier modification and updating of the back-end infrastructure without disrupting services, as changes can be made to the back-end servers without affecting the clients directly. 2. Reduced back-end server resources: By distributing client requests across multiple back-end servers, a reverse proxy can balance the load, reducing the burden on individual back-end servers and optimizing resource utilization. 3. Session persistence not important: In some scenarios, session persistence is critical to maintain user state across requests. However, in this case, session persistence is explicitly stated as not important. This means the reverse proxy doesn't need to manage sticky sessions, further simplifying the setup. upvoted 8 times david124 2 months, 2 weeks ago A reverse proxy would be the best solution for increased scalability and flexibility for back-end infrastructure. Explanation: Correct option Because a reverse proxy can give enhanced scalability and flexibility for back-end infrastructure . upvoted 1 times reverse01 3 months ago I would go with C, snapshots, can provide increased scalability and flexibility for back-end infrastructure while reducing back-end server resources. By taking snapshots of the server's state, you can capture a point-in-time image of the server configuration, which can be easily restored if any modifications or updates cause disruptions. Snapshots can also be used for rapid deployment of new server instances, as well as for testing and development purposes. They allow you to quickly spin up new instances based on the captured snapshot, reducing the time and resources required for provisioning new servers. upvoted 1 times Kraken84 1 month, 3 weeks ago uh, no upvoted 1 times 店 铺 ApplebeesWaiter1122 3 months, 1 week ago ; Selected Answer: A 学 店 铺 ; 学 习 习 A reverse proxy would be the best solution to meet the requirements described. A reverse proxy sits between the clients and the back-end servers, handling client requests on behalf of the servers. It provides increased scalability and flexibility by allowing the back-end infrastructure to be updated and modified without disruption to services. The reverse proxy can distribute client requests across multiple back-end servers, reducing the resource load on individual servers. Since session persistence is not important for the applications running on the back-end servers, the reverse proxy can handle the requests in a load-balanced manner without the need for session affinity. This allows for better resource utilization and flexibility in managing the back-end infrastructure. upvoted 2 times 小 店 66 小 店 66 Gaurabdon 4 months ago Selected Answer: A The answer is without a doubt A. That is what reverse proxy is for. It takes the burdens out of the backend by load balancing and SSL termination off the client devices. upvoted 2 times BevMe 5 months, 3 weeks ago Selected Answer: A In this context, scalability refers to the ability of a system to handle increasing levels of traffic or workload. Flexibility, on the other hand, refers to the ability of a system to adapt to changing requirements or circumstances with minimal disruption to 淘宝店铺:https://shop63989109.taobao.com/ services. By using a reverse proxy, the back-end servers can be updated or modified without disrupting services, as the proxy can redirect requests to different servers as needed. upvoted 2 times Hiattech 5 months, 3 weeks ago Selected Answer: A Snapshots make no sense as the answer. They are literally only there to restore data if need be. This doesn't help as the solution for this in the least. upvoted 3 times princajen 6 months, 2 weeks ago Selected Answer: A A. Reverse proxy. 店 店 铺 A reverse proxy is a type of server that sits in front of back-end servers and directs client requests 铺 to those servers. It can provide increased ; ; modified without disrupting services. A scalability and flexibility for back-end infrastructure by allowing the back-end servers to be updated and 学 学 习 it from the cache instead of the reverse proxy can also习 reduce the back-end server resources by caching frequently requested content and serving 小 小 back-end servers. 店 店 66 66 upvoted 6 times attesco 6 months, 2 weeks ago Selected Answer: C I strongly believe the right answer is C. Because the snapshot takes the configuration of the server and compares it with the other backend servers to ensure that there is no mistakes upvoted 1 times Samo1 6 months, 4 weeks ago Selected Answer: A The option that would BEST meet the Chief Security Officer's requirements is A. Reverse proxy. upvoted 1 times jim0thy 7 months ago Selected Answer: A For a kick off, none of the other answers make any sense in this context. A RP will allow users to connect to a single point (the RP itself) which in turn serves a number of back end servers. As the need to scale up or take a server down for patching\other reason occurs you just add or remove a server from the pool of servers behind the RP. The other three have nothing to do with the question being asked. upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #4 Which of the following describes a social engineering technique that seeks to exploit a person's sense of urgency? A. A phishing email stating a cash settlement has been awarded but will expire soon B. A smishing message stating a package is scheduled for pickup C. A vishing call that requests a donation be made to a local charity D. A SPIM noti cation claiming to be undercover law enforcement investigating a cybercrime Correct Answer: C 店 店 铺 Community vote distribution ; 学 A (93%) 习 小 店 Joe1984 铺 ; 学 习 6% 小 店 66 Highly Voted 66 1 year ago Selected Answer: A Answer is A upvoted 30 times derfnick Highly Voted 1 year ago Selected Answer: A Because of the part "will expire soon" upvoted 19 times LO353 Most Recent 6 days, 19 hours ago A is the answer upvoted 1 times Buddada 1 week, 4 days ago Selected Answer: A A is a better example of urgency upvoted 1 times Qinin 2 weeks, 5 days ago Selected Answer: A Answer is A upvoted 1 times malibi 3 weeks, 6 days ago Selected Answer: A because of the word expiring soon upvoted 1 times scorpion_king149 3 weeks, 6 days ago Selected Answer: A How is it C? This question is common sense upvoted 1 times 店 铺 ; 5 days, 17 hours ago BholroBadsha 学 习wrong on this website. many of answers are 小 店 upvoted 1 times 66 ebukiba 1 month ago A is correct. upvoted 1 times CharlieHope1Pass 1 month, 2 weeks ago Selected Answer: A A. A charity asking for money via phone??? Who verifies these questions??? upvoted 2 times K3nz0420 1 month, 2 weeks ago A is correct here upvoted 2 times Rider2053 1 month, 3 weeks ago 店 铺 ; 学 习 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ A is Corre8ct8 upvoted 2 times MyBJ 2 months ago A phone call is immediately connected and the recipient may not see the email for a while. If an email is really urgent, a phone call followup is expected. This suggests that the correct answer is C. upvoted 2 times tch3m4rc10 2 months ago Selected Answer: A For me is this. upvoted 1 times Protract8593 2 months ago 店 店 铺 铺 awarded a cash settlement. However, the This technique ; is designed to create a sense of urgency in the recipient by claiming that they have been 学the settlement will expire soon, putting pressure on the recipient to act quickly.; email also warns that The学 attacker hopes that the urgency will 习 习 without carefully verifying the override the recipient's normal caution, leading them to click on malicious links or provide sensitive information小 小 authenticity of the email. 店 店 66 66 Selected Answer: A Option C (A vishing call that requests a donation be made to a local charity) involves social engineering through voice communication (voice phishing). While it might create a sense of importance or appeal to the recipient's emotions to encourage a donation, it doesn't specifically exploit a person's sense of urgency as described in Option A. Therefore, the correct answer is A. A phishing email stating a cash settlement has been awarded but will expire soon. upvoted 1 times ApplebeesWaiter1122 3 months, 1 week ago Selected Answer: A The social engineering technique that seeks to exploit a person's sense of urgency is described in option A. By stating that a cash settlement has been awarded but will expire soon, the attacker creates a sense of urgency and tries to manipulate the recipient into taking immediate action without thoroughly considering the authenticity or legitimacy of the email. This technique aims to pressure the target into making a hasty decision or divulging sensitive information. upvoted 2 times Faraz73 4 months ago The fastest way to reach someone is via calling them. Not email. Notice all anwers are correctly stated. In that a phishing attack is via an email, a vishing attack does involve the phone system etc. That was a clue. upvoted 1 times T1zone 4 months ago Selected Answer: A answer is a upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #5 A security analyst is reviewing application logs to determine the source of a breach and locates the following log: https://www.comptia.com/login.php?id='%20or%20'1'1='1 Which of the following has been observed? A. DLL Injection B. API attack C. SQLi D. XSS 店 店 铺 铺 ; ; 学 Correct Answer: C 学 习 Community vote distribution 习 小 小 店 店 66 66 C (100%) Joe1984 Highly Voted 1 year ago Selected Answer: C 1=1 is true. SQL injection upvoted 16 times Proctored_Expert Highly Voted 9 months, 1 week ago Selected Answer: C SQLi (SQL injection) has been observed. SQL injection is a type of cyber attack that involves injecting malicious code into a database through a vulnerable web application. The malicious code is typically designed to manipulate or extract data from the database, allowing the attacker to gain unauthorized access to sensitive information. The log provided in the question appears to be a URL for a login page, with a string of text appended to the end. This string includes the text "or '1'1='1", which is a common syntax used in SQL injection attacks. This indicates that an SQL injection attack may have been attempted or successfully carried out against the website. upvoted 12 times ebukiba Most Recent 1 month ago c is correct upvoted 1 times darkhat 2 months ago SQL Injection is a type of cybersecurity attack where an attacker injects malicious SQL code into a web application's input fields to manipulate the application's database. In this case, the URL parameter "id" is being manipulated with the input "' or '1'1='1". upvoted 1 times Protract8593 2 months ago Selected Answer: C The observed log indicates a potential SQL injection (SQLi) attack. SQL injection is a type of cyberattack where an attacker manipulates the input of a web application to execute malicious SQL queries. In the given log, the URL parameter "id" seems to be vulnerable to SQL injection as it includes the payload "' or '1'1='1". This payload is a classic technique used in SQL injection to make the application's query always evaluate to true, which can lead to unauthorized access or data leakage. 店 店 铺 ; 学 习 Let's break down the payload: 小 店 66 be used to terminate the intended query. The single quote ' after "id=" might The "or" keyword is then used to introduce a new condition. "1'1='1" is a condition that always evaluates to true. In SQL, '1'='1' is always true. 铺 ; 学 习 小 店 66 By appending this payload to the URL parameter "id," the attacker might be attempting to trick the application's database into returning data that it shouldn't, potentially bypassing authentication mechanisms or accessing sensitive information. Therefore, the correct answer is C. SQLi. upvoted 1 times reverse01 3 months ago A big C. SQLi stands for SQL Injection. It is a type of web security vulnerability that occurs when an attacker is able to inject malicious SQL code into a web application's database query. This can happen when the application does not properly validate or sanitize user-supplied input before using it in SQL queries. upvoted 1 times ApplebeesWaiter1122 3 months, 1 week ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: C The provided log entry indicates a potential SQL injection (SQLi) attack. In SQLi attacks, an attacker injects malicious SQL code into an application's database query to manipulate or bypass the intended query logic. In this case, the presence of the "or '1'1='1" payload suggests an attempt to bypass authentication or authorization checks by injecting a condition that always evaluates to true. This type of attack can allow unauthorized access to sensitive data or perform unauthorized actions within the application's database. upvoted 1 times Hiattech 5 months, 3 weeks ago Selected Answer: C SQL Injection Attack upvoted 1 times ApplebeesWaiter1122 7 months, 2 weeks ago 店 店 Selected Answer: C 铺 Correct answer is C upvoted 2 times 铺 ; 学 习 小 4 weeks ago DALLASCOWBOYS 7 months, 店 66 C. '1'1=1 indicator i=of an SQL injection ; 学 习 小 店 66 upvoted 2 times xxxdolorxxx 8 months, 1 week ago Selected Answer: C I vote for C upvoted 1 times sauna28 9 months, 2 weeks ago Selected Answer: C 1=1 is SQL INJECTION upvoted 1 times BillHealy 11 months, 2 weeks ago Selected Answer: C Sql injection attempt upvoted 1 times DCrest 1 year ago In an SQL injection attack, when a hacker enters " ' or 1 = 1 - - " in the user name and password field, why does this result in a successful login? 3 answers · 16 votes: The server interprets everything after the “—” as a comment, so ignores it. upvoted 4 times comeragh 1 year ago Selected Answer: C SQL injection for sure agreed. upvoted 3 times stoneface 1 year ago 店 店 铺 SQL Injection (SQLi) is a type of an injection attack that makes it possible to execute malicious SQL铺 statements. These statements control a ; a web application. Attackers can use SQL Injection vulnerabilities to bypass application ; database server behind 学 学 security measures. 习 习 upvoted 2 times 小 小 店 店 Ribeiro19 1 year ago 66 66 Selected Answer: C Selected Answer: C reason id='%20or%20'1'1='1 upvoted 2 times 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #6 An audit identi ed PII being utilized in the development environment of a critical application. The Chief Privacy O cer (CPO) is adamant that this data must be removed; however, the developers are concerned that without real data they cannot perform functionality tests and search for speci c data. Which of the following should a security professional implement to BEST satisfy both the CPO's and the development team's requirements? A. Data anonymization B. Data encryption C. Data masking 店 店 铺 铺 D. Data tokenization ; ; 学 学 习 习 小 Correct Answer: A 店 66 Community vote distribution A (50%) Boogie_79 小 店 66 C (48%) Highly Voted 1 year ago Selected Answer: A Data anonymization is the alteration process of personally identifiable information (PII) in a dataset, to protect individual identification. This way the data can be used and still be protected. upvoted 28 times TinyTrexArmz 8 months ago I agree this is the right answer in this case because Data Masking would not allow them to search for specific data results. BUT as a protector of privacy you should be careful when implementing this solution as it takes a certain amount of data to truly make it to where a data analyst cannot figure out individuals. (Source: My partner is a data analyst and she has to approve the use of anonymized data before it can be used for testing such as this) upvoted 2 times ThreeKings 5 months, 2 weeks ago That makes sense to an extent, but the answer would be more helpful and complete if it could be known how the data analyst handles requests for data that is masked. upvoted 1 times Proctored_Expert Highly Voted 9 months, 1 week ago Selected Answer: C Data masking would best satisfy both the CPO's and the development team's requirements. Data masking is a technique for obscuring sensitive data in a database or other data store, while still preserving the structure and format of the data. Data masking can be used to protect personally identifiable information (PII) or other sensitive data from being accessed or exposed in the development environment. In this case, the CPO is concerned about PII being utilized in the development environment, and is adamant that it must be removed. At the same time, the development team needs real data in order to perform functionality tests and search for specific data. Data masking would allow the CPO's requirement to be satisfied, while still providing the development team with real data to work with. upvoted 18 times 店 scorpion_king149 3 weeks, 6 days ago 铺 ; 店 铺 ; Data masking involves replacing sensitive data with fictional or scrambled data. While this could address the CPO's concerns, the development team's need for real data to perform functionality tests might not be met. 学 学 习 习 小 店 小 店 Data anonymization strikes a balance between privacy and functionality, making it the most suitable option in this scenario. upvoted 1 times 66 66 CS3000 3 weeks, 6 days ago I'm going to piggyback off this comment to explain in more detail WHY data masking is truly the answer! Let's compare data masking vs data anonymization! Data anonymization: - Generalization of data (reducing the level of detail in the data) - Aggregation (combining the data into groups to prevent identification [total sales per region]) - Randomization (adding noise to individual records to make them indistinguishable) - Suppression (removing certain columns or data points that could lead to identification) Data Masking: - Substitution (replacing original data with fake but structurally similar [henry ford -> john doe] - Shuffling (reordering the data in a column to break any connections between original values) - Encryption & decryption - Tokenization 淘宝店铺:https://shop63989109.taobao.com/ Data masking is combining the ability to hide the data, anonymize it, encrypt & decrypt and also the ability to tokenize it! Open to discussion! upvoted 2 times freyprey 4 days, 16 hours ago Most Recent Selected Answer: C The answer is masking !! ,, Ensuring full anonymization and preserving the utility of data for analysis is usually very difficult " from COmptia Student Guide upvoted 1 times B_Dub 2 weeks, 3 days ago Selected Answer: A According to the All-In-One CompTIA Security+ Exam SYO-601 Exam Guide: Sixth Edition, the definition of Data Anonymization includes “Separating the PII elements” and “retains the usefulness of the data”. In this case, it seems to best satisfy CPO’s requirement that PII be removed and the developers’ requirement that they have useful data. _____________________________________________________________________ Question text for reference: An audit identified PII being utilized in the development environment of a critical application. The Chief Privacy Officer (CPO) is adamant that this data must be removed; however, the developers are concerned that without real data they cannot perform functionality tests and search for specific data. Which of the following should a security professional implement to BEST satisfy both the CPO's and the development team's requirements? upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 66 CCNPsec 2 weeks, 3 days ago C. Data masking Data masking is a technique that involves replacing sensitive or personally identifiable information (PII) with fictional or scrambled data while maintaining the data's format and structure. This allows developers to perform functionality tests and search for specific data without exposing sensitive information. Data anonymization (option A), data encryption (option B), and data tokenization (option D) also play essential roles in data security, but they may not fully satisfy the requirements in this context. Anonymization typically involves irreversibly de-identifying data, making it challenging to perform certain types of tests. Encryption secures data, but it doesn't allow for meaningful testing with the original data. Tokenization is a method of replacing sensitive data with tokens, but it may not preserve the data's format and structure, making it less suitable for testing purposes. Data masking strikes a balance by allowing testing while protecting sensitive information. upvoted 1 times Ayind3 3 weeks, 4 days ago Why is nobody talking about the CPO's explicit request to REMOVE data, not anonymize or mask. I'll go with Tokenization. Tokenization, when applied to data security, is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token, that has no intrinsic or exploitable meaning or value. The token is a reference (i.e. identifier) that maps back to the sensitive data through a tokenization system. Replacing live data with tokens in systems is intended to minimize exposure of sensitive data to those applications, stores, people and processes, reducing risk of compromise or accidental exposure and unauthorized access to sensitive data. upvoted 1 times algiggio90 3 weeks, 4 days ago Selected Answer: C El lo correcto upvoted 1 times axexkil 3 weeks, 5 days ago Selected Answer: C Data masking upvoted 2 times 店 店 铺 铺 je123 1 month, 1 week ago ; Selected Answer: A ; 学 学 习 习 小 小 546. An audit identified PII being utilized in the development environment of a critical application. The Chief Privacy Officer (CPO) is adamant that this data must be removed; however, the developers are concerned that without real data they cannot perform functionality tests and search for specific data. Which of the following should a security professional implement to best satisfy both the CPO's and the development team's requirements? A. Data purge B. Data encryption C. Data masking D. Data tokenization 店 66 店 66 Just putting it out there that theres a variation of this question, where data anonymization is not one of the choice. But still, based on my understanding of Data anonymization and Data masking, I would think that data anonymization is the more accurate answer (i.e. replacing actual data with fictitious data, but retaining the format and structure of the actual data) upvoted 1 times je123 1 month ago similar question came out in the test. in fact 2 qns. exact questions from this examtopic test bank that were used in the actual test for my case was probably about 30~40%%. remaining 70~60% of the questions werent from this 613 questions. that said, your ability to answer the questions 淘宝店铺:https://shop63989109.taobao.com/ here, and knowing if chatgpt's response is not right, will be a good gauge whether you are able to pass the actual test. upvoted 2 times Dark_Tarantula 1 month, 1 week ago Selected Answer: C Data masking is a way to create a fake, but a realistic version of your organizational data. Options like data anonymization and data tokenization might not be as suitable in this case. Data anonymization typically involves stripping data of personally identifiable attributes, but the goal here seems to be maintaining realistic data for functional testing. upvoted 1 times Etapa 1 month, 3 weeks ago I think the answer is A. Refer to prof messer: https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/enhancing-privacy/ upvoted 1 times 店 店 Nikamy 1 month, 4 weeks ago 铺 Selected Answer: A ; 铺 ; 学 Selected Answer: A upvoted 1 times 学 习 习 小 小 店 店 66 jeetsidhu 2 months ago 66 Selected Answer: C upvoted 1 times darkhat 2 months ago C. Data masking is the process of obfuscating sensitive data, such as PII, while maintaining the data's original format and structure. The sensitive data is replaced with realistic but fictitious data, ensuring that the development team can still work with realistic data without exposing real PII. upvoted 1 times Protract8593 2 months ago Selected Answer: A The company should: A. Classify the data. Classifying data involves categorizing information based on its sensitivity, importance, and handling requirements. In this scenario, the company has different types of data on the file server, such as Personally Identifiable Information (PII), financial information, and health information. By classifying the data, the company can label each type appropriately and apply different DLP rules based on the data's classification. With data classification in place, the DLP solution can be configured to enforce different security policies and controls based on the sensitivity of the data. For example, more stringent DLP rules can be applied to PII and health information to ensure strict protection, while less restrictive rules may be applied to less sensitive data. In conclusion, to accomplish the goal of applying different DLP rules based on the type of data on the file server, the company should classify the data according to its sensitivity and requirements. upvoted 1 times Protract8593 2 months ago Answer to wrong question. Correction: According to CompTIA Security+, the correct answer to BEST satisfy both the Chief Privacy Officer (CPO) and the development team's requirements is: C. Data masking. Data masking is a technique used to protect sensitive data by replacing, encrypting, or otherwise obfuscating original data with fake or masked data. This process allows developers to work with realistic data in a non-production environment without exposing actual sensitive information. 店 店 铺 铺 ; ; 学 学 By implementing data masking, the development team can perform functionality tests and search for specific data while ensuring that the actual Personally Identifiable Information (PII) is not exposed in the development environment. This helps protect sensitive data and ensures compliance with privacy regulations, satisfying the CPO's requirement. 习 习 小 店 66 小 店 66 In conclusion, according to CompTIA Security+, the BEST solution to satisfy both the CPO's and the development team's requirements is C. Data masking. It allows the development team to work with realistic data while protecting sensitive information in the development environment. upvoted 4 times Protract8593 2 months ago Selected Answer: C To satisfy both the Chief Privacy Officer's (CPO) requirement to remove Personally Identifiable Information (PII) and the development team's need for real data to perform functionality tests and search for specific data, the BEST solution would be: C. Data masking Data masking is a technique that involves obfuscating sensitive data, such as PII, in non-production environments while keeping the data realistic and functional for testing and development purposes. It replaces sensitive information with realistic but fictitious data, ensuring that the original PII is not exposed to developers or testers. 淘宝店铺:https://shop63989109.taobao.com/ By using data masking, the development team can work with data that closely resembles the real production data, allowing them to perform functionality tests and search for specific data patterns without the risk of exposing actual PII. The PII will be replaced with masked data, making it anonymous and protecting the privacy of individuals whose data is involved. In conclusion, data masking is the most suitable option as it allows the developers to work with realistic data while protecting the privacy of individuals by removing actual PII from the development environment. upvoted 1 times bolun 2 months ago how can you search for data if you alter pii in dataset using anonymization? how does it make sense? upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #7 A company is implementing a DLP solution on the le server. The le server has PII, nancial information, and health information stored on it. Depending on what type of data that is hosted on the le server, the company wants different DLP rules assigned to the data. Which of the following should the company do to help accomplish this goal? A. Classify the data. B. Mask the data. C. Assign the application owner. D. Perform a risk analysis. 店 店 铺 铺 ; ; 学 Correct Answer: A 学 习 习 小 小 店 Community vote distribution 店 66 66 A (100%) stoneface Highly Voted 1 year ago Data classification and typing schemas tag data assets so that they can be managed through the information life cycle. A data classification schema is a decision tree for applying one or more tags or labels to each data asset. Many data classification schemas are based on the degree of confidentiality required: Public (unclassified)—there are no restrictions on viewing the data. Public information presents no risk to an organization if it is disclosed but does present a risk if it is modified or not available. Confidential (secret)—the information is highly sensitive, for viewing only by approved persons within the owner organization, and possibly by trusted third parties under NDA. Critical (top secret)—the information is too valuable to allow any risk of its capture. Viewing is severely restricted. upvoted 10 times Ribeiro19 Highly Voted 1 year ago Selected Answer: A Classify the data. permit to DLP distinguish the types of data, with intended to apply different rules depending on the classification. upvoted 9 times HackBishop 3 weeks, 5 days ago Most Recent You first perform a risk analysis before classifying data upvoted 1 times tannuc 1 month, 3 weeks ago Selected Answer: A A. Classify the Data: By classifying the data, the different DLP rules can be applied. ---B. Mask the data: Making the data involves obscuring specific data (like password, or credit card number) *****1235 or ****** C. Assign the application owner: not relate to DLP, just put someone is in charge of this application D. Perform a risk analysis: Of course, not relate to DLP. upvoted 1 times darkhat 2 months ago Data classification is the process of categorizing data based on its sensitivity, value, and regulatory requirements. By classifying the data on the file server, the company can identify and label different types of data such as PII, financial information, and health information. Each category can then be associated with specific DLP rules that are appropriate for the sensitivity and requirements of that type of data. 店 店 铺 铺 ; ; 学 学 习 习 For example, the company can create DLP rules that trigger alerts or prevent certain actions (such as copying or emailing) when sensitive data, like PII or health information, is detected being accessed or transmitted outside of authorized channels. Different rules can be applied to financial data based on its specific requirements. upvoted 1 times 小 店 66 小 店 66 Protract8593 2 months ago Selected Answer: A Classifying the data involves categorizing and labeling the data based on its sensitivity and criticality. By classifying the data, the company can identify which files contain PII (Personally Identifiable Information), financial information, health information, or other sensitive data. Each category of data can then be assigned different Data Loss Prevention (DLP) rules and security controls based on its classification. For example, files containing PII might have stricter DLP rules to prevent unauthorized access or data leakage, while files with less sensitive information may have less stringent restrictions. This approach allows the company to tailor the DLP policies according to the data's specific requirements and compliance needs. upvoted 1 times reverse01 3 months ago Data Classification. A 淘宝店铺:https://shop63989109.taobao.com/ upvoted 1 times ApplebeesWaiter1122 3 months, 1 week ago Selected Answer: A To accomplish the goal of assigning different DLP rules based on the type of data hosted on the file server, the company should classify the data. Data classification involves categorizing and labeling data based on its sensitivity, importance, and regulatory requirements. By classifying the data, the company can assign specific DLP rules and policies to each classification category. By classifying the data, the company can effectively differentiate between PII, financial information, and health information stored on the file server. This allows for the implementation of tailored DLP rules and policies that are appropriate for each type of data. For example, stricter DLP rules might be applied to PII compared to less sensitive financial information. upvoted 1 times princajen 6 months, 2 weeks ago Selected Answer: A 店 店 A. Classify the data. 铺 铺 ; Once the data has been 学 classified, the company can apply different DLP rules to different categories of;data, 学 based on the sensitivity and 习For example, files containing PII might require stricter controls, while financial information 习 might be subject to different importance of the data. 小 小 types of restrictions. 店 店 66 66 upvoted 1 times thisguyfucks 7 months, 3 weeks ago Its going to be A - Data classification is the process an organization follows to develop an understanding of its information assets, assign a value to those assets, and determine the effort and cost required to properly secure the most critical of those information assets. upvoted 1 times sauna28 9 months, 2 weeks ago Selected Answer: A Classify data is no 1 before you proceed to the step upvoted 1 times [Removed] 10 months ago Selected Answer: A Yep, fully agree with A. The other options make no sense upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #8 A forensics investigator is examining a number of unauthorized payments that were reported on the company's website. Some unusual log entries show users received an email for an unwanted mailing list and clicked on a link to attempt to unsubscribe. One of the users reported the email to the phishing team, and the forwarded email revealed the link to be: <a href="https://www.company.com/payto.do?routing=00001111&acct=22223334&amount=250">Click here to unsubscribe</a> Which of the following will the forensics investigator MOST likely determine has occurred? A. SQL injection B. Broken authentication C. XSS 店 店 铺 铺 ; ; 学 D. XSRF 学 习 习 小 小 店 店 66 Correct Answer: B 66 Community vote distribution D (93%) dylansmith064 Highly Voted 5% 1 year, 4 months ago CSRF or XSRF redirects you to something you didn't intend to go to when clicking a link upvoted 46 times fboy 1 year, 4 months ago thank you! upvoted 4 times comeragh Highly Voted 1 year ago Selected Answer: D Going with D also. Funds out of a bank account in most cases indicates CSRF. upvoted 11 times malibi Most Recent 3 weeks, 6 days ago Selected Answer: B not csrf nor xsrf. assuming the user is log on to their banking website. if they click the link from this email, it is like session hijacking but since the session is on, the link broke the authentication since it doesn't need to authenticate since the session is still active. upvoted 1 times malibi 3 weeks, 6 days ago Broken authentication refers to any vulnerabilities involving the attackers impersonating the original users on applications. In other words, authentication is broken when attacks can assume user identities by compromising passwords, session tokens, user account information and other details. upvoted 2 times tannuc 1 month, 2 weeks ago Selected Answer: D XSRF or CSRF is the correct one, let me tell you why? -> using the Process of Elimination, we eliminate A and B, there is no thing to deal with SQL injection and Broken Authentication in this case. -> Only C (XXS) and D (XSRF). Remember about XXS, Cross-site scripting occurs when attackers try to inject JavaScript into the client's website. But D (XSRF), Cross-site-request-forgery, will inject the POST request to change email, address of shipping, or transfer funds. -> Pick D because the <a> link includes: routing=00001111&acct=22223334&amount=250 upvoted 3 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 MyBJ 2 months ago 66 小 店 66 The correct answer is B. The subject of the question is "...examining a number of unauthorized payments...". This simply points to broken authentication as the answer. XSRF got the users there but that was not the subject of the investigation, rather it was what caused the unauthorized payments. upvoted 1 times RevolutionaryAct 1 month, 2 weeks ago Nah, it's D https://brightsec.com/blog/csrf-example/ Broken authentication is not even a security+ term upvoted 2 times Protract8593 2 months ago Selected Answer: D 淘宝店铺:https://shop63989109.taobao.com/ Cross-Site Request Forgery (XSRF) involves exploiting the trust that a website has in a user's browser by using the user's active session to invoke unauthorized actions on behalf of the victim. This is typically done by tricking the victim's browser into making unintended requests to a website, without the user's knowledge or consent. In the given example URL: https://www.company.com/payto.do?routing=00001111&acct=22223334&amount=250 If the website does not have proper security measures in place, an attacker could craft a malicious email with the link to this URL, and if a loggedin user clicks on the link while their session is active, the website may process the request as if the user intended it. As a result, the unauthorized payment of $250 could occur without the user's knowledge. Since the user reported the email to the phishing team, it suggests that the email was part of a malicious attempt to trick users into performing an unwanted action. Therefore, based on the details provided, the most likely occurrence is XSRF (Cross-Site Request Forgery). upvoted 2 times 店 铺 ; 学 习 小 upvoted 1 times 店 铺 reverse01 3 months ; ago 学 Definitely XSRF. D 习 小 店 店 6 1 week ago ApplebeesWaiter1122 3 months, 6 66 Selected Answer: D In a CSRF attack, an attacker tricks a victim into unknowingly executing unwanted actions on a web application in which the victim is authenticated. The attacker typically achieves this by crafting a malicious link or script that makes use of the victim's authenticated session. In the given scenario, the email contains a link that appears to be for unsubscribing from a mailing list. However, when the user clicks on the link, it leads to a payment-related action on the company's website. This indicates that the user's authenticated session was exploited to perform unauthorized payments. Therefore, the most likely determination by the forensics investigator would be that a Cross-Site Request Forgery (CSRF or XSRF) attack has occurred, where the attacker manipulated the victim into unknowingly initiating the unauthorized payments through a crafted link. upvoted 3 times z3phyr 5 months, 3 weeks ago Selected Answer: D It's D. With XSRF/CSRF you are force the user into performing an action they are already allowed to do. In this case you are tricking the user to click a link forcing them to transfer funds. upvoted 2 times SophyQueenCR82 6 months ago The forensics investigator will most likely determine that a Cross-Site Request Forgery (CSRF) attack has occurred. In this attack, the attacker tricks the victim into clicking on a link that will perform an unwanted action on a website the victim is authenticated to. The link in the email appears to be an attempt to unsubscribe from a mailing list but actually contains a hidden request to make an unauthorized payment on the company's website. upvoted 3 times GS1011 6 months, 2 weeks ago D “Cross site request forgery (CSRF), also known as XSRF, Sea Surf or Session Riding, is an attack vector that tricks a web browser into executing an unwanted action in an application to which a user is logged in. A successful CSRF attack can be devastating for both the business and user. It can result in damaged client relationships, unauthorized fund transfers, changed passwords and data theft—including stolen session cookies. CSRFs are typically conducted using malicious social engineering, such as an email or link that tricks the victim into sending a forged request to a server. As the unsuspecting user is authenticated by their application at the time of the attack, it’s impossible to distinguish a legitimate request from a forged one.” 店 店 铺 铺 ; ; 学 学 习 习 This link: https://www.imperva.com/learn/application-security/csrf-cross-site-request-forgery/ has more details. upvoted 5 times 小 店 66 princajen 6 months, 2 weeks ago 小 店 66 Selected Answer: D D. XSRF The forensics investigator will most likely determine that a Cross-Site Request Forgery (CSRF) attack has occurred. In a CSRF attack, an attacker tricks a user into performing an unintended action on a website or application by forging a request that appears to come from a trusted source. In this case, the users were directed to a website where they unknowingly made unauthorized payments by clicking on a link in a phishing email. The link appears to be harmless, but actually contains code that instructs the user's browser to make a payment on the company's website. The unauthorized payments were made because the website accepted the forged request without verifying the authenticity of the request. upvoted 2 times Ahmed_aldouky 7 months ago the answer is B, as first AAA , you have to authenticate your self first , after you need to do the authorization , as this Q gives us a great example on this , how can I transfer the money or do any of these requites without authenticating my self first , so it's a broken authentication upvoted 2 times Ahmed_aldouky 7 months ago 淘宝店铺:https://shop63989109.taobao.com/ unauthorized payments is the key word upvoted 1 times rf18 7 months, 2 weeks ago Selected Answer: D CSRF or XSRF upvoted 1 times BeOr 7 months, 3 weeks ago Hello Guys, Anyone here passed the exam using this website? It has a very very bad reviews as shown here. Please let me know. They say the questions are outdated. https://www.trustpilot.com/review/www.examtopics.com upvoted 1 times 店 店 铺 铺 DALLASCOWBOYS ; 7 months, 4 weeks ago ; Definitely D. XSRF.学 The malicious link hides its true intention. Link suggested to unsubscribe, but it's true 学 intent was to transfer money out of 习 习 account. 小 小 店 店 upvoted 1 times 66 66 fouserd 5 months, 1 week ago I am going to take my exam on the 8th of May and i will report back to you. Besides this site I also use Avanset with an exam collector dumb and so far looking like the same question. i have completed 410 out of 410 questions. I have also used this site to pass my A+ and Net+. upvoted 1 times lili00 5 months ago good luck! =) upvoted 1 times Proctored_Expert 9 months, 1 week ago Selected Answer: C The forensics investigator will most likely determine that XSS (cross-site scripting) has occurred. XSS is a type of cyber attack that involves injecting malicious code into a website or web application, with the goal of executing the code in the context of the victim's browser. XSS attacks can be used to steal sensitive information, such as login credentials or personal data, or to manipulate the behavior of the website or application. The log entry provided in the question describes a link that was included in an email, which was clicked on by a user in an attempt to unsubscribe from an unwanted mailing list. Upon investigation, the forwarded email revealed that the link contained malicious code, specifically an XSS attack. This indicates that an XSS attack was carried out against the company's website. upvoted 2 times hieptran 8 months, 4 weeks ago Wrong, CSRF utilized the current user session and use them to invoke the request on behalf of the victim. In this example, there is no malicious javascript payload that indicates there is a Reflected XSS vulnerability in their website. XSS is often used for session/cookie hijacking. But not this case. upvoted 5 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #9 A report delivered to the Chief Information Security O cer (CISO) shows that some user credentials could be ex ltrated. The report also indicates that users tend to choose the same credentials on different systems and applications. Which of the following policies should the CISO use to prevent someone from using the ex ltrated credentials? A. MFA B. Lockout C. Time-based logins D. Password history 店 店 铺 铺 ; ; 学 Correct Answer: A 学 习 小 店 Community vote distribution 66 A (59%) Ribeiro19 习 小 Highly Voted 店 66 D (41%) 1 year ago Selected Answer: A is the only one that obligate to have more info than a password to login in the system upvoted 18 times Papee 11 months, 1 week ago Prevent users from using the exfiltrated account. MFA would better security not prevent. upvoted 5 times bkrich Most Recent 1 week, 2 days ago Selected Answer: D When they say exfiltrated, I think they mean leaked, the only thing that would prevent a user from using a bad exfiltrated password again is password history (D), someone with the exfiltrated password can keep trying to logging in during work hours and hope for the user to have MFA fatigue. upvoted 2 times Cisco103 2 weeks, 3 days ago Selected Answer: A to prevent someone from using the exfiltrated credentials => clearly A nothing to concern upvoted 1 times STODDY69 1 month, 1 week ago Selected Answer: D CompTIA Sec+ Objectives 3.7 Account policies: - Password complexity - Password history - Password reuse - Network location - Geofencing - Geotagging - Geolocation - Time-based logins - Access policies - Account permissions - Account audits - Impossible travel time/risky login - Lockout - Disablement 2FA is not an account policy, has to be D upvoted 3 times 店 铺 ; 学 习 小 店 66 店 铺 ; 学 习 小 店 66 tannuc 1 month, 2 weeks ago Selected Answer: A Let skip B (Lockout) and C (Time-based login) because nothing to deal with spray attacks or brute-force attacks, and the question doesn't mention any about users logging in after the business hours -> A (MFA) and D (Password history) - But the question said, "Users tend to choose the same credentials on different systems and applications". Those systems' and applications' policies might be isolated -> When you apply Password history, that can be applied to one system or one application. Ex: my password is Passw0rd. I can use it in many systems and applications as long as they don't have the same password history. -> MFA is the best choice in this scenario. It can prevent attackers who acquired the user's credentials because they need to pass another authentication to get inside the system or application upvoted 3 times 淘宝店铺:https://shop63989109.taobao.com/ Odisman1 2 months ago does mfa prevent the user from utilizing the exfiltrated credentials? i go with D as the answer upvoted 2 times andresalcedo 1 month, 4 weeks ago Yes, because in addition to the password it needs the MFA confirmation. upvoted 1 times Protract8593 2 months ago Selected Answer: A To prevent someone from using the exfiltrated credentials effectively, the CISO should implement: A. MFA (Multi-Factor Authentication). Multi-Factor Authentication (MFA) is a security mechanism that requires users to provide two or more forms of identification before gaining access to a system or application. It adds an extra layer of security beyond just a username and password combination. The different factors can be something the user knows (like a password), something the user has (like a smartphone or a security token), or something the user is (like a fingerprint or other biometric data). 店 店 铺 铺 ; ; 学 学 习 习 小 小 access even if the In the given scenario, where user credentials have been exfiltrated, MFA can significantly reduce the risk of unauthorized 店 店additional factor (e.g., a passwords are compromised. Even 66if an attacker gains access to the username and password, they would still need the 66 one-time code sent to the user's mobile device) to successfully log in. This makes it much more challenging for unauthorized individuals to use the stolen credentials effectively. upvoted 3 times sander22 2 months, 1 week ago Selected Answer: A first i went with D and i was 100% sure about it, but if you read the question more carefully you will end up with A. They are talking about" more systems" so if you use the same password for your work email, but you also use it for your private email. MFA will prevent someone to login with your password. I am going with A upvoted 2 times SlySyrup 2 months, 1 week ago Selected Answer: A The actual question asks what prevents" someone from using the exfiltrated credentials". So it is actually asking what will stop someone AFTER the credentials have already been exfiltrated - therefore it is MFA. Password history is something that is typically enforced every 30 - 90 days. If a password is extracted on day 1, there are at least 29 more days where the password isn't changed and the attacker can use that password freely. Furthermore, it states "on different systems and applications". Password history stops you from using the same password on the same system - the user can still use the same new password across multiple systems which then results in the same problem. upvoted 3 times ApplebeesWaiter1122 3 months, 1 week ago Selected Answer: D Password history is a security policy that enforces users to choose unique and previously unused passwords when changing their credentials. It prevents users from reusing the same passwords that may have been compromised or obtained through unauthorized means. By enforcing password history, users will be required to choose new passwords that they haven't used before, making it more difficult for an attacker to gain unauthorized access using stolen credentials. This policy helps enhance the security of user accounts and protects against the potential misuse of exfiltrated credentials. upvoted 1 times Gaurabdon 3 months, 4 weeks ago Selected Answer: A I feel like there is a lot of contradiction here between answers A and D. While answer D seems to be the correct answer because it is a policy that prevents users from reusing the previous passwords when creating new ones. However, if we read the question properly and highlight the keywords like "could be exfiltrated", meaning that there is a risk of exfiltration but it has not been yet. While password history seems a logical answer, it does not fully satisfy what the question is asking here. Implementing MFA would be the first best choice as password alone would not let anyone exfiltrate their data. upvoted 4 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 k1l1manjar0 4 months, 1 week ago 小 店 66 Selected Answer: D It's about preventing using exfiltrated passwords, not better account protection. upvoted 1 times on2it 4 months, 1 week ago Selected Answer: D Preventing from using the old password, is NOT MFA upvoted 1 times LeonardSnart 4 months, 2 weeks ago Selected Answer: A This is a Comptia exam, the questions are written to confuse purposefully. Break it down, and the second sentence is irrelevant. Read the first and third sentences, and the answer that fits best is A. *IF* the credentials were leaked (question doesn't say they have been!), MFA would prevent them q y 淘宝店铺:https://shop63989109.taobao.com/ from being useable. Just my 2 cents. upvoted 3 times y p ExamPasser420 4 months, 3 weeks ago Password history is a policy. Not MFA. Adding MFA would not remedy the already leaked passwords upvoted 1 times Dutch012 4 months, 3 weeks ago Selected Answer: D For better security use MFA. To prevent users from using old passwords '''password history' so its D upvoted 3 times 店 店 铺 铺 Dutch012 5 months, 1 week ago ; Selected Answer: D ; 学 学 习 the exfiltrated credentials?" "prevent someone from using 小 店 66 it is D 习 小 店 66 upvoted 3 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #10 A company wants to simplify the certi cate management process. The company has a single domain with several dozen subdomains, all of which are publicly accessible on the internet. Which of the following BEST describes the type of certi cate the company should implement? A. Subject alternative name B. Wildcard C. Self-signed D. Domain validation 店 店 铺 Correct Answer: B 铺 ; ; 学 Community vote distribution 习 学 习 小 B (91%) 店 66 Ay_ma Highly Voted 小 店 7% 66 1 year ago Selected Answer: B B- Wildcard SSL(Secure Sockets Layer) Certificate: Wildcard SSL certificates are for a single domain and all its subdomains. www.cloudfare.com upvoted 16 times comeragh Highly Voted 1 year ago Selected Answer: B Agree with B wildcard being the correct answer here upvoted 10 times Ha89 Most Recent 2 weeks ago Selected Answer: B This question was on the exam and it's B. I took the test last week and passed! About 60% of the questions on my test is on exam topics. 2 0f the 3 PBQs were from exam topics I focused on PBQs about 2 hours before my exam. I recommend you read each discussion and learn about the correct answer. I have zero experience in IT but thanks to exam topics(best $39 spent), Dion training, and professor Messer they helped me a lot in my transition into cyber security. a friendly recommendation to those with little to no experience like myself. Before starting your course of study, I suggest you memorize all the acronyms on the Comptia Security+ objective along with the 35 necessary ports(available on Dion training) memorize them very good, even if doesn't make sense. Once you start studying, they start to make sense and make your study and the actual exam a lot easier! upvoted 2 times TreeeSon 1 week, 3 days ago anywhere i can reach you? upvoted 2 times Ha89 3 days ago sure thing. harez.indy@gmail.com upvoted 1 times darkhat 2 months ago wildcard certificate is the best for a company with a single domain and multiple subdomains upvoted 1 times 店 铺 ; 学 ago Protract8593 2 months 习 小 Selected Answer: B 店 铺 ; 学 习 店 66 The company should implement: 小 店 66 B. Wildcard certificate. A Wildcard certificate is the best option for the company with a single domain and several dozen subdomains. It simplifies the certificate management process by securing not only the main domain but also all its subdomains with a single certificate. Here's how a Wildcard certificate works: 1. It is issued for a specific domain, such as ".example.com," where the asterisk () is a wildcard character that covers all subdomains of "example.com." 2. With a single Wildcard certificate, the company can secure any number of subdomains (e.g., mail.example.com, shop.example.com, blog.example.com, etc.) without needing separate certificates for each subdomain. 3. Wildcard certificates are especially beneficial when there are numerous subdomains to manage, as it significantly reduces the administrative overhead and simplifies the renewal and deployment processes. 淘宝店铺:https://shop63989109.taobao.com/ Therefore, a Wildcard certificate is the most appropriate choice for the company with a single domain and several dozen subdomains, providing a streamlined and efficient certificate management process. upvoted 1 times reverse01 3 months ago B. wildcard. wildcards are used as placeholders to match multiple subdomains or URLs within a specific domain. The wildcard character (*) is commonly used for this purpose. upvoted 1 times ApplebeesWaiter1122 3 months, 1 week ago Selected Answer: B A Wildcard certificate is designed to secure a domain and all its subdomains with a single certificate. It is denoted by an asterisk () in the leftmost position of the domain name, such as ".example.com". This means that the certificate can be used to secure any subdomain under the main domain. 店 店 铺 铺 In the case of the company with multiple subdomains, a Wildcard certificate would simplify the certificate management process. Instead of obtaining and managing individual certificates for each subdomain, a single Wildcard certificate can be used to secure them all. This reduces administrative overhead, simplifies the deployment process, and ensures consistent security across the domain and its subdomains. upvoted 2 times ; ; 学 学 习 习 小 小 店 店 6 Gaurabdon 3 months, 4 weeks ago6 66 Selected Answer: B The reason to choose option B is because the question mentions "single domain". SAN covers multiple domains (different domains) with a single cert. WildCard certificate supports multiple subdomains off of a single domain. Hence, the answer is B. upvoted 1 times Dutch012 4 months, 3 weeks ago Selected Answer: B Wildcard: covers unlimited subdomains with a single Cert SAN: covers multiple domains names with a single Cert source: https://opensrs.com/blog/san-and-wildcard-certificates-whats-the-difference/ upvoted 1 times Mroljrtnrty 5 months ago Just Passed! 4/23/23 - This question was on the test but it was worded differently. They did mention wanting to simplify certificate management. I chose wrong. Should have picked Wildcard but hey i still passed lol upvoted 2 times Dutch012 4 months, 3 weeks ago good for you!, I am going to take it soon, and I am going to survive since I am a big fan of The Walking Dead. upvoted 1 times princajen 6 months, 2 weeks ago Selected Answer: A In this case, the best option would be a Subject Alternative Name (SAN) certificate, also known as a Unified Communications Certificate (UCC). A SAN certificate can cover multiple domains, subdomains, and hostnames under a single certificate. This would allow the company to cover its main domain and all subdomains, as well as any future domains or subdomains that may be added. SAN certificates are commonly used in environments with multiple domains or subdomains. upvoted 1 times princajen 6 months, 2 weeks ago After reviewing, the best option is a wildcard SSL certificate. upvoted 4 times 店 铺 DALLASCOWBOYS 7 months, 4 weeks ago ; B. Wildcard. Helps with a main domain, with multiple subdomains on websites. upvoted 1 times 学 习 小 店 ShivP2 7 months, 4 weeks ago 66 店 铺 ; 学 习 小 店 66 A. Subject alternative name (SAN) certificate would be the best option for a company with a single domain and several dozen subdomains that are publicly accessible on the internet. SAN certificates allow a single certificate to be associated with multiple domain names, allowing the company to secure all of its subdomains with a single certificate, simplifying the certificate management process. A wildcard certificate would also be a valid option for a company with a single domain and several dozen subdomains that are publicly accessible on the internet. It allows a single certificate to be associated with all subdomains of a domain, making it easy to secure all the subdomains under one certificate. However, a Wildcard certificate would only work for subdomains and would not cover the main domain or any other domain that is not a subdomain of the main domain, in this case if the company wants to add any other domain in the future it would require another certificate. upvoted 1 times xxxdolorxxx 8 months ago Selected Answer: B 淘宝店铺:https://shop63989109.taobao.com/ My vote goes to b. upvoted 1 times Proctored_Expert 9 months, 1 week ago Selected Answer: B The company should implement a wildcard certificate. A wildcard certificate is a type of digital certificate that can be used to secure multiple subdomains within a single domain. Wildcard certificates use the wildcard character (*) in the certificate's subject alternative name (SAN) field to match any subdomain within a given domain. This allows a single wildcard certificate to be used to secure all subdomains within the domain, simplifying the certificate management process. The company in this case has a single domain with several dozen subdomains, all of which are publicly accessible on the internet. Implementing a wildcard certificate would allow the company to secure all of its subdomains with a single certificate, simplifying the certificate management process. upvoted 1 times 店 店 viksap 9 months, 1 week ago 铺 铺 ; ; 学 Selected Answer: B 学 习 Wildcard is correct upvoted 1 times 习 小 小 店 店 66 [Removed] 10 months ago 66 Selected Answer: B With subdomains it's always wildcard. upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #11 Which of the following is an effective tool to stop or prevent the ex ltration of data from a network? A. DLP B. NIDS C. TPM D. FDE Correct Answer: A 店 店 铺 Community vote distribution ; 学 A (91%) 习 小 店 Fitzd 1 year ago Highly Voted 铺 ; 学 习 9% 小 店 66 66 Just passed, what you see is what you get.....these dissussion help a lot.....thanks guys and this site is all the luck you need upvoted 20 times ELLEWOODS45 12 months ago DID YOU REVIEW THE OLD DUMPS OR JUST THIS ONE I AM TRYING TO PASS 😥, I NEED HELP 😭 upvoted 2 times banditring 11 months, 4 weeks ago theres an old dump? I must find it. I take the exam in 2 weeks and freaking out!! upvoted 2 times Dachosenone Highly Voted 1 year ago Selected Answer: A Data loss prevention (DLP) makes sure that users do not send sensitive or critical information outside the corporate network. upvoted 16 times Protract8593 Most Recent 2 months ago Selected Answer: A DLP is a comprehensive security solution designed to identify, monitor, and protect sensitive data from unauthorized access, use, or exfiltration. It helps organizations prevent data breaches and leakage by monitoring data movement both within the network and when data is being transferred to external destinations, such as the internet. 1. Content inspection: DLP solutions inspect data in real-time and at rest to identify sensitive information, such as Personally Identifiable Information (PII), financial data, intellectual property, or other confidential information. 2. Policy-based controls: Organizations can define policies that specify how sensitive data should be handled and protected. DLP tools enforce these policies by taking appropriate actions when data matches predefined criteria, such as blocking, encrypting, or quarantining the data. 3. Network monitoring: DLP solutions monitor network traffic and endpoints to detect suspicious activities and potential data exfiltration attempts. 4. Data encryption: DLP tools can include encryption capabilities, which add an extra layer of protection to sensitive data, making it unreadable to unauthorized parties even if it is somehow intercepted. upvoted 2 times 店 店 铺 铺 ; 学 ApplebeesWaiter1122 3 months ago 习 小 ; 学 习 小 店 DLP systems are designed to monitor 66 and control the flow of sensitive information within an organization's network.店They 66can detect and prevent unauthorized data transfers, whether intentional or accidental, by monitoring network traffic, data storage systems, and endpoints. DLP systems Selected Answer: A can identify sensitive data based on predefined policies, such as personally identifiable information (PII), credit card numbers, or intellectual property, and take actions to prevent its unauthorized disclosure. upvoted 2 times JR2463 5 months ago I echo that these discussions really helped. I just passed as well. upvoted 1 times DALLASCOWBOYS 7 months, 4 weeks ago A. DLP tracks data moving within the network, and can block the data when it is in danger of leaving the corporate network. upvoted 3 times Zonas 8 months ago Correct Answer : A 淘宝店铺:https://shop63989109.taobao.com/ upvoted 1 times Nirmalabhi 10 months, 2 weeks ago Selected Answer: A the answers right in front of you. option A upvoted 1 times Imok 11 months, 2 weeks ago Selected Answer: A Data Loss Prevention upvoted 1 times be9z 11 months, 2 weeks ago FDE performs full disk encryption but it can not stop or prevent data exfiltration. The answer is A - Data Loss Prevention (DLP) upvoted 2 times 店 店 铺 ; 铺 ; VendorPTS 11 months, 4 weeks ago 学 学 习 Selected Answer: A 习 小 winner here. Data Loss Prevention is the clear 店 66 upvoted 1 times 小 店 66 groger999 12 months ago Correct Answer: DLP upvoted 2 times Ribeiro19 1 year ago Selected Answer: A it prevents data to be extracted form a corporate network. upvoted 4 times comeragh 1 year ago Selected Answer: A DLP correct here upvoted 2 times stoneface 1 year ago Selected Answer: D DLP - Data Loss Prevention upvoted 3 times Joe1984 1 year ago A. DLP upvoted 3 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #12 Several attempts have been made to pick the door lock of a secure facility. As a result, the security engineer has been assigned to implement a stronger preventative access control. Which of the following would BEST complete the engineer's assignment? A. Replacing the traditional key with an RFID key B. Installing and monitoring a camera facing the door C. Setting motion-sensing lights to illuminate the door on activity D. Surrounding the property with fencing and gates 店 店 铺 Correct Answer: A 铺 ; ; 学 Community vote distribution 习 学 习 小A (97%) 店 66 rodwave 小 店 66 10 months, 2 weeks ago Highly Voted Selected Answer: A Replacing the traditional key with an RFID key - For this question, there is mention of "attempts have been made to pick the door lock". Out of the options provided, only the option to replace the current door key with an RFID key directly addresses this issue. The other options can be viewed as preventative access control systems/ deterrents as well. ============================ Helpful Info Preventative access control - An access control that is used to stop unwanted or unauthorized activity from occurring, these could be policies, firewalls, physical barriers etc. RFID (Radio Frequency Identification) - A type of key card/fob access control system that uses a radio frequency signals to communicate between a reader and an RFID tag. You would place the tag/card near the reader and if the reader identifies the signal as belonging to an authorized user, they will be allowed access. upvoted 12 times Ribeiro19 Highly Voted 1 year ago Selected Answer: A B, C and D, are not a access control. So, A is the only XD upvoted 5 times be9z 11 months, 2 weeks ago A and D are access controls, however, A is the correct answer because it focuses on securing the door and not the other security perimeter of a facility. Hence RFID protects both external (who is not supposed to have access to the building) and internal threats (staff who are not authorised to enter the room) upvoted 5 times Halaa 1 year ago they are access control upvoted 2 times stoneface 1 year ago YES, 'access control' upvoted 2 times 店 店 铺 ; 铺 学 RevolutionaryAct Most Recent Selected Answer: A 小 习 店 2 weeks, 5 days ago ; 学 习 小 店 The reason it is A and not D is because there is nothing in the question indicating that it is not an insider threat, so if it is one then gates and fences won't stop them. Theoretically they don't have access to this area as an insider (otherwise why pick it) and an RFID card would work better. upvoted 1 times 66 66 NetTech 4 weeks ago Like many of these questions, the wording is not great in this one. A & D are both access controls. A door that has an RFID reader on it may still have a door knob with a key hole and could still be picked. In fact you would likely still want a keyed lock on the door if there was a power failure, the door would fail secure, but could be opened with a key in an emergency. Only a door that has a maglock on it that is released after a card scan would address the issue. The answer is probably A but these questions need better editing by the authors. upvoted 1 times Protract8593 2 months ago Selected Answer: A Replacing the traditional key with an RFID (Radio Frequency Identification) key is a stronger form of access control compared to a physical key. RFID keys use radio waves to communicate with an RFID reader, which grants access to the facility if the key is authorized. This technology provides several advantages over traditional keys: 1. Increased security: RFID keys are more difficult 淘宝店铺:https://shop63989109.taobao.com/ to duplicate compared to physical keys, reducing the risk of unauthorized key copying. 2. Access control management: RFID keys can be easily activated or deactivated from the access control system, allowing the security team to grant or revoke access quickly. 3. Audit trail: An RFID access control system can provide an audit trail, showing the times and dates of access attempts, successful entries, and denied entries, which can aid in security investigations. upvoted 1 times reverse01 3 months ago I took my exam today and passed with an 800. Thanks, everyone, for the great discussions and input; really helped me through the exam. upvoted 2 times ApplebeesWaiter1122 3 months ago Selected Answer: A replacing the traditional key with an RFID key, could also be a viable solution for implementing a stronger preventative access control for the secure facility. This option introduces an electronic access control mechanism that can provide enhanced security compared to traditional keys. 店 店 铺 铺 ; ; 学 学access control. RFID keys typically By replacing the traditional key with an RFID key, the security engineer can leverage technology to improve 习 习 granular control over who can contain a unique identifier小 that can be scanned by a reader to grant or deny access. This system allows for more 小 店be restricted based on the specific RFID key credentials. 店 enter the facility, as access can 66 66 RFID keys can also offer additional features such as logging access events, enabling centralized access management, and facilitating quick revocation of access in case of lost or stolen keys. These benefits enhance the overall security posture of the facility. upvoted 1 times Confuzed 5 months, 2 weeks ago Selected Answer: A As said previously, the key to this question is "PREVENTATIVE". CompTIA defines it thus: Preventive—the control acts to eliminate or reduce the likelihood that an attack can succeed. A preventative control operates before an attack can take place. None of the other answers are both preventative, and meet the other terms in the question. However effective they might be to help mitigate the risk. upvoted 2 times Adji91 6 months ago Happy to pass my exam with a 799 score. This question was on that. upvoted 3 times princajen 6 months, 2 weeks ago Selected Answer: A A. Replacing the traditional key with an RFID key would be the BEST option in this scenario. The use of an RFID key system provides more secure access control than traditional keys, as the keys cannot be duplicated easily, and the access logs are easier to maintain. Additionally, an RFID key system allows the security team to more effectively monitor access to the facility and to limit access to specific areas as necessary. Installing a camera or setting motion-sensing lights would be helpful for monitoring, but they would not necessarily prevent unauthorized access. Surrounding the property with fencing and gates can also help with security, but it would not be the BEST option in this scenario as it does not directly address the issue of the lock being picked. upvoted 1 times DALLASCOWBOYS 7 months, 4 weeks ago A. Replace with an RFID Key. For B., Camera will act as a deterrent but won't prevent someone from attempting to pick lock. D Fencing, and security gates generally people can still get around, it wont prevent them from picking the lock upvoted 1 times Bobbober12 8 months ago 店 铺 All but A are monitoring solutions. upvoted 1 times ; 学 习 Sandon 8 months ago小 Not true upvoted 1 times 店 66 店 铺 ; 学 习 小 店 66 Tomtom11 10 months, 2 weeks ago Selected Answer: B Is the answer not B A preventative control is one that prevents specific actions from occurring, such as a mantrap prevents tailgating. Preventative controls act before an event, preventing it from advancing. A firewall is an example of a preventative control, as it can block access to a specific resource. upvoted 1 times RevolutionaryAct 1 month, 2 weeks ago No, it is not. B. Installing and monitoring a camera facing the door is a deterrent it is not preventative. If I pick the lock and the lights come on, it does not make access any more difficult i.e. it does not prevent anything, it might spook some and deter but it also might make my job easier not to have to pick in the dark 淘宝店铺:https://shop63989109.taobao.com/ upvoted 1 times Orean 11 months ago Selected Answer: A The operative word is PREVENTIVE. B and C are deterrent and/or detective in nature, whereas A and D are the only preventives. D could also be effective in this context, though I'm leaning towards A because it directly addresses the door-lock concern in question. upvoted 2 times Halaa 1 year ago RFID key is more secure. upvoted 3 times comeragh 1 year ago Selected Answer: A Agree with A. B,C and D are all physical controls. upvoted 4 times 店 铺 ; 店 铺 ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #13 Which of the following can be used by a monitoring tool to compare values and detect password leaks without providing the actual credentials? A. Hashing B. Tokenization C. Masking D. Encryption Correct Answer: A 店 店 铺 Community vote distribution ; 学 习 铺 ; 学 习 A (100%) 小 小 店 Ribeiro19 店 66 Highly Voted 66 1 year ago Selected Answer: A Hashing, is the answer. Why? Because, with Hashing the tool can identify a credential without knowing the exact credential , by a mathematical method (ex: multiply the credential by a number, and all different credentials have different results). comparing the Hashing of the local credential with the Hashing of the web credentials the tool can extrapolate if the credential was compromised. upvoted 24 times AbdullxHanan Most Recent 1 month, 3 weeks ago Selected Answer: A hashing is corect upvoted 2 times Protract8593 2 months ago Selected Answer: A Hashing is a cryptographic technique that takes input data (in this case, passwords) and converts it into a fixed-size string of characters, which is the hash value. The hashing process is one-way, meaning it is not feasible to reverse the hash and obtain the original password from the hash value alone. When monitoring tools need to compare values (such as passwords) to detect password leaks, they can hash the values and then compare the resulting hash values against a known database of leaked or compromised password hashes. If the hash of the user's password matches any entry in the database, it indicates that the password has been compromised without actually revealing the original password itself. This approach is widely used in password security practices, especially in situations where it's essential to protect the actual credentials from exposure. In conclusion, the most suitable option for a monitoring tool to compare values (passwords) and detect password leaks without providing the actual credentials is A. Hashing. upvoted 2 times ApplebeesWaiter1122 3 months ago Selected Answer: A Hashing is a one-way mathematical function that takes an input (in this case, passwords) and produces a fixed-size string of characters, known as a hash value or hash code. The important property of hashing is that it is computationally infeasible to reverse-engineer the original input from the hash value upvoted 1 times 店 店 铺 铺 ; 学 DALLASCOWBOYS 7 months, 4 weeks ago A. Hashing upvoted 2 times 习 小 店 Deeppain90 8 months ago 66 ; 学 习 小 店 66 Selected Answer: A Hashing upvoted 1 times xxxdolorxxx 8 months, 1 week ago Selected Answer: A A makes the most sense to me. upvoted 1 times FMMIR 10 months, 1 week ago Selected Answer: A Because, with Hashing the tool can identify a credential without knowing the exact credential, by a mathematical method (ex: multiply the credential by a number, and all different credentials have different results). comparing the Hashing of the local credential with the Hashing of the 淘宝店铺:https://shop63989109.taobao.com/ web credentials the tool can extrapolate if the credential was compromised. upvoted 2 times okay123 10 months, 2 weeks ago "Hashing is used to assure the authenticity of websites with which they may share personal and private information, in password storage applications (personal or used by entities they interact with online), and is likely used by the antivirus solution they trust to keep their devices free of malware." So if Hashing is used to validate the integrity of data, you can compare hashes to figure out if the data (password or whatever it is) was compromised https://www.uscybersecurity.net/csmag/what-the-hash-data-integrity-and-authenticity-in-american-jurisprudence/ upvoted 1 times Sultan1990 1 year ago i thinks C. upvoted 1 times 店 店 Sultan1990 1 year ago 铺 铺 ; sorry A is answer upvoted 6 times ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #14 A security engineer is building a le transfer solution to send les to a business partner. The users would like to drop off the les in a speci c directory and have the server send the le to the business partner. The connection to the business partner is over the internet and needs to be secure. Which of the following can be used? A. S/MIME B. LDAPS C. SSH D. SRTP 店 店 铺 铺 ; ; 学 Correct Answer: C 学 习 小 店 Community vote distribution 66 C (92%) rodwave 习 小 店 66 5% 10 months, 2 weeks ago Highly Voted Selected Answer: C Answer: SSH - SSH or (Secure Shell) is a protocol that enables two computers to communicate securely by encrypting the connection. Since the question is looking to transfer files over the internet to a specific directory, the FTP protocol can be used for the file transfer itself. As SSH can be used with the FTP protocol, this allows for secure(SSH) file transfer(FTP) over the internet. ======================== Other Choices: S/MIME (Secure/Multipurpose internet Mail Extensions) - Digitally signs and encrypts the contents of email messages. LDAPS(Lightweight Directory Access Protocol) - Provides authentication for directory-based traffic SRTP (Secure Real-time Transport Protocol) - Provides authentication/encryption for transmitted audio and video traffic. upvoted 31 times kiosk99 Highly Voted 1 year ago Selected Answer: C A File Transfer Protocol (FTP) server is typically configured with several public directories, hosting files, and user accounts. SSH FTP (SFTP) LDAP Secure (LDAPS)—the server is installed with a digital certificate, which it uses to set up a secure tunnel for the user credential exchange. File transfer. Answer: SSH upvoted 9 times Protract8593 2 months ago Most Recent Selected Answer: C SSH (Secure Shell) is a network protocol that provides secure encrypted communication over an unsecured network, such as the internet. It is commonly used for secure remote access to servers and also for secure file transfer. In the given scenario, the security engineer can set up an SSH server on the destination server hosted by the business partner. The users from the company can then use an SSH client (such as OpenSSH) to securely transfer files to the specific directory on the business partner's server. Here's how the file transfer process works using SSH: 店 店 1. The business partner sets up an SSH server (SSH daemon) on their server. 2. The security engineer configures the server to allow secure file transfer (SCP/SFTP) using SSH. 3. Users from the company can use SSH clients like OpenSSH (or graphical SFTP clients) to securely connect to the business partner's server and transfer files to the designated directory. 铺 铺 ; ; 学 学 习 习 小 店 小 店 With SSH, the file transfer process is secure and encrypted, protecting the data in transit from eavesdropping and tampering. upvoted 1 times 66 66 ApplebeesWaiter1122 3 months ago Selected Answer: C SSH is a network protocol that provides secure remote access and file transfer capabilities. It encrypts the communication between the client and server, ensuring confidentiality and integrity of the transferred data. SSH provides secure authentication and encryption mechanisms, making it suitable for secure file transfer scenarios. With SSH, the users can securely drop off the files in the specific directory on the server, and then the server can initiate a secure file transfer to the business partner using SSH's file transfer capabilities (e.g., SCP - Secure Copy or SFTP - SSH File Transfer Protocol). upvoted 1 times z3phyr 5 months, 3 weeks ago Selected Answer: C SFTP is a file transfer protocol that uses SSH to create the secure connection. 淘宝店铺:https://shop63989109.taobao.com/ upvoted 1 times Guseyayi 7 months, 1 week ago Selected Answer: C SSH is a secure method of connecting to remote servers over a network because it encrypts data transmitted over a network. upvoted 1 times uday1985 8 months, 2 weeks ago I think its D , but the messed up the letters SFTP became SRTP! I dare you who have answered SSH to use the same answer when SFTP is next to it! upvoted 1 times [Removed] 8 months, 2 weeks ago 店 There is such thing as SRTP... upvoted 3 times 铺 店 铺 ; ; 学 学 习 习 小 小answer for this question. His point is OP typo'd and 店 wrote SRTP instead of SFTP. If SFTP was an option, it would be the more accurate 店 6acronyms 6SRTP. CompTIA rarely puts bogus in their questions, so it's more likely that OP simply typo'd SFTP as a bogus 6 6 CTE_Instructor 7 months ago upvoted 1 times CTE_Instructor 7 months ago Self correction: SRTP is Secure Real-Time Protocol, and is an objective on the Security+ 601. It's primarily used for real-time media stream security like video & VoIP. It is not the correct answer for this question. upvoted 3 times Mr_BuCk3th34D 8 months, 3 weeks ago Actually, a better answer would be SFTP (SSH with FTP), but since this is not an alternative, I'll go with SSH. upvoted 1 times lordguck 10 months, 3 weeks ago C: LDAPS (B) is for authentication but that does not answer the question about the data transfer. SSH on the other hand can do both e.g. with user/password or better yet certificates. upvoted 1 times be9z 11 months, 2 weeks ago The answer is SSH. SSH can be used to transfer data from one computer to another over internet. And it is a secure connection upvoted 1 times RawToast 11 months, 2 weeks ago Selected Answer: C SSH is a suite of three utilities. SSH: Secure Shell for secure connection and command execution. SCP: Secure Copy Protocol, and slogin: enables secure login. Both ends of an SSH connection are encrypted. SSH would allow for all of the criteria to be met. upvoted 3 times Mondicles 1 year ago Selected Answer: C This is definitely C. LDAP is used to provide a central place for directory service authentication. S/MIME is an internet standard to digitally sign and encrypt email messages. It ensures the integrity of email messages remains intact while being received. SSH can be used with FTP which is called SFTP, file transfer over encrypted tunnel. upvoted 4 times 店 店 铺 铺 mark9999 1 year ago ; ; 学 学 LDAPS is for directory based traffic and S/MIME for email traffic. Sending files to another server using SSH will achieve the aim. Try it out on linux based machines. upvoted 1 times 习 习 小 店 monsteracid 1 year ago 66 小 店 LDAPS is used for authentication ONLY. It does not perform any encryption of files. upvoted 1 times Wiggie 1 year ago LDAPS https://library.netapp.com/ecmdocs/ECMP1366834/html/GUID-0E97E7F2-D46D-4883-B95B-A066B0D52B3D.html upvoted 1 times Dachosenone 1 year ago Selected Answer: C You can transfer files from server to server using SSH. https://tecadmin.net/download-file-using-ssh/ 66 淘宝店铺:https://shop63989109.taobao.com/ upvoted 2 times comeragh 1 year ago On review it looks to be LDAPS. Other sites also saying LDAPS. upvoted 1 times monsteracid 1 year ago LDAPS is used for authentication ONLY. It does not perform any encryption of files. upvoted 2 times varun0 1 year ago Selected Answer: C S/MIME is the format used for email attachments, there is no way for the users to upload files to the directory and have it automatically sent to the business partner. SSH can do this by sshing to the required directory and placing the files there. And having it sent using various ssh based file transfer protocols like sftp, scp. upvoted 4 times 店 铺 ; ago Wiggie 1 year学 习 https://www.miniorange.com/guide-to-setup-ldaps-on-windows-server 小 店 66 https://www.techtarget.com/searchmobilecomputing/definition/LDAP 店 铺 ; 学 习 小 店 66 upvoted 2 times Wiggie 1 year ago Selected Answer: B Directory = LDAPS upvoted 2 times Mondicles 1 year ago LDAP is used as an authentication protocol for directory services. upvoted 1 times monsteracid 1 year ago LDAPS is used for authentication ONLY. It does not perform any encryption of files. upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #15 An administrator needs to protect user passwords and has been advised to hash the passwords. Which of the following BEST describes what the administrator is being advised to do? A. Perform a mathematical operation on the passwords that will convert them into unique strings. B. Add extra data to the passwords so their length is increased, making them harder to brute force. C. Store all passwords in the system in a rainbow table that has a centralized location. D. Enforce the use of one-time passwords that are changed for every login session. 店 店 铺 Correct Answer: A 铺 ; ; 学 Community vote distribution 习 小A (96%) 店 66 varun0 Highly Voted 学 习 小 店 4% 66 1 year ago Selected Answer: A A 100% sure upvoted 9 times Protract8593 Most Recent 2 months ago Selected Answer: A Hashing is a cryptographic process that takes an input (such as a user password) and transforms it into a fixed-size, unique string of characters, known as the hash value or hash code. The hashing algorithm performs a one-way function, meaning it is not possible to reverse the process and retrieve the original password from the hash value alone. The resulting hash value is unique to the input, meaning different passwords will result in different hash values. By storing only the hash values of passwords instead of the passwords themselves, the administrator ensures that even if the database is compromised, the actual passwords are not exposed to attackers. When a user attempts to log in, the password they provide is hashed and compared to the stored hash value. If the hash values match, the password is considered correct, and access is granted. upvoted 2 times ApplebeesWaiter1122 3 months ago Selected Answer: A The administrator is being advised to hash the passwords. Hashing is a process of applying a mathematical algorithm to a password, resulting in a unique string of characters known as a hash value or hash code. The hash value is typically of fixed length, regardless of the input password's length. When passwords are hashed, they are transformed into irreversible representations. Hash functions are designed in such a way that it is computationally infeasible to reverse-engineer the original password from the hash value. This ensures that even if the hashed passwords are compromised, the actual passwords remain protected. Hashing is a widely used technique to securely store passwords. Instead of storing the passwords themselves, the system stores the hash values. During the authentication process, the user's entered password is hashed and compared to the stored hash value. If the hashes match, the password is considered correct. upvoted 1 times Navigator 4 months ago 店 Selected Answer: A 铺 meaningful answer here. This is the most ; 学 upvoted 1 times 习 小 ago princajen 6 months, 2 weeks店 66 Selected Answer: A 店 铺 ; 学 习 小 店 66 The administrator is being advised to perform a mathematical operation on the passwords that will convert them into unique strings. Therefore, the correct option is: A. Perform a mathematical operation on the passwords that will convert them into unique strings. Hashing is a process that takes a password as input, performs a mathematical operation on it, and generates a fixed-length string of characters as output, called a hash. The hash can be stored in a database and used to authenticate the user. When the user enters their password, the same mathematical operation is performed on it, and the resulting hash is compared to the stored hash. If the two hashes match, the user is authenticated. The use of hashing is a widely accepted method for securing passwords. upvoted 2 times DALLASCOWBOYS 7 months, 4 weeks ago A. is the definition of hashing upvoted 1 times xxxdolorxxx 8 months, 1 week ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: A A. Hashing pushes the data through a one way algorithm resulting in a string that you can use to compare against the original value. All other answers don't really make any sense. upvoted 1 times KingDrew 8 months, 2 weeks ago Selected Answer: A Basically a cryptography method. upvoted 1 times whiteLightning0820 10 months, 4 weeks ago Selected Answer: A 店 ITS A FO SHO upvoted 1 times 店 铺 铺 ; ; 学 学 习 习 alayeluwa 11 months, 2 weeks ago Selected Answer: A 小 It is A 小 店 店 66 66 Option be will be salting. upvoted 1 times Mondicles 1 year ago This question wants to test if you know that definition of a hash function which is described in OPTION A. upvoted 2 times FT1 1 year ago A - What's Hashing About? By dictionary definition, hashing refers to "chopping something into small pieces" to make it look like a "confused mess". That definition closely applies to what hashing represents in computing. In cryptography, a hash function is a mathematical algorithm that maps data of any size to a bit string of a fixed size. We can refer to the function input as message or simply as input. The fixed-size string function output is known as the hash or the message digest. As stated by OWASP, hash functions used in cryptography have the following key properties: upvoted 2 times dj450 1 year ago Selected Answer: A Admin is being advised to hash. A is the definition of hashing upvoted 2 times Ribeiro19 1 year ago Selected Answer: A Guys, don't invent the wheel again. The question is stating what the told the guy to do! That us hashing. And the answer A is the definition of hash. You can find on google upvoted 3 times examprepkt 1 year ago Seems like B would be the best option, What is password salting? Password salting is a technique to protect passwords stored in databases by adding a string of 32 or more characters and then hashing them. Salting prevents hackers who breach an enterprise environment from reverse-engineering passwords and stealing them from the database. 店 铺 ; 学 https://www.techtarget.com/searchsecurity/definition/salt 习 小 upvoted 2 times 店 66 Mondicles 1 year ago 店 铺 ; 学 习 小 店 66 Option A literally defines what a hash is. Read the question carefully. upvoted 3 times stoneface 1 year ago You are not adding any data when you are hashing - adding randomized value 'salting' upvoted 3 times KetReeb 1 year ago A - Common uses of hashing algorithms are to store computer passwords and to ensure message integrity. The idea is that hashing can produce a unique value that corresponds to the data entered, but the hash value is also reproducible by anyone else running the same algorithm against the data. upvoted 3 times comeragh 1 year ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: B B here for me seems the one that fits best. upvoted 1 times Ay_ma 1 year ago That's 'salting'. The question didn't indicate that anything was added to the process. upvoted 3 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #16 Which of the following would be indicative of a hidden audio le found inside of a piece of source code? A. Steganography B. Homomorphic encryption C. Cipher suite D. Blockchain Correct Answer: A 店 店 铺 Community vote distribution ; 学 习 铺 ; 学 习 A (100%) 小 小 店 店 66 rodwave 66 10 months, 2 weeks ago Highly Voted Selected Answer: A Steganography is the technique of hiding secret data within an ordinary, non-secret, file or message in order to avoid detection. It's essentially being able to hide in plain sight. The question is referring to a hidden file not some form of encryption, Steganography is not an encryption method but can be used with encryption to add an extra step for protecting data. ============================== Other Choices: Homomorphic encryption - An encryption algorithm designed to allow calculations to be performed on the encrypted data without requiring access to a secret key to decrypt the data. The result of such a computation remains in encrypted form, and can at a later point, the original data can be accessed with the proper decryption key. This allows critical and sensitive data to be outsourced to third-parties without posing a serious risk to the original owner of that data. Cipher suite - Algorithms/Instructions required to enable secure network connections between servers and clients through TLS(SSL). Blockchain - A shared, immutable ledger that facilitates the process of recording transactions and tracking assets in a business network. upvoted 15 times adam1p 3 months, 1 week ago When's the next album dropping? upvoted 1 times Ribeiro19 Highly Voted 1 year ago Selected Answer: A Steganography is the art of punting information inside of information. Is like hiding something in front of everyone eyes. upvoted 10 times Protract8593 Most Recent 2 months ago Selected Answer: A Steganography is the practice of concealing information or files within other seemingly innocuous files or data to hide their existence. In the context of the question, an audio file could be hidden inside a piece of source code using steganography techniques. Steganography does not alter the functionality or appearance of the carrier file (in this case, the source code) but embeds the hidden information in a way that is not apparent to casual observation. It can be used to hide various types of files, including audio, images, or documents, within other files. upvoted 1 times 店 店 铺 铺 ; 学 ApplebeesWaiter1122 3 months ago 习 小 ; 学 习 小 店 店 Steganography is the practice of 6 concealing information within other files or data in such a way that it is not easily detectable. 66 In the context of 6 digital files, steganography techniques can be used to hide one file, such as an audio file, within another file, such as source code. Selected Answer: A By employing steganography, the audio file can be embedded within the source code file without raising suspicion or altering the appearance of the code. This hidden audio file can only be extracted by using specific methods or tools designed to detect and extract steganographic content. upvoted 1 times Guseyayi 7 months, 1 week ago Selected Answer: A Steganography is the art of using cryptographic techniques to embed secret messages within another message. upvoted 2 times DALLASCOWBOYS 7 months, 4 weeks ago A. Steganography which is the art of using cryptogaphuc techniques to embed secret messages within another file. upvoted 1 times KingDrew 8 months, 2 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: A Steganography = Hiding secret data within other data In this case, secret audio file is hidden within source code data upvoted 1 times batuhanzeyad 8 months, 2 weeks ago Selected Answer: A This is the right antwort upvoted 1 times mr_reyes 9 months, 1 week ago Sooooo many of these are "A", and I believe it is right here also. upvoted 1 times 店 铺 [Removed] 9 months, 3 weeks ago ; A is the right answer 学 铺 ; 学 习 upvoted 1 times 店 习 小 小 店 whiteLightning0820 10 months,64 weeks ago 6 店 66 Selected Answer: A I think its A upvoted 1 times rindrasakti 11 months, 2 weeks ago Ofcurse steganographi A upvoted 1 times comeragh 1 year ago Selected Answer: A Agree with A on this one upvoted 1 times IQ30 1 year ago Selected Answer: A Professor Messer notes : Other steganography types • Audio steganography – Modify the digital audio file – Interlace a secret message within the audio – Similar technique to image steganography upvoted 4 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #17 A user enters a username and a password at the login screen for a web portal. A few seconds later the following message appears on the screen: Please use a combination of numbers, special characters, and letters in the password eld. Which of the following concepts does this message describe? A. Password complexity B. Password reuse C. Password history D. Password age 店 店 铺 Correct Answer: A 铺 ; ; 学 学 习 Community vote distribution 习 小 小 店 店 66 66 A (100%) Ribeiro19 Highly Voted 1 year ago Selected Answer: A Password complexity - is the method that obligate users to use passwords this some characteristics. (like more than X characters, use numbers symbols and letters) . upvoted 8 times comeragh Highly Voted 1 year ago Selected Answer: A A correct answer here upvoted 6 times Protract8593 Most Recent 2 months ago Selected Answer: A Password complexity refers to the practice of requiring passwords to meet certain criteria to make them stronger and more resistant to unauthorized access. The message instructs the user to create a password that includes a combination of numbers, special characters, and letters, which are characteristics commonly associated with a complex password. By using a combination of numbers, special characters (e.g., !, @, #, $, etc.), uppercase letters, and lowercase letters, the resulting password becomes more difficult to guess or crack using brute-force or dictionary attacks. upvoted 1 times ApplebeesWaiter1122 3 months ago Selected Answer: A Password complexity refers to the requirements or rules set for creating a password that includes a combination of different character types such as numbers, special characters, uppercase letters, and lowercase letters. By enforcing password complexity, the system aims to enhance the security of user passwords. In this case, the message is instructing the user to include a combination of numbers, special characters, and letters in their password. By using a variety of character types, the resulting password becomes more resistant to common password cracking methods such as brute force or dictionary attacks. upvoted 1 times 店 铺 ExamPasser420 4 months, 3 weeks ago ; Selected Answer: A 学 习 what to tell you if you don't think its A.. idk小 店 upvoted 1 times 66 店 铺 ; 学 习 小 店 66 DALLASCOWBOYS 7 months, 4 weeks ago A. Making passwords more complex makes them harder to crack upvoted 1 times alwaysrollin247 9 months, 3 weeks ago CompTIA is frustrating. My first thought here is that, this user is logging in not creating an account which would tell me this is the password age expiring. However, the question asks what the message describes which, leaving out the rest of the question, the message itself describes complexity. upvoted 2 times 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #18 A company recently experienced an inside attack using a corporate machine that resulted in data compromise. Analysis indicated an unauthorized change to the software circumvented technological protection measures. The analyst was tasked with determining the best method to ensure the integrity of the systems remains intact and local and remote boot attestation can take place. Which of the following would provide the BEST solution? A. HIPS B. FIM C. TPM D. DLP 店 店 铺 铺 ; ; 学 Correct Answer: C 学 习 习 小 店 66 Community vote distribution C (96%) rodwave 小 店 Highly Voted 66 4% 10 months, 2 weeks ago Selected Answer: C In this question, an attack has already occurred so preventative measures such as HIPS, FIM, or DLP would not be helpful. Also, the analyst wants to check the integrity of the system, and boot attestation can take place. TPM chips have mechanisms to prevent system tampering and boot attestation can be done with TPM based hardware to verify the state of the firmware, bootloader, etc. TPM is the best option here. ===================== Other Choices HIPS (Host Intrustion Prevention System) - An installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host. This aims to stop malware by monitoring the behavior of code. FIM (File Integrity Monitoring) - Technology that monitors and detects file changes that could be indicative of a cyberattack. FIM specifically involves examining files to see if and when they change, how they change, who changed them, and what can be done to restore those files if those modifications are unauthorized. DLP (Data Loss Prevention) - A set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users. upvoted 49 times ELLEWOODS45 10 months, 1 week ago I wish there was a way we could chat with each other, do y’all have a way you communicate ? upvoted 10 times BlackMamba_4 2 months ago Discord, professor messer discord upvoted 1 times Ay_ma Highly Voted 1 year ago The key sentence in the question is: "The analyst was tasked with determining the best method to ensure the integrity of the systems remains intact and local and remote boot attestation can take place" The attack already happened. 'HIPS' looks out for attacks. But in the situation of trying to restore, TPM seems like the best option. upvoted 10 times 店 铺 店 铺 ;Most Recent 2 months ago ; 学 学 习 习 Selected Answer: C 小 小 店is a hardware-based security component that is designed to provide secure cryptographic 店 functions and protect TPM (Trusted Platform Module) 6 66 and to support local 6 It is commonly used to ensure the integrity and security of a system's boot process sensitive data on a computer or server. Protract8593 and remote attestation. Here's how TPM can provide the solution: 1. Boot integrity: TPM can store cryptographic measurements of the system's boot process, including the firmware, bootloader, and operating system components. These measurements are known as Platform Configuration Registers (PCRs) and create a "hash chain" that represents the system's boot state. Any unauthorized changes to the boot process will result in a different hash value, indicating potential tampering. 2. Remote attestation: TPM enables remote attestation, where the system can provide proof of its boot integrity to a remote server or entity. This is crucial for verifying that the system's software and configurations have not been altered by unauthorized parties. Remote attestation can be used to ensure the integrity of the system before allowing access to sensitive data or services. upvoted 2 times BigIshai 1 month, 3 weeks ago @Protract8593, Thank you for the breakdown. very detailed. 淘宝店铺:https://shop63989109.taobao.com/ upvoted 1 times ApplebeesWaiter1122 3 months ago Selected Answer: C TPM is a hardware-based security feature that provides cryptographic functions and secure storage for cryptographic keys. It offers a secure environment for verifying the integrity of a system's boot process and critical components. By leveraging TPM, the analyst can establish a trusted platform and ensure that the system's integrity is maintained. Local boot attestation involves verifying the integrity of the system during the boot process on the local machine. TPM can measure and store hashes of critical components and compare them against known good values, ensuring that unauthorized changes or tampering are detected. Remote boot attestation enables the verification of a system's integrity even when it is booted remotely or in a networked environment. TPM can generate and securely store cryptographic keys, which can be used for remote attestation and establishing trust with other systems or services. upvoted 1 times fouserd 4 months, 2 weeks ago 店 店 铺 铺 ; ; remains intact and local and remote A Trusted Platform学 Module (TPM) would provide the BEST solution to ensure the integrity of the systems学 习place. A TPM is a hardware-based security device that generates and stores cryptographic 习 keys and can be used to verify boot attestation can take 小 小 the integrity of a system’s boot process. 店 店 66 66 upvoted 1 times Selected Answer: C davsharma 5 months ago Selected Answer: B Correct Answer is FIM File Integrity Monitoring (FIM) is a security practice which consists of verifying the integrity of operating systems and application software files to determine if tampering or fraud has occurred by comparing them to a trusted "baseline." upvoted 1 times Treasureprecious 5 months, 2 weeks ago Thank you rodwave for your explanations upvoted 3 times princajen 6 months, 2 weeks ago Selected Answer: C The best solution to ensure the integrity of the system remains intact and local and remote boot attestation can take place would be to use a Trusted Platform Module (TPM). TPM is a specialized chip on the motherboard of a computer that provides hardware-based security, which can help protect against unauthorized access to a computer's data. It can be used to perform boot-time measurements and provide secure storage of encryption keys and passwords, ensuring the system's integrity. With TPM, the system can perform secure boot attestation, which can detect unauthorized changes to the software or firmware that could compromise system security. HIPS, FIM, and DLP are not designed to provide boottime measurements or to provide secure storage of encryption keys and passwords, which are essential for boot attestation. upvoted 1 times DALLASCOWBOYS 7 months, 4 weeks ago C. TPM which is the Trusted Platform Module, which helps prevent unauthorized changes to firmware or software upvoted 2 times mlonz 8 months, 1 week ago A trusted platform module is a hardware chip included on many laptops and mobile devicces. It provides full disk encryption and supports a secure boot process and remote attestation. A TPM includes a unique RSA asymmetric key burned into the chip that provides a hardware root of trust upvoted 1 times nerdboy1992 9 months, 1 week ago Though File Integrity Monitoring (FIM) detects any changes to software, it wouldn't be correct in this instance. This is due to the question stating "remote boot attestation". Trusted Platform Module (TPM) provides this feature. upvoted 1 times 店 店 铺 铺 ; 学 okay123 10 months, 2 weeks ago 习 小 Remote attestation: -Device provides an operational report to a verifcation server - Encrypted and digitally signed with a TPM 店 66 ; 学 习 小 店 So before a remote boot attestation can take place, TPM chips are needed upvoted 2 times Check_mate 10 months, 3 weeks ago Selected Answer: B It's clearly FIM it's a security Practice for ensuring integrity tPM is a trusted Platform Model for securing cryptoprocess upvoted 2 times Sandon 8 months ago It's clearly not upvoted 3 times Mondicles 1 year ago Selected Answer: C 66 淘宝店铺:https://shop63989109.taobao.com/ The answer is C. TPM protects the device against unauthorized firmware and software modification by hashing critical sections of firmware and software. upvoted 2 times comeragh 1 year ago Selected Answer: C Sorry my earlier comment suggested HIPS. On further reading going with C - TPM upvoted 3 times Ribeiro19 1 year ago Selected Answer: C check this out guys https://docs.microsoft.com/en-us/azure/security/fundamentals/measured-boot-host-attestation upvoted 1 times varun0 1 year ago 店 店 铺 铺 Selected Answer: C ; ; 学 学 remote boot attestation only be done with something called measured boot which takes the hashes of the firmware, drivers, OS and stores them in the TPM from where the admin can remotely ensure the integrity of the system and sure that it has not changed. upvoted 4 times 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #19 Which of the following is a reason to publish les' hashes? A. To validate the integrity of the les B. To verify if the software was digitally signed C. To use the hash as a software activation key D. To use the hash as a decryption passphrase Correct Answer: A 店 店 铺 Community vote distribution ; 学 习 铺 ; A (100%) 小 店 securityexam101 66 Highly Voted 1 year ago 学 习 小 店 66 Hashes = Integrity always upvoted 9 times varun0 Highly Voted 1 year ago Selected Answer: A A seems obvious to me. upvoted 7 times Protract8593 Most Recent 2 months ago Selected Answer: A Publishing files' hashes is a common practice used to validate the integrity of files and ensure that they have not been tampered with or corrupted. A hash value is a unique fixed-size string of characters generated from the contents of a file using a cryptographic hashing algorithm. Even a minor change in the file's content will result in a completely different hash value. When files are distributed, users can independently calculate the hash value of the received file and compare it to the published hash value. If the calculated hash matches the published hash, it means that the file has not been altered during transit, ensuring its integrity. If the hash values do not match, it indicates that the file may have been tampered with, corrupted, or modified, and users should exercise caution before using the file. upvoted 1 times ApplebeesWaiter1122 3 months ago Selected Answer: A Publishing files' hashes is primarily done to validate the integrity of the files. Hash functions generate unique hash values based on the content of a file. By calculating and publishing the hash values for files, users can compare them to verify the integrity of the files they possess. When a file is downloaded or received from an untrusted source, comparing the calculated hash of the file with the published hash allows users to determine if the file has been altered or tampered with during transmission. If the calculated hash matches the published hash, it indicates that the file has not been modified and remains intact. upvoted 1 times DALLASCOWBOYS 7 months, 4 weeks ago A. Publishing hashes allows the comparison of hash values to verifiy integrity upvoted 2 times 店 店 铺 铺case they downloaded the software from 3rdI believe it's 'B'.; Software vendors publish the hashes of their software products so the end users (in ; Digital signatures use hashes. party websites) can学 verify if the software has not been tampered with (added malware or malicious code).学 习 习 upvoted 1 times 小 小 店 店 66 TinyTrexArmz 8 months ago 66 GetBuckets 9 months, 3 weeks ago But a hash does not prove that it was digitally signed. You take a plain txt file and, using a hash generator, create a hash for it. If I then share the text file with you and you wanted to make sure what is currently in the text file is the same as what I sent you then you'd use a compatible hash generator to generate a hash for the file you received. If our hashes match then the file wasn't changed. If the hash is different then something happened in transit and you can't trust that txt file. To accomplish this I didn't have to digitally sign it or encrypt it or anything. Just share the file with you along with my original hash. upvoted 4 times rodwave 10 months, 2 weeks ago Selected Answer: A To validate the integrity of the files - Hash function algorithms compares the file's original and current hash values. And if a byte or even a piece of the file's data has been changed, the original and current hash values will be different, and therefore you will know whether it's the same file or not. upvoted 3 times lordguck 11 months ago 淘宝店铺:https://shop63989109.taobao.com/ "A" is right obviously, but I have an question training dump from Okt/22 whicht says, "B" (rubbish if you ask me). upvoted 1 times Ribeiro19 1 year ago Selected Answer: A To validate the integrity of the files upvoted 2 times stoneface 1 year ago Selected Answer: A A - hashing upvoted 3 times comeragh 1 year ago 店 Selected Answer: A 铺 Agree with A being correct answer here upvoted 1 times ; 店 铺 ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #20 A security manager has tasked the security operations center with locating all web servers that respond to an unsecure protocol. Which of the following commands could an analyst run to nd the requested servers? A. nslookup 10.10.10.0 B. nmap -p 80 10.10.10.0/24 C. pathping 10.10.10.0 -p 80 D. ne -l -p 80 店 店 铺 Correct Answer: B 铺 ; ; 学 Community vote distribution 习 学 习 小B (100%) 店 66 rodwave 小 店 66 10 months, 2 weeks ago Highly Voted Selected Answer: B Answer: nmap -p 80 10.10.10.0/24 - Nmap or network mapper is a network discovery and security auditing tool mainly used to find services, hosts, and open ports on a network. In this case, nmap will check for the HTTP port 80. ==================================== Other Choices Nslookup - This command queries DNS servers to obtain DNS records Pathping - This command provides information about network latency and packet loss at hops between a source and destination. Used for troubleshooting network issues. ne - Honestly not 100% here upvoted 22 times CTE_Instructor 7 months ago The ne command would be used to see traffic on one specific interface, while nmap would scan the entire network and show which ports are open on discovered IP addresses. For this question, nmap would be a more comprehensive scan and would show any IP address on the network which has port 80 open. upvoted 2 times TinyTrexArmz 8 months ago I agree the answer is nmap but I'll also say that the command would not find "all web servers" It would only find web servers on the 10.10.10.0/24 subnet. Because of this fact and my not being familiar with that "ne" command, I chose it initially. Which I think is why it's there. To trick people like me that get hung up on the word phrase "all web servers." As far as my search goes, I've not found a system that uses the "ne" command. upvoted 1 times varun0 Highly Voted 1 year ago Selected Answer: B nmap is looking for the unsecure port 80 (http), pathping only shows packet drops and latency. upvoted 15 times Protract8593 2 months ago Most Recent Selected Answer: B 店 店 1. nmap: nmap is a powerful network scanning tool used to discover hosts and services on a computer network. 2. -p 80: This option specifies that nmap should scan for open ports on port 80, which is the default port used for HTTP (unsecure web) communication. 3. 10.10.10.0/24: This is the target network range or IP address range that the analyst wants to scan. The /24 indicates a subnet mask of 255.255.255.0, meaning it will scan all IP addresses in the 10.10.10.0 network. 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 By running this command, the security operations center analyst can identify all web servers within the specified network range (10.10.10.0/24) that are responding on port 80, which is indicative of unsecure HTTP services. This information can then be used to further investigate and secure those servers if needed. upvoted 3 times ApplebeesWaiter1122 3 months ago Selected Answer: B To find web servers that respond to an unsecure protocol, an analyst can run the command "nmap -p 80 10.10.10.0/24". Explanation: "nmap" is a popular network scanning tool used for host discovery and service enumeration. "-p 80" specifies the port to scan, in this case, port 80, which is the default port for HTTP. "10.10.10.0/24" represents the IP address range to scan. The "/24" denotes a CIDR notation indicating all IP addresses within the subnet. By running this command, the analyst will scan the IP range 10.10.10.0/24 for open port 80. If a web server is listening on port 80, it indicates that it is responding to unsecure HTTP requests. 淘宝店铺:https://shop63989109.taobao.com/ upvoted 1 times princajen 6 months, 2 weeks ago Selected Answer: B B. nmap -p 80 10.10.10.0/24 The nmap command is a powerful network exploration and security auditing tool, which can be used to scan a range of IP addresses to determine which ports are open and which services are running on those ports. In this case, the security operations center has been tasked with locating web servers that respond to an unsecure protocol. Port 80 is the standard port for HTTP, which is an unsecure protocol. Therefore, the nmap command can be used to scan the IP range specified (10.10.10.0/24) and check if any servers are running an HTTP service on port 80. upvoted 1 times xxxdolorxxx 8 months ago Selected Answer: B Nmap seems right to me. Done this a number of times when going for my eJPT. upvoted 1 times 店 铺 ; ago comeragh 1 year学 习 Selected Answer: B 店 铺 ; 学 习 小 小 店 店 66 B correct here upvoted 4 times 66 stoneface 1 year ago Selected Answer: B b) nmap -p 80 10.10.10.0/24 -> upvoted 4 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #21 Which biometric error would allow an unauthorized user to access a system? A. False acceptance B. False entrance C. False rejection D. False denial Correct Answer: A 店 店 铺 Community vote distribution ; 学 习 铺 ; 学 习 A (100%) 小 小 店 stoneface 店 66 Highly Voted 66 1 year ago Selected Answer: A FAR ( False Acceptance Rate ) -> where an interloper is accepted (Type II error or false match rate [FMR]). FAR is measured as a percentage. False rejection cause inconvenience to users, but false acceptance can lead to security breaches, and so is usually considered the most important metric. upvoted 16 times rodwave Highly Voted 10 months, 2 weeks ago Selected Answer: A False Acceptance - There are only two metrics that are used to determine the performance of biometrics: FAR (False Acceptance Rate) & FRR (False Rejection Rate). False Acceptance Rate is a metric for biometric performance that determines the number of instances where unauthorized persons were incorrectly authorized. For this question, a biometric error would mean that someone was authorized when they weren't supposed to be authorized. upvoted 8 times Protract8593 Most Recent 2 months ago Selected Answer: A False acceptance, also known as a "false positive," occurs when the biometric system incorrectly matches the biometric input of an unauthorized user to the biometric template of an authorized user. In other words, the system incorrectly identifies the unauthorized user as an authorized user and grants them access. This type of error is a security concern because it allows unauthorized individuals to gain access to the system, potentially compromising sensitive data or resources. Reducing the false acceptance rate is essential for improving the overall security of the biometric system and ensuring that only authorized users are granted access. upvoted 1 times ApplebeesWaiter1122 3 months ago Selected Answer: A False acceptance refers to a biometric system incorrectly accepting the identity of an unauthorized user as a legitimate user. It occurs when the system incorrectly matches the biometric data of an unauthorized individual with that of an authorized user, granting access to someone who should not have it. upvoted 1 times 店 铺 DALLASCOWBOYS 7 months, 4 weeks ago ; allows unauthorized user and accepts them as valid. A. False acceptance学 习 upvoted 1 times 小 店 66 varun0 1 year ago Selected Answer: A False Acceptance Rate - accepts wrong info upvoted 5 times 店 铺 ; 学 习 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #22 A company is auditing the manner in which its European customers' personal information is handled. Which of the following should the company consult? A. GDPR B. ISO C. NIST D. PCI DSS 店 店 铺 Correct Answer: A 铺 ; ; 学 Community vote distribution 习 学 习 小A (100%) 店 66 comeragh Highly Voted 小 店 66 1 year ago Selected Answer: A GDPR correct here upvoted 11 times secplusme 12 months ago GDPR is countries in the EU not all of Europe upvoted 1 times varun0 Highly Voted 1 year ago Selected Answer: A GDPR - Privacy law for Europeans citizens upvoted 9 times Protract8593 Most Recent 2 months ago Selected Answer: A GDPR is a comprehensive data protection regulation that governs the handling and processing of personal data of individuals located in the European Union (EU). It sets strict requirements and guidelines for organizations that collect, store, or process personal data of EU citizens, regardless of where the organization is based. upvoted 1 times ApplebeesWaiter1122 3 months ago Selected Answer: A The General Data Protection Regulation (GDPR) is a comprehensive data protection and privacy regulation in the European Union (EU). It outlines the rules and requirements for handling personal data of individuals within the EU, including how personal information should be collected, processed, stored, and protected. Given that the company is auditing the handling of its European customers' personal information, GDPR is highly relevant. It provides specific guidelines and obligations for organizations regarding the privacy and security of personal data. upvoted 1 times DALLASCOWBOYS 7 months, 4 weeks ago 店 店 A. GDPR is the General Data Protection Regulation implements security and privacy requirements for personal info of European residents worldwide. upvoted 4 times 铺 铺 ; 学 习 小 ago rodwave 10 months, 2 weeks 店 66 Selected Answer: A ; 学 习 小 店 66 Answer: GDPR - General Data Protection Regulation is a regulation in EU laws that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. ============================== Other Choices: ISO (International Organization for Standardization) - An independent, non-governmental organization that develops standards to ensure the quality, safety and efficiency of products, services and systems. NIST (National Institute of Standards and Technology) - A non-regulatory US government agency created to develop cybersecurity standards, guidelines, best practices, and other resources to meet the needs of U.S. industry, federal agencies and the broader public. PCI DSS (Payment Card Industry Data Security Standard) - A set of security standards for organizations that handle credit cards from major card schemes. upvoted 7 times grinop 11 months, 1 week ago 淘宝店铺:https://shop63989109.taobao.com/ From what I see Global Data Protection Regulations is EU but not sure all of Europe upvoted 1 times ExamTopicsDiscussor 11 months, 4 weeks ago GDPR is for Europe. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #23 Which of the following are common VoIP-associated vulnerabilities? (Choose two.) A. SPIM B. Vishing C. Hopping D. Phishing E. Credential harvesting 店 F. Tailgating 店 铺 铺 ; Correct Answer: AB ; 学 小 店 66 BE (51%) Highly Voted 习 小 Community vote distribution serginljr 学 习 店 AB (31%) Other 66 1 year ago Hopping does not exist in exam objectives upvoted 32 times NerdAlert 5 months, 3 weeks ago heads up - vlan hopping one was of the choices on my exam, but credential harvesting was not! IDK which one is correct besides vishing, but cred harvesting wasnt there. upvoted 6 times user82 5 months, 1 week ago So the only reason "hopping" is not the answer is because it's not in the exam objectives? So I guess it's SPIM and credential harvesting upvoted 2 times BlackMamba_4 2 months ago Spim and vishing upvoted 6 times MENAMONGMEN 5 months ago he just said cred harvesting is NOT on the test.. :( upvoted 2 times k9_462 Highly Voted 1 year ago Selected Answer: BE after heavy consideration and reading through multiple sec+ books, i m kinda going with B & D. vishing and credential harvesting as being the most common attacks, as hopping doesnt ever seem to come up in the material. https://fitsmallbusiness.com/voip-security-threats/ upvoted 27 times k9_462 1 year ago although they dont specifically mention VOMIT, a common result of VOMIT would be credntial harvesting. 店 店 铺 铺 calls. VOMIT works by eavesdropping on "VOMIT, is a; VoIP hacking technique that extracts confidential data and voice packets directly from; 学 makes it easy to obtain company phone calls and学 converting phone conversations into files straight from your business phone system. This 习 习 information, including 小 usernames, passwords, bank details, phone numbers, and call origin." 小 店 店 upvoted 12 times 66 66 Abbey2 Most Recent 4 weeks ago The common VoIP-associated vulnerabilities are: B. Vishing (Voice Phishing) E. Credential Harvesting Explanation: Vishing (Voice Phishing) (Option B) involves using phone calls to deceive individuals into revealing sensitive information, such as passwords, credit card numbers, or other personal details. Attackers manipulate victims into trusting the caller's identity and legitimacy. Credential Harvesting (Option E) involves attempting to steal usernames, passwords, or other credentials from users. In the context of VoIP, attackers might try to trick users into revealing their authentication information, potentially leading to unauthorized access. upvoted 1 times NetTech 4 weeks ago Selected Answer: AB 淘宝店铺:https://shop63989109.taobao.com/ I'm going with A SPIM and B Vishing. The questions is asking for "common" vulnerabilities. While RTP packets can be captured and listened to, I don't think this is a common occurrence so not credential harvesting. Hopping or VLAN hopping can be used to move from the VoIP network over the data network, but again I feel this would be uncommon. upvoted 1 times harakara 4 weeks, 1 day ago Out of the given options, the common VoIP-associated vulnerabilities are: A. SPIM B. Vishing SPIM is Unsolicited messages sent over VoIP messaging systems. It's similar to email spam but targets VoIP users, especially on instant messaging platforms. upvoted 1 times feroze895 1 month, 1 week ago I had this exact question on the exam. upvoted 2 times 店 铺 3 weeks, 4 days ago mpengly88 ; And did you get学 it correct? 习 upvoted 1 times 小 店 66 emd 1 month, 1 week ago 店 铺 ; 学 习 小 店 66 Selected Answer: BE B. Vishing (Voice phishing) - This involves attackers attempting to manipulate individuals into revealing sensitive information or performing actions by impersonating a trusted entity over a phone call. E. Credential harvesting - Attackers can try to gather usernames and passwords through various means, such as intercepting VoIP traffic or tricking users into revealing their credentials. upvoted 1 times emd 1 month, 1 week ago B. Vishing (Voice phishing) - This involves attackers attempting to manipulate individuals into revealing sensitive information or performing actions by impersonating a trusted entity over a phone call. E. Credential harvesting - Attackers can try to gather usernames and passwords through various means, such as intercepting VoIP traffic or tricking users into revealing their credentials. upvoted 1 times RevolutionaryAct 1 month, 2 weeks ago Selected Answer: AB Clearly we all know Vishing, and originally I picked credential harvesting, but now I believe that SPIM is correct. I learned something today - you can text over VoIP https://simpletexting.com/blog/what-is-voip-texting-and-how-does-it-work/ Phishing is email Hopping has to do with VLAN Credential harvesting steals usernames and passwords, though it could be done with social engineering but VoIP is more permissible for SPIM and Vishing Tailgating has to do with following someone into a building through a secured doorway upvoted 6 times zits88 1 month, 3 weeks ago It is 100% A & B. While you CAN credential harvest using VoIP, it is not the most precise answer. SPIM is considered a VoIP-based intrusion despite what a lot of people on here are saying. upvoted 3 times 店 店 铺 The question asked most appropriate choices(A and B). Credential ; for vulnerabilities- weaknesses in the tech... SPIM and Vishing appear to be the铺 学a result of vishing and maybe not so much of a weakness when compared to the ; 学 options! just my thoughts. harvesting could be chosen 习 习 upvoted 2 times 小 小 店 店 6 66 AmesCB 1 month, 3 weeks ago 6 BigIshai 1 month, 3 weeks ago is vishing not just a form of credential harvesting? upvoted 1 times assfedass nished 1 month, 3 weeks ago Selected Answer: AB Some Voip devices allow text to be received. upvoted 2 times Nikamy 1 month, 4 weeks ago Selected Answer: BD My answer: BD upvoted 2 times Protract8593 2 months ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: AB A. SPIM (Spam over Internet Protocol): SPIM refers to unsolicited spam messages sent over VoIP systems. It is the VoIP equivalent of email spam. B. Vishing (Voice Phishing): Vishing is a social engineering attack in which attackers use phone calls or VoIP to deceive individuals into providing sensitive information or performing certain actions. upvoted 4 times DriftandLuna 2 months ago I chose SPIM but then saw that SPIM refers to Spam over Instant Messaging so i don't think it can be SPIM upvoted 1 times Protract8593 2 months ago Selected Answer: BE 店 ChatGPT thought SPIM stood for Spam over Internet Protocol... 铺 ; Correction: 店 铺 ; 学 学 习 习 小 小 into providing sensitive B. Vishing (Voice Phishing): Vishing is a social engineering attack that uses phone calls or VoIP to deceive individuals 店 店 information or performing certain 66 actions. 66 E. Credential harvesting: Credential harvesting can be part of vishing attacks in the context of VoIP. Attackers may attempt to gather sensitive credentials through VoIP communication. upvoted 1 times darkhat 2 months ago someone said "heads up - vlan hopping one was of the choices on my exam, but credential harvesting was not! IDK which one is correct besides vishing, but cred harvesting wasnt there." if thats true than i guess we can remove that and focus on other options , what do you think ? upvoted 1 times AmesCB 1 month, 3 weeks ago thanks! credential harvesting is a broad name and I would think SPIM. upvoted 1 times LiteralGod 2 months, 1 week ago Selected Answer: BE It's B and E. Voice Phishing is a vulnerability in VoIP and so is Credential Harvesting although uncommon. Hopping isn't a vulnerability so this is not the answer. upvoted 1 times ApplebeesWaiter1122 3 months ago Selected Answer: BE B. Vishing (Voice Phishing) Vishing is a form of social engineering attack that targets VoIP systems. Attackers use voice communication to deceive individuals into revealing sensitive information, such as login credentials or personal data, by posing as a legitimate entity. E. Credential Harvesting Credential harvesting involves the unauthorized collection of user credentials, such as usernames and passwords. In the context of VoIP, attackers may attempt to harvest credentials to gain unauthorized access to VoIP systems or services. upvoted 1 times 店 ApplebeesWaiter1122 3 months ago 铺 店 铺 I know VLAN hopping is a valid choice as well but going with E here. Credential Harvesting, indirectly would be 1.1 in the exam objectives (Impersonation). From Professor Messer's course notes: ; 学 习 ; 学 习 小 小 B. Vishing (Voice Phishing) 店 店 individuals into Vishing is a form of social engineering attack that targets VoIP systems. Attackers use voice communication to deceive 66 66 revealing sensitive information, such as login credentials or personal data, by posing as a legitimate entity. E. Credential Harvesting Credential harvesting involves the unauthorized collection of user credentials, such as usernames and passwords. In the context of VoIP, attackers may attempt to harvest credentials to gain unauthorized access to VoIP systems or services. upvoted 1 times ApplebeesWaiter1122 3 months ago Ignore B/E in that comment. Meant to paste: Eliciting information • Extracting information from the victim – The victim doesn’t even realize this is happening – Hacking the human • Often seen with vishing (Voice Phishing) – Can be easier to get this information over the phone 淘宝店铺:https://shop63989109.taobao.com/ • These are well-documented psychological techniques – They can’t just ask, “So, what’s your password?” upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #24 Which of the following describes the exploitation of an interactive process to gain access to restricted areas? A. Persistence B. Buffer over ow C. Privilege escalation D. Pharming Correct Answer: C 店 店 铺 Community vote distribution ; 学 C (88%) 习 小 店 varun0 铺 ; 学 习 12% 小 店 66 Highly Voted 66 1 year ago Selected Answer: C exploitation of interactive process is the commandline from where exploits can be run to gain root permissions in a system upvoted 19 times Protract8593 Most Recent 2 months ago Selected Answer: C Privilege escalation is the process of exploiting a vulnerability or weakness in a system to gain higher-level access or privileges than the user originally had. It involves elevating one's privileges from a standard or restricted user to an administrative or superuser level. By doing so, an attacker can gain access to sensitive or restricted areas of the system, perform unauthorized actions, and potentially take control over the entire system. Privilege escalation can occur through various means, such as exploiting software vulnerabilities, misconfigurations, or weaknesses in access controls. It is a critical security concern and is often used as part of sophisticated cyberattacks to gain deeper access to a targeted system or network. upvoted 1 times ApplebeesWaiter1122 3 months ago Selected Answer: C Privilege escalation is the process of elevating one's privileges or access level beyond what is initially granted. In the context of security, it typically refers to gaining higher privileges within a system or application to access restricted areas or perform unauthorized actions. Exploiting an interactive process refers to taking advantage of a running program or process to manipulate it in a way that grants higher privileges or access rights. By exploiting vulnerabilities or weaknesses in the interactive process, an attacker can escalate their privileges and gain unauthorized access to restricted areas of the system. upvoted 2 times LeonardSnart 4 months, 2 weeks ago Selected Answer: C I thought it was B at first, but after checking the book C seems to be correct. "There are a couple of ways to achieve privilege escalation. One way is to use existing privileges to perform an action that steals a better set of credentials. You can obtain “better” credentials by using sniffers to grab credentials or by getting the Windows Security Account Manager (SAM) or the Linux/Unix etc/passwd file. Another method is by exploiting vulnerabilities or weaknesses in processes that are running with escalated privileges. Injecting malicious code into these processes can also achieve escalated privilege." 店 铺 ; 学 -All-in-one Comptia Security+ 习 SY0-601 by Conklin, White, et al 小 upvoted 1 times 店 6 princajen 6 months, 2 weeks ago 6 店 铺 ; 学 习 小 店 66 Selected Answer: C C. Privilege escalation. Privilege escalation is the exploitation of an interactive process to gain access to resources that are normally unavailable to an unauthorized user. This can occur when an attacker gains access to a low-privileged account on a system and then uses that access to escalate privileges to a higher level, allowing the attacker to perform actions they wouldn't normally be able to do. For example, an attacker might use a privilege escalation exploit to gain administrative access to a system or to gain access to sensitive data. upvoted 4 times DALLASCOWBOYS 7 months, 4 weeks ago C. Privilege Escalation seeks to increase the level of access that a user normally doesn't have. A restricted access area is an increased level of access. upvoted 1 times xxxdolorxxx 8 months ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: C Priv esc. upvoted 1 times NICKJONRIPPER 10 months, 1 week ago Selected Answer: B interactive means input, gain restrict area means modify memory that not allowed to the application, this is buffer overflow. No mention to gain another account(privilege escalation). upvoted 4 times Sandon 8 months, 1 week ago That ain't it upvoted 4 times Dutch012 4 months, 2 weeks ago 店 铺 Agree with ya upvoted 1 times 铺 ; 店 ; 学 学 习 months, 1 week ago NICKJONRIPPER 10小 key is gain "area", not gain店 "account" 66 upvoted 3 times 习 小 店 66 FMMIR 10 months, 1 week ago Selected Answer: C With Privilege Escalation, hackers can use a NON-INTERACTIVE program (application) to gain access. Privilege escalation happens when a malicious user exploits a bug, design flaw, or configuration error in an APPLICATION (either a batch program or an interactive program) or OPERATING SYSTEM utility program to gain elevated access to resources that should normally be unavailable to that user. upvoted 1 times comeragh 12 months ago Selected Answer: C Agree with C here being the correct answer upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #25 An organization is planning to open other data centers to sustain operations in the event of a natural disaster. Which of the following considerations would BEST support the organization's resiliency? A. Geographic dispersal B. Generator power C. Fire suppression D. Facility automation 店 店 铺 Correct Answer: A 铺 ; ; 学 Community vote distribution 习 小A (100%) 店 66 varun0 Highly Voted 学 习 小 店 66 1 year ago Selected Answer: A Placing that datacenter far away, maybe in another country can help protect against disasters like an earthquake upvoted 14 times Gravoc Highly Voted 1 year ago At least 90 miles away for natural disaster industry standard guidelines. upvoted 7 times Protract8593 Most Recent 2 months ago Selected Answer: A Geographic dispersal refers to the practice of establishing data centers or facilities in different geographical locations, often at a considerable distance from one another. By having data centers located in diverse geographic regions, the organization can increase its resiliency and ensure continuity of operations even in the face of natural disasters or regional disruptions. upvoted 2 times ApplebeesWaiter1122 3 months ago Selected Answer: A Geographic dispersal refers to the strategic placement of data centers in different geographical locations. By having data centers spread across diverse geographic areas, the organization ensures that its operations can continue even if one or more locations are affected by a natural disaster. If a natural disaster, such as a hurricane, earthquake, or flood, occurs in one region, the organization's other data centers in unaffected areas can sustain operations and maintain business continuity. Geographic dispersal reduces the risk of a single point of failure and increases the overall resiliency of the organization's infrastructure. upvoted 1 times LeonardSnart 4 months, 2 weeks ago "Geographic Dispersal The gold standard for system redundancy is to make perfect copies of the same system and spread them apart geographically, then use the Internet to keep the copies identical. Geographic dispersal protects from natural disasters and widespread Internet disruption. You can set up your own dispersed servers, but virtualization services make it easy." -Mike Meyers Security+ Certification Guide Third Edition SY0-601 upvoted 2 times 店 店 铺 铺 DALLASCOWBOYS ; 7 months, 4 weeks ago ; 学 A. Geographic dispersal. 习Placing facilities in areas that are not going to be affected by the same disaster. 学习 小 小 upvoted 2 times 店 店 6 66 kasper13 10 months, 2 weeks ago 6 Selected Answer: A Away from natural disasters and overheating upvoted 1 times 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #26 A security engineer is deploying a new wireless network for a company. The company shares o ce space with multiple tenants. Which of the following should the engineer con gure on the wireless network to ensure that con dential data is not exposed to unauthorized users? A. EAP B. TLS C. HTTPS D. AES 店 店 铺 Correct Answer: D 铺 ; ; 学 Community vote distribution 习 习 小 店 D (50%) Gravoc 学 66 Highly Voted 小 店 A (49%) 66 1 year ago EAP has to be incorrect. EAP is an AUTHENTICATION protocol, and authentication does not provide confidentiality. Authentication encompasses processes that allows systems and networks to determine if a user is who they say they are. That provides integrity, not confidentiality. Confidentiality ensures that secret information is protected from UNAUTHORIZED disclosure. The question also ends with "unauthorized users". HTTPS is just HTTP that uses TLS to encrypt network traffic that is in-transit. A stated above, TLS encrypts in-transit data. This question specifically states preventing exposed data to unauthorized users. TLS and HTTPS only encrypt in-transit data. Data-at-rest in a network is insecure, though. Only AES meets the criteria of providing confidentiality to both data-at-rest and data-in-transit, preventing unauthorized users from seeing either. upvoted 82 times Sir_Learnalot 10 months, 2 weeks ago For me it is exactly the last phrase you reference here which make me think "A". You want to prevent confidential information from leaking to "unautorized users", so you should make sure only authorized users have access to your Wireless network. Therefor you should use EAP. I agree on AES beeing the ovious choise for confidentiality but from the wording of the question I´d go with EAP upvoted 17 times hieptran 8 months, 2 weeks ago AES is not commonly used for data encryption in transit. Also, the question mentioned, "prevent unauthorized access". AES is only cryptographic and does not provide any authorization to the network... just keep it simple upvoted 5 times MikeM3 5 months, 2 weeks ago AES (Advanced Encryption Protocol) is a widely used encryption standard that provides strong encryption for dat at rest or in transit it is considered one of the most secure encryptions algorithms available upvoted 1 times CTE_Instructor 7 months ago 店 铺 店 铺 The question prompt is to provide confidentiality from unauthorized users - the question is asking to configure authentication. The truest answer is configuring EAP-TLS, but unfortunately CompTIA split them into to separate options. I would select EAP among these options because that is an authentication protocol, and further specify in the actual real-world configuration page to use EAP-TLS, which is authentication using TLS encryption. upvoted 1 times ; ; 学 学 习 习 小 店 66 小 店 66 CTE_Instructor 7 months ago I suppose when considering EAP with no encryption like TLS added, it would not solve the problem of confidentiality, in which case AES would provide security to the wireless network. It's a bit of a misleading question in all honesty. upvoted 2 times Ay_ma Highly Voted 1 year ago EAP- Extensible Authentication Protocol (EAP), an authentication framework that provides general guidance for authentication methods. IEEE 802.1x servers typically use one of these methods to increase the level of security during the authentication process TLS- Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are encryption protocols that have been commonly used to encrypt data-intransit. For example, it is common to encrypt HTTPS with either SSL or TLS to ensure confidentiality of data transmitted over the Internet. They can also be used to encrypt other transmissions such as File Transfer Protocol Secure (FTPS). However, TLS is now a replacement for SSL as SSL is deprecated and shouldn't be used. AES- Advanced Encryption Standard. A strong symmetric block cipher that encrypts data in 128-bit blocks. AES can use key sizes of 128 bits, 192 淘宝店铺:https://shop63989109.taobao.com/ bits, or 256 bits. HTTPS- Hypertext Transfer Protocol Secure. A protocol used to encrypt HTTP traffic. HTTPS encrypts traffic with TLS using TCP port 443. Definitions are from Gibson Darril's Study. Guide upvoted 25 times radagon 1 week ago Most Recent this question is so vague... upvoted 1 times 32d799a 1 week, 3 days ago Selected Answer: D The issue is about confidentiality, so we need deploy an algorithm encryption. The answer is D - AES. upvoted 1 times 店 铺 店 铺 ; ; used to verify the identity of users or Answer is D AES is 学 an encryption standard used to protect data, while EAP is an authentication framework 学 devices. 习 习 小 小 upvoted 1 times 店 店 66 66 excelchips11 1 week, 5 days ago RevolutionaryAct 2 weeks, 5 days ago Selected Answer: D The question asks about AUTHORIZATION not AUTHENTICATION!! Extensible Authentication Protocol = AUTHENTICATION "Confidentiality refers to ensure that information is not accessed by unauthorized people [...] AES algorithm has been implemented for this purpose." https://development.libelium.com/security-programming-guide/confidentiality-privacy Ergo, it is AES. upvoted 1 times _Vic_ 1 month ago Selected Answer: A When a security engineer deploys a new wireless network for a company, what should be configured on the wireless network to ensure that confidential data is not exposed to unauthorized users the correct option A is the correct answer To ensure that confidential data is not exposed to unauthorized users, the security engineer should configure EAP (Extensible Authentication Protocol) on the wireless network. EAP is a wireless authentication framework that is commonly utilized in wireless networks. EAP is utilized to secure wireless networks from unauthorized access by providing mutual authentication between the client and the network. Thus, when a security engineer deploys a new wireless network for a company, the company shares office space with multiple tenants. The engineer should configure EAP on the wireless network to ensure that confidential data is not exposed to unauthorized users. upvoted 1 times Dark_Tarantula 1 month, 1 week ago Selected Answer: A EAP (Extensible Authentication Protocol): EAP is an authentication framework that provides a method for secure communication between the wireless client and the access point. It allows for various authentication methods to be used, including more secure ones that prevent unauthorized users from gaining access to the network upvoted 1 times sarah2023 1 month, 1 week ago Selected Answer: A A) EAP upvoted 1 times 店 店 铺 铺 ; 学 RevolutionaryAct 1 month, 2 weeks ago 习 Selected Answer: D 小 店 66 ; 学 习 小 店 66 The key phrase is "confidential data is not exposed" - it does not have anything to do with integrity or authentication in the CIA triangle. AES is what you use in WPA2 when you're setting up the WiFi as it has to do with the physical and data link layers. WPA2 is defined in IEEE 802.11 extension with letter i and it uses layer 2, which comes before the others which fall under the other answer choices. EAP = although extensible authentication protocol is layer 2, it not going to keep it confidential as it has to do with authentication TLS = transport layer security, which is OSI layer 4, and since you're setting up for physical protection this wouldn't be appropriate HTTPS = web protocol using SSL / TLS , though it's layer 7 you'd still need to set the physical and data link protections up first upvoted 2 times Abdul2107 1 month, 3 weeks ago Selected Answer: A A. EAP. without authenticating, how can you ensure only authorized have access to it? upvoted 1 times churchdown 1 month, 2 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Your comment also applies to D. AES "Without encrypting, how can you ensure only unauthorised have access to it?" upvoted 1 times Abdul2107 4 weeks ago well, the AES (Wi-Fi password) can be shared with them, and they can access it, however, it's harder for a user to share their credentials with them. upvoted 1 times Rider2053 1 month, 3 weeks ago AES - D is the correct answer upvoted 2 times Nikamy 1 month, 4 weeks ago Selected Answer: A 店 店 铺 铺 My answer is A, EAP. upvoted 1 times ; ; 学 学 习 darkhat 2 months ago 习 小 小 店 店 EAP is an authentication framework, not an encryption mechanism. It is used to facilitate the secure exchange of authentication 6 66 itcredentials between the client device and the 6 authentication server, ensuring that only authorized users can access the network. However, does not address the encryption of data transmitted over the network. upvoted 1 times Abdulaa 2 months ago AES (Advanced Encryption Standard) is an encryption algorithm used to secure data in transit or at rest. While it is important to use strong encryption such as AES to protect the confidentiality of data transmitted over a wireless network, it does not provide a mechanism for authenticating users attempting to connect to the network. EAP, on the other hand, is specifically designed to provide secure authentication for wireless networks. By using EAP, the security engineer can ensure that only authorized users are able to access the wireless network and the confidential data it contains. Is there anything else you would like to know? upvoted 1 times Protract8593 2 months ago Selected Answer: D AES is a widely used encryption algorithm that provides strong data encryption to protect the confidentiality of data transmitted over the wireless network. It is a symmetric encryption algorithm, meaning the same key is used for both encryption and decryption. When AES is enabled, data transmitted between devices on the wireless network is encrypted, making it difficult for unauthorized users to intercept and decipher the data. upvoted 3 times Protract8593 2 months ago According to CompTIA, the correct answer is: A. EAP (Extensible Authentication Protocol). As per CompTIA, EAP (Extensible Authentication Protocol) is the protocol used for secure authentication in wireless networks. It allows for various authentication methods, providing a framework for secure identification and validation of users before granting access to the network resources. D. AES (Advanced Encryption Standard) is a strong encryption algorithm used to encrypt data transmitted over the wireless network. While important for data protection, it is not directly related to authentication or preventing unauthorized access to the network. Therefore, in the context of CompTIA, the answer to ensure that confidential data is not exposed to unauthorized users on the wireless network is A. EAP (Extensible Authentication Protocol). upvoted 1 times LiteralGod 2 months, 1 week ago 店 铺 as this is a Authentication Protocol for wireless networks. The answer is EAP ; 学 upvoted 1 times 习 小 店 66 Selected Answer: A 店 铺 ; 学 习 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #27 The Chief Compliance O cer from a bank has approved a background check policy for all new hires. Which of the following is the policy MOST likely protecting against? A. Preventing any current employees' siblings from working at the bank to prevent nepotism B. Hiring an employee who has been convicted of theft to adhere to industry compliance C. Filtering applicants who have added false information to resumes so they appear better quali ed D. Ensuring no new hires have worked at other banks that may be trying to steal customer information 店 店 铺 Correct Answer: C 铺 ; ; 学 Community vote distribution 习 学 习 小 B (94%) 店 66 YusufMadkour Highly Voted 小 店 6% 66 1 year ago Selected Answer: B B Source: https://www.pcicomplianceguide.org/what-does-the-pci-dss-say-about-employee-background-checks/ PCI DSS requires background checks for employees handling credit card holder data. upvoted 22 times inkedia3 Highly Voted 1 year ago It think the wording is a problem if you guys are considering B. Background checks is to identify falsification and misrepresentation. Answer is C upvoted 18 times Renfri 9 months, 3 weeks ago You think the compliance officer wants to go through the trouble of doing a background check just so they can verify your experience? Lol upvoted 8 times rhocale 9 months, 2 weeks ago speaking from experience a background check does not verify anything on a resume. upvoted 9 times z3phyr 5 months, 3 weeks ago The answer is clearly B. We are talking about a Compliance Officer here. He wants to ensure new hires comply with the current hiring policy. upvoted 1 times z3phyr 5 months, 3 weeks ago Not to mention this is a bank. No person with a criminal history would EVER be allowed to work at a bank. upvoted 4 times Blake89 6 months, 2 weeks ago You and the 15 others liking this comment are either trolls or should highly consider pursuing another certification. upvoted 10 times 店 RevolutionaryAct 铺 ; Most Recent 2 weeks, 5 days ago 店 铺 ; 学 学 most sense because it covers B C (Filtering applicants 习 who have added false information to resumes so they appear better qualified) makes the 习 小 小 you were during that time). (failure to disclose convictions, and thus if you were convicted of theft you'd be in prison and have to lie about where 店 店 upvoted 1 times 66 66 Selected Answer: C algiggio90 3 weeks, 3 days ago Selected Answer: C is true upvoted 1 times algiggio90 3 weeks, 3 days ago Selected Answer: C is True upvoted 1 times AmesCB 1 month, 3 weeks ago Maybe it is a bit too much but the question is about new hires, not applicants, so the solution should not be for applicants no? upvoted 1 times Protract8593 2 months ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: B The background check policy is designed to screen potential new hires for any criminal history, including convictions for theft or other crimes. This policy helps the bank adhere to industry compliance and regulatory requirements by ensuring that employees with certain criminal backgrounds are not hired for positions that may pose a risk to the organization or its customers. upvoted 1 times frejus 2 months, 2 weeks ago Answer is B, Here is why From the official book of Comptia S+ "A background check determines that a person is who they say they are and are not concealing criminal activity, bankruptcy, or connections that would make them unsuitable or risky. Employees working in high confidentiality environments or with access to high value transactions will obviously need to be subjected to a greater degree of scrutiny. For some jobs, especially federal jobs requiring a security clearance, background checks are mandatory. Some background checks are performed internally, whereas others are done by an external third party". upvoted 2 times 店 铺 ; 店 铺 ; 学 学 ApplebeesWaiter1122 习3 months ago 习 小 小 Selected Answer: B 店 店 6 66 including any By implementing a background check 6 policy, the bank ensures that potential employees' backgrounds are thoroughly reviewed, criminal records. This helps to identify individuals who may have been convicted of theft or other relevant crimes, thus ensuring compliance with industry regulations and standards. upvoted 3 times Confuzed 5 months, 2 weeks ago Selected Answer: B The key clue in this question is who ordered the background checks. The Chief COMPLIANCE Officer wouldn't care about people padding resumes or nepotism. They are only concerned with regulations compliance (PCI DSS at a bank). Therefore B is the right answer. upvoted 2 times dagsrevy1 5 months, 3 weeks ago Selected Answer: B Tempting to go for A... but B upvoted 2 times tutita 5 months, 3 weeks ago has to be B, C says "filtering applicants, they already hired these poeple are not longer applicants. upvoted 1 times gladtam 6 months ago I’m confused. They are already hired. Can’t be B upvoted 1 times RethabileT 7 months ago Well which answer appears in the exam? upvoted 1 times DALLASCOWBOYS 7 months, 4 weeks ago B. In the banking industry, theft is a major concern. Being convicted of theft is an automatic red flag, and denial of employment. upvoted 5 times Zonas 8 months ago Correct Answer is B upvoted 3 times 店 店 铺 铺 emma234 8 months, ; 1 week ago ; 学 学 background check dose 习not check your resume but it check your criminal records, drugs test, etc 习 小 my resume can be true but working in a bank. but criminal history 小 I can be qualified for the job 店 店 upvoted 2 times 66 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #28 An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled. Which of the following can be used to accomplish this task? A. Application allow list B. SWG C. Host-based rewall D. VPN 店 店 铺 Correct Answer: B 铺 ; ; 学 学 习 Community vote distribution 小 店 66 C (68%) YusufMadkour 习 小 Highly Voted 店 B (31%) 66 1 year ago Selected Answer: C Not A or D. Was not sure whether it should be B or C until I read the definition of SWGs in the official guide from CompTIA. "An on-premises SWG is a proxy-based firewall, content filter, and intrusion detection/prevention system that mediates user access to Internet sites and services" upvoted 24 times RevolutionaryAct 2 weeks, 5 days ago Except these servers are not on-premises they are all on the cloud, meaning they are IaaS and virtualized, and thus there are not hosts to base these firewalls on. Secure Web Gateway works on OSI Layer 4, which blocks ports https://www.ibm.com/products/securegateway#:~:text=The%20Secure%20Gateway%20service%20represents,server%2Dside%20and%20mutual%20authentication. upvoted 1 times NICKJONRIPPER 10 months, 1 week ago So must be B, same result, but you can not configure 100 host-based firewall as C upvoted 3 times shitgod 9 months ago Why not? It's so common and easy with cloud orchestration tools. upvoted 3 times Mondicles Highly Voted 1 year ago Selected Answer: C This one asks which one is used for port blocking in WEB SERVERS. SWG is primarily used to protect USERS from accessing or being infected by web threats. I'll go with firewalls to explicitly allow 443. upvoted 20 times 店 店 铺 铺 Cisco103 Most ;Recent 2 weeks, 2 days ago ; 学 学 Selected Answer: C 习 习 小 小gateway (SWG). As well as according to offical guide "Content filters are now usually implemented as a class of product called a secure web 店 店access security brokers filtering, a SWG performs threat analysis 66 and often integrates the functionality of data loss prevention (DLP) and cloud 66 (CASB) to protect against the full range of unauthorized egress threats, including malware command and control and data exfiltration" upvoted 1 times RevolutionaryAct 2 weeks, 5 days ago Selected Answer: B THERE ARE NO HOSTS to put firewalls on since all 100 web servers are hosted on the cloud! (Well, aside from the hypervisor) Servers are not onpremises they are all on the cloud, meaning they are IaaS and virtualized, and thus host based firewalls is wrong. Secure Web Gateway works on OSI Layer 4, which blocks ports https://www.ibm.com/products/securegateway#:~:text=The%20Secure%20Gateway%20service%20represents,server%2Dside%20and%20mutual%20authentication. upvoted 2 times Cumdumptia 1 month ago Answer is C 淘宝店铺:https://shop63989109.taobao.com/ upvoted 1 times sujon_london 1 month, 2 weeks ago It SWG upvoted 1 times BigIshai 1 month, 3 weeks ago I would go with B (SWG) based on two things. 1. we have the servers deployed in the cloud and 2. SWGs enable companies to: - Block access to inappropriate websites or content based on acceptable use policies - Enforce their security policies to make internet access safer - Help protect data against unauthorized transfer. (source:https://www.paloaltonetworks.com/cyberpedia/what-is-secure-web-gateway) upvoted 2 times Protract8593 2 months ago Selected Answer: C 店 店 A host-based firewall is a software-based firewall that runs on individual servers or systems. It allows administrators to control the incoming and outgoing network traffic on a specific host, providing an additional layer of security to protect the server from unauthorized access. 铺 铺 ; ; 学 学 习 习 By configuring the host-based firewall on each of the 100 web servers to block all web-server ports except port 443, the engineer can ensure that only traffic on port 443 (HTTPS) is allowed, while all other incoming traffic to other web-server ports is blocked. upvoted 3 times 小 店 66 小 店 66 imuetic 2 months, 2 weeks ago Remember that the 100 web servers were deployed in a cloud environment. Host Based Firewalls are only installed on physical systems. I would go with B..(SWG) because SWG is cloud based and that is where the web servers are located. upvoted 3 times BlackSpider 3 days, 7 hours ago That's not true. All VMs deployed in the cloud have FWs that can be configured individually or by using Network Security Group (On Azure) which you can apply to 100 servers like you apply a group policy. upvoted 1 times ApplebeesWaiter1122 3 months ago Selected Answer: C A host-based firewall is a software-based firewall that is installed and configured on individual servers or hosts. It allows administrators to control incoming and outgoing network traffic on a specific server, including the ability to block or allow specific ports. In this scenario, the engineer can configure the host-based firewall on each of the 100 web servers to block all incoming connections on ports other than port 443. By doing so, only traffic on port 443 (typically used for HTTPS) will be allowed, effectively disabling all other web-server ports. In Dion's course he talks about this scenario in one of his videos. I think a NGFW would be a better option upvoted 5 times Essi 4 months ago C. Host-based firewall Most Voted In this case, the best choice would be to use a host-based firewall. Firewalls can control inbound and outbound network traffic based on predetermined security rules. By configuring a host-based firewall on each server, you can block all ports except for 443, which is typically used for HTTPS, a secure web protocol. A Secure Web Gateway (SWG, Option B) would provide protection against online security threats by enforcing company security policies and filtering malicious internet traffic, but it would not be the best tool to block specific ports on a server. upvoted 1 times 店 店 铺 铺 you added. SWG allows you to configure the Since it is host-based ; you would have to configure the rules on all 100 webservers and for every host ; 学level 学 rules at the network 习 习 upvoted 2 times 小 小 店 店 6 66 6 Mroljrtnrty 5 months ago DRvisin 4 months, 2 weeks ago Just Passed! 787! 4/23/23 - This question was on the test. Host based firewall upvoted 13 times usernamesunknown 5 months ago Congratulations! Hopefully i'll be ready to take my exam in the next 2 weeks :) upvoted 2 times mosher21 5 months, 1 week ago Selected Answer: C Host based firewalls with a centralized management tool. upvoted 2 times staoic 5 months, 1 week ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: C A SWG (often pronounced “swig”) is designed to block access to or from malicious websites and links. It enforces granular use policies and stops threats from accessing web applications by acting as a security gateway, and it does so by filtering web and internet traffic at the application level. upvoted 1 times lili00 5 months, 1 week ago A host-based firewall is a software application that runs on each individual host and controls the incoming and outgoing network traffic based on a set of rules. A host-based firewall can be used to block or allow specific ports, protocols, IP addresses, or applications. An engineer can use a host-based firewall to accomplish the task of disabling all web-server ports except 443 on a group of 100 web servers in a cloud environment. The engineer can configure the firewall rules on each web server to allow only HTTPS traffic on port 443 and deny any other traffic. Alternatively, the engineer can use a centralized management tool to deploy and enforce the firewall rules across all web servers. upvoted 1 times BevMe 5 months, 1 week ago 店 店 铺 SGWs are not the most effective way to disable web-server ports. I go with the host-based FW. 铺 ; ; upvoted 1 times 学 学 习 习 小 小 店 店 66 66 Selected Answer: C 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #29 A technician was dispatched to complete repairs on a server in a data center. While locating the server, the technician entered a restricted area without authorization. Which of the following security controls would BEST prevent this in the future? A. Use appropriate signage to mark all areas. B. Utilize cameras monitored by guards. C. Implement access control vestibules. D. Enforce escorts to monitor all visitors. 店 店 铺 Correct Answer: B 铺 ; ; 学 Community vote distribution 习 C (71%) Mamun1 Highly Voted 学 习 小 店 66 小 店 D (27%) 66 1 year ago Selected Answer: C How would the guard know every individual and their access rights? The access control vestibule (AKA Mantrap) seems to be more appropriate to me. upvoted 21 times rhocale 9 months, 2 weeks ago it wouldnt stop them just inform them upvoted 1 times guestionme Most Recent 3 weeks, 3 days ago No clue what the correct answer is but I'll go with "Implement access control vestibules." It's probably the closest to what CompTIA is thinking: "access control" upvoted 1 times Lildj4sho 1 month, 1 week ago Selected Answer: C Honestly our perspective,D is the right answer believe me I know I work in IT and based on certain projects to go in the Data Center/Classified Comm room visitors need to sign a sheet and be escorted sometimes set appointment to even get escorted. CompTIA is tricky so we need to go base on what they think and honestly just an escort I highly doubt Comptia would have that as there answer I’ll go with C upvoted 2 times HCM1985 3 weeks, 5 days ago I actuallt went right ahead with letter D for the same reason upvoted 1 times Kraken84 1 month, 2 weeks ago He is not a visitor he is a technician who did not have access...."Access" >'keyword'< upvoted 1 times RevolutionaryAct 1 month, 2 weeks ago You could make an argument for either Implement access control vestibules OR Enforce escorts to monitor all visitors 店 铺 ; 学 "prevent" such a thing from recurring. Bad question. But no way would cameras 习 upvoted 1 times 小 店 66 ago assfedass nished 1 month, 3 weeks 店 铺 ; 学 习 小 店 66 Selected Answer: D Definitely not B We have visitor badges that state escort required for just such a scenario. The AC Vestibule would not control un/authorized access to the DC unless we're supposed to assume that directly following the AC Vestibule is the DC. upvoted 1 times DriftandLuna 2 months ago Selected Answer: D I chose escort as it mentions the tech is already in the DC. In my experience a mantrap is usually located near the entrance, the question seems to suggest he is already in the DC and walking around. It's a poorly worded question IMO though. When they talk about an area are they referring to say a few rows where racks are in a DC or are the talking about a room? If its a room then mantrap, if its the fortmer then escort. upvoted 4 times 淘宝店铺:https://shop63989109.taobao.com/ LO353 5 days, 23 hours ago confusing because after the mantraps engineer can access anywhere upvoted 1 times darkhat 2 months ago honestly, i am confused, whats the correct answer according to comptia guys ? upvoted 2 times BonCheshire 2 weeks, 1 day ago go ask them upvoted 2 times Odisman1 2 months ago A is the correct answer upvoted 2 times 店 店 铺 铺 Protract8593; 2 months ago ; 学 学 Selected Answer: C 习 习 小also known as a mantrap, is a physical security measure that creates an intermediate 小 An access control vestibule, space between two secure areas. It 店 店 a person must pass typically consists of a small enclosed area with two or more interlocking doors. To gain access to the second secure area, 6 66 person can enter the 6 and locks before the second door opens. This helps ensure that only one authorized through the first door, which then closes restricted area at a time, preventing unauthorized access and tailgating. upvoted 3 times LiteralGod 2 months, 1 week ago Selected Answer: D I know from experience that an escort is common place when directing engineers to the correct equipment in datacentres. A mantrap would be fine for access into the front of the data centre where there are manned security but this would not work for every area within the data centre. It can be done but it basically isn't done. upvoted 3 times 101martin101 4 months, 1 week ago Selected Answer: C guard plus mantrap equals results upvoted 4 times Kaps443 4 months, 3 weeks ago Definitely, C is correct. Read books from Comptia don't think practically think about how the book teaches you to address these types of attacks. upvoted 2 times MayHa 5 months ago To prevent the technician to search for the server (as it says "While locating the server, the technician entered a restricted area"), it would be best to escort the technician to the server upvoted 2 times mosher21 5 months, 1 week ago Selected Answer: D Definitely D. Imagine a malicious repairman walked into the server room after passing thru a mantrap with no escorts. He can tamper with other servers/network devices if there is no one to oversee his actions. So the BEST option is to have some escorts with him. upvoted 2 times Confuzed 5 months, 2 weeks ago Selected Answer: D 店 店 While a man trap will keep vendors out of a restricted area... it is not the BEST answer. Your entire datacenter should be a restricted area (perhaps with some areas more restrictive than others). The ONLY way a third party should be on the floor of your datacenter is with an escort. 铺 铺 ; ; 学 学 习 习 That said, the CompTIA study guide doesn't really go into escorts as a security measure. But they do say: Physical security can be thought of in terms of zones. Each zone should be separated by its own barrier(s). Entry and exit points through the barriers need to be controlled by one or more security mechanisms. Progression through each zone should be progressively more restricted. 小 店 66 小 店 66 So I suspect they would argue that if you have different zones with different restrictions, there should be a physical separation between them. But if I see this question on my test, I will probably answer D in protest. upvoted 4 times ApplebeesWaiter1122 3 months ago Professor Messer talks about escorts in one of his videos upvoted 1 times [Removed] 6 months, 2 weeks ago No matter how impractical, the BEST to prevent this is D. upvoted 1 times z3phyr 5 months, 3 weeks ago D cannot be the best because it is completely impractical. 淘宝店铺:https://shop63989109.taobao.com/ upvoted 1 times Confuzed 5 months, 2 weeks ago How so. EVERY data center I have ever been in had an escort policy. If you were not cleared/approved to be on the floor, you had to be escorted at all times. Of course, every datacenter I have ever been in also considers the entire datacenter a restricted area. You don't want people just walking around in there free to do whatever they want. upvoted 3 times ApplebeesWaiter1122 3 months ago We had HVAC guys come in one time to do repairs. We had to take turns escorting them around to make sure they weren't going into places they weren't suppose to be. This was after the Mantrap. upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #30 Which of the following would BEST provide a systems administrator with the ability to more e ciently identify systems and manage permissions and policies based on location, role, and service level? A. Standard naming conventions B. Domain services C. Baseline con gurations D. Diagrams 店 店 铺 Correct Answer: B 铺 ; ; 学 Community vote distribution 习 Highly Voted 习 小 店 A (62%) yoloson 学 66 小 店 B (38%) 66 1 year ago Selected Answer: A Quoting from the official guide below. A standard naming convention for hardware assets, and for digital assets such as accounts and virtual machines, makes the environment more consistent. This means that errors are easier to spot and that it is easier to automate through scripting. The naming strategy should allow administrators to identify the type and function of any particular resource or location at any point in the CMDB or network directory. Each label should conform to rules for host and DNS names. upvoted 32 times Dutch012 5 months, 1 week ago But it does not manage "permissions and policies", I choose B. upvoted 3 times Jacob75 4 months, 4 weeks ago It is only asking what provides the admin with the ability to more efficiently identify systems and manage permissions and policies. Not asking what is actually doing the managing. A is correct upvoted 7 times Kraken84 1 month, 2 weeks ago Keywords! 'identify' upvoted 4 times rodwave 10 months, 2 weeks ago Highly Voted Selected Answer: A Answer: Standard naming conventions These are naming frameworks used for naming hardware assets, and for digital assets such as accounts and virtual machines in a consistent way. The naming strategy should allow administrators to identify the type and function of any particular resource or location at any point. ============================= Helpful Info: Domain Services - Services that stores centralized directory information and lets users and domains communicate. When a user attempts to connect to a device or resource on a network, this service provides login authentication, verifying the user's login credentials and access permissions. 店 店 铺 铺 Baseline configuration - A documented set of specifications for an information system, or a configuration item within a system, that has been formally reviewed and agreed on at a given point in time, and which can be changed only through change control procedures. upvoted 13 times ; ; 学 学 习 习 小 RevolutionaryAct 店 662 weeks, 5 days ago Most Recent Selected Answer: B 小 店 66 Absolutely Domain Services, everything is here: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview Definitely NOT naming conventions as that does not include locations, roles, permissions, policies. upvoted 2 times MO233 3 weeks, 3 days ago Am systems admin and i literally use AD(Domain services) to do all of these things. upvoted 5 times je123 1 month, 1 week ago Selected Answer: A A over B as without A, having B won't be as effective. This is a tough question imo. 淘宝店铺:https://shop63989109.taobao.com/ upvoted 1 times sujon_london 1 month, 2 weeks ago Under Active Directory (AD) in a Windows environment, provide centralized management and organization of network resources, including computers, users, and groups. It allows for efficient identification and grouping of systems based on various attributes, such as location, role, and service level. With domain services, systems administrators can implement standardized naming conventions, manage permissions and access control. Therefore B upvoted 1 times Nikamy 1 month, 4 weeks ago Selected Answer: B Domain Services upvoted 1 times Protract8593 2 months ago 店 店 铺 Domain services, management and organization of network ;specifically Active Directory (AD) in a Windows environment, provide centralized铺 学computers, users, and groups. It allows for efficient identification and grouping of;systems 学 based on various attributes, such resources, including 习 习 as location, role, and service 小level. 小 店 店 66 66access control through With domain services, systems administrators can implement standardized naming conventions, manage permissions and Selected Answer: B group policies, and assign users to specific groups based on their roles and responsibilities. This centralized management makes it easier to apply consistent configurations, policies, and permissions to different sets of users and systems, streamlining the administration process. upvoted 4 times Protract8593 2 months ago Why A is incorrect per ChatGPT: A. Standard naming conventions: While standard naming conventions can assist in identifying systems, they may not be as effective as domain services for managing permissions and policies based on attributes like location, role, and service level. upvoted 2 times ApplebeesWaiter1122 3 months ago Selected Answer: A A.... No, B.... It is A. I think.... standard naming conventions, can also provide a systems administrator with the ability to more efficiently identify systems and manage permissions and policies based on location, role, and service level. By implementing standard naming conventions for systems, users, and groups, administrators can establish a consistent and structured naming scheme that reflects the location, role, or service level of each resource. This allows for easier identification and categorization of resources within the network. With standardized naming conventions in place, administrators can quickly identify systems based on their names and apply permissions and policies accordingly. They can easily differentiate systems based on their location, department, function, or any other relevant criteria. upvoted 1 times Dan_26 4 months ago I'm a support engineer at a large MSP. It's domain services such as Azure Active Directory and Active Directory, NOT 'naming conventions', which are useful and good, but they're mostly used to identify device quickly. Your laptops might all start with 'LAP', ie, 'LAP-C-2345' and your Domain Controllers 'DC-01, DC-02, DC03' etc. A switch might be 'SW-C-01' or SW-SOUTH-04--1'. They're for easy identification for remote access mostly, so you don't spend hours working on the wrong device. upvoted 3 times JAMBER 4 months, 1 week ago Selected Answer: B 店 ...and manage permissions and policies... that part has me leaning towards "B" upvoted 1 times 铺 ; 学 习 fouserd 4 months, 4 weeks ago 小 店 店 铺 ; 学 习 小 店 6 6 is B. Domain services. Domain services, such as Microsoft Active Directory, provide6centralized 6 According to chat GPT - "The answer authentication Selected Answer: B and authorization for resources within a network. They allow systems administrators to efficiently manage permissions and policies based on location, role, and service level by creating groups and applying permissions to those groups. With domain services, administrators can easily add or remove users and computers, and can apply policies and configurations at a domain or OU (Organizational Unit) level. Standard naming conventions, baseline configurations, and diagrams are important tools for network management, but they do not provide the same level of centralized authentication and authorization capabilities as domain services." upvoted 3 times mosher21 5 months, 1 week ago Selected Answer: B With windows active directory domain services, you can have a centralized control over objects and grant permissions and rights. upvoted 1 times staoic 5 months, 1 week ago Selected Answer: B 淘宝店铺:https://shop63989109.taobao.com/ Domain services manages global policy object (GPOs), manage user/group permissions, server roles, sites, organization units (OU) and a lot more. I will go with B: Domain services. upvoted 1 times Confuzed 5 months, 2 weeks ago Selected Answer: B Standard naming convention helps to more efficiently identify systems, but does not allow them to more efficiently mange permissions and policies... at least not more efficiently than using a directory. I could manage an AD domain, or a Redhat Directory Services Domain with 100,000 computers with no naming convention and still efficiently manage permissions and policies. I could likely even identify systems faster using the directory than having a bunch of neatly named machines but no directory. upvoted 2 times TheGuitarMan_61 5 months, 2 weeks ago A) Page 337 COMPTIA guide States the naming conventions as a standard. upvoted 2 times 店 铺 ; 店 铺 ; 学 weeks ago darklion 5 months, 2 习 小 Selected Answer: B 店 学 习 小 店 66 66 The best option among the given choices to efficiently identify systems and manage permissions and policies based on location, role, and service level is B. Domain services. Domain services provide a centralized way of managing network resources, including user and computer accounts, permissions, and policies. By creating a domain, a systems administrator can define a common set of policies and permissions that can be applied across all systems and users within the domain, regardless of their location or role. Domain services also enable the use of group policies, which can be used to enforce security settings, software deployments, and other configurations across all systems and users within the domain. Standard naming conventions and diagrams can be helpful in identifying systems and understanding their relationships, but they do not provide a way to manage permissions and policies based on location, role, and service level. Baseline configurations can be used to standardize system settings and configurations, but they do not provide a way to manage permissions and policies. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #31 Which of the following would detect intrusions at the perimeter of an airport? A. Signage B. Fencing C. Motion sensors D. Lighting E. Bollards 店 铺 Correct Answer: E 店 铺 ; ; 学 学 习 Community vote distribution 习 小 C (93%) 店 66 ender1701 Highly Voted 小 店 3% 66 1 year ago Selected Answer: C Seriously, how does Bollards get identified as the correct answer on this site? It doesn't detect, it deters. It's a post. upvoted 39 times 4342421222 11 months, 3 weeks ago Right, but the first rule of security is physical. That's why it's correct. You would detect a vehicle driving up to a Bollard. Motion Senors are similar to IDS's. Important, but physical is the more important part of the question. upvoted 3 times creativenickname 11 months, 3 weeks ago But the question is "Which of the following would detect intrusions at the perimeter of an airport?". It's asking what object would detect. Bollards can't detect anything, they're a cement or metal rod in the ground. upvoted 9 times Nokia6681 11 months, 3 weeks ago Bollards are preventive, and Motion sensors are detection. Que says "detect". upvoted 12 times BlackMamba_4 2 months ago They have to mark the incorrect answer to avoid CompTIA cease and desist upvoted 4 times Pharaoh301 7 months, 1 week ago If you hit a bollard, it would definitely be detected. upvoted 10 times lili00 5 months ago =)))) haha upvoted 2 times Sklark 11 months, 1 week ago 店 店 Hahaha your response is priceless! "Oh no! We must be very stealthy. We wouldn't want the bollards to see us!!" upvoted 11 times 铺 铺 ; ; 学 学 习9 months, 2 weeks ago 习 小 小 . who reviews these questions 店 and answers . Bollards seriously .. its difficult to study when 60% of the answers are wrong 店 6 66 6 upvoted 18 times m33lz Highly Voted Confuzed 5 months, 2 weeks ago Not at all. None of us KNOW what the right answer is according to CompTIA, they don't tell you which questions you get right or wrong. That's why there are discussions. Most likely the wrong answers are identified by the first vote, or perhaps by the person who provided the question. Or as some speculate, they are wrong on purpose so that CompTIA can't say that this site is providing all the correct answers to their actual exam questions. Personally, I would rather they left the "correct answer" off altogether and just let our votes dictate the "right" answer. I find that I research the answers myself if the community seems split, thus I learn more. upvoted 7 times BlackSpider Selected Answer: C Most Recent 3 days, 7 hours ago C. Motion sensors - These devices actively detect淘宝店铺:https://shop63989109.taobao.com/ movement. They are designed to pick up on unauthorized movements or intrusions and can trigger alarms when such movements are detected, making them a prime choice for detecting intrusions. upvoted 1 times RevolutionaryAct 1 month, 2 weeks ago Selected Answer: E Unpopular opinion but there is evidence that bollards do in fact detect motion: https://www.manchester.gov.uk/info/500283/road_and_pavement_problems/560/bollards/5 Using the bollards and number plate recognition Using the bollard system The bollard system has a traffic light situated in the driver's line of sight. You must wait for the signal to give you a green light. You can then move safely through the automatic bollards. You must never try to access the system if the traffic indicator column is showing a red light. The bollards have safety loops which detect when a vehicle is over the bollard system and so will not rise under a vehicle. 店 店 铺 铺 ; ; There is no intercom 学at the bollard system and so the bollards cannot be lowered by request. 学 习 习 小 小 personal details for a You will not be able to access店 an area secured with automatic bollards if you have not pre-registered your vehicle and 店 permit. 66 66 upvoted 2 times TreeeSon 1 week, 5 days ago I disagree because it just mentions detection. It doesn't specify whether it's exclusively vehicle detection. A bollard isn't going to detect someone on foot trying to intrude. upvoted 1 times Tejjo 1 month, 3 weeks ago Selected Answer: C A bollard is a sturdy, short, vertical post. The term originally referred to a post on a ship or quay used principally for mooring boats. upvoted 1 times lamrine04 1 month, 3 weeks ago Selected Answer: C Motion sensors detect motion. Examtopics probably had to mark this answer to make sure they stay compliant with some agreement they have with CompTIA. upvoted 3 times Shir0E 1 month, 4 weeks ago Why answer is E? Giving incorrect answer intentionally. upvoted 1 times Protract8593 2 months ago Selected Answer: C Motion sensors are devices used to detect movement or motion within their coverage area. They are commonly deployed as part of a security system to monitor the perimeter of a facility, such as an airport, and detect unauthorized intrusions. When someone or something moves within the range of a motion sensor, it triggers an alert, notifying security personnel of potential intruders. In conclusion, according to CompTIA Security+, the correct option to detect intrusions at the perimeter of an airport is C. Motion sensors. These sensors provide an active intrusion detection capability by alerting security personnel of potential unauthorized movement within the airport's perimeter. upvoted 1 times md4946 2 months, 1 week ago 店 got it wrong upvoted 1 times 店 铺 铺 ; rueyb 5 months ago Selected Answer: C ; 学 学 习 习 小 店 Bollards dont detect anything upvoted 1 times 66 小 店 66 Jacs 5 months, 1 week ago a fence is the correct, an airport can install fences with sensors on it. then fences stop intruders and depending the sensor installer may alert the security of any trespass. upvoted 1 times HCM1985 3 weeks, 5 days ago yeah, but the fence itself won't detect anything without sensors on it upvoted 1 times GreenBird97 6 months, 2 weeks ago Selected Answer: C 淘宝店铺:https://shop63989109.taobao.com/ ChatGPT The option that would detect intrusions at the perimeter of an airport is: C. Motion sensors Motion sensors are devices that detect movement and are commonly used in security systems to detect intruders. They can be placed around the perimeter of an airport and trigger an alarm or alert security personnel when movement is detected. Signage (Option A) can serve as a deterrent and inform people about restricted areas, but it does not detect intrusions. Fencing (Option B) can also serve as a deterrent and physical barrier, but it does not detect intrusions on its own. Lighting (Option D) can make it more difficult for intruders to enter the perimeter undetected, but it does not detect intrusions. Bollards (Option E) are physical barriers that can prevent vehicles from entering restricted areas, but they do not detect intrusions. upvoted 1 times 店 店 铺 Woob 3 months ago ; 铺 ; You need to consult ChatGPT for something this simple?.. upvoted 1 times 学 学 习 习 小 小 店 店 66 asabi 6 months, 2 weeks ago Selected Answer: C 66 The motion sensors would most likely be the most effective tool to detect any intruders at the perimeter of the airport, as they would alert security officials if a perimeter breach is detected. There are also other tools that could be used to detect intruders, such as cameras and thermal imaging, but motion sensors are generally considered to be the best option for detecting intruders in a wide range of conditions, as they can be set to alert security if movement is detected in a specific area of interest. upvoted 1 times Jacs 6 months, 4 weeks ago Selected Answer: B PIDS is a motion sensor installed in a fence upvoted 1 times matpet 7 months, 1 week ago According to me is C. The question ask how to detect. upvoted 2 times Paramus 7 months, 1 week ago I would surely go for motion sensor but found out it is bollards . Sometimes this answers don’t make sense upvoted 2 times Pharaoh301 7 months, 1 week ago Here's why I think Bollard was selected as the correct answer; hitting a bollard would definitely create a detection. Furthermore, it seems unrealistic to attempt to apply motion detectors to an airport perimmiter since there is likely always going to be motion in and around an airport perimeter (regardless of how it's designed). At a minimum, there would always be birds. But depending on the part of the perimeter in question, there would almost always be people. upvoted 3 times new_to_this 5 months ago This makes a lot of sense. you actually put the location into concideration and hoe other system and devices might not work in that environment upvoted 1 times Pharaoh301 7 months, 1 week ago PIDS can detect breaches, but in airports, those are generally far more complex than simple motion detection systems. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #32 A security analyst is concerned about critical vulnerabilities that have been detected on some applications running inside containers. Which of the following is the BEST remediation strategy? A. Update the base container Image and redeploy the environment. B. Include the containers in the regular patching schedule for servers. C. Patch each running container individually and test the application. D. Update the host in which the containers are running. 店 店 铺 铺 ; ; 学 Correct Answer: B 学 习 66 A (68%) Highly Voted 小 店 Community vote distribution Gravoc 习 小 店 C (17%) 66 Other 1 year ago A is incorrect. The answer is D. Really shows that the voters don't know much about containers here. A container is merely a text file that allocates resources and libraries to a virtual environment, which in turn allows an application to function in an isolated environment. That's it The containers share the same Kernel as the base host system. Only the system Kernel and a text file of allocated resources and libraries stands between a critical vulnerability, and gaining access to the standard host computing environment. Swiss Cheese model and Defense-in-Depth applies here. Since there's no update to be applied to the container, and the base host & containers all are reliant on the same Kernel. Keeping the host system up to date with all security patches and firmware patches is the best way to prevent a critical vulnerability from breaking out of a container. Look up the container hierarchy, "dirty-pipe-exploit', and Docker software. Hardware > OS > Virtual Machine > Docker > Container Updating the host machine is absolutely the answer. upvoted 34 times BevMe 5 months, 1 week ago What is the host is managed by a third-party provider or if there are other applications running on the host that could be affected by the update? upvoted 2 times BevMe 5 months, 1 week ago *What if I mean upvoted 1 times MikeM3 5 months, 2 weeks ago well this comment didn't age well. option D is a good sec measurer but it doesn't address the vulnerabilities in the containerized applications themselves. the vulnerabilities may be specific to the containerized apps themselves and not the host itself so updating the host may not address the issue. Option A is the correct answer. upvoted 4 times Hiattech 5 months, 3 weeks ago 店 店 This isn't necessarily true. Containers running can run on ESXI which is linux based. Updating ESXI is NOT going to update the individual Windows machines. However, A is not correct either since redeploying a bunch of virtuals isn't an option either. The best option is to update the machines individually, preferably on a schedule and with testing on dev machines. upvoted 1 times 铺 铺 ; ; 学 学 习 习 小 店 66 HCM1985 3 weeks, 5 days ago 小 店 66 ESXi's kernel is not a Linux kernel. Although it indeed uses a lot of opensource software for its tools, the kernel itself is proprietary. About the question: we're talking about applications vulnerabilities inside the container, not the host OS's. And updating an image and redeploying apps quickly with little to no downtime it's actually not very complex upvoted 1 times _bishalk__ 12 months ago The only thing container shares with host machine is kernel so if we patch and upgrade the kernel version doesnt necessarily it will eliminate the vulnerabilities associated with other packages in repos of that container so best way to patch a container must be followed. and that is only possible when someone update the base container image and redeploy it. so correct answer is A here. upvoted 9 times VendorPTS 11 months, 4 weeks ago Agreed. It's a bit of a tricky one because Gravoc isn't wrong that the host OS and kernel vulnerabilities there are important, but the question says the analyst is concerned about "critical vulnerabilities that have been detected on some applications running *INSIDE* containers." As you mentioned, aspects of the vulnerability may be limited to what is running in the container. 淘宝店铺:https://shop63989109.taobao.com/ Read the section "Containers let you patch continuously, automatically" in the article below https://cloud.google.com/blog/products/containers-kubernetes/exploring-container-security-how-containers-enable-passive-patchingand-a-better-model-for-supply-chain-security upvoted 9 times kennyleung0514 11 months, 1 week ago agreed. As containers should be short-life, or be more accurate, it should not have any modifications once deployed. If there's any update on the containers, it would be faster to deploy it with updated base image upvoted 10 times rodwave 10 months, 2 weeks ago Highly Voted Selected Answer: A Answer: Update the base container image and redeploy the environment (A) 店 铺 店 铺 In the scenario, the vulnerabilities found were critical meaning that patches would need to be applied immediately. ; ; 学 学how this vulnerability is critical, neither The options to patch the containers (B &C) could work, however, patching would likely take months, seeing 习 习 would address the concern's 小urgency. 小 店 店 6 66 only on some 6 could work, however, the scenario specified that the vulnerabilities have been detected The option to update the host (D) also applications and not on the host itself. While a container runs on a host machine, it does not mean they share the same vulnerabilities. So updating the host would likely not patch the vulnerabilities that were found in the containers. Out of the given options, the option to update on the base container image would 1.) addresses where the vulnerabilities were found and what needs to be updated and 2.) addresses the urgency to patch the critical vulnerability. upvoted 25 times LePecador 2 months, 2 weeks ago very helpful indeed upvoted 2 times Faisel 2 months, 3 weeks ago very good explanation, well done! upvoted 4 times BossCatKodi Most Recent 2 weeks, 5 days ago Patch or Update the Vulnerable Components: Identify the specific vulnerabilities and the affected components (e.g., libraries, dependencies) within the containerized applications. Determine if patches or updates are available to address these vulnerabilities. Many software vendors release security updates and patches for known vulnerabilities. If patches or updates are available, apply them to the affected containers. This might involve rebuilding the container image with the patched components and deploying the updated image. upvoted 1 times bolom2365 1 month ago The best remediation strategy for critical vulnerabilities found in containerized applications is to update the base container image and redeploy the environment. The advantages of this approach are: Containers are meant to be ephemeral and rebuilt frequently. Updating the image allows rebuilding secure containers. Patching the base image once fixes the issue for all containers using that image. Individual container patching is inefficient. Host patching does not fix vulnerabilities within the container images themselves. Rebuilding from a patched base image is faster than live container or host patching. Testing can be done on new containers from the updated image before redeploying en masse. upvoted 1 times 店 铺 RevolutionaryAct 1 month, 2 weeks ago ; Selected Answer: B 学 习 B. Makes the most sense here - think of containers like the apps on your smartphone. 小 店 铺 ; 学 习 小 店 Though critical, these are not going each and test. 66to affect the phone itself. Do automatic patching and you are good. Second best店is6patch 6 upvoted 1 times Pezo 2 months ago A is the correct answer. This option ensures that all containers launched from the updated base image will have the necessary security patches applied, effectively addressing the vulnerabilities across the entire containerized environment. It is a proactive approach that helps prevent future instances of the same vulnerabilities and ensures consistency across deployments. upvoted 1 times Protract8593 2 months ago Selected Answer: A Container images serve as the foundation for containers, and vulnerabilities in the base image can affect all containers created from that image. By updating the base container image to one that includes the necessary security patches and fixes, the security analyst ensures that new containers deployed from the updated image will not contain the known vulnerabilities. Redeploying the environment with the updated image helps address the security concerns across all instances of the application running in containers. 淘宝店铺:https://shop63989109.taobao.com/ Why D is wrong: D. Update the host in which the containers are running: Updating the host is essential for security, but it does not directly address the vulnerabilities within the container images. The vulnerabilities are specific to the containers themselves, and updating the host would not automatically resolve the issues within the containers. In conclusion, according to CompTIA Security+, the BEST remediation strategy for addressing critical vulnerabilities in applications running inside containers is A. Update the base container image and redeploy the environment. This approach ensures that new containers will not contain the known vulnerabilities, providing a more secure foundation for the application. upvoted 2 times ApplebeesWaiter1122 3 months ago Selected Answer: C Patch each running container individually and test the application would be the best remediation strategy for addressing critical vulnerabilities detected in applications running inside containers. 店 店 Containers provide a lightweight and isolated environment for applications, but they can still be vulnerable to security vulnerabilities. To effectively remediate these vulnerabilities, it is important to patch the containers themselves. 铺 铺 ; ; 学 学 习 习 The recommended approach is to patch each running container individually. This involves applying updates or patches specifically to the container images or container runtime environment. By patching each container individually, you can ensure that the vulnerabilities are addressed within the specific context of each application. 小 小 店 店 66 66 After patching, it is crucial to thoroughly test the application to ensure that the updates do not introduce any compatibility issues or unexpected behavior. Testing helps validate the functionality and security of the patched containerized application. upvoted 1 times user82 5 months, 1 week ago Selected Answer: A Updating the base container image is replacing the current image with a new one with better security patches, bug fixes, etc. which addresses vulnerabilities upvoted 1 times Confuzed 5 months, 2 weeks ago Selected Answer: A Despite what Gravoc says, the answer is still A. A container is not just a text file. The text file defines the layers of the container. These layers are applied on top of the running host kernel, and provide a base os, any required libraries and associated applications, management tools (text editor, cli tools, etc), and finally the application code is layered on top. Some containers can consist of several gigabytes of stuff across several layers. For example a web application may have a base OS (alpine linux is common), then the Apache web server image, then perhaps an NGIX reverse proxy image, and finally the application image. If a new Apache version is released, simply rebuilding the image and restarting it will incorporate the changes and address any patched vulnerablities. upvoted 1 times darklion 5 months, 2 weeks ago Selected Answer: A A. Update the base container Image and redeploy the environment is the BEST remediation strategy. Critical vulnerabilities on containerized applications can often be addressed by updating the base container image, which will automatically address the vulnerabilities for all running containers that use that image. Redeploying the environment with the updated container image will ensure that all containers are using the patched image, reducing the risk of exploitation. Patching each running container individually can be time-consuming and difficult to manage, and patching the host may not address vulnerabilities that exist within the container itself. upvoted 1 times fouserd 5 months, 2 weeks ago Selected Answer: C The best remediation strategy for the security analyst to address the critical vulnerabilities that have been detected on some applications running inside containers would be to patch each running container individually and test the application. This approach allows the analyst to address the vulnerabilities in a targeted manner without disrupting other applications that may be running in other containers. Once the patches have been applied, the analyst can test the application to ensure that it is still functioning correctly. upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 ago Hiattech 5 months, 3 weeks 小 店 Selected Answer: B 习 66 小 店 66 A is not correct since redeploying a bunch of virtuals isn't an option either. B is the best option which is to include the containers on the regularly scheduled updates. If patches are already being tested in development, then C isn't necessary. D. isn't going to work since containers often run on different OS than the one their hosted on plus they don't associate with the host OS other than to receive their resources. Updating the host would NOT update the clients. upvoted 2 times Caden_Liew 3 months, 4 weeks ago I wouldnt choose B because of the keyword "critical vulnerabilities" which suggest immediate action instead of waiting for the next patch schedule. I would go with C upvoted 1 times tutita 5 months, 3 weeks ago Selected Answer: A The only thing the containers share with the host 淘宝店铺:https://shop63989109.taobao.com/ is the kernel. If the kernel gets security updates, the containers see that. Anything else, you have to also update inside the container, although usually you just rebuild the container. Often, the container is a completely different distro than the host, so the update will be different commands. upvoted 1 times JDawgBenet 5 months, 4 weeks ago Selected Answer: D Top voted comment said it was D. upvoted 1 times asabi 6 months, 2 weeks ago Selected Answer: A The best remediation strategy in this situation would be to update the base container image and redeploy the environment. This strategy would allow for a comprehensive update of the environment that would ensure that all security patches are applied in a consistent manner. :) 店 店 铺 铺 ; Using a patch schedule 学 or updating each container individually could lead to a situation where patches;are学applied inconsistently or where some 习are applied properly and in a updates are missed, so习 it is always important to have a thorough remediation strategy that ensures all patches 小 小 reliable manner. 店 店 66 66 upvoted 1 times princajen 6 months, 2 weeks ago Selected Answer: A Option C suggests patching each running container individually and testing the application. While this may address the vulnerabilities in the containers, it is not the most efficient remediation strategy, especially if there are many containers with the same vulnerabilities. Updating the base container image and redeploying the environment (Option A) would ensure that all containers are patched with the latest version and that the vulnerabilities are addressed in one go, saving time and effort. Including containers in the regular patching schedule for servers (Option B) may also work, but it may not be as efficient as updating the base container image and redeploying the environment upvoted 1 times princajen 6 months, 2 weeks ago Option D, "Update the host in which the containers are running," may not be the best remediation strategy because updating the host may require downtime or impact other applications running on the same host. Additionally, updating the host may not necessarily address the specific vulnerabilities in the containers. Instead, it would be better to focus on updating the containers themselves, either by updating the base image or patching each container individually. This would allow for targeted remediation of the vulnerabilities without impacting other applications or requiring downtime for the host. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #33 An organization has decided to purchase an insurance policy because a risk assessment determined that the cost to remediate the risk is greater than the ve- year cost of the insurance policy. The organization is enabling risk: A. avoidance. B. acceptance. C. mitigation. D. transference. 店 店 铺 Correct Answer: D 铺 ; ; 学 Community vote distribution 习 学 习 小D (100%) 店 66 [Removed] Highly Voted 小 店 66 1 year ago Selected Answer: D D. transference. upvoted 11 times rodwave 10 months, 2 weeks ago Highly Voted Selected Answer: D Answer: Risk Transference Risk Transference is transferring risk to a third party such as a vendor. In cyber security, that can be through utilizing cyber-risk insurance. Cyber insurance generally covers a business' liability for a data breach involving sensitive customer information, such as account numbers, credit card numbers, health records etc. ============================================== Other Choices: Risk Avoidance - Strategy that eliminates risk by avoiding activities that would expose themselves to the risk. Risk Mitigation - the practice of reducing the impact of risks through preventative and reactive planning Risk Acceptance - When a business or individual accepts the potential loss from a risk. Generally occurs when the business or individual feels that the risk does not warrant the countermeasures. upvoted 7 times Protract8593 2 months ago Most Recent Selected Answer: D The organization is enabling risk transference by purchasing an insurance policy to cover the potential financial losses associated with the identified risk. Transference involves shifting the financial impact of a risk to another party, such as an insurance provider. In this scenario, the organization is accepting the risk (by not investing in remediation) and transferring the financial consequences to the insurance policy provider. upvoted 3 times ApplebeesWaiter1122 3 months ago Selected Answer: D 店 店 In this scenario, the organization has decided to purchase an insurance policy to cover the potential financial losses associated with a risk. By transferring the risk to an insurance provider, the organization is shifting the financial burden and responsibility of managing the risk to the insurance company. This allows the organization to mitigate the potential impact of the risk by having the insurance policy cover the costs of remediation or any losses incurred. upvoted 1 times 铺 铺 ; ; 学 学 习 习 小 店 Otik 4 months ago 66 D, prime example of transferance upvoted 1 times Denniswhyz 4 months, 3 weeks ago Selected Answer: D Insurance = transference upvoted 1 times dagsrevy1 5 months, 3 weeks ago Selected Answer: D Paying the insurance company to share the risk. D upvoted 1 times 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Paramus 7 months, 1 week ago Selected Answer: D Transferring upvoted 1 times DALLASCOWBOYS 7 months, 4 weeks ago D. Any time insurance is used, you are transferring the risk to the insurance company upvoted 3 times Gr3gg3 10 months, 3 weeks ago Selected Answer: D D. Transferring the risk to a Third Party upvoted 1 times 店 Jossie_C 10 months, 3 weeks ago 铺 You're transferring the risk to the insurer. D. TRANSFERENCE. upvoted 1 times ; 店 铺 ; 学 学 习 习 小 ago banditring 11 months, 3 weeks 店 whenever I see insurance I always6go 6 with transference 小 店 66 upvoted 2 times varun0 1 year ago Transference as the financial loss if the risk materializes is transferred to the insurance company upvoted 7 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #34 A security analyst receives an alert from the company's SIEM that anomalous activity is coming from a local source IP address of 192.168.34.26. The Chief Information Security O cer asks the analyst to block the originating source. Several days later, another employee opens an internal ticket stating that vulnerability scans are no longer being performed properly. The IP address the employee provides is 192.168.34.26. Which of the following describes this type of alert? A. True negative B. True positive 店 店 C. False positive 铺 ; D. False negative 铺 ; 学 学 习 习 小 小 店 店 66 Correct Answer: A 66 Community vote distribution C (89%) redsidemanc2 Highly Voted 8% 1 year ago Selected Answer: C True Positive: A legitimate attack which triggers to produce an alarm. You have a brute force alert, and it triggers. You investigate the alert and find out that somebody was indeed trying to break into one of your systems via brute force methods. False Positive: An event signalling to produce an alarm when no attack has taken place. You investigate another of these brute force alerts and find out that it was just some user who mistyped their password a bunch of times, not a real attack. False Negative: When no alarm is raised when an attack has taken place. Someone was trying to break into your system, but they did so below the threshold of your brute force attack logic. For example, you set your rule to look for ten failed login in a minute, and the attacker did only 9. The attack occurred, but your control was unable to detect it. True Negative: An event when no attack has taken place and no detection is made. No attack occurred, and your rule didn’t make fire. upvoted 19 times redsidemanc2 1 year ago alarms triggered and ciso blocked scanner ip. later scanner is not working cause ciso blocked the scanner upvoted 2 times ronniehaang 7 months, 3 weeks ago Highly Voted Selected Answer: C C. False positive. A false positive is a security alert that is generated when there is no actual threat or security violation, but the security system identifies it as such. In this scenario, the IP address 192.168.34.26 was blocked based on a security alert from the SIEM, but it turns out that the IP address was associated with a legitimate source (vulnerability scans). This results in the false positive, where the security system is blocking a legitimate activity. upvoted 15 times Rider2053 Most Recent 1 month, 1 week ago C is the correct answer: as that Ip is used for Scanning purposes, there is no suspicious activity happeing with that IP> upvoted 1 times 店 店 铺 铺 ; ; feroze895 1 month, 2 weeks ago 学 Selected Answer: A Answer is A upvoted 1 times 学 习 习 小 店 66 小 店 66 RevolutionaryAct 1 month, 2 weeks ago Selected Answer: C There's no way it is a true negative as there would be no detection in the first place if this were the case, which alone eliminates the two choices with negative in the answer. What makes it a false positive is that it said there was malicious activity but instead there was none. upvoted 2 times Protract8593 2 months ago Selected Answer: C In this scenario, the SIEM generates an alert indicating anomalous activity from the local source IP address 192.168.34.26. The Chief Information Security Officer (CISO) instructs the security analyst to block the originating source. However, after blocking the IP address, another employee reports that vulnerability scans are no longer being performed properly, and the provided IP address is also 192.168.34.26. A false positive occurs when a security tool, like the SIEM in this case, generates an alert for an event that is not actually malicious or a security 淘宝店铺:https://shop63989109.taobao.com/ threat. In other words, the initial alert was triggered incorrectly, and the activity from the IP address was not actually anomalous or malicious. Blocking the IP address based on the false positive alert caused unintended consequences and disrupted legitimate network activity, leading to the reported issues with vulnerability scans. upvoted 2 times david124 2 months, 1 week ago True positive: An alert generated by a security system that correctly identifies actual malicious activity or a real security threat. True negative: When a security system correctly identifies that no malicious activity is occurring, and there is no actual security threat. False positive: An alert generated by a security system for an event or activity that is not malicious or threatening, causing unnecessary actions or disruptions. False negative: When a security system fails to detect actual malicious activity or a real security threat, resulting in a missed detection. In this case, the alert from the SIEM was a false positive as it led to blocking a benign internal IP address that was associated with vulnerability scans. upvoted 1 times LiteralGod 2 months, 1 week ago 店 铺 店 铺 Selected Answer: C ; ; The wording of the question is terrible but considering the initial anomalous activity was in fact a legitimate process (vulnerability scan), this would be classified as a false positive. upvoted 1 times 学 学 习 习 小 小 店 店 md4946 2 months, 1 week ago 66 66 Selected Answer: A everyone here is dumb and dont know what is true negative , it is a scenario when legitimate activity is defined as legit and illegitimate is defined as illegal. Here the officer blocked the IP so whoever will access it will get notification not permissible , its so obvious its true negative. How people here are dumb and many of them even got their Security+ certificate , I suggest those certificate of those people who got this answer wrong should be revoked or dismissed , because this question is one of the main terms and basic terms of security+ exam. upvoted 1 times imuetic 2 months, 2 weeks ago ...Several days later, another employee opens an internal ticket stating that vulnerability scans are no longer being performed properly. The IP address the employee provides is 192.168.34.26. Which of the following describes this type of alert? Answer is A...note that no attack occured days after the initial attack and when the ip was blocked. True Negative: An event when no attack has taken place and no detection is made. No attack occurred, and your rule didn’t make fire. upvoted 1 times ApplebeesWaiter1122 3 months ago Selected Answer: C This situation indicates a false positive alert. A false positive occurs when a security system incorrectly identifies legitimate activity as malicious or anomalous. In this case, the initial SIEM alert misidentified the activity originating from IP address 192.168.34.26 as anomalous, leading to the decision to block it. However, the subsequent issue with vulnerability scans suggests that the IP address is actually a legitimate internal resource required for proper scanning. upvoted 2 times darklion 5 months, 2 weeks ago Selected Answer: C Answer: C. False positive Explanation: A false positive is an alert that incorrectly indicates that something is wrong when it is not. In this case, the initial alert about anomalous activity coming from the IP address 192.168.34.26 was a false positive. The SIEM incorrectly identified the activity as suspicious or malicious, leading the security analyst to take action by blocking the IP address. However, this action caused a legitimate process or service to be disrupted, leading to a new ticket being opened about the vulnerability scans not working properly. upvoted 3 times 店 店 铺 铺 z3phyr 5 months, 3 weeks ago ; Selected Answer: C ; 学 学 习 小 Lol really shows just how wrong some of these answers are. Always read the commends..... upvoted 1 times 店 66 DALLASCOWBOYS 7 months, 4 weeks ago 习 小 店 66 B. This situation is a true positive, as the most recent ticket indicated that the vulnerability scan was no longer working properly, thus the malicious activity was properly detected, indicating a malicious (anamoly) was detected properly. upvoted 1 times [Removed] 8 months, 1 week ago Selected Answer: C False Positive = False alert upvoted 1 times asum 8 months, 2 weeks ago Selected Answer: B True Positive: A legitimate attack which triggers to produce an alarm. You investigate the alert and find out that somebody was indeed trying to break into one of your systems via brute force methods. <<Anomaly activity is from an IP address.>> 淘宝店铺:https://shop63989109.taobao.com/ upvoted 2 times KingDrew 8 months, 2 weeks ago Selected Answer: C Activity was from employee, not threat, and no attack was performed. Answer is C upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #35 A security analyst wants to reference a standard to develop a risk management program. Which of the following is the BEST source for the analyst to use? A. SSAE SOC 2 B. ISO 31000 C. NIST CSF D. GDPR 店 店 铺 Correct Answer: C 铺 ; ; 学 Community vote distribution 习 学 习 小 店 B (86%) stoneface Highly Voted 66 小 店 14% 66 1 year ago Selected Answer: B ISO 31000 The ISO 31000 Risk Management framework is an international standard that provides businesses with guidelines and principles for risk management from the International Organization for Standardization. Regulatory compliance initiatives are usually specific to a particular country and applicable to certain sized businesses or businesses in specific industries. However, ISO 31000 is designed to be used in organizations of any size. Its concepts work equally well in the public and the private sector, in large or small businesses and nonprofit organizations. upvoted 36 times carpathia 10 months, 2 weeks ago Highly Voted Depends how you define Security Analyst, if it's cyber then is NIST CSF, if he/she deals with general risk (not pnly cyber) then it's the ISO31000. God help us with Comptia style questions... upvoted 12 times carpathia 10 months, 2 weeks ago Coming back to my post, they mention "standard". I don't think NIST CSF is a standard per se, just recommendations. ISO is definitely a standard. upvoted 11 times RevolutionaryAct 1 month, 2 weeks ago This is why it's NIST https://www.onetrust.com/blog/iso-27001-vs-nist-cybersecurity-framework upvoted 1 times HackBishop 3 weeks, 5 days ago Most Recent Since the question refers to standard I will go with ISO 31000, if not the nist csf would have been my option upvoted 1 times RevolutionaryAct 1 month, 2 weeks ago Selected Answer: C Did a little digging and the key phrase is "management program" and BEST. The main reason NIST is superior here is because ISO 31000 CANNOT be used for certification purposes whereas NIST CSF can be used: https://www.iso.org/iso-31000-risk-management.html 店 店 Also NIST is free whereas ISO is not, so that's another advantage for NIST: https://www.auditboard.com/blog/nist-vs-iso-whats-the-difference/ upvoted 2 times 铺 铺 ; ; 学 学 习 习 小 Protract8593 2 months ago Selected Answer: B 店 66 小 店 66 ISO 31000 is an international standard for risk management issued by the International Organization for Standardization (ISO). It provides principles, framework, and guidelines for managing risks effectively and efficiently in any organization. The standard focuses on the entire risk management process and helps organizations identify, analyze, evaluate, treat, and monitor risks systematically. upvoted 1 times Kraken84 1 month, 2 weeks ago ISO 31000 unfortunately cannot manage anything though... upvoted 1 times LiteralGod 2 months, 1 week ago Selected Answer: B ISO 32000 is a risk framework upvoted 1 times ApplebeesWaiter1122 3 months ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: B ISO 31000 is an international standard that provides principles and guidelines for effective risk management. It offers a comprehensive framework that organizations can utilize to establish, implement, and continuously improve their risk management processes. The standard emphasizes a systematic and proactive approach to identifying, assessing, treating, and monitoring risks across the organization. upvoted 1 times new_to_this 5 months ago Selected Answer: C What is the difference between ISO 27001 and NIST CSF? It is a standard you follow and with guidelines that are dependent on your own organizational security needs. Both NIST and ISO 27001 have their own specific place in a security roadmap. NIST CSF is meant to guide your security needs, while ISO 27001 helps to prove your security. upvoted 1 times TheGuitarMan_61 5 months, 2 weeks ago Per COMPTIA guide page 531, ISO 31000 = Risk Management. upvoted 2 times 店 铺 店 铺 ; ; darklion 5 months, 学2 weeks ago 学 习 习 Selected Answer: B 小 小 店 店 recognized risk ISO 31000 is the best source for the analyst to use in order to develop a risk management program. ISO 31000 is a globally 6 66 regardless of size 6 principles, framework, and a process for managing risk. It is applicable to any organization, management standard that provides or industry, and is widely accepted as a best practice for risk management. The other options are more focused on specific areas such as cybersecurity (NIST CSF), auditing (SSAE SOC 2), and privacy (GDPR). upvoted 2 times Pink_511 6 months ago I feel it should be NIST CSF, based on the following argument : ISO 31000 is a good choice for operationally mature organizations seeking certification and **NIST CSF may be best for organizations who are in the first stages of developing** a cybersecurity risk management plan or attempting to mitigate prior failures or data breaches. upvoted 1 times GS1011 6 months, 2 weeks ago B https://www.skillmaker.edu.au/risk-management-standards/ upvoted 1 times rf18 7 months, 2 weeks ago Selected Answer: B ISO 31000 foundation of Risk Management upvoted 2 times DALLASCOWBOYS 7 months, 4 weeks ago B. ISO 31000 is a family of standards and guidelines for implementing a risk management-based security policy. upvoted 1 times [Removed] 9 months, 1 week ago Selected Answer: C Despite the complexity of implementing the NIST CSF, its ability to unify cybersecurity efforts and bridge the gap between technical and business leaders makes it the gold standard for developing a risk management plan. Going with C… upvoted 3 times jhfdkjshfkjdsho 9 months, 2 weeks ago Selected Answer: C NIST CFS "The Framework Core consists of five concurrent and continuous Functions—Identify, Protect, Detect, Respond, Recover. When considered together, these Functions provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk." upvoted 3 times 店 铺 ; 学 习 小 店 sauna28 9 months, 2 weeks ago Selected Answer: B 66 Risk Management Framework definitely ISO31000 upvoted 1 times 店 铺 ; 学 习 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #36 The Chief Information Security O cer (CISO) requested a report on potential areas of improvement following a security incident. Which of the following incident response processes is the CISO requesting? A. Lessons learned B. Preparation C. Detection D. Containment E. Root cause analysis 店 店 铺 铺 ; Correct Answer: A 学 习 Community vote distribution rodwave ; 学 Highly Voted 小 店 习 6 A (97%) 6 小 店 66 10 months, 2 weeks ago Selected Answer: A Answer: Lessons learned Lessons learned is the final step in the incident response where the organization reviews their incident response and prepare for a future attack. This is where you understand how/why an incident occurred, identify any weaknesses in your organization's practices, any positive elements or practices that went well, and things that could be done to prepare for a future incident. ========================= Incident Response - A set of instructions or procedures an IT staff follows to detect, respond to, recover and recover from a security incident. Phases in the Incident Response Plan 1. Preparation: The organization plans out how they will respond to attack, this can involve: 2. Identification: Detecting and determining whether an incident has occurred. 3. Containment: Once a threat has been identified, the organization must limit or prevent any further damage. 4. Eradication: The removal of the threat 5. Recovery: Restoring systems affected by the incident 6. Lessons Learned: Where the organization reviews their incident response and prepare for a future attack upvoted 17 times Protract8593 Most Recent 2 months ago Selected Answer: A The Chief Information Security Officer (CISO) is requesting a report on potential areas of improvement following a security incident. This indicates that the CISO wants to conduct a lessons-learned process. Lessons learned is a critical phase in incident response that involves analyzing the incident after it has been resolved to identify what went wrong, what worked well, and what areas need improvement. This process helps organizations enhance their incident response procedures and make adjustments to prevent similar incidents in the future. upvoted 2 times ApplebeesWaiter1122 2 months, 4 weeks ago Selected Answer: A Option A, "Lessons learned," refers to the practice of capturing and documenting the knowledge and insights gained from a security incident. It involves analyzing the incident response process, identifying what worked well and what didn't, and extracting key takeaways and recommendations for improvement. 店 店 铺 By conducting a; lessons learned analysis, the organization can identify gaps or deficiencies in their铺 incident response procedures, technical ; controls, staff training, or other areas that may have contributed to the incident or hindered the response efforts. 学 学 The report generated from the 习 lessons learned process provides valuable information for enhancing the organization's security posture and 习 strengthening its incident response 小 小 capabilities in the future. 店 店 66 66 upvoted 1 times fouserd 5 months, 2 weeks ago Selected Answer: A The incident response process that the CISO is requesting is lessons learned. The lessons learned process involves reviewing the incident and identifying areas where improvements can be made to prevent similar incidents from occurring in the future. This can include changes to policies and procedures, additional training for employees, or changes to technical controls. upvoted 1 times Scott_wu 6 months ago Selected Answer: E potential areas of improvement upvoted 1 times assfedass nished 1 month, 3 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Potential areas of improvement are gleaned from lessons learned. upvoted 1 times DALLASCOWBOYS 7 months, 4 weeks ago A. Lessons Learned. Evaluates the response plan and procedures and improve them as necessary upvoted 1 times mlonz 8 months, 1 week ago something straightforward upvoted 1 times mlonz 8 months, 1 week ago something straighforward upvoted 1 times 店 Korokokokokoko 10 months, 1 week ago 铺 Selected Answer: A ; 店 铺 ; 学 This is the correct answer upvoted 1 times 学 习 习 小 小 店 店 66 comeragh 1 year ago 66 Selected Answer: A A - Lessons Learned agree with upvoted 3 times varun0 1 year ago Selected Answer: A Lessons learned is a process in incident response to learn from the incident and improve. upvoted 3 times stoneface 1 year ago Selected Answer: A What are lessons learned ? The Project Management Institute (PMI) defined as “the learning gained from the process of performing the project”. In the context of security incidents, they usually take place after a security incident has occurred and has been mitigated. upvoted 4 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #37 A company is providing security awareness training regarding the importance of not forwarding social media messages from unveri ed sources. Which of the following risks would this training help to prevent? A. Hoaxes B. SPIMs C. Identity fraud D. Credential harvesting 店 店 铺 Correct Answer: A 铺 ; ; 学 Community vote distribution 习 学 习 小 店 A (78%) babyzilla Highly Voted 66 14% 小 店 8% 66 10 months, 3 weeks ago I read the comments below. Many of you are associating social media messages with fake news which is leading you to the answer: Hoax. However, social media messages are usually just that, messages. Think of a DM via Instagram. That is a direct message through a social media application. Most social medias have IM features. I think there is a false notion of fake news with this question. For this reason, I believe it is SPIM. upvoted 19 times CTE_Instructor 6 months, 3 weeks ago The key phrase in this question is "unverified sources" - The main idea/principle of the question is to avoid spreading messages that have not been verified as truth. This is to reduce hoaxes/misinformation from spreading, which are also primarily spread via social media. SPIM is for instant message spam and is seen in the form of unsolicited messages on an instant messaging platform. From CompTIA's perspective, instant messaging DMs and social media messages are not the same. Also, the training the company would do would not affect SPIM anyway. upvoted 6 times Joe1984 Highly Voted 1 year ago Selected Answer: A Hoaxes upvoted 13 times z3phyr 5 months, 3 weeks ago You are right Joe upvoted 1 times assfedass nished Most Recent 1 month, 3 weeks ago Selected Answer: A Spammers send spam/spim. If you fwd unverified mail, described in the question, that's a hoax. upvoted 2 times BigIshai 1 month, 3 weeks ago I believe the reason a company would not want their employees to forward unverified messages would be so that they do not give credence to possible fake news and stake the reputation of the organization carelessly. The truth is once the unverified source is proven wrong, the news will read that an employee of a reputable organization, posted....... Bad press/ publicity is never good for business no matter how innocent. I would go with A. (Hoaxes) upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 小 Protract8593 2 months ago 习 店 Selected Answer: A 66 小 店 66 Security awareness training that emphasizes not forwarding social media messages from unverified sources would help to prevent hoaxes. A hoax is a deceptive message or information that is spread with the intention to mislead or deceive recipients. By educating employees not to forward social media messages from unverified sources, the company can reduce the spread of false or misleading information, thereby minimizing the impact of hoaxes. upvoted 2 times XTN 2 months, 1 week ago Fake News upvoted 2 times ApplebeesWaiter1122 2 months, 4 weeks ago Selected Answer: A The training regarding not forwarding social media messages from unverified sources would help to prevent A. Hoaxes. 淘宝店铺:https://shop63989109.taobao.com/ Hoaxes are deceptive messages or information that are spread widely, often through social media platforms or email, with the intention to mislead or deceive recipients. These hoaxes may contain false claims, fabricated stories, or misleading information, and they can be harmful or cause panic if shared without verification. By training employees not to forward social media messages from unverified sources, individuals become more cautious and discerning about the information they share. They are encouraged to verify the authenticity and accuracy of the content before spreading it further. This helps to prevent the spread of hoaxes and reduces the potential negative impacts associated with misinformation. upvoted 1 times LeonardSnart 4 months, 2 weeks ago Selected Answer: A "We’ve all probably received the e-mails stating that little Timmy is dying of a serious disease and wants his e-mail forwarded to 10,000 people, or that Bill Gates is giving away his fortune and you can receive a part of it if you forward the e-mail to 10 of your friends. You’ve probably also seen e-mails asking you to provide bank account information so that a deposed prince or forgotten relative can deposit millions of dollars into your bank account to save their fortune. Hoaxes aren’t confined to e-mail; hoaxers can use fake Web sites, social media sites, and even telephone calls to perpetrate a hoax. Their goal may be to get donations, spread a fake story, or even simply see how many people will fall for it. As with most other social engineering attacks, an organization’s best defense against hoaxes is a good security education and training program for users." 店 店 铺 铺 ; ; 学 学 习 习 -Mike Meyers, Security+ Cert Guide Third Edition SY0-601 upvoted 2 times 小 小 店 店 66 66 TheWaraba 5 months, 2 weeks ago I read most of the comments here but I think what can help pick between Hoaxes and SPIM, is that a end user training would not prevent SPIM per se, it would prevent user's from clicking on links in SPIM but not receiving them. An end user training would definitely help users be aware of hoaxes and not spread them. upvoted 2 times diztrik 6 months ago Selected Answer: B I believe SPIM is the correct answer here. upvoted 3 times asabi 6 months, 2 weeks ago Selected Answer: C These types of training sessions would help to prevent identity fraud, as they help people to recognize the signs of malicious attacks or scams that could be used to steal their identities or other personal info. upvoted 1 times goat23 7 months, 2 weeks ago chatgpt says its a. hoaxes upvoted 2 times DALLASCOWBOYS 7 months, 4 weeks ago A. Hoax. Is designed to convince targets to perform an action that would reduce or harm their IT security. often encourages victims to spread the word. Since they are concerned with forwarding unverified sources, suggests it is a hoax they are concerned with. upvoted 2 times shi_ 7 months, 4 weeks ago Selected Answer: B this question really have vague answers options.... i was contemplating between hoaxes and SPIM however imo in term of loss, hoaxes don't cost much for a company(example, resulting in a sense of urgency to forward threatening/frightening massages that affect company) however SPIM can be quite fatal for a company error (for example, clicking a link resulting in malware/spyware) upvoted 2 times JustIyke 8 months, 2 weeks ago 店 店 Context is important in this question. Per COMPTIA definitions, the answer is SPIM because the message comes from Social Media. Hoax or any other option will be correct in conventional terms, but for the purpose of this test I am 100% sure the answer is SPIM upvoted 6 times 铺 铺 ; ; 学 学 习 习 小 店 blacktaliban 10 months, 3 weeks ago Selected Answer: A 66 Sharing unverifiable information on social media might as well say its fake news upvoted 2 times BigLao 10 months, 4 weeks ago I would go with spim. The question talks about social media and when you look at the definition of spim it ties with it perfectly. upvoted 3 times Jossie_C 10 months, 3 weeks ago This is incorrect. Spam is Spam over instant messaging. Social media is not necessarily instant messaging upvoted 2 times 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #38 A security analyst is receiving numerous alerts reporting that the response time of an internet-facing application has been degraded. However, the internal network performance was not degraded. Which of the following MOST likely explains this behavior? A. DNS poisoning B. MAC ooding C. DDoS attack D. ARP poisoning 店 店 铺 Correct Answer: C 铺 ; ; 学 Community vote distribution 习 学 习 小C (100%) 店 66 stoneface Highly Voted 小 店 66 1 year ago Selected Answer: C Most denial of service (DoS) attacks against websites and gateways are distributed DoS (DDoS). This means that the attack is launched from multiple hosts simultaneously. Typically, a threat actor will compromise machines to use as handlers in a command and control network. The handlers are used to compromise hundreds or thousands or millions of hosts with DoS tools (bots) forming a botnet. The internal network has not been affected by the attack. upvoted 26 times varun0 1 year ago Agreed upvoted 3 times C_M_M Highly Voted 6 months ago In Ddos, both internal and external performance would be affected. This is because DDos consumes the resources of the server in question. In that case, the server will be slow irrespective of whether it's being accessed internally or externally. I don't think it's Ddos. Maybe DNS poisoning. Those external users have been redirected to another fake server which is slow, but the real server is working just fine. upvoted 6 times Protract8593 Most Recent 2 months ago Selected Answer: C The scenario described, where the response time of an internet-facing application has been degraded while the internal network performance remains unaffected, is indicative of a Distributed Denial of Service (DDoS) attack. A DDoS attack involves overwhelming a target server or network with a large volume of traffic or requests from multiple sources, rendering the target's services slow or unavailable. In this case, the application's internet-facing infrastructure is under attack, resulting in degraded response times for external users trying to access the application. upvoted 3 times sujon_london 1 month, 2 weeks ago Agreed upvoted 1 times 店 铺 ApplebeesWaiter1122 2 months, 4 weeks ago ; 学 店 铺 ; 学 习 The behavior described, where 小 the response time of an internet-facing application is degraded while internal习network 小 performance remains 店 店 unaffected, is indicative of a Distributed Denial of Service (DDoS) attack. 66 66 Selected Answer: C A DDoS attack involves a large number of compromised or malicious systems flooding a target network or application with a high volume of traffic, overwhelming its resources and causing service degradation or complete unavailability. The purpose of a DDoS attack is to disrupt the normal functioning of a system or service by exhausting its resources. In this scenario, the numerous alerts reporting degraded response time for the internet-facing application suggest that the application is under heavy traffic load from the external network. The internal network performance remains unaffected because the attack is specifically targeting the application from the internet, not the internal network infrastructure. upvoted 1 times princajen 6 months, 2 weeks ago Selected Answer: C C. DDoS attack DNS poisoning, MAC flooding, and ARP poisoning are all types of attacks that can affect network performance, but they do not typically result in the degradation of a single internet-facing application while leaving the rest of the network unaffected. upvoted 3 times ronniehaang 7 months, 3 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: C C. DDoS attack. A Distributed Denial of Service (DDoS) attack is a type of cyber attack in which multiple compromised computers are used to flood a targeted system with high volumes of traffic, overloading it and making it unavailable for its intended users. If the targeted system is an internet-facing application, it could result in degraded response times or even complete unavailability. In such cases, the internal network performance may not be degraded, but the internet-facing application would be impacted by the increased traffic from the DDoS attack. upvoted 1 times DALLASCOWBOYS 7 months, 4 weeks ago B. MAC Flooding. In MAC Flooding the attacker is not getting into the path between the client and server. Question states internal network was not degraded. DDos denies service, The question stated performance was degraded, not denied. upvoted 2 times 店 店 铺 铺 Keyword: "internet-facing application". ; ; 学 学 习 attack. Rather, it must be a layer 3 This means that the习 attack was from the outside, so the answer can't be an OSI layer 2 (Data Link Layer - MAC) 小 小 attack, but the question (Network - IP) attack. Why? Because if the attacker were from inside the network, then it would be a layer 2 (MAC) 店 店 was definitely from the doesn't mention that. Moreover, 66the question mentions that the internal network performance was fine, so the attack 66 outside, targeting a specific host that was open to the public internet. Protract8593 2 months ago For more information: https://www.cloudflare.com/learning/ddos/layer-3-ddos-attacks/ upvoted 1 times TheWaraba 5 months, 2 weeks ago DDoS can either degrade performance or deny service, depends on many factors. DDoS doesn't always mean that there's an actual denial of the service. upvoted 1 times EvelynStandford 7 months, 1 week ago i thought this also wor the words used in the question sadly there is no way to be 100% sure of the answer here upvoted 1 times duagreg 9 months, 3 weeks ago DDoS for sure upvoted 1 times Iamboolean 1 year ago Selected Answer: C Answer C = Distributed Denial Of Service. upvoted 1 times comeragh 1 year ago Good spot stoneface upvoted 1 times varun0 1 year ago Selected Answer: C DDOS seems obvious to me. upvoted 3 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #39 Which of the following will increase cryptographic security? A. High data entropy B. Algorithms that require less computing power C. Longer key longevity D. Hashing Correct Answer: A 店 店 铺 Community vote distribution ; 学 习 铺 ; 学 习 A (98%) 小 小 店 stoneface 店 66 Highly Voted 66 1 year ago Selected Answer: A Entropy is a measure of disorder. A plaintext will usually exhibit low entropy as it represents a message in a human language or programming language or data structure. The plaintext must be ordered for it to be intelligible to a person, computer processor, or database. One of the requirements of a strong cryptographic algorithm is to produce a disordered ciphertext. Put another way, the ciphertext must exhibit a high level of entropy. If any elements of order from the plaintext persist, it will make the ciphertext vulnerable to cryptanalysis, and the algorithm can be shown to be weak. upvoted 66 times Kraken84 3 weeks, 1 day ago What level of Entropy does America now exhibit? I learned me a new word upvoted 1 times Iamboolean 1 year ago Very good explanation, thanks! upvoted 2 times varun0 Highly Voted 1 year ago Selected Answer: A Entropy seems obvious to me. upvoted 6 times gho5tface Most Recent 1 month ago Selected Answer: D Going against the crowd upvoted 1 times faha83 2 months ago not really familiar with Entropy. happy to learn upvoted 3 times Protract8593 2 months ago Selected Answer: A 店 店 Increasing cryptographic security involves strengthening the randomness and unpredictability of cryptographic elements, such as keys, data, or initialization vectors. High data entropy refers to data with a high degree of randomness, making it more challenging for attackers to predict or guess. The use of high data entropy in cryptographic processes helps increase the security and effectiveness of encryption. upvoted 4 times 铺 铺 ; ; 学 习 小 店 4 weeks ago ApplebeesWaiter1122 2 months, 66 学 习 小 店 66 Selected Answer: A Data entropy refers to the randomness and unpredictability of data. High data entropy means that the data has a high degree of randomness, making it difficult for an attacker to analyze or predict patterns within the data. When cryptographic algorithms operate on data with high entropy, it adds an extra layer of security because the resulting encrypted data becomes more resistant to various cryptographic attacks, including bruteforce attacks and statistical analysis. upvoted 3 times 10to1 5 months, 3 weeks ago Selected Answer: C Data entropy has nothing to do security. Key or Password Entropy however affects security. Answer is C because Key Longevity makes sure that the key will remain secure even after more powerful computers try to break it in the future. upvoted 1 times TheWaraba 5 months, 2 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Read this, entropy is definitely relevant in security. https://www.thesecuritybuddy.com/encryption/what-is-entropy-in-cryptography/2/ upvoted 2 times ronniehaang 7 months, 3 weeks ago Selected Answer: A A. High data entropy High data entropy refers to the unpredictability and randomness of data used as input to a cryptographic system. The higher the entropy, the more difficult it is for an attacker to guess the input data, thereby increasing the cryptographic security of the system. For example, in a password-based encryption system, high entropy in the password input would result in a more secure encryption key, making it more difficult for an attacker to crack the encryption and access the protected data. upvoted 3 times DALLASCOWBOYS 7 months, 4 weeks ago 店 铺 A. high data entropy. The higher the randomness, the greater the security. upvoted 4 times ; 店 铺 ; 学 学 习 ago CL_QRT 8 months, 2 weeks 小 店 A is the answer 习 小 店 66 upvoted 1 times 66 03allen 11 months, 3 weeks ago Anyone can tell me why C and D are not right? It doesn't say the best one, right? upvoted 1 times lordguck 10 months, 4 weeks ago C decreases security, as it gives attackes more time to break/use (e.g. if stolen and no one noticed) the keys. D is not applicable, as the question already talks about crytographic security and this includes for all relevant methods in use, ways to detect tampering. upvoted 2 times lordguck 10 months, 4 weeks ago Sorry, I was wrong here due to a misunderstanding of the used term "key longevity". "longevity" refers to the trust one has in the qualities (e.g. time to break) of an encryption method (Topic 5C handbook) and NOT to the lifetime of an certificate ("key" got me there). Nevertheless I vote for A, as C "longevity" is not measurable in contrast to A. upvoted 2 times CTE_Instructor 6 months, 3 weeks ago Key longevity is the time length the key encryption method is secure, whether due to brute forcing or by encryption algorithm cracking. Longer key longevity is a good thing. D is definitely relevant as hashing increases cryptographic security by providing a 1-way function to prevent attackers from seeing the original data. Honestly, A, C, and D are all possible answers. The question doesn't ask for "best", which makes this a poorly worded question. There isn't any "best" answer either, because A, C, and D should all be used, and different situations will prioritize different solutions. upvoted 2 times alayeluwa 11 months, 2 weeks ago The keyword in the question is “Increase”. Increase = best one. upvoted 1 times Ay_ma 1 year ago Selected Answer: A 店 店 High data entropy: In cryptography, entropy is used to produce random numbers, which in turn are used to produce security keys to protect data while it's in storage or in transit. The greater the quality of random number generation (RNG), the greater the quality of random keys produced, and thus the higher the security value of the key upvoted 4 times 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #40 Which of the following statements BEST describes zero-day exploits? A. When a zero-day exploit is discovered, the system cannot be protected by any means. B. Zero-day exploits have their own scoring category in CVSS. C. A zero-day exploit is initially undetectable, and no patch for it exists. D. Discovering zero-day exploits is always performed via bug bounty programs. Correct Answer: C 店 店 铺 Community vote distribution ; 学 习 铺 ; 学 习 C (100%) 小 小 店 varun0 店 66 Highly Voted 66 1 year ago Selected Answer: C I'll go with C. A says it can be protected by ANY means which is not true, sure the exploit itself doesn't have a patch yet but we can isolate the effected system or have some kind of compensating control in place. upvoted 10 times aellonfol 7 months ago you mean CAN'T be protected upvoted 1 times Protract8593 Most Recent 2 months ago Selected Answer: C The statement that BEST describes zero-day exploits is that they are initially undetectable, and no patch for them exists. A zero-day exploit is a security vulnerability or weakness in software or hardware that is unknown to the vendor or developers and, therefore, has no official patch or fix available. As a result, attackers can take advantage of the vulnerability without any defense or mitigation in place. upvoted 1 times ApplebeesWaiter1122 2 months, 4 weeks ago Selected Answer: C The statement that best describes zero-day exploits is that they are initially undetectable, and no patch for them exists. A zero-day exploit refers to a security vulnerability or weakness in software or systems that is unknown to the vendor or developer and, therefore, lacks a patch or fix. The term "zero-day" signifies that the vulnerability is exploited on the same day it is discovered, with no prior knowledge or defense against it. upvoted 1 times Paramus 7 months, 1 week ago Selected Answer: C Unknown vulnerability with no patch available upvoted 1 times ronniehaang 7 months, 3 weeks ago 店 铺 店 铺 ; ; C. A zero-day exploit 学is initially undetectable, and no patch for it exists. 学 习 习 小 A zero-day exploit refers to a type of cyber attack that utilizes a previously unknown vulnerability in software or 小 hardware that hasn't been 店 店 it a significant risk to identified or fixed by the manufacturer. As a result, there is no existing protection or patch to defend against it, making 66 66 organizations and individuals. When a zero-day exploit is discovered, the first priority is to alert the vendor and hope that they can develop a Selected Answer: C patch as quickly as possible. upvoted 2 times DALLASCOWBOYS 7 months, 4 weeks ago C. zero day attacks are attacks that exploit a vulnerablity that is unknown, therefore, no patch is available. upvoted 1 times KingDrew 8 months, 2 weeks ago Selected Answer: C Zero-day = Never seen before attack Therefore it cannot be patched or recognized in a database if it has not occurred or been documented before. upvoted 1 times Iamboolean 1 year ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: C Answer C = A zero-day exploit is initially undetectable, and no patch for it exists. The other closest answer could be --> "A = When a zero-day exploit is discovered, the system cannot be protected by any means." However, this statement is not precise as it implies the system cannot be protected by any means, which is not true. Other answers are not as precise. Therefore, answer corresponds to letter C in my opinion... upvoted 1 times comeragh 1 year ago Selected Answer: C Agree with C being the best choice answer here upvoted 3 times 店 铺 店 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #41 A company wants to restrict emailing of PHI documents. The company is implementing a DLP solution. In order to restrict PHI documents, which of the following should be performed FIRST? A. Retention B. Governance C. Classi cation D. Change management 店 店 铺 Correct Answer: C 铺 ; ; 学 Community vote distribution 习 学 习 小C (100%) 店 66 varun0 Highly Voted 小 店 66 1 year ago Selected Answer: C Data has to be first classified for the DLP to know which data can leave the network and which can't. upvoted 14 times Protract8593 Most Recent 2 months ago Selected Answer: C The first step the company should perform to restrict emailing of PHI (Protected Health Information) documents is Classification. In a Data Loss Prevention (DLP) solution, classification involves identifying and labeling data based on its sensitivity or classification level. In this case, the company would classify documents containing PHI as sensitive or confidential. This classification allows the DLP solution to recognize and enforce policies that restrict the emailing of such documents or prevent them from being transmitted outside the organization. upvoted 1 times ApplebeesWaiter1122 2 months, 4 weeks ago Selected Answer: C In order to restrict emailing of PHI (Protected Health Information) documents, the first step should be to perform classification. Classification involves identifying and categorizing data based on its sensitivity and importance. By classifying documents containing PHI as sensitive or confidential, the company can implement appropriate security controls and restrictions. Once the documents are classified, the DLP (Data Loss Prevention) solution can be configured to recognize and enforce policies specific to PHI documents. The DLP solution can monitor outgoing emails, analyze the content and attachments, and prevent the transmission of PHI documents based on the defined policies. upvoted 1 times DALLASCOWBOYS 7 months, 4 weeks ago C. Classification. Data classification is the primary means by which data is protected based on its need for secrecy, sensitivity and confidentiality. upvoted 1 times BadPlayer 5 months ago Explain in football terms? upvoted 1 times IYKMba 10 months, 3 weeks ago 店 铺 Selected Answer: C ; first step to determine what data contains PHI Classification is the学 习 upvoted 2 times 小 店 xxxdolorxxx 8 months ago 66 店 铺 ; 学 习 小 店 66 This is sort of what I'm thinking. Before knowing how to stop PHI from leaving...need to know exactly what data has PHI. upvoted 1 times hackerguy 11 months ago Selected Answer: C Data Classification: Category based on the value to the organization and the sensitivity of the information if it were to be disclosed upvoted 1 times [Removed] 1 year ago Classification, sure... But I also think Change management, because changing any sort of business process typically starts with that. upvoted 2 times 淘宝店铺:https://shop63989109.taobao.com/ Gravoc 1 year ago Change management doesn't make sense in this context, because its asking what needs to be implemented first to assist the DPL in preventing PHI from being emailed. Classification is the first thing the DLP needs to properly do it's job. Change management would be like going through the approval process to add DLP as a tool to your security framework. In this case, the question already informed us that the DLP is in place. Meaning we can assume that the change management approval process has already been completed in regards to the DLP, and any implications imposed by the DLP. You wouldn't approve the use of the DLP without also approving the classification of sensitive and proprietary information. upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #42 A security analyst is investigating some users who are being redirected to a fake website that resembles www.comptia.org. The following output was found on the naming server of the organization: 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 Which of the following attacks has taken place? 66 66 A. Domain reputation B. Domain hijacking C. Disassociation D. DNS poisoning Correct Answer: B Community vote distribution D (93%) stoneface Highly Voted 7% 1 year ago Selected Answer: D DNS server cache poisoning aims to corrupt the records held by the DNS server itself. This can be accomplished by performing DoS against the server that holds the authorized records for the domain, and then spoofing replies to requests from other name servers. Another attack involves getting the victim name server to respond to a recursive query from the attacking host. A recursive query compels the DNS server to query the authoritative server for the answer on behalf of the client. upvoted 26 times BlackSpider Most Recent 3 days, 6 hours ago Selected Answer: D it is only happening to some users. This is the key here. upvoted 1 times DannaD 1 month, 2 weeks ago I believe this is hijacking because the attacker has already hijacked the DNS management before attempting to poison the DNS upvoted 1 times RevolutionaryAct 1 month, 2 weeks ago 店 铺 that is another DNS not your own (which would be DNS poisoning) It's hijacking as; 学 https://www.malwarebytes.com/cybersecurity/business/what-is-dns-hijacking 习 upvoted 1 times 小 店 66 sujon_london 1 month, 2 weeks ago Selected Answer: B 店 铺 ; 学 习 小 店 66 Answer is B. After a domain hijacking incident, the attackers may have full control over the domain name settings, including the ability to change the domain name and IP address associated with it. Change Domain Name: The attackers can modify the domain's DNS settings and point it to a different domain name. In this scenario exactly happen domain hijacked maybe through phishing or by other means, then changed the dns name or IP addresses. Considering first domain hijacked and then changes IP address. Where most comments suggesting DNS poisoning. Indeed answer should be B followed by question given sequence clues. As many things can happen once domain hijacked. upvoted 4 times Protract8593 2 months ago Selected Answer: D 淘宝店铺:https://shop63989109.taobao.com/ The given scenario describes a DNS poisoning attack. In this attack, the attacker has manipulated the DNS records on the naming server to associate the domain name "www.comptia.org" with a malicious IP address (192.168.1.10). As a result, when users try to access the legitimate website www.comptia.org, they are redirected to a fake website hosted at the malicious IP address. upvoted 2 times Kraken84 1 month, 2 weeks ago SOUNDS GOOD, but what in this question instigates that 192.168.1.10 is a malicious IP address? I wanna believe your answer, but no where does it state that this is a malicious IP address. upvoted 2 times Kingbumi777 2 weeks, 1 day ago The IP 192.168.1.10 doesn't follow the standard of the other IP's and it is also a private IP address. Regardless, if you ever see the IP "192.168.1.X", assume it doesn't belong. upvoted 1 times 店 铺 店 铺 ; Following throught because it's for a different network from 学 the question, the domain is comptia.org, and we can assume www has a fake;IP学 习 (I know it's silly and that in itself does not mean anything, but we work with what 习 all the other records we have). 小 小 upvoted 1 times 店 店 66 66 HCM1985 3 weeks, 5 days ago Haykinz 2 months, 1 week ago Selected Answer: B Option B: Several things can happen when a domain is hijacked. The hackers may take control of the website and use it for malicious purposes, such as spreading malware or conducting phishing attacks. They could also redirect traffic to other websites, resulting in lost sales or damage to your brand reputation The D is correct because if DNS poisoning occurs most times the website is same and not a resemblance. During a DNS poisoning attack, a hacker substitutes the address for a valid website for an imposter. Once completed, that hacker can steal valuable information, like passwords and account numbers. Or the hacker can simply refuse to load the spoofed site. Someone browsing the web may never know that DNS spoofing is happening. The person may visit a site that looks perfectly normal, and even functions somewhat normally, so everything seems safe. upvoted 2 times RileyG 4 months, 2 weeks ago Domain Hijacking is the act of changing the registration of a domain name without the permission of the original owner, or by abuse of privileges on domain hosting and domain registrar systems. DNS poisoning is when false information is entered into a DNS Cache, so that DNS queries return an incorrect response that directs users to the wrong website. The answer is D because the question says "redirected to a fake website" - and we are also looking at a DNS table in the picture which means the answer is D. upvoted 4 times Dutch012 4 months, 2 weeks ago Okay, now it's evident that DNS poisoning is the answer to Question 1, yay! upvoted 1 times TheGuitarMan_61 5 months, 2 weeks ago Stoneface; agree 100% "some users" takes away the Domain Hijacking answer to Poisoning, as it it is only Some Users. upvoted 3 times Abdul2107 5 months, 1 week ago Smart notice upvoted 2 times 店 铺 ; 店 学 5 months, 2 weeks ago Neither_you_nor_me 习 小 Selected Answer: D 店 66 of the first question This seems to be the practical version 铺 ; 学 习 小 店 66 upvoted 2 times princajen 6 months, 2 weeks ago From ChatGPT:The output shown in the image is related to DNS, and specifically to the DNS zone file for comptia.org. It indicates that the DNS A record for www.comptia.org has been changed to point to a different IP address than the legitimate one. This is consistent with DNS poisoning, also known as DNS spoofing or DNS cache poisoning. Therefore, the correct answer is D. DNS poisoning. upvoted 3 times DALLASCOWBOYS 7 months, 2 weeks ago D. DNS Poisoning. Redirected to a fake website upvoted 3 times JD2354 7 months, 3 weeks ago I agree with the crowd, answer d. why are so many "correct answers" actually incorrect on this? 淘宝店铺:https://shop63989109.taobao.com/ upvoted 2 times Kraken84 1 month, 2 weeks ago Its all about the discussion. upvoted 1 times Kraken84 1 month, 2 weeks ago zzz a way to keep this available :) upvoted 1 times Lance711 7 months, 2 weeks ago I heard that the 'correct answer' is random and that the voted answers are the only reliable options. Apparently by giving the wrong answer this site is allowed to be up because its a near perfect copy of the real CompTIA Security+ test upvoted 7 times 店 店 nul8212 9 months, 1 week ago 铺 Selected Answer: D ; 铺 ; 学 The answer is D. 学 习 习 小 Domain hijacking is where someone 店 tries to register your domain, access your hosted control panel, and set up 6 a6 website that is similar to yours. This asnwer is wrong. 小 店 66 upvoted 2 times Idkanything 10 months ago Selected Answer: D D. DNS poisoning Domain name to IP address entries in a DNS server are altered upvoted 3 times alayeluwa 11 months, 2 weeks ago Selected Answer: D Question gave you the answer “Redirected to a fake website that resembles www.comptia.org“ DNS Poisoning it is. upvoted 4 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #43 Which of the following describes the continuous delivery software development methodology? A. Waterfall B. Spiral C. V-shaped D. Agile Correct Answer: D 店 店 铺 Community vote distribution ; 学 习 铺 ; 学 习 D (100%) 小 小 店 店 66 rodwave Highly Voted 66 10 months, 2 weeks ago Selected Answer: D Answer: Agile Agile methodology is a way to manage a project by breaking it up into several phases. It involves constant collaboration with stakeholders and continuous improvement at every stage. Once the work begins, teams cycle through a process of planning, executing, and evaluating. ======================================= Helpful Info: Waterfall - A sequential development process that flows like a waterfall through all phases of a project (analysis, design, development, and testing, for example), with each phase completely wrapping up before the next phase begins. upvoted 29 times mlonz 8 months, 1 week ago Nice information Rodwave, you should try to add information for every questions thanks mate upvoted 9 times varun0 Highly Voted 1 year ago Selected Answer: D Agile seems right. Its a fast paced life cycle which iterates features according to the user's feedback. upvoted 9 times CCNPsec Most Recent 2 weeks, 3 days ago D. Agile Continuous Delivery is a software development methodology that falls under the broader Agile umbrella. It emphasizes the rapid and continuous delivery of software updates and improvements to production environments. In Continuous Delivery, development teams work in small, incremental steps to develop and deliver software features, often using automation to streamline the deployment process. In contrast, the other methodologies mentioned (A. Waterfall, B. Spiral, C. V-shaped) are not synonymous with Continuous Delivery and generally follow different approaches to software development and project management. Waterfall, Spiral, and V-shaped are traditional, sequential methodologies, whereas Continuous Delivery focuses on continuous iteration and deployment. upvoted 1 times 店 Protract8593 2 months ago 铺 Selected Answer: D; 店 铺 ; 学 学 and incremental development The Agile software development methodology, including the continuous delivery approach, emphasizes iterative 习 习iteration results in a potentially processes. It involves breaking 小 down the development process into smaller, manageable iterations, where each 小 店stakeholders, allowing for deployable increment of the 店 software. Agile methodologies promote collaboration between development teams and 6 66 6 cycles. faster and more adaptive development upvoted 2 times ApplebeesWaiter1122 2 months, 4 weeks ago Selected Answer: D Agile is an iterative and incremental development methodology that emphasizes flexibility, collaboration, and the delivery of working software in short iterations called sprints. Continuous delivery is a practice within the Agile methodology that focuses on ensuring that software is always in a releasable state. It involves frequent and automated software builds, testing, and deployment to deliver new features, updates, and bug fixes more rapidly and consistently. upvoted 1 times scarceanimal 7 months, 3 weeks ago i never heard of this once, not sure if it was on exam objectives... upvoted 1 times ronniehaang 7 months, 3 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: D D. Agile. Continuous delivery is a software development methodology that is based on the principles of agile development. It emphasizes a rapid, iterative, and frequent release cycle, where new features and bug fixes are delivered to customers on a regular basis. The goal of continuous delivery is to ensure that code changes can be rapidly and reliably deployed to production, minimizing downtime and maximizing the value delivered to customers. This approach relies on automation, collaboration, and communication to ensure that software is delivered quickly, with high quality, and with minimal risk. upvoted 2 times DALLASCOWBOYS 7 months, 4 weeks ago D. Agile, in this methodology, updates are made continually, piece-by-piece, enabling software code to be delivered to customers as soon as it is completed and tested. upvoted 2 times 店 铺 [Removed] 11 months, 2 weeks ago ; Selected Answer: D 店 铺 ; 学 学 习 Agile approach to software 小 习 小 店 店 development is to ensure customer satisfaction via early and continuous delivery of software. upvoted 2 times 66 66 sucram 12 months ago syo 501 upvoted 1 times RonWonkers 1 year ago Selected Answer: D Answer is D upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #44 Which of the following is the BEST example of a cost-effective physical control to enforce a USB removable media restriction policy? A. Putting security/antitamper tape over USB ports, logging the port numbers, and regularly inspecting the ports B. Implementing a GPO that will restrict access to authorized USB removable media and regularly verifying that it is enforced C. Placing systems into locked, key-controlled containers with no access to the USB ports D. Installing an endpoint agent to detect connectivity of USB and removable media Correct Answer: B 店 店 铺 Community vote distribution ; A (50%) 学 习 铺 ; B (39%) 小 学 习 11% 小 店 店 rodwave 66 66 10 months, 2 weeks ago Highly Voted Selected Answer: A Answer: Putting security/antitamper tape over USB ports, logging the port numbers, and regularly inspecting the ports ============================================= Explanation: The question is asking for two specific requirements for the solution: 1. A solution that's cost-effective 2. A solution that's a physical control The option to implement a GPO (B) and installing an endpoint agent (D) are software-based implementations, while in the case of the GPO being cost-effective, they do not address the physical control requirement for the solution. Option C would address the requirement as a physical control by preventing users from physically access the USB port and likely the best out all of the given options, however, this option is not cheapest so it's not addressing the cost-effectiveness required for the solution. Only option A would address each requirement of the solution being a cost-effective physical control that can be implemented. upvoted 49 times brewoz404sd 7 months, 1 week ago The answer is GPO not A. Cost effective is only A, GPOs are configured in AD and require no additional cost accepts the network admin to config. A requires purchasing tape, paying techs to go to all systems and cover! Not cost effective at all. What if the organization has 2000 computers, you are going to pay techs to go out with tape! No! Answer is GPO, easy, zero cost, and bullet proof! upvoted 12 times rline63 3 weeks, 4 days ago GPO is undoubtedly a better solution. In the context of the question though, it is absolutely not correct. GPO is a technical control, not a physical control. upvoted 2 times [Removed] 6 months, 1 week ago 100% agree with you. GPO is what the DoD use. upvoted 1 times hieptran 5 months, 3 weeks ago 店 GPT response 铺 店 铺 ; ; Option B is better than Option A because it provides a more automated and centralized approach to enforcing the USB removable media restriction policy. 学 学 习 习 小 店 小 店 Option B involves implementing a Group Policy Object (GPO) that restricts access to authorized USB removable media. This is a more centralized approach that allows administrators to apply the policy to multiple devices at once, rather than manually inspecting each device as in Option A. Additionally, a GPO is more reliable than manual inspection, as it is less prone to human error and can be more easily audited to ensure that the policy is being enforced. 66 66 Option A, on the other hand, involves manually putting security/antitamper tape over USB ports and regularly inspecting the ports. This is a more decentralized approach that relies on manual effort and is more prone to human error. It can also be difficult to scale this approach to larger organizations with many devices, as the manual effort required to inspect each device can become prohibitive. Therefore, while both options can be effective in enforcing a USB removable media restriction policy, Option B is a more scalable, automated, and centralized approach that is easier to manage and audit. upvoted 1 times Sentry13 5 months, 1 week ago Also from GPT: Group Policy Object (GPO) is not a physical control, but rather a technical control 淘宝店铺:https://shop63989109.taobao.com/ Physical controls are security measures that are implemented physically, such as locks, fences, barriers, cameras, and security guards. They are designed to prevent or deter unauthorized physical access to equipment, facilities, or information. In the context of a USB removable media restriction policy, a physical control could be a USB port blocker, which is a physical device that blocks access to USB ports on a computer or other device. This device physically prevents unauthorized USB devices from being plugged in, thereby restricting the use of removable media. So, the BEST example of a cost-effective physical control to enforce a USB removable media restriction policy would be option A, putting security/antitamper tape over USB ports, logging the port numbers, and regularly inspecting the ports. While this option may not be as effective as USB port blockers, it is a cost-effective physical control that can help enforce the policy. upvoted 6 times CTE_Instructor 6 months, 3 weeks ago Option A involves a lot of additional cost for security tape and regular inspection... inspection = time = money. Option B is essentially no cost because it uses existing domain software and infrastructure to enforce. Restricting access is by definition a physical control. 店 店 铺 ; 铺 ; Option C also involves money (Like option A) and is not cost effective. 学 学 习 习 Option D involves purchasing 小 individual end point agent software... again not cost effective. 小 店 店 6 6 They are all able to control the 6 physical hardware by disallowing removable media or otherwise restricting it, however6only one is cost effect Option B, implementing a Group Policy Object. upvoted 12 times Nirmalabhi 9 months, 3 weeks ago absolutely agree with you. BTW your input on the discussion of the questions is phenomenal so thank you upvoted 8 times Hewn Highly Voted 1 year ago Selected Answer: B It's pretty obviously B, I think ya'll are getting too hung up on a physical control being 100% physical. A biometric scanner isn't useful without some kind of software running that compares my signature to a known copy of whatever it's scanning, yet it is still considered a physical control. upvoted 23 times HCM1985 3 weeks, 5 days ago The idea behind a "physical control" is that the main control is based on something physical (just like the biometric scan is worthless if we don't have a body part to scan). A GPO is pure software solution. Also, a GPO does not forbid a user from plugging in a USB removable device during system boot and then loading some sort of malware or even a new OS. upvoted 2 times bkrich Most Recent 1 week, 2 days ago Selected Answer: B Cost-effective would be GPO (B) upvoted 1 times LoomH 1 week, 4 days ago Selected Answer: A It says physical so I am going with the tape. upvoted 1 times henri007 1 week, 5 days ago Selected Answer: A Guys, PHYSICAL control upvoted 1 times 店 店 铺 铺 ;days ago Qinin 2 weeks, 5 学 习 Selected Answer: A 小 ; 学 习 店 Answer: A cost-effective "physical control" upvoted 1 times 66 小 店 66 henri007 4 weeks ago Selected Answer: A Question is physical control! B is not phisical control upvoted 1 times Akibaware 4 weeks, 1 day ago So if we choose B: could we not say that "regularly inspecting" is a physical control? Answer B has 2 control components. upvoted 1 times HCM1985 3 weeks, 5 days ago "Regularly verifying that it is enforced" could be just checking if the GPO was applied by running gpresult. upvoted 1 times 淘宝店铺:https://shop63989109.taobao.com/ cybtest_2 1 month, 1 week ago Selected Answer: A B is not a physical control!! A and C are the only physical controls and A is more cost-effective upvoted 1 times RevolutionaryAct 1 month, 2 weeks ago Selected Answer: B A and C cost more with physical controls and monitoring, D only detects but nothing to prevent, therefore B is something that can be installed over the network or imaged and costs little and also prevents USB access. upvoted 1 times Abdul2107 1 month, 3 weeks ago Selected Answer: A A. Anti-tamper tape only options A, and C are physician control, but option A is more cost-effective than C upvoted 1 times 店 铺 ; 店 铺 ; 学 学 习 Protract8593 2 months ago 习 小 小 店 店 6 6 6 Placing systems into locked, key-controlled containers with no access to the USB ports is a cost-effective physical control6to enforce a USB Selected Answer: C removable media restriction policy. This method physically prevents unauthorized access to the USB ports, ensuring that only authorized personnel with the appropriate keys can use them. upvoted 2 times Protract8593 2 months ago Let's reevaluate the options: A. Putting security/antitamper tape over USB ports, logging the port numbers, and regularly inspecting the ports. This option involves using security tape over USB ports to detect tampering and logging port numbers while regularly inspecting them. While it provides a level of tamper detection, it does not completely enforce a USB removable media restriction policy. Tamper tape can be removed or manipulated, and regular inspections may not prevent unauthorized USB usage in real-time. B. Implementing a GPO that will restrict access to authorized USB removable media and regularly verifying that it is enforced. This option involves using Group Policy Objects (GPOs) to restrict access to authorized USB removable media and verifying that the policy is enforced. While GPOs can help control USB access, they are not physical controls, and their enforcement may require additional administrative effort. Moreover, GPOs can be circumvented or tampered with by skilled attackers. upvoted 2 times Protract8593 2 months ago C. Placing systems into locked, key-controlled containers with no access to the USB ports. This option involves physically locking systems in key-controlled containers to prevent access to the USB ports. Placing systems into locked, key-controlled containers is a cost-effective physical control that directly enforces the USB removable media restriction policy. It ensures that only authorized personnel with the appropriate keys can access the USB ports. Considering the best example of a cost-effective physical control to enforce a USB removable media restriction policy, option C is the most suitable. The key-controlled containers provide a stronger physical barrier against unauthorized USB usage compared to the other options. Therefore, according to the CompTIA Security+ SY0-601 exam objectives, the BEST answer is C. Placing systems into locked, key-controlled containers with no access to the USB ports. upvoted 1 times LiteralGod 2 months, 1 week ago Selected Answer: A 店 铺 This is another dodgy question. B is the most cost effective but it is not a physical control. The answer is A. upvoted 2 times ; 学 习 小 店 Fulmi 2 months, 4 weeks ago 66 店 铺 ; 学 习 小 店 66 Implementing a GPO that will restrict access to authorized USB removable media and regularly verifying that it is enforced: This option involves implementing a Group Policy Object (GPO) to restrict access to authorized USB removable media and ensuring that the policy is consistently enforced. While this is an effective control from a software perspective, the question specifically asks for a cost-effective physical control. Option B does not address physical controls. upvoted 1 times Fulmi 2 months, 4 weeks ago Selected Answer: C lacing systems into locked, key-controlled containers with no access to the USB ports: This option involves physically securing the systems by placing them inside locked, key-controlled containers where there is no direct access to the USB ports. This prevents unauthorized individuals from physically connecting USB removable media to the systems, ensuring compliance with the USB removable media restriction policy. It is a cost-effective physical control that provides a straightforward and efficient means of enforcement. upvoted 1 times 淘宝店铺:https://shop63989109.taobao.com/ TGRAV3 3 months, 2 weeks ago Selected Answer: A The question states: cost-effective "physical" control. A GPO is not a physical solution. A is the most logic answer. upvoted 1 times jb844 3 months, 2 weeks ago Selected Answer: A A, going to agree with rodwave ( 1 & 2)..they do make tape for this https://www.packaging-labelling.com/products/tamper-technologies-ltd/security-labels-for-laptops upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #45 A company suspects that some corporate accounts were compromised. The number of suspicious logins from locations not recognized by the users is increasing. Employees who travel need their accounts protected without the risk of blocking legitimate login requests that may be made over new sign-in properties. Which of the following security controls can be implemented? A. Enforce MFA when an account request reaches a risk threshold. B. Implement geofencing to only allow access from headquarters. C. Enforce time-based login requests that align with business hours. 店 铺 D. Shift the access control scheme to a discretionary access control. ; 店 铺 ; 学 学 习 习 小 Correct Answer: A 小 店 店 66 Community vote distribution 66 A (100%) stoneface Highly Voted 1 year ago Selected Answer: A Enforce MFA is the most convenient way upvoted 11 times varun0 1 year ago Agreed upvoted 4 times rodwave 10 months, 2 weeks ago Highly Voted Selected Answer: A Answer: Enforce MFA when an account request reaches a risk threshold. This is likely the most convenient implementation that would work for all employees as an additional element(s) would need to be needed for authentication/authorization. ======================== (B) - Implementing geofencing to only allow access from headquarters might stop the suspicious logins, however, it would be inconvenient for employees not physically located near headquarters such as the traveling employees. (C) Enforcing time-based login requests to align with business hours could also be inconvenient for traveling/global employees that work in different times compared the business's normal business hours. (D) With Discretionary access control, the owner of a resource can decide who can have access to the resource and you can modify the access at anytime. The option to shift the access control scheme to a discretionary access control wouldn't really address the login issue either if the account of someone who is authorized to access a resource was compromised. The attacker can still access the resource using their credentials. upvoted 9 times Protract8593 2 months ago Most Recent Selected Answer: A Enforcing Multi-Factor Authentication (MFA) when an account request reaches a risk threshold is an appropriate security control in this scenario. MFA adds an extra layer of security by requiring users to provide additional authentication factors, such as a one-time code sent to their mobile device, in addition to their password. By setting a risk threshold and triggering MFA when suspicious logins from unrecognized locations are detected, the company can protect corporate accounts without unnecessarily blocking legitimate login requests made from new sign-in locations during employee travel. upvoted 3 times 店 店 铺 铺 ; ; 学 学 习 小 店 6 3 weeks ago ApplebeesWaiter1122 2 months, 6 习 小 店 66 Selected Answer: A Implementing MFA adds an extra layer of security to the authentication process by requiring users to provide multiple forms of verification, such as a password and a one-time code generated on their mobile device or a biometric factor like a fingerprint. By setting a risk threshold, such as detecting suspicious login activity from unrecognized locations, the system can automatically trigger the enforcement of MFA. This helps to mitigate the risk of unauthorized access even if the credentials have been compromised. upvoted 1 times ronniehaang 7 months, 3 weeks ago Selected Answer: A A. Enforce MFA when an account request reaches a risk threshold. Multi-Factor Authentication (MFA) is an effective security control to mitigate the risk of unauthorized access to corporate accounts. By requiring an additional factor of authentication, such as a one-time code sent to a user's phone or a fingerprint scan, MFA can help prevent attackers from accessing an account even if they have stolen a password. By implementing MFA only when an account request reaches a risk threshold, the 淘宝店铺:https://shop63989109.taobao.com/ company can ensure that employees who travel and need their accounts protected will not be negatively impacted by the security control, while still providing an extra layer of security for those accounts that are at higher risk of being compromised. upvoted 1 times KingDrew 8 months, 2 weeks ago Selected Answer: A MFA increases security because even if one credential becomes compromised, unauthorized users will be unable to meet the second authentication requirement and will not be able to access the targeted physical space, computing device, network, or database. upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #46 An organization wants to participate in threat intelligence information sharing with peer groups. Which of the following would MOST likely meet the organization's requirement? A. Perform OSINT investigations. B. Subscribe to threat intelligence feeds. C. Submit RFCs. D. Implement a TAXII server. 店 店 铺 Correct Answer: D 铺 ; ; 学 Community vote distribution 习 学 习 小 D (94%) 店 66 Boogie_79 Highly Voted 小 店 6% 66 1 year ago Selected Answer: D A TAXII server is a client that exchanges standardized and anonymized cyber threat intelligence among users. It works as a venue for sharing and collecting Indicators of compromise, which have been anonymized to protect privacy. upvoted 25 times yasuke Highly Voted 11 months ago Trusted Automated Exchange of Intelligence Information (TAXII™) is an application protocol for exchanging CTI over HTTPS. TAXII defines a RESTful API and a set of requirements for TAXII Clients and Servers upvoted 8 times Protract8593 2 months ago Most Recent Selected Answer: D Implementing a TAXII (Trusted Automated Exchange of Indicator Information) server would most likely meet the organization's requirement for threat intelligence information sharing with peer groups. TAXII is a standard for exchanging threat intelligence information, allowing organizations to share and receive threat intelligence with other entities that also use TAXII. Subscribing to threat intelligence feeds (Option B) is a valid approach to gain access to threat intelligence information, but it does not specifically address the organization's requirement for actively participating in threat intelligence information sharing with peer groups. In conclusion, according to the CompTIA Security+ SY0-601 exam objectives, the BEST option to meet the organization's requirement for threat intelligence information sharing with peer groups is D. Implement a TAXII server. This enables the organization to actively share threat intelligence with other entities and receive intelligence from them as well. upvoted 2 times DALLASCOWBOYS 7 months, 4 weeks ago D. Implementing a TAXII server helps organizations exchange structured threat information relating to indicators of compromise. upvoted 2 times akingokay 9 months, 2 weeks ago Selected Answer: D agree to D upvoted 1 times 店 店 铺 ago varun0 1 year; 学 Selected Answer: D 铺 ; 学 习 Sharing threat information小 习 店 I'll go with TAXII server upvoted 4 times 66 小 店 66 stoneface 1 year ago Selected Answer: B It isn't typical for organizations to build TAXII servers, unless they are a security vendor, but they often connect to TAXII servers to download threat intelligence documented in the STIX taxonomy. MISP can be configured to do this. upvoted 2 times Jakalan7 1 year ago Yes, but the question states they would like to "participate in threat intelligence information sharing", so the answer must be D, TAXII server. If they subscribe to security feeds, they are only receiving information - they are not sharing any in return. upvoted 15 times cutemantoes 6 months, 1 week ago I was thinking it was B until you stated that.淘宝店铺:https://shop63989109.taobao.com/ Thanks for the help! upvoted 4 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #47 Which of the following is the MOST effective control against zero-day vulnerabilities? A. Network segmentation B. Patch management C. Intrusion prevention system D. Multiple vulnerability scanners Correct Answer: C 店 店 铺 Community vote distribution ; A学 (67%) 习 铺 ; B (18%) 小 学 习 C (15%) 小 店 店 beardsly 66 Highly Voted 66 1 year ago Had to look this up myself as there is no real clear answer here. One of the Sec+ books I have suggested IPS and segmenting. Google search even says IPS in this regard as well. I would personally say Network Segmentation but otherwise not sure. My comment is not all that helpful I know but just wanted to throw my thoughts out there. upvoted 20 times hieptran 8 months, 2 weeks ago To be more clear, zero days is an unknown exploit. There are a few chances that the IPS will detect the attack payloads/signature. But segregating the network would eventually prevent lateral movement even if the attacker has Remote Code Execution privilege on the compromised server. upvoted 11 times DriftandLuna 4 months ago Agreed, i chose IPS but was thinking segmentation as well for the reasons you stated. upvoted 1 times mascot45 7 months, 3 weeks ago I believe it's B, patch management. I don't really get how segmenting network can defend or prevent a zero day for being exploited on your network. I put this questions to chatGPT and it gave me B as the answer, so that's what I'm going with. upvoted 7 times sarah2023 1 month ago Wrong, the essence of a zero day vulnerability is that you can't prevent or protect against something you have not encountered in the past. upvoted 3 times rondo24 7 months, 2 weeks ago I did the same and then I pointed out to chat GPT that a Zero Day is by definition not known and it changed its answer and said "However, even though the vendor may be unaware of the vulnerability, there are still ways to mitigate the risks posed by zero-day vulnerabilities. For example, network segmentation, intrusion prevention systems, and multiple vulnerability scanners can help to reduce the attack surface and limit the damage that can be done if a zero-day vulnerability is exploited." upvoted 2 times Sanj 7 months, 2 weeks ago Regular software updates: Installing the latest software updates can help protect against known vulnerabilities and fix security holes that could be exploited by zero-day attacks. upvoted 2 times 店 店 铺 铺 ; 学 ; 学 习 I agree, there is no clear will小 say in my 20 years of IT 小answer here. And though I don't think it's what the test would want us to answer I习 店 expereince that a good Patch management process is the most helpful when it comes to zero-day exploits. I say店 once a Zero Day 66 the vendor normally rushes to put out some kind of patch or workaround. Havingthisa6because 6 to deploy that in a becomes public knowledge then way TinyTrexArmz 7 months, 3 weeks ago quick and reliable manner is key to getting things back to secure as soon as possible. But I would say IPS would be most effective against zero day vulnerabilities because you might be able to detect the usual traffic or activity. Network segmentation will only help slow the intruder down. If you don't have anything to detect the oddity then the attacker could install a back door and then work their way across the segments. What's the old saying? An once on prevention is worth a pound of cure. But in a perfect world, both would be implemented. My vote is C. upvoted 5 times Ay_ma Highly Voted 1 year ago Selected Answer: A IPS can only protect against known host and application-based attacks and exploits. IPS inspects traffic against signatures and anomalies, it does cover a broad spectrum of attack types, most of them signature-based, and signatures alone cannot protect against zero-day attacks. (www.rawcode7.medium.com) However, with network segmentation, you're able淘宝店铺:https://shop63989109.taobao.com/ to isolate critical assets into different segments. And when a zero-day attack occurs, you're not at risk of losing all and are able to isolate the attack's effect to one segment. upvoted 19 times CTE_Instructor 6 months, 3 weeks ago But the question isn't about protecting other data, the question directly says how to "control zero-day vulnerabilities". If there is a zero-day vulnerability in a new piece of software on a device, the BEST control against this is patch management to ensure the vulnerability is patched out as soon as possible. upvoted 1 times SIFD32 5 months, 3 weeks ago I believe it would still be network segmentation because when it mentions "zero-day" you have to automatically assume that there is no work around. But with network segmentation, you can contain the vulnerability and not allow it to affect the rest of the network. Essentially "controlling" it. upvoted 5 times 店 店 DriftandLuna 4 months ago 铺 铺 ; ; the mention of zero day implies they mean attacks for which there is no patch yet. Patch management wont protect against something that there isn't a patch for which is the definition of a zero day exploit. upvoted 3 times 学 学 习 习 小 小 店 Notgoodwithcomputers99 66 Most Recent 店 66 1 week ago Network segmentation is my guess. The idea of a zero-day attack is a vulnerability that has no patch, so patch management would not be effective, and multiple vulnerability scans would not be able to identify this vulnerability since it is not known yet. Segmenting the network in the case that a vulnerability exists and data exploitation occurs would prevent it from reaching the entire network as a whole, successfully quarantining the attack and allowing for the company to handle it on a smaller scale. upvoted 1 times RogerW 1 week, 3 days ago IPS is not only signature based. It is also behavior based. upvoted 1 times Sublime_Cheese 3 weeks, 2 days ago In CompTIA's eyes, the wrong answers with all deal with Prevention and Detection. Leaving Network Segmentation as the only answer. answer. upvoted 1 times Sallyabat 3 weeks, 4 days ago Selected Answer: B I'd go for Patch Management. Network segmentation won't help mitigate zero-day attack but can only prevent lateral movement. Patch Management, if done regularly, can increase the chances of being exploited because even program developers can push patches for holes they have discovered themselves. upvoted 1 times Sallyabat 3 weeks, 4 days ago Correction: Patch Management, if done regularly, can increase the chances of NOT being exploited because even program developers can push patches for holes they have discovered themselves. upvoted 1 times sarah2023 1 month ago Selected Answer: A A. Segmentation because there are no patches for zero day vulnerabilies, it's basically the description of a zero day vulnerabilty. For the same reason, no IPS or scanner will help you protect against a vulnerability that has never been seen before. Segmentation will isolate it and prevent against spreading to other segments in the network which is the best you can do with it. upvoted 1 times je123 1 month, 1 week ago 店 店 铺 铺 Selected Answer: A ; ; Just putting it out there that in Jason Dion's practice question, a similar question came up : "Which of the following would NOT be useful in defending against a zero-day threat? Allow listing Threat intelligence Patching Segmentation 学 学 习 习 小 店 66 小 店 66 Explanation OBJ-1.6: While patching is a great way to combat threats and protect your systems, it is not effective against zero-day threats. By definition, a zeroday threat is a flaw in the software, hardware, or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw. This attack has no time (or days) between the time the vulnerability is discovered and the first attack, and therefore no patch would be available to combat it. Using segmentation, allow listing, and threat intelligence, a cybersecurity analyst, can put additional mitigations in place to protect the network even if a zero-day attack was successful." So im guessing Jason Dion will choose A. upvoted 2 times RevolutionaryAct 1 month, 2 weeks ago Selected Answer: A 淘宝店铺:https://shop63989109.taobao.com/ Mistake in the answer because if the answer is C here then the answer cannot be C in question #40, which is the best answer to describe zero day exploits: C. A zero-day exploit is initially undetectable, and no patch for it exists. Therefore we know patches can't be the answer, nor can it be detected so scanners won't help. If it said zero-day "exploit" then IPS would possibly make sense as it could detect an anomaly using heuristics, but the question says control in regards to "vulnerability" and therefore segmentation is best. https://cybriant.com/how-to-prevent-zero-day-attacks-in-5-steps upvoted 1 times RevolutionaryAct 2 weeks, 4 days ago Actually I am changing this to C - IPS as I review these questions again. A is good but an IPS *could* be anomaly or heuristic based and therefore detect, whereas segmentation might stop but wouldn't be ideal. upvoted 1 times 店 铺 Nikamy 1 month, 4 weeks ago ; 店 铺 ; 学 学 习 A - There are no patches availabe A小 小 to a Zero Day when it first appears and none knows about it. I'm going with习 店 店 upvoted 1 times 66 66 Selected Answer: A faha83 2 months ago network segmentation seem more visible considering no patch is available upvoted 1 times Protract8593 2 months ago Selected Answer: B Patch management is the most effective control against zero-day vulnerabilities. Zero-day vulnerabilities are newly discovered and exploited vulnerabilities for which there are no official patches or fixes available from the software vendors. Attackers exploit these vulnerabilities before the vendor becomes aware of them and can release a patch. By having a robust and proactive patch management process in place, organizations can regularly update and apply patches to their systems and software as soon as they become available. This reduces the window of opportunity for attackers to exploit zero-day vulnerabilities. Keeping systems up-to-date with the latest patches helps mitigate the risk posed by zero-day exploits. Let's provide a thorough explanation of why option A, "Network segmentation," is not the most effective control against zero-day vulnerabilities. Network segmentation is a security practice that involves dividing a network into smaller subnetworks or segments. Each segment is isolated from others, creating barriers that restrict the lateral movement of threats within the network. The idea behind network segmentation is to contain the impact of a security breach by limiting an attacker's ability to move freely across the network. upvoted 1 times Protract8593 2 months ago While network segmentation is a valuable security measure and can help improve overall network security, it is not specifically designed to address zero-day vulnerabilities. Here are some key points to consider: 1. Scope of Control: Network segmentation primarily deals with controlling network traffic and access between different segments. It does not directly address the existence or exploitation of zero-day vulnerabilities in specific systems or applications. 2. Prevention vs. Mitigation: Zero-day vulnerabilities are newly discovered and exploited before vendors have had a chance to release patches or fixes. Network segmentation does not prevent zero-day vulnerabilities from being exploited. It can only limit the spread of the impact if a system is already compromised. upvoted 1 times Protract8593 2 months ago 3. Limitations of Network Segmentation: While network segmentation can be effective against known threats and attacks, it may not provide complete protection against sophisticated attackers who can bypass network boundaries using advanced techniques. 店 店 铺 铺 ; ; 4. Zero-Day Exploits Can Cross Segments: If a zero-day vulnerability is exploited on a system within a specific network segment, it is possible for the attacker to leverage other vulnerabilities or attack vectors to move to other segments, especially if there are misconfigurations or inadequate security controls in place. 学 学 习 小 店 习 小 店 6 6 (Option B) is a more effective control against zero-day vulnerabilities. By promptly66applying patches and In contrast, patch management updates to systems and software, organizations can close known vulnerabilities, including zero-day vulnerabilities, reducing the attack surface and mitigating the risk of exploitation. In summary, while network segmentation is an important security measure, it is not specifically tailored to address zero-day vulnerabilities. Patch management remains the most effective control against zero-day vulnerabilities as it directly addresses the timely application of patches to close known security holes. upvoted 1 times Nikamy 1 month, 4 weeks ago There are no patches availabe to a Zero Day when it first appears and none knows about it. I'm going with A upvoted 2 times EEZ12 2 months ago I will go with Network segmentation because most of the zero might not be picked up by the IPS. upvoted 1 times 淘宝店铺:https://shop63989109.taobao.com/ sursur 2 months, 2 weeks ago Selected Answer: B Zero-day vulnerabilities refer to security vulnerabilities in software that are unknown to the software vendor and for which no patch or fix is currently available. These vulnerabilities pose a significant risk because they can be exploited by attackers before a patch is released. Patch management involves regularly applying updates, patches, and fixes to software and systems to address known vulnerabilities. While it does not specifically target zero-day vulnerabilities, it is a crucial control for overall security. By keeping software and systems up to date with the latest patches, organizations can mitigate the risk of both known vulnerabilities and, to some extent, zero-day vulnerabilities. upvoted 1 times Essi 4 months ago Selected Answer: A A. Network segmentation: This can limit the impact of a zero-day attack by preventing it from spreading across the network. However, it does not prevent the initial exploitation of the zero-day vulnerability. upvoted 2 times 店 店 铺 铺 Abdul2107 5; months, 1 week ago ; 学 学 Selected Answer: A 习 习 小 C (IPS) and D (Vulnerability小 scanners) cannot detect zero-day. 店 店 Remain options are A (Network segmentation) and B (Patch management). 6 6 As for “Control” which the question6is asking, Network Segmentation is more effective, as at the beginning of Zero attack,6it’s better you already segmented your network to reduce the spreading across your network, then a patch maybe released after sometime. So answer is A. Network Segmentation upvoted 3 times TheWaraba 5 months, 1 week ago Patch management is wrong. By the definition of Zero-Day vulnerabilities there are no patches for it. "A zero-day (or 0-day) vulnerability is a software vulnerability that is discovered by attackers before the vendor has become aware of it. By definition, no patch exists for zero day vulnerabilities and user systems have no defenses in place, making attacks highly likely to succeed." An IPS is one of the best solutions here, IPS doesn't always need a signature as some people are saying here, they can detect anomalies and suspect traffic based on baseline traffic. They also comprise robust firewalls that can help detect and stop the attackers. Good article here: https://www.imperva.com/learn/application-security/zero-day-exploit/ upvoted 3 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #48 Which of the following is the GREATEST security concern when outsourcing code development to third-party contractors for an internet-facing application? A. Intellectual property theft B. Elevated privileges C. Unknown backdoor D. Quality assurance 店 店 铺 Correct Answer: C 铺 ; ; 学 Community vote distribution 习 学 习 小 C (93%) 店 66 varun0 Highly Voted 小 店 7% 66 1 year ago Selected Answer: C GREATEST security concern would be unknown backdoor upvoted 16 times Protract8593 2 months ago Most Recent Selected Answer: C The GREATEST security concern when outsourcing code development to third-party contractors for an internet-facing application is the possibility of an unknown backdoor being introduced into the code. An unknown backdoor refers to unauthorized access points deliberately inserted into the software without the knowledge or consent of the organization. When outsourcing code development, the organization has less direct control over the development process and may not have full visibility into the contractor's practices. This lack of oversight could potentially lead to the inclusion of hidden backdoors, which can be exploited by malicious actors to gain unauthorized access to the application and its data. upvoted 2 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: C While intellectual property theft, elevated privileges, and quality assurance are all important considerations when outsourcing code development, the presence of an unknown backdoor poses the greatest security risk. An unknown backdoor is a hidden entry point or vulnerability intentionally or unintentionally inserted into the code by a malicious or compromised developer. It can provide unauthorized access to the application or its underlying systems, allowing attackers to exploit the application's functionality or compromise sensitive data. An unknown backdoor can be difficult to detect and may remain undetected for an extended period, allowing attackers to maintain persistent access and potentially exploit the application or compromise the organization's systems or data. It can bypass security controls and enable unauthorized actions, posing a significant risk to the security and integrity of the internet-facing application. upvoted 2 times ronniehaang 7 months, 3 weeks ago Selected Answer: C The greatest security concern when outsourcing code development to third-party contractors for an internet-facing application is the possibility of an unknown backdoor. This is because a contractor may intentionally or unintentionally insert malicious code into the application that could compromise the security and privacy of user data and the organization's systems. This risk is elevated if the contractor is not fully vetted, or if the organization does not have adequate safeguards in place to ensure the security and integrity of the codebase. To mitigate this risk, the organization should have strict security policies and procedures in place for outsourcing, including background checks for contractors, code review and testing procedures, and continuous monitoring and incident response processes. upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 DALLASCOWBOYS 7 months, 4 weeks ago 小 店 66 C. I think Unknown Backdoors would be the GREATEST security concern is the best answer. I do believe D is very good answer because that would be the first step in risk assessment and mitigation is Quality Assurance. upvoted 1 times sonic1230 11 months, 1 week ago Selected Answer: C google upvoted 3 times Ay_ma 1 year ago A- Intellectual Property Theft: I'm guessing by that point a legal contract is already on ground to mitigate such an issue. Unknown Backdoor, in my opinion, is equivalent to a zero-day attack. You have no idea if these contractors knowingly or unknowingly but a backdoor in your code 淘宝店铺:https://shop63989109.taobao.com/ Quality Assurance: I'm guessing that's why you hired them in the first place because you know they deliver quality service. upvoted 3 times comeragh 1 year ago Selected Answer: C GREATEST security concern - for me this would be C - Unknown Backdoor upvoted 1 times stoneface 1 year ago Selected Answer: D If you're outsourcing dev work, you probably have a contract with a legit company and you had probably also reviewed their documents and AOC's and stuff. Without good QA, there could be a purposeful OR unintended backdoor in the application if somebody was an incompetent developer 店 店 铺 铺 program. With good QA, ideally they would be doing automated security testing to look for a backdoor in the ; ; upvoted 2 times 学 学 习 习 小 小 Sandon 8 months, 1 week店 ago 店 66 66 Bad Stoneface, bad upvoted 3 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #49 An organization has hired a red team to simulate attacks on its security posture. Which of the following will the blue team do after detecting an IoC? A. Reimage the impacted workstations. B. Activate runbooks for incident response. C. Conduct forensics on the compromised system. D. Conduct passive reconnaissance to gather information. 店 店 铺 Correct Answer: C 铺 ; ; 学 Community vote distribution 习 学 习 小 B (92%) 店 66 varun0 Highly Voted 小 店 8% 66 1 year ago Selected Answer: B Incident is detected, now incident response has to happen. Runbook describes everyone's roles during incident response. upvoted 31 times Sanj 7 months, 2 weeks ago This is a simulation - so the blue team has to do forensics not incident response upvoted 5 times stoneface 1 year ago agreed upvoted 5 times Wiggie Highly Voted 1 year ago Selected Answer: B B is correct upvoted 6 times RevolutionaryAct Most Recent 1 month, 2 weeks ago Selected Answer: B Forensics would never happen during or after a PenTest as not only do you know what the testers did as you hired them, but there are blue teams (defense), white (referees) and purple (red/blue mix) teams which are meant to work to stop and / or respond to the attack. The response to the IoC is what the blue needs to do and therefore the answer is B runbook. https://www.quora.com/Is-penetration-testing-a-part-of-cyber-forensic upvoted 1 times Protract8593 2 months ago Selected Answer: B After detecting an Indicator of Compromise (IoC), the blue team's primary action will be to activate runbooks for incident response. Incident response runbooks are predefined procedures and guidelines that outline the steps to be taken when specific security incidents are detected. These runbooks are essential for organizing and streamlining the response process to security incidents, including those identified through IoCs. upvoted 3 times 店 店 铺 铺 ; 学 习 ; 学 习 小 小 hence answers is B From the official book of Comptia 店 S+ "Blue team—performs the defensive role by operating monitoring and alerting" 店 66infiltration. 66 controls to detect and prevent the frejus 2 months, 3 weeks ago upvoted 1 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: B After detecting an Indicator of Compromise (IoC), the blue team would typically activate runbooks for incident response. Runbooks are predefined procedures or processes that guide the response actions to be taken when a security incident or compromise is detected. These runbooks outline the steps and actions to be followed, including notifying appropriate stakeholders, containing the incident, and initiating an investigation. upvoted 1 times Dan_26 4 months ago Answer is C. You've been compromised. There's an indicator it happened. The attack is over. It's in the past now. Whodunnit (attribution) is in the future and the evidence needs to be acquired by gathering evidence (forensics). This is straight out of law enforcement: murder/forensics/blame in that order. upvoted 1 times 淘宝店铺:https://shop63989109.taobao.com/ LeonardSnart 4 months, 1 week ago I thought since this is a pen test C would be right, but according to Mike Meyers B is correct. "Penetration tests are treated as an exercise between two teams. The red team is tasked with the job of performing the penetration testing. They’re the ones we more typically think of as the hacker types who use clever attacks and tools to get into other folks’ networks. Red teams emulate potential attacker techniques. But the red team is only part of the pen test exercise. Every good pen test also includes a blue team, the insider team, the defender if you will. Any good pen test isn’t just the red team against your infrastructure. Just as in a real-world attack, your inside folks, your blue team, would work actively to mitigate any attack—even one taking place in real time." Mike Meyers Security+ Cert Guide Third Edition SY0-601 upvoted 1 times TheWaraba 5 months, 1 week ago Read this article https://www.crowdstrike.com/cybersecurity-101/indicators-of-compromise/ioa-vs-ioc/ 店 店 铺 铺response. We can forensics later. IOC means the ; system has already been breached, the most logical thing to do is to start an incident ; 学 学 upvoted 3 times 习 习 小 小 monzie 5 months, 4 weeks ago 店 店 6 66 6 Selected Answer: C After detecting an Indicator of Compromise (IoC), the blue team will conduct forensics on the compromised system. Forensics analysis will enable the blue team to identify the root cause of the security incident and determine the extent of the damage. It can also help identify other compromised systems, as well as the tactics, techniques, and procedures (TTPs) used by the red team. Based on the findings, the blue team can then take appropriate steps to contain, mitigate, and remediate the incident. Reimaging the impacted workstations may be one of those steps, but it depends on the specific circumstances and the findings of the forensics analysis. Activating runbooks for incident response and conducting passive reconnaissance are also important steps, but they are not directly related to detecting and analyzing an IoC. upvoted 3 times C_M_M 6 months ago Forensics is primarily done to determine who is to blame. That's not the immediate next step. You should be more concerned with understanding the compromise, and limiting it. You can do so while ensuring that evidence is preserved. This is where incident response comes in. So the correct answer should B. upvoted 1 times Bruised_Warlock 6 months ago I think the keyword here is IOC (Indicator of Compromise). I will use the analogy as follows, just because you are showing early signs of diabetes does not make you a diabetic until you go to a doctor and are diagnosed a diabetic. The system shows signs of a compromise, however, it does not make this an incident until the Blue Team in this scenario performs forensics to confirm the signs of a compromise and then call it an incident. My answer would be C. Since, now it is confirmed an incident, we would then activate the runbooks for incident response. upvoted 1 times princajen 6 months, 2 weeks ago Selected Answer: B From ChatGPT: the BEST answer to this question depends on the specific context of the scenario. If the organization wants to contain the attack quickly and prevent further damage, reimaging the impacted workstations or activating runbooks for incident response may be the more appropriate immediate response. Forensics analysis may come later, after the incident has been resolved, to help the organization identify any gaps in its security posture and improve its response to future incidents. upvoted 1 times ronniehaang 7 months, 3 weeks ago Selected Answer: B B. Activate runbooks for incident response. 店 店 铺 铺 After detecting; an Indicator of Compromise (IoC), the blue team will activate runbooks for incident response. The purpose of runbooks is to have 学 and repeatable process to respond to security incidents. The blue team will;use学the runbooks to assess the scope of a systematic, documented, 习 习 the attack, contain it, and minimize damage. The runbooks will also help the blue team collect and preserve evidence, perform root cause analysis, 小 店The blue team will take the information gathered from the runbooks and use it to小improve 店 and restore normal operations. the organization's 6 6 security posture. 6 6 upvoted 5 times DALLASCOWBOYS 7 months, 4 weeks ago B. The blue team is the defense and will defend against the attack upvoted 2 times [Removed] 9 months, 1 week ago Selected Answer: C IoC = Forensics… Both answers seems fine but C answer could be right given the scenario (IoC). upvoted 2 times 560exam 9 months, 3 weeks ago Selected Answer: B Indicator of Compromise (IOC), Analysts detects that the system has been compromised, next step is to activate run books. Im going with B. 淘宝店铺:https://shop63989109.taobao.com/ upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #50 An amusement park is implementing a biometric system that validates customers' ngerprints to ensure they are not sharing tickets. The park's owner values customers above all and would prefer customers' convenience over security. For this reason, which of the following features should the security team prioritize FIRST? A. Low FAR B. Low e cacy C. Low FRR 店 店 铺 D. Low CER 铺 ; ; 学 Correct Answer: C 学 习 习 小 小 店 店 66 Community vote distribution 66 C (100%) varun0 Highly Voted 1 year ago Selected Answer: C since convenience should be prioritized over security, FIRST priority should be low FRR upvoted 16 times ScottT 1 year ago https://www.recogtech.com/en/knowledge-base/security-level-versus-user-convenience - FAR = False Acceptance. FRR = False Rejections upvoted 4 times stoneface 1 year ago concur upvoted 4 times rodwave Highly Voted 10 months, 2 weeks ago Selected Answer: C Answer: Low FRR There are two main metrics that are used to determine the performance of biometrics: 1. FAR (False Acceptance Rate) 2. FRR (False Rejection Rate) False Acceptance Rate (FAR) is a metric for bio-metric performance that determines the number of instances where unauthorized persons were incorrectly authorized. False Rejection Rate (FRR) is a metric that determines the number of instances where an authorized person are incorrectly rejected. If the emphasis is security, then making sure the False Acceptance Rate is low as a low FAR rate means a lower possibility for someone to be authorized who shouldn't. If the emphasis is convenience, then you'd want to make sure the False Rejection Rate is low as a low FRR means a lower possibility for someone to be rejected who should be authorized. upvoted 12 times 店 Bro ovski 铺Most Recent 5 days, 11 hours ago ;security = FRR (False Rejection Rate) convenience over 学 = FAR (False Acceptance Rate) security over convenience 习 小 upvoted 1 times 店 66 cyberbb 1 month, 4 weeks ago 店 铺 ; 学 习 小 店 66 real answe is C upvoted 1 times Protract8593 2 months ago Selected Answer: C In this scenario, where the amusement park owner values customers' convenience over security, the security team should prioritize a biometric system with a low False Rejection Rate (FRR). The False Rejection Rate is the percentage of legitimate users who are incorrectly denied access by the biometric system. A low FRR means that the biometric system is more lenient in accepting valid fingerprints, reducing the likelihood of customers experiencing inconvenience due to frequent false rejections. While this may slightly compromise security by allowing some potential ticket sharing, it aligns with the park's focus on customer convenience. upvoted 1 times ApplebeesWaiter1122 2 months, 3 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: C The False Rejection Rate (FRR) measures the likelihood of a biometric system incorrectly rejecting a valid user. A low FRR means that the system will have fewer instances of denying access to legitimate customers, minimizing inconvenience for park visitors. While security is still important, in this particular case, the park owner's preference for customer convenience takes precedence. By prioritizing a low FRR, the security team can prioritize a seamless and user-friendly experience, ensuring that valid customers are not mistakenly rejected when trying to access the park. upvoted 1 times BevMe 5 months, 1 week ago Selected Answer: C Low FRR minimizes customer inconvenience while maintaining an acceptable level of security. upvoted 1 times 店 店 铺 A. False Acceptance ; Rate, means you are falsely accepting unauthorized users, therefore, park owner铺wants ; to prioritize convenience over security. 学 学 This will allow for convenience. 习 习 小 小 店authorized users which would impact convenience. 店 FRR would be falsely rejecting 6 66 6 upvoted 2 times DALLASCOWBOYS 7 months, 4 weeks ago DALLASCOWBOYS 7 months, 4 weeks ago C. Changing answer to Low FRR, as you decrease False rjection rate you will increase the rate of false acceptance, therefore more convenience. upvoted 1 times i_m_Jatin 7 months, 4 weeks ago Low FRR is good answer upvoted 1 times Sklark 11 months ago Could you imagine the uproar of a zoo storing fingerprint data? upvoted 6 times J_Ark1 10 months ago yes all the habitats and species going bananas in their enclosures lol upvoted 5 times Tjank 12 months ago Selected Answer: C FAR (False Acceptance Rate) FRR (False Rejection Rate) CER (Crossover Error Rate) AKA ERR (Equal Error Rate) since he is willing to sacrifice Security for Customer Service, Best way to understand this is. FAR has to go up in order for FRR to go down. typical business practice is in the middle of both which would be near the CER. upvoted 1 times banditring 1 year ago why would an amusement park even do this? upvoted 3 times darklion 5 months, 2 weeks ago universal does this upvoted 1 times 店 铺 ; 2 weeks ago RobV 11 months, 学 习 verifies guests. Disneyworld fingerprint 小 店 upvoted 3 times 66 RonWonkers 1 year ago For the same reason some dude in a math test buys 50 watermelons upvoted 26 times gladtam 6 months ago This is hilarious hahaha upvoted 1 times banditring 11 months, 4 weeks ago touche lol upvoted 1 times Wutan 1 year ago awesome :D 店 铺 ; 学 习 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ upvoted 1 times varun0 1 year ago Low CER? upvoted 2 times varun0 1 year ago Disregard this upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #51 Which of the following organizations sets frameworks and controls for optimal security con guration on systems? A. ISO B. GDPR C. PCI DSS D. NIST Correct Answer: D 店 店 铺 Community vote distribution ; 学 D (87%) 习 小 店 varun0 铺 ; 学 习 13% 小 店 66 66 1 year ago Highly Voted Selected Answer: D NIST I guess upvoted 17 times Tjank Highly Voted 12 months ago Both ISO and NIST have Frameworks for standards. when searching parts of the question "sets frameworks and controls for optimal security configuration" only NIST came up specifically. I personally hate these type of questions as I would utilize both to build from. upvoted 15 times LePecador 2 months, 1 week ago I would choose NIST just because the questions is stating "frameworks" not "standards" (ISO is a standard) I know is weird, but CompTIA is equally weird with these vague questions upvoted 3 times rodwave 10 months, 2 weeks ago Agreed, not a huge fan of the question either. The question only mentions security where both ISO and NIST would cover but I would lean towards NIST as its specifically for improving cybersecurity. upvoted 3 times sujon_london Most Recent 1 month, 2 weeks ago Selected Answer: D Once mentioned security that’s should be recon it’s NIST upvoted 1 times Protract8593 2 months ago Selected Answer: D NIST (National Institute of Standards and Technology) is the organization that sets frameworks and controls for optimal security configuration on systems. NIST is a non-regulatory agency of the United States Department of Commerce and plays a significant role in developing standards and guidelines for various aspects of information security, including cybersecurity best practices and security configuration. upvoted 5 times Tiazzed 2 months ago 店 铺 I think ist nist upvoted 1 times ; 学 习 months, 3 weeks ago ApplebeesWaiter1122 2小 店 Selected Answer: D 66 店 铺 ; 学 习 小 店 66 The organization that sets frameworks and controls for optimal security configuration on systems is NIST (National Institute of Standards and Technology). NIST provides guidelines, standards, and best practices for various aspects of cybersecurity, including security configuration management. Their publications, such as the NIST Special Publication 800-53, provide detailed controls and recommendations for securing information systems and protecting sensitive data. ISO (International Organization for Standardization) develops and publishes international standards for various industries, including cybersecurity, but it does not specifically focus on security configuration management. upvoted 1 times JAMBER 4 months ago Selected Answer: D Very vague question for such broad reaching organizations. I went with D- NIST, but ISO seemed very likely as well. upvoted 1 times goodmate 6 months ago 淘宝店铺:https://shop63989109.taobao.com/ National versus international. Some frameworks are used within a single country (and referred to as national frameworks), while others are used internationally. As an example, NIST created the Cybersecurity Framework, which focuses on cybersecurity activities and risks within the United States. In contrast, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) create and publish international standards. For example, ISO/IEC 27002 provides a framework for IT security. Source: Darill Gibson, ComptiaSecurity+ SY0-501 Study Guide, page: 690 upvoted 2 times Omi0204 6 months, 2 weeks ago https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/security-frameworks/ NIST answer would be D upvoted 1 times 店 店 铺 铺 ; ; 学 学 ronniehaang 7 months, 3 weeks ago 习 习 小 Selected Answer: D 小 店 店 D. NIST (National Institute of Standards and Technology) sets frameworks and controls for optimal security configuration on systems. NIST provides guidelines, standards, and best practices for information security, including the development of security configuration baselines for various technologies, such as operating systems and applications. upvoted 3 times 66 66 DALLASCOWBOYS 7 months, 4 weeks ago D. NIST ( National Institute of Standards and Technology) is the standard used by organizations to establish fundamental controls and processes needed for optimum cybersecurity upvoted 2 times i_m_Jatin 7 months, 4 weeks ago National Institute of Standards and Technology upvoted 1 times [Removed] 8 months, 1 week ago Selected Answer: D https://sopa.tulane.edu/blog/NIST-cybersecurityframework#:~:text=The%20National%20Institute%20of%20Standards,and%20how%20it%20is%20implemented. upvoted 1 times shitgod 9 months ago The quality of this question is quite low... upvoted 9 times Knowledge33 11 months, 1 week ago Selected Answer: D ISO is for all standards, not only security, whereas NIST is only related to security. upvoted 5 times housecoatjapan 6 months, 1 week ago Not true, but just memorize it. The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical science laboratory programs that include nanoscale science and technology, engineering, information technology, neutron research, material measurement, and physical measurement. From 1901 to 1988, the agency was named the National Bureau of Standards.[4] upvoted 1 times 店 店 铺 铺 ; Wutan 1 year ago学 Selected Answer: A ; 学 习 习 小 店 I'd also say its ISO as the question does not state any cybersecurity related information only general security. upvoted 2 times 66 jmb335 1 year ago I think its NIST, they created the "CSF Cybersecurity Framework" to help organizations manage risk. upvoted 3 times 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #52 An organization discovered les with proprietary nancial data have been deleted. The les have been recovered from backup, but every time the Chief Financial O cer logs in to the le server, the same les are deleted again. No other users are experiencing this issue. Which of the following types of malware is MOST likely causing this behavior? A. Logic bomb B. Cryptomalware C. Spyware 店 店 铺 铺 D. Remote access Trojan ; ; 学 学 习 习 小 Correct Answer: A 店 66 Community vote distribution 小 店 66 A (100%) cozzmo Highly Voted 1 year ago Logic bomb: a set of instructions secretly incorporated into a program so that if a particular condition is satisfied they will be carried out, usually with harmful effects. upvoted 20 times varun0 1 year ago Agreed upvoted 3 times rodwave Highly Voted 10 months, 2 weeks ago Selected Answer: A Answer: Logic Bomb A logic bomb is inserted code that will intentionally set off a malicious function when specified conditions are met. In this question, the logic bomb could be related to when the CFO logs in as no other user is experiencing this issue. ================================== Helpful info: Cryptomalware - A type of ransomware that will encrypt user's files and demand a random Spyware - a form of malware that hides on your device, monitors activity and steals sensitive information. Remote Access Trojan (RAT) - malware an attacker uses to remotely control an infected computer upvoted 11 times Protract8593 Most Recent 2 months ago Selected Answer: A A logic bomb is a type of malicious code that is intentionally inserted into a system or software application with the purpose of executing a malicious action at a specific time or when certain conditions are met. In this scenario, the files with proprietary financial data are being deleted every time the Chief Financial Officer logs in to the file server, suggesting that the deletion is triggered by a specific action, which is characteristic of a logic bomb. upvoted 1 times 店 店 铺 铺 ApplebeesWaiter1122 2 months, 3 weeks ago ; ; 学 学 Selected Answer: A 习 习 小 小is a type of malware that is Based on the given scenario, the most likely type of malware causing this behavior is a logic bomb. A logic bomb 店 店when the Chief Financial programmed to execute a malicious 66 action when specific conditions are met. In this case, the logic bomb is triggered 66 Officer (CFO) logs into the file server, resulting in the deletion of the proprietary financial data. upvoted 1 times ronniehaang 7 months, 3 weeks ago Selected Answer: A A. Logic bomb is most likely causing this behavior. A logic bomb is a type of malware that triggers an action based on certain conditions. In this scenario, the files with proprietary financial data are being deleted every time the Chief Financial Officer logs in to the file server, which is a clear indication of a logic bomb in action. This type of malware is designed to cause harm to a target system and can have devastating effects, including data loss and system shutdown. upvoted 2 times DALLASCOWBOYS 7 months, 4 weeks ago A. Logic bomb. Attack is triggered when certain conditions are met. upvoted 1 times 淘宝店铺:https://shop63989109.taobao.com/ xxxdolorxxx 8 months ago Selected Answer: A I'm saying A. Circumstance happens when a specific set of sequences takes place. I.e. Logic Bomb. . B. Cryptomalware (No mention of crypto here) C. Spyware (No mention of spying or ads specific ads) D. Remote access Trojan (Not really applicable here) upvoted 1 times nobodyridesforfree 11 months, 1 week ago Selected Answer: A Logic Bomb is correct as it requires a specific action to occur. upvoted 1 times alayeluwa 11 months, 2 weeks ago 店 铺 店 铺 Selected Answer: A ; ; 学 Logic bomb 学 习 习 小 小 If user-account = chief-financial-officer; Execute bla bla bla upvoted 3 times 店 店 66 66 Fastytop 11 months, 2 weeks ago Logic bomb not the types of malware!!! upvoted 1 times VendorPTS 11 months, 4 weeks ago Selected Answer: A Logic bomb. Occurs upon meeting preset criteria (e.g. a particular user logging on). upvoted 1 times Gravoc 1 year ago Logic bomb. When set criteria's/conditions are met, something happens. The condition in this case is the files being accessed = erase. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #53 A security analyst has identi ed malware spreading through the corporate network and has activated the CSIRT. Which of the following should the analyst do NEXT? A. Review how the malware was introduced to the network. B. Attempt to quarantine all infected hosts to limit further spread. C. Create help desk tickets to get infected systems reimaged. D. Update all endpoint antivirus solutions with the latest updates. 店 铺 店 铺 ; ; 学 Correct Answer: B 学 习 习 小 小 店 Community vote distribution 店 66 66 B (97%) varun0 Highly Voted 1 year ago Selected Answer: B Quarantine to limit further spread upvoted 16 times rodwave 10 months, 2 weeks ago Highly Voted Selected Answer: B Answer: Attempt to quarantine all infected hosts to limit further spread. As soon as the malware was identified, the incident response begins. The steps for incident response are: 1. Preparation - Preparing for an attack and how to respond 2. Identification - Identifying the threat 3. Containment - Containing the threat 4. Eradication - Removing the threat 5. Recovery - Recovering affected systems 6. Lessons Learned - Evaluating the incident response, see where there can be improvements for a future incident. In the scenario, the malware has already been identified, which means that we are past the Identification step. The next step would be to begin containment as to limit the amount of damage the malware can cause, so, quarantining infected hosts would be the best option here. upvoted 11 times Roosey Most Recent 1 month, 2 weeks ago Selected Answer: B Quarantine upvoted 1 times Protract8593 2 months ago Selected Answer: B When a security analyst identifies malware spreading through the corporate network and activates the Computer Security Incident Response Team (CSIRT), the immediate next step should be to attempt to quarantine all infected hosts to limit further spread of the malware. Quarantining infected hosts can help contain the malware and prevent it from infecting other systems on the network. upvoted 1 times 店 店 铺 ; ApplebeesWaiter1122 2 months, 3 weeks ago 学 Selected Answer: B 习 小 店 铺 ; 学 习 小 店 When a security analyst has identified malware spreading through the corporate network and activated the Computer Security Incident Response Team (CSIRT), the next step would be to attempt to quarantine all infected hosts to limit further spread. This is crucial to prevent the malware from infecting more systems and potentially causing additional damage. upvoted 1 times 66 66 RileyG 4 months, 1 week ago Selected Answer: B The sensible next step is to isolate the malware to prevent spread. AKA quarantine the incident. upvoted 1 times Jacs 5 months, 1 week ago Selected Answer: C Could be C because the plan was already activated and one phase included in the IRP states that the threat must be identified and contained which means trying to avoid spreading the virus to the entire company. Then the next logical step must be to reimage the infected PCs. upvoted 1 times RevolutionaryAct 2 weeks, 4 days ago 淘宝店铺:https://shop63989109.taobao.com/ Nope, all that has happened is that the malware was identified and CSIRT was notified: 1. Preparation - Preparing for an attack and how to respond 2. Identification - Identifying the threat << You are here 3. Containment - Containing the threat << Need to go here 4. Eradication - Removing the threat 5. Recovery - Recovering affected systems << Too far into the future 6. Lessons Learned - Evaluating the incident response, see where there can be improvements for a future incident. upvoted 1 times DALLASCOWBOYS 7 months, 4 weeks ago B. Quarantine to limit the spread upvoted 1 times sauna28 9 months, 2 weeks ago 店 店 铺 铺 ; ; Phases in the Incident 学 Response Plan 学 习 习 1. Preparation: The organization plans out how they will respond to attack, this can involve: 小 小 2. Identification: Detecting and determining whether an incident has occurred. 店 店 The removal of the 3. Containment: Once a threat has6been identified, the organization must limit or prevent any further damage. 4. Eradication: 66 6 threat Selected Answer: B 5. Recovery: Restoring systems affected by the incident 6. Lessons Learned: Where the organization reviews their incident response and prepare for a future attack upvoted 2 times lordguck 10 months, 4 weeks ago This question is free for interpretation again :-( A is my bet, whereas B (containment)/C (recovery) could be right, too. By activating the CSIRT his duties regarding containment and recovery could be fullfilled/handed over and the analyst goes to "lessons learnt". upvoted 1 times Jossie_C 10 months, 3 weeks ago Nope. Step 4 isn't urgent unlike quarantining. It's like COVID: quarantine everyone infected, which is containment, then figure out what happened. upvoted 1 times RonWonkers 1 year ago Selected Answer: B Incident response cycle, step 2 identification > step 3 containment upvoted 3 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #54 During an incident response, an analyst applied rules to all inbound tra c on the border rewall and implemented ACLs on each critical server. Following an investigation, the company realizes it is still vulnerable because outbound tra c is not restricted, and the adversary is able to maintain a presence in the network. In which of the following stages of the Cyber Kill Chain is the adversary currently operating? A. Reconnaissance B. Command and control C. Actions on objective 店 店 铺 D. Exploitation 铺 ; ; 学 Correct Answer: C 学 习 习 小 店 66 Community vote distribution B (89%) stoneface 小 店 Highly Voted 66 7% 1 year ago Selected Answer: B Command and control (C2)—establishment of outbound communications from a victim system for secure communications between victim and adversary systems. Compromised hosts typically beacon out and await further instruction or exploit when higher order interaction or data exchange is required. This is the hallmark of advanced persistent threat (APT) attacks and data exfiltration. upvoted 27 times varun0 Highly Voted 1 year ago Selected Answer: B able to maintain a presence in the network = C2 upvoted 8 times IT__noob Most Recent 1 month, 1 week ago While "Command and control" (answer B) is a valid consideration, the scenario you provided primarily indicates that the adversary has already bypassed the initial security measures and is maintaining a presence in the network. This aligns more closely with the "Actions on objective" stage, as they are actively carrying out their malicious activities. "Command and control" generally refers to the stage where the attacker establishes communication channels and controls compromised systems remotely. In your scenario, the attacker has already progressed beyond this stage by maintaining a presence and potentially interacting with the network. It's important to note that incident response and cyber threat scenarios can be complex, and stages might overlap or evolve. In the given context, "Actions on objective" seems to be the most appropriate stage based on the information provided. upvoted 4 times TreeeSon 1 week, 2 days ago Actions on objective is assuming that the attacker has performed malicious actions. However, this isn't stated in the question. Although C seems logical; this is CompTIA we CANNOT assume anything. upvoted 1 times narensnair 1 month, 1 week ago 店 铺 店 铺 ; ;might originate from an effected end The c2c is established, 学 team blocked all inbound ports, but no action taken against outbound traffic that 习suspects still the attack is going on point to the next stage of action on object or学data 习 exfiltration or any such malicious point, if the organization 小 小 action 店 店 upvoted 1 times 66 66 Selected Answer: C RevolutionaryAct 1 month, 2 weeks ago Selected Answer: C If it was Command and Control, then the adversary could not communicate with the internal network from the outside, however because they are in the network and affecting outgoing traffic they have completed actions on objectives: https://www.eccouncil.org/cybersecurity-exchange/threat-intelligence/cyber-kill-chain-seven-steps-cyberattack/ upvoted 1 times Protract8593 2 months ago Selected Answer: B In the scenario described, the adversary has already breached the network and is maintaining a presence. The fact that outbound traffic is not restricted allows the adversary to communicate with their command and control (C2) servers without hindrance. By maintaining this communication, the attacker can control and continue their operations within the network. upvoted 2 times ApplebeesWaiter1122 2 months, 3 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: B In the given scenario, the incident response team implemented rules on inbound traffic and applied ACLs on critical servers. This indicates that the organization has taken measures to address the initial entry point and potential exploitation of their systems. However, the adversary is still able to maintain a presence in the network, suggesting that they are communicating and controlling their activities from within the network. The "Command and control" stage of the Cyber Kill Chain involves the adversary establishing communication channels and control mechanisms to manage their presence in the compromised environment. By maintaining this control, they can continue their malicious activities and work towards achieving their objectives, which may include data exfiltration, further network compromise, or other malicious actions. upvoted 2 times Abdul2107 5 months, 1 week ago Selected Answer: B Check this, it’s clear: https://en.m.wikipedia.org/wiki/File:Intrusion_Kill_Chain_-_v2.png upvoted 1 times 店 铺 店 铺 ; ; C_M_M 6 months学 ago 学 习 习 Why not Action on Objective? 小 店 so C2 is essentially blocked. Even though the malware can communicate with 小 店 center, it's unable to They have locked out all inbound, its control 6 66 recieve commands when all inbound 6 traffic is blocked. However, if the malware is at the stage of Action on Objective, which often includes data exfiltration, just outbound traffic is enough for the malware to keep operating. I will go for Action on Objective. upvoted 4 times Vulturized 4 months, 3 weeks ago You have answered your own question "Action on Objective, which often includes data exfiltration". Does the test question state they have done any exfiltration any other kind of action? No. Also, all incoming traffic being blocked does not mean they cannot communicate with the system at all. The compromised system can be the one to initiate the communication and most of the time firewalls will allow incomming traffic if the session was iniated from inside outwards. Therefore, all the hackers would have to do is wait and listen on a port for the malware to connect to it. And then they will be able to do the next step, which would be Action on Objective. upvoted 2 times Nishkurup 6 months, 1 week ago Selected Answer: B Phases of the Cyber Kill Chain Process Phase 1: Reconnaissance Phase 2: Weaponization Phase 3: Delivery Phase 4: Exploitation Phase 5: Installation Phase 6: Command and Control In Command & Control, the attacker is able to use the malware to assume remote control of a device or identity within the target network. In this stage, the attacker may also work to move laterally throughout the network, expanding their access and establishing more points of entry for the future. Phase 7: Actions on Objective In this stage, the attacker takes steps to carry out their intended goals, which may include data theft, destruction, encryption or exfiltration. upvoted 4 times EricShon 7 months, 3 weeks ago Selected Answer: B Command and control (C2 or C&C)—the weaponized code establishes an outbound channel to a remote server that can then be used to control the remote access tool and possibly download additional tools to progress the attack. upvoted 1 times 店 铺 ronniehaang 7 months, 3 weeks ago ; Selected Answer: B 学 店 铺 ; 学 习 习 characterized by the adversary The adversary is currently 小 operating in the Command and Control (C2) stage of the Cyber Kill Chain. This stage is小 establishing and maintaining 店 persistent access to the target network, often through outbound traffic. By maintaining店 a presence in the network, the 66 and exfiltrate data from the target network, even though inbound traffic is restricted. 66 adversary is able to receive instructions upvoted 1 times DALLASCOWBOYS 7 months, 4 weeks ago Another tricky ansewer, but B is the best answer as the question indicates the attacker still has the presence in the network. While the outbound port is still open for communication, which means the attacker still could exfiltrate data, which would suggestion Actions on Objective, the question does not say the attacker is exfiltrating data. upvoted 1 times its_melly 9 months, 1 week ago Selected Answer: D At this stage the installation of a remote access Trojan or backdoor on the victim system allows the adversary to maintain persistence inside the environment. https://www.usprotech.com/7-essential-steps-cybersecurity-kill-chainprocess/#:~:text=Step%205%3A%20INSTALLATION,maintain%20persistence%20inside%20the%20environment. 淘宝店铺:https://shop63989109.taobao.com/ upvoted 2 times Nome02 9 months, 4 weeks ago C2 is confirmed correct answer as it is mentioned "adversary is able to maintain a presence in the network". upvoted 1 times bengy78 10 months, 1 week ago They have it right C. C2 (B) is for establishing the outbound connection, C per Comptia Certmaster would be correct to transfer data "7. Actions on objectives—in this phase, the attacker typically uses the access he has achieved to covertly collect information from target systems and transfer it to a remote system (data exfiltration). An attacker may have other goals or motives, however" upvoted 1 times rodwave 10 months, 2 weeks ago Selected Answer: B Answer: Command and control 店 店 铺 铺 Command and control is when a data channel has to be established been a compromised host to the attackers central control software so that the attacker will be able to remotely control the host. This is generally done from inside the target network. ; ; 学 学 习 习 小 小versa. Generally you cannot Connections initiated from inside of the company network are ,in most cases, allowed by the firewalls, but not vice 店 connect from the outside so easily. 66So, in many documented attacks identifying the command and control channel in店firewall 66 or DNS logs was actually the first proof that indicated the presence of compromised systems and it's still one of the first methods of detecting apts in your network. upvoted 4 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #55 A recent security breach exploited software vulnerabilities in the rewall and within the network management solution. Which of the following will MOST likely be used to identify when the breach occurred through each device? A. SIEM correlation dashboards B. Firewall syslog event logs C. Network management solution login audit logs D. Bandwidth monitors and interface sensors 店 店 铺 Correct Answer: A 铺 ; ; 学 Community vote distribution 习 学 习 小A (100%) 店 66 varun0 Highly Voted 小 店 66 1 year ago Selected Answer: A SIEM could tell when the breach occurred in firewall AND in network management solution upvoted 30 times stoneface 1 year ago I concur upvoted 6 times Protract8593 2 months ago Most Recent Selected Answer: A A SIEM (Security Information and Event Management) system is designed to collect, analyze, and correlate log and event data from various devices and applications across the network. In the context of the given scenario, a SIEM system would be the most appropriate tool to identify when the breach occurred through each device (firewall and network management solution). In contrast, SIEM correlation dashboards can aggregate and correlate logs from multiple sources, allowing security analysts to piece together the timeline of events and detect anomalies and potential breaches more effectively. This makes it the most appropriate option for identifying when the breach occurred through each device in the given scenario, according to the CompTIA Security+ SY0-601 exam objectives. upvoted 2 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: A SIEM correlation dashboards collect and analyze security event logs from various devices and systems within an organization's network, including firewalls and network management solutions. By aggregating and correlating these logs, the SIEM can identify patterns and anomalies that may indicate a security breach. This can help in pinpointing the timeframe in which the breach occurred through each device. upvoted 1 times MGMKING 5 months, 2 weeks ago SIEM (security information and event management) dashboards are the windows into the SIEM datastore, a collection of information that can tell you where attacks are occurring and provide a trail of breadcrumbs to show how the attacker got into the network and moved to where they are now. SIEM systems act as the information repository for information surrounding potential and actual intrusions. During an investigation, the SIEM system can provide a host of information concerning a user, what they have done, and so on. The fundamental purpose of a SIEM system is to provide alerts and relevant information to incident response teams that are investigating incidents. If something happens that initiates an investigation, and the SIEM system has no relevant information, then this suggests that the SIEM and its component elements need better tuning to provide meaningful surveillance of the system for potential problems. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #56 Which of the following is the FIRST environment in which proper, secure coding should be practiced? A. Stage B. Development C. Production D. Test Correct Answer: A 店 店 铺 Community vote distribution ; 学 B (87%) 习 小 店 varun0 铺 ; 学 习 9% 小 店 66 Highly Voted 66 1 year ago Selected Answer: B Development The developer has to start writing secure code from beginning itself. Which will then be tested, staged and finally production upvoted 24 times comeragh Highly Voted 12 months ago Selected Answer: B Development, Testing, Staging, Production upvoted 12 times redrio6 Most Recent 1 week, 2 days ago Selected Answer: B Development, Secure coding should be practiced at all times. The only times practice code should be used is in IED away from the environment upvoted 1 times RevolutionaryAct 1 month, 2 weeks ago Selected Answer: B https://livecodestream.dev/post/development-testing-staging-production-whats-the-difference/#when-is-security-considered-in-theapplication-development-cycle When Is Security Considered in the Application Development Cycle? Security should always be considered at any stage and in any environment. This means that developers need to think about security when they are coding, and they should also be aware of the potential risks of the libraries and frameworks they are using. upvoted 1 times Protract8593 2 months ago Selected Answer: B In the software development lifecycle, secure coding practices should be implemented and practiced from the very beginning, which is the development stage. This ensures that security is built into the software from its inception and throughout the development process. By integrating security practices early in the development phase, potential vulnerabilities can be identified and addressed before the software moves on to other stages like testing, staging, or production. This approach helps reduce the risk of security flaws and ensures that the final product is more secure. upvoted 3 times 店 店 铺 铺 ; ; Haykinz 2 months, 1 week ago 学 Selected Answer: A 学 习 习 小 店 Laying emphasis on the proper , secure coding. I’ll code A over B. 66 小 店 66 A staging environment is very similar to a production environment, but it is used for testing purposes before the application is launched in production. This environment tries to simulate as much as possible the final production environment, so tests in staging are more accurate(PROPER) than tests done in development upvoted 1 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: B The Development environment is where software applications and systems are built and coded. It is the initial stage of the software development life cycle (SDLC) where developers write, test, and debug code. Implementing secure coding practices in the Development environment helps to ensure that security considerations are integrated from the early stages of application development. By following secure coding practices during development, such as input validation, secure data handling, and proper use of encryption, developers can mitigate common vulnerabilities and weaknesses that could be exploited in later stages. This proactive approach reduces the likelihood of introducing security flaws and weaknesses that can lead to security breaches and incidents in subsequent environments like Testing, Staging, and Production. 淘宝店铺:https://shop63989109.taobao.com/ upvoted 1 times Givemore 3 months ago Selected Answer: B Development upvoted 1 times Yawannawanka 5 months ago The FIRST environment in which proper, secure coding should be practiced is in the development environment, option B. It is important to implement secure coding practices from the beginning of the software development process, as it is more cost-effective to address security issues early in the development lifecycle rather than later in production or post-production. Secure coding practices can help prevent security vulnerabilities such as injection attacks, buffer overflows, and cross-site scripting. While testing, staging, and production environments are important for ensuring the functionality and stability of the code, secure coding practices should be implemented from the start in the development environment to ensure a strong foundation for the software. (ChatGpt generated answer) upvoted 2 times 店 铺 Omi0204 6 months, 2 weeks ago ; 店 铺 ; 学 B 学 习 习 小 小programming, you also need to Secure coding is more than just writing, compiling, and releasing code into applications. To fully embrace secure 店 店 and services and create a secure development environment built on a reliable and secure IT infrastructure using secure hardware, software, 66 66 providers. upvoted 2 times princajen 6 months, 2 weeks ago Selected Answer: D B. Development Testing and staging are important steps in the software development life cycle, but they come after the development stage, and should not be the first environments where secure coding is practiced. upvoted 1 times geekneek 7 months, 1 week ago Selected Answer: B B. Development: Proper, secure coding practices should be implemented and followed in the development environment first. This is because it is during the development phase that the code is written and tested before it is deployed to production. By incorporating secure coding practices during development, vulnerabilities, and potential security threats can be identified and addressed before the code is deployed to production, reducing the risk of security incidents. upvoted 1 times [Removed] 7 months, 2 weeks ago WhatsApp +1(409)223 7790 PASS CIPP,CIPM,CIPT EXAMS,PAY AFTER PASS RESULTS https://ittca.org/pass-cipp-e-exam/ Book for online proctor exam and we’ll remotely take the exam for you. Pay us after confirmation of results ITTCA.org upvoted 1 times DALLASCOWBOYS 7 months, 4 weeks ago B. Development which is the 1st step and secure practicing code should be used in all phases. upvoted 1 times [Removed] 8 months ago GET CERTIFIED. 100%PASS GUARANTEED. WhatsApp +1(409)223 7790 1. COMPTIA (network+ security+) 店 铺 ; 学 3: IAPP Certifications (CIPP/ CIPM, CIPT) 店 铺 2: GMAT,GRE exams ; 学 习 小 店 6 CRISC) 4: ISACA certifications (CISA,CISM/ 6 5: EC-COUNCIL Certification (CEH , CCISO ) 6: PMI (PMP/CAPM/ACP/PBA ,RMP) 7: IMA (CMA certification) 8: CIA,IFRS, CERTIFICATIONS 9: ACCA,CFA,ICAEW certifications 10: ISO certification 11 PASS CISSP EXAM 12. CSCP CERTIFICATION 习 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Book for online proctor exam and we’ll remotely take the exam for you. Pay us after confirmation of results ITTCA.org WhatsApp +1(409)223 7790 upvoted 1 times nul8212 9 months, 1 week ago Selected Answer: A The question needs to ask what the first step of the environment is. It asks for the first step before the software is ready to get sold. Staging: ensure quality assurance before we roll it out to production. upvoted 1 times Sandon 8 months, 1 week ago Wrong, it does not ask for the first step before the software is ready to get sold. upvoted 2 times 店 铺 ; 店 铺 ; Nirmalabhi 9 months, 3 weeks ago 学 学 习 习 小 in the environment stages. its pretty straight forward development is the first stage店 66 upvoted 1 times Selected Answer: A 店 小 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #57 A cloud service provider has created an environment where customers can connect existing local networks to the cloud for additional computing resources and block internal HR applications from reaching the cloud. Which of the following cloud models is being used? A. Public B. Community C. Hybrid D. Private 店 店 铺 Correct Answer: C 铺 ; ; 学 Community vote distribution 习 学 习 小 店 C (75%) varun0 Highly Voted 66 D (21%) 小 店 4% 66 1 year ago Selected Answer: C Hybrid cloud since internal network and cloud computing is combined upvoted 20 times T_dawg 6 months, 2 weeks ago hybrid is private and public cloud, not private cloud and internal network. D. Private upvoted 3 times okay123 10 months, 1 week ago Highly Voted Selected Answer: C See because they mentioned internal HR + External Customers = Hybrid upvoted 10 times RevolutionaryAct 1 month, 2 weeks ago No mention of the word "external" so it could be the onsite client making it private upvoted 1 times AmesCB 1 month, 3 weeks ago Most Recent chat GPT says: In a Hybrid Cloud environment, a cloud service provider offers a combination of both private and public cloud services. It allows customers to connect their existing local networks (private cloud) to the cloud provider's infrastructure (public cloud) for additional computing resources, scalability, and flexibility. upvoted 1 times Protract8593 2 months ago Selected Answer: C The scenario described in the question where customers connect their existing local networks to the cloud for additional computing resources and block internal HR applications from reaching the cloud is an example of a hybrid cloud model. A hybrid cloud model combines both private and public cloud services, allowing organizations to take advantage of the benefits of both environments. In a hybrid cloud model, certain applications and data can be kept in a private cloud, which offers greater control, security, and customization, while other applications and data can be hosted in the public cloud, which provides scalability and cost-efficiency. The two environments are connected through encrypted and secure connections, enabling seamless data exchange between them while maintaining the necessary security and access controls. upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: C 66 小 店 66 The Hybrid cloud model combines both public and private cloud environments to meet specific business requirements. In this case, the cloud service provider has created an environment where customers can connect their existing local networks (private cloud) to the cloud provider's infrastructure (public cloud) for additional computing resources. The mention of blocking internal HR applications from reaching the cloud suggests that there is a separation between the customer's private network and the resources available in the cloud. This is a characteristic of the Hybrid cloud model, where certain sensitive or critical applications and data are kept within the private cloud, while utilizing the scalability and flexibility of the public cloud for other non-sensitive workloads. upvoted 1 times yummysec 4 months, 1 week ago Selected Answer: C I think C is the correct answer. in my opinion hybrid solution is a mix of on prem and hybrid upvoted 2 times Yawannawanka 5 months ago 淘宝店铺:https://shop63989109.taobao.com/ The cloud model being used in this scenario is option C, hybrid cloud. A hybrid cloud is a combination of two or more cloud deployment models, typically a mix of private, public, and/or community clouds, that remain unique entities but are bound together by standardized technology. In this scenario, the cloud service provider is providing a way for customers to connect their existing local networks (which would typically be private clouds) to the cloud service (which could be a public or community cloud) for additional computing resources. This is an example of a hybrid cloud deployment. Additionally, the provider is also blocking internal HR applications from reaching the cloud, which is a common security practice in a hybrid cloud environment where sensitive applications and data are kept on-premises to provide additional control and security. upvoted 1 times SHAKERRAB93 5 months, 1 week ago A customer utilizing the service provided by the 3rd party SP would be using a public local network, the SP is providing the ability to block HR from reaching the network providing the client with a private environment? Public networks= large amount of users ( employees) Private network= Restricted user access (HR) Public + private=Hybrid I might be wrong let me know. upvoted 2 times 店 店 铺 ; 铺 ; 学 学 习 习 The cloud model being used 小 in this scenario is Hybrid cloud. 小 店 店 6 66 with one or more Hybrid cloud is a cloud computing6environment that combines a private cloud environment (i.e., on-premises data center) FreK 5 months, 2 weeks ago public cloud environments (i.e., third-party cloud service providers). In a hybrid cloud environment, the private and public cloud environments are integrated, and data and applications can be shared between them. In this scenario, the cloud service provider has created an environment that allows customers to connect their existing local networks (i.e., private cloud) to the cloud service provider's environment (i.e., public cloud) for additional computing resources. This integration between the private and public cloud environments is characteristic of a hybrid cloud environment. Additionally, the cloud service provider has blocked internal HR applications from reaching the cloud, which is an example of how security can be managed in a hybrid cloud environment. By limiting access to certain applications and data, organizations can maintain control over sensitive information while still leveraging the benefits of cloud computing. upvoted 1 times Confuzed 5 months, 2 weeks ago Selected Answer: A I'm going to swim against the current here. Connecting your private network to the cloud does not make it a private cloud. AWS is a public cloud provider, and has tons of customers who connect their private networks to it. For this to be a private cloud, the vendor would have had to create multiple environments (one per customer) not 'an' environment. The fact that the customers can block HR applications is irrelevant. I could do that all day long on AWS, Azure, or GCP and it doesn't make the private or hybrid. Therefore, this is a public cloud provider. upvoted 2 times Kraken84 1 month, 2 weeks ago "for additional computing resources" should be the giveaway. upvoted 1 times Dutch012 4 months, 2 weeks ago Agree with ya, I was surprised by their answers upvoted 1 times arrowphoto7604493ahmed 5 months, 4 weeks ago 店 铺 店 铺 ; ; their existing local networks to the cloud The cloud service provider 学 in this scenario is providing an environment that allows customers to connect 学 习 resources. At the same time, the provider is also blocking internal HR applications 习 for additional computing from accessing the cloud, which 小 小 indicates that the cloud environment is not fully open to the public. 店 店 66 66 Selected Answer: C Therefore, the cloud model being used in this scenario is a hybrid cloud. Hybrid cloud is a cloud computing model that combines public cloud and private cloud infrastructure, allowing data and applications to be shared between them. In this case, the local network of the customer is a private cloud, and the cloud environment provided by the service provider is a public cloud. The combination of these two clouds makes a hybrid cloud. upvoted 2 times JagamonFiya 7 months ago Was anyone else looking for RodWave opinion/explanation on this? upvoted 6 times gladtam 6 months ago Yes, where did he go? Lol upvoted 1 times ronniehaang 7 months, 3 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: C C. Hybrid. A hybrid cloud model combines a private cloud with a public cloud and is used by organizations that need to keep some data and applications in-house for privacy, security, or regulatory reasons, but also want to take advantage of the scalability and cost-effectiveness of public cloud services for other workloads. In this scenario, the customer has connected their existing local network to the cloud for additional computing resources and has taken steps to block certain internal applications from reaching the cloud, which indicates that the hybrid cloud model is being used. upvoted 1 times DALLASCOWBOYS 7 months, 4 weeks ago C. A Hybrid cloud is a mixture of private and public cloud components. Example, an org. can host a private cloud for exclusive internal use, but distribute some resources on a public cloud for business partners, customers, etc. upvoted 2 times [Removed] 8 months, 1 week ago Selected Answer: C 店 店 Hybrid cloud refers to a combination of at least 2 computing environments that share information with one another and run a uniform series of applications for a business or enterprise. Those environments may include: At least 1 private cloud and at least 1 public cloud. 2 or more private clouds. 2 or more public clouds. upvoted 2 times 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 ZDW 8 months, 1 week ago 66 I see people keep saying that a "public cloud" isn't mentioned but is that not what a "Clous Service Provider" is? A Cloud Service Provider (public cloud) has created an environment for customers sounds like either public or hybrid (only because it does not expressly say there is a private cloud at all) upvoted 2 times viksap 9 months, 1 week ago Selected Answer: D Hybrid is combination for Public and Private but question doesn’t have that mentioned so I’m going with D upvoted 1 times [Removed] 8 months ago Private is the internal HR upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #58 An organization has developed an application that needs a patch to x a critical vulnerability. In which of the following environments should the patch be deployed LAST? A. Test B. Staging C. Development D. Production 店 店 铺 Correct Answer: C 铺 ; ; 学 学 习 Community vote distribution Highly Voted 小 店 D (85%) varun0 习 小 66 店 66 Other 1 year ago Selected Answer: D LAST place to deploy the patch is production upvoted 22 times stoneface Highly Voted 1 year ago Selected Answer: D Production should be the last place where to apply patches as you have already tested properly upvoted 12 times BlackSpider Most Recent 2 days, 19 hours ago Selected Answer: D The correct answer is: D. Production In a typical software development lifecycle, patches or updates are first applied in development, then tested in the test environment, and finally moved to staging for further validation. Production is the last environment where updates are applied to ensure that they are stable and won't cause disruptions to live services. upvoted 1 times J0EL 4 days, 16 hours ago Selected Answer: A A. Test Deploying patches should always start with the testing environment before deployment to the production environment. Testing provides an opportunity to evaluate the impact of the patch on the intended systems and also ensures that the patch is working as intended. The testing environment should replicate the production environment as closely as possible, including hardware and software configurations, network topology, and any other relevant factors that may affect the application's functionality. Once the patch has been successfully tested, it can be deployed to the staging and production environments following established change control procedures. upvoted 1 times 店 铺 malibi 3 weeks ago ; Selected Answer: C 学 店 铺 ; 学 习 习 stage right? you can apply a rephrasing the question, is小 like where would you last apply a patch...... you will not apply a patch on the development 小 店apply a patch during patch during staging, you can店 apply a patch during testing and or during production.... but you will most likely will not 6 66 development! this is the last thing 6 you would do! upvoted 1 times RevolutionaryAct 2 weeks, 4 days ago You would still need to go through change management and such, and test to make sure it doesn't break your systems, so no, Production. upvoted 1 times koolkids4life 1 month, 1 week ago It's Production upvoted 1 times Kraken84 1 month, 2 weeks ago BARD"The patch should be deployed to the production environment last. This is because the production environment is the most critical environment and should only be patched after the patch has been thoroughly tested in the staging and testing environments." 淘宝店铺:https://shop63989109.taobao.com/ upvoted 2 times RevolutionaryAct 1 month, 2 weeks ago Selected Answer: C https://livecodestream.dev/post/development-testing-staging-production-whats-the-difference/#when-is-security-considered-in-theapplication-development-cycle When Is Security Considered in the Application Development Cycle? Security should always be considered at any stage and in any environment. This means that developers need to think about security when they are coding, and they should also be aware of the potential risks of the libraries and frameworks they are using. upvoted 1 times RevolutionaryAct 2 weeks, 4 days ago Whoops wrong question this went to, I hate this site's setup. I meant to pick D Production. upvoted 1 times 店 铺 ; 店 铺 ; Protract8593 2 months ago 学 学 习 习 小 小 patches, should be In the software development 店 life cycle, the production environment is the last environment where changes, including 店 66 66 deployed. The software is fully developed, tested, and ready to be used by end-users in the production environment. Deploying patches directly Selected Answer: D to the production environment without proper testing in lower environments (such as development, staging, and testing) can introduce risks and potentially disrupt critical operations. The idea behind deploying patches to lower environments first is to identify and mitigate any potential issues or conflicts with existing systems, so that the production environment remains stable and secure. upvoted 1 times JohanLondon 2 months, 3 weeks ago Beta testing In this testing environment, the software is released to a limited number of real-world users outside the organization to obtain their feedback which is then forwarded back to developers to optimize and improve the release as needed before releasing to all users. upvoted 1 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: D Once the patches have been tested and verified in these lower environments, they can be deployed in the Production environment. The Production environment is the live or operational environment where the application is used by end-users or customers. It is crucial to ensure that the patches have been thoroughly tested and verified before deploying them in the Production environment to minimize any potential disruptions or issues. upvoted 1 times fouserd 4 months, 2 weeks ago Selected Answer: D The patch should be deployed LAST in the D. Production environment. The production environment is where the application is used by end-users and is critical to the organization’s operations. Before deploying the patch to the production environment, it should be thoroughly tested in the development, test, and staging environments to ensure that it fixes the vulnerability and does not introduce any new issues. Once the patch has been successfully tested and validated in these environments, it can be deployed to the production environment. upvoted 1 times Yawannawanka 5 months ago The patch should be deployed LAST in the production environment, option D. Production environments are the live systems that are used by customers or end-users, and any changes made to these systems can potentially impact business operations and customer experience. Therefore, it is important to thoroughly test and validate any patches or updates in lower environments such as development, test, and staging before deploying them to production. This allows for any issues or bugs to be identified and fixed before they can cause harm to the production environment. Once the patch has been thoroughly tested and validated in lower environments, it can then be deployed to the production environment as the final step in the release process. (chatGPT generated answer) upvoted 1 times 店 店 铺 铺 ; ; 学 习 SueySauce 5 months, 3 weeks ago 小 店 学 习 小 店 6 6 The first part of the question kinda6throws me off because the Staging phase is the best place to test new patches before6deploying. However, the Selected Answer: D key words to focus on are in the second part especially the the word "LAST". Production phase is the last stage when developing an application. upvoted 1 times examrobo 5 months, 3 weeks ago Selected Answer: D Going with stoneface i think the guy who voted B just wants to start confusion upvoted 1 times MasterControlProgram 6 months, 2 weeks ago Selected Answer: B The correct answer is B. Staging. The patch should be deployed last in the staging environment, which is typically an environment where the patch is tested before being released to production. This allows the organization to ensure that the patch does not have any adverse effects on the production environment, and that it 淘宝店铺:https://shop63989109.taobao.com/ is effective in addressing the vulnerability. Once the patch has been tested and validated in the staging environment, it can be deployed in production. upvoted 3 times Ruthless937 2 weeks, 2 days ago which means production stage would be the LAST stage to deploy the patch. picked the wrong answer yet somehow explained the correct answer anyways. upvoted 1 times ThomasKong 7 months, 1 week ago Logically, you dare to patch the critical update in Production phase ?... The down time, Change all have the process which is spend more time. How about the dev phase ? you can do whatever you want, and test out what impact for the patches and roll back . PROD ? dude, time to write incident report to management. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #59 An organization is building backup server rooms in geographically diverse locations. The Chief Information Security O cer implemented a requirement on the project that states the new hardware cannot be susceptible to the same vulnerabilities in the existing server room. Which of the following should the systems engineer consider? A. Purchasing hardware from different vendors B. Migrating workloads to public cloud infrastructure C. Implementing a robust patch management solution D. Designing new detective security controls 店 店 铺 铺 ; ; 学 Correct Answer: B Community vote distribution Highly Voted 习 小 小 店 A (80%) Gravoc 学 习 66 店 10% 66 7% 1 year ago Don't let this one trip you up. A seems to be too easy of an answer, but it's A. Part of the reason it tripped me up is anytime I learned about vender diversity, it was always in the context of anti-malware, SIEM, NIDS, etc. Never dawned on me that vendor diversity also applies to physical hardware, but it makes sense. Vender diversity is a part of the swiss cheese model, or defense-in-depth. Having your production server, and your backup server running identical configurations means that there's two perfectly aligned holes in the swiss cheese model. Meaning the integrity of the backup server cannot be trusted in the event of an attack that damages or shuts down the production server. Different hardware is a defense layer that gives the defenders a buffer time to get their operation back in order, and defend against potentially inbound attacks on the backup server. upvoted 11 times Strykar Highly Voted 1 year ago Selected Answer: A It's A. Who's answering these questions? upvoted 6 times Demilitarized_zone 10 months, 4 weeks ago help me ask please.... i feel the owners of this platform should get professionals to answer these questions. Many of the answers are clearly wrong. upvoted 4 times Ggonza3 10 months, 2 weeks ago I think that they're not allowed to outright post the correct answers, hence why this website is community based. upvoted 4 times Kraken84 1 month, 2 weeks ago they need to be for this to not be TOO perfect of a place to join and DISCUSS all these wonderful questions. upvoted 1 times Dtimap Most Recent 5 days, 16 hours ago Selected Answer: A B cannot be correct. The question states they are purchasing and building new server rooms. Hence, utilizing a cloud for data storage conflicts with the statement that they are purchasing their own equipment and creating their own physical facility. Go with A upvoted 1 times 店 铺 ; 店 铺 ; 学 学 RevolutionaryAct 1 习 month, 2 weeks ago 习 小 小 Selected Answer: A 店 店 66 the public cloud is using, no right to audit, no right to patch, no right to run scans, 6etc. It's A because you have no idea what 6 and for all you know they are using the same hardware as you and have zero control over it as opposed to buying your own hardware. upvoted 2 times Protract8593 2 months ago Selected Answer: D The organization is building backup server rooms in geographically diverse locations to enhance redundancy and business continuity. The Chief Information Security Officer (CISO) wants to ensure that the new hardware in these backup server rooms does not have the same vulnerabilities as the existing server room. To address this requirement, the systems engineer should consider designing new detective security controls. Detective controls are designed to identify and detect potential security incidents or vulnerabilities. By implementing new detective controls in the backup server rooms, the organization can continuously monitor for any vulnerabilities that might exist in the hardware or software and take appropriate actions to mitigate them. 淘宝店铺:https://shop63989109.taobao.com/ Why it's not A according to ChatGPT (which has been fed the CompTIA Security+ SY0-601 exam objectives and is insistent that D is the correct answer for this question): upvoted 2 times Protract8593 2 months ago Option A, which suggests purchasing hardware from different vendors to ensure vendor diversity, may indeed provide some level of protection against vulnerabilities that are specific to a particular vendor's hardware or software. Vendor diversity can reduce the risk of a single point of failure and can introduce variations in security implementations across different products. However, the CISO's requirement is specifically focused on ensuring that the new hardware in the backup server rooms is not susceptible to the same vulnerabilities as the existing server room. While vendor diversity can be a valuable strategy for increasing overall resilience, it does not guarantee that all the hardware from different vendors will be free from the same vulnerabilities present in the existing environment. upvoted 1 times Protract8593 2 months ago Vulnerabilities can arise from various sources, such as misconfigurations, software bugs, or design flaws, and they may exist across multiple vendors' products. Therefore, relying solely on vendor diversity to address the CISO's requirement may not be sufficient. 店 铺 店 铺 ; ; comprehensive approach to address the Designing new 学detective security controls, as mentioned in option D, can be a more proactive and 学 习 These controls will continuously monitor and detect vulnerabilities or potential 习 issues in the new hardware, specific requirement. security 小 小 regardless of the vendor. 店By doing so, the organization can take appropriate actions to mitigate any risks effectively. 店 66 66 In summary, while vendor diversity can be part of an overall security strategy, it may not fully address the CISO's requirement to ensure that the new hardware in the backup server rooms is not susceptible to the same vulnerabilities as the existing server room. Therefore, designing new detective security controls would be a more direct and suitable approach to meet the specified requirement. upvoted 1 times Dan_26 4 months ago They're BUYING hardware. You rent in the cloud. So the answer is A. Buy it from someone else. A Palo Alto firewall will have different problems than a Fortigate, as an example. An Aruba switch will be different from a Cisco. upvoted 3 times McLobster 5 months, 2 weeks ago An organization is building backup server rooms in geographically diverse locations. The Chief Information Security Officer implemented a requirement on the project that states the new hardware cannot be susceptible to the same vulnerabilities in the existing server room. Which of the following should the systems engineer consider? The question itself gives away the answer it mentions "the new hardware" cannot be susceptible... So pretty much get different hardware. The answer is A. upvoted 1 times Saphi 6 months ago "An organization is building backup server rooms" The exact reason why it can't be C. I agree that Cloud would be the most resilient to downtime but the point is that if they're building a new server room it has to be A. upvoted 1 times MasterControlProgram 6 months, 2 weeks ago Selected Answer: A To ensure that the new hardware is not susceptible to the same vulnerabilities as the existing server room, the systems engineer should consider purchasing hardware from different vendors. This approach will increase the likelihood that any vulnerabilities present in the existing hardware will not be present in the new hardware. upvoted 1 times princajen 6 months, 2 weeks ago Selected Answer: C 店 C. Patch management 铺 店 铺 ; ; vendors does not guarantee that This is because vulnerabilities can exist in hardware from any vendor, and purchasing hardware from different 学 学 习 vulnerabilities will not习 be present in the new backup server rooms. 小 小 upvoted 1 times 店 店 66 66 z3phyr 5 months, 3 weeks ago The requirement is to avoid the *same* vulnerabilities that exist with the current hardware. Purchasing hardware from a different vendor may introduce new vulnerabilities, but if so they would almost certainly different ones. upvoted 1 times ThomasKong 7 months, 1 week ago Purchasing hardware from different vendors what relate to below ? "susceptible" ? "same vulnerabilities in the existing server room" ? change vendor can add more safe percentage% to HA ? I will go to B. Cloud . upvoted 1 times CTE_Instructor 6 months, 3 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ The organization is already building new server rooms, so putting your backups on the cloud is not necessary. If there is a vulnerability in Unifi equipment or Palo Alto equipment, then having another vendor's equipment that does not have that same vulnerability will increase defense in depth. Don't put all your eggs in one basket. upvoted 1 times brewoz404sd 7 months, 3 weeks ago The answer is C, not A at all! Different hw does nothing to mitigate failure or vulnerabilities. Migrating some infrastructure / workloads to cloud mitigates the SAME failure / vulnerabilities as the previous dc. C! upvoted 2 times [Removed] 8 months, 1 week ago Selected Answer: A "new hardware cannot be susceptible to the same vulnerabilities in the existing server room" upvoted 2 times 店 铺 jhfdkjshfkjdsho 9 months, 1 week ago ; Selected Answer: B 店 铺 ; 学 学 习 习 solution. Different vendors can use 小 similar chips. It says "geographically diverse locations" That is why the cloud is the best 小 店 店 upvoted 3 times 66 66 RevolutionaryAct 1 month, 2 weeks ago Except you have no idea what systems the public cloud uses, so no upvoted 1 times blacktaliban 10 months, 3 weeks ago Different vendors different hardware ,different vulnerabilities upvoted 3 times Libraboy 11 months, 1 week ago Selected Answer: A "....that states the new hardware cannot be susceptible to the same vulnerabilities..." emphasis on the new hardware! upvoted 3 times _bishalk__ 12 months ago Vendor diversity. Ans is A. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #60 A security analyst is working on a project to implement a solution that monitors network communications and provides alerts when abnormal behavior is detected. Which of the following is the security analyst MOST likely implementing? A. Vulnerability scans B. User behavior analysis C. Security orchestration, automation, and response D. Threat hunting 店 店 铺 铺 ; ; 学 Correct Answer: B 学 习 小 店 Community vote distribution 66 B (71%) Nirmalabhi 习 小 Highly Voted 店 66 C (28%) 9 months, 3 weeks ago Selected Answer: B Not 100% sure but i will go with B. User behavior Analysis. Reason: As per Comptia objectives, User behavior Analysis comes under SIEM. Well as the Question asks whats most likely the solution being implemented hence User behavior analysis seems to be the direct answer. SOAR simply means you are adding automation and servers handle the security tasks automatically and take action. happy to discuss. Some of the question are to confuse so i ll stick to most direct connection in this case. B upvoted 20 times Sepu 1 year ago Highly Voted Selected Answer: B B. SOAR will react to the alert. upvoted 17 times deeden 9 months, 3 weeks ago You mean C. SOAR ? upvoted 5 times RevolutionaryAct Most Recent 1 month, 2 weeks ago initially I thought it was SOAR but as I read this now I am believing it is B. User behavior analysis as it does not detect anomalies in behavior. SOAR is low level/signature based https://www.technology.org/2019/04/30/siem-ueba-and-soar-whats-the-difference/ SOAR technologies meet the need for a missing component of SIEM tools, which is the ability to take action against malicious activity. SIEM tools can flag suspicious behavior, however, problems such as false positives and incident prioritization can deter from their proper use. SOAR tools allow for automated responses to low-level incidents and correct incident prioritization. Because of their ability to orchestrate information from many different sources, SOAR systems also provide a greater level of efficiency and effectiveness to an organization’s information security defenses. upvoted 1 times 店 店 铺 铺 ; 学 sujon_london 1 month, 2 weeks ago Selected Answer: B 习 小 店 ; 学 习 小 店 BA would be right answer as here directly nothing to do with automation or orchestration. The configurations of various Behavior analysis settings will helps SIEM to detect anomalies and alert based on that. upvoted 1 times 66 66 Protract8593 2 months ago Selected Answer: B I'm going to go with B. ChatGPT keeps switching between B and C. User behavior analysis involves monitoring and analyzing network communications to identify abnormal behavior or patterns that may indicate a security threat. It helps in detecting suspicious activities, such as unusual login patterns, data access attempts, or unauthorized network access, and raises alerts to security analysts for further investigation. Why C is apparently wrong: C. Security orchestration, automation, and response (SOAR) involves automating incident response processes, but it is not directly related to monitoring network communications for abnormal behavior. upvoted 2 times 淘宝店铺:https://shop63989109.taobao.com/ streak007 2 months, 1 week ago Selected Answer: C The question is asked system that sends the alert after detecting the abnormality in user behaviour which is SIEM upvoted 1 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: B User behavior analysis involves monitoring and analyzing network communications, user activities, and system behavior to identify patterns and anomalies. By analyzing user behavior, such as login patterns, access patterns, data transfer activities, and other network interactions, abnormal behavior can be detected. This can help identify potential security incidents, unauthorized access, insider threats, and other suspicious activities. Implementing a solution that monitors network communications and provides alerts for abnormal behavior aligns with the goals of user behavior analysis. It helps enhance the organization's security posture by detecting and responding to potential security incidents in real-time. upvoted 2 times 店 LeonardSnart 4 months, 1 week ago 铺 ; 店 铺 ; 学 学 network- and server-type events, "SIEMS are systems built 习to apply rules to sets of data with respect to specific patterns. Traditionally this meant 习 小 that alerted an operator that the system was not responding in a normal manner...Advances 小 in user behavioral failures, and other conditions 店 店 do it. If every day, upon analysis has provided another interesting use of the SIEM: monitoring what people do with their systems and how they 6 6 6 6 beginning work, the Selected Answer: B accountants start the same programs, then when an accountant account logs in and does something totally different, like accesses a system they have never accessed before, this indicates a behavioral change worth looking into." Comptia Security+ Exam Guide Sixth Edition SY0-601 by Conklin et al. SOAR on the other hand is automated with playbooks, not what this question is asking about. upvoted 1 times Yawannawanka 5 months ago The security analyst is MOST likely implementing option B, user behavior analysis. User behavior analysis is a type of security solution that uses machine learning and artificial intelligence to monitor network communications and identify abnormal behavior that may indicate a security threat. By analyzing patterns in user behavior, the solution can detect anomalies and generate alerts for further investigation by security personnel. This type of solution is commonly used in network security operations centers (SOCs) to enhance threat detection capabilities and reduce the time it takes to detect and respond to security incidents. Options A, C, and D are different types of security solutions that may also be implemented by security analysts, but they are not specifically related to monitoring network communications for abnormal behavior. upvoted 1 times arrowphoto7604493ahmed 5 months, 4 weeks ago Selected Answer: B The security analyst is most likely implementing a User Behavior Analysis (UBA) solution, which uses machine learning and statistical analysis techniques to monitor network traffic and detect abnormal user activity that deviates from the normal behavior of users in the network. UBA solutions can identify threats such as insider threats, compromised user accounts, and malware infections that might be missed by traditional security controls like firewalls and antivirus software. The solution will generate alerts when it detects abnormal behavior, which can be used to trigger further investigation by the security team. upvoted 3 times MasterControlProgram 6 months, 2 weeks ago Selected Answer: B The security analyst is most likely implementing a user behavior analysis solution, which monitors network communications and provides alerts when abnormal behavior is detected. Answer: B. User behavior analysis. upvoted 1 times Ahmed_aldouky 6 months, 3 weeks ago Selected Answer: B 店 店 User behavior analysis (UBA) is a type of security solution that monitors network communications and user activities to detect abnormal behavior and potential threats. UBA solutions use machine learning and artificial intelligence algorithms to establish a baseline of normal user behavior and identify deviations from this baseline that could indicate potential security threats. 铺 铺 ; ; 学 学 习 习 小 小 Vulnerability scans, security orchestration, automation, and response (SOAR), and threat hunting are different types of security solutions that are not directly related to monitoring network communications and detecting abnormal behavior. 店 66 店 66 Vulnerability scans are automated tools that identify vulnerabilities and weaknesses in a system or network. SOAR solutions automate incident response and security operations workflows to increase efficiency and reduce response time. Threat hunting involves actively searching for threats and vulnerabilities that may not be detected by traditional security solutions. Therefore, the security analyst is most likely implementing user behavior analysis to monitor network communications and detect abnormal behavior. upvoted 3 times Nishkurup 6 months, 3 weeks ago Selected Answer: B the security analyst is most likely implementing User Behaviour Analytics (UBA) solution. UBA is a security solution that uses machine learning algorithms and statistical analysis to identify abnormal behaviour patterns of users on the network. It monitors the user's activity, including logins, file accesses, and network traffic, and compares the behaviour against a baseline of expected behaviour for that user or group. When UBA detects an abnormal behaviour pattern, it generates an alert that can be used by security analysts to investigate and respond to potential threats or security incidents. UBA can help identify insider threats, compromised accounts, and other unauthorized activity on the network. On the other hand, SOAR solutions are focused on automating淘宝店铺:https://shop63989109.taobao.com/ and orchestrating security processes to improve incident response time, reduce manual efforts, and improve the overall security posture. SOAR solutions typically include incident response playbooks, automation workflows, and integration with other security solutions such as SIEM, NIDS, and endpoint detection and response. upvoted 2 times tebirkishaw 7 months, 3 weeks ago Selected Answer: B There is no automation of tasks going on, just an alert. Nothing is being fixed. Has to be B upvoted 3 times DALLASCOWBOYS 7 months, 4 weeks ago C. SOAR. upvoted 1 times P0wned 8 months, 3 weeks ago 店 店 铺 The security analyst (SOAR). ; is most likely implementing security orchestration, automation, and response 铺 ; SOAR solutions are designed to monitor 学 and provide alerts when abnormal behavior is detected. SOAR solutions typically 学use artificial intelligence and machine network communications 习 习 learning to analyze network traffic and identify potential security threats. They can also be configured to take automated 小 小 responses, such as blocking malicious traffic or quarantining suspicious files, to help protect the network. 店 店 66 66 Selected Answer: C Vulnerability scans, user behavior analysis, and threat hunting are all important security practices, but they are not specifically related to monitoring network communications and providing alerts when abnormal behavior is detected. upvoted 2 times LaoX 8 months, 3 weeks ago Selected Answer: B Seems to me like something for IDS. The IDS is a particular procedure that is used to identify intruders by analyzing user behavior in the system after the user logged in. It identifies user suspicious behavior as an intrusion or normal behavior but the SOAR helps coordinate, execute and automate tasks between various people and tools all within a single platform. Totally different purpose. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #61 Data ex ltration analysis indicates that an attacker managed to download system con guration notes from a web server. The web-server logs have been deleted, but analysts have determined that the system con guration notes were stored in the database administrator's folder on the web server. Which of the following attacks explains what occurred? (Choose two.) A. Pass-the-hash B. Directory traversal C. SQL injection D. Privilege escalation 店 店 铺 铺 E. Cross-site scripting ; F. Request forgery ; 学 学 习 习 小 小 店 店 66 Correct Answer: BD 66 Community vote distribution BD (84%) carpathia Highly Voted Other 10 months, 1 week ago Selected Answer: BD "admin's folder" - Priv escalation, + dir transversal. "database" is thrown in as a decoy for SQL answer. upvoted 12 times LO353 5 days, 21 hours ago database admin folder caught me out , upvoted 1 times rodwave Highly Voted 10 months, 2 weeks ago Selected Answer: BD Answer: B. Directory traversal & D. Privilege escalation Directory traversal is a type of HTTP exploit in which a hacker uses the software on a web server to access data in a directory other than the server's root directory. If the attempt is successful, the threat actor can view restricted files or execute commands on the server. Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. upvoted 10 times Protract8593 Most Recent 2 months ago Selected Answer: BD 1. Directory traversal: In a directory traversal attack, the attacker exploits improper input validation to access files and directories that are outside the intended directory. In this scenario, the attacker used directory traversal to access the database administrator's folder on the web server and download the system configuration notes. 2. Privilege escalation: Privilege escalation involves gaining higher-level privileges on a system to access resources or perform actions beyond the intended scope. In this case, the attacker likely escalated their privileges to gain access to the database administrator's folder and retrieve the system configuration notes. upvoted 1 times 店 铺 ; 4 weeks ago monzie 5 months,学 习 Selected Answer: BC 小 店 what occurred are: The two attacks that could explain 66 店 铺 ; 学 习 小 店 66 B. Directory traversal: This attack involves using a specially crafted input to access files or directories that are outside of the intended directory structure. In this scenario, it is possible that the attacker used a directory traversal attack to access the database administrator's folder on the web server and retrieve the system configuration notes. C. SQL injection: This attack involves injecting malicious SQL code into an application's input field, which can then be used to access or modify sensitive data in a database. It is possible that the attacker used a SQL injection attack to access the database administrator's folder on the web server and retrieve the system configuration notes. upvoted 1 times MasterControlProgram 6 months, 1 week ago Selected Answer: BD The two attacks that explain the scenario are: B. Directory traversal: Directory traversal is an attack in which an attacker can access files and directories that are stored outside the web root folder by manipulating a web application's input parameters, such as file paths or directory names. In this case, the attacker was able to access the system configuration notes by traversing to the database淘宝店铺:https://shop63989109.taobao.com/ administrator's folder on the web server. D. Privilege escalation: Privilege escalation is an attack in which an attacker gains elevated privileges to a system or network by exploiting a vulnerability or weakness. In this case, the attacker was able to access the database administrator's folder on the web server, which suggests that they may have escalated privileges to gain access to that folder. upvoted 1 times cutemantoes 7 months ago Selected Answer: BC Yes B and D sound correct. However, just because they accessed the notes from an admins folder still doesnt mean that a privilege escalation occurred. It does say that it was on the databases admin folder, making it seem as theres a database. Im on the fence between B and D, and B and C. upvoted 2 times LePecador 2 months, 1 week ago I'll choose B and D because priviledge escalation is related to lateral movement in which a cyberattacker moves deeper into a network in search of high-value assets. In this case, the system configuration notes in the database administrator's folder upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 ago G4ct756 11 months, 1 week 小 店 Selected Answer: CD 习 小 店 66 66 C & D, - c, the admin notes are stored in "the database", Will require SQLi to interact with DB. - d, need privilege to clear the system logs. upvoted 2 times hieptran 8 months, 2 weeks ago Read the question carefully. It clearly stated: "database administrator's folder". It has nothing to do with SQL injection. upvoted 1 times j0n45 1 year ago Selected Answer: BD Directory traversal and Privilege escalation. upvoted 5 times FT1 1 year ago B&D The simplest example of a directory traversal attack is when an application displays or allows the user to download a file via a URL parameter. upvoted 4 times Wiggie 1 year ago Selected Answer: BC B and C upvoted 1 times Wiggie 1 year ago Correction, B and D upvoted 2 times varun0 1 year ago Selected Answer: BD B & D seem to be correct. upvoted 3 times varun0 1 year ago 店 店 铺 铺 Also don't assume just because there's a db admin there'd be a database. DB or web application interface (XSS) is not a requirement for a web server, don't assume there is one. upvoted 1 times ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #62 A junior security analyst is conducting an analysis after passwords were changed on multiple accounts without users' interaction. The SIEM have multiple login entries with the following text: suspicious event - user: scheduledtasks successfully authenticate on AD on abnormal time suspicious event - user: scheduledtasks failed to execute c:\weekly_checkups\amazing-3rdparty-domain-assessment.py suspicious event - user: scheduledtasks failed to execute c:\weekly_checkups\secureyourAD-3rdparty-compliance.sh suspicious event - user: scheduledtasks successfully executed c:\weekly_checkups\amazing-3rdparty-domain-assessment.py Which of the following is the MOST likely attack conducted on the environment? A. Malicious script 店 店 B. Privilege escalation 铺 铺 ; C. Domain hijacking ; 学 学 习 习 小 D. DNS poisoning 小 店 店 66 Correct Answer: A 66 Community vote distribution A (78%) CertAddict69 Highly Voted B (21%) 1 year ago Selected Answer: A This is obviously A, malicious script. Look at the name of the script that is running: "amazing-3rdparty-domain-assessment.py" I'm sure they used the word amazing in the file name so that the script appears as a malicious script that is disguised as a 3rd party domain assessment script. upvoted 32 times 6R15 7 months, 1 week ago .py = Python script .sh = shell script So the attacker is trying to run malicious script, answer A upvoted 10 times Kraken84 1 month, 2 weeks ago Simplicity is key, thank you :) upvoted 1 times sujon_london 1 month, 2 weeks ago Agreed .py python based script upvoted 3 times DWISE1 Highly Voted 6 months ago just Passed with 799 please study everything here. if you can cram cram 90% came out from here. if you want to go through what came out with me reach me on linkdin israel olumese upvoted 14 times 店 店 铺 铺 Recent 3 weeks ago RogerW Most; ; 学is B, because the script, 学 I believe the answer 习 习 execute. However, on the second c:\weekly_checkups\amazing-3rdparty-domain-assessment.py is executed twice. On the first attempt, it failed to小 小 店 This means the user, scheduled task, privilege was elevated prior to successfully店executing the script. attempt it was successfully executed. 66 66 upvoted 1 times Protract8593 2 months ago Selected Answer: A The SIEM entries indicate that suspicious events related to scheduled tasks are occurring. Specifically, there are references to the successful and failed execution of scripts located in the "c:\weekly_checkups" directory. This suggests that a malicious script is being executed through scheduled tasks without user interaction, which can lead to unauthorized actions, data exfiltration, or other malicious activities on the affected systems. Options B (Privilege escalation), C (Domain hijacking), and D (DNS poisoning) are not directly supported by the evidence presented in the SIEM logs. While they could be potential threats in different scenarios, the logs provided in the question primarily point towards the execution of a malicious script through scheduled tasks. Why B is wrong according to ChatGPT: B. Privilege escalation: 淘宝店铺:https://shop63989109.taobao.com/ The SIEM logs do not indicate any activities related to unauthorized elevation of privileges. Privilege escalation typically involves gaining higherlevel access or permissions on a system, which is not evident from the provided logs. upvoted 1 times Kraken84 1 month, 2 weeks ago "In other words, ChatGPT arrives at an answer by making a series of guesses, which is part of why it can argue wrong answers as if they were completely true. While it's great at explaining complex concepts, making it a powerful tool for learning, it's important not to believe everything it says." https://www.makeuseof.com/openai-chatgpt-biggest-probelms/ upvoted 1 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: A Malicious script: The suspicious events indicate that a script named "amazing-3rdparty-domain-assessment.py" and "secureyourAD-3rdpartycompliance.sh" was executed by the user "scheduledtasks." These scripts were executed from the directory "c:\weekly_checkups." The fact that these scripts were executed without user interaction and resulted in changes to multiple account passwords suggests the presence of a malicious script that is responsible for the unauthorized password changes. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 Yawannawanka 5 months 小ago 小 店 店 The suspicious login Based on the provided information, 66the MOST likely attack conducted on the environment is option A, malicious script. 66 events indicate that a scheduled task was created on the compromised system, which executed two scripts (amazing-3rdparty-domain- assessment.py and secureyourAD-3rdparty-compliance.sh) that failed to execute and one script (amazing-3rdparty-domain-assessment.py) that successfully executed. This is a strong indication that a malicious actor or malware was responsible for the creation and execution of these scripts, possibly as a means of gathering information or establishing persistence on the compromised system. Privilege escalation is also a possibility, as the malicious actor or malware may have gained elevated permissions to create and execute the scheduled task and scripts, but the information provided does not provide conclusive evidence of this. Domain hijacking and DNS poisoning are less likely scenarios, as there is no information provided to suggest that the attacker attempted to take control of the domain or manipulate DNS records. upvoted 1 times Neither_you_nor_me 5 months, 2 weeks ago Selected Answer: A "scheduledtask" Entire process as the same user No indication of user changing here upvoted 1 times MasterControlProgram 6 months, 1 week ago Selected Answer: A Based on the provided information, the MOST likely attack conducted on the environment is A. Malicious script. The suspicious events indicate that a scheduled task was created on the affected machines, and a script was executed that appears to be assessing third-party domains and checking compliance. It is possible that this script was a malicious file downloaded and executed by the attacker or an authorized script that was tampered with to include a malicious payload. Further investigation is necessary to determine the root cause of the issue. upvoted 1 times princajen 6 months, 2 weeks ago Selected Answer: A The SIEM events suggest that a malicious script or set of scripts was used to change the passwords on multiple accounts without user interaction. The successful execution of a script called "amazing-3rdparty-domain-assessment.py" and the failed execution of other scripts may indicate that the attacker was using a variety of tools to achieve their objectives, rather than relying solely on privilege escalation. Therefore, based on the information provided, the most likely attack that was conducted on the environment is the use of a malicious script. upvoted 1 times Nishkurup 6 months, 3 weeks ago Selected Answer: B 店 店 Based on the provided information, it is more likely a Privilege Escalation attack rather than a Malicious Script attack. The reason being, the suspicious event logs show that a user account named "scheduledtasks" was able to successfully authenticate on AD at an abnormal time, which indicates that the user account had sufficient privileges to perform the authentication. The account was then able to execute a script related to 3rd party domain assessment, which suggests that the account had elevated privileges on the system. In a Privilege Escalation attack, an attacker gains access to a low-level user account and attempts to elevate their privileges to gain access to more sensitive data or resources. Attackers can abuse scheduled tasks by creating malicious tasks to execute code, such as backdoors or malware, with system-level privileges. By gaining access to a privileged scheduled task, attackers can bypass security controls and execute arbitrary code. upvoted 1 times 铺 铺 ; ; 学 学 习 习 小 店 66 Nishkurup 6 months, 1 week ago After more research, I think its malicious script upvoted 1 times gladtam 6 months ago I love how you corrected yourself. thank you upvoted 1 times scarceanimal 7 months, 3 weeks ago Selected Answer: A "amazing-3rdparty-domain-assessment.py" lol they put amazing hilarious 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ upvoted 1 times hsdj 7 months, 3 weeks ago passwords were changed on multiple accounts without users' interaction - looks like privileged account activity to me upvoted 1 times hsdj 7 months, 3 weeks ago option "malicious script" is not TYPE of attack! so my answer is privilege escalation B upvoted 1 times CTE_Instructor 6 months, 3 weeks ago While the changed passwords potentially could be privilege escalation, there is definitely malicious scripts occurring that were recorded in the SIEM logs. Objective 6.1 covers "Malicious code or script execution", including python (.py), bash (.sh), powershell (.ps1), visual basic (.vba), and macro scripts. 店 店 铺 铺 ; ; Because the prompt has clear malicious scripts that were blocked by the security software, and the lack of proof of privilege escalation, I'm more inclined to select A as the correct answer. In reality, it was probably a combination of privilege escalation and malicious scripts that truly occurred here. upvoted 1 times 学 学 习 习 小 小 店 店 66 66 asum 8 months, 1 week ago Selected Answer: B It is talking about attack. So B upvoted 2 times farisAl 8 months, 2 weeks ago Selected Answer: A execute c:\weekly_checkups\amazing-3rdparty-domain-assessment.py The .py at the end gave it away it's a malicious script upvoted 2 times LaoX 8 months, 3 weeks ago Selected Answer: A Definitely A: Malicious Scripts. Cos look at these: 1. weekly_checkups\secureyourAD-3rdparty-compliance.sh 2. scheduledtasks, and 3. amazing3rdparty-domain-assessment. All those are definitely malicious names that results in password changes. upvoted 1 times rhocale 9 months, 1 week ago agreed this is a malicious script you can tell this bc of the .PY at the end meaning Pythin script upvoted 1 times [Removed] 9 months, 4 weeks ago Selected Answer: A I also agree that's an A upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #63 A customer service representative reported an unusual text message that was sent to the help desk. The message contained an unrecognized invoice number with a large balance due and a link to click for more details. Which of the following BEST describes this technique? A. Vishing B. Whaling C. Phishing D. Smishing 店 店 铺 Correct Answer: D 铺 ; ; 学 Community vote distribution 习 学 习 小D (100%) 店 66 comeragh Highly Voted 小 店 66 1 year ago Selected Answer: D Agree with D being correct here upvoted 11 times varun0 1 year ago Agreed upvoted 2 times Protract8593 Most Recent 2 months ago Selected Answer: D The correct answer is D. Smishing. Explanation: - Vishing (A) is a social engineering technique where attackers use voice calls to deceive individuals into revealing sensitive information or performing certain actions. - Whaling (B) is a form of phishing that targets high-profile individuals, such as executives or CEOs, to steal sensitive information or gain access to valuable assets. - Phishing (C) is a broad term for social engineering attacks where attackers use emails, messages, or websites that appear to be from a reputable source to deceive recipients into providing sensitive information or performing actions. - Smishing (D) is a specific type of phishing that uses SMS or text messages to trick individuals into clicking malicious links, disclosing personal information, or taking other harmful actions. In the given scenario, the unusual text message containing a link to click for more details is characteristic of a smishing attempt, making option D the correct answer. upvoted 3 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: D Smishing is a form of phishing that specifically targets individuals through text messages (SMS). In this case, the customer service representative received an unusual text message containing a suspicious invoice number and a link to click for more details. This aligns with the characteristics of a smishing attack, where the attacker uses text messages to deceive and manipulate individuals into divulging sensitive information or performing actions that compromise their security. upvoted 1 times 店 铺 ; 学 7 months, 3 weeks ago DALLASCOWBOYS 习 小 D. Smishing is phishing via text 店 66 upvoted 2 times 店 铺 ; 学 习 小 店 66 xxxdolorxxx 8 months, 1 week ago Smishing = Text Message upvoted 2 times Orean 11 months ago Selected Answer: D Pretty straightforward. Smishing, a portmanteau of SMS and phishing, is a specific type of phishing done via text messaging, and it's commonly used to orchestrate invoice scams or otherwise harvest credentials. upvoted 3 times 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #64 Which of the following actions would be recommended to improve an incident response process? A. Train the team to identify the difference between events and incidents. B. Modify access so the IT team has full access to the compromised assets. C. Contact the authorities if a cybercrime is suspected. D. Restrict communication surrounding the response to the IT team. 店 店 铺 Correct Answer: A 铺 ; ; 学 学 Community vote distribution 习 A (80%) 小 习 小 B (20%) 店 店 66 hazeleyes Highly Voted 66 1 year ago Selected Answer: A A is correct. this training can help CSIRT to know whether to trigger IR mechanisms and reduce instances of false alert. With B - I don't really see why giving the IT team access can be beneficial, as this could very likely violate least privilege principle. upvoted 7 times varun0 Highly Voted 1 year ago Selected Answer: B B according to me upvoted 5 times BM9904 1 year ago I agree this step comes before training your team in the process upvoted 2 times cymm 10 months, 3 weeks ago Any change after a comprise may not be possible. Only way to guarantee full access would be to modify before hand. Then you would violate principle of least privilege. upvoted 2 times vidwj Most Recent 1 month, 1 week ago A is correct upvoted 1 times Kraken84 1 month, 2 weeks ago Why do so many put so much faith in a human fed machine that learns by our own code that we teach it to learn from? The data sets used to educate an AI are literally fed by humans. Why would we put all faith in such a concept? It is cool and all and can help with my sports bets, but I cannot bargain my 380$ for ChatGPT, BARD or any other AI's opinions. Because in essence, AI, as a Deep/Machine Learning model only knows what we 'INSTRUCT' it too. From that instruction comes opinion and argument. Try it, they will argue with you. We can feed it all the data in the world but the MACHINE that LEARNS (which is coded by humans) has limits. https://fortune.com/2023/07/19/chatgpt-accuracy-stanford-study/ upvoted 1 times 店 Protract8593 2 months ago 铺 Selected Answer: A; 店 The correct answer学 is A. 习Train the team to identify the difference between events and incidents. 小 店 Explanation: 66 铺 ; 学 习 小 店 66 - A well-prepared incident response process involves properly identifying and handling security events and incidents. Training the team to distinguish between events (normal activities that do not pose a security threat) and incidents (actual security breaches or potential threats) is crucial. This helps ensure that the team can focus on the real security incidents and respond effectively. Why it's not B according to ChatGPT: - Option B, modifying access so the IT team has full access to the compromised assets, is not a recommended action as it may lead to a conflict of interest and hinder proper investigation and containment. It is important to maintain the principle of least privilege and involve specialized incident response personnel. upvoted 2 times Kraken84 1 month, 2 weeks ago https://fortune.com/2023/07/19/chatgpt-accuracy-stanford-study/ upvoted 1 times ApplebeesWaiter1122 2 months, 3 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: A Improving the incident response process involves various actions, but one recommended step is to train the team to differentiate between events and incidents. This training helps the team understand that not every event is necessarily an incident that requires immediate response and investigation. By being able to identify and classify events correctly, the team can focus their efforts on addressing actual incidents that pose a threat to the organization's security. upvoted 1 times DALLASCOWBOYS 7 months, 3 weeks ago A. Training team to differentiate between incidents and events, upvoted 1 times KingDrew 8 months, 2 weeks ago Selected Answer: A A is correct since it helps create more response efficiency. upvoted 1 times 店 铺 ; 店 铺 ; 学 学 okay123 10 months, 习 2 weeks ago 习 小 小 Selected Answer: A 店 店 66anything... Training the team makes sense, I 6 don't see how giving the whole IT team full access to zombie computers is going to do 6 upvoted 3 times Gravoc 1 year ago An event is defined as an attempt, successful or unsuccessful, to gain unauthorized access to, disrupt or misuse an Information System or information stored on such Information System. An incident is defined as a breach of a system's security policy in order to affect its integrity or availability and/or the unauthorised access or attempted access to a system or systems upvoted 2 times carpathia 1 year ago Selected Answer: A The Preparation (initial phase) involves correct data events are being logged, the reporting of potential incidents is happening and personnel training. Nothing in B, C and D is referring to that. upvoted 2 times j0n45 1 year ago Of course the answer is "A", logically speaking, if the "CSIRT" and not "IT" team is trained to differentiate between events and incidents, that would drastically improve their IR process. 🐱🚀🐱💻 upvoted 3 times j0n45 1 year ago Also to add: Security Incidents Are Events That Produce Consequences It’s when an event results in a data breach or privacy breach that the event is then deemed a security incident. For example, a delay in patching a security weakness in vital company software would be an event. It would only be deemed an incident after your security monitoring team confirmed a resulting data breach by hackers who capitalized on the weakness. upvoted 2 times MarceloFontes1979 1 year ago A - I believe is the best choice. upvoted 2 times Liftedkris 1 year ago 店 店 铺 Selected Answer: A ; I’m leaning towards training so A for me upvoted 4 times 学 习 小 店 66 铺 ; 学 习 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #65 A cybersecurity administrator needs to implement a Layer 7 security control on a network and block potential attacks. Which of the following can block an attack at Layer 7? (Choose two.) A. HIDS B. NIPS C. HSM D. WAF E. NAC 店 店 铺 铺 ; ; 学 学 习 F. NIDS 习 小 小 店 店 66 Correct Answer: BD 66 Community vote distribution BD (74%) varun0 Highly Voted DE (17%) 9% 1 year ago Selected Answer: BD B & D seems correct, it has to BLOCK the traffic remember. upvoted 15 times rodwave Highly Voted 10 months, 2 weeks ago Selected Answer: BD Answer: (B) NIPS and (D) WAF A WAF or web application firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model). A network intrusion protection system (NIPS) is an umbrella term for a combination of hardware and software systems that protect computer networks from unauthorized access and malicious activity. NIPS consists of NIDS and IPS. WAF is a firewall. NIPS can operate up to layer 7 by passing or allowing traffic upvoted 13 times sujon_london 1 month, 2 weeks ago Agreed with ur very well versed explanation. Thank you upvoted 1 times Protract8593 Most Recent 2 months ago Selected Answer: BD - B. NIPS (Network Intrusion Prevention System): A NIPS is an intrusion detection system that can actively block and prevent detected threats. It operates at Layer 7 of the OSI model, just like NIDS (Network Intrusion Detection System). However, NIPS goes beyond detection and takes proactive measures to block potential attacks at the network level. - D. WAF (Web Application Firewall): A WAF is a security control that operates at Layer 7 of the OSI model. It is specifically designed to monitor, filter, and block HTTP/HTTPS traffic to and from web applications. By doing so, it can prevent web-based attacks, such as SQL injection, cross-site scripting (XSS), and other OWASP Top 10 vulnerabilities. 店 铺 ; 店 铺 ; 学 学 Why A is wrong according 习 to ChatGPT: 习 小 小 店 店 on Layer 7 protection. It A. HIDS (Host Intrusion Detection6System): HIDS operates on individual hosts or endpoints and is not specifically focused 66 6 attacks. is not designed to block network-based upvoted 2 times Bro111 2 months, 2 weeks ago Selected Answer: AD HIDS is a Layer 7, not NIPS upvoted 1 times Abdul2107 2 months, 2 weeks ago True HIDS is Layer7, but it's Detection, it will not Prevent/Blcok. upvoted 3 times Bro111 2 months, 2 weeks ago Sorry HIDS is a Layer 7 but it doesn't block attacks. 淘宝店铺:https://shop63989109.taobao.com/ upvoted 1 times Yawannawanka 5 months ago The two security controls that can block an attack at Layer 7 are: D. WAF (Web Application Firewall): A WAF is a Layer 7 security control that sits between a web application and the internet, inspecting all incoming and outgoing traffic. It can block attacks targeting web applications, such as SQL injection, cross-site scripting (XSS), and remote file inclusion (RFI), by examining the content of HTTP requests and responses and blocking any that match predefined rules. B. NIPS (Network Intrusion Prevention System): A NIPS is a Layer 7 security control that can inspect and block attacks targeting specific network protocols and applications. It can identify and block attacks at the network layer, transport layer, and application layer, including Layer 7. NIPS uses signature-based detection and behavioral analysis to detect and block known and unknown attacks. Therefore, options B (NIPS) and D (WAF) are the correct answers. The other options, including HIDS, HSM, NAC, and NIDS, do not specifically target Layer 7 and may not be effective at blocking attacks targeting specific applications or protocols. upvoted 2 times 店 店 铺 铺 cutemantoes 6 months ago ; ; 学 学 习 习 on layer 3 i believe. So that I initally was going to say 小 NIPS as well. Yes a NIPS blocks traffic but it says at Layer 7. Im pretty sure NIPS operates 小 店 would mean im guessing the 店 answer is D and E. 6 66 6 upvoted 2 times Selected Answer: DE RevolutionaryAct 1 month, 2 weeks ago Not NAC as that's layers 2 and 3 https://www.varonis.com/blog/network-access-control-nac upvoted 1 times z3phyr 5 months, 3 weeks ago NAC is network access control. It control access to a network, which has nothing to do with preventing attacks. upvoted 3 times z3phyr 5 months, 3 weeks ago NAC also operates at level 3, not level 7. upvoted 3 times GS1011 6 months, 2 weeks ago B & D. * Network access control (NAC) is typically implemented at either the data link (layer two) or network layer (layer three) of the open standards interconnection model. Enforcement mechanisms vary between different products, and some have multiple options. upvoted 2 times scott2969 6 months, 3 weeks ago Why not NIDS Network Intrusion Detection System? upvoted 1 times CTE_Instructor 6 months, 3 weeks ago IDS are designed to detect/alert to events, but not to block or take action. Because the scenario asked for a security control that will block traffic, any IDS option (HIDS or NIDS) should not be selected. IPS options will be prioritized, or firewalls (WAF) upvoted 2 times DALLASCOWBOYS 7 months, 3 weeks ago B&D. Web Apllication Firewall is at the Application Layer, and NIPS, is a prevention system. upvoted 2 times 店 Sandon 8 months, 1 week ago 铺DE Selected Answer: ; 学 ChatGPT says it's WAF and NAC. upvoted 5 times 习 小 店 datsrobin 6 months, 3 weeks 6 ago 6 店 铺 ; 学 习 小 店 66 How come it's saying WAF and NIDS on mine Lol upvoted 2 times princajen 6 months, 2 weeks ago Mine said WAF and NIPS lol upvoted 1 times asum 8 months, 1 week ago Selected Answer: BD The IPS sensor analyzes at Layer 2 to Layer 7 the payload of the packets for more sophisticated embedded attacks that might include malicious data. upvoted 2 times P0wned 8 months, 3 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: DE D. WAF (Web Application Firewall) and E. NAC (Network Access Control) can block attacks at Layer 7. A HIDS (Host-based Intrusion Detection System) is a security system that monitors and analyzes the logs and events on a single host for signs of potential attacks or malicious activity. It operates at the host level, rather than at the network level, and therefore cannot block attacks at Layer 7. A NIPS (Network Intrusion Prevention System) is a security system that analyzes network traffic in real-time to identify and prevent potential attacks or malicious activity. It operates at the network level, rather than at the host level, and therefore cannot block attacks at Layer 7. upvoted 1 times RevolutionaryAct 1 month, 2 weeks ago Not NAC as that's layers 2 and 3 https://www.varonis.com/blog/network-access-control-nac upvoted 1 times Jossie_C 10 months, 3 weeks ago 店 铺 NIPS consists of NIDS and IPS. WAF is a firewall. upvoted 2 times ; 店 铺 ; 学 学 习 习 小 jgp 1 year ago 小 店 店 66 Selected Answer: BD 66 B & D. > An inline NIPS is “in line” with traffic, acting as a Layer 3–7 firewall by passing or allowing traffic upvoted 2 times Wiggie 1 year ago Selected Answer: AD A&D Layer 7 = Host Intrusion Detection System and Web Application Firewall upvoted 3 times CapJackSparrow 11 months, 1 week ago I generally look for what you would go for and pick the opposite... upvoted 15 times gladtam 6 months ago You guys are funny lol upvoted 2 times Gino_Slim 11 months ago That is actually hilarious upvoted 2 times ramesh2022 1 year ago HIDS only detects and alerts you, can't block or program to block. HIPS or NISP can do. upvoted 3 times redsidemanc2 1 year ago BLOCK.IDS only detects. its b and D upvoted 1 times zzzfox 1 year ago The question asking block potential attacks. IDS doesnt block the traffic upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #66 A business operations manager is concerned that a PC that is critical to business operations will have a costly hardware failure soon. The manager is looking for options to continue business operations without incurring large costs. Which of the following would mitigate the manager's concerns? A. Implement a full system upgrade. B. Perform a physical-to-virtual migration. C. Install uninterruptible power supplies. D. Purchase cybersecurity insurance. 店 铺 店 铺 ; ; 学 Correct Answer: B 学 习 小 店 B (100%) 66 Community vote distribution xxxdolorxxx 习 小 Highly Voted 店 66 8 months ago Selected Answer: B I got for B. A. Implement a full system upgrade. (Not cost effective) B. Perform a physical-to-virtual migration. (Cloud would be much more redundant against physical hardware breaking) C. Install uninterruptible power supplies. (Would only help really if an external power failure, would do nothing if say a hard drive fails) D. Purchase cybersecurity insurance. (Hardware will still fail) upvoted 5 times Protract8593 2 months ago Most Recent Selected Answer: B Performing a physical-to-virtual (P2V) migration involves converting the existing physical system (the critical PC) into a virtual machine (VM) running on a virtualization platform. By doing so, the PC's operating system and applications are encapsulated in a virtual environment, allowing it to run on different hardware or even multiple servers simultaneously. By using a virtual machine, the critical PC can benefit from the following advantages: 1. Hardware Independence: The VM is decoupled from the physical hardware, so it can be migrated easily to different host servers without being affected by the underlying hardware. 2. Snapshot and Backup Capabilities: VMs can be snapshot for backup purposes, allowing easy restoration in case of hardware failures. 3. Cost Savings: Virtualization can lead to cost savings in terms of hardware maintenance, power consumption, and space requirements. While option C (Install uninterruptible power supplies) can provide short-term power backup during outages, it does not directly address the concern of a potential hardware failure in the PC. upvoted 2 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: B Option B, performing a physical-to-virtual migration, is a viable option to mitigate the business operations manager's concerns about potential hardware failure. By migrating the critical PC to a virtual machine, the organization can leverage virtualization technology to ensure business continuity even if the physical hardware fails. 店 店 A physical-to-virtual migration involves converting the existing physical system into a virtual machine (VM) that runs on a virtualization platform. This migration allows the VM to be hosted on different hardware resources, providing increased flexibility, scalability, and resilience. upvoted 2 times 铺 铺 ; ; 学 学 习 小 KingDrew 8 months, 2 weeks ago Selected Answer: B 店 66 习 小 店 66 Answer is B Cloud is far more secure and reliable than a stand-alone computer, and there are many applications out right now for little to no cost that can store data and software. upvoted 1 times rodwave 10 months, 2 weeks ago Selected Answer: B Answer: Perform a physical-to-virtual migration. A Physical to virtual migration (P2V), is the migration of physical machines to virtual machines. Converting the PC to a VM temporarily will allow the PC to continue to its operations on a different host. The other options would require that PC be turned off so the organization would not have access to its function. upvoted 4 times carpathia 10 months, 2 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: B It must be B. Purchasing insurance is Transference, not Mitigation. upvoted 1 times zzzfox 1 year ago Selected Answer: B B - Migrate Physical Server to Cloud(Virtual) upvoted 2 times comeragh 1 year ago Read my full comment Ribeiro I didnt say it was D I was referring to the point you might be in an exam and trying to narrow it down... upvoted 4 times comeragh 1 year ago 店 店 Selected Answer: B 铺 铺 To narrow it down for me it would be either B or D. Going with B as the question mentions "without incurring large costs" upvoted 4 times ; ; 学 学 习 Ribeiro19 1 year ago 小 习 小 店 店 66 66 Man wake up, D is for cybersecurity, not for hardware failure. the option B is the only answer. upvoted 6 times varun0 1 year ago Selected Answer: B B seems right, without incurring large costs which means full system upgrade is out of question upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #67 An organization has activated an incident response plan due to a malware outbreak on its network. The organization has brought in a forensics team that has identi ed an internet-facing Windows server as the likely point of initial compromise. The malware family that was detected is known to be distributed by manually logging on to servers and running the malicious code. Which of the following actions would be BEST to prevent reinfection from the infection vector? A. Prevent connections over TFTP from the internal network. B. Create a rewall rule that blocks a 22 from the internet to the server. C. Disable le sharing over port 445 to the server. 店 店 铺 铺 D. Block port 3389 inbound from untrusted networks. ; ; 学 学 习 习 小 Correct Answer: C 店 66 Community vote distribution D (91%) stoneface 小 店 Highly Voted 66 7% 1 year ago Selected Answer: D The SMB Protocol (in all its version) doesn't provide functionality to execute files at the remote systems. Its main objective is to support the sharing of file and print resource between machines. The only feasible option left is loggin through RDP and manually executing the file. Correct me if I am wrong upvoted 50 times hfzazm6 5 months, 3 weeks ago you are never wrong stoneface upvoted 3 times J_Ark1 10 months, 3 weeks ago yeahh :) upvoted 1 times darkgypsy 10 months, 4 weeks ago You rock ! upvoted 1 times banditring 1 year ago you the best stoneface :) upvoted 7 times rodwave 10 months, 2 weeks ago Highly Voted Selected Answer: D Answer: Block port 3389 inbound from untrusted networks. 店 店 3389 is the default port for RDP connections. RDP is the protocol used to connect to windows desktops/servers remotely. In the scenario, the malware family is known to be distributed through manually logging on to servers and RDP would require a manual login to access the machine and be able to easily run scripts on the server especially through a GUI. upvoted 21 times 铺 铺 ; ; 学 学 习 小 店 ago section8santa 7 months, 2 weeks 66 love you rodwave! upvoted 2 times gladtam 6 months ago You are my hero! upvoted 1 times LePecador 2 months, 1 week ago OUR hero upvoted 1 times sujon_london Selected Answer: C Most Recent 1 month, 2 weeks ago 习 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Followed by given question clue; The malware family that was detected is known to be distributed by manually logging on to servers and running the malicious code and suspecting reification from initial vector. In this case first step should be focus on port 445; reson behind is Port 445 is used for the Microsoft-DS (Directory Services) protocol, also known as Microsoft-DS SMB (Server Message Block). It facilitates file and printer sharing, as well as communication between Windows computers on a network. Here many of u chosen RDP based 3389. That's not primary action. We should consider printer and other computer on same network connected with infected server/computer. That's why I will go for C. Correct me if I'm wrong. upvoted 1 times Protract8593 2 months ago Selected Answer: D Blocking port 3389 inbound from untrusted networks is a security measure commonly recommended to protect against potential RDP-based attacks. Here's more information on why option D is the correct choice: 1. Malware Distribution: The question mentions that the malware is distributed by manually logging on to servers and running the malicious code. This indicates that the attackers are gaining access to the server through a legitimate remote access method like RDP. 2. Port 3389: RDP uses port 3389 by default to establish remote connections to Windows servers. By blocking inbound traffic on port 3389 from untrusted networks, you effectively limit the exposure of the server to potential attackers trying to use RDP as a means to gain unauthorized access. 3. Mitigating Unauthorized Access: By blocking inbound RDP traffic from untrusted networks, you are preventing potential attackers from attempting to brute-force or exploit RDP vulnerabilities to gain unauthorized access to the server. upvoted 3 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 66 Protract8593 2 months ago 4. Defense-in-Depth Strategy: Implementing network-level controls like blocking port 3389 is part of a defense-in-depth strategy, which involves using multiple layers of security measures to protect systems and data. In this case, it complements other security controls and helps mitigate risks associated with unauthorized remote access. 5. Least Privilege: Limiting access to RDP only from trusted networks or specific IP ranges aligns with the principle of least privilege, which reduces the attack surface and potential impact of security incidents. In conclusion, blocking inbound traffic on port 3389 from untrusted networks is a recommended security practice to prevent unauthorized access to RDP services and help protect against potential malware infections that rely on manual logins to servers. upvoted 2 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: C Disabling file sharing over port 445 helps to prevent the malware from being manually copied and executed on the server. By closing this filesharing port, the organization can effectively block the specific method through which the malware was distributed. upvoted 1 times CyberMrT 5 months ago Selected Answer: A I have seen this question in other places and the answer is listed as A. If you think about the question..."prevent reinfection from the initial infection vector"; I am interpreting this to mean the spread AFTER the windows-facing server is compromised. If you look at it that way, they want to know how you would protect the internal network from further infection. Thoughts? upvoted 2 times Yawannawanka 5 months ago Based on the information provided, the malware was likely manually installed on the internet-facing Windows server by logging in to the server and running the malicious code. Therefore, the best action to prevent reinfection from this infection vector is to prevent unauthorized access to the server. Option D, "Block port 3389 inbound from untrusted networks," is the best choice to prevent unauthorized access to the server. Port 3389 is used by the Remote Desktop Protocol (RDP), which allows users to log in to the server remotely. By blocking inbound traffic on this port from untrusted networks, the organization can prevent attackers from logging in to the server and manually installing the malware. This control is especially important for internet-facing servers, which are more likely to be targeted by attackers. The other options may be valid controls for other types of attacks or malware, but they do not directly address the infection vector described in this scenario. Therefore, option D is the BEST choice in this scenario. upvoted 1 times 店 店 铺 铺 ; ; 学 ago T_dawg 6 months, 2 weeks 习 小 Selected Answer: D 店 3389 - RDP port 22 - SSH if it was a Linux upvoted 1 times 学 习 66 小 店 66 ronniehaang 7 months, 3 weeks ago Selected Answer: D D. Block port 3389 inbound from untrusted networks. Blocking port 3389, which is used for Remote Desktop Protocol (RDP), would prevent remote access to the server from untrusted networks, making it less likely for attackers to manually log on to the server and run the malicious code. This would be the best action to prevent reinfection from the initial infection vector. upvoted 2 times Jimbobilly 9 months, 1 week ago Selected Answer: C 淘宝店铺:https://shop63989109.taobao.com/ Curveball, the person was physically in front of the server and logged in. upvoted 3 times GMuney 10 months, 1 week ago Selected Answer: C Can't it be C? If we're looking to prevent reinfection then wouldn't we want to block file sharing so that the malicious code wouldn't end up on the server in the first place? upvoted 1 times babyzilla 10 months, 3 weeks ago Selected Answer: D D makes the most sense as the best solution to prevent manually logging into a system would be to block RDP. SSH is for Linux. RDP is for Windows. C would probably be the next step. upvoted 2 times 店 yasuke 11 months ago 铺 it had to be a windows ; server :D 学 block rdp 习 upvoted 3 times 小 店 店 铺 ; 学 习 小 店 66 rindrasakti 11 months, 2 weeks ago 66 Selected Answer: D Read carefully on "to be distributed by manually logging on to servers and running the malicious code" it's mean using RDP. simple way to prevent is by blocked the RDP port upvoted 1 times Jakalan7 1 year ago Selected Answer: D The answer is clearly D, the question states "The malware family that was detected is known to be distributed by manually logging on to servers and running the malicious code." By blocking inbound conncetions on port 3389 (RDP), they would be preventing reinfection. upvoted 1 times Michelle2022 1 year ago I think answer c is correct. "Do I need port 445 open? We also recommend blocking port 445 on internal firewalls to segment your network – this will prevent internal spreading of the ransomware. Note that blocking TCP 445 will prevent file and printer sharing – if this is required for business, you may need to leave the port open on some internal firewalls. " upvoted 4 times sujon_london 1 month, 2 weeks ago Agreed make sense c is the right answer upvoted 1 times yorkwu 1 year ago Selected Answer: D Agree with D upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #68 Which of the following uses SAML for authentication? A. TOTP B. Federation C. Kerberos D. HOTP Correct Answer: B 店 店 铺 Community vote distribution ; 学 习 铺 ; 学 习 B (100%) 小 小 店 店 KetReeb 66 66 1 year ago Highly Voted Answer: B: Federation, or identity federation, defines policies, protocols, and practices to manage identities across systems and organizations. Federation’s ultimate goal is to allow users to seamlessly access data or systems across domains. Federation is enabled through the use of industry standards such as Security Assertion Markup Language (SAML) upvoted 26 times varun0 1 year ago I agree upvoted 1 times Protract8593 2 months ago Most Recent Selected Answer: B Federation uses SAML (Security Assertion Markup Language) for authentication and single sign-on (SSO) between multiple systems or organizations. SAML is an XML-based open standard used to exchange authentication and authorization data between identity providers (IdP) and service providers (SP) to facilitate secure SSO. It enables users to access multiple applications or services with a single set of credentials, making it a key technology for enabling seamless authentication across federated systems. upvoted 2 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: B Federation is the option that uses Security Assertion Markup Language (SAML) for authentication. SAML is an XML-based open standard for exchanging authentication and authorization data between parties, typically in the context of web-based single sign-on (SSO) systems. Federation allows for the sharing of authentication and authorization information across different organizations or domains, enabling users to access multiple systems using a single set of credentials. SAML is commonly used in federation scenarios to facilitate secure authentication and authorization across various applications and systems. upvoted 2 times RvR109 7 months ago Selected Answer: B SAML (Security Assertion Markup Language) is a protocol that you can use to perform federated single sign-on from identity providers to service providers. In federated single sign-on, users authenticate at identity provider. upvoted 2 times KingDrew 8 months, 2 weeks ago 店 铺 ; Federation is correct upvoted 1 times ; 学 学 习 习 小 店 Knowledge33 11 months ago Selected Answer: B 店 铺 Selected Answer: B 66 小 店 66 Federation, or identity federation, defines policies, protocols, and practices to manage identities across systems and organizations. Federation’s ultimate goal is to allow users to seamlessly access data or systems across domains. Federation is enabled through the use of industry standards such as Security Assertion Markup Language (SAML). upvoted 3 times db97 1 year ago B - Federation upvoted 1 times 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #69 The SOC for a large MSSP is meeting to discuss the lessons learned from a recent incident that took much too long to resolve. This type of incident has become more common in recent weeks and is consuming large amounts of the analysts' time due to manual tasks being performed. Which of the following solutions should the SOC consider to BEST improve its response time? A. Con gure a NIDS appliance using a Switched Port Analyzer. B. Collect OSINT and catalog the artifacts in a central repository. C. Implement a SOAR with customizable playbooks. D. Install a SIEM with community-driven threat intelligence. 店 铺 店 铺 ; ; 学 Correct Answer: C 学 习 习 小 小 店 Community vote distribution 店 66 66 C (100%) varun0 Highly Voted 1 year ago Selected Answer: C SOAR allows for automation of IR upvoted 11 times Tjank 12 months ago Highly Voted Selected Answer: C SOAR (Security Orchestration, Automation, and Response) Can use either playbook or runbook. It assists in collecting threat related data from a range of sources and automate responses to low level threats. (frees up some of the CSIRT time) upvoted 7 times bolajiambex 2 weeks, 2 days ago Most Recent SOAR is correct upvoted 1 times Kraken84 1 month, 2 weeks ago .."large amounts of the analysts' time due to manual tasks being performed" In need of Automation? upvoted 2 times Protract8593 2 months ago Selected Answer: C SOC (Security Operations Center) can improve its incident response time and efficiency by implementing a SOAR (Security Orchestration, Automation, and Response) platform with customizable playbooks. SOAR platforms help automate and streamline various security tasks and processes, allowing analysts to respond to incidents more quickly and effectively. By using customizable playbooks, the SOC can define automated workflows tailored to their specific incident response needs, reducing manual efforts and improving overall response time to security incidents. upvoted 2 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: C 店 店 铺 铺 Implementing a SOAR with customizable playbooks would be the best solution to improve the SOC's response time in this scenario. SOAR platforms are designed to streamline and automate incident response processes, allowing security analysts to respond more efficiently to security incidents. ; ; 学 学 习 习 小 店 小 店 By creating customizable playbooks, the SOC can define predefined response actions and automate the execution of common and repetitive tasks. This reduces the reliance on manual processes and enables faster response times. The playbooks can include automated investigation, enrichment of data with OSINT (Open Source Intelligence), and execution of response actions based on predefined rules and logic. upvoted 1 times 66 66 KingDrew 8 months, 2 weeks ago Selected Answer: C SOAR is automated, and includes security orchestration and response to help resolve security issues more efficiently and timely. upvoted 1 times Jossie_C 10 months, 3 weeks ago Selected Answer: C Sounds like football but ok upvoted 3 times 淘宝店铺:https://shop63989109.taobao.com/ 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #70 Business partners are working on a security mechanism to validate transactions securely. The requirement is for one company to be responsible for deploying a trusted solution that will register and issue artifacts used to sign, encrypt, and decrypt transaction les. Which of the following is the BEST solution to adopt? A. PKI B. Blockchain C. SAML D. OAuth 店 店 铺 Correct Answer: A 铺 ; ; 学 学 习 Community vote distribution Highly Voted 小 店 66 A (87%) BigV 习 小 店 13% 66 11 months, 2 weeks ago The question mentions one trusted company, "centralized", it can not be Blockchain which is a "de-centralized" technology. upvoted 16 times ronniehaang Highly Voted 7 months, 3 weeks ago Selected Answer: A A. PKI (Public Key Infrastructure) is the best solution to adopt as it provides the means to securely issue, manage, and revoke digital certificates used to verify the identity of users and systems. PKI is commonly used to secure transactions and provide secure communication between entities, making it a suitable solution for the described scenario. upvoted 8 times Protract8593 Most Recent 2 months ago Selected Answer: A PKI (Public Key Infrastructure) is the best solution for deploying a trusted mechanism that can register and issue artifacts used for signing, encrypting, and decrypting transaction files securely. PKI is a set of policies, procedures, hardware, software, and encryption technologies that enable secure communications and authentication over a network. It relies on public and private key pairs to provide authentication, data integrity, and non-repudiation, making it suitable for securely validating transactions and ensuring the authenticity and confidentiality of data exchanged between business partners. upvoted 3 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: A PKI (Public Key Infrastructure) is the best solution to adopt in this scenario. PKI is a security mechanism that uses asymmetric encryption and digital certificates to establish the authenticity, integrity, and confidentiality of electronic transactions. It provides a framework for generating, managing, and distributing digital certificates, which are used to verify the identity of users and entities involved in transactions. upvoted 1 times Dan_26 4 months ago Blockchain sucks at everything except sucking, and the concept needs to be kicked out of CompTIA as it's a terrible technology. upvoted 1 times 店 店 铺 Based on the requirements described in the scenario, the BEST solution to adopt would be PKI, or铺 Public Key Infrastructure. ; ; 学 习a combination of public and private keys to provide secure communication over学 PKI is a system that uses an 习 insecure network. It uses digital 小 小 certificates, which are issued by a trusted third party, to authenticate the identities of users and devices. These certificates 店 店 can be used to sign, encrypt, and decrypt transactions,6ensuring their confidentiality and integrity. 66 6 Yawannawanka 5 months ago In the scenario, one company is responsible for deploying a trusted solution that will register and issue artifacts used to sign, encrypt, and decrypt transaction files. PKI is a well-established and widely used technology for this purpose, and it meets the requirements described in the scenario. Blockchain, SAML, and OAuth are all useful technologies in their own right, but they may not be the best fit for the scenario described. Blockchain, for example, is more commonly used for secure distributed ledgers rather than transaction signing and encryption. SAML and OAuth are used more for authentication and authorization rather than encryption and decryption. Therefore, PKI is the BEST solution to adopt in this scenario upvoted 3 times Confuzed 5 months, 2 weeks ago The main reason this is not blockchain is that blockchain is all about transparency. The transaction record is visible to all, and can be verified by the hash. Blockchain is not used to encrypt or decrypt anything. upvoted 1 times monzie 5 months, 4 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: A A. PKI (Public Key Infrastructure) is the best solution to adopt in this case. PKI is a system that uses digital certificates and public key cryptography to secure communications and transactions. With PKI, one company can act as a Certificate Authority (CA), issuing digital certificates that can be used to sign, encrypt, and decrypt transaction files. This provides a trusted mechanism for validating transactions securely between business partners. Blockchain, SAML, and OAuth are all useful technologies for certain security scenarios, but they may not be the best fit for this particular use case. upvoted 3 times Blake89 10 months, 2 weeks ago PKI (Public Key Infrastructure) • Combining asymmetric cryptography with symmetric cryptography along with the hashing and digital certificates, giving us hybrid cryptography. Straight from the CompTIA study guide upvoted 3 times elkol 12 months ago 店 铺 店 铺 ; Answer is PKI. PKI involves a decentralized or distributed system. I think 学 one trusted third-party or middleman which is the company. Blockchain is ; 学 习 Blockchian as the answer due to "valid transaction" being mentioned which I understand 习 some people lean towards but I will go with "A - PKI" 小 小 upvoted 5 times 店 店 66 66 Selected Answer: A hazeleyes 1 year ago Selected Answer: A PKI. "register and issue artifacts used to sign, encrypt, and decrypt transaction files" - for PKI this artifact is a digital certificate. what artifact does the blockchain "register" and "issue" that does this? upvoted 4 times KetReeb 1 year ago Selected Answer: A I have to go with A: PKI. Ref the following: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn786417(v=ws.11) upvoted 4 times varun0 1 year ago Selected Answer: A PKI seems like it upvoted 5 times Wiggie 1 year ago Selected Answer: B Blockchain upvoted 3 times CapJackSparrow 11 months, 1 week ago I was going to go with blockchain, then I seen YOU went with blockchain.. so now I'm pretty sure it's not blockchain. upvoted 17 times gladtam 6 months ago I don’t even want to pass this exam. I’m just here for your comments. upvoted 1 times Jossie_C 10 months, 3 weeks ago Block chain is decentralized. Incorrect upvoted 1 times 店 铺 varun0 1 year ago ; Selected Answer: B 学 习transactions Blockchain is the best for 小 店 upvoted 2 times 66 varun0 1 year ago Disregard this, I'm going with PKI after much consideration upvoted 7 times 店 铺 ; 学 习 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #71 A security analyst has been asked by the Chief Information Security O cer to: ✑ develop a secure method of providing centralized management of infrastructure ✑ reduce the need to constantly replace aging end user machines ✑ provide a consistent user desktop experience Which of the following BEST meets these requirements? A. BYOD B. Mobile device management C. VDI 店 店 铺 ; D. Containerization 铺 ; 学 学 习 习 小 小 店 店 66 Correct Answer: C 66 Community vote distribution C (100%) varun0 Highly Voted 1 year ago Selected Answer: C VDI seems to be it upvoted 7 times nickolas789 Most Recent 4 weeks, 1 day ago is this an accurate site? upvoted 1 times Protract8593 2 months ago Selected Answer: C VDI is a technology that allows users to access a virtualized desktop environment hosted on a centralized server. It provides a secure method of centrally managing infrastructure because all virtual desktops are hosted and managed from a centralized location, making it easier to apply security policies and updates uniformly. VDI also reduces the need to constantly replace aging end-user machines since the virtual desktops can be accessed from various devices, including older machines with less processing power and resources. Users can access their virtual desktops from different devices without the need for extensive hardware upgrades. Additionally, VDI provides a consistent user desktop experience since users are interacting with a standardized virtual desktop environment that remains consistent across different devices. This allows for a seamless user experience regardless of the device they use to access their virtual desktop. In summary, VDI is the best option that meets the requirements of providing centralized management of infrastructure, reducing the need to replace aging end-user machines, and providing a consistent user desktop experience. upvoted 2 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: C 店 店 VDI is the best option that meets the provided requirements. VDI allows for centralized management of infrastructure, as it provides a virtualized desktop environment hosted on servers in the data center. This allows for centralized control and management of the desktop images, applications, and user configurations. 铺 铺 ; 学 习 ; 学 习 小 小 and computing are handled With VDI, aging end-user machines can be replaced with thin clients or repurposed devices, as the actual processing 店 店 by the servers in the data center. 6 This reduces the need for frequent hardware replacements and extends the lifespan of6end-user devices. 6 6 VDI also provides a consistent user desktop experience since users access their virtual desktops, which are based on standardized images, applications, and configurations. Any changes or updates can be applied centrally, ensuring a consistent experience across all devices. upvoted 1 times mtw5 6 months, 3 weeks ago why not containerization? doesn't this centralize applications and make management easier? upvoted 1 times Dan_26 4 months ago Not for endpoints. Servers sure, but not user machines like a laptop. upvoted 1 times applepieboy 8 months ago Selected Answer: C 淘宝店铺:https://shop63989109.taobao.com/ Pretty clearly VDI. 2 big giveaways 1. VDI makes centralized management easier 2. Since you push the same desktop it is the only thing that provides a consistent desktop experience. upvoted 2 times rodwave 10 months, 2 weeks ago Selected Answer: C Answer: VDI Virtual Desktop Infrastructure (VDI) is a technology that refers to the use of virtual machines to provide and manage virtual desktops. VDI hosts desktop environments on a centralized server and deploys them to end-users on request. upvoted 4 times Jossie_C 10 months, 3 weeks ago Virtual desktops so that it can be combined with BYOD to save money. upvoted 2 times 店 铺 ; 店 铺 ; Katyaz 11 months, 2 weeks ago 学 VDI appears to be correct 习 小 upvoted 1 times 学 习 小 店 店 comeragh 1 year ago 66 66 Selected Answer: C Agree with C VDI - "consistent user desktop experience" upvoted 3 times stoneface 1 year ago plus, no need to replace aging end user machines upvoted 5 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #72 Which of the following terms describes a broad range of information that is sensitive to a speci c organization? A. Public B. Top secret C. Proprietary D. Open-source Correct Answer: C 店 店 铺 Community vote distribution ; 学 习 铺 ; 学 习 C (100%) 小 小 店 IQ30 Highly Voted 1 year ago 店 66 66 Professor Messer notes: • Proprietary – Data that is the property of an organization – May also include trade secrets – Often data unique to an organization upvoted 11 times Protract8593 Most Recent 2 months ago Selected Answer: C The term "proprietary" describes a broad range of information that is sensitive and owned by a specific organization. Proprietary information is considered confidential and is not intended for public disclosure. It may include trade secrets, intellectual property, customer data, financial information, and other sensitive data unique to the organization. upvoted 1 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: C Proprietary information refers to a broad range of sensitive information that is specific to a particular organization. It includes trade secrets, confidential business strategies, customer data, financial information, intellectual property, and any other information that is considered valuable and exclusive to the organization. Proprietary information is typically protected from unauthorized access, use, or disclosure to maintain the competitive advantage and confidentiality of the organization. upvoted 1 times DALLASCOWBOYS 7 months, 3 weeks ago C. Proprietary is specific to 1 organization upvoted 2 times applepieboy 8 months ago Selected Answer: C Proprietary would definitely be the answer on an exam, but top secret is still accurate. upvoted 2 times Nirmalabhi 9 months, 3 weeks ago Selected Answer: C 店 铺 no brainer. Proprietary should be the answer upvoted 2 times ; 学 店 铺 ; 学 习 习 [Removed] 10 months, 2 小 weeks ago 小 店 店 guaranteed in just a single hello everyone, are you interested 66in taking any exam certification exam? Contact me now for remote support. Success 66 attempt. wa.me/12694315721 upvoted 2 times viksap 10 months, 1 week ago what's the proposal? upvoted 1 times eli_2000 10 months, 2 weeks ago i need that upvoted 2 times rodwave 10 months, 2 weeks ago Selected Answer: C Answer: Proprietary 淘宝店铺:https://shop63989109.taobao.com/ Proprietary information, also known as a trade secret, is information a company wishes to keep confidential upvoted 3 times RonWonkers 12 months ago Selected Answer: C I agree with C upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #73 A Chief Security O cer (CSO) is concerned that cloud-based services are not adequately protected from advanced threats and malware. The CSO believes there is a high risk that a data breach could occur in the near future due to the lack of detective and preventive controls. Which of the following should be implemented to BEST address the CSO's concerns? (Choose two.) A. A WAF B. A CASB C. An NG-SWG D. Segmentation 店 店 铺 E. Encryption 铺 ; 学 F. Containerization ; 学 习 习 小 小 店 店 66 Correct Answer: CD 66 Community vote distribution BC (94%) stoneface Highly Voted 4% 1 year ago Selected Answer: BC NG-SWG -> NG SWG) is designed to address the key cloud and web security use cases encompassing granular policy controls, web filtering, threat protection, and data protection spanning managed and unmanaged apps, cloud services, and web traffic. CASB The CASB serves as a policy enforcement center, consolidating multiple types of security policy enforcement and applying them to everything your business utilizes in the cloud—regardless of what sort of device is attempting to access it, including unmanaged smartphones, IoT devices, or personal laptops. upvoted 40 times carpathia Highly Voted 10 months, 1 week ago Selected Answer: BC CASB and NGSWG (pg 164 in D Gibson's book on SY0-601). upvoted 8 times Protract8593 Most Recent 2 months ago Selected Answer: BC The correct answers are: B. A CASB (Cloud Access Security Broker) A CASB is a security solution that helps organizations extend their security policies and controls to the cloud environment. It provides visibility into cloud-based services, detects and prevents cloud-specific threats, and enforces security policies. C. An NG-SWG (Next-Generation Secure Web Gateway) An NG-SWG is a security solution that combines traditional web filtering with advanced security features, such as application control, URL filtering, anti-malware, and data loss prevention. It can help protect against advanced threats and malware in cloud-based services accessed through web browsers. 店 店 铺 铺 and malware by providing additional Both B and C address ; the CSO's concerns about protecting cloud-based services from advanced threats ; 学visibility into cloud activities. 学 security controls and 习 习 upvoted 5 times 小 小 店 店 6 66 ApplebeesWaiter1122 2 months, 6 3 weeks ago Selected Answer: BC An NG-SWG combines traditional secure web gateway capabilities with advanced security features such as advanced threat detection, sandboxing, data loss prevention, and SSL/TLS inspection. By deploying an NG-SWG, organizations can apply granular security policies to monitor and control web traffic to and from cloud-based services, ensuring that malicious activity is detected and blocked. The NG-SWG can provide advanced threat intelligence, content filtering, and behavioral analysis to protect against known and unknown threats. It also offers visibility into user activities, allowing organizations to detect anomalies and potential security breaches. A Cloud Access Security Broker (CASB) can also help address the concerns by providing additional security controls and visibility into cloud-based services. A CASB acts as an intermediary between users and cloud service providers, allowing organizations to enforce security policies, monitor user activity, and detect and prevent unauthorized access to cloud resources. upvoted 3 times Yawannawanka 5 months ago 淘宝店铺:https://shop63989109.taobao.com/ Based on the requirements described in the scenario, the BEST solution to adopt would be PKI, or Public Key Infrastructure. PKI is a system that uses a combination of public and private keys to provide secure communication over an insecure network. It uses digital certificates, which are issued by a trusted third party, to authenticate the identities of users and devices. These certificates can be used to sign, encrypt, and decrypt transactions, ensuring their confidentiality and integrity. In the scenario, one company is responsible for deploying a trusted solution that will register and issue artifacts used to sign, encrypt, and decrypt transaction files. PKI is a well-established and widely used technology for this purpose, and it meets the requirements described in the scenario. Blockchain, SAML, and OAuth are all useful technologies in their own right, but they may not be the best fit for the scenario described. Blockchain, for example, is more commonly used for secure distributed ledgers rather than transaction signing and encryption. SAML and OAuth are used more for authentication and authorization rather than encryption and decryption. Therefore, PKI is the BEST solution to adopt in this scenario. upvoted 2 times Abdul2107 5 months ago Your answer does not apply here, it’s for 3 questions back (question 70) upvoted 5 times 店 铺 ; 店 铺 ; 学 学 Yawannawanka 5 months ago 习 习 A Chief Security Officer (CSO) is concerned that cloud-based services are not adequately protected from advanced threats and malware. The CSO believes there is a high risk that a data breach could occur in the near future due to the lack of detective and preventive controls. Which of the following should be implemented to BEST address the CSO's concerns? (Choose two.) 小 小 店 店 66 66 A. A WAF B. A CASB Most Voted C. An NG-SWG Most Voted D. Segmentation E. Encryption F. Containerization upvoted 1 times Kraken84 1 month, 2 weeks ago B. A CASB C. An NG-SWG upvoted 1 times darklion 5 months, 2 weeks ago Selected Answer: BC A CASB (Cloud Access Security Broker) provides visibility into cloud application usage and provides security policies that can be used to prevent risky activities. This helps detect and prevent advanced threats and malware in cloud-based services. An NG-SWG (Next-Generation Secure Web Gateway) provides advanced security features, such as web filtering, SSL inspection, and cloud application control, which can help detect and prevent advanced threats and malware in cloud-based services. Therefore, options B and C should be implemented to best address the CSO's concerns. upvoted 2 times cmyjw 5 months, 3 weeks ago Can anyone tell me why WAF is not a right answer? upvoted 1 times leobro 4 months, 1 week ago i think because it is a cloud based service the answer is NG-SWG & CASB upvoted 1 times monzie 5 months, 4 weeks ago Selected Answer: AB 店 A. A WAF B. A CASB 店 铺 铺 ; ; 学 学 习 习 Explanation: A WAF (Web Application Firewall) can provide security controls to protect against advanced threats, including malware. It can detect and block malicious requests and payloads, and it can also help prevent data leakage from web applications. A WAF can also provide real-time monitoring and threat intelligence. 小 店 66 小 店 66 A CASB (Cloud Access Security Broker) can provide visibility and control over cloud services to prevent data breaches. It can detect and prevent unauthorized access to cloud services, enforce policies for data protection, and provide real-time monitoring and threat intelligence. upvoted 1 times skeletor23 6 months ago C and D, NG SWG seems obvious. D "a physical or virtual architectural approach dividing a network into multiple segments, each acting as its own subnetwork providing additional security and control" upvoted 1 times MasterControlProgram 6 months, 1 week ago Selected Answer: AB A. A WAF and B. A CASB are the two best solutions to address the CSO's concerns. A WAF can help detect and prevent web-based attacks on cloud-based services, while a CASB can provide visibility and control over cloud-based services to prevent data breaches. Segmentation, 淘宝店铺:https://shop63989109.taobao.com/ encryption, and containerization are also good security measures, but they do not specifically address the risks associated with cloud-based services. An NG-SWG (Next-Generation Secure Web Gateway) may help, but a CASB is a more specialized solution for cloud security. upvoted 2 times Nishkurup 6 months, 3 weeks ago A CASB: A Cloud Access Security Broker (CASB) can provide visibility and control over cloud-based services. CASBs can monitor user activity, enforce security policies, and protect data in the cloud. They can also detect and block unauthorized access attempts, enforce encryption policies, and prevent data leakage. CASBs can help the CSO to gain better visibility and control over cloud-based services, and protect them from advanced threats and malware. Segmentation: Segmentation can be used to limit the access of different parts of the network to one another, making it more difficult for attackers to move laterally within the network. Implementing segmentation for cloud-based services can help reduce the risk of a data breach and protect against advanced threats and malware. While the other solutions such as a WAF, NG-SWG, encryption, and containerization can provide additional security measures, they may not address the concerns of the CSO regarding the security of cloud-based services as effectively as the CASB and segmentation solutions. upvoted 1 times 店 Nishkurup 6 months, 1 week ago 铺 go for CASB and NGSWG I think I will ; upvoted 1 times 学 习 小 ago scarceanimal 7 months, 3 weeks 店 66 Selected Answer: BC 店 铺 ; 学 习 小 店 66 both cloud controls that address the dude's concerns. :) upvoted 1 times mhmtn 7 months, 3 weeks ago I think C and D. I have been inspired divide and manage policy that is a British tactic on the head of century:) upvoted 1 times okay123 10 months, 2 weeks ago Selected Answer: BC Correct would be B & C upvoted 1 times carpathia 10 months, 2 weeks ago Selected Answer: BC https://www.netskope.com/blog/where-casb-and-swg-are-headed It looks like segmentation in the cloud is not that efficient or you'll still need to secure the segments with, well, SWGs probably. upvoted 1 times BigV 10 months, 3 weeks ago How Does Cloud Network Segmentation Support a Defense In-Depth Strategy? Cloud network segmentation, at its heart, is a Defense-in-Depth cybersecurity approach. It can effectively reduce the risk of data breaches as it wraps layer upon layer of security around IT systems and data. This multi-layered cybersecurity strategy prevents malicious malware from spreading across every network in a business organization. It can also efficiently block hackers from quickly accessing networks and eliminate the possibility of sensitive data from being exposed. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #74 An organization is planning to roll out a new mobile device policy and issue each employee a new laptop. These laptops would access the users' corporate operating system remotely and allow them to use the laptops for purposes outside of their job roles. Which of the following deployment models is being utilized? A. MDM and application management B. BYOD and containers C. COPE and VDI D. CYOD and VMs 店 店 铺 铺 ; ; 学 Correct Answer: B 学 习 小 店 Community vote distribution C (94%) stoneface 习 小 Highly Voted 66 店 66 4% 1 year ago Selected Answer: C Bring your own device (BYOD)—the mobile device is owned by the employee. The mobile will have to meet whatever profile is required by the company (in terms of OS version and functionality) and the employee will have to agree on the installation of corporate apps and to some level of oversight and auditing. This model is usually the most popular with employees but poses the most difficulties for security and network managers. Corporate owned, business only (COBO)—the device is the property of the company and may only be used for company business. Corporate owned, personally-enabled (COPE)—the device is chosen and supplied by the company and remains its property. The employee may use it to access personal email and social media accounts and for personal web browsing (subject to whatever acceptable use policies are in force). Choose your own device (CYOD)—much the same as COPE but the employee is given a choice of device from a list. upvoted 39 times Ay_ma Highly Voted 1 year ago Selected Answer: C COPE: Corporate-Owned Personally Enabled. The question states that the company is handing out laptops but then they can use them outside of business requirements. VDI (Virtual Desktop Infrastructure): You can access Operating Systems Virtually, It's like a whole desktop, but virtual. Regarding the question, the employees can access company data through VDI, while being able to use the laptops for personal stuff. upvoted 7 times BobsUrUncle2 Most Recent 9 hours, 7 minutes ago Selected Answer: C The laptops are company owned i.e. COPE upvoted 1 times Protract8593 2 months ago Selected Answer: C The correct answer is: C. COPE and VDI (Corporate-Owned, Personally Enabled, and Virtual Desktop Infrastructure) In the scenario described, the organization is planning to issue laptops to its employees (corporate-owned) and allow them to use the laptops for personal purposes (personally enabled). Additionally, the laptops would access the users' corporate operating system remotely, which implies the use of Virtual Desktop Infrastructure (VDI). The COPE model refers to the practice of providing employees with corporate-owned devices that can also be used for personal activities. upvoted 5 times 店 店 铺 铺 ; ; 学 学 习 小 店 6 3 weeks ago ApplebeesWaiter1122 2 months, 6 习 小 店 66 Selected Answer: C In a COPE model, the organization provides employees with corporate-owned devices, such as laptops, while allowing them some level of personal use. This means that employees can use the laptops for both work-related tasks and personal purposes. VDI, on the other hand, refers to Virtual Desktop Infrastructure, which enables users to access their corporate operating system remotely. With VDI, the actual operating system and applications run on virtual machines hosted on centralized servers, and users connect to these virtual machines from their laptops or other devices. This allows employees to access their corporate environment and use the provided laptops for work purposes. upvoted 3 times fouserd 5 months, 2 weeks ago Selected Answer: C The scenario involves the organization issuing laptops to employees for work purposes and allowing them to use the laptops for personal purposes as well. This is characteristic of the COPE deployment model, in which the organization owns and manages the device, but employees 淘宝店铺:https://shop63989109.taobao.com/ are allowed to use it for personal purposes as well. upvoted 1 times Drealjesusfreak 6 months, 2 weeks ago So, can CYOD be used for both cooperate and personal use and i though CYOD is also property of the compony? upvoted 1 times applepieboy 8 months ago Selected Answer: C There is no way to no whether or not VDI is involved in this situation, but the answer is clearly the one with COPE (corporate owned, personally enabled). The workers don't own the device, but it is allowed to be used for personal business. By definition COPE upvoted 5 times byfener 9 months, 2 weeks ago Selected Answer: C 店 店 铺 铺 It has to be C , in the explanation say " An organization is planning to roll out a new mobile device policy and issue each employee a new laptop. " upvoted 1 times ; ; 学 习 carpathia 1 year ago 学 习 小 Selected Answer: C 小 店 店 66 66 VDI is installed on laptops, no probs (search best laptops for VDI on Google). I don't think anyone uses Terminals anymore. COPE does allow users to use the device for personal activities. upvoted 4 times Swarupam 1 year ago Selected Answer: C answer is hidden in the question! Company is providing the laptops .. so its COPE upvoted 4 times remtech 7 months, 3 weeks ago says - issue each employee COPE upvoted 1 times cozzmo 1 year ago NOT VDI: issue each employee a new laptop. (VDI is a virtual workspace on a server. so you don't get a laptop). NOT BYOD: issue each employee a new laptop. NONE of these work! upvoted 1 times TR3Y 1 year ago VDI can be used with COPE devices. I currently work at an organization that leverages VDI and gives us laptops.... upvoted 6 times Wiggie 1 year ago Selected Answer: A https://www.ibm.com/topics/mobile-device-management upvoted 1 times comeragh 1 year ago Selected Answer: C Agree with C here. "issue each employee a new laptop". Laptops are issued so cannot be BYOD or CYOD. upvoted 1 times varun0 1 year ago 店 铺 Selected Answer: C ; the laptops and can be used for personal use Corporate is providing 学 习 upvoted 1 times 小 店 Wiggie 1 year ago 66 店 铺 ; 学 习 小 店 66 Selected Answer: A https://control.connectwise.com/blog/remote-support-access/what-is-mobile-device-managementmdm#:~:text=of%20traditional%20RMM.-,MDM%20is%20a%20type%20of%20security%20software%20used%20by%20an,being%20used%20in%2 0the%20organization. upvoted 1 times Kristi 1 year ago Selected Answer: D If the company is issuing the laptop's in not BYOD whatever their purpose is.Tricky question upvoted 1 times Sandon 7 months, 4 weeks ago It's really not upvoted 1 times 淘宝店铺:https://shop63989109.taobao.com/ 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #75 Certain users are reporting their accounts are being used to send unauthorized emails and conduct suspicious activities. After further investigation, a security analyst notices the following: ✑ All users share workstations throughout the day. ✑ Endpoint protection was disabled on several workstations throughout the network. ✑ Travel times on logins from the affected users are impossible. ✑ Sensitive data is being uploaded to external sites. All user account passwords were forced to be reset and the issue continued. Which of the following attacks is being used to compromise the user accounts? 店 铺 店 铺 ; ; 学 A. Brute-force 学 习 习 小 B. Keylogger 店 66 C. Dictionary 小 店 66 D. Rainbow Correct Answer: B Community vote distribution B (100%) stoneface Highly Voted 1 year ago Selected Answer: B A Keylogger would be the reason of why even after resetting the passwords the issue persisted. There is no information about the password itself that would allows to determine if any brute force attack method is being used upvoted 21 times varun0 Highly Voted 1 year ago Selected Answer: B Keyloggers seems to be it. Enduser protection is disabled and someone installed a keyloggers since workstations are being shared. Changing password doesn't uninstall this keylogger which is likely recording the new changed passwords and sending them out to the attacker. upvoted 12 times Protract8593 Most Recent 2 months ago Selected Answer: B - All users sharing workstations could mean that the keylogger is capturing keystrokes across multiple user sessions. - Endpoint protection being disabled on several workstations suggests that the attackers might have gained administrative access to the workstations, allowing them to disable security software without detection. - Impossible travel times on logins from the affected users indicate that someone other than the legitimate user might be logging in using their credentials, possibly from a different location. - Sensitive data being uploaded to external sites indicates unauthorized access to sensitive information, likely obtained through captured keystrokes. 店 店 铺 铺 The hint that everyone ; missed: ; ✑ Sensitive data is学 being uploaded to external sites. 习 was hardware-based and it must have had a WAP that the attacker was able学 This means that the keylogger to习 connect to and retrieve all the users' 小 小 keystrokes through the login 店 portal of the keylogger (a local IP like 192.168.0.10). 店 6 66 upvoted 2 times 6 ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: B The key indicators in the scenario point towards the presence of a keylogger: All users share workstations throughout the day: This means that multiple users are accessing the same workstations, making it easier for a keylogger to capture keystrokes from different users. Endpoint protection was disabled on several workstations: Disabling endpoint protection allows malware, including keyloggers, to go undetected on the compromised workstations. Impossible travel times on logins: This suggests that the attacker is remotely accessing the compromised accounts, which is consistent with the use of a keylogger. Sensitive data uploaded to external sites: The presence of a keylogger enables the attacker to capture sensitive information, such as login credentials and other data, and upload it to external sites for unauthorized use. upvoted 2 times 淘宝店铺:https://shop63989109.taobao.com/ z3phyr 5 months, 3 weeks ago Nothing was clear until you pick out the fact that the password resets didn't help. Makes it pretty clear upvoted 2 times skeletor23 6 months ago passwords have been reset but the issue continue, in this case can only be a keylogger which is "recording" the new password entered upvoted 1 times rodwave 10 months, 2 weeks ago Selected Answer: B Answer - Keylogger A keylogger or keystroke logger is a type of monitoring software that can be used to collect keystrokes that you type. A keylogger was likely used to capture various sensitive information and credentials. As the issue continued after the password reset, the keylogger was still capturing information as it wasn't removed. ========================= Brute-force - trail and error attempts to guess login info Dictionary - a form of brute force attack that uses common words, phrases and variations Rainbow - uses tables of reversed hashes to crack passwords upvoted 5 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 Knowledge33 11 months ago 66 66 There is no relationship between the context and the questions/responses. It's so weird upvoted 7 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #76 A security forensics analyst is examining a virtual server. The analyst wants to preserve the present state of the virtual server, including memory contents. Which of the following backup types should be used? A. Snapshot B. Differential C. Cloud D. Full E. Incremental 店 店 铺 铺 ; Correct Answer: A 学 习 Community vote distribution stoneface ; 学 习 小 Highly Voted 小 店 店 6 A (97%) 6 66 1 year ago Selected Answer: A A snapshot preserves the state and data of a virtual machine at a specific point in time. The state includes the virtual machine’s power state (for example, powered-on, powered-off, suspended). The data includes all of the files that make up the virtual machine. This includes disks, memory, and other devices, such as virtual network interface cards. A virtual machine provides several operations for creating and managing snapshots and snapshot chains. These operations let you create snapshots, revert to any snapshot in the chain, and remove snapshots. You can create extensive snapshot trees. upvoted 22 times Protract8593 Most Recent 2 months ago Selected Answer: A A snapshot backup is the appropriate type to use when the security forensics analyst wants to preserve the present state of the virtual server, including memory contents. A snapshot is a point-in-time copy of the virtual machine (VM) that captures its entire state, including its memory. This allows for the virtual server to be restored to the exact state it was in when the snapshot was taken, including any volatile data present in memory at that moment. For the purpose of preserving the present state of the virtual server, including memory contents, a snapshot backup is the most appropriate choice. upvoted 1 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: A A snapshot is a point-in-time copy of a virtual machine's disk file, including its memory state. It captures the entire state of the virtual server at a specific moment, including the memory contents, disk contents, and configuration settings. This allows for the preservation of the virtual server's current state, which can be useful for forensic analysis, system recovery, or other purposes. upvoted 1 times Tango58 6 months ago Selected Answer: B FULL backup will store everything on it. upvoted 1 times 店 铺 ; HCM1985 3 weeks, 学 4 days ago 习 state But no the current memory 小 店 upvoted 3 times 66 店 铺 ; 学 习 小 店 66 skeletor23 6 months ago Answer is A, a good practical of this is to download oracle VM set up a virtual machine and in software there is an option to "snapshot" current device upvoted 2 times JaMorant 7 months, 3 weeks ago present state is the keyword in this case so snapshot will do the job upvoted 2 times kennyleung0514 8 months, 4 weeks ago A VM snapshot file consists of all the files stored on the storage devices of a virtual machine. Taking a snapshot creates files with extensions .vmdk, -delta.vmdk, .vmsd, and .vmsn, which are stored with the VM base files. A memory snapshot also includes a memory state file (with extension .vmsn) that holds the memory of the VM at the time of the snapshot capture. The size of the memory file and the time it takes 淘宝店铺:https://shop63989109.taobao.com/ to capture the memory state depends on the configured maximum memory for the original/parent VM. upvoted 1 times hackerguy 11 months ago Selected Answer: A per dion training notes: Type of backup primarily used to capture the entire operating system image including all applications and data § Snapshots are also commonly used with virtualized systems upvoted 2 times comeragh 1 year ago Selected Answer: A 店 Agree with A snapshot being the correct answer here upvoted 2 times 铺 ; 店 铺 ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #77 After returning from a conference, a user's laptop has been operating slower than normal and overheating, and the fans have been running constantly. During the diagnosis process, an unknown piece of hardware is found connected to the laptop's motherboard. Which of the following attack vectors was exploited to install the hardware? A. Removable media B. Spear phishing C. Supply chain D. Direct access 店 店 铺 Correct Answer: A 铺 ; ; 学 学 习 Community vote distribution 小 店 66 D (69%) YusufMadkour 习 小 Highly Voted 店 A (23%) 8% 66 1 year ago Selected Answer: D D because no hardware can be installed on the motherboard unless the perpetrator had direct access to the machine. upvoted 30 times Sandon 8 months, 1 week ago Or the supply chain upvoted 4 times scarceanimal 7 months, 3 weeks ago that's not an attack vector upvoted 3 times CTE_Instructor 6 months, 3 weeks ago Security+ 601 Objectives Section 1.5 Explain different threat actors, vectors, and intelligence sources. Vectors: * Direct Access * Email * Supply Chain * Social Media * Removable media * Cloud The answer is *most likely* direct access, as the problem started after going to the conference. It's implied someone gained physical access to this laptop and installed hardware on the motherboard -or- plugged in a USB drive. It's unlikely, however it's possible a supply chain attacker could have also installed hardware inside the laptop prior to shipping to a company. Either way, the attacker would have needed direct access to complete this attack. It's more general than the other options, and covers all possibilities. upvoted 4 times 5 months, 3 weeks ago 店 Butankiuser so 铺 the attacker doesn't need direct access. 铺 the user could have found the USB on the floor and plugged it in themselves,店 ; ; upvoted 学1 times 学 习 习 小5 days, 17 hours ago 小 TreeeSon 店 店 DO NOT make assumptions on CompTIA exams. If it isn't stated, it never happened. 66 66 upvoted 1 times 80drag 1 year ago but it doesnt say installed just connected. The usb connector is attached to the motherboard upvoted 5 times TheDarkSide2405 8 months, 1 week ago USB doesn't unknown piece of hardware upvoted 3 times 80drag 1 year ago I redact the previous statement upvoted 3 times Boogie_79 Highly Voted 1 year ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: D Direct access upvoted 5 times Dogeo Most Recent 3 weeks, 3 days ago A Removable Media. Direct Access is being physically at the device to perform malicious acts rather than the use of software or hardware, the question says that hardware has been connected to the mother board, everything including USB ports are connected to the motherboard so this dose not rule out USB hardware Although they would need Direct Access to attach the hardware it is the hardware itself causing the issue. upvoted 1 times Dogeo 1 month ago Its A, the question states unknow hardware has been attached to the motherboard (removeable media) 店 店 铺 ; 铺 ; Direct access would be the malicious user performing an attack while physically at the device. upvoted 1 times 学 学 习 习 小 小 店 店 RevolutionaryAct 1 month, 2 weeks ago Selected Answer: A 66 66 Well I learned something new, you can directly add removable media to the motherboard, whic is what I picked but for different reasons. One could say direct access but hardware attached to a motherboard is removable: https://www.howtogeek.com/201493/ask-htg-can-i-plug-a-usb-device-right-into-my-motherboard/ upvoted 1 times sujon_london 1 month, 2 weeks ago Selected Answer: A This very straight forward question with given clue that found hardware connected with motherboard. As we all know that any USB port connected with motherboard of the Computer. It’s simple of-course we maybe thinking critically due to CompTIA or easy option given. upvoted 1 times Protract8593 2 months ago Selected Answer: D In the given scenario, the laptop issues started after the user returned from a conference. Furthermore, an unknown piece of hardware was found connected to the laptop's motherboard. These details indicate that someone had physical access to the laptop and inserted the unknown hardware directly. A direct access attack involves an attacker physically accessing a device to compromise it. In this case, the attacker likely inserted malicious hardware or tampered with the laptop's internal components to gain unauthorized access and control over the system. Why A and C are wrong according to ChatGPT: - A. Removable media: This option involves using external devices like USB drives, CDs, or DVDs to introduce malware to a system. While it's a possible attack vector, it does not explain the presence of unknown hardware on the laptop's motherboard. - C. Supply chain: A supply chain attack involves compromising devices or components during the manufacturing or distribution process. In this case, the laptop was not new, and the issue occurred after the user returned from a conference, making a supply chain attack less likely. upvoted 2 times Aleem001 2 months, 1 week ago Selected Answer: A Come on Guys, Have you ever opened a computer to see the motherboard, its A, as USB port is connected to the motherboard after all, plus it happed in the conference room, not in any computer hardware Lab. upvoted 2 times 店 铺 2 months, 1 week ago Aleem001 ; 学 piece of hardware is found. Scenario says : unknown 习 upvoted 2 times 小 店 663 weeks ago ApplebeesWaiter1122 2 months, 店 铺 ; 学 习 小 店 66 Selected Answer: D Direct access refers to physically accessing a device or its components, and in this case, it seems that someone had direct physical access to the laptop and installed the unknown hardware on the motherboard. The symptoms of the laptop operating slower, overheating, and constant fan activity further suggest that a physical modification or tampering has occurred. Supply chain attacks typically involve compromising the supply chain process to introduce malicious software or components into devices during manufacturing or distribution. While supply chain attacks can result in compromised hardware, they are not the most likely explanation in this specific scenario, as the user's laptop was affected after returning from a conference. upvoted 2 times JAMBER 4 months ago Selected Answer: C Got to love some of these questions. I went with C supply chain. I didn't read enough clues to determine it to be A. Removable Media: usually external storage and not internally attached to motherboard. 淘宝店铺:https://shop63989109.taobao.com/ B. Spear Phishing: well yeah, the throw away choice D. Direct Access: typically refers to unauthorized physical access C. Supply Chain with possible (hardware) time-delayed attack. upvoted 1 times DylanB2868 5 months ago Selected Answer: D D because it said "after returning from an event" This means the hardware was not there before hand and therefore eliminates the idea of a supply chain vector. upvoted 1 times HypeMan_crew 5 months, 1 week ago Selected Answer: D This is not supply chain. This laptop has been in use for a while and not a new laptop. The issue happened after the conference meaning that there was a direct contact or access from someone on that laptop. upvoted 1 times 店 店 铺 铺 ; weeks ago tutita 5 months, 3学 习 Selected Answer: D 小 ; 学 习 小 店 has to be direct access, usb media in a laptop is extremely obvious, and they mention "after returning" meaning he 店 left6 unattended the laptop 6 6 6 somewhere. upvoted 1 times skeletor23 6 months ago although both seem correct to me, question asks which attack vector was explotied? direct access is an attack vector, which includes removable media upvoted 2 times demetress 6 months ago Selected Answer: C Based on the given scenario, it is likely that the attack vector that was exploited to install the unknown piece of hardware on the laptop's motherboard is C. Supply chain. The fact that the user's laptop began to experience issues after returning from a conference suggests that the unknown hardware was likely introduced through the supply chain, meaning that it may have been added to the laptop during the manufacturing or distribution process. This type of attack is known as a supply chain attack, which involves compromising the supply chain to deliver malicious components to a target system or device. Removable media and spear phishing are also common attack vectors, but they typically involve user interaction, such as opening an infected email attachment or inserting a compromised USB drive into a computer. Direct access attacks involve physically accessing a device, which may not be feasible in this scenario. upvoted 3 times MasterControlProgram 6 months, 1 week ago Selected Answer: C The attack vector that was most likely exploited to install the hardware on the user's laptop is the supply chain. This attack involves tampering with hardware, firmware, or software during the manufacturing or distribution process, allowing the attacker to gain access to the targeted system. The hardware found on the laptop's motherboard is an indication that an attacker may have tampered with the laptop before or during the manufacturing process. The overheating and slow performance of the laptop could be caused by malicious software or firmware installed by the attacker. upvoted 1 times 9e39727 6 months, 2 weeks ago Selected Answer: D Voting D (Direct Access) due to the wording. While A (Removable Media) is being used, the question is asking how the removable media was installed. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #78 After a recent security breach, a security analyst reports that several administrative usernames and passwords are being sent via cleartext across the network to access network devices over port 23. Which of the following should be implemented so all credentials sent over the network are encrypted when remotely accessing and con guring network devices? A. SSH B. SNMPv3 C. SFTP D. Telnet E. FTP 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 Correct Answer: A 店 66 Community vote distribution 66 A (100%) comeragh Highly Voted 1 year ago Selected Answer: A Telnet (port 23) is insecure and should be replaced with SSH (port 22) upvoted 14 times [Removed] 1 year ago Correct, SSH is the answer. upvoted 3 times rodwave 10 months, 2 weeks ago Highly Voted Selected Answer: A Answer: SSH (22) Port 23 (Telnet) and Port 22 (SSH) are network protocols used to remotely access and manage systems however telnet does not encrypt the connection so captured traffic appears in cleartext whereas an ssh connection would be encrypted. ========================= SNMP (Simple Network Management Protocol) - is a protocol for collecting and organizing information about managed devices on networks. Devices that typically support SNMP include servers/desktops, routers, switches, etc. SFTP (Secure File Transfer Protocol) is a secure file transfer protocol that uses SSH encryption to securely sending and receiving file transfers. FTP (File Transfer Protocol) - For file transfers upvoted 8 times Protract8593 2 months ago Most Recent Selected Answer: A SSH (Secure Shell) is a cryptographic network protocol used to securely access and manage network devices remotely. Unlike Telnet (Option D), which sends credentials in cleartext over port 23, SSH encrypts all communication between the client and server, providing a secure remote login and management solution. It ensures that administrative usernames and passwords are not sent in plaintext, making it the best choice for securing remote access to network devices. upvoted 2 times 店 店 铺 铺 ; ; 学 习 ApplebeesWaiter1122 2 months, 3 weeks ago 小 店 学 习 小 店 6 66 It provides strong 6 designed for secure remote login, command execution, and data communication. SSH is a cryptographic network protocol Selected Answer: A encryption and authentication mechanisms, protecting the confidentiality and integrity of the transmitted data, including usernames and passwords. Unlike Telnet (option D), which sends data in clear text, SSH encrypts the communication channel, preventing unauthorized interception and eavesdropping. upvoted 1 times fuweezy 5 months, 1 week ago Selected Answer: A A is correct upvoted 1 times scarceanimal 7 months, 3 weeks ago Selected Answer: A ssh replaces telnet in that it provides an encrypted session. Telnet sends in clear text, unsecure. 淘宝店铺:https://shop63989109.taobao.com/ upvoted 1 times DALLASCOWBOYS 7 months, 3 weeks ago A. SSH. SSH is an encryption protocol used to connect to systems. upvoted 1 times Samsonite363 8 months ago Selected Answer: A Easiest question in this guide. upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #79 Which of the following provides a calculated value for known vulnerabilities so organizations can prioritize mitigation steps? A. CVSS B. SIEM C. SOAR D. CVE Correct Answer: A 店 店 铺 Community vote distribution ; 学 习 铺 ; 学 习 A (100%) 小 小 店 stoneface 店 66 Highly Voted 66 1 year ago Selected Answer: A CVSS is maintained by the Forum of Incident Response and Security Teams (first.org/cvss). CVSS metrics generate a score from 0 to 10 based on characteristics of the vulnerability, such as whether it can be triggered remotely or needs local access, whether user intervention is required, and so on upvoted 14 times Protract8593 Most Recent 2 months ago Selected Answer: A CVSS (Common Vulnerability Scoring System) is a standardized scoring system used to assess and quantify the severity of known vulnerabilities. It provides a calculated value or score for each vulnerability based on its characteristics and potential impact. The CVSS score helps organizations prioritize their mitigation efforts by understanding the severity of each vulnerability and taking appropriate action accordingly. Higher CVSS scores indicate more severe vulnerabilities that require immediate attention and mitigation. upvoted 1 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: A CVSS is a standardized framework used to assess and quantify the severity of vulnerabilities in software systems. It provides a numerical score to represent the risk level associated with a specific vulnerability. The score takes into account various factors, such as the impact of the vulnerability, its exploitability, and the level of security controls in place. The score helps organizations prioritize their mitigation efforts by focusing on vulnerabilities with higher scores, indicating a greater potential impact. upvoted 2 times temple12 6 months, 1 week ago Selected Answer: A cvss is the correct answer upvoted 1 times DALLASCOWBOYS 7 months, 3 weeks ago A. CVSS. The Common Vulnerability Scoring System is an industry standard for assessing the severity of security vulnerabilities. upvoted 3 times Jossie_C 10 months, 3 weeks ago 店 Selected Answer: A 铺 Common Vulnerability Scoring System ; upvoted 1 times 学 习 小months, 4 weeks ago ExamTopicsDiscussor 11 店 66 CVSS stands for the correct upvoted 1 times carpathia 1 year ago Selected Answer: A "calculated" = CVSS upvoted 1 times comeragh 1 year ago Selected Answer: A Agree with A - CVSS here as the correct answer upvoted 1 times 店 铺 ; 学 习 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #80 Several universities are participating in a collaborative research project and need to share compute and storage resources. Which of the following cloud deployment strategies would BEST meet this need? A. Community B. Private C. Public D. Hybrid 店 店 铺 Correct Answer: A 铺 ; ; 学 Community vote distribution 习 学 习 小 店 A (88%) 66 小 店 13% 66 Protract8593 2 months ago Selected Answer: A In a community cloud deployment model, multiple organizations or entities with common interests share computing and storage resources. It is designed for specific communities of users who have shared concerns or requirements, such as research projects, government agencies, or educational institutions. In this scenario, where several universities are participating in a collaborative research project and need to share compute and storage resources, a community cloud deployment strategy would be the best fit. upvoted 2 times matace 2 months, 1 week ago Selected Answer: D The best cloud deployment strategy for several universities participating in a collaborative research project to share compute and storage resources would be a hybrid cloud deployment. A hybrid cloud deployment allows organizations to use a combination of public and private cloud resources. This gives the universities the flexibility to choose the right cloud platform for their specific needs. For example, they could use the public cloud for resources that need to be highly scalable and available, such as data storage and computing power. They could then use the private cloud for resources that need to be more secure and compliant, such as sensitive research data. A hybrid cloud deployment would also allow the universities to share resources more efficiently. For example, they could use the public cloud for peak demand periods, such as when they are running large-scale simulations. They could then use the private cloud for more consistent demand periods, such as when they are running smaller-scale experiments. upvoted 1 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: A A community cloud is a deployment model that is specifically designed to serve a specific community or group of organizations with shared interests and requirements. In this case, the universities participating in the research project form a community that can leverage the community cloud model. With a community cloud, the universities can establish a shared infrastructure that is dedicated to their specific needs. They can collectively pool their resources, such as computing power and storage, and share them among the participating universities. This allows for efficient resource utilization, cost-sharing, and collaborative research efforts. upvoted 1 times 店 铺 scarceanimal 7 months, 3 weeks ago ; Selected Answer: A 学 sharing infrastructure upvoted 2 times 店 铺 ; 学 习 习 小 店 66 DALLASCOWBOYS 7 months, 3 weeks ago 小 店 66 A. Community Cloud Deployment, where tenants are limited to members of a specifically designed community. Community memberships is normally based on a shared mission, similar security and compliance requirements, or other commonalities. upvoted 1 times Astra10 8 months ago D. Hybrid cloud deployment strategy would BEST meet the need for universities participating in a collaborative research project to share compute and storage resources. A hybrid cloud deployment allows organizations to use a combination of public and private cloud resources. In this case, the universities can keep sensitive data on their private cloud while sharing the compute and storage resources on a public cloud. This way, the universities can have the benefits of both the public and private cloud. A. Community cloud deployment strategy is when multiple organizations share a cloud infrastructure, but the resources are only available to a specific community of users. B. Private cloud deployment strategy is when an organization builds and maintains a cloud infrastructure for its own use. 淘宝店铺:https://shop63989109.taobao.com/ C. Public cloud deployment strategy is when an organization uses a cloud infrastructure provided by a third-party provider, available to the general public. upvoted 2 times assfedass nished 3 weeks, 1 day ago No, it's community cloud. You're adding data to the question that it does not ask for. upvoted 1 times bsComptia 8 months, 1 week ago A community cloud deployment strategy, while it may be able to meet the need for sharing compute and storage resources among a group of universities, would likely not be the best option. A community cloud is typically shared among organizations with similar security and compliance requirements, and is often managed by a third-party provider. However, the level of control and customization offered by a community cloud may be limited compared to a hybrid cloud deployment strategy, which combines elements of both public and private cloud deployment. This would give the universities more control and flexibility in terms of how they manage and utilize their shared resources. upvoted 1 times 店 bsComptia 8 months, 1 week ago 铺 ; how about this? upvoted 1 times 店 铺 ; 学 学 习 习 小 小 店 店 bsComptia 8 months, 1 week ago 66 66 A hybrid cloud deployment strategy is a combination of both private and public cloud deployment. This approach allows organizations to take advantage of the benefits of both types of clouds, depending on their specific needs. In a hybrid cloud deployment, sensitive and/or regulated data is kept on the private cloud, which provides a higher level of security and compliance. Meanwhile, less sensitive workloads can be run on the public cloud, which allows for greater scalability and cost-effectiveness. The two clouds are connected through secure, dedicated connections, such as VPNs, allowing for data and application portability. This deployment strategy allows organizations to take advantage of the benefits of both public and private clouds, depending on their specific needs. It also allows organizations to reduce costs by using public cloud resources for non-sensitive workloads, and to improve security by keeping sensitive data on the private cloud. upvoted 1 times [Removed] 8 months, 1 week ago Selected Answer: A A community cloud is defined as a cloud infrastructure in which multiple organizations share resources and services based on common operational and regulatory requirements. upvoted 2 times [Removed] 9 months, 3 weeks ago Selected Answer: D D - becouse they only share compute and storage - so they connect on presmise network with cloud - which they share. upvoted 1 times Jossie_C 10 months, 3 weeks ago Selected Answer: A Community is when different organizations share same stuff upvoted 3 times nobodyridesforfree 11 months, 1 week ago Selected Answer: A Community (shared) upvoted 1 times comeragh 1 year ago 店 Selected Answer: A 铺 " share compute and storage resources" A - Community; 学 upvoted 2 times 习 小 varun0 1 year ago 店 66 Selected Answer: A Community upvoted 1 times 店 铺 ; 学 习 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #81 A forensic analyst needs to prove that data has not been tampered with since it was collected. Which of the following methods will the analyst MOST likely use? A. Look for tampering on the evidence collection bag. B. Encrypt the collected data using asymmetric encryption. C. Ensure proper procedures for chain of custody are being followed. D. Calculate the checksum using a hashing algorithm. 店 店 铺 Correct Answer: D 铺 ; ; 学 Community vote distribution 习 D (63%) rodwave Highly Voted 学 习 小 店 66 小 店 C (37%) 66 10 months, 2 weeks ago Selected Answer: D Answer: Calculate the checksum using a hashing algorithm. (D) A checksum is specifically intended to verify the integrity of data or find data corruption. Comparing a file's original and current checksum. And if a byte or even a piece of the file's data has been changed, the original and current checksum will be different, and therefore you will know whether it's the same file or not. ===================== (A) - This is essentially the physical version of checking if something was tampered but wouldn't work for virtual data (B) - Dont need to encrypt anything (C) - Even if a proper chain of custody was followed, it doesn't guarantee that data hasn't been modified by anyone that had access to the data. upvoted 25 times stoneface Highly Voted 1 year ago Selected Answer: C Procedure to establish the Chain of Custody In order to assure the authenticity of the chain of custody, a series of steps must be followed. It is important to note that the more information Forensic expert obtains concerning the evidence, the more authentic is the created chain of custody. You should ensure that the following procedure is followed according to the chain of custody for electronic devices: Save the original material Take photos of the physical evidence Take screenshots of the digital evidence. Document date, time, and any other information on the receipt of the evidence. Inject a bit-for-bit clone of digital evidence content into forensic computers. Perform a hash test analysis to authenticate the working clone. upvoted 17 times KetReeb 1 year ago While your reasoning is a best practice, the only way to Prove the integrity of the data after its been handled is by verifying the checksum (Answer D). upvoted 36 times 店 stoneface 1 year ago 铺 I stand corrected ; -> D is correct - ensuring is not a method 学 upvoted 20 times 习 小 2 weeks ago Kraken84 1 month,店 66 Now that is a RFM! 店 铺 ; 学 习 小 店 66 upvoted 1 times KetReeb 1 year ago I'm sorry stoneface, I have to retract my comment after running across the following in the all-in-one review: regarding checksums - A disadvantage is that they miss larger numbers of errors as a second error can cancel the effect of the first on a checksum. Thus, checksums serve no real purpose in digital forensics. Your answer is best. upvoted 11 times CTE_Instructor 6 months, 3 weeks ago It's near impossible for a second change in data integrity to "undo" the hash effect of the first error. Multiple changes in file data will still produce different hash results. Checking hash results of the original collection vs present state is standard for verifying data integrity. upvoted 2 times assfedass nished Most Recent 淘宝店铺:https://shop63989109.taobao.com/ 3 weeks, 1 day ago Selected Answer: D It's D. Consider the role. The analyst, as the expert, would validate the checksum. A lawyer or court official would validate via the CoC. Additionally, anyone can access the data, change it, and properly mark up the chain of custody. If only using the chain of custody without validating the integrity, false data would be accepted. upvoted 1 times BigIshai 1 month, 3 weeks ago The question asked for what method to verify the integrity of the file in question. the simple answer is to compare the hash valve with the original when it was collected. The correct answer is D. Ensuring that the proper chain of custody was followed is still subject to interpretation and can not prove the data has not changed. upvoted 1 times Nikamy 1 month, 4 weeks ago 店 店 铺 My answer is D; 铺 Selected Answer: D upvoted 1 times ; 学 学 习 习 小 Protract8593 2 months ago 小 店 Selected Answer: D 店 66 66 A checksum is a value derived from the content of data, and it serves as a unique identifier for that data. When data is collected for forensic analysis, the forensic analyst can calculate the checksum using a hashing algorithm (such as MD5, SHA-256, etc.). If the data remains unchanged and has not been tampered with, the checksum will remain the same. Any alteration or tampering of the data would result in a different checksum value. By comparing the calculated checksum of the collected data with a known, trusted checksum (such as the original value), the forensic analyst can verify that the data has not been tampered with since it was collected. This process ensures data integrity and is commonly used in digital forensics to validate the authenticity of evidence. upvoted 1 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: D Calculating the checksum using a hashing algorithm is a common technique in forensic analysis to ensure data integrity. A hashing algorithm takes the data as input and generates a unique hash value, which is a fixed-length string of characters. Even a small change in the input data will result in a significantly different hash value. By comparing the calculated checksum of the collected data with a previously generated checksum of the original data, the forensic analyst can determine if any tampering or alteration has occurred. upvoted 2 times EvelynStandford 4 months, 1 week ago Selected Answer: C i started with C after i read all the comment and i was sure it was D but i find this and it make me change my mind Difference Between a Checksum and a Hash Checksums and similarity hashes are often used interchangeably, but they have slight differences. In a nutshell, a Checksum is a hash, but a hash isn’t necessarily a Checksum. Hashing Applications Encryption Storage Performance Why Use Checksums? Why use checksums to compare data over byte-by-byte comparison? The answer: because it is much smaller (256 bits). 店 店 Byte by Byte comparison requires having the entire copy of files which can be very large (gigabytes). 铺 ; small size is small enough to be treated as file metadata. A checksum’s relatively 学 习 小 How can Checksums be Used? 店ways: Checksums can be used in many 6 6 铺 ; 学 习 小 店 66 in search engines to check for duplicate documents, in engineering to check for corrupted files in cryptography to transfer data securely. upvoted 1 times EvelynStandford 4 months, 1 week ago also i find an other source where they say Step 5: Run the validate command with the clip file name attached to get the checksum for that clip (For PC: Hash = Checksum) Command for a proper chain of custody, so if they ensure that the checksum is included in the procedure upvoted 1 times fouserd 4 months, 2 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: C To prove that data has not been tampered with since it was collected, a forensic analyst would MOST likely calculate the checksum using a hashing algorithm. A hashing algorithm generates a unique fixed-size string of characters, called a hash or checksum, from a given input. By calculating the hash of the collected data and comparing it to the hash calculated at the time of collection, the analyst can verify that the data has not been altered. upvoted 1 times fouserd 4 months, 2 weeks ago Apologies meant to click D not C upvoted 2 times Yawannawanka 5 months ago C. Ensure proper procedures for chain of custody are being followed. Proper chain of custody procedures ensure that the evidence is properly collected, stored, and transferred to prevent tampering or alteration. By following these procedures, the forensic analyst can demonstrate that the evidence has not been tampered with since it was collected, and can be relied upon as authentic and admissible in court. The other options do not directly address the issue of proving that data has not been tampered with. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 Confuzed 5 months, 2 weeks ago Selected Answer: D 66 66 While ensuring proper chain of custody is critical, following the process is how you ensure that tampering/mishandling doesn't occur, not how you prove it didn't. To prove that tampering did not occur, the analyst would use hashing. upvoted 2 times KnifeClown1 5 months, 2 weeks ago Selected Answer: D A checksum is a unique value that is generated from a mathematical algorithm applied to the data. If the data is tampered with in any way, the checksum value will also change, indicating that the data has been altered. By comparing the original checksum value with the current checksum value, the forensic analyst can determine whether the data has been tampered with since it was collected. upvoted 1 times ffsilveira10 5 months, 2 weeks ago Selected Answer: C I believe that the correct option is C. When they say "data" they do not specific which type of data, could be digital or not. If not digital then the checksum will not be helful. In this case the most likely approach would be keep chain of custody. upvoted 2 times darklion 5 months, 2 weeks ago Selected Answer: D D. Calculate the checksum using a hashing algorithm. The checksum calculated using a hashing algorithm can be used to verify that the data has not been altered since it was collected. Any changes to the data will result in a different checksum, providing evidence that the data has been tampered with. Other methods, such as checking the evidence collection bag or following proper chain of custody procedures, can help ensure the integrity of the evidence but do not directly prove that the data has not been tampered with. Encrypting the data using asymmetric encryption will protect the confidentiality of the data but will not ensure its integrity. upvoted 1 times examrobo 5 months, 3 weeks ago Selected Answer: D Says prove so D upvoted 1 times 店 Auzilch 6 months ago 铺 Selected Answer: C; 学 Whenever they ask questions 习 like these, it's pretty much always chain of custody. 小 upvoted 2 times 店 6 Pegasus127 6 months, 1 week ago6 Selected Answer: C https://www.geeksforgeeks.org/chain-of-custody-digital-forensics/ "It demonstrates trust to the courts and to the client that the evidence has not tampered." upvoted 1 times 店 铺 ; 学 习 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #82 Multiple business accounts were compromised a few days after a public website had its credentials database leaked on the Internet. No business emails were identi ed in the breach, but the security team thinks that the list of passwords exposed was later used to compromise business accounts. Which of the following would mitigate the issue? A. Complexity requirements B. Password history C. Acceptable use policy D. Shared accounts 店 店 铺 Correct Answer: B 铺 ; ; 学 学 习 Community vote distribution 小 店 66 B (65%) antster1000 习 小 Highly Voted 店 C (18%) A (17%) 66 1 year ago Don't really feel like any of the answers are sufficient. Would be looking for something like MFA for this. upvoted 35 times CTE_Instructor 6 months, 3 weeks ago Yeah. A few days after the breach, the passwords were a vulnerability? Password history would not be realistic for this scenario. If it said 7 months later, that would make more sense. Imagine having a 24-hour password policy :cry: upvoted 8 times stoneface Highly Voted 1 year ago Selected Answer: B Password reuse is an important concern in any organization. Many users want to reuse the same password for their account over a long period of time. upvoted 19 times stonefacegroupie 5 months, 2 weeks ago I concur upvoted 2 times assfedass nished Most Recent 2 weeks, 2 days ago Selected Answer: B Password history is the least bad of these bad answers. upvoted 2 times Kraken84 1 month, 2 weeks ago "... was later used" is a our key statement here. upvoted 2 times BigIshai 1 month, 3 weeks ago 店 店 铺 The scenario indicates ; business accounts have been compromised in an aftermath of a non-related铺security ; incident. Meaning the malicious actors 学the leaked information and used the same on corporate accounts which evidently 学 got compromised because the endgot information from also 习 习 secondary incident. (logic users must have reused passwords. Hence an acceptable policy against password reuse would have mitigated the 小 小 appears sound but open to debate) 店 店 6 66 6 upvoted 2 times Selected Answer: C Protract8593 2 months ago Selected Answer: B Implementing password history would be an effective measure to mitigate the issue of compromised business accounts in this scenario. Password history keeps track of previously used passwords, and users are not allowed to reuse old passwords when creating a new one. This prevents attackers from reusing leaked passwords to gain unauthorized access to business accounts, even if the leaked credentials are known to them. By enforcing password history, organizations can improve their security posture and protect against credential reuse attacks. upvoted 1 times LiteralGod 2 months, 1 week ago Selected Answer: B I think given the information we have it would be password history. upvoted 1 times ApplebeesWaiter1122 2 months, 3 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: B Password history: Implementing a password history policy ensures that users cannot reuse their previously used passwords. This prevents attackers from reusing compromised passwords to gain unauthorized access to business accounts. By maintaining a password history, users are forced to choose unique passwords each time they update their credentials. upvoted 1 times Loonie 3 months ago I would say B password history, keyword "exposed was later used" upvoted 1 times mosher21 5 months, 1 week ago Selected Answer: A None of the options are correct. This is another question that sucks. Comptia charges almost 400 dollars for the exam and gives us this nonsense in return. kudos to them. upvoted 7 times 店 店 铺 ; 铺 ; 学2 weeks ago Confuzed 5 months, 习 小 Selected Answer: A 店 66 solution that makes sense. Complexity requirements is the only 学 习 小 店 66 An AUP dictates what a user may do with corporate systems, it does not address how the user should manage their passwords, that would be Code of Conduct or some other policy. Password history only serves to prevent password reuse on the corporate network; it will do nothing to prevent the user from using the same passwords on a public site. MAYBE, had the question stated that the password database was old, then password history may make sense, but even then complexity is the better answer. A shared account would absolutely do nothing to help with this. So by elimination we can say it's complexity. However, it intuitively makes sense. A leaked password database would contain password hashes that need to be cracked, weak passwords are trivial to extract using rainbow table or dictionary attacks while complex passwords may never be recovered from a leaked password database. Thus the hacker will have a list of weak passwords they will use in their attack. Enforcing complex passwords nullifies that list. upvoted 4 times z3phyr 5 months, 3 weeks ago Password history > enforces new passwords > makes the leaked passwords irrelevant upvoted 3 times TheNoblesse 5 months, 4 weeks ago Selected Answer: C Password History only means that once the password leaked, all compromised password should be changed or reset differently upvoted 1 times C_M_M 6 months ago Isn't password history about how long a password can be used before it can be changed? I don't see how it applies here. The problem here is users using their corporate passwords on other non-corporate sites I think Acceptable use policy should address this. upvoted 1 times MasterControlProgram 6 months, 1 week ago Selected Answer: B A. Complexity requirements and B. Password history are two effective controls to mitigate password-related issues, including the use of weak passwords or the reuse of previously compromised passwords. By enforcing password complexity requirements, organizations can require users to use stronger passwords that are more difficult to guess or crack. By enforcing password history, organizations can prevent users from reusing previously used passwords or the recently compromised ones. This would make it harder for attackers to gain unauthorized access to business accounts using previously leaked passwords. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 princajen 6 months, 2 weeks ago Selected Answer: B Another question that the answer really don't address the questions or issue. upvoted 3 times Drealjesusfreak 6 months, 2 weeks ago this question was not clear tho upvoted 2 times 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #83 A security analyst wants to ngerprint a web server. Which of the following tools will the security analyst MOST likely use to accomplish this task? A. nmap -pl-65535 192.168.0.10 B. dig 192.168.0.10 C. curl --head http://192.168.0.10 D. ping 192.168.0.10 店 店 铺 Correct Answer: C 铺 ; ; 学 Community vote distribution 习 习 小 店 C (72%) stoneface 学 66 Highly Voted 小 店 A (28%) 66 1 year ago Selected Answer: C Agreed, for those wondering a curl --head 1.1.1.1 will output this : HTTP/1.1 301 Moved Permanently Server: cloudflare Date: Thu, 01 Sep 2022 22:36:50 GMT Content-Type: text/html Content-Length: 167 Connection: keep-alive Location: https://1.1.1.1/ CF-RAY: 74417cb04d6b9a50-MFE upvoted 25 times TinyTrexArmz 7 months, 3 weeks ago While nmap can be used to fingerprint a webserver, those are not the right parameters to do so. You would use nmap -sV <target> not p<port-range> upvoted 7 times Gravoc Highly Voted 1 year ago curl --head is similar to curl get. Remember from your studies that get is when a user/entity is requesting to get/download resources from a server across the internet. Get requests include a header and a body. By doing curl --head, you're sending a request to get information from a server. The server will reply by providing only the headers of the request, rather than including the body. Therefore a curl --head is a way to send requests for header-only get requests. This allows people a quick summary of a response server, or in this case, to view it's fingerprint. upvoted 15 times Protract8593 2 months ago Most Recent Selected Answer: C Using the command "curl --head" allows the security analyst to perform an HTTP HEAD request to the specified web server (http://192.168.0.10) without actually downloading the contents. This will retrieve only the headers of the web server's response, which often includes server information, such as the server software and version, that can be used to fingerprint the web server. A. nmap -pl-65535 192.168.0.10 店 店 The "nmap" command is used for network scanning, but the given command is not correct. The option "-pl-65535" is invalid. The correct option for scanning all 65535 TCP ports would be "-p-". 铺 铺 ; ; 学 习 Corrected command: nmap -p- 192.168.0.10 小 Output (example): 店 66 学 习 小 店 66 Starting Nmap 7.91 ( https://nmap.org ) at 2023-07-22 12:00 UTC Nmap scan report for 192.168.0.10 Host is up (0.0020s latency). Not shown: 65534 closed ports PORT STATE SERVICE 80/tcp open http 443/tcp open https upvoted 1 times Protract8593 2 months ago B. curl --head http://192.168.0.10 The "curl" command is a tool used for transferring data with URLs. The "--head" option is used to perform an HTTP HEAD request and retrieve only the headers of the web server's response. 淘宝店铺:https://shop63989109.taobao.com/ Output (example): HTTP/1.1 200 OK Date: Thu, 22 Jul 2023 12:00:00 GMT Server: Apache/2.4.41 (Unix) Last-Modified: Wed, 21 Jul 2023 10:00:00 GMT ETag: "12345-56789" Content-Type: text/html Content-Length: 1234 In this example, the output includes server information such as "Server: Apache/2.4.41 (Unix)", which can be used to fingerprint the web server. upvoted 2 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: C The tool that the security analyst would most likely use to fingerprint a web server is option C: curl --head http://192.168.0.10. 店 店 铺 铺 servers. By using the --head option, the The curl command is commonly used for making HTTP requests and retrieving information from web ; ; security analyst can学 send an HTTP HEAD request to the web server specified by the given IP address (192.168.0.10). This request retrieves only the 学 习 习 HTTP headers of the server's response, which often include information about the server software, version, and other relevant details. 小 小 店 店 such as the server type By analyzing the server's response6headers, the security analyst can gather information about the web server's fingerprint, 66 6 (e.g., Apache, Nginx) and the specific version. This helps in identifying the server software being used and assists in further analysis and assessment of potential vulnerabilities or security configurations. upvoted 2 times Yawannawanka 5 months ago Curl is a command-line tool for transferring data from or to a server, and it can be used to obtain the headers of a web server's HTTP response, which can provide information about the server and its configuration. Therefore, the tool that the security analyst will MOST likely use to fingerprint a web server is: C. curl --head http://192.168.0.10 upvoted 1 times Confuzed 5 months, 2 weeks ago Selected Answer: A While "C" is actually more valuable, based on what is in the Official CompTIA study guide I have to go with A. The only reference to service discovery and fingerprinting in the guide talks about doing so with NMAP. While it clearly talks about using various switches, I suspect that this is just a poorly worded question. The command line in A would be part of service discovery rather than fingerprinting... But discovery is done before fingerprinting, so I suspect that they think that the FIRST command the user will run is what is shown in A... then additional switches used to actually perform fingerprinting of the services that were discovered? upvoted 1 times Kraken84 1 month, 2 weeks ago "so I suspect that they think"... ....maybe you can think about awhile upvoted 1 times cutemantoes 6 months, 1 week ago Im looking at this question with my wife right now and we both agree this has to be the most dirtiest security plus question we've come across XD upvoted 1 times NerdAlert 5 months, 4 weeks ago ive got bad news for you brotha... keep going 😂 upvoted 2 times 店 铺 ; princajen 6 months, 2 weeks ago 学 Selected Answer: C 习 小 店 店 铺 ; 学 习 小 店 Of the options provided, curl is the most likely tool a security analyst would use to fingerprint a web server. The "--head" option tells curl to send an HTTP HEAD request to the server, which will return a response that includes important metadata about the web server, such as the software type, version number, and possibly other configuration details. 66 66 The other options listed are not appropriate for fingerprinting a web server. Nmap is a port scanner, which can help identify open ports and services running on a target system, but it does not provide information about the web server software. Dig is a tool for querying DNS servers to resolve domain names to IP addresses, and ping is used to test network connectivity, but neither of these tools provide information about the web server software. upvoted 1 times geekneek 7 months, 1 week ago Selected Answer: C Curl is a command-line tool that is commonly used to test web applications and is also a popular choice for web application fingerprinting. The "-head" option is used to request only the header information of the web server's response, which can contain information about the web server's software and version. Option A, "nmap -pl-65535 192.168.0.10," is a command to perform a ping scan using Nmap. While this may reveal the IP address of the web 淘宝店铺:https://shop63989109.taobao.com/ server, it is not designed for fingerprinting the web server software. Option B, "dig 192.168.0.10," is a command for performing DNS queries to retrieve information about domain names. It does not have any direct relation to fingerprinting a web server. Option D, "ping 192.168.0.10," is a command to test the connectivity between two devices on a network. It does not provide any information related to web server fingerprinting. Therefore, the most appropriate tool for fingerprinting a web server would be "curl --head http://192.168.0.10". upvoted 3 times EricShon 7 months, 2 weeks ago Selected Answer: A A. nmap -pl-65535 192.168.0.10 upvoted 2 times 店 ronniehaang 7 months, 3 weeks ago 铺 ; 店 铺 ; 学 Selected Answer: A 学 习 习 The detailed analysis of services on a particular host is often called fingerprinting. This is because each OS or application software that underpins a network service responds to probes in a unique way. This allows the scanning software to guess at the software name and version, without having any sort of privileged access to the host. This can also be described as banner grabbing, where the banner is the header of the response returned by the application. Nmap is very widely used for this task, or you could use hping or Netcat. upvoted 1 times 小 小 店 店 66 66 ronniehaang 7 months, 3 weeks ago A security analyst would most likely use the tool "nmap" to fingerprint a web server. The command "nmap -p1-65535 192.168.0.10" will scan the target IP address (192.168.0.10) for open ports, which can provide information about the web server software and operating system being used. The tool nmap is commonly used for network exploration, security auditing, and finding open ports and services on a target system. upvoted 1 times Sandon 8 months ago Selected Answer: A ChatGPT says it's A upvoted 3 times P0wned 8 months, 2 weeks ago Selected Answer: A The security analyst will MOST likely use nmap -p1-65535 192.168.0.10 to fingerprint a web server. nmap is a network exploration and security auditing tool that can be used to fingerprint a wide variety of network devices, including web servers. The -p option tells nmap to scan only the specified ports (1-65535 in this case) rather than all ports. This command will give the analyst information about the open ports and the services running on them. dig is a command-line tool for querying DNS servers, it can give information about the DNS information but it doesn't fingerprint a web server. Curl is a command-line tool for sending HTTP requests and it can give information about the HTTP headers, but it doesn't fingerprint a web server. Ping is a command-line tool for testing whether a particular host is reachable across an IP network, it can give information about reachability but it doesn't fingerprint a web server. upvoted 4 times bsComptia 8 months, 1 week ago Agreed A. nmap -pl-65535 192.168.0.10 is the most likely tool that a security analyst would use to fingerprint a web server. Nmap is a powerful tool for network exploration, management, and security auditing, and can be used to fingerprint web servers to identify the operating system, services running, and open ports. Curl is a command-line tool for transferring data using various protocols, including HTTP. The `--head` option sends an HTTP request with the `HEAD` method, which retrieves only the headers of the response, not the full response body. While this can provide some information about the server, such as the server type, it is not as comprehensive as using a tool like nmap, which can provide more detailed information about the server's operating system, services, and open ports. Additionally, nmap can also be used to fingerprint the web server to identify the version of the web server software, and the available plugins, which can be valuable information for identifying vulnerabilities and potential attack vectors. upvoted 3 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 Lars87 1 year ago Selected Answer: C C 100% upvoted 1 times comeragh 1 year ago sorry on review it seems C would be a better answer. upvoted 1 times varun0 1 year ago Selected Answer: C curl command shown outputs fingerprint which is type and version of web server. upvoted 3 times 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ comeragh 1 year ago Selected Answer: A I would go with A here - NMAP upvoted 3 times KetReeb 1 year ago the command syntax is not correct for nmap. upvoted 6 times lordguck 10 months, 4 weeks ago The syntax is correct: map all port from 1-65535 on 192.168.0.10. C is correct as it is about a web server: Web server fingerprinting is the task of identifying the type and version of web server that a target is running on. upvoted 2 times [Removed] 7 months, 4 weeks ago 店No, there is a typo in "nmap -pl-65535 x.x.x.x" command. If you replace letter "I" with店1 or omit it, then nmap will work as an active 铺 fingerprinting type ; tool to scan all web server ports. "Curl --head" will provide OS web server铺 ;if it's not behind a WAF. 学 学 upvoted 1 times 习 习 小 小 店 店 66 66 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #84 A penetration tester was able to compromise an internal server and is now trying to pivot the current session in a network lateral movement. Which of the following tools, if available on the server, will provide the MOST useful information for the next assessment step? A. Autopsy B. Cuckoo C. Memdump D. Nmap 店 店 铺 Correct Answer: A 铺 ; ; 学 Community vote distribution 习 学 习 小 D (92%) 店 66 stoneface Highly Voted 小 店 4% 66 1 year ago Selected Answer: D Autopsy is a digital forensics analysis tool - maily targetted to hard drive analysis - not very helpful for the requeriments Nmap would be the correct answer. we want to pivot to another devices on the NETWORK, so next step is to do reconnaisance, port scanning, etc upvoted 30 times Demilitarized_zone Highly Voted 10 months, 4 weeks ago WHY ARE THE ADMIN GIVING US WRONG ANSWERS PLEASE. THIS IS WICKED. COME ON upvoted 26 times NerdAlert 5 months, 4 weeks ago so we dont get shut down! check discussions upvoted 11 times loccodennis 4 months ago Is there a way to access non purchased comptia things anymore? all of the tests are gone for me upvoted 1 times will305 3 months, 3 weeks ago as long as you're logged in you can google the pages. "exam name" examtopics upvoted 1 times Abbey2 Most Recent 2 weeks, 2 days ago C. Memdump Explanation: In this scenario, the penetration tester has compromised an internal server and is attempting lateral movement within the network. To determine the most useful information for the next assessment step, memory analysis can be critical. Memory analysis tools like "memdump" are used to capture the content of a server's memory at a specific point in time. Analyzing this memory dump can reveal valuable information, including active processes, running services, user credentials, and potential vulnerabilities. upvoted 1 times 店 铺 malibi 3 weeks ago ; 学 店 铺 ; 学 习 Autopsy. Autopsy® is a digital 小 forensics platform and graphical interface to The Sleuth Kit® and other digital习forensics 小 tools. It is used by law 店 examiners to investigate what happened on a computer. 店 enforcement, military, and corporate 6 66 6 upvoted 1 times Selected Answer: A ccnaexam28 1 month, 4 weeks ago this was on my exam. Took the exam 27/7/2023, i scored 840 and got 82 questions in total. 90%+ is from this site and I have no contributor access though I think it's also just luck on what set you'll get from their questions' pool. good luck! upvoted 7 times AmesCB 1 month, 3 weeks ago congratulations! So what was the answer? or are you not allowed to say? upvoted 2 times Protract8593 2 months ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: D Nmap is a versatile network scanning tool that can be used for various purposes, including network reconnaissance and discovering hosts and services on a computer network. In the given scenario, the penetration tester has already compromised an internal server and is looking to pivot and move laterally within the network. Running Nmap on the compromised server can provide valuable information about other hosts and services within the network, helping the tester identify potential targets for further exploitation. Nmap can reveal open ports, services, and operating systems on the target hosts, which can be useful for the penetration tester to plan their next steps. By understanding the network topology and available services, the tester can identify additional attack vectors and potential vulnerabilities to exploit for further lateral movement. upvoted 2 times LiteralGod 2 months, 1 week ago Why would Nmap need to be available on the server ? upvoted 1 times ApplebeesWaiter1122 2 months, 3 weeks ago 店 铺 店 铺 ; Nmap (Network Mapper) 学 is a powerful network scanning tool that can be used for network exploration;and 学security auditing. It can help the 习information about the network, identify hosts, discover open ports, and detect services 习 running on those ports. With this penetration tester gather 小 小their next steps. information, the tester can assess the network's topology, identify potential targets for lateral movement, and plan 店 店 66 66 upvoted 1 times Selected Answer: D aw23 4 months, 2 weeks ago If a penetration tester has already compromised a server and is attempting to move laterally through the network, the focus is more likely to be on gaining access to additional systems and extracting information from the compromised system. Therefore, tools like Memdump, which can provide information about the state of the system and active network connections, are more relevant in this context. upvoted 2 times Yawannawanka 5 months ago If the goal is to pivot the current session in a network lateral movement, the most useful tool would be Nmap, as it can be used to scan the local network for other vulnerable machines that can be targeted. So the correct answer is D. upvoted 2 times NerdAlert 5 months, 4 weeks ago a memdump would be more helpful for identifying suspicious processes, but with nmap you can scan for what connections are opening on the other machine and see if they are trying to make lateral movement (connecting to other machines) in an easier way upvoted 3 times monzie 5 months, 4 weeks ago Selected Answer: C C. Memdump. A memory dump (memdump) can provide a wealth of information about a system, including active processes, services, network connections, open files, registry keys, and more. With this information, a penetration tester can identify additional targets to compromise and pivot through the network. Autopsy is a forensics tool used to analyze disk images. Cuckoo is a malware sandboxing platform. Nmap is a network scanning tool. While these tools can be useful for various tasks, they are not as helpful as a memdump for network lateral movement. upvoted 2 times hieptran 5 months, 3 weeks ago No one use memdump for lateral movement when conducting a penetration test. upvoted 1 times NerdAlert 5 months, 4 weeks ago a memdump would be more helpful for identifying suspicious processes, but with nmap you can scan for what connections are opening on the other machine and see if they are trying to make lateral movement (connecting to other machines) in an easier way upvoted 2 times MasterControlProgram 6 months, 1 week ago 店 铺 店 铺 Selected Answer: D ; ; If a penetration tester was able to compromise an internal server and is trying to pivot the current session in a network lateral movement, the most useful tool, if available on the server, would be Nmap. This is because Nmap can be used to scan the network for additional targets and map out the network topology, allowing the penetration tester to identify other potential targets for exploitation. Autopsy is a digital forensics tool used for analyzing and recovering data from hard disks and other storage devices. Cuckoo is a sandbox tool used for analyzing malware behavior. Memdump is a tool used for creating a memory dump of a system. While these tools may be useful in other phases of the assessment, they are not specifically designed for lateral movement. upvoted 3 times 学 学 习 习 小 店 66 小 店 66 liya0 6 months, 2 weeks ago Can someone explain why the answer isn't memdump? i asked chatgpt and this is what it said "the question mentions that the penetration tester has already compromised an internal server and is trying to pivot the current session in a network lateral movement. This suggests that the tester has already gained access to one system within the network and is attempting to move laterally to other systems. In this scenario, the tester needs to gather real-time information about the compromised server in order to identify other vulnerable systems within the network. Therefore, Memdump would be the most useful tool for this purpose." upvoted 2 times xxxdolorxxx 8 months, 1 week ago I vote for NMAP although I have no first hand experience with Autopsy. upvoted 1 times 淘宝店铺:https://shop63989109.taobao.com/ mlonz 8 months, 1 week ago "Which of the following tools, if available on the server " how come Nmap will be available on the server upvoted 2 times jhfdkjshfkjdsho 9 months, 1 week ago Selected Answer: A Network Lateral Movement, or what is more commonly referred to simply as, “Lateral Movement”, refers to the techniques cyber attackers, or “threat actors”, use to progressively move through a network as they search for the key data and assets that are ultimately the target of their attack campaigns. So, It is not mapping the network upvoted 1 times scarceanimal 7 months, 3 weeks ago the question calls for what the next step is not the defintion of network lateral movement upvoted 1 times 店 店 Sandon 8 months ago 铺 It's not A 铺 ; 学 upvoted 3 times ; 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #85 Field workers in an organization are issued mobile phones on a daily basis. All the work is performed within one city, and the mobile phones are not used for any purpose other than work. The organization does not want these phones used for personal purposes. The organization would like to issue the phones to workers as permanent devices so the phones do not need to be reissued every day. Given the conditions described, which of the following technologies would BEST meet these requirements? A. Geofencing B. Mobile device management C. Containerization 店 店 铺 铺 D. Remote wiping ; ; 学 Correct Answer: B 学 习 习 小 B (92%) Highly Voted 店 66 Community vote distribution stoneface 小 店 66 8% 1 year ago Selected Answer: B MDM is the best solution here, Company wants to issue a COBO device therefore no containerization < - tailored to BYOD Geofencing and remote wiping are capabilites that are provided by an MDM solution upvoted 15 times Protract8593 Most Recent 2 months ago Selected Answer: B MDM allows organizations to centrally manage and control mobile devices used by their employees, ensuring that they are configured and used in accordance with the organization's policies. With MDM, the organization can set up and enforce strict configurations on the mobile phones issued to field workers, ensuring they are used exclusively for work purposes and not for personal use. MDM solutions offer features such as device enrollment, configuration management, application management, security policy enforcement, and remote management capabilities. Through MDM, the organization can push work-related applications to the devices, restrict the installation of unauthorized apps, enforce security policies, and remotely wipe devices if necessary. upvoted 2 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: B The technology that would best meet the described requirements is Mobile Device Management (MDM). MDM enables organizations to manage and secure mobile devices, including smartphones, tablets, and other endpoints, from a central platform. With MDM, the organization can enforce policies and restrictions on the mobile devices, ensuring that they are used only for work purposes and preventing unauthorized access or use. In this case, the organization can use MDM to configure the mobile phones issued to field workers in a way that limits their functionality to workrelated tasks only. The MDM solution can enforce restrictions such as disabling personal app installations, blocking access to non-work-related websites or applications, and restricting certain device functionalities. Additionally, MDM provides capabilities for device tracking, monitoring, and remote management. upvoted 1 times 店 店 铺 铺 MorganB 4 months, ; 4 weeks ago ; 学 I just passed my exam 习 27 Apr 23. I must say that none of the questions here were on my exam. I think that学 this is however a great study tool to use 习 but that’s about it. Trust me this Test I took had now of the 410 questions on my exam. But I can say that reading the discussions here truly helped 小 小 店 me pass my exam. Trust me if you are going to take this exam base off these questions your going to find it difficult店 to pass. Good luck to anyone 66 Study from other sources please. You live to thank me someday. 66 that is getting ready to take the exam. upvoted 2 times Samo1 6 months, 4 weeks ago Selected Answer: C C. Containerization would be the best technology to meet the requirements of the organization. Containerization allows work applications and data to be separated from the personal applications and data on the phone. This enables the organization to issue the phones as permanent devices, knowing that the personal use of the phones is not a concern. In addition, if an employee leaves the organization, the container can be easily wiped from the phone without affecting the employee's personal data. Geofencing, Mobile device management, and Remote wiping are not as relevant to this particular scenario. upvoted 2 times rueyb 5 months ago they dont want it to be used for personal at all.. upvoted 1 times Sir_Learnalot 10 months, 2 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: B MDM will do the job upvoted 1 times grinop 11 months, 1 week ago I agree that MDM is corrrect. Te question almost tricked me into selecting geofencing however MDM is best suited since geofencing would only accomplish limiting loaction. upvoted 3 times scarceanimal 7 months, 3 weeks ago yes, after all they can still use it for personal use within geofencing perimeters. mdm will prevent that upvoted 1 times Bob455 1 year ago 店 店 铺 铺 A. a MDM would be used if the org was concerned about the users using thr devices for other purposes but the questioons states they are not and it gives a geohraphical clue with "users work in one city" upvoted 1 times ; ; 学 学 习 习 小 小 店 redsidemanc2 1 year ago 店 66 66 MDM is best solution. MDM provides the other 3 in one solution upvoted 1 times comeragh 1 year ago Selected Answer: B Agree with B - MDM as being correct answer here upvoted 2 times Boogie_79 1 year ago Selected Answer: B agreed upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #86 Which of the following control types is focused primarily on reducing risk before an incident occurs? A. Preventive B. Deterrent C. Corrective D. Detective Correct Answer: A 店 店 铺 Community vote distribution ; 学 A (88%) 习 小 店 铺 ; 学 习 12% 小 店 cozzmo 66 Highly Voted 66 1 year ago Selected Answer: A Yay.. finally one that makes sense! upvoted 16 times carpathia 1 year ago Highly Voted Selected Answer: A "Preventive controls act before an event, preventing it from advancing". Deterrent - "acts to discourage the attacker by reducing the likelhood of success from the perspective of the attacker". upvoted 6 times ScottT 1 year ago https://www.sciencedirect.com/topics/computer-science/preventative-control upvoted 1 times Protract8593 2 months ago Most Recent Selected Answer: A Preventive controls are security measures and practices that are put in place to reduce the likelihood of security incidents or breaches from occurring. Their primary focus is on proactively reducing risk before any incident takes place. These controls aim to prevent potential threats and vulnerabilities from being exploited. Examples of preventive controls include firewalls, intrusion prevention systems (IPS), access controls, encryption, security awareness training, security policies, and patch management. By implementing these measures, organizations aim to create a more secure environment and reduce the chances of security incidents and data breaches. upvoted 2 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: A Preventive controls are implemented to proactively mitigate risks and prevent incidents from happening in the first place. These controls are designed to minimize vulnerabilities, strengthen security measures, and establish safeguards to reduce the likelihood of security breaches or incidents. Examples of preventive controls include implementing strong access controls, enforcing strong passwords and authentication mechanisms, conducting regular security awareness training for employees, performing security assessments and vulnerability scans, deploying firewalls and intrusion prevention systems, and implementing secure coding practices. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 小 MasterControlProgram 6 months, 1 week ago Selected Answer: A 店 66 习 小 店 66 A. Preventive control types are focused primarily on reducing risk before an incident occurs. They aim to prevent incidents from happening in the first place. Examples of preventive controls include access controls, training and awareness programs, security policies and procedures, and regular maintenance and updates of hardware and software systems. upvoted 2 times DALLASCOWBOYS 7 months, 3 weeks ago A. Preventive controls stop a security issue before it occurs. upvoted 1 times [Removed] 8 months, 1 week ago Selected Answer: A Preventive—the control acts to eliminate or reduce the likelihood that an attack can succeed. A preventative control operates BEFORE an attack can take place. upvoted 1 times 淘宝店铺:https://shop63989109.taobao.com/ FMMIR 10 months ago Selected Answer: A preventive controls are controls intended to completely avoid an incident from being able to occur. Deterrent controls, alternatively, are intended to discourage a bad actor from an unlawful activity that they had originally intended to perform. upvoted 1 times okay123 10 months, 2 weeks ago Selected Answer: A Deterrent controls reduce the likelihood of a deliberate attack. Preventative controls protect vulnerabilities and make an attack unsuccessful or reduce its impact. https://www.sciencedirect.com/topics/computer-science/deterrentcontrol#:~:text=Deterrent%20controls%20reduce%20the%20likelihood%20of%20a%20deliberate%20attack.&text=Preventative%20controls%20p rotect%20vulnerabilities%20and,unsuccessful%20or%20reduce%20its%20impact. 店 店 So A ("reducing risk") upvoted 1 times 铺 铺 ; ; 学 学 习 Halaa 1 year ago 习 小 小 店 店 66 reducing risk before it happens--deterrent Selected Answer: B 66 upvoted 4 times Jakalan7 1 year ago I can see where you are coming from, but they are asking what reduces risk - so the answer has to be A. Deterrents are " intended to discourage someone from doing something", they don't actually prevent a risk though. For example, a fence is a deterrent, but people can still get a ladder and climb over it, it does not reduce the risk. upvoted 4 times HCM1985 3 weeks, 4 days ago I also think that it is Preventive. Because we can never forget that nothing is 100% safe, so even preventive techniques will not reduce the risk to 0. upvoted 1 times [Removed] 7 months, 4 weeks ago Question says it's "focused primarily on reducing". Preventive controls primarily function as preventive control not reducing. upvoted 1 times Libraboy 11 months, 1 week ago A fence reduces the number of people that will be hoping to break in. in this case, a preventive measure would be an electric fence. upvoted 4 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #87 A systems administrator reports degraded performance on a virtual server. The administrator increases the virtual memory allocation, which improves conditions, but performance degrades again after a few days. The administrator runs an analysis tool and sees the following output: ==3214== timeAttend.exe analyzed ==3214== ERROR SUMMARY: ==3214== malloc/free: in use at exit: 4608 bytes in 18 blocks. ==3214== checked 82116 bytes ==3214== de nitely lost: 4608 bytes in 18 blocks. The administrator terminates the timeAttend.exe, observes system performance over the next few days, and notices that the system performance does not degrade. Which of the following issues is MOST likely occurring? 店 铺 ; A. DLL injection 店 铺 ; 学 学 习 习 小 B. API attack 小 店 店 66 C. Buffer over ow 66 D. Memory leak Correct Answer: D Community vote distribution D (100%) stoneface Highly Voted 1 year ago Selected Answer: D Definitely memory leak ' key sentence' -> The administrator increases the virtual memory allocation, which improves conditions, but performance degrades again after a few days. Memory leak occurs when programmers create a memory in heap and forget to delete it. The consequences of memory leak is that it reduces the performance of the computer by reducing the amount of available memory. Eventually, in the worst case, too much of the available memory may become allocated and all or part of the system or device stops working correctly, the application fails, or the system slows down vastly . upvoted 81 times TheRoot9 4 months, 3 weeks ago If the checked bytes were greater than 4608*18, would it be buffer overflow ? upvoted 1 times sujon_london 1 month, 2 weeks ago Brilliant sighting! Good calculation @theroot9 upvoted 1 times Gino_Slim 11 months ago Stoneface will help you pass this everyone (lol) upvoted 27 times gladtam 6 months ago 店 I’m gonna have to treat stoneface when I pass this exam! upvoted 2 times 铺 ; 学 习 Most Recent 店 铺 ; 学 习 1 month, 2 weeks ago 小 小 店 店 Selected Answer: D 66 66 I love these questions, answer is right in the question :) I bet we get at least 15 of those on the test, yeah? A+, AZ-900, SC-900, all of em seem to Kraken84 follow the same scheming. upvoted 1 times Protract8593 2 months ago Selected Answer: D The output from the analysis tool indicates that there is a memory issue, specifically a memory leak. A memory leak occurs when a program fails to release memory that is no longer needed, leading to the gradual consumption of memory over time. In this case, the timeAttend.exe process is causing the memory leak, and terminating the process has resolved the performance degradation issue. upvoted 2 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: D A memory leak occurs when a program or process does not release memory resources properly after it is no longer needed. As a result, memory consumption continues to increase over time, leading to degraded performance and potential system instability. 淘宝店铺:https://shop63989109.taobao.com/ In this case, the system administrator observed degraded performance on the virtual server, which improved temporarily after increasing the virtual memory allocation. However, the performance degraded again after a few days. The output of the analysis tool indicates that there are 4608 bytes in 18 blocks of memory that are "definitely lost" at the time of exit. By terminating the "timeAttend.exe" process and observing that the system performance does not degrade afterward, it suggests that the memory leak issue was related to the "timeAttend.exe" process. Terminating the process would release the allocated memory, resolving the memory leak and improving system performance. upvoted 2 times ronniehaang 7 months, 3 weeks ago Selected Answer: D The issue that is most likely occurring is a memory leak. A memory leak occurs when a program allocates memory dynamically, but does not free it properly. Over time, this results in a gradual increase in memory usage, leading to degraded system performance and eventually to a crash. The output from the analysis tool shows that timeAttend.exe is the cause of the memory leak, as it has 4608 bytes in 18 blocks of memory that are definitely lost. Terminating the timeAttend.exe process and observing improved system performance confirms this diagnosis. upvoted 2 times 店 店 铺 铺 ; ; 学 学 jjhidalgo21 9 months, 3 weeks ago 习 WHO IS STONEFACE? 习 小 小 店 店 66 upvoted 3 times 66 bitezadusto 6 months ago the GOAT upvoted 3 times MusaKeita 11 months, 1 week ago memory leak upvoted 1 times MarciaL 11 months, 1 week ago I think B. API attack upvoted 1 times Wanafresh 11 months, 3 weeks ago Memory leaks are usually caused by failure to deallocate memory that has been allocated. upvoted 2 times cozzmo 1 year ago Thank you Stoneface! upvoted 3 times comeragh 1 year ago Well spotted stoneface. Agree with you on D for this one. upvoted 3 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #88 An administrator is experiencing issues when trying to upload a support le to a vendor. A pop-up message reveals that a payment card number was found in the le, and the le upload was blocked. Which of the following controls is most likely causing this issue and should be checked FIRST? A. DLP B. Firewall rule C. Content lter D. MDM 店 店 铺 铺 E. Application allow list ; ; 学 学 习 习 小 小 店 Correct Answer: A 店 66 Community vote distribution 66 A (100%) stoneface Highly Voted 1 year ago Selected Answer: A DLP - Data Loss Prevention uses exact data matching or regex matching - in this case a regex rule for detecting credit card numbers could be in place that is actively blocking the upload of the document Regex for detecting and Amex Card: ^3[47][0-9]{13}$ Source https://stackoverflow.com/questions/9315647/regex-credit-card-number-tests upvoted 36 times Protract8593 Most Recent 2 months ago Selected Answer: A The control that is most likely causing this issue and should be checked FIRST is Data Loss Prevention (DLP). Data Loss Prevention is designed to prevent sensitive information, such as payment card numbers or personally identifiable information (PII), from being accidentally or maliciously disclosed outside the organization. upvoted 1 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: A DLP is a security control that is designed to prevent sensitive or confidential information from being leaked, intentionally or unintentionally, outside of the organization's network. It helps identify and block the transmission of sensitive data, such as payment card numbers, to unauthorized recipients. In this scenario, the pop-up message indicates that a payment card number was found in the file, and as a result, the file upload was blocked. This behavior aligns with the functionality of a DLP control, which scans files or data being transferred and checks for the presence of specific patterns or formats that match sensitive information. upvoted 1 times MorganB 4 months, 4 weeks ago Just to exam. This was not on test. upvoted 1 times 店 铺 店 铺 ; ; KingDrew 8 months, 学2 weeks ago 学 习 习 Selected Answer: A 小 小 店 店 DLP keeps sensitive data such as 6 PHI, PII, and PCI-DSS secure from escaping the network or being leaked. 66 6 upvoted 3 times learnNcurve 9 months, 4 weeks ago Selected Answer: A A data loss prevention (DLP) device can reduce the risk of employees emailing confidential information outside the organization upvoted 1 times comeragh 1 year ago Selected Answer: A Agree with DLP being the correct answer here upvoted 2 times 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #89 Which of the following risk management strategies would an organization use to maintain a legacy system with known risks for operational purposes? A. Acceptance B. Transference C. Avoidance D. Mitigation 店 店 铺 Correct Answer: A 铺 ; ; 学 Community vote distribution 习 习 小 店 A (63%) stoneface 学 66 Highly Voted 小 店 D (37%) 66 1 year ago Selected Answer: A Accepting risk, or risk acceptance, occurs when a business or individual acknowledges that the potential loss from a risk is not great enough to warrant spending money to avoid it. upvoted 54 times Gino_Slim 11 months ago In stoneface we trust upvoted 22 times Confuzed 5 months, 2 weeks ago Highly Voted Selected Answer: D Per the CompTIA official study guide: "By definition, legacy platforms are unpatchable. Such systems are highly likely to be vulnerable to exploits and must be protected by security controls other than patching, such as isolating them to networks that an attacker cannot physically connect to." "Risk acceptance (or tolerance) means that no countermeasures are put in place either because the level of risk does not justify the cost or because there will be unavoidable delay before the countermeasures are deployed." So Risk acceptance would be counter to what CompTIA says MUST be done with legacy systems. "Risk mitigation (or remediation) is the overall process of reducing exposure to or the effects of risk factors. If you deploy a countermeasure that reduces exposure to a threat or vulnerability that is risk deterrence (or reduction). Risk reduction refers to controls that can either make a risk incident less likely or less costly (or perhaps both)." That is what CompTIA says MUST be done on a legacy system... reduce risk. So the answer is risk mitigation. upvoted 12 times J0EL 4 days, 15 hours ago Most Recent Selected Answer: D D. Mitigation. The organization would use the risk management strategy of mitigation to maintain a legacy system with known risks for operational purposes. Mitigation strategies are used to reduce the potential impact of risks or likelihood of occurrence. For a legacy system, mitigation measures may include regular maintenance and patching, limiting who has access to the system, and monitoring the system for any signs of compromise. Acceptance involves acknowledging the risks associated with the system but choosing to use it anyway without taking any additional action to reduce the risk. Transference involves transferring the risk to a third party through insurance or outsourcing, while avoidance involves avoiding the use of the system altogether. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 TreeeSon 5 days, 16 hours ago Selected Answer: A I will go with A seeing as how legacy systems have more limitations/ vulnerabilities that cannot be completely eliminated upvoted 1 times RogerW 2 weeks, 6 days ago The answer is A. The key word is maintain. I thought it implied fixing. I was wrong. It means " : to keep in an existing state (as of repair, efficiency, or validity) : preserve from failure or decline". In other words, keep it running without making changes. upvoted 1 times Protract8593 2 months ago Selected Answer: A 淘宝店铺:https://shop63989109.taobao.com/ Acceptance involves acknowledging the risks associated with a particular system or activity but deciding to continue with it despite those risks. This is often done when the cost of mitigating the risks or replacing the system outweighs the potential impact of the risks. upvoted 1 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: A Acceptance is a risk management strategy where the organization acknowledges the existence of a risk but consciously decides to tolerate or accept it. This means that the organization is aware of the risks associated with the legacy system but chooses to continue using it despite those risks. This decision is usually based on factors such as cost, feasibility of alternatives, business requirements, and the understanding that the risks can be managed within acceptable levels. upvoted 1 times clean_it_up_janny 4 months, 4 weeks ago Selected Answer: D Maintain keyword upvoted 3 times 店 铺 店 铺 ; ; ffsilveira10 5 months, 学 1 week ago 学 习 习 Selected Answer: D 小 小 店 店 the risk. I would go with D (mitigation)... when 66 you have a legacy system you need to put mitigation control in place to minimize 66 upvoted 3 times ankiuser 5 months, 3 weeks ago D. Chatgpt3.5: In some cases, the risk management strategy of mitigation may be more appropriate than acceptance, especially if the risks associated with a legacy system are significant or could have severe consequences. Mitigation involves taking actions to reduce the likelihood or impact of a risk, which could include implementing additional security controls, performing regular vulnerability assessments, and conducting regular security awareness training for users. upvoted 1 times cutemantoes 6 months, 1 week ago Selected Answer: D It says to maintain the legacy system. Meaning to mitigate the risk. Answer is D. If it was acceptance, its knowing that theres a risk and doing nothing about it and continue on about your day. upvoted 4 times Omi0204 6 months, 1 week ago Selected Answer: D Despite their operational value to organizations, a legacy system can pose a major security threat because they are outdated technology that is no longer updated, supported or maintained by their vendor or manufacturer. Organizations using legacy systems tend to give limited access to these systems and operate them with the phrase “out of sight, out of mind” being central. This almost perfect storm of security issues — no updates, no support and not being watched closely, has placed legacy systems and legacy software at the heart of security breaches. So are you still going to accept the known risk(breach, hack, attack) or try to put mitigation (limited access). Answer is D. upvoted 3 times geekneek 7 months, 1 week ago Selected Answer: A Acceptance is a risk management strategy in which an organization accepts the risks associated with a particular activity, process, or system. This strategy is typically used when the cost of reducing the risk is too high, or the risk is considered acceptable to the organization. In the case of a legacy system with known risks that needs to be maintained for operational purposes, the organization may determine that the cost of upgrading or replacing the system is too high, or that the system is critical to their operations and the risks associated with it are acceptable. upvoted 1 times 店 铺 [Removed] 7; months, 学 2 weeks ago 习 and DALLASCOWBOYS gonna make us pass. I'm just here to say stoneface 小 upvoted 5 times 店 66 gladtam 6 months ago 店 铺 ; 学 习 小 店 66 Hahaha same my friend. Same upvoted 2 times scarceanimal 7 months, 3 weeks ago Selected Answer: D question asks what they'd use to *maintain*. They're accepting residual risk with the fact that they're using a legacy system, but they intend to actually use it and maintain it for operational purposes. Mitigation and acceptance of the residual risk is the right call here. upvoted 1 times DALLASCOWBOYS 7 months, 3 weeks ago A. Acceptance. The organization has chosen to accept the risk because the risk is known. upvoted 1 times [Removed] 8 months, 1 week ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: A Risk acceptance (or tolerance) means that no countermeasures are put in place either because the level of risk does not justify the cost or because there will be unavoidable delay before the countermeasures are deployed. In this case, you should continue to monitor the risk (as opposed to ignoring it). upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #90 Which of the following is the BEST action to foster a consistent and auditable incident response process? A. Incent new hires to constantly update the document with external knowledge. B. Publish the document in a central repository that is easily accessible to the organization. C. Restrict eligibility to comment on the process to subject matter experts of each IT silo. D. Rotate CIRT members to foster a shared responsibility model in the organization. Correct Answer: D 店 店 铺 Community vote distribution ; 学 B (73%) 习 小 铺 ; 学 习 D (27%) 小 店 店 G4ct756 66 Highly Voted 66 11 months, 1 week ago Selected Answer: B I think is B, because there are 2 requirements " Consistent & Auditable". D, will foster consistent IR process, but not auditable. B, will ensure consistency in understanding in IR process & document is auditable. upvoted 18 times sterfryy Highly Voted 9 months, 2 weeks ago The best action to foster a consistent and auditable incident response process is to publish the document in a central repository that is easily accessible to the organization. This will ensure that all members of the organization have access to the latest version of the document and can refer to it easily in the event of an incident. It will also enable the organization to track changes to the document over time, helping to ensure that the incident response process remains up to date and effective. upvoted 9 times Protract8593 Most Recent 2 months ago Selected Answer: B By publishing the incident response document in a central repository that is easily accessible to the organization, all stakeholders, including team members, management, and relevant personnel, can have access to the latest version of the document. This ensures that everyone is on the same page and follows a consistent incident response process. Having a centralized repository also facilitates version control, making it easier to audit and track changes to the document over time. Option D, rotating CIRT members to foster a shared responsibility model, can be a good practice to promote knowledge sharing and avoid overreliance on specific individuals. However, it might not directly address the need for a consistent and auditable incident response process. upvoted 3 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: B Publishing the incident response document in a central repository that is easily accessible to the organization ensures that all relevant stakeholders have access to the latest version of the document. This promotes consistency in the incident response process as everyone is working from the same set of guidelines and procedures. upvoted 2 times Dan_26 4 months ago D. We have a centralized repository and thinking that'll create consistency? Don't make me laugh! No, create a team (smallish) and make them do it to tightly-defined parameters. upvoted 2 times 店 铺 ; 店 铺 ; 学 学 Yawannawanka 5 months 习 ago 习 小 小 repository that is easily The BEST action to foster a consistent and auditable incident response process is to publish the document in a central 店 店 accessible to the organization. By6making the document easily accessible, all employees can access the document and understand the incident 66 6 response process, ensuring consistency in the incident response process. Additionally, having a central repository makes it easier to audit the incident response process to ensure compliance with policies and regulations. upvoted 1 times MasterControlProgram 6 months ago Selected Answer: B B. Publish the document in a central repository that is easily accessible to the organization is the BEST action to foster a consistent and auditable incident response process. upvoted 2 times MasterControlProgram 6 months, 1 week ago Selected Answer: B B. Publish the document in a central repository that is easily accessible to the organization would be the BEST action to foster a consistent and auditable incident response process. By publishing the document in a central repository that is easily accessible to the organization, all members of the organization will have access to the incident response process and will be able to refer to it as needed. This will help ensure that the 淘宝店铺:https://shop63989109.taobao.com/ process is consistent and that all incidents are handled in the same way. Additionally, by making the process easily accessible, it will be easier to audit and ensure that it is being followed properly. upvoted 2 times seagnull 7 months, 1 week ago Selected Answer: B i work as a CIRT and document is a must-have so that your company's future CIRTs will process any future incidents the same as we are doing today. Consistency is the key + you can audit your new resources using the document. upvoted 4 times sarah2023 7 months, 3 weeks ago Selected Answer: D It´s clearly stated in the materials provided that the answer is D upvoted 1 times 店 店 铺 铺 Maybe quote ;the materials you're looking at and/or provide a reference. ; 学 学 upvoted 9 times 习 习 小 小 店3 weeks ago 店 DALLASCOWBOYS 7 months, 6 6 response is to publish the SOP where everyone can view the procedures. Now that66doesn't mean that B. The only way to foster a consistent TinyTrexArmz 7 months, 3 weeks ago everyone will follow the procedures competently. It is the BEST answer of the choices given. upvoted 3 times Sandon 8 months ago ChatGPT says it's B upvoted 3 times [Removed] 8 months, 1 week ago Selected Answer: B knowledge base or documentation for a consistent and auditable incident response process. upvoted 2 times RvR109 8 months, 1 week ago Selected Answer: B According to ChatGPT: B. Publish the document in a central repository that is easily accessible to the organization. Making the incident response process document easily accessible to the entire organization is the best way to foster a consistent and auditable incident response process. This ensures that everyone in the organization is aware of the process and is able to refer to it when needed. It also allows for easy updates and revisions to be made as needed, and for the document to be readily available for audits. Option A is not the best option as it could lead to a lack of consistency and understanding of the incident response process among new hires. Option C is not the best option as it could lead to siloed knowledge and inefficiency in incident response. Option D is not the best option as it does not ensure that everyone in the organization is aware of the incident response process and could lead to lack of consistency." upvoted 5 times asum 8 months, 1 week ago Selected Answer: D Incident response will typically require 24/7 availability, which will be expensive to provide. It is also worth considering that members of the CIRT should be rotated periodically to preclude the possibility of infiltration upvoted 2 times 店 铺 店 铺 ; ; scarceanimal学 7 months, 3 weeks ago 习auditable since only those members will be knowledgeable of the process 学习 inconsistent and not 小 小 upvoted 1 times 店 店 66 66 KingDrew 8 months, 2 weeks ago Selected Answer: B Answer is B, because despite users there will always be that same documentation to follow. upvoted 2 times LaoX 8 months, 3 weeks ago Selected Answer: B I am voting B because we need to address the "consistent and auditable" process. At the Point of writing this, Options B and D have 50% votes. Wow! upvoted 4 times 淘宝店铺:https://shop63989109.taobao.com/ 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #91 During a recent penetration test, the tester discovers large amounts of data were ex ltrated over the course of 12 months via the internet. The penetration tester stops the test to inform the client of the ndings. Which of the following should be the client's NEXT step to mitigate the issue? A. Conduct a full vulnerability scan to identify possible vulnerabilities. B. Perform containment on the critical servers and resources. C. Review the rewall and identify the source of the active connection. D. Disconnect the entire infrastructure from the internet. 店 店 铺 铺 ; ; 学 Correct Answer: B 学 习 小 店 Community vote distribution 66 B (92%) stoneface 习 小 Highly Voted 店 66 5% 1 year ago Selected Answer: B Perform containment on the critical servers and resources -> Isolation or containment is the first thing to do after an incident has been discovered upvoted 32 times [Removed] Highly Voted 9 months, 4 weeks ago Selected Answer: B If we follow Incident Response Process: 1) Preparation - hardening 2) Identification - detection 3) Containment :) 4) Eradication 5) Recovery 6) Lesson Learned So it has to be CONTAINMENT :) upvoted 15 times freyprey 1 week, 3 days ago Most Recent Selected Answer: A here is a quote from CompTIA study guide. The most recent : ,, Platform as a Service Platform as a service (PaaS) provides resources somewhere between SaaS and IaaS. A typical PaaS solution would provide servers and storage network infrastructure (as per IaaS) but also provide a multi-tier web application/database platform on top. This platform could be based on Oracle or MS SQL or PHP and MySQL. Examples include Oracle Database (oracle.com/database), Microsoft Azure SQL Database (azure. microsoft.com/services/sql-database), and Google App Engine (cloud.google.com/ appengine). As distinct from SaaS though, this platform would not be configured to actually do anything. Your own developers would have to create the software (the CRM or e-commerce application) that runs using the platform. The service provider would be responsible for the integrity and availability of the platform components, but you would be responsible for the security of the application you created on the platform. " SO reading this i think this debate is closed. The answer is SaaS although in practice things are a little more different. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 BigIshai 1 month, 3 weeks ago Selected Answer: B 66 小 店 66 I agree on containment because the pen tester already must have conducted a vulnerability assessment and in the course of pen testing would have the details- (identification) of what system the exfiltrated data is from hence the next step is to contain. upvoted 1 times Protract8593 2 months ago Selected Answer: B When the penetration tester discovers data exfiltration, the immediate concern should be to prevent further damage and limit the attacker's access. By performing containment on critical servers and resources, the client can isolate the affected systems from the rest of the network, preventing further data exfiltration and minimizing the impact of the breach. upvoted 1 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: B 淘宝店铺:https://shop63989109.taobao.com/ Performing containment involves isolating or segregating the affected servers and resources to prevent further unauthorized access or data exfiltration. This can be done by disconnecting the compromised systems from the network, disabling their access to sensitive data or critical resources, or implementing network segmentation to isolate the affected parts of the infrastructure. Containment is a crucial step to prevent the ongoing exfiltration and minimize the potential impact of the breach. By limiting the attacker's ability to access or extract sensitive information, the organization can mitigate the risk of further data loss or damage. upvoted 1 times Nippilous 6 months ago Selected Answer: B https://www.sciencedirect.com/topics/computer-science/containment-strategy upvoted 2 times MasterControlProgram 6 months ago Selected Answer: B 店 店 B. Perform containment on the critical servers and resources should be the client's NEXT step to mitigate the issue. upvoted 2 times 铺 铺 ; ; 学 学 习 习 [Removed] 9 months, 4 weeks ago 小 Process: If we follow Incident Response 店 66 1) Preparation - hardening 小 店 66 2) Identification - detection 3) Containment :) 4) Eradication 5) Recovery 6) Lesson Learned So it has to be CONTAINMENT :) upvoted 3 times Sarooor 10 months, 1 week ago Selected Answer: B Perform containment on the critical servers and resources -> Isolation or containment is the first thing to do after an incident has been discovered. upvoted 2 times Tjank 12 months ago Selected Answer: C following the Incident Response process: Preparation, Identification (detection), Containment, Eradication, Recovery, Post-Incident. Pen Tester would be the Preparation phase ( constantly new vulnerabilities) Identification is needed to know which systems are affected and the extend of the containment needed. Containment is next. you use what you have identified to know if you need to segment, isolate, or even shutdown completely. upvoted 3 times Tafari 12 months ago Selected Answer: A He stopped so he needs to finish so all vulnerable systems are contained upvoted 1 times i_bird 12 months ago read the question well.. it's the client that is the subject of the question, not the pen tester, and its asking for MITIGATION steps upvoted 2 times sujon_london 1 month, 2 weeks ago 店 铺 店 铺 I assume u got mistaken abt pentester doing test on behalf of client; so client perspective should tk initiative for containment. upvoted 1 times ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #92 A security analyst is designing the appropriate controls to limit unauthorized access to a physical site. The analyst has a directive to utilize the lowest possible budget. Which of the following would BEST meet the requirements? A. Preventive controls B. Compensating controls C. Deterrent controls D. Detective controls 店 店 铺 Correct Answer: D 铺 ; ; 学 Community vote distribution 习 小C (96%) 店 66 stoneface Highly Voted 学 习 小 店 2% 66 1 year ago Selected Answer: C This is a confusing one - > Without thinking too much, deterrent controls seems to be less expensive I hear you .... upvoted 48 times kingsAffection 1 year ago indeed a confusing one. but I agree deterrence will only use minimum controls to deter action. upvoted 2 times housecoatjapan 6 months ago I believe the keyword is a "physical site" upvoted 1 times banditring Highly Voted 11 months, 3 weeks ago Selected Answer: C a piece of paper with a crayon that says 'STAY OUT OF HERE" is the cheapest method if you ask me upvoted 44 times sandra001 8 months ago as funny as this sounds, yea it is the cheapest upvoted 6 times DALLASCOWBOYS 7 months, 3 weeks ago LOL good one. upvoted 2 times Gino_Slim 11 months ago This is the answer. Well for me at least. I wouldn't suggest you do this on the exam. upvoted 4 times 店 Protract8593 2 months ago Most Recent 铺 Selected Answer: C ; 店 铺 ; 学 学 Deterrent controls are measures designed to discourage potential attackers or unauthorized individuals from attempting to gain access to a physical site. These controls are often cost-effective and can be a more budget-friendly option compared to other control types. 习 习 小 店 66 小 店 66 Examples of deterrent controls include visible security cameras, warning signs, access control badges, security guards, and physical barriers like fences or gates. While deterrent controls may not physically prevent access, their presence can deter or discourage unauthorized individuals from attempting to breach the site. upvoted 2 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: C Deterrent controls are designed to discourage potential intruders or unauthorized individuals from attempting to gain access to a physical site. They focus on creating a perception of risk or increasing the effort required for unauthorized access. Deterrent controls are typically cost-effective and can be effective in preventing or reducing security incidents. upvoted 2 times twingods77 4 months ago God, who wrote these kinds of questions? upvoted 3 times Confuzed 5 months, 2 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: A Its impossible to say if deterrent or preventative controls would be cheaper. If a site has a single door, it may be cheaper to put a lock on, than to post signs. However the question said the control must LIMIT unauthorized access. Limit in this context is synonymous with restrict. While deterrents may reduce incidents of unauthorized access... they do nothing to actually limit/restrict it. upvoted 2 times fouserd 5 months, 2 weeks ago Selected Answer: C The best option for the security analyst to utilize the lowest possible budget would be deterrent controls. Deterrent controls are designed to discourage potential attackers from attempting to gain unauthorized access to a physical site. This can be achieved through the use of signs, fencing, and other physical barriers that make it clear that the site is protected and that unauthorized access is not permitted. This can be an effective way to prevent unauthorized access without requiring significant investment in more expensive security measures. upvoted 1 times 店 店 铺 铺 ; ago Invade 6 months 学 ; 学 习 习 小 小 店 店 Compensating controls are used 6 when the preferred control is not viable for one reason or the other. I think everyone is6misinterpreting this... lol. 6 its cheap 6 You cant just put poster banners cause Selected Answer: B upvoted 2 times bitezadusto 6 months ago Selected Answer: C think of it as having a sign in front of your house saying "we have security cameras installed by SecurityCameras Inc" upvoted 1 times rob_cherrywood 6 months, 3 weeks ago Selected Answer: C It's c upvoted 1 times MacheenZero 7 months ago Deterrent - Sign that reads ~stupid ass CompTIA questions inside, stay out~ upvoted 6 times gladtam 6 months ago Hahaha good one upvoted 1 times CTE_Instructor 6 months, 3 weeks ago That would deter me, for sure upvoted 1 times DALLASCOWBOYS 7 months, 3 weeks ago C. Deterrent controls would be the least expensive option. Examples would include signage, not monitored CCTV cameras. It does not prevent, but it may deter an attacker from taking action. upvoted 3 times [Removed] 8 months, 1 week ago Selected Answer: C deterrent control A type of security control that discourages intrusion attempts. upvoted 1 times 店 铺 ; 学 习 小 NovaWarrior 9 months, 1 week ago Selected Answer: C 店 66 店 铺 ; 学 习 小 店 66 To meet the requirement of utilizing the lowest possible budget, the security analyst should consider using deterrent controls. Deterrent controls are security measures that are designed to discourage potential attackers from attempting to gain unauthorized access to a site. These controls typically involve visible measures such as signage, fencing, and security guards, and are intended to make it clear to potential attackers that unauthorized access will not be tolerated. Deterrent controls are often less expensive than other types of controls, such as preventive or detective controls, and can be an effective way to limit unauthorized access without breaking the budget. upvoted 4 times Korokokokokoko 10 months, 1 week ago Selected Answer: C According to CompTIA handbooks Deterrent—the control may not physically or logically prevent access, but psychologically discourages an attacker from attempting an intrusion. This could include signs and warnings of legal penalties against trespass or intrusion. So this is the loweset possible budget. Also the question specify to limit unauthorized access, not prevent it entirely. Using Preventive controls will eliminate or reduce淘宝店铺:https://shop63989109.taobao.com/ unauthorized access but not the lowest on these categories while detective controls doesn't deter or prevent access but will identify and record any attempt or successful intrusion. upvoted 3 times Tomtom11 11 months, 2 weeks ago Selected Answer: D A detective control is one that facilitates the detection of a physical security breach. Detective controls act during an event, alerting operators to specific conditions. Alarms are common examples of detective controls. An IDS is an example of an IT security alarm that detects intrusions. upvoted 1 times Sklark 11 months ago Detective controls don't prevent acc4ess to a physical site. There's not information on operators being present 24/7 and not every facility has that. I'd be careful about reading into the question to make such assumptions on the circumstance. upvoted 1 times 店 店 铺 ; 铺 ; andrizo 11 months, 2 weeks ago 学 学 习 习 Does not sound cost-effective. I would go with preventive as secondary before detective. upvoted 2 times 小 小 店 店 66 comeragh 12 months ago 66 Selected Answer: C I would go with C here also. Example: video surveillance which would be cheaper option. upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #93 A company is looking to migrate some servers to the cloud to minimize its technology footprint. The company has 100 databases that are on premises. Which of the following solutions will require the LEAST management and support from the company? A. SaaS B. IaaS C. PaaS D. SDN 店 店 铺 Correct Answer: A 铺 ; ; 学 Community vote distribution 习 A (66%) Hewn Highly Voted 学 习 小 店 66 C (32%) 小 店 66 1 year ago Selected Answer: A I think this is one of those questions where real-life experience doesn't answer the question correctly here. The question seems to be focusing more on which form of cloud computing requires the LEAST amount of management (SaaS) with the database part of the question being filler. upvoted 40 times [Removed] 1 year ago Honestly I think you're right. PaaS requires management and resource allocation, and SaaS (database software for instance) wouldn't require nearly as much. upvoted 6 times db97 12 months ago I agree, real-life experience says "PaaS" but theory says "SaaS" lol upvoted 5 times YusufMadkour Highly Voted 1 year ago Selected Answer: C If they have 100 databases they need to migrate, then they will need a Platform. I don't see how the SaaS model can help with migrating databases to the cloud. upvoted 24 times stoneface 1 year ago I concur with this - an example of a Database service offered as a PaaS model is Azure SQL Database, is a fully managed platform as a service (PaaS. PaaS capabilities built into Azure SQL Database enable you to focus on the domain-specific database administration and optimization activities that are critical for your business. https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-database-paas-overview?view=azuresql upvoted 17 times scarceanimal 7 months, 3 weeks ago they need to migrate the servers. the database part is there to deter you. The question also calls for the least management which Saas answers for. upvoted 3 times 店 店 铺 铺 Recent 2 days, 15 hours ago Kurt43 Most ; ; 学 学and servers to the cloud. if you check out the definition of SaaS, I dont really know how that is an answer in migrating 100 databases 习 习 upvoted 1 times 小 小 店 店 6 66 6 freyprey 1 week, 3 days ago Selected Answer: A here is a quote from CompTIA study guide. The most recent : ,, Platform as a Service Platform as a service (PaaS) provides resources somewhere between SaaS and IaaS. A typical PaaS solution would provide servers and storage network infrastructure (as per IaaS) but also provide a multi-tier web application/database platform on top. This platform could be based on Oracle or MS SQL or PHP and MySQL. Examples include Oracle Database (oracle.com/database), Microsoft Azure SQL Database (azure. microsoft.com/services/sql-database), and Google App Engine (cloud.google.com/ appengine). As distinct from SaaS though, this platform would not be configured to actually do anything. Your own developers would have to create the software (the CRM or e-commerce application) that runs using the platform. The service provider would be responsible for the integrity and availability of the platform components, but you 淘宝店铺:https://shop63989109.taobao.com/ would be responsible for the security of the application you created on the platform. " SO reading this i think this debate is closed. The answer is SaaS although in practice things are a little more different. upvoted 1 times Abdul2107 4 weeks ago Selected Answer: C PaaS It's Platform, as you need to bring your database (install it on the cloud), it's not mentioned that you use some 3rd party ready DB. upvoted 1 times sujon_london 1 month, 2 weeks ago Selected Answer: A It’s a SaaS not PaaS upvoted 1 times 店 店 铺 铺 management' is added. From a purely theoretical standpoint, SaaS is the answer. plus the fact that the phrase 'least amount of; ; 学 学 :) 习 习 upvoted 1 times 小 小 店 店 6 66 Protract8593 2 months ago 6 AmesCB 1 month, 3 weeks ago Selected Answer: A SaaS is a cloud computing model where the cloud provider hosts applications and makes them available to users over the internet. In this model, the cloud provider takes care of managing the infrastructure, middleware, software, and data, allowing the company to focus solely on using the applications without worrying about the underlying maintenance and management. In the case of migrating databases to the cloud using SaaS, the company would not have to deal with database server administration, patching, backups, or other maintenance tasks. The cloud provider handles all of these aspects, making it the option that requires the least management and support from the company. upvoted 4 times sujon_london 1 month, 2 weeks ago Agreed to the point. Another justifying point is where PaaS and SaaS both available in the options SaaS should be selected as SaaS is niche option for migrating data bases into to the SaaS as a computer model. upvoted 1 times LeonardSnart 4 months, 1 week ago Selected Answer: C From this excerpt it sounds to me like PaaS would be correct "Platform as a service (PaaS) offers a business a computing platform—such as a Web application server or database server, for example—that it can use to provide services both internally and to customers on the Internet. Many online storefronts use this model to conduct business, rather than hosting on their own premises the physical servers, Web sites, databases, and applications. Again, the advantages of using this type of service are cost savings, no requirement to build and maintain the infrastructure on site, and the guarantee of around-the-clock availability—plus, the PaaS provider takes care of the patching and configuration work." -Mike Meyers Security+ Cert Guide SY0-601 upvoted 2 times Yawannawanka 5 months ago Option A (SaaS) and C (PaaS) will require the least management and support from the company. SaaS (Software as a Service) solutions are fully managed by the cloud provider, while PaaS (Platform as a Service) solutions provide a platform on which the company can deploy their applications, but the cloud provider manages the underlying infrastructure. Option B (IaaS) provides the company with more control over the infrastructure but will require more management and support from the company, including patching, updates, and security management. Option D (SDN) is a networking technology and not relevant to the question. Therefore, the BEST option for the company to require the LEAST management and support is either SaaS or PaaS. upvoted 1 times 店 Exlr8me 铺 5 months, 3 weeks ago ; 学 Selected Answer: A 习 小 SaaS it has to be A since PaaS follows 店 upvoted 2 times 66 店 铺 ; 学 习 小 店 66 sujon_london 1 month, 2 weeks ago Here PaaS is the base but SaaS is the answer upvoted 1 times MasterControlProgram 6 months ago Selected Answer: A A. SaaS will require the LEAST management and support from the company. SaaS (Software-as-a-Service) is a cloud computing model in which a third-party provider hosts applications and makes them available to customers over the internet. With SaaS, the third-party provider is responsible for managing and maintaining the infrastructure, platform, and software, which means that the company does not need to manage or support any of the underlying technology. upvoted 2 times Drealjesusfreak 6 months, 2 weeks ago I changed my answer because i got confused last minute. i chose Paas but i think its Saas. 淘宝店铺:https://shop63989109.taobao.com/ upvoted 1 times geekneek 6 months, 3 weeks ago Selected Answer: A The solution that will require the least management and support from the company to migrate 100 databases from on-premises to the cloud is A. SaaS, specifically by using a managed database service like Amazon RDS, Microsoft Azure SQL Database, or Google Cloud SQL. This is because the cloud provider manages the underlying infrastructure, minimizing management and support required by the company. upvoted 3 times TinyTrexArmz 7 months, 3 weeks ago Selected Answer: A There is not enough information provided to make an informed decision or even a good start of a project plan. Given the details of "some servers," "100 databases on-prem," and "least maintenance," I'm going to say SaaS. But technically, you can't migrate a server to SaaS. You move an application to SaaS. If you just want to lift and shift an on-prem server to "the cloud," then you'd be using IaaS. But I'm still going with SaaS on this very poorly written question. upvoted 1 times 店 店 铺 铺 ; ; TinyTrexArmz 学7 months, 3 weeks ago 学 习 习 here. Also, surely this isn't on小 the SY0-601 test, right?? This is a cloud architecture question. Nothing to do with Security 小 店 店 upvoted 1 times 66 66 CTE_Instructor 6 months, 3 weeks ago Security+ 601 Objective 2.2 Summarize virtualization and cloud computing concepts Cloud models - Infrastructure as a service (IaaS) - Platform as a service (PaaS) - Software as a service (SaaS) - Anything as a service (XaaS) - Public - Community - Private - Hybrid upvoted 4 times mhmtn 7 months, 3 weeks ago Selected Answer: A SaaS (sometimes called cloud application services) is cloud-hosted, ready-to-use application software. Users pay a monthly or annual fee to use a complete application from within a web browser, desktop client or mobile app. The application and all of the infrastructure required to deliver it - servers, storage, networking, middleware, application software, data storage - are hosted and managed by the SaaS vendor. upvoted 3 times DALLASCOWBOYS 7 months, 3 weeks ago C. Platform as a service. The CSP provider builds and manages the infrastructure, and offers customers an execution environment. PaaS includes multiple infrastructure components including servers, networking equipment, operating systems, storage services, middleware and databases. upvoted 3 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #94 Which of the following employee roles is responsible for protecting an organization's collected personal information? A. CTO B. DPO C. CEO D. DBA Correct Answer: B 店 店 铺 Community vote distribution ; 学 习 铺 ; 学 习 B (100%) 小 小 店 stoneface 店 66 Highly Voted 66 1 year ago Selected Answer: B A data protection officer (DPO) is an enterprise security leadership role required by the General Data Protection Regulation (GDPR). Data protection officers are responsible for overseeing a company's data protection strategy and its implementation to ensure compliance with GDPR requirements upvoted 24 times MorganB 4 months, 4 weeks ago Highly Voted This was on my exam. I took my exam 27, ARP 23. upvoted 11 times Protract8593 2 months ago Most Recent Selected Answer: B The Data Protection Officer (DPO) is responsible for protecting an organization's collected personal information and ensuring compliance with data protection regulations and policies. The DPO is a key role in ensuring that the organization handles personal data in a lawful and secure manner, protecting the privacy and rights of individuals whose data is collected and processed. upvoted 1 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: B The Data Protection Officer (DPO) is responsible for ensuring that an organization complies with data protection laws and regulations. This includes protecting the personal information collected by the organization. The DPO is responsible for developing and implementing policies and procedures related to data protection, conducting privacy impact assessments, monitoring data handling practices, and ensuring compliance with data protection regulations such as the General Data Protection Regulation (GDPR) in the European Union. upvoted 1 times MasterControlProgram 6 months ago Selected Answer: B B. DPO (Data Protection Officer) is responsible for protecting an organization's collected personal information. A DPO is responsible for ensuring an organization's compliance with data protection laws and regulations, including protecting the privacy rights of individuals whose personal information the organization collects and processes. This includes implementing appropriate technical and organizational measures to ensure the security of personal data and preventing unauthorized access, use, or disclosure. upvoted 2 times 店 Boubou480 8 months, 2 weeks ago 铺 ; Selected Answer: B 学 DPO is the right role upvoted 2 times 铺 ; 学 习 Sklark 11 months ago 店 习 小 店 66 小 店 66 Selected Answer: B You know if they would list the name of the acronym this would be an incredibly easy exam, but knowing the acronym is the answer here: Data Protection Officer (DPO). upvoted 5 times Boogie_79 1 year ago Selected Answer: B The answer is literally in the question DATA is the keyword! upvoted 3 times 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #95 Against the recommendation of the IT security analyst, a company set all user passwords on a server as `P@55w0rD`. Upon review of the /etc/passwd le, an attacker found the following: alice:a8df3b6c4fd75f0617431fd248f35191df8d237f bob:2d250c5b2976b03d757f324ebd59340df96aa05e chris:ea981ec3285421d014108089f3f3f997ce0f4150 Which of the following BEST explains why the encrypted passwords do not match? A. Perfect forward secrecy B. Key stretching C. Salting 店 店 铺 铺 ; D. Hashing ; 学 学 习 习 小 小 店 Correct Answer: C 店 66 Community vote distribution 66 C (100%) Boogie_79 Highly Voted 1 year ago Selected Answer: C Salting refers to adding random data to the input of a hash function to guarantee a unique output. The set password, in this case, is already hashed so to further secure it salting is the next step in cryptography i.e. adding more security to the password. Think of it as "salt bae" making it just that much better. upvoted 31 times MorganB 4 months, 4 weeks ago Highly Voted Passed my exam 27, April 23. This question was on my test. upvoted 6 times Protract8593 2 months ago Most Recent Selected Answer: C The reason the encrypted passwords do not match is due to the use of salting. In password hashing, salting involves adding a random value (the salt) to the password before hashing it. The salt value is unique for each user, which means even if two users have the same password, their hashed passwords will be different due to the different salt values. In the given scenario, the three encrypted passwords for Alice, Bob, and Chris do not match each other because each password is hashed with a different salt. This adds an extra layer of security and prevents attackers from easily identifying common passwords by looking at the hashed values. upvoted 2 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: C In password storage, salting is the practice of adding a random value (salt) to each password before hashing it. The salt is then stored alongside the hashed password. Salting enhances the security of stored passwords by introducing uniqueness to each password hash, even if two users have the same password. In the given scenario, the encrypted passwords do not match because each password has been salted before being hashed. This means that even though the original passwords were the same (P@55w0rD), the addition of a unique salt value resulted in different hashed representations for each user. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 mosher21 5 months ago Selected Answer: C 习 小 店 66 Why not key stretching tho? It well can be key stretching too. upvoted 1 times 小 店 66 MasterControlProgram 6 months ago Selected Answer: C The encrypted passwords do not match because of "Salting." Salting is a technique that adds a random string of characters to a password before hashing it, so that even if two users have the same password, their encrypted passwords will be different. This makes it more difficult for attackers to use precomputed tables of hashes to crack passwords. In the given scenario, if salting was not used, all users would have the same password hash, making it easy for an attacker to gain unauthorized access to all accounts by cracking just one password. upvoted 1 times ApplebeesWaiter1122 6 months, 3 weeks ago Selected Answer: C C, salt 淘宝店铺:https://shop63989109.taobao.com/ upvoted 1 times DALLASCOWBOYS 7 months, 3 weeks ago C. Salting. Salts eliminate the possibility that duplicate hashes are stored for different user accounts that have the same password. upvoted 1 times xxxdolorxxx 8 months, 1 week ago Selected Answer: C C all day long upvoted 1 times [Removed] 8 months, 1 week ago salt A security countermeasure that mitigates the impact of a rainbow table attack by adding a random value to ("salting") each plaintext input upvoted 1 times 店 铺 ; 店 铺 ; 学 学 习 Sklark 11 months ago 习 小 小 店 店 6 66 passwords to the same 6 IT recommendations" but can you imagine a company actually setting everyone's Haha I get that the question says "Against Selected Answer: C password? There would be no least privilege or admin credentials. Haha anyways the example is testing to see why hash values of the same password would be different and that would be done by adding salt which is an arbitrary or mathematical extra something to the password to give it a different value when hashed. upvoted 3 times Libraboy 11 months, 1 week ago Selected Answer: C different passwords have different hashes but in this case, the same password is used and the only way to achieve different outcomes is by salting...adding random data to the password (same or not) when hashing to change the stored hash value. upvoted 1 times [Removed] 1 year ago I'm no expert, but I believe the hashed passwords are actually stored in etc/shadow. Anyways, it's salting. upvoted 4 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #96 After gaining access to a dual-homed (i.e., wired and wireless) multifunction device by exploiting a vulnerability in the device's rmware, a penetration tester then gains shell access on another networked asset. This technique is an example of: A. privilege escalation. B. footprinting. C. persistence. D. pivoting. 店 店 铺 Correct Answer: D 铺 ; ; 学 Community vote distribution 习 学 习 小D (100%) 店 66 stoneface Highly Voted 小 店 66 1 year ago Selected Answer: D Pivoting -> The act of an attacker moving from one compromised system to one or more other systems on the network upvoted 35 times Protract8593 2 months ago Most Recent Selected Answer: D In the given scenario, the penetration tester gains access to a multifunction device with both wired and wireless interfaces. Then, after exploiting a vulnerability in the device's firmware, the tester gains shell access on another networked asset. This technique is an example of "pivoting." Pivoting is a method used by attackers or penetration testers to leverage their initial access to a compromised system or network to gain access to other systems within the same network. In this case, the attacker is using the compromised multifunction device as a pivot point to gain access to other networked assets. upvoted 1 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: D Pivoting is a technique used by attackers or penetration testers to move from one compromised system or network to another. In this scenario, the attacker gained access to a multifunction device through a vulnerability in its firmware. From there, they used that compromised device to gain shell access on another networked asset, essentially using the compromised device as a pivot point to access other systems or networks. upvoted 1 times MasterControlProgram 6 months ago Selected Answer: D This technique is an example of "pivoting". Pivoting is a technique used by attackers to move from one compromised system to another system on the same network, or to a different network, in order to expand their access and control. In this scenario, the attacker gained access to the multifunction device and then used that as a jumping-off point to gain shell access on another networked asset. This is an example of pivoting because the attacker used the initial compromise to "pivot" to another system and expand their access. upvoted 2 times xxxdolorxxx 8 months, 1 week ago Selected Answer: D 店 店 Pivoting is correct. upvoted 2 times 铺 铺 ; ; 学 学 习 Idkanything 10 months ago 习 小 店 Why not privilege escalation? upvoted 1 times 66 小 店 66 ApplebeesWaiter1122 2 months, 3 weeks ago privilege escalation, refers to the act of gaining higher levels of access or privileges on a system or network. While privilege escalation may occur during the attack process, it does not specifically describe the technique used in this scenario. upvoted 1 times applepieboy 8 months ago Nothing in the question implies the level of access the attacker has. They do however pivot to another device. upvoted 2 times xxxdolorxxx 8 months ago Priv Esc is more on the same machine. Going from a user to root. upvoted 5 times Jossie_C 10 months, 3 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: D Lateral movement AKA pivoting upvoted 2 times EDSAL 1 year ago answer is D Pivoting upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #97 Which of the following should be monitored by threat intelligence researchers who search for leaked credentials? A. Common Weakness Enumeration B. OSINT C. Dark web D. Vulnerability databases Correct Answer: C 店 店 铺 Community vote distribution ; 学 习 铺 ; 学 习 C (100%) 小 小 店 Protract8593 2 months ago 店 66 66 Selected Answer: C Threat intelligence researchers who search for leaked credentials should monitor the dark web. The dark web is a part of the internet that is not indexed by traditional search engines and is intentionally hidden and anonymous. It is a common platform for illegal activities, including the buying and selling of stolen data, including credentials. upvoted 1 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: C Threat intelligence researchers who search for leaked credentials should primarily monitor the dark web. The dark web refers to a part of the internet that is not indexed by traditional search engines and is often used for illicit activities. It is a common marketplace for buying and selling stolen data, including leaked credentials such as usernames and passwords. By monitoring the dark web, threat intelligence researchers can identify if any leaked credentials associated with their organization or clients are being traded or shared. This information can be crucial for organizations to take proactive measures to protect their systems and accounts from unauthorized access. upvoted 1 times MasterControlProgram 6 months ago Selected Answer: C Threat intelligence researchers who search for leaked credentials should monitor the "dark web". The dark web is a part of the internet that is not indexed by search engines and is accessible only through special software, such as Tor. It is often used for illegal activities, including the buying and selling of stolen data, such as login credentials. By monitoring the dark web, threat intelligence researchers can identify and track leaked credentials and other information that could be used for malicious purposes. upvoted 2 times scarceanimal 7 months, 3 weeks ago Selected Answer: C C wouldn't help too much at all really, but its the best choice lol. upvoted 4 times hieptran 8 months, 2 weeks ago Selected Answer: C C fo sho upvoted 1 times 店 铺 ; 学3 weeks ago Arcd3746 9 months, 习 小 Selected Answer: C 店 66 There's no better choice 店 铺 ; 学 习 小 店 66 upvoted 1 times Mewchan 1 year ago Selected Answer: C Darkweb https://www.hackers-arise.com/post/open-source-intelligence-osint-finding-breached-email-addresses-passwords-and-other-credentials upvoted 3 times 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #98 A security analyst needs to be able to search and correlate logs from multiple sources in a single tool. Which of the following would BEST allow a security analyst to have this ability? A. SOAR B. SIEM C. Log collectors D. Network-attached storage 店 店 铺 Correct Answer: B 铺 ; ; 学 Community vote distribution 习 学 习 小B (100%) 店 66 Gravoc Highly Voted 小 店 66 1 year ago Every single time I've seen the word correlate in questions, the answer has always been SIEM. From google: SIEM event correlation is an essential part of any SIEM solution. It aggregates and analyzes log data from across your network applications, systems, and devices, making it possible to discover security threats and malicious patterns of behaviors that otherwise go unnoticed and can lead to compromise or data loss. upvoted 16 times Fitzd Highly Voted 1 year ago SIEM has log repository and analysis capabilities that SOAR platforms typically do not. The SOAR has response capabilities that the SIEM does not upvoted 7 times scarceanimal 7 months, 3 weeks ago yep they're commonly used in conjunction for that reason. upvoted 1 times Protract8593 Most Recent 2 months ago Selected Answer: B A SIEM (Security Information and Event Management) system is designed to collect, store, and analyze log data from various sources in real-time. It allows security analysts to search and correlate logs from multiple sources in a single tool, enabling them to identify and respond to security incidents effectively. upvoted 2 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: B SIEM (Security Information and Event Management) systems are designed to collect, analyze, and correlate log data from various sources such as network devices, servers, applications, and security systems. They provide a centralized platform where logs can be ingested, normalized, and indexed for efficient searching and analysis. With a SIEM, security analysts can perform log searches, create custom queries, and apply correlation rules to identify patterns, anomalies, and potential security incidents. SIEMs also provide features like real-time monitoring, alerting, and reporting to help analysts detect and respond to security events effectively. upvoted 1 times 店 铺 ; 学 7 months, 3 weeks ago DALLASCOWBOYS 习 小 what a SIEM does and is. B. SIEM. This describes exactly店 66 upvoted 2 times 店 铺 ; 学 习 小 店 66 rhocale 9 months, 1 week ago this would not be SOAR just bc they dont want security prevention or automation correct? someone explain why not SOAR. upvoted 1 times Yebby 9 months, 3 weeks ago SIEM - Security Information and Event Management upvoted 3 times Knowledge33 11 months ago Selected Answer: B Log collectors are pieces of software that function to gather data from multiple independent sources and feed it into a unified source such as a SIEM. Log collectors only collects the logs. SIEM store all logs upvoted 3 times 淘宝店铺:https://shop63989109.taobao.com/ RonWonkers 1 year ago Selected Answer: B I believe it is SIEM upvoted 5 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #99 A security analyst is investigating suspicious tra c on the web server located at IP address 10.10.1.1. A search of the WAF logs reveals the following output: Which of the following is MOST likely occurring? 店 铺 铺 ; ; 学 A. XSS attack 店 学 习 习 小 店 B. SQLi attack 66 C. Replay attack 小 店 66 D. XSRF attack Correct Answer: B Community vote distribution B (100%) comeragh Highly Voted 1 year ago Selected Answer: B SQLi - the giveaway is 1=1 upvoted 25 times xxxdolorxxx 8 months, 1 week ago You are correct. upvoted 2 times rodwave Highly Voted 10 months, 2 weeks ago Selected Answer: B Answer: SQLi attack SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. The giveaway here is the 1=1 in the query which is essentially creating a condition that will automatically be true. ====================== Helpful Info: XSS (Cross-Site Scripting) attacks -a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Replay Attack - a kind of man-in-the-middle attack in which an attacker sniffs messages being sent on a channel to intercept them and resend them under the cloak of authentic messages. CSRF (Cross Sit Request Forgery)- attacks that target functionality that causes a state change on the server, such as changing the victim's email address or password, or purchasing something. upvoted 18 times 店 店 铺 铺 Protract8593;Most Recent 2 months ago ; 学 学 Selected Answer: B 习 习 小 小 server is likely vulnerable to In the provided logs, the presence of characters like -- and +OR+1=1-- in the requested URL indicates that the web 店 店 SQL code into the input SQL injection (SQLi) attacks. SQL 6 injection is a type of web application vulnerability where an attacker can inject malicious 66 6 the underlying database and potentially gain unauthorized access or extract sensitive fields of a web application to manipulate information. upvoted 1 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: B From Dion's material: If you see a 1=1 it is most likely a SQL injection upvoted 1 times MasterControlProgram 6 months ago Selected Answer: B The most likely attack occurring based on the provided information is a "SQLi attack" (SQL Injection attack). The second log entry indicates that the attacker is attempting to exploit a SQL injection vulnerability by appending a payload to the "category" parameter of the contact form. The payload "OR 1=1--" is a common technique used to bypass authentication or gain unauthorized access by modifying the SQL query to always return true. The double-dash "--" indicates the start of a comment in SQL, which helps the payload to avoid syntax errors. 淘宝店铺:https://shop63989109.taobao.com/ upvoted 1 times DALLASCOWBOYS 7 months, 3 weeks ago SQLi. Key is the 1=1 is the dead giveaway for the SQL injection attack upvoted 2 times hieptran 8 months, 2 weeks ago Selected Answer: B B - Typical SQL Injection payload upvoted 1 times Queenica 10 months ago I selected SQL Injection. However every SQL Statement Query starts with SELECT which is missing. Confused with the wording of the question. upvoted 1 times 店 店 RonWonkers 1 year ago 铺 铺 ; Selected Answer: B ; 学 学 习 1=1 so its SQLi upvoted 2 times 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #100 Which of the following components can be used to consolidate and forward inbound internet tra c to multiple cloud environments though a single rewall? A. Transit gateway B. Cloud hot site C. Edge computing D. DNS sinkhole 店 店 铺 Correct Answer: A 铺 ; ; 学 Community vote distribution 习 学 习 小A (100%) 店 66 stoneface Highly Voted 小 店 66 1 year ago Selected Answer: A VPC peering relationships can quickly become difficult to manage, especially if each VPC must interconnect in a mesh-like structure. A transit gateway is a simpler means of managing these interconnections. Essentially, a transit gateway is a virtual router that handles routing between the subnets in each attached VPC and any attached VPN gateways (aws.amazon.com/transit-gateway). upvoted 29 times kameel1221 Highly Voted 7 months, 3 weeks ago Hardest Question in Ohio upvoted 14 times Protract8593 Most Recent 2 months ago Selected Answer: A A transit gateway is a networking component that can be used to consolidate and forward inbound internet traffic to multiple cloud environments through a single firewall. It acts as a hub to connect multiple Virtual Private Clouds (VPCs) or cloud environments within the same cloud service provider or across different cloud service providers. The transit gateway allows organizations to centralize their network traffic and security controls for efficient management and security monitoring. upvoted 2 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: A A transit gateway is a networking construct that allows organizations to connect multiple virtual private clouds (VPCs), on-premises networks, and remote networks through a central hub. It acts as a transit point for network traffic, enabling the routing and forwarding of traffic between different network environments. By deploying a transit gateway, organizations can consolidate their inbound internet traffic from various sources, such as multiple cloud environments, and route it through a single firewall or security appliance. This centralizes the traffic management and allows for consistent security controls to be applied. upvoted 2 times ronniehaang 7 months, 3 weeks ago Selected Answer: A a transit gateway is a virtual router that handles routing between the subnets in each attached VPC and any attached VPN gateways upvoted 1 times 店 铺 ; 店 铺 ; 学 学 DALLASCOWBOYS 习 7 months, 3 weeks ago 习 小 小or cloud router. A. Transit gateway establishes a simple and seamless integration of VPCs and local systems through a centeral hub 店 店 upvoted 1 times 66 66 Jakalan7 1 year ago Selected Answer: A A is the only answer that makes sense here. upvoted 7 times 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #101 A DBA reports that several production server hard drives were wiped over the weekend. The DBA also reports that several Linux servers were unavailable due to system les being deleted unexpectedly. A security analyst veri ed that software was con gured to delete data deliberately from those servers. No backdoors to any servers were found. Which of the following attacks was MOST likely used to cause the data loss? A. Logic bomb B. Ransomware C. Fileless virus D. Remote access Trojans 店 店 铺 E. Rootkit 铺 ; ; 学 学 习 习 小 店 66 Community vote distribution A (86%) stoneface 小 店 Correct Answer: A Highly Voted 66 8% 1 year ago Selected Answer: A "software was configured to delete data deliberately from those servers" This could be achieved by a cronjob upvoted 26 times guestionme Most Recent 3 weeks, 2 days ago Rootkit seems right to me because the question says "system files being deleted." Does anyone know the actual answer? upvoted 1 times Protract8593 2 months ago Selected Answer: A A logic bomb is a type of malicious code or software that is intentionally inserted into a system and designed to execute a specific malicious action when certain conditions are met. In this scenario, the logic bomb was deliberately configured to delete data from the production server hard drives and Linux servers unexpectedly. It is important to note that logic bombs can be triggered by various conditions such as a specific date, time, or event, and they are intended to cause harm or damage to the targeted system or data. upvoted 2 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: A A logic bomb is a type of malicious code or script that is intentionally inserted into a system with the purpose of executing a harmful action at a specific time or when specific conditions are met. In this scenario, the deliberate deletion of data from the production server hard drives and the unexpected deletion of system files on the Linux servers indicate the presence of a logic bomb. upvoted 1 times MasterControlProgram 6 months ago Selected Answer: A The most likely attack used to cause the data loss is a "Logic bomb" attack. A logic bomb is a type of malicious code that is intentionally inserted into a software program or system with the intention of causing damage or destruction at a specific time or under specific conditions, such as a particular date or event. In this case, the fact that the software was configured to delete data deliberately from the servers indicates that a logic bomb may have been used to trigger the deletion. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 Mismomano 7 months ago 店 66 小 店 66 Selected Answer: E A rootkit allows someone to maintain command and control over a computer without the computer user/owner knowing about it. Once a rootkit has been installed, the controller of the rootkit has the ability to remotely execute files and change system configurations on the host machine. upvoted 1 times Boulet_Dude 6 months ago Wouldn’t a root kit create a back door? upvoted 6 times DALLASCOWBOYS 7 months, 3 weeks ago A. Logic bomb would suggest software was configured to be deleted data deliberately from the servers. upvoted 3 times Nirmalabhi 9 months, 3 weeks ago its a trap.I also first thought it was rootkit. but i ll 淘宝店铺:https://shop63989109.taobao.com/ go with logic bomb. Although no conditions specified, Q says it happened over weekend which means the software was configured to delete data automatically over the weekend. upvoted 4 times NerdAlert 6 months, 1 week ago I thought so too, but then I noticed "no backdoors were found" - rootkits are usually a type of backdoor upvoted 1 times Conejo_Negro 9 months, 3 weeks ago Selected Answer: C I believe the answer is C Fileless virus. Rootkits usually require a back door..question states no back door found..there no pattern or condition stated in the question..the “software was configured to delete data from those servers “ Fileless attacks usually attaches itself to legitimate software. https://www.trellix.com/en-us/security-awareness/ransomware/what-is-fileless-malware.html upvoted 3 times 店 Confuzed 5 months, 2 weeks ago 铺 店 铺 A fileless virus resides in memory... they wouldn't be able to say "software was configured" if it were a running process that did this. Software on the system was configured to do this, we can assume that it doesn't just keep doing this constantly, so it must have a trigger (time, event, etc), a trigger is logic. So it's a logic bomb. upvoted 1 times ; ; 学 学 习 习 小 小 店 Sandon 8 months ago 店 66 66 That ain't it upvoted 2 times [Removed] 9 months, 4 weeks ago Selected Answer: E I also sway to the ROOTKIT. "no BACKDOOR was found" <---- rootkit hides its presence that why no backdoor was found. The term ROOTKIT derives from UNIX/Linux where any process running as root has unrestricted access to everything from the root of the file system down. upvoted 1 times NerdAlert 6 months, 1 week ago rootkits are usually a type of backdoor upvoted 1 times Sandon 8 months ago That ain't it upvoted 1 times Jossie_C 10 months, 3 weeks ago Key word is deliberately, i.e., intentionally. It's a trap upvoted 1 times EDSAL 1 year ago A Logic bomb upvoted 1 times gen2dee 1 year ago "software was configured" upvoted 2 times WondaByte 1 year ago Correct Answer E Rootkit fits the answer to the question. A condition has to be true for Logic Bomb to occur which in this case isn't there. Correct Answer E upvoted 3 times 店 铺 ; 店 铺 ; 学 学 Orean 10 months,习 3 weeks ago 习 小 小 and time—such as the The condition could be time-based, meaning the logic bomb might have been set to activate at a specified date店 店 weekend of the data wipe. 66 66 upvoted 3 times Gino_Slim 11 months ago Hey everyone, this is NOT the right answer. upvoted 2 times Halaa 1 year ago But no BACKDOOR was found. upvoted 4 times Boogie_79 1 year ago Selected Answer: A Its simply LOGIC upvoted 2 times 淘宝店铺:https://shop63989109.taobao.com/ 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #102 Digital signatures use asymmetric encryption. This means the message is encrypted with: A. the sender's private key and decrypted with the sender's public key. B. the sender's public key and decrypted with the sender's private key. C. the sender's private key and decrypted with the recipient's public key. D. the sender's public key and decrypted with the recipient's private key. Correct Answer: A 店 店 铺 Community vote distribution ; 学 A (85%) 习 小 店 stoneface 铺 ; 学 习 Other 小 店 66 Highly Voted 66 1 year ago In order to verify the authenticity of a digital signature we need to encrypt the initial message with the sender's private key. The receiver then can verify the authenticity by decrypting the message with the sender's public key. https://docs.huihoo.com/globus/gt4-tutorial/ch09s03.html upvoted 38 times Knowledge33 Highly Voted 11 months ago Selected Answer: A There are 2 general ways to use asymetric algorithm. 1 - For communication between 2 hosts: If bob sends a message to Alice, bob uses Alice's public key to encrypt the message, and Alice uses her private key to decrypt the message. 2 - For digital signature/Authentication: If ALice need to authenticate Bob, BOB uses his private key to sign the message, and Alice uses the public key of bob to decrypt the message. This process help to make sure the signature is owned by Bob. On this example, A is totally correct. upvoted 25 times Xynned 2 months, 3 weeks ago Didn't knew there were different usage for asymmetric cryptography in terms of mail usage. Was only aware of S/MIME which uses recipient's public key to encrypt the message and uses the recipient's private key to decrypt. Thanks for this info! upvoted 1 times scarceanimal 7 months, 3 weeks ago I NEVER KNEW THIS wow ty upvoted 3 times lamrine04 Most Recent 1 month, 3 weeks ago Selected Answer: B From ChatGPT: The correct answer is B. the sender's public key and decrypted with the sender's private key. In digital signatures, the message is first hashed (using a cryptographic hash function) to generate a fixed-length digest. Then, this digest is encrypted with the sender's private key to create the signature. The recipient of the message can then verify the signature by decrypting it using the sender's public key, which should result in the same hash value. If the decrypted hash matches the hash value calculated from the received message, it confirms the integrity of the message and the authenticity of the sender. 店 店 铺 铺 ; ; 学 学 习 习 So, digital signatures use asymmetric encryption in such a way that the message is encrypted with the sender's private key and decrypted with the sender's public key for verification. upvoted 1 times 小 店 66 小 店 66 TuanDinh 4 weeks ago chat GPT sometime stupid upvoted 5 times Protract8593 2 months ago Selected Answer: A Digital signatures use asymmetric encryption, but when it comes to signing a message or file with a digital signature, the process is as follows: A. The sender's private key is used to encrypt the hash or digest of the message, and the recipient uses the sender's public key to decrypt the hash or digest and verify the authenticity of the signature. So, for digital signatures, the correct answer is A. upvoted 1 times Aleem001 2 months, 1 week ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: B Digital signatures use asymmetric encryption. This means the message is encrypted with: A. the sender's private key and decrypted with the sender's public key. Most Voted B. the sender's public key and decrypted with the sender's private key. C. the sender's private key and decrypted with the recipient's public key. D. the sender's public key and decrypted with the recipient's private key. ChatGPT B. the sender's public key and decrypted with the sender's private key. upvoted 1 times sirpsionics 2 months ago I find it sorta funny that Bard and Bing give the answer as C. Given that I am having a hard time understanding how things work, I have no clue if the answer is A, B, or C. upvoted 1 times 店 店 铺 铺 ; ; 学 学 ApplebeesWaiter1122 习2 months, 3 weeks ago 习 小 小 Selected Answer: A 店 店 6 66 by the sender. This The purpose of using the sender's 6 private key for encryption is to create a unique digital signature that can only be generated provides authenticity and non-repudiation, as only the sender possessing the corresponding private key can create a valid signature. The recipient can then decrypt the signature using the sender's public key to verify the integrity and authenticity of the message. upvoted 1 times Dutch012 4 months, 2 weeks ago guys it's B the sender encrypts the message with your public key and you decrypt it by using your private key, your public key is shared with others, and they can not decrypt the message with your public key. upvoted 2 times RobbieT 5 months ago The key thing here is signature. You sign with your private key. upvoted 1 times mkimchi 5 months, 2 weeks ago These answer choices are worded wrong. Asymmetric encryption uses two keys: public and private. Anything encrypted with the public key can only be decrypted with the matching private key. Anything encrypted with the private key can only be decrypted with the matching public key. For digital signatures, to send the message with encryption, you use the sender’s private key and decrypt the message with the sender’s public key. upvoted 3 times MGMKING 5 months, 2 weeks ago asymmetric encryption Also called public key cryptography, a data encryption system that uses two mathematically derived keys to encrypt and decrypt a message—a public key, available to everyone, and a private key, available only to the owner of the key. upvoted 1 times MGMKING 5 months, 2 weeks ago Asymmetric Encryption Also called public key cryptography, a data encryption system that uses two mathematically derived keys to encrypt and decrypt a message—a public key, available to everyone, and a private key, available only to the owner of the key. Make your own assumptions per the above definition. upvoted 1 times 店 monzie 5 months, 4 weeks ago 铺 Selected Answer: B ; 学 店 铺 ; 学 B. The sender's public key is used to encrypt the message, and the sender's private key is used to decrypt the message. 习 习 小 Digital signatures use asymmetric their 店 encryption to ensure authenticity and integrity of a message. The sender uses 小 店private key to encrypt a 66 which verifies the digital signature that is appended6to the message. The recipient uses the sender's public key to decrypt the digital signature, 6 authenticity and integrity of the message upvoted 2 times PenTestKing 7 months ago A is correct for digital signature, B would be for messaging upvoted 1 times DALLASCOWBOYS 7 months, 3 weeks ago A. If the sender wants to digitally sign a message(Bob), Bob encrypts the message using his private key. When the recipient(Judy) receives the digitally signed message, Judy decrypts the digital signature using Bob's public key. upvoted 1 times carpathia 10 months ago Selected Answer: A 淘宝店铺:https://shop63989109.taobao.com/ This question is wonky. They mention 'message encryption' which is encrypt with recepient's public certificate (key) and decrypt with recepient's private key (cert). Instead encryption they should have written SIGN. But I am guessing is A as in sign an email. upvoted 1 times Queenica 10 months ago Assymetric Key My PRIVATE KEY is MINE. Not Shared with anyone. Message I encrypt with MY PRIVATE KEY. I send MY PUBLIC KEY to You. Message reaches you You Decrypt with MY PUBLIC KEY. upvoted 9 times NerdAlert 6 months, 1 week ago thank you upvoted 1 times 店 Sir_Learnalot 10 months, 2 weeks ago 铺 ; 店 铺 ; 学 digital signatures are used the习 private key. Everybody with the 习 to verify authenticity and non-repudiation, as only the real sender would have 学 小 小 senders public key could decrypt the message and therefore validate that it really comes from the original sender 店 店 upvoted 2 times 66 66 Selected Answer: A cutemantoes 6 months, 1 week ago This whole thing has been confusing to understand and yours is the one that makes sense to me. TY! upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #103 A security engineer was assigned to implement a solution to prevent attackers from gaining access by pretending to be authorized users. Which of the following technologies meets the requirement? A. SSO B. IDS C. MFA D. TPM 店 店 铺 Correct Answer: C 铺 ; ; 学 Community vote distribution 习 学 习 小C (100%) 店 66 小 店 66 mm777 1 month, 2 weeks ago What about SSO? MFA is authentication not authorization technology upvoted 2 times Copmp 1 month, 1 week ago The attackers are trying to get in by pretending to be someone who is allowed right? SSO doesnt help to prevent attackers from fooling the system. SSO is just using username and password often in a federation setting. MFA makes the attacker have two different things to sign on (such as password and fingerprint). So MFA would be the answer upvoted 1 times Protract8593 2 months ago Selected Answer: C Multi-Factor Authentication (MFA) is a security mechanism that requires users to provide two or more forms of identification before gaining access to a system. It is designed to prevent attackers from gaining access by pretending to be authorized users because they would need to provide multiple pieces of evidence to prove their identity. upvoted 2 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: C MFA adds an extra layer of security by requiring users to provide multiple forms of identification or verification before accessing a system or application. It typically combines something the user knows (such as a password), something the user has (such as a physical token or mobile device), or something the user is (such as biometric data) to authenticate their identity. By implementing MFA, even if an attacker manages to obtain or guess a user's password, they would still need the additional factor (such as a physical token or biometric data) to successfully authenticate as the authorized user. upvoted 1 times DALLASCOWBOYS 7 months, 3 weeks ago C. Multifactor authentication. upvoted 2 times comeragh 1 year ago Selected Answer: C 店 铺 C - Multi Factor Authentication (MFA) upvoted 3 times ; 学 Josh_Feng 习 1 year ago Selected Answer: C 小 店 66 C is correct since MFA = harder to impersonate due to having multifactor authentication. upvoted 4 times 店 铺 ; 学 习 小 店 66 Papee 11 months, 1 week ago is MFA a technology ? upvoted 1 times EubertT 10 months, 2 weeks ago YEs MFA is a technology. Multifactor authentication (MFA) is a security technology that requires multiple methods of authentication from independent categories of credentials to verify a user's identity for a login or other transaction. upvoted 2 times 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #104 The Chief Information Security O cer (CISO) has requested that a third-party vendor provide supporting documents that show proper controls are in place to protect customer data. Which of the following would be BEST for the third-party vendor to provide to the CISO? A. GDPR compliance attestation B. Cloud Security Alliance materials C. SOC 2 Type 2 report D. NIST RMF workbooks 店 店 铺 Correct Answer: C 铺 ; ; 学 Community vote distribution 习 学 习 小 店 C (76%) Nirmalabhi Highly Voted 66 小 店 A (24%) 66 9 months, 3 weeks ago Do not overthink. The question is simply on auditing.. note the words in the question. "...has requested that a third-party vendor provide supporting documents." Hence the correct answer is indeed SOC 2. See below directly from Professer messer notes: If your organization has undergone an audit, then you’re probably familiar with the SSAE SOC 2 types I and II. This is from the American Institute of Certified Public Accountants, or the AICPA. It’s an auditing standard called the Statement on Standards for Attestation Engagements number 18, or SSAE 18. During these audits, there’s a series of reports that are created, and the name for the suite of reports that are associated with trust services criteria, or security controls, is the SOC 2, that’s the System and Organization Controls number two. This audit focuses on topics that can include firewalls, intrusion prevention, or intrusion detection, or multi-factor authentication. upvoted 14 times stoneface Highly Voted 1 year ago I am split between SOC Type 2 and GDPR compliance -> SOC Type 2 -> A SOC 2 Type 2 report is an internal controls report capturing how a company safeguards customer data and how well those controls are operating. Companies that use cloud service providers use SOC 2 reports to assess and address the risks associated with third party technology services. GDPR Compliance Attestations -> ATC 315 also helps mature your internal controls over GDPR compliance and can help you manage GDPR compliance risk beyond what internal risk assessments and audits provide. ATC 315 can identify deficiencies in internal controls, pinpoint areas for improvement, and will strengthen your organization’s GDPR compliance posture. It seems that SOC Type 2 Report better matches the requirement. I listen to you ... upvoted 7 times DriftandLuna 1 month, 3 weeks ago yes - If i am unsure i usually only use GDPR if Europe is mentioned. upvoted 1 times andrizo 11 months, 2 weeks ago gdpr only applies to collection of consumer data in europe upvoted 1 times KetReeb 1 year ago 店 店 铺 铺 SOC Type 2 Report would verify that the vendor is an organization that maintains a high level of information security. upvoted 1 times ; ; 学 Protract8593 Selected Answer: C 习 小 2 months ago 店 66 Most Recent 学 习 小 店 66 A SOC 2 (Service Organization Control 2) Type 2 report is a widely recognized report that provides assurance about the controls and security measures implemented by a service organization. It is designed to evaluate a service provider's controls relevant to security, availability, processing integrity, confidentiality, and privacy. The SOC 2 Type 2 report specifically assesses the effectiveness of these controls over a specified period of time. Given that the Chief Information Security Officer (CISO) is requesting supporting documents to show proper controls in place to protect customer data, a SOC 2 Type 2 report would be the best choice. This report demonstrates that the third-party vendor has undergone an independent audit of its controls, providing valuable information about its security practices and compliance with industry standards. upvoted 1 times LiteralGod 2 months, 1 week ago Selected Answer: A GDPR specifically relates to customer data so that's what I went with. The question doesn't mention the EU, but it also doesn't mention anywhere outside of the EU. 淘宝店铺:https://shop63989109.taobao.com/ upvoted 1 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: C A SOC 2 (System and Organization Controls 2) report is a widely recognized standard for evaluating and reporting on the effectiveness of an organization's controls related to security, availability, processing integrity, confidentiality, and privacy. A Type 2 report specifically covers a specified period of time and provides more in-depth information about the design and effectiveness of controls. By providing a SOC 2 Type 2 report, the third-party vendor can demonstrate that they have undergone a comprehensive assessment of their controls by an independent auditor and that they have implemented appropriate measures to protect customer data. upvoted 1 times LeonardSnart 4 months, 1 week ago Selected Answer: C "...[T]he System and Organization Controls (SOC) 2 report covers organizational cybersecurity controls. The auditor creates the SOC 2 report after evaluating an organization’s security controls. The SOC 2 report indicates that the organization is SOC 2 compliant and gives customers a level of assurance that the organization has adequate security controls in place. SOC 2 addresses five trust service principles: confidentiality, integrity, availability, security, and privacy. • SOC 2 Type II. The Type II report describes an organization’s systems and covers security controls’ operational effectiveness over a range of dates, such as 12 months. In this context, operational effectiveness refers to how well the security controls worked when mitigating risks during the range of dates. Soc 2 Type 2 compliance gives a higher level of assurance than SOC 2 Type I." Security+ SY0-601 Get Certified Get Ahead by D. Gibson upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 66 mosher21 5 months ago Selected Answer: C A SOC 2 Type 2 report is an internal controls report capturing how a company safeguards customer data and how well those controls are operating. Companies that use cloud service providers use SOC 2 reports to assess and address the risks associated with third party technology services. https://www.onelogin.com/compliance/soc-2-type-2 upvoted 1 times Drealjesusfreak 6 months, 2 weeks ago this is one of those questions that just throw you of then cent. upvoted 1 times DALLASCOWBOYS 7 months, 3 weeks ago C. In the SOC 2 Type report, the auditor confirms that the controls are functioning properly. upvoted 2 times atrax 10 months, 2 weeks ago Selected Answer: C I work in GRC and third party vendonrs provides a soc2 report. GDPR is almost a law where they stated they compliance, but its never audited/certified upvoted 3 times Knowledge33 10 months, 2 weeks ago Selected Answer: A The SOC 2 is a separate report that focuses on controls at a service provider relevant to security, availability, processing integrity, confidentiality, and privacy of a system. GDPR is the unique possible response, even though It's only applied in EU. The other responses are not related to client data. upvoted 3 times Gravoc 1 year ago 店 店 GDPR only applies when the entity operates or collects data in any EU country. This question doesn't specify if the personal information in question belongs to an EU member country. Therefore, we can eliminate option A. If the question stated anything at all about Europe, it would be A. Since it didn't, It's SOC 2 Type 2 is the correct answer. 铺 铺 ; ; 学 学 习 习 小 小 It's basically a modernized security audit that occurs usually at a minimum of every 6 months. A 3rd party supplying the results from its internal SOC 2 Type 2 audit would provide the required supporting documents to satisfy the CISO. upvoted 2 times 店 66 redsidemanc2 1 year ago Selected Answer: C GDPR related to EU nothing in question to say they are in EU. SOC type 2 : tests security controls in place upvoted 6 times ScottT 1 year ago https://www.itgovernance.co.uk/soc-reporting upvoted 1 times 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #105 Which of the following is assured when a user signs an email using a private key? A. Non-repudiation B. Con dentiality C. Availability D. Authentication Correct Answer: A 店 店 铺 Community vote distribution ; 学 A (90%) 习 小 店 IQ30 Highly Voted 1 year ago 铺 ; 学 习 10% 小 店 66 66 Selected Answer: A Professor Messer notes • Non-Repudiation – Confirm the authenticity of data – Digital signature provides both integrity and non-repudiation upvoted 23 times guestionme Most Recent 3 weeks, 2 days ago Non-repudiation is a legal concept that's widely used in information security and refers to a service, which provides proof of the origin and integrity of data. A, No? upvoted 1 times zygmunt 1 month, 2 weeks ago In the chapter for digital signatures in CompTIA's Certmaster Learn for Security+, only authentication and integrity are mentioned. I don't doubt non-repudiation is also proved (a later page even states non-repudiation is linked to authentication), but I'm going to go with authentication here. upvoted 2 times Protract8593 2 months ago Selected Answer: A When a user signs an email using a private key, it provides assurance of non-repudiation. Non-repudiation is the property that ensures the sender of a message cannot deny sending it. By signing the email with their private key, the sender creates a digital signature that can only be decrypted and verified with their corresponding public key. This process ensures that the sender's identity is authenticated and cannot be denied later, providing non-repudiation. upvoted 2 times ApplebeesWaiter1122 2 months, 3 weeks ago Selected Answer: A It could be A or It could be D. Another Comptia-esque question. Looking at Messer's notes for section 2.8 he states that Non-Repudiation can authentic and provides integrity upvoted 1 times 店 fouserd 5 months, 1 week ago 铺 Selected Answer: D; 店 铺 ; 学 学 D. Authentication is assured 习 when a user signs an email using a private key. 习 小 店 a private key, it provides a digital signature that verifies the authenticity of the 小 店and the sender. This process When a user signs an email using email 6 66tampered with during 6 ensures that the recipient can be confident that the email is from the claimed sender, and that the message has not been transit. Authentication is the process of verifying the identity of a user or entity, and in this case, the digital signature provides this verification. Therefore, the correct answer is D. Authentication. Note that signing an email with a private key does not necessarily provide confidentiality (B) or availability (C), as these are separate aspects of information security that require different measures to achieve. Non-repudiation (A) is related to authentication, but it refers specifically to the inability of the sender to deny having sent the message once it has been signed with their private key. upvoted 3 times TheGuitarMan_61 5 months, 2 weeks ago when a sender signs a message with their private key, they guarantee the message's authenticity, illustrating that they were indeed the message's source. And in this way, the sender's public key, which the recipient has access to, is the sole method of decrypting the sender's message. After the Email is sent then "A". upvoted 1 times goodmate 6 months ago 淘宝店铺:https://shop63989109.taobao.com/ It seems answer D. Non-repudiation. The sender cannot later deny sending the message. This is sometimes required with online transactions. For example, imagine Homer sends an order to sell stocks using a digitally signed email. If the stocks increase after his sale completes, he can’t deny the transaction. Source: Darill Gibson, CompTIA Security+:Get Certified Get Ahead SY0-501 Study Guide upvoted 1 times Omi0204 6 months, 1 week ago Message signing, on the other hand, uses the sender's private key to sign the message, and his or her public key is used to read the signature. Message signing helps ensure data integrity, message authentication, and non-repudiation. So Option A and D both are correct. :) upvoted 2 times cutemantoes 7 months ago I agree that its A. However, it states "what is assured when a user signs an email..", it doesnt say if it was sent. Just that it was signed. CompTIA is more than likely going to do answer D. Knowing them, they'd do that. upvoted 3 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 DALLASCOWBOYS 7 months, 3 weeks ago 店 店 A. Non-repudiation. It is a concept that the sender cannot deny that they sent the message. upvoted 1 times 66 66 Gravoc 1 year ago Non Repudiation is your virtual John Hancock. It's a way of virtually stamping any data or document with "I am who I say I am". Only way to break this would be if the private key owners' private key became compromised. Which at that point you got bigger problems than Non Repudiation. upvoted 3 times Gino_Slim 11 months ago "John Hancock" is another way of saying "signature" for those that don't know upvoted 2 times EDSAL 1 year ago A- Non Repudation confirms that the signature comes from what it sayst it comes upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #106 A systems administrator is troubleshooting a server's connection to an internal web server. The administrator needs to determine the correct ports to use. Which of the following tools BEST shows which ports on the web server are in a listening state? A. ipcon g B. ssh C. ping D. netstat 店 店 铺 Correct Answer: D 铺 ; ; 学 Community vote distribution 习 小D (96%) 店 66 Gino_Slim Highly Voted 学 习 4% 小 店 66 11 months ago Selected Answer: D Answer is D A. ipconfig - Just shows you the IP information for your current machine B. ssh - this is used for file transfers (ftp etc etc) C. ping - this is just to reach out to a node to get a response from it These are simple ways of explaining. Don't come behind me and getting real granular super duper tech people -_upvoted 35 times scarceanimal 7 months, 3 weeks ago thanks gino slim! upvoted 1 times rodwave 10 months, 2 weeks ago the explanations are perfectly fine upvoted 4 times comeragh Highly Voted 1 year ago Selected Answer: D Netstat shows listening ports upvoted 9 times Protract8593 Most Recent 2 months ago Selected Answer: D The netstat command is a network utility used to display network connections, routing tables, and network interface statistics on a system. It can show which ports on the web server are in a listening state, allowing the systems administrator to troubleshoot the server's connection to the internal web server. upvoted 1 times ApplebeesWaiter1122 2 months, 3 weeks ago 店 店 铺 铺 ports, and related network statistics. By Netstat (Network Statistics) is a command-line tool used to display active network connections, listening ; ; (numeric format), the administrator can using the appropriate 学 command-line parameters, such as "-a" (all connections and listening ports) or "-n" 学 习ports on the web server that are in a listening state. 习 obtain a list of all open 小 小 店 店 Options A, B, and C are not relevant 66for determining the open ports on a web server: 66 Selected Answer: D ipconfig is a command-line tool used to display IP configuration information on a local system, such as IP address, subnet mask, and default gateway. It does not provide information about open ports on a remote web server. ssh (Secure Shell) is a network protocol used for secure remote access to systems. It is not specifically designed to display open ports on a web server. ping is a utility used to test the connectivity and reachability of a network host using Internet Control Message Protocol (ICMP). It does not provide information about open ports on a web server. upvoted 1 times MasterControlProgram 6 months ago Selected Answer: D The tool that BEST shows which ports on a server are in a listening state is netstat. Therefore, the correct answer is D. upvoted 1 times Ahmed_aldouky 6 months, 3 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: D The correct answer is D. netstat. Netstat is a command-line tool that displays information about network connections and network statistics. It can be used to show which ports on a server are in a listening state, among other things. This information can be very useful for troubleshooting network issues. A. ipconfig is a command-line tool that displays network configuration information for a computer. It does not show which ports on a web server are in a listening state. B. ssh is a network protocol that allows secure remote access to a server. It does not show which ports on a web server are in a listening state. C. ping is a command-line tool that tests network connectivity between two devices. It does not show which ports on a web server are in a listening state. upvoted 2 times T4IT 8 months ago 店 店 铺 铺 Selected Answer: A ; Netstat is correct upvoted 2 times ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #107 Which of the following BEST reduces the security risks introduced when running systems that have expired vendor support and lack an immediate replacement? A. Implement proper network access restrictions. B. Initiate a bug bounty program. C. Classify the system as shadow IT. D. Increase the frequency of vulnerability scans. 店 店 铺 Correct Answer: A 铺 ; ; 学 Community vote distribution 习 小A (96%) 店 66 Jakalan7 学 习 小 店 4% 66 1 year ago Highly Voted Selected Answer: A A is the only answer that makes sense here. upvoted 11 times Papee 11 months, 1 week ago I agree. Network segmentation. upvoted 4 times 03allen 10 months, 2 weeks ago I don't think A means network segmentation. upvoted 1 times Ranaer Highly Voted 8 months ago Selected Answer: A We are asked to REDUCE risk. A. Implement proper network access restrictions. - This more or less reduces risk by limiting who has access to the legacy system. B. Initiate a bug bounty program. - We dont need that, since its a legacy system, which we havent developed. We most likely cannot patch this anyway. C. Classify the system as shadow IT. - Irrelevant to the question. D. Increase the frequency of vulnerability scans. - As in B, us knowing that issues exist, wont help us much, since we cannot patch the system. upvoted 9 times Protract8593 2 months ago Most Recent Selected Answer: A Implementing proper network access restrictions helps to reduce the security risks associated with running systems that have expired vendor support and lack an immediate replacement. By restricting network access, unauthorized parties are less likely to exploit vulnerabilities in the unsupported systems. This is a proactive approach to limit potential risks until a more permanent solution can be implemented. upvoted 1 times ApplebeesWaiter1122 2 months ago Selected Answer: A 店 店 Implementing proper network access restrictions is the best option to reduce the security risks introduced by running systems that have expired vendor support and lack an immediate replacement. By limiting the network access of these systems, you can minimize their exposure to potential threats from the internet or unauthorized users. This reduces the attack surface and helps mitigate the risk of security breaches and vulnerabilities. upvoted 1 times 铺 铺 ; ; 学 学 习 习 小 mosher21 5 months ago 店 66 小 店 66 Selected Answer: A AKA airgap them. upvoted 1 times monzie 5 months, 4 weeks ago Selected Answer: D D. Increase the frequency of vulnerability scans would be the BEST option to reduce the security risks introduced when running systems that have expired vendor support and lack an immediate replacement. When vendor support for a system has expired, it is no longer receiving security updates or patches from the vendor. This leaves the system vulnerable to known and unknown vulnerabilities. Increasing the frequency of vulnerability scans allows for the identification and remediation of any vulnerabilities that may be present. By identifying vulnerabilities earlier, the organization can take action to minimize the risk of exploitation. upvoted 1 times Confuzed 5 months, 2 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ I would agree except that if you do identify a new vulnerability you cannot remediate it so increasing the scans will only increase the risks that you must accept and do nothing to mitigate them. upvoted 2 times TinyTrexArmz 7 months, 2 weeks ago Maybe it's my lack of imagination, but I can't think of a case where you wouldn't Implement proper network access restrictions by default even on a system with vendor support still active and can be immediately replaced. upvoted 2 times mick1 9 months, 3 weeks ago I would say D - as system is not changing role, and in ANY use case, network access should be minimized (or at least planned for system) - so if i don't want to change device role, just reduce risk, I would go with more scans. upvoted 1 times 店 店 铺 铺attack not reduce the probability of chance of Unfortunately that doesn't reduce the risk, they can still attack, and the scans will only detect that ; ; it happening. I choose 学 A. 学 习 习 upvoted 2 times 小 小 店 店 Jossie_C 10 months, 3 weeks ago66 66 KingDrew 8 months, 1 week ago Prevent the computer from connecting to the internet where the bad guys are upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #108 Due to unexpected circumstances, an IT company must vacate its main o ce, forcing all operations to alternate, off-site locations. Which of the following will the company MOST likely reference for guidance during this change? A. The business continuity plan B. The retention policy C. The disaster recovery plan D. The incident response plan 店 店 铺 Correct Answer: A 铺 ; ; 学 Community vote distribution 习 学 习 小 店 A (87%) stoneface Highly Voted 66 小 店 13% 66 1 year ago Selected Answer: A BCP is to empower an organization to keep crucial functions running during downtime. This, in turn, helps the organization respond quickly to an interruption, while creating resilient operational protocols. upvoted 28 times rodwave Highly Voted 10 months, 2 weeks ago Selected Answer: A Answer - The business continuity plan A business continuity is a plan that ensures a company can maintain core operations without interrupts especially in a event of a crisis. =========================== Retention Policy - determines how long business a record/resource is stored and how to dispose of the record when it is time to do so. Disaster Recovery - A set of instructions created by an organization on how to respond and recover from unplanned incidents. Generally involving a hardware failure, destruction, etc. Incident Response - a set of steps a incident response team follows to properly prepare and respond to incidents. upvoted 14 times Protract8593 Most Recent 2 months ago Selected Answer: A When an IT company must vacate its main office and move to alternate, off-site locations due to unexpected circumstances, it would most likely reference the business continuity plan. The business continuity plan outlines the procedures and strategies that an organization will use to ensure that essential business functions can continue during and after a disaster or other disruptive event. It includes measures to protect personnel, assets, and business processes to ensure the organization's continuity. On the other hand, the disaster recovery plan is focused on restoring critical systems and services after a significant disruption, and it deals with the technical aspects of recovery. While both plans are related to managing disruptive events, the business continuity plan takes a broader approach, encompassing business processes and personnel, while the disaster recovery plan primarily focuses on IT systems and data recovery. upvoted 3 times ApplebeesWaiter1122 2 months ago 店 铺 店 铺 ; During the unexpected off-site 学 circumstance of vacating the main office and moving operations to alternate, ; 学 locations, the IT company would 习 习 to ensure the continued most likely reference the business continuity plan. The business continuity plan outlines strategies and procedures 小 小 operations, recover critical operation of critical business 店 functions during and after disruptive events. It includes measures to maintain essential店 systems, and resume normal business 66 activities in the face of unexpected events that could disrupt normal business operations. 66 Selected Answer: A upvoted 1 times mosher21 5 months ago Selected Answer: C I say C because the given info implies something big and severe, aka a disaster, happened that you have to move all of your operations to an off site. So you would consult your disaster recovery plan during such incidents. upvoted 2 times MasterControlProgram 6 months ago Selected Answer: A The IT company will most likely reference the business continuity plan for guidance during the change. The business continuity plan is designed to help an organization continue operations in the event of a disruption or disaster, and is intended to minimize the impact on the business. The plan typically includes procedures and processes for identifying critical business functions, establishing alternate locations, and outlining how operations will continue during the disruption. 淘宝店铺:https://shop63989109.taobao.com/ upvoted 1 times Drealjesusfreak 6 months, 2 weeks ago The word, unexpected circumstances is the key. I think the answer is C. I have checked other questions and it says disaster recovery plan is the answer. upvoted 2 times tebirkishaw 7 months, 3 weeks ago Selected Answer: C It is C. The business continuity plan goes over what you can do in the event you can't access your normal resources, or if things aren't working. For example if your payment portal is down, you would have something saying you take payments by phone. In this question they have all of their resources, just working at a different site. Professor Messer's videos on this explain it really well as well. upvoted 1 times tebirkishaw 7 months, 3 weeks ago 店 Actually I had my definitions mixed up lol... I think the answer would be A upvoted 1 times 铺 ; 店 铺 ; 学 学 习 习 小 A. Business Continuity Plans focus for the vacating of the 店 on keeping an organization functional when misfortune or incidents occur. The小reason 66way, based on the information provided, that a disaster ( natural or man-made has店occurred) 66 office isn't specified, so there is no DALLASCOWBOYS 7 months, 3 weeks ago upvoted 1 times Sandon 8 months ago Selected Answer: C ChatGPT says it's C upvoted 2 times xxxdolorxxx 8 months, 1 week ago Selected Answer: A A seems like the correct answer upvoted 2 times carpathia 10 months ago Selected Answer: A This should normally be BIA, but BIA is part of BCP, so BCP. upvoted 1 times DoDaResearch 10 months, 3 weeks ago Selected Answer: C See CompTIA Security + study guide page 518 Disaster Recovery plan -- A disaster can be seen as a special class of incident where the organizations primary business function is disrupted. Disaster recovery requires considerable resources, sush as SHIFTING PROCESSING TO A SECONDARY SITE. Disaster recovery will involve a wider range of stakeholders than a less serious incidents. Business Continuity Plan (BCB) -- this identifies how business processes should deal with both minor and disaster-level disruption. During an incident, a system may need to be isolated. Continuity planing ensures that there is processing redundancy supporting the workflow so that when a server is taken offline for security remediation, processing can failover to a separate system. If systems do not have this sort of planned resilience, incident response will be much more disruptive. upvoted 3 times DoDaResearch 10 months, 3 weeks ago Not all disasters are natural, if a fire marshal closes your building for various reasons that may not even be related to your building, you still can not enter upvoted 1 times 店 店 铺 铺 Gravoc 1 year ago ; ; Remember that BCP is all-encompassing, including natural disaster recovery. Since the question did not specify this is a disaster, then BCP is the only option left that can be correct. upvoted 3 times 学 学 习 习 小 店 Yuyuyakuza 1 year ago 66 A.BCP no indication of a natural disaster. upvoted 1 times comeragh 1 year ago Selected Answer: A Agree with A - BCP upvoted 2 times 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #109 While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is alerted to a subsequent token reuse moments later on a different service using the same single sign-on method. Which of the following would BEST detect a malicious actor? A. Utilizing SIEM correlation engines B. Deploying Net ow at the network border C. Disabling session tokens for all sites D. Deploying a WAF for the web server 店 店 铺 Correct Answer: D 铺 ; ; 学 Community vote distribution 习 学 习 小A (100%) 店 66 stoneface Highly Voted 小 店 66 1 year ago Selected Answer: A I think that SIEM correlation would be the best way to detect an attacker in this case. The initial compromise was a malicious request on a web server. Moments later the token created with SSO was used on another service, the question does not specify what type of service. Deploying a WAF on the web server will detect the attacker but only on that server. If the attacker issues the same malicious request to get another SSO token correlating that event with using that SSO token in other services would allows to detect the malicious activity. Correct me if I am wrong upvoted 38 times hieptran 8 months, 2 weeks ago I think the same with you, The token type could be varies, but I don't think that it will be detected and prevented by WAF or anything since it could be a legitimate request with stolen/hacked token. In the context of this question, it is best to collerate logs and find which system is compromised. upvoted 2 times RogerW Most Recent 1 week, 4 days ago It looks like a CSRF attack. The SIEM detected the attack and notified the user. If the question asked what would be the BEST to "protect" as opposed to "detect", I would have selected, D WAF. Since is asking what would be BEST to detect, I pick A. upvoted 1 times malibi 3 weeks ago Selected Answer: A The question mentions about Web Application! A WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application, and prevents any unauthorized data from leaving the app. upvoted 1 times Protract8593 2 months ago 店 铺 店 铺 ; ;to detect a malicious actor in this Utilizing SIEM (Security 学 Information and Event Management) correlation engines would be the best way 学 习 devices. By using correlation scenario. SIEM systems习 collect and analyze log data from various sources, including web applications and network 小 小 when analyzing each event rules, the SIEM can identify patterns of behavior and detect abnormal or malicious activities that might not be apparent 店 店 in isolation. 66 66 Selected Answer: A In the given scenario, the SIEM can correlate the alerts from the two different services that detected the subsequent token reuse. This correlation would help identify the abnormal behavior and raise an alert for further investigation by the cybersecurity analyst. SIEM systems play a crucial role in identifying complex and sophisticated attack patterns and improving incident detection and response capabilities. upvoted 1 times ApplebeesWaiter1122 2 months ago Selected Answer: A SIEM (Security Information and Event Management) correlation engines are designed to collect, analyze, and correlate data from various sources across an organization's IT infrastructure. By using SIEM correlation rules, the cybersecurity analyst can identify patterns and relationships between events and data from different systems and applications. In the given scenario, the SIEM correlation engine can detect the subsequent token reuse moments after the initial malicious request on one web application. This correlation can help identify the presence of a malicious actor attempting to exploit the single sign-on method and potentially moving laterally to other services. upvoted 1 times Ahmed_aldouky 6 months, 3 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: A . Utilizing SIEM correlation engines would BEST detect a malicious actor. SIEM correlation engines can be used to analyze and correlate events from different systems and applications. In this case, the cybersecurity analyst can use a SIEM correlation engine to correlate the request on the web application and the subsequent token reuse on a different service. This can help to identify the malicious actor and take appropriate actions to prevent further attacks. B. Deploying Netflow at the network border can help to monitor network traffic and identify anomalies, but it may not provide enough context to detect the malicious actor in this scenario. C. Disabling session tokens for all sites is not a recommended solution as it can have negative impacts on legitimate user access. D. Deploying a WAF for the web server can help to detect and block attacks on the web application, but it may not provide enough visibility to detect the subsequent token reuse on a different service. upvoted 2 times 店 店 铺 铺 brewoz404sd; 7 months, 3 weeks ago ; 学 Answer is D. A waf looks specifically at session / token use, as well as monitoring all traffic between web /学 user. You can deploy a waf to protect 习 习 ALL web apps behind it. Answer is clearly D, its exactly what a WAF is designed to do. 小 小 店 店 upvoted 1 times 66 66 [Removed] 9 months, 3 weeks ago i still think D upvoted 1 times Gravoc 1 year ago SIEM correlation dashboards. From google: "It aggregates and analyzes log data from across your network applications, systems, and devices, making it possible to discover security threats and malicious patterns of behaviors that otherwise go unnoticed and can lead to compromise or data loss." Web application firewall is a good candidate, except that it will log both events into separate log files. Which can go unnoticed by security administrators, and will require additional tools to automate the process of alerting the correlated events together. Such as a SIEM. upvoted 4 times Lars87 1 year ago Selected Answer: A SIEM i think correct upvoted 1 times okay123 1 year ago The software analyzes the log entries to identify signs of malicious activity. In addition, since the system gathers events from different sources across the network, it can recreate the timeline of an attack, enabling a company to determine the nature of the attack and its impact on the business. https://www.techtarget.com/searchsecurity/definition/security-information-and-event-management-SIEM I thought D but key word is differint devices.. so SIEM correlation i think upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #110 Two organizations plan to collaborate on the evaluation of new SIEM solutions for their respective companies. A combined effort from both organizations' SOC teams would speed up the effort. Which of the following can be written to document this agreement? A. MOU B. ISA C. SLA D. NDA 店 店 铺 Correct Answer: A 铺 ; ; 学 Community vote distribution 习 学 习 小A (100%) 店 66 Gravoc Highly Voted 小 店 66 1 year ago MOU - Memorandum of Understanding MOA - Memorandum of Agreement A MOU is the initialization phase for two companies who plan to work together. It establishes what each company is looking to achieve/get out of the arrangement. It's not a signed contract. A MOA is a step above the MOU. It's a signed contract that indicates both parties understand and agree with the terms placed forward by both parties. upvoted 23 times RonWonkers 12 months ago Thanks for the explanation upvoted 1 times stoneface Highly Voted 1 year ago Selected Answer: A A document that regulates security-relevant aspects of an intended connection between an agency and an external system. It regulates the security interface between any two systems operating under two different distinct authorities. It includes a variety of descriptive, technical, procedural, and planning information. It is usually preceded by a formal MOA/MOU that defines high- level roles and responsibilities in management of a crossdomain connection. upvoted 16 times stoneface 1 year ago Add ISA at the beginning -> source https://csrc.nist.gov/glossary/term/interconnection_security_agreement upvoted 3 times ccnaexam28 Most Recent 1 month, 4 weeks ago this was on my exam. i chose A. Took the exam 27/7/2023, I scored 840 and got 82 questions in total(with 3 PBQs). (not quite sure what questions I got right or wrong, there were tons that have 50/50 percentage in this site) 90%+ is from this site and I have no contributor access though I think it's also just luck on what set you'll get from their questions' pool. good luck! upvoted 7 times 店 店 铺 铺 ; 学 Protract8593 2 months ago 习 小 ; 学 习 小 店 店 to work together on a A Memorandum of Understanding 66(MOU) is a written agreement between two or more parties outlining their intention 66 specific project or endeavor. It is a non-binding document that establishes the framework and terms of cooperation between the parties involved. Selected Answer: A In this scenario, the MOU can be used to document the agreement between the two organizations to collaborate on the evaluation of new SIEM (Security Information and Event Management) solutions. It outlines their joint effort and commitment to work together towards a common goal without creating a formal legal contract. upvoted 1 times ApplebeesWaiter1122 2 months ago Selected Answer: A A Memorandum of Understanding (MOU) is a written agreement between two or more parties that outlines the understanding and terms of their collaboration. In this scenario, the two organizations plan to collaborate on the evaluation of new SIEM solutions, and the MOU can be used to document their agreement on the joint effort. It will specify the objectives of the collaboration, the roles and responsibilities of each organization's SOC teams, the resources they will contribute, the duration of the collaboration, and any other relevant terms and conditions. upvoted 1 times MorganB 4 months, 4 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Pass my exam 27, April 23. This question was on my tested worded differently but the answer is the same. upvoted 4 times ronniehaang 7 months, 3 weeks ago Selected Answer: A A. MOU (Memorandum of Understanding) is the best option to document the agreement between two organizations to collaborate on the evaluation of new SIEM solutions. An MOU is a non-binding agreement between two or more parties outlining the goals and objectives of a project or collaboration. It outlines the responsibilities, resources, and expectations of each party involved, and serves as a framework for future cooperation and collaboration. In this case, the MOU between the two organizations would outline the purpose and goals of their collaboration to evaluate new SIEM solutions, the roles and responsibilities of each organization's SOC team, and any timelines or expectations for the evaluation process. An MOU is a good option as it provides a clear understanding of the expectations and responsibilities of both organizations without binding either organization to a specific course of action or committing to a formal agreement. upvoted 1 times 店 铺 DALLASCOWBOYS ; 7 months, 3 weeks ago 学they are collaborating, thus not requiring a legal agreement. A. MOU. It just states 习 小 upvoted 6 times 店 66 店 店 铺 ; 学 习 小 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #111 The Chief Information Security O cer wants to prevent ex ltration of sensitive information from employee cell phones when using public USB power charging stations. Which of the following would be the BEST solution to implement? A. DLP B. USB data blocker C. USB OTG D. Disabling USB ports 店 店 铺 Correct Answer: B 铺 ; ; 学 Community vote distribution 习 B (69%) FQ Highly Voted 学 习 小 店 66 A (31%) 小 店 66 1 year ago Selected Answer: A The question is talking about PUBLIC USB power charging stations, the CISO cannot for sure place USB data blocker on all publich USB ports in the world ! The CISO also can't disable employees cell phones ports, as these are usually personal properties. USB OTG is obviously playing the oppostie of what's required if used. DLP is the answer, and it can be implemented as following: 1. Create a User Group based on AD - (You will need to have a Directory Connection configured) 2. Create a policy that detects the data AND includes a rule for the User Group. - This way it will ONLY work for those users 3. Test to make sure the policy works for ONLY those users. 4. Create a Response rule that BLOCK Endpoint AND only applies to USB 5. Apply this new Response Rule to the Policy (Response Rule Tab) upvoted 25 times arrowphoto7604493ahmed 5 months, 4 weeks ago USB data blockers (also known as USB condom or USB port blocker) are small devices that can be placed between a USB charging port and a USB cable. upvoted 2 times sujon_london 1 month, 2 weeks ago DLP It’s reasonable option if USB option not there. while in market USB blocker are there available in that case answer is USB data blocker. I think physically we should know how its look alike and how to use it. upvoted 2 times ExamPasser420 4 months, 3 weeks ago What does stoneface think? upvoted 5 times EricShon 6 months, 1 week ago Then just but the data blocker on the cable being used... upvoted 2 times Blake89 店 Highly Voted 8 months, 1 week ago 店 铺B 铺 Selected Answer: ; ;stations. Y'all overthink way too much The CompTia Sec+学 Study Guide book literally talks about USB data blockers when using public charging 学 习 习 sometimes. 小 小 upvoted 23 times 店 店 66 66 fgfj Most Recent 2 days, 17 hours ago Selected Answer: A USB data blocker upvoted 1 times Protract8593 2 months ago Selected Answer: B A USB data blocker, also known as a "USB condom" or "USB pass-through device," is a hardware device that prevents data transfer over USB connections while allowing the device to charge. It does this by physically blocking the data pins on the USB cable, only allowing power transfer between the device and the charging station. By using a USB data blocker, employees can safely charge their cell phones at public USB power charging stations without worrying about data exfiltration or potential malware infections through the USB port. The other options are not suitable for the scenario described: A. DLP (Data Loss Prevention) is a broader security淘宝店铺:https://shop63989109.taobao.com/ measure used to prevent unauthorized data exfiltration or leakage, but it typically operates at the software or network level and may not directly address the USB charging station issue. upvoted 3 times ApplebeesWaiter1122 2 months ago Selected Answer: B A USB data blocker, also known as a USB condom or charging blocker, is a small device that allows a device to be charged using a USB charging cable but blocks data transfer between the device and the USB port. When connected to a public USB charging station, it prevents any potential data exfiltration or unauthorized access to sensitive information from the connected device. upvoted 1 times Pythetic 5 months, 1 week ago From a Security standpoint, a data blocker is much more secure as it physically takes away the data pins this is the "best" method as although DLP might give slight convenience if you forgot your cable, there are still ways around it upvoted 2 times 店 铺 arrowphoto7604493ahmed 5 months, 4 weeks ago ; Selected Answer: B 店 铺 ; 学 学 习 习 a USB charging port and a USB USB data blockers (also known as USB condom or USB port blocker) are small devices that can be placed between 小 小 cable 店 店 6 66 6 upvoted 1 times attesco 6 months, 1 week ago Selected Answer: A The right answer for this question is A. The question ask for the best solution and the best solution is to deploy a DLP software on each employee cell phone. It is a way much cheaper to do than buy a piece of hardware( USB Data Blocker) for each employee. Secondly, if the employee failed or forgot to use the USB Data Blocker at Airport or coffee shops.............It becomes an ineffective solution. But the DLP software either Endpoint DLP or Network DLP works without human interference to prevent Data Loss. The correct Answer is A and it`s the BEST solution according to the question. Thank you upvoted 2 times princajen 6 months, 2 weeks ago Selected Answer: B B. USB Data Blocker. an employee could carry a USB data blocker device with them to use at public USB power charging stations. A USB data blocker is a small device that plugs into the USB port and blocks the data transfer pins, while allowing the power pins to connect, so the device can be charged without any data being transferred. This would prevent any potential data exfiltration from the employee's device while it is being charged at a public charging station. upvoted 1 times Omi0204 6 months, 2 weeks ago Answer is B. A USB data blocker, also known as a “USB condom” (really, no kidding!), is a device that allows you to plug into USB charging ports including charging kiosks, and USB ports on gadgets owned by other people. The main purpose of using one is to eliminate the risk of infecting your phone or tablet with malware, and even prevent hackers to install/execute any malicious code to access your data. upvoted 1 times ApplebeesWaiter1122 6 months, 3 weeks ago Selected Answer: B Dont over think this question, the answer is B upvoted 3 times 店 铺 AlwaysRunning 6 months, 3 weeks ago ; Selected Answer: B 学 店 铺 习 ; Espero no causar molestias por dejar opinios en español, sin duda a muchos les servira. 小 店 66 学 习 小 店 66 La respuesta correcta es la B, la guía oficial habla de bloqueadores de datos USB como la mitigación contra el robo de datos cuando un dispositvo es conectado en un cargador público. upvoted 3 times ramesh2022 7 months, 1 week ago DLP is the right answer. This is looking for a solution for multiple employees (company-wide solution). upvoted 1 times LaoX 8 months, 3 weeks ago Selected Answer: A The CISO shouldn't place a USB data blocker on personnel's device but a DLP is best to implement. upvoted 1 times sujon_london 1 month, 2 weeks ago Basically USB data blocker is portable one; it can be carry and use along with USB cable. Google search for image of USB data blocker would helps to understand how to use it and works. 淘宝店铺:https://shop63989109.taobao.com/ upvoted 1 times jhfdkjshfkjdsho 9 months, 1 week ago Selected Answer: B It says public charging... This is not under the control of the company. You can't apply DLP... etc for a charging station in an airport. The employee can use a USB condom that doesn't have data pins. upvoted 4 times FMMIR 9 months, 2 weeks ago Selected Answer: B The best solution to prevent exfiltration of sensitive information from employee cell phones when using public USB power charging stations would be to use a USB data blocker. A USB data blocker is a device that can be used to physically block the data pins on a USB cable, preventing data transfer while still allowing the device to be charged. This would prevent employees from accidentally or maliciously transferring sensitive data from their cell phones to the public charging station. Options A, C, and D would not be effective in preventing this type of data exfiltration upvoted 2 times 店 店 铺 铺 okay123 10 months, ; 1 week ago ; 学 学 Selected Answer: B 习 习 小 Y'all are over thinking this,小 it's B. Data blockers are portable and it's used for this very purpose. 店 店 upvoted 4 times 66 66 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #112 The board of directors at a company contracted with an insurance rm to limit the organization's liability. Which of the following risk management practices does this BEST describe? A. Transference B. Avoidance C. Mitigation D. Acknowledgement 店 店 铺 Correct Answer: A 铺 ; ; 学 Community vote distribution 习 学 习 小A (100%) 店 66 stoneface Highly Voted 小 店 66 1 year ago Selected Answer: A organization's liability -> organization's RESPONSABILITY upvoted 9 times Protract8593 2 months ago Most Recent Selected Answer: A Transference is a risk management practice in which an organization shifts the financial burden of potential risks or losses to another party. In this scenario, by contracting with an insurance firm, the company is transferring the liability of certain risks to the insurance company. If an incident occurs that is covered by the insurance policy, the insurance company would bear the financial responsibility, thereby limiting the organization's liability. upvoted 2 times ApplebeesWaiter1122 2 months ago Selected Answer: A Contracting with an insurance firm to limit the organization's liability is an example of risk transference. In this practice, the company transfers the financial consequences of certain risks to an insurance provider. In case of a covered event, the insurance firm would bear the financial burden, reducing the potential impact on the company's assets and resources. upvoted 1 times DALLASCOWBOYS 7 months, 3 weeks ago A. Insurance is transferring the risk to the insurance company upvoted 2 times Boubou480 8 months, 2 weeks ago Selected Answer: A Insurance = Tranfert upvoted 2 times FMMIR 9 months, 2 weeks ago Selected Answer: A The board of directors at a company contracted with an insurance firm to limit the organization's liability BEST describes the risk management practice of transference. Transference is the process of transferring the risk of loss from one party to another, typically through the use of insurance. In this case, the company is transferring the risk of potential liability to the insurance firm by purchasing an insurance policy. This allows the company to limit its potential losses in the event of a liability claim. Options B, C, and D do not accurately describe the situation described in the question. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 db97 12 months ago if something happens, the insurance company will assume responsibility (Transference) upvoted 2 times 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #113 Which of the following is a risk that is speci cally associated with hosting applications in the public cloud? A. Unsecured root accounts B. Zero-day C. Shared tenancy D. Insider threat Correct Answer: C 店 店 铺 Community vote distribution ; 学 C (89%) 习 小 店 铺 ; 学 习 11% 小 店 IGUESS 66 Highly Voted 66 1 year, 7 months ago Shared Tenancy Vulnerabilities. In a multi-tenant environment, such as the cloud, a “container” vulnerability can allow an attacker to compromise containers of other tenants on the same host. Flaws in chip design can also result in the compromise of tenant information in the cloud through side-channel attacks. upvoted 21 times Protract8593 2 months ago Most Recent Selected Answer: C Shared tenancy is a risk that is specifically associated with hosting applications in the public cloud. Public cloud providers offer shared resources to multiple customers on the same physical infrastructure. This means that multiple virtual machines and applications from different customers are running on the same physical server. While cloud providers take measures to isolate and secure these resources, there is always a risk of potential data leakage or unauthorized access if the isolation mechanisms are not robust. upvoted 1 times ApplebeesWaiter1122 2 months ago Selected Answer: C Hosting applications in the public cloud means that multiple customers share the same physical infrastructure and resources provided by the cloud service provider. This shared infrastructure introduces the concept of "shared tenancy," where multiple customers' data and applications coexist on the same servers and network devices. While cloud providers implement strong security measures to isolate customer data, there is always a risk of a breach or misconfiguration that could potentially expose one customer's data to another. This risk is commonly associated with hosting applications in the public cloud. upvoted 2 times arrowphoto7604493ahmed 5 months, 4 weeks ago Selected Answer: C shared tenancy model means that sensitive data, such as encryption keys, may be stored on the same physical hardware as other tenants, potentially increasing the risk of unauthorized access upvoted 1 times MasterControlProgram 6 months ago Selected Answer: C C. Shared tenancy is a risk specifically associated with hosting applications in the public cloud. Public cloud environments typically host multiple tenants on the same physical hardware. While cloud providers implement security measures to ensure tenant separation and protection, the possibility of one tenant gaining unauthorized access to another tenant's data cannot be completely ruled out. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 小 DALLASCOWBOYS 7 months, 3 weeks ago 店 C. Shared tenancy is the risk associated with the Cloud. upvoted 2 times 66 习 小 店 66 FMMIR 9 months, 2 weeks ago Selected Answer: C A risk that is specifically associated with hosting applications in the public cloud is shared tenancy. Shared tenancy refers to the practice of multiple customers sharing the same physical infrastructure in a cloud environment. This can create security risks, as the actions of one customer can potentially impact the security and performance of other customers on the same infrastructure. Options A, B, and D are not specifically associated with hosting applications in the public cloud, although they can be potential risks in any computing environment. upvoted 3 times Sir_Learnalot 10 months, 2 weeks ago Selected Answer: C "C" shared tenancy is a cloud specific threat. Insider threats are also applicable to on-prem upvoted 1 times 淘宝店铺:https://shop63989109.taobao.com/ Jakalan7 1 year ago Selected Answer: C The answer has to be C, since A, B and D are not specific to cloud platforms. upvoted 2 times ishallgetit 1 year, 5 months ago Selected Answer: C "specifically associated with hosting applications in the public cloud" C: shared tenancy upvoted 4 times Branch ake 1 year, 5 months ago I read this twice and still missed the "public " cloud. Shared Tenancy upvoted 1 times 店 铺 店 铺 ; ; cloud?" Insider threats are everywhere Why would it be D? How is an insider threat "specifically associated with hosting applications in the public 学 学 - not just in the cloud.习 习 小 小 upvoted 2 times 店 店 66 66 Dunzel 1 year, 6 months ago CLAW_ 1 year, 6 months ago I didnt read the question properly and chose Unsecured Accounts, this is wrong. The correct answer is Shared Tenancy given that the clue in the question is "Public" cloud. upvoted 2 times szl0144 1 year, 7 months ago Selected Answer: C C is the correct answer, cloud server are multi-tenant upvoted 2 times bugrovac 1 year, 8 months ago Selected Answer: D Correct Answer: D upvoted 2 times ansenlool88 1 year, 7 months ago insider threat is also on different types of cloud, or premise location and any datacenter or LAN or WAN. dont think D is correct. keywords on the question is PUBLIC CLOUD upvoted 3 times greenerme 1 year, 7 months ago An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #114 DDoS attacks are causing an overload on the cluster of cloud servers. A security architect is researching alternatives to make the cloud environment respond to load uctuation in a cost-effective way. Which of the following options BEST ful lls the architect's requirements? A. An orchestration solution that can adjust scalability of cloud assets B. Use of multipath by adding more connections to cloud storage C. Cloud assets replicated on geographically distributed regions D. An on-site backup that is displayed and only used when the load increases 店 店 铺 Correct Answer: D 铺 ; ; 学 Community vote distribution 习 学 习 小A (100%) 店 66 stoneface Highly Voted 小 店 66 1 year ago Selected Answer: A A. An orchestration solution that can adjust scalability of cloud assets -> this is the correct answer IMO - this is what elasticity in cloud is all about, we are only creating new resources when there is a workload spike. B. Use of multipath by adding more connections to cloud storage -> this doest address the issue of dealing with the additional load on the servers C. Cloud assets replicated on geographically distributed regions -> hot or warm recovery sites ( not cost effective ) D. An on-site backup that is displayed and only used when the load increases ( not cost effective since the on-site will be always on behind the scenes) upvoted 52 times Gino_Slim 11 months ago In stoneface we trust (that means this is the right answer) upvoted 23 times RevolutionaryAct Most Recent 1 month, 2 weeks ago Kind of torn, I can see either in that orchestration might cost a lot plus scaleability = more resource costs On the other hand a passive load balancing server costs more in hardware but isn't used regularly, and would have to cost less than scaling, SOAR, etc. upvoted 1 times Protract8593 2 months ago Selected Answer: A An orchestration solution that can adjust the scalability of cloud assets is the best option to fulfill the security architect's requirements. Orchestration in the context of cloud computing refers to the automated management and coordination of various cloud resources to handle changes in demand and optimize performance. By using an orchestration solution, the cloud environment can dynamically scale resources up or down based on load fluctuations caused by DDoS attacks or any other factors. This allows the organization to respond to changing demands in a cost-effective and efficient manner. upvoted 1 times ApplebeesWaiter1122 2 months ago Selected Answer: A 店 店 An orchestration solution allows for dynamic scaling of cloud resources based on the current load or demand. This means that as the DDoS attack causes an overload on the cloud servers, the orchestration solution can automatically increase the number of servers (scale-out) to handle the increased traffic. Similarly, when the load decreases, the solution can scale down by removing unnecessary servers to save costs. 铺 铺 ; 学 习 ; 学 习 小 小 ensuring that the cloud This approach provides an efficient and cost-effective way to respond to load fluctuations caused by DDoS attacks, 店 店 environment can handle the increased 66 demand without compromising performance or incurring unnecessary expenses.66 upvoted 1 times Mkoenig69 5 months, 3 weeks ago Selected Answer: A An orchestration solution that can adjust scalability of cloud assets would likely be the best option for fulfilling the security architect's requirements. This would allow the cloud environment to dynamically adjust the scalability of its assets based on load fluctuation, effectively managing the overload caused by DDoS attacks. By automatically provisioning or deprovisioning resources as needed, an orchestration solution can help maintain optimal performance while minimizing costs. upvoted 1 times Exlr8me 5 months, 3 weeks ago Selected Answer: A A is the correct answer upvoted 1 times MasterControlProgram 6 months ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: A A. An orchestration solution that can adjust scalability of cloud assets would be the best option to fulfill the architect's requirements. An orchestration solution allows for automatic scaling of resources based on traffic demands, which will help the cloud environment respond to load fluctuation. Additionally, it can be cost-effective because it can scale resources up or down as needed, meaning that resources are only allocated when needed, and are released when they are no longer required. This reduces unnecessary resource consumption and costs. upvoted 2 times carpathia 10 months ago Selected Answer: A It cannot be B: "What is multipathing in cloud computing? Multipathing, also called SAN multipathing or I/O multipathing, is the establishment of multiple physical routes between a server and the storage device that supports it." upvoted 2 times 店 店 RonWonkers 1 year ago 铺 铺 ; ; 学 Selected Answer: A 学 习 I think A upvoted 1 times 习 小 小 店 店 66 Gravoc 1 year ago 66 I agree with stoneface on A. Remember that backups are expensive. Which is the entire reason for the convoluted process of hot, warm, and cold sites. Scaling cloud infrastructures can experience lag during the periods of high activity, where other assets have to either be added, or become active. This is the compromise for a cost-effective solution that scales. The company could go for a system that is absolutely overkill on assets at all times, in preparation for those brief peak moments. But this is expensive, and unlikely to be taken by most companies. Only case you would want to use one of these is if you have a sensitive or critical service that MUST remain online. Stock exchange servers, military servers, bank servers, etc. come to mind for this criteria. upvoted 3 times lucasvs_ 1 year ago Selected Answer: A Yes a ido upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #115 Which of the following documents provides expectations at a technical level for quality, availability, and responsibilities? A. EOL B. SLA C. MOU D. EOSL Correct Answer: B 店 店 铺 Community vote distribution ; 学 习 铺 ; 学 习 B (100%) 小 小 店 店 Strykar 66 Highly Voted 66 12 months ago Selected Answer: B This site needs a Dark Mode. upvoted 26 times snofear 11 months, 3 weeks ago Use Dark Reader-Chrome extension upvoted 10 times J_Ark1 10 months, 3 weeks ago thanks for that :) upvoted 2 times banditring 11 months, 4 weeks ago AGREED! upvoted 3 times comeragh Highly Voted 1 year ago Selected Answer: B B - Service Level Agreement (SLA) upvoted 9 times Protract8593 Most Recent 2 months ago Selected Answer: B A Service Level Agreement (SLA) is a document that outlines the specific expectations at a technical level for quality, availability, responsibilities, and other metrics related to the services provided by one party to another. SLAs are commonly used in service contracts between providers and customers to define the level of service that the customer can expect and the consequences for not meeting those service levels. upvoted 1 times ApplebeesWaiter1122 2 months ago Selected Answer: B An SLA (Service Level Agreement) is a formal agreement between two parties that outlines the expectations and responsibilities for a service. It provides specific details at a technical level, including quality, availability, and the responsibilities of each party involved in the agreement. SLAs are commonly used in various business relationships, such as between a service provider and a customer or between different departments within an organization. The SLA sets clear expectations for the level of service that should be provided and the consequences for failing to meet those expectations. upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 NerdAlert 6 months, 1 week ago MSP workers where you at?! upvoted 4 times 66 Sandon 8 months ago An old ITIL question. Definitely B upvoted 1 times KingDrew 8 months, 1 week ago Selected Answer: B B: SLA (Service Level Agreement) upvoted 1 times FMMIR 9 months, 2 weeks ago Selected Answer: B 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ A document that provides expectations at a technical level for quality, availability, and responsibilities is a Service Level Agreement (SLA). An SLA is a contract between a service provider and a customer that specifies the level of service that the provider will deliver. This typically includes technical details such as uptime, response times, and performance criteria. The SLA is used to ensure that the customer receives the level of service that they have agreed to and that the provider is held accountable for meeting those expectations. Options A, C, and D are not related to the technical level of service expectations. EOL refers to the end of life for a product or service, MOU is a memorandum of understanding, and EOSL is the end of service life. upvoted 5 times Topic 1 Question #116 Which of the following is an example of transference of risk? 店 店 铺 A. Purchasing insurance ; 学 B. Patching vulnerable 习 servers 小 铺 ; 学 习 小 店 C. Retiring outdated applications 店 66 66 D. Application owner risk sign-off Correct Answer: A Community vote distribution A (100%) comeragh Highly Voted 1 year ago Selected Answer: A Correct answer A here upvoted 11 times rodwave Highly Voted 10 months, 2 weeks ago Selected Answer: A Answer: Purchasing Insurance Cyber insurance covers a business' liability for a data breach involving sensitive customer information like health records, credit card numbers, account numbers etc. A few things insurance generally handle are legal fees, notifying customers of the data breach, and repairing damaged systems. Risk transference is about assigning risk to a third-party. The risk here being the financial loss that can be incurred after a data breach from legal fees, repairing system etc. The organization is assigning this risk to an insurance company. upvoted 5 times Protract8593 Most Recent 2 months ago Selected Answer: A Transference of risk involves shifting the financial consequences of a risk to another party, typically through the use of insurance or outsourcing. By purchasing insurance, an organization transfers the financial risk of potential incidents to the insurance provider, who will cover the costs associated with those incidents up to the limits specified in the insurance policy. upvoted 1 times 店 ApplebeesWaiter1122 2 months ago 铺 Selected Answer: A; 店 铺 ; 学 学of risk management, purchasing Transference of risk involves shifting the potential impact of a risk to another party or entity. In the context 习 习 burden of potential losses or insurance is a common example 小 of risk transference. By purchasing insurance, an organization transfers the financial 小 店 In case of an adverse event covered by the insurance policy, the insurance company 店 will bear the cost of the damages to the insurance company. 6 66 loss, reducing the financial impact 6 on the organization. upvoted 1 times Navigator 4 months ago Selected Answer: A Transference because you are moving the risk to the insurance company. upvoted 1 times Sarooor 10 months, 3 weeks ago can someone explain why the correct answer is A?? upvoted 1 times 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #117 An employee received a word processing le that was delivered as an email attachment. The subject line and email content enticed the employee to open the attachment. Which of the following attack vectors BEST matches this malware? A. Embedded Python code B. Macro-enabled le C. Bash scripting D. Credential-harvesting website 店 店 铺B Correct Answer: 铺 ; ; 学 Community vote distribution 习 学 习 小B (100%) 店 66 IQ30 小 店 66 1 year ago Highly Voted Jason Dion notes: Macro o Virus embedded into a document and is executed when the document is opened by the user upvoted 19 times rodwave 10 months, 2 weeks ago Highly Voted Selected Answer: B Answer: Macro-enabled file Phishing emails with a word document attachment typically will have macros that can be ran for malicious purposes. Macros are scripts that can run whatever you want and however many times you want it to run, it's generally used for automating frequently used tasks. Since macros can practically do whatever you want, they can be used for malicious purposes such as infecting other files, or downloading/installing other malicious software. Macros would normally run as soon as the document is opened but now macros are disabled in Office apps by default so you would need to manually enable marcos on the file for them to run. upvoted 8 times Protract8593 2 months ago Most Recent Selected Answer: B A macro-enabled file is a type of document (such as a word processing file) that contains embedded macros, which are scripts or programs that can be executed to automate tasks within the document. In the context of this question, the employee received a word processing file as an email attachment, and the subject line and email content enticed the employee to open the attachment. This is a common tactic used in phishing attacks, where attackers send malicious files with enticing content to trick users into opening them, thereby executing the embedded macros, which may deliver malware or perform other malicious actions. upvoted 1 times ApplebeesWaiter1122 2 months ago Selected Answer: B 店 店 In this scenario, the most likely attack vector is a macro-enabled file. Macro-enabled files are commonly used in phishing attacks. The email attachment appears to be a harmless document (e.g., Word, Excel), but it contains embedded macros. When the user opens the file and enables the macros as prompted, the malicious code within the macros gets executed, potentially leading to the installation of malware or other harmful activities on the user's system. This type of attack takes advantage of users' curiosity or interest in the content of the email to trick them into executing the malicious code. upvoted 1 times 铺 铺 ; ; 学 学 习 习 小 店 66 samwin111 11 months, 2 weeks ago Selected Answer: B Python will not run on doc files Macro runs on doc files upvoted 3 times comeragh 1 year ago Selected Answer: B B - correct answer here upvoted 2 times Sublime_Cheese 1 week, 1 day ago valid point 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ upvoted 1 times Topic 1 Question #118 A security proposal was set up to track requests for remote access by creating a baseline of the users' common sign-in properties. When a baseline deviation is detected, an MFA challenge will be triggered. Which of the following should be con gured in order to deploy the proposal? A. Context-aware authentication B. Simultaneous authentication of equals C. Extensive authentication protocol 店 铺 D. Agentless network access control ; 学 习 店 66 Community vote distribution 铺 ; 学 习 小 Correct Answer: A 店 小 店 66 A (100%) stoneface Highly Voted 1 year ago Selected Answer: A Context-Aware authentication -> An access control scheme that verifies an object's identity based on various environmental factors, like time, location, and behavior. upvoted 46 times J_Ark1 10 months, 3 weeks ago yes i agree upvoted 1 times Protract8593 Most Recent 2 months ago Selected Answer: A Context-aware authentication is a form of authentication that takes into account various factors or context information when determining whether to grant access to a user. In the given scenario, the security proposal aims to track requests for remote access by creating a baseline of the users' common sign-in properties. When a deviation from this baseline is detected, an MFA (Multi-Factor Authentication) challenge will be triggered. Context-aware authentication fits this scenario well as it can analyze multiple contextual factors such as user behavior, location, time, device, and more to make an informed decision about whether additional authentication steps are required. upvoted 3 times ApplebeesWaiter1122 2 months ago Selected Answer: A Context-aware authentication is the appropriate choice for the security proposal described. Context-aware authentication takes into consideration various factors or context elements, such as user behavior, location, device, time of access, and more, to assess the risk associated with a specific authentication attempt. In this scenario, the proposal aims to track requests for remote access and create a baseline of users' common sign-in properties. When a deviation from the baseline is detected, an MFA challenge is triggered. Context-aware authentication allows for the evaluation of various contextual factors to determine whether the sign-in properties match the expected baseline or not. If a deviation is detected, the system can enforce the MFA challenge to provide an additional layer of security for remote access. upvoted 1 times 店 店 铺 铺 Gravoc 1 year; ago ; 学 学can be fully understood and assessed." Context: "The circumstances that form the setting for an event, statement, or idea, and in terms of which it 习 习 小 店 is that the login attempt deviates from the baseline, triggering an additional小 店 CAA is likely correct, as the context authentication layer. 6 6 6 6 upvoted 4 times 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #119 Which of the following secure coding techniques makes compromised code more di cult for hackers to use? A. Obfuscation B. Normalization C. Execution D. Reuse Correct Answer: A 店 店 铺 Community vote distribution ; 学 习 铺 ; 学 习 A (100%) 小 小 店 varun0 店 66 Highly Voted 66 1 year ago Selected Answer: A A is correct upvoted 10 times ScottT 1 year ago https://en.wikipedia.org/wiki/Obfuscation_(software) upvoted 1 times Fitzd 1 year ago Highly Voted Three of the most common techniques used to obfuscate data are encryption, tokenization, and data masking. upvoted 7 times Protract8593 2 months ago Most Recent Selected Answer: A Obfuscation is a secure coding technique that involves modifying the source code to make it more difficult for hackers to understand or reverse engineer the code. By using obfuscation, the code's logic and structure become more complex and convoluted, making it harder for attackers to identify vulnerabilities or manipulate the code for malicious purposes. This technique aims to increase the level of effort required to exploit or reuse compromised code, thereby enhancing the security of the application. upvoted 3 times ApplebeesWaiter1122 2 months ago Selected Answer: A Obfuscation is a secure coding technique that makes compromised code more difficult for hackers to understand and use. It involves modifying the source code in such a way that it becomes more complex, convoluted, or difficult to read and comprehend. The goal of obfuscation is to make the code harder to reverse-engineer, making it challenging for attackers to understand its logic, control flow, and vulnerabilities. By using obfuscation techniques, the code's original intent and functionality are preserved, but its structure and appearance are intentionally made confusing and obscure. This can help protect sensitive information, intellectual property, or proprietary algorithms within the code. upvoted 1 times LeonardSnart 4 months, 1 week ago Selected Answer: A "Obfuscation attempts to make something unclear or difficult to understand, and code obfuscation (or code camouflage) attempts to make the code unreadable. It does things like rename variables, replace numbers with expressions, replace strings of characters with hexadecimal codes, and remove comments. For example, a meaningful variable of strFirstName might be renamed to 94mdiwl, and the number 11 might be changed to 0xF01B – 0x73 – 0xEF9D (which still results in the decimal number 11). It’s worth noting that most security experts reject security through obscurity as a reliable method of maintaining security. Similarly, code obfuscation might make the code difficult to understand by most people. However, it’s still possible for someone with skills to dissect the code." -Security+ Get Certified Get Ahead SY0-601 by Darril Gibson upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 madmax1984 8 months ago Selected Answer: A Code obfuscation makes the code more difficult to read. Stored procedures are used with SQL databases and can be used for input validation. Normalization refers to organizing tables and columns in a database to reduce redundant data and improve overall database performance. upvoted 3 times xxxdolorxxx 8 months, 1 week ago Selected Answer: A A is the right answer here. I know because I've done exactly that for web dev stuff, lol. upvoted 2 times rodwave 10 months, 2 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: A Answer: Obfuscation Obfuscation is the action of making something obscure, unclear, or unintelligible. In software development, obfuscation is the act of creating code that is difficult for humans or computers to understand. upvoted 7 times Gravoc 1 year ago Don't forget that obfuscation works in the reverse as well. Hackers usually obfuscate their malware and viruses to avoid signature detectors. Things such as writing arbitrary and benign looking code, and sneaking malicious functions into it. Or hackers also like to stretch the key length of their encryption, or use naming conventions that are only easily understandable by the person who created it. upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #120 As part of a security compliance assessment, an auditor performs automated vulnerability scans. In addition, which of the following should the auditor do to complete the assessment? A. User behavior analysis B. Packet captures C. Con guration reviews D. Log analysis 店 店 铺 Correct Answer: A 铺 ; ; 学 Community vote distribution 习 C (57%) stoneface 学 习 小 店 66 Highly Voted D (37%) 小 店 6% 66 1 year ago Selected Answer: C Configuration reviews should also be performed. upvoted 58 times suwayne 3 weeks, 3 days ago Thanks for this. Key phrase that helps with this answer in my opinion; "performs automated vulnerability scans". The right answer is C. upvoted 1 times DJCODING 6 months ago While user behavior analysis, packet captures, and log analysis are also important tools for detecting security incidents and identifying potential threats, they are not directly related to completing a security compliance assessment. These tools are typically used as part of incident response and forensic investigations. upvoted 6 times calculator 6 months ago We are with you sir! upvoted 1 times hazeleyes Highly Voted 1 year ago Selected Answer: D D. log analysis. It's not C because configuration review is part of the vulnerability scan. Vulnerability scan can produce false positives, which is why its effectiveness can be enhanced by log reviews to see whether an identified vulnerability is in fact valid. upvoted 34 times CS3000 1 month ago analyzing the settings and configurations of systems, applications and devices is important to ensure they align with industry best practices, security policies and compliance requirements. Misconfigurations are a common source of vulnerabilities and security breaches. upvoted 1 times [Removed] 7 months, 4 weeks ago Compliance is all about configuration. Log analysis and packet captures are more of troubleshooting tools than compliance factors. upvoted 10 times 店 店 铺 ; 铺 ; 学 学 I think this is key习 to how I understand the question. Log analysis is a good step in ensuring you have a secure 习 network but I do not believe it 小 小 is related to compliance in any way. 店 店 upvoted 1 times 66 66 rline63 3 weeks, 3 days ago brewoz404sd 7 months ago No config is not part of any security compliance. Logs however are 100% as all logs are correlated into the siem for analysis. No need for config checks. Scans will tell you what you need to know regarding week configuration of devices. The answer is logs. upvoted 1 times Confuzed 5 months, 2 weeks ago Are you insane. What is SCAP, OSPP, PCI-DSS, or STIG around for then? Most large environments have some security baseline compliance expectation. For example, federal systems must have frequent STIG compliance scans performed which ensures that the systems do not have any insecure configurations that may pose a risk. upvoted 7 times freyprey Most Recent Selected Answer: D 1 week, 2 days ago 淘宝店铺:https://shop63989109.taobao.com/ ,, The main types of security assessment are usually classed as vulnerability assessment, threat hunting, and penetration testing. A vulnerability assessment is an evaluation of a system's security and ability to meet compliance requirements based on the configuration state of the system. Essentially, the vulnerability assessment determines if the current configuration matches the ideal configuration (the baseline). Vulnerability assessments might involve manual inspection of security controls, but are more often accomplished through automated vulnerability scanners. " SO the automated vulnerability scanners checks configurations that means the best suited answer is D upvoted 1 times Dark_Tarantula 3 weeks, 3 days ago Selected Answer: C The key here is that this is a security compliance ASSESSMENT, he is evaluating their security posture. upvoted 3 times sace 4 weeks, 1 day ago 店 铺 Auditor's cannot do anything but configuration review. ; 店 铺 ; 学 学 Imagine them trying to习 perform packet analysis, log analysis or behavior analysis - seems out of scope right? 习 小 小 upvoted 2 times 店 店 6 66 tomf021959 4 weeks, 1 day ago 6 Selected Answer: C Vulnerability scan does not include a config review... "The difference between vulnerability scanners and configuration auditing software" https://www.titania.com/about-us/news-media/the-difference-between-vulnerability-scanners-and-configuration-auditingsoftware#:~:text=Vulnerability%20Scanning%20doesn%27t%20take,standards%20require%20both%20as%20mandatory "Vulnerability Scanning doesn't take away the need for Configuration Auditing but used alone, Configuration Auditing cannot secure the entire network. Both are important when it comes to assessing and maintaining cybersecurity and many of the accepted industry standards require both as mandatory." upvoted 1 times above 1 month, 1 week ago Its almost like saying I can apply Linux compliance checks against a Windows system, or deselect some pertinent checks and the scan comes back clean and its OK. Just because you perform a vulnerability scan does not mean you are performing the correct checks. The auditor will look at the vulnerability scan results as well as review the configurations that were applied to ensure they are applicable to the systems and meet the STIGs/DoD etc standards. Answer is C. They don't look at the logs as part of the Vulnerability scan analysis. upvoted 1 times above 1 month, 1 week ago Its almost like saying I can apply Linux compliance checks against a Windows system, or deselect some pertinent checks and the scan comes back clean and its OK. Just because you perform a vulnerability scan does not mean you are performing the correct checks. The auditor will look at the vulnerability scan results as well as review the configurations that were applied to ensure they are applicable to the systems and meet the STIGs/DoD etc standards. Answer is C. They don't look at the logs as part of the Vulnerability scan analysis. upvoted 1 times DriftandLuna 1 month, 3 weeks ago I went with d but thinking about it, c is correct. Log analysis will usually be done in response to an incident. An admin may may also do it as part of general day to day checking and operations to ensure there is not something happening they have missed but the question is really about compliance. Compliance is about ensuring what you have set up is configured correctly, not finding live issues upvoted 1 times Nikamy 1 month, 3 weeks ago Selected Answer: C I choose C. Usually Logs are verified during an incident. upvoted 1 times 店 铺 ; frejus 2 months ago 学 习 店 铺 ; 学 习 小 As a real life exemple, when PCI report, 店DSS auditors came to audit a bank, after gathering the vulnerability assessement小 店 the next step is to 66all in-scope devices. therefore answer is C 66 conduct a configuration review on Selected Answer: C upvoted 3 times Protract8593 2 months ago As part of a security compliance assessment, an auditor should perform automated vulnerability scans to identify potential vulnerabilities in the systems. However, configuration reviews are also an essential part of the assessment process. Configuration reviews involve examining the configuration settings of various systems, applications, and devices to ensure they comply with security policies, best practices, and industry standards. It helps identify misconfigurations that could lead to security issues and provides an opportunity to make necessary adjustments to improve security posture. Log analysis is an essential security practice, but it is not explicitly mentioned as part of a security compliance assessment in the given context. Log analysis involves the review and analysis of log data from various systems and applications to detect security incidents, anomalies, and potential threats. It helps in identifying unauthorized access attempts, abnormal user behavior, and potential security breaches. upvoted 1 times Protract8593 2 months ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: C upvoted 1 times ApplebeesWaiter1122 2 months ago Selected Answer: C Configuration reviews (option C) involve manually inspecting and analyzing the configuration settings of systems, applications, and network devices to ensure they align with security best practices and comply with the organization's security policies and standards. Configuration reviews are essential in assessing security compliance as they can identify misconfigurations, weak security settings, unnecessary services or ports, and other configuration issues that automated vulnerability scans might miss. They provide valuable insights into the security hygiene of the organization's IT infrastructure and help identify areas that need improvement to enhance overall security. upvoted 2 times LiteralGod 2 months ago I think it's A or C. 店 店 铺 铺 It's definitely nothing to do with logs as this is not something that would be included in a vulnerability assessment. upvoted 1 times ; ; 学 学 习 ago Kaps443 4 months, 3 weeks 小 店 Selected Answer: C 习 小 店 66 66 Configuration reviews would be important for the auditor to complete the assessment. Vulnerability scans can identify potential vulnerabilities in a system, but a configuration review is necessary to ensure that the system is properly configured to address these vulnerabilities. User behavior analysis, packet captures, and log analysis can all provide valuable information for security assessments, but they are not necessarily required to complete a vulnerability scan assessment. upvoted 2 times Yawannawanka 5 months ago C. Configuration reviews. Automated vulnerability scans are just one aspect of a security compliance assessment. To complete the assessment, the auditor should also perform configuration reviews to ensure that systems and applications are properly configured to mitigate vulnerabilities. User behavior analysis and log analysis can also be useful in detecting and investigating potential security incidents, but they are not directly related to the assessment of vulnerabilities and compliance. Packet captures can be helpful in identifying network-based vulnerabilities, but they may not always be necessary or relevant to the assessment. upvoted 2 times moroy 5 months, 1 week ago Selected Answer: C The question refers to a security compliance assessment. Emphasis on compliance. It is not a forensic assessment. upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #121 A database administrator wants to grant access to an application that will be reading and writing data to a database. The database is shared by other applications also used by the nance department. Which of the following account types is MOST appropriate for this purpose? A. Service B. Shared C. Generic D. Admin 店 店 铺 Correct Answer: C 铺 ; ; 学 Community vote distribution 习 学 习 小A (98%) 店 66 stoneface Highly Voted 小 店 66 1 year ago Selected Answer: A Service accounts are a special type of non-human privileged account used to execute applications and run automated services, virtual machine instances, and other processes. Service accounts can be privileged local or domain accounts, and in some cases, they may have domain administrative privileges upvoted 39 times ApplebeesWaiter1122 Most Recent 2 months ago Selected Answer: A A. Service The most appropriate account type for an application that needs to read and write data to a shared database is a "Service" account. Service accounts are used to run specific services or applications in a controlled manner, allowing them to access resources and perform specific actions on behalf of the application or service they represent. In this scenario, the application needs to interact with the database on a regular basis, so a dedicated service account should be created for it. This service account should have the necessary permissions to read and write data to the specific tables or data objects required by the application. Using a service account provides better control and accountability over the actions performed by the application. It allows the database administrator to restrict the application's access to only the required resources and minimize the risk of unauthorized access to other parts of the database that are unrelated to the application's functionality. upvoted 1 times Protract8593 2 months ago Selected Answer: A A service account is typically used for applications and services that need access to specific resources, such as a database. In this scenario, the application that reads and writes data to the database should have its own dedicated service account. By using a service account, the access can be specifically granted and restricted as needed, providing appropriate permissions for the application to interact with the database without compromising other accounts used by the finance department or other applications. Option B (Shared), Option C (Generic), and Option D (Admin) are not suitable choices in this context. Shared and Generic accounts are not specifically intended for application access, and granting admin privileges to an application is unnecessary and risky, as it may lead to unauthorized access or actions. It is always best practice to use the least privilege principle and provide only the necessary permissions for the application to perform its required tasks. upvoted 1 times 店 店 铺 铺 ; 学 LeonardSnart 4 months, 1 week ago 习 小 ; 学 习 小 店 "Service accounts. Some applications 66 and services need to run under the context of an account, and a service account店fills 66this need. As an example, SQL Server is a database Selected Answer: A application that runs on a server, and it needs access to resources on the server and the network. Administrators create a regular user account, name it something like sqlservice, assign it appropriate privileges, and configure SQL Server to use this account. Note that this is like a regular end-user account. The only difference is that it’s used by the service or application, not an end user. Credential policies may require long, complex passwords for these accounts, but they should not expire. If the password expires, the account can no longer log on, and the service or application will stop." -Security+ Get Certified Get Ahead SY0-601 by Darril Gibson upvoted 1 times strong1 4 months, 3 weeks ago Service accounts are accounts that specific applications or services use to interact with the system. For example, if you have an FTP server that interacts with an FTP service, you might use a service account with limited permissions to allow that service to access the system. This enables you to apply very tight security controls to the service account, rather than using 淘宝店铺:https://shop63989109.taobao.com/ a general user account to perform the activity upvoted 1 times Kaps443 4 months, 3 weeks ago Selected Answer: A A is correct. upvoted 1 times EricShon 6 months, 1 week ago Selected Answer: A A. Service account is the most appropriate for this purpose. upvoted 1 times seagnull 7 months ago 店 店 铺 铺 Selected Answer: A ; ; 学 学 "A database administrator wants to grant access to an application". Service accounts are created for apps and services. upvoted 2 times 习 习 小 小 店 weeks ago DALLASCOWBOYS 7 months, 3 6 6 店 66 A. Service accounts are associated with applications and services. upvoted 1 times nul8212 9 months, 1 week ago Selected Answer: C generic account A preset, standard, common, guest, fixed, shared, or anonymous user account. upvoted 1 times Dacoder 3 weeks, 5 days ago It is an application, not a person. upvoted 1 times Blake89 8 months, 1 week ago Absolutely not. People like you need to stop commenting on these threads. upvoted 11 times zharis 11 months ago Service accounts are used by scheduled processes and application server software such as databases upvoted 2 times [Removed] 11 months, 2 weeks ago Selected Answer: A Service accounts associated with applications and services. upvoted 1 times ergo54 11 months, 3 weeks ago Selected Answer: A Agreed its A. The study guide explicitly states that generic accounts are for many different individuals doing the same work whereas a service account is explicitly for a application/service to run its work. upvoted 3 times RonWonkers 1 year ago 店 店 Selected Answer: A 铺 appropriate I think A is most ; upvoted 1 times 学 习 小 k9_462 1 year ago 铺 ; 学 习 店 Selected Answer: A 66 i would go with A-service account upvoted 1 times 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #122 A security analyst generated a le named host1.pcap and shared it with a team member who is going to use it for further incident analysis. Which of the following tools will the other team member MOST likely use to open this le? A. Autopsy B. Memdump C. FTK imager D. Wireshark 店 店 铺 Correct Answer: D 铺 ; ; 学 Community vote distribution 习 学 习 小D (100%) 店 66 rodwave Highly Voted 小 店 66 10 months, 2 weeks ago Selected Answer: D Answer: Wireshark PCAP or Packet Capture is an interface used for capturing live network packet data. PCAP files like 'host1.pcap' are data files created by network analyzers like Wireshark that are used to collect and record packet data from a network. These files which can be used for analyzing the network traffic. ================================== Other Tools/Options (A) Autopsy - A platform that provides digital forensic tools (B) Memdump - The memdump tool is a program that can do memory dumps. A memory dump is the process of taking all data in RAM and storing it on a hard drive for like applications or for the case of a system crash. The memdump tool will dump the contents of physical memory by default. (c) FTk Imager - Forensic Toolkit (FTK) is forensics software and FTK Imager a tool that can be used to create forensic images. Forensic images is basically a copy of an entire physical hard drive including files, folders etc. upvoted 10 times Blake89 8 months, 1 week ago Autopsy IS a TOOL. Not a platform for multiple tools. It's main purpose is to view and recover data from storage devices. People like you need to really stop talking in here. upvoted 2 times Elyria 8 months ago How about you get a life and YOU stop commenting here. All I see under every discussion is you crying about other people participating. Grow up. upvoted 10 times Blake89 8 months ago Elyria, How about you quit crying about me calling out people who are talking nonsense and giving out false information? These are not opinions, it's all factual. Take your little delicate sensitivities to Facebook. upvoted 1 times 店 铺 ApplebeesWaiter1122 ; 学 Most Recent 2 months ago 店 铺 ; 学 习 习 traffic. It is commonly used by Wireshark is a widely used小 open-source network protocol analyzer that allows users to capture and analyze network 小 security analysts and network店 administrators to examine network packets, troubleshoot network issues, and perform店 incident analysis. 66 66 Selected Answer: D In the scenario described, the security analyst generated a file named host1.pcap, which is likely a packet capture file in the PCAP format. To further analyze the network traffic and incidents captured in this file, the team member would most likely use Wireshark. Wireshark can open and read PCAP files, allowing the user to inspect the captured packets, filter the data, and gain insights into the network activity and potential security issues. upvoted 1 times Protract8593 2 months ago Selected Answer: D Wireshark is a widely used network protocol analyzer and packet capture tool. It is commonly used for opening and analyzing files with the ".pcap" extension, which contain captured network traffic data. With Wireshark, the team member can view the contents of the "host1.pcap" file and perform further incident analysis by examining the network packets and their associated data. upvoted 1 times DALLASCOWBOYS 7 months, 3 weeks ago D. Wireshark analyzes packet captures 淘宝店铺:https://shop63989109.taobao.com/ upvoted 2 times xxxdolorxxx 8 months, 1 week ago Selected Answer: D Wireshark. Did this for my eJPT exam. upvoted 1 times RonWonkers 1 year ago Selected Answer: D pcap is wireshark upvoted 3 times Gravoc 1 year ago Wireshark. I've opened enough pcap's in wireshark to know this one :p. upvoted 4 times 店 铺 ; 店 铺 ; 学 学 Wireshark is a network习 packet analyzer. A network packet analyzer presents captured packet data in as much detail 习 as possible. 小 小 upvoted 1 times 店 店 66 66 comeragh 1 year ago okay123 1 year ago Selected Answer: D D - Wireshark upvoted 4 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #123 An application developer accidentally uploaded a company's code-signing certi cate private key to a public web server. The company is concerned about malicious use of its certi cate. Which of the following should the company do FIRST? A. Delete the private key from the repository. B. Verify the public key is not exposed as well. C. Update the DLP solution to check for private keys. D. Revoke the code-signing certi cate. 店 店 铺 Correct Answer: D 铺 ; ; 学 Community vote distribution 习 学 习 小D (100%) 店 66 stoneface Highly Voted 小 店 66 1 year ago Selected Answer: D We need to revoke the code-signing certificate as this is the most secure way to ensure that the comprised key wont be used by attackers. Usually there are bots crawking all over repos searching this kind of human errors. upvoted 23 times ApplebeesWaiter1122 Highly Voted 2 months ago Selected Answer: D In this scenario, the company's code-signing certificate private key has been exposed to the public, which is a significant security concern. The first and most critical step the company should take is to revoke the compromised code-signing certificate. By revoking the certificate, the company informs all parties that the certificate is no longer trustworthy and should not be used for signing applications or code. After revoking the certificate, the company can then proceed with other necessary actions, such as verifying that the public key is not exposed, deleting the private key from the repository, and updating the Data Loss Prevention (DLP) solution to check for private keys. However, the immediate priority is to prevent the malicious use of the compromised certificate by revoking it as soon as possible. upvoted 5 times Protract8593 Most Recent 2 months ago Selected Answer: D In the scenario described, the company's code-signing certificate private key has been accidentally uploaded to a public web server. This poses a significant security risk as malicious actors could potentially use the private key to sign malicious code, impersonating the company. The first and most critical step the company should take is to revoke the code-signing certificate. By revoking the certificate, any code that was previously signed with it will no longer be trusted, and the risk of malicious use is mitigated. After revoking the certificate, the company can take further actions such as deleting the private key from the repository, verifying the public key is not exposed, and updating the Data Loss Prevention (DLP) solution to check for private keys. However, the immediate priority is to revoke the certificate to prevent further damage or misuse. upvoted 1 times MorganB 4 months, 4 weeks ago MorganB 0 minutes ago Awaiting moderator approval Pass my exam 27, April 23. This question was on my tested worded differently but the answer is the same. upvoted 4 times 店 铺 DALLASCOWBOYS 7 months, 3 weeks ago ; D. Revoke the code-signing certificate. 学 习 upvoted 1 times 小 店 66ago Sir_Learnalot 10 months, 2 weeks 店 铺 ; 学 revoke the certificate and you should perform user training to minimize the chance for this to happen again upvoted 2 times Jossie_C 10 months, 3 weeks ago Selected Answer: D D is containment upvoted 1 times RonWonkers 1 year ago Selected Answer: D This is D upvoted 1 times Gravoc 1 year ago 习 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Revoke they certificate with a revocation authority, and go about getting a new one with a certificate authority. upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #124 An organization implemented a process that compares the settings currently con gured on systems against secure con guration guidelines in order to identify any gaps. Which of the following control types has the organization implemented? A. Compensating B. Corrective C. Preventive D. Detective 店 店 铺 Correct Answer: D 铺 ; ; 学 Community vote distribution 习 习 小 店 D (52%) Gravoc 学 66 Highly Voted 小 店 C (47%) 66 1 year ago From the official study guide: "Compensating - controls designed to mitigate the risk associated with exceptions made to a security policy. Corrective - remediate security issues that have already occurred. Restoring backups after a ransomware attack is an example of a corrective control. Preventive - intend to stop a security issue before it occurs. Firewalls and encryption are examples of preventive controls. Detective - identify security events that have already occurred. Intrusion detection systems are detective controls." Based on this, Preventive makes the most sense to me. They are comparing the configurations to a secure guideline to ensure no gaps. Meaning they are pre-emptively hardening their systems against future attack vectors. upvoted 67 times J_Ark1 10 months, 3 weeks ago Stone face wisdom here :) upvoted 11 times Luuke 6 months, 3 weeks ago True dat upvoted 1 times assfedass nished 5 months, 4 weeks ago You're not given information concerning whether a security event has occurred. How can undetected gaps be prevented? upvoted 1 times BigLao 10 months, 4 weeks ago They're comparing to "identify any gaps" not to ensure any gaps. Two different things upvoted 8 times jgp Highly Voted 店 Selected Answer: D 铺 "...identify..." ; upvoted 22 times 1 year ago 店 铺 ; 学 学 习 习 小 Strykar 12 months ago 店 66 小 "Identify so it can be Prevented". It better to read and understand the whole question and not just a keyword. upvoted 8 times 店 66 RvR109 7 months, 2 weeks ago It doesn't say anywhere that it's to "prevent" anything, only to "identify". Which makes it Detective. upvoted 6 times brewoz404sd 7 months, 1 week ago No, detective is after an incident, not finding gaps. Can't be detective at all. upvoted 6 times ffsilveira10 5 months, 1 week ago If any gaps be identified, so it would be an "incident" and you had detected it. Scan the environment for gaps will not prevent they from occur, will in first instance identify them. upvoted 3 times freyprey 4 days, 4 hours ago Most Recent 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: C In the CompTIA Security + study guide detective actions are taken when a attack takes place. Here all the actions are Preventive ( before an attack ), in order to solve security breaches. upvoted 1 times MooWasHere 1 week, 2 days ago Selected Answer: C they are trying to prevent any gaps from happening upvoted 1 times RevolutionaryAct 2 weeks, 4 days ago Selected Answer: A Compensating as this is comparing gaps. From All-In-One Exam Guide: "Compensating controls are used to meet a requirement when there is no control available to directly address a threat. Fire suppression systems do not prevent fire damage, but if properly employed, they can mitigate or limite the level of damage from a fire." 店 店 铺 铺 ; ; 学 学 习 习 小 小 Corrective is used after an event so it cannot be that one Detective is during an event so it cannot be that one Preventive is to stop an event from occurring, but this is about comparing gaps. upvoted 1 times 店 店 66 66 Dark_Tarantula 3 weeks, 3 days ago Selected Answer: D Detective controls are designed to identify and alert when security violations or deviations from security policies occur. In this case, the process of comparing the current settings against secure configuration guidelines is aimed at detecting any gaps between the actual system configurations and the recommended secure configurations. upvoted 2 times gho5tface 4 weeks, 1 day ago Selected Answer: D The organization is implementing a detective control by comparing settings to identify any deviations from the secure configuration guidelines. upvoted 1 times Rider2053 1 month ago Identify the gaps : Detection -> Detective upvoted 1 times predsednik 1 month, 2 weeks ago Selected Answer: C Preventive - as Gravoc explained already: Preventive - intend to stop a security issue before it occurs. Firewalls and encryption are examples of preventive controls. Based on this, Preventive makes the most sense to me. They are comparing the configurations to a secure guideline to ensure no gaps. Meaning they are pre-emptively hardening their systems against future attack vectors. upvoted 1 times BigIshai 1 month, 2 weeks ago Selected Answer: D "compares the settings currently configured on systems against secure configuration guidelines in order to identify any gaps" Compares is the action word here based on the scenario. We are at this point in time trying to detect/identify gaps. But when looking at the overall picture we are still in the preventive space...then again we have not been asked inferred solution. Hence the most appropriate is D. upvoted 2 times 店 店 铺 铺 ; 学 RobertAtDoveton 1 month, 2 weeks ago 习 ; 学 习 Preventive controls are measures implemented to proactively stop or mitigate potential risks before they occur. They are designed to prevent security incidents from happening in the first place. In the given scenario, the organization is not stopping incidents from occurring beforehand; instead, they are identifying any gaps or discrepancies after the settings are configured. 小 店 66 小 店 66 The described process involves comparing the current system settings against secure configuration guidelines to identify any gaps that may have occurred during or after configuration. This is a Detective control because it aims to detect deviations from the secure configuration after they have potentially occurred, rather than preventing them from happening in advance. upvoted 1 times Abdul2107 1 month, 3 weeks ago Selected Answer: D D. Identify Keyword: Identify = Detect upvoted 1 times Nikamy 1 month, 3 weeks ago Selected Answer: D I go with D 淘宝店铺:https://shop63989109.taobao.com/ upvoted 1 times ApplebeesWaiter1122 2 months ago Selected Answer: C A preventive control is designed to prevent security incidents from occurring by establishing security measures and best practices proactively. In this case, comparing the settings on systems against secure configuration guidelines is a preventive control because it aims to ensure that the systems are configured securely and in compliance with the established guidelines, thus reducing the likelihood of security incidents related to misconfigurations. Detective controls, on the other hand, are designed to detect and identify security issues or incidents after they have occurred, such as security monitoring, log analysis, and intrusion detection systems. upvoted 2 times Protract8593 2 months ago Selected Answer: D 店 店 The organization has implemented a process to compare the settings on systems against secure configuration guidelines to identify any gaps. This process is aimed at detecting and identifying deviations from the recommended secure configurations. Detective controls are put in place to identify and discover security incidents or events that have occurred or are in progress. In this case, the configuration comparison process is a detective control as it helps identify potential security risks or vulnerabilities by detecting deviations from the secure configuration guidelines. 铺 铺 ; ; 学 学 习 习 小 小 店 Let's examine why option C (Preventive) 66 is not the correct answer. 店 66 Preventive controls are designed to proactively prevent security incidents from occurring. These controls are put in place to reduce the likelihood of security breaches or attacks. They are implemented to deter potential threats and block them from exploiting vulnerabilities. upvoted 2 times Protract8593 2 months ago In the scenario described, the organization has implemented a process that compares the current settings on systems against secure configuration guidelines. This process is not preventing incidents from occurring; rather, it is used to identify any gaps in the system configurations. It is more of a post-incident or detective measure rather than a preventive measure. Detective controls, on the other hand, focus on identifying security incidents or events that have already occurred or are in progress. The process of comparing system settings against secure configuration guidelines falls under the category of detective controls because it aims to detect deviations from the secure configuration and identify potential security risks. Therefore, the correct answer is D. Detective. upvoted 3 times LiteralGod 2 months ago Selected Answer: C It's preventative. Detective is in relation to detection of actual threats. upvoted 2 times jbell 2 months, 2 weeks ago Selected Answer: D It does not prevent misconfiguration, it just identifies it after gap occurs. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #125 The Chief Information Security O cer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access. Which of the following is the BEST security solution to reduce this risk? A. CASB B. VPN concentrator C. MFA D. VPC endpoint 店 店 铺 Correct Answer: A 铺 ; ; 学 Community vote distribution 习 学 习 小A (100%) 店 66 Mamun1 Highly Voted 小 店 66 1 year ago Selected Answer: A A cloud access security broker (CASB) is on-premises or cloud-based software that sits between a cloud service consumer and a cloud service provider. It serves as a tool for enforcing an organization's security policies through risk identification and regulation compliance whenever its cloud-residing data is accessed. upvoted 27 times ScottT 1 year ago For me the key clue is SaaS suggesting cloud computing. With that being decided CASB is the only option upvoted 9 times comeragh Highly Voted 1 year ago Selected Answer: A By process of elimination A seems to be the correct answer upvoted 7 times Gino_Slim 11 months ago That's exactly what I did. Even if I didn't know what CASB meant, the others didn't make any sense upvoted 7 times ApplebeesWaiter1122 Most Recent 2 months ago Selected Answer: A A Cloud Access Security Broker (CASB) is the best security solution to reduce the risk of shadow IT related to unsanctioned high-risk SaaS applications. CASB provides visibility and control over the use of cloud services within an organization, helping to detect and block unauthorized cloud applications. It acts as an intermediary between users and cloud services, allowing organizations to enforce security policies, monitor cloud activity, and prevent access to unsanctioned or high-risk cloud applications. By implementing a CASB solution, the Chief Information Security Officer (CISO) can gain better visibility into the usage of cloud services, enforce security policies, and block access to unauthorized or high-risk applications, effectively reducing the risk of shadow IT and enhancing overall cloud security. upvoted 3 times Protract8593 2 months ago 店 铺 店 铺 ; CASB is a security solution 学 that provides organizations with visibility into and control over cloud-based;services 学 and applications accessed by their 习 between users and cloud service providers, allowing security teams to enforce 习security policies and monitor cloud users. It acts as an intermediary 小 小 usage. 店 店 66 66 Selected Answer: A By implementing a CASB, the organization can gain insights into all cloud applications being used by its employees, including unsanctioned ones, and apply policy-based controls to block access to high-risk SaaS applications. This helps mitigate the risks associated with shadow IT, enhances security, and ensures compliance with organizational policies. The other options (B. VPN concentrator, C. MFA, and D. VPC endpoint) are not directly related to managing or controlling access to SaaS applications, and thus, they would not be the best choice for reducing the risk of unsanctioned high-risk SaaS applications. upvoted 2 times DALLASCOWBOYS 7 months, 3 weeks ago A. SaaS is a cloud based service, therefore, a CASB, Cloud Access Security Broker upvoted 3 times FMMIR 9 months, 2 weeks ago Selected Answer: A 淘宝店铺:https://shop63989109.taobao.com/ The best security solution to reduce the risk of shadow IT and unsanctioned high-risk SaaS applications is a Cloud Access Security Broker (CASB). A CASB is a security solution that is designed to provide visibility and control over cloud applications and services. It can be used to block access to unsanctioned applications and to enforce security policies and compliance requirements for cloud services. In this case, the CASB would be used to block access to unsanctioned high-risk SaaS applications, reducing the risk of shadow IT and helping the organization to maintain control over its cloud environment. Options B, C, and D are not specifically related to reducing the risk of shadow IT and unsanctioned SaaS applications. A VPN concentrator is a network device that is used to manage and terminate VPN connections, MFA is a security control that requires multiple factors for authentication, and a VPC endpoint is a networking feature that allows private access to AWS services. upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #126 A technician enables full disk encryption on a laptop that will be taken on a business trip. Which of the following does this process BEST protect? A. Data in transit B. Data in processing C. Data at rest D. Data tokenization 店 店 铺 Correct Answer: C 铺 ; ; 学 Community vote distribution 习 学 习 小C (100%) 店 66 Gravoc Highly Voted 小 店 66 1 year ago Data in transit is incorrect. The official terminology is data in motion. Data-in-Motion: Data that is in transit over a network. Think data packets working their way across the internet. Data-at-Rest: Stored data that resides on hard drives, tapes, in the cloud, or on other storage media. When this is taught, it's almost always taught as a USB stick laying on a desk in an office. Don't forget that this is broad category. Data-in-Processing: Data that is actively in use by a computer system. Includes data stored in memory while processing takes place. upvoted 9 times xxxdolorxxx Highly Voted 8 months, 1 week ago C is the right answer. They tried to throw a curveball with the "traveling" thing, lol. upvoted 5 times ApplebeesWaiter1122 Most Recent 2 months ago Selected Answer: C Full disk encryption (FDE) is a security measure that protects data at rest, meaning data that is stored on a device, such as a laptop's hard drive. When FDE is enabled, all the data on the disk is encrypted, and it remains encrypted even when the device is powered off or not in use. This ensures that if the laptop is lost, stolen, or accessed by unauthorized individuals, the data on the disk is still protected and cannot be easily accessed or read without the decryption key. FDE helps to safeguard sensitive information from potential data breaches or unauthorized access to the physical device. upvoted 2 times Protract8593 2 months ago Selected Answer: C Full disk encryption (FDE) is a security measure that encrypts the entire hard drive or storage media of a device, such as a laptop, to protect the data stored on it when the device is powered off or not in use. It ensures that if the laptop is lost, stolen, or accessed by unauthorized individuals, the data on the disk remains encrypted and inaccessible without the appropriate decryption key or password. This protects the data at rest from being compromised in such situations. upvoted 2 times Zdane 5 months, 1 week ago 店 铺 店 铺 It's funny, because the part "laptop that will be taken on a business trip" is a decoy for the answer "Data in transit" upvoted 1 times ; ; 学 习 小 学 习 小 店 店 C. Data at rest, such as when data6stored on the device when it is in an off state, or when a laptop is in sleep mode. 66 6 upvoted 1 times DALLASCOWBOYS 7 months, 3 weeks ago kstevens11 10 months, 3 weeks ago Selected Answer: C Full DISK encryption - disk data is data at rest upvoted 3 times serginljr 1 year ago Selected Answer: C Data at Rest is correct Answer. Data at rest: Data at rest is data in its stored or resting state, which is typically on some type of persistent storage such as a hard drive or tape. Symmetric encryption is used in this case. 淘宝店铺:https://shop63989109.taobao.com/ upvoted 5 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #127 A security analyst was called to investigate a le received directly from a hardware manufacturer. The analyst is trying to determine whether the le was modi ed in transit before installation on the user's computer. Which of the following can be used to safely assess the le? A. Check the hash of the installation le. B. Match the le names. C. Verify the URL download location. D. Verify the code signing certi cate. 店 店 铺 Correct Answer: A 铺 ; ; 学 Community vote distribution 习 学 习 小 店 A (83%) Gravoc Highly Voted 66 小 店 D (17%) 66 1 year ago The hardware manufacturer will post the hash of the file publicly, and anyone who receives a copy of that file will be able to run a checksum on the file themselves, and compare them to the official manufacturer-provided checksum. Hashing is almost always the correct answer in these type of questions. You'll see a lot of Github repositories using hashed checksums as well for verification, and I recently just installed Java onto my new computer. Java provided me with a hashed checksum for the setup executable. upvoted 17 times Blake89 8 months ago Highly Voted Selected Answer: A Directly from the CompTIA Sec + Study Guide: "• The most common way to validate that a forensic copy matched an original copy is to create a hash of the copy and to create a hash of the original drive, and then compare them. If the hashes match, the forensic copy is identical to the original." upvoted 5 times 1bagwell 6 months, 2 weeks ago hey there! how can I be able to get the study guide? upvoted 1 times predsednik Most Recent 1 month, 2 weeks ago Selected Answer: A The most common way to validate that a forensic copy matched an original copy is to create a hash of the copy and to create a hash of the original drive, and then compare them. If the hashes match, the forensic copy is identical to the original. upvoted 1 times ApplebeesWaiter1122 2 months ago Selected Answer: A When you download a file from a reputable source, the provider often publishes the hash value (such as MD5, SHA-256, etc.) of the original file on their website. After downloading the file, you can calculate the hash of the downloaded file and compare it to the published hash. If the hashes match, it means the file was not modified in transit and is likely the same as the original file provided by the hardware manufacturer. If the hashes do not match, it suggests that the file might have been altered during transmission or is a different version from the one provided by the manufacturer. upvoted 2 times 店 店 Protract8593 2 months ago 铺 铺 ; Selected Answer: A ; 学 学 习 习 Hashing is a cryptographic method used to generate a unique fixed-size string of characters (hash value) from the content of a file. By calculating the hash value of the original installation file and comparing it to the hash value of the received file, the security analyst can determine whether the file has been modified in transit or remains unchanged. If the hash values match, it is highly likely that the file was not tampered with during transmission. If the hash values differ, it indicates that the file has been altered, and it should not be trusted. 小 店 66 小 店 66 Option B (Match the file names) and Option C (Verify the URL download location) are not sufficient for ensuring the integrity of the file, as an attacker can use the same file name or spoof the download location to trick users into installing malicious content. Option D (Verify the code signing certificate) is relevant for verifying the authenticity and integrity of software files but might not be applicable in this case if the file is not digitally signed by the manufacturer. In such situations, checking the file's hash would be a more general and reliable method to assess the file's integrity. upvoted 2 times z3phyr 5 months, 3 weeks ago Selected Answer: A Code signing certificates are for software code. Nowhere does the question state that this is for code. It says "file". upvoted 1 times assfedass nished 5 months, 4 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: A Check the Hash(es) Is a collision possible, yes, likely, no - especially considering reviewing more than one hash. upvoted 1 times monzie 5 months, 4 weeks ago Selected Answer: D D. Verify the code signing certificate. Verifying the code signing certificate ensures that the file was not modified during transit, as the certificate provides assurance that the file originated from a trusted source and has not been tampered with since it was signed. upvoted 1 times DALLASCOWBOYS 7 months, 3 weeks ago 店 铺 A. Check the hash of the file to verifiy the integrity of the file to see if it was modified. upvoted 1 times ; 店 铺 ; 学 学 习 ago [Removed] 8 months, 1 week 小 店 Selected Answer: A 66 习 小 店 66 Hashing upvoted 2 times FMMIR 9 months, 2 weeks ago Selected Answer: A The security analyst can safely assess the file by checking the hash of the installation file. A hash is a unique value that is generated based on the contents of a file. When a file is sent from one party to another, the sender can compute the hash of the file and provide it to the recipient. The recipient can then compute the hash of the received file and compare it to the original hash. If the hashes match, it indicates that the file has not been modified and is identical to the original file. This can provide assurance that the file has not been tampered with or corrupted in transit. Options B, C, and D are not reliable methods for determining whether a file has been modified in transit. Matching file names does not guarantee the integrity of the file, verifying the URL download location does not provide information about the file itself, and verifying the code signing certificate does not guarantee that the file has not been modified. upvoted 3 times [Removed] 9 months, 3 weeks ago Selected Answer: A A. Always when it's about checking if app wasnt't modified by 3rd party - you compare hashes :p upvoted 3 times kstevens11 10 months, 3 weeks ago Selected Answer: A keywords: "determine whether a file was modified", and you need a hash comparison for this. Code signing is more for nonrepudiation, I thought. upvoted 3 times MathDayMan 11 months ago A Hashed is the right one upvoted 1 times G4ct756 11 months, 1 week ago Selected Answer: D D. There are possibility of hash collision, and we can't verify if file is from manufacturer. Code sign certificate, verify file is not tampered together with Signer's identity. I would think code sign certificate will hold more weight over file hash. upvoted 3 times 店 铺 ; 学 Tomtom11 11 months, 1 week ago Selected Answer: A 习 小 店 66 File is Hashed Code is Signed to ensure it has not be altered upvoted 3 times 店 铺 ; 学 习 小 店 66 abrilo 11 months, 2 weeks ago Another use of digital certificates, is often used when we are distributing software. A developer will create an executable or a piece of software that needs to be distributed, and then they will sign that software with a code signing certificate. This means that we can receive that software and install it and during the installation process, we can validate that the program that we’re installing is exactly the same executable as the one that was distributed by the manufacturer. upvoted 1 times 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #128 A help desk technician receives a phone call from someone claiming to be a part of the organization's cybersecurity incident response team. The caller asks the technician to verify the network's internal rewall IP Address. Which of the following is the technician's BEST course of action? A. Direct the caller to stop by the help desk in person and hang up declining any further requests from the caller. B. Ask for the caller's name, verify the person's identity in the email directory, and provide the requested information over the phone. C. Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization's cybersecurity o cer. D. Request the caller send an email for identity veri cation and provide the requested information via email to the caller. 店 店 铺 Correct Answer: D 铺 ; ; 学 学 习 小 店 Community vote distribution 66 C (63%) stoneface 习 小 Highly Voted 店 66 D (37%) 1 year ago Selected Answer: D D->Request the caller send an email for identity verification and provide the requested information via email to the caller. -> This will allow to have a record of the requested information as well as identifying the requester. upvoted 17 times Ruthless937 3 weeks, 5 days ago if the attacker has spoofed the email address then they could bypass the email identity verification. upvoted 1 times Ruthless937 1 week, 3 days ago also you would never send an internal IP like that over email for anyone to read. upvoted 1 times OneTooManyCert 5 months, 3 weeks ago I answer C but the lord himself answer D, now i'm confused upvoted 6 times chaddaddy 3 days, 13 hours ago LOL! An anarchy is foaming upvoted 1 times J_Ark1 10 months, 3 weeks ago For the SIEM systems to be able to know who it was that attacked and compromised the system? upvoted 1 times J_Ark1 10 months, 3 weeks ago The issue is that a random individual is trying to gain acess to the internal network and hence we do not know their intended purpose, so it makes sense to notify the cyber security officer so that they can confirm their authorisation via the right channels of communication. upvoted 3 times 店 rodwave 10 months, 2 weeks ago Highly Voted 铺 Selected Answer: C ; 店 铺 ; 学 学 Answer: Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization's cybersecurity officer. 习 习 小 店 66 小 店 66 In this scenario, the help desk technician should be wary of the person's request as help desk technicians would not have this information. Also, if the person claimed to be from the cybersecurity incident response team, they would more likely to have access to this information anyway, or at least know who to contact. For the sake of the technician, it would be best to get as much information as possible and delegate the task of confirming the person's identity to the cybersecurity officer. Even in the very slim chance that it was a legitimate request, it would still be best for the cyber security officer to provide this information instead of a tech. upvoted 14 times malibi Most Recent 3 weeks ago Selected Answer: D emailing a helpdesk is like creating a helpdesk ticket. 1. email add of the sender will be verified, 2. the request will go on the proper channel!. just my 2 cents upvoted 1 times ja1092m 1 month ago It asked for the BEST course of action, wouldn't C淘宝店铺:https://shop63989109.taobao.com/ be the most secure? upvoted 1 times RevolutionaryAct 1 month, 2 weeks ago Selected Answer: C D doesn't make sense given the firewall is supposedly compromised, why would you send data in the clear over email when the firewall is in question? It's C upvoted 1 times predsednik 1 month, 2 weeks ago Selected Answer: C I would go with C because in case someone is trying to scam help desk tech claiming that he belongs to cyber security team, then help desk tech should check and verify this information with Cybersec team if that person exists in their team and does he need that information. 店 店 铺 In case you decide for D and send requested info to sender without verifying his identity with the 铺 cyber sec team you could be wrong and send ; to the hacker who maybe stole email credentials from the real guy. ; sensitive information 学 学 习 习 upvoted 1 times 小 小 店 店 ApplebeesWaiter1122 2 months6ago 66 6 Selected Answer: C In this situation, the technician should be cautious and follow proper security protocols. The caller's request to verify the network's internal firewall IP address is sensitive information that should not be disclosed over the phone without proper verification. Instead, the technician should gather as much information as possible about the caller, including their name and phone number, and then hang up the call. The next step is to notify the organization's cybersecurity officer or a designated authority about the incident so they can verify the legitimacy of the request and take appropriate actions if necessary. upvoted 1 times Protract8593 2 months ago Selected Answer: C In this scenario, the help desk technician receives a call from someone claiming to be from the organization's cybersecurity incident response team. It is essential to follow proper security protocols and procedures when dealing with sensitive information or requests for verification. Option A (Direct the caller to stop by the help desk in person and hang up declining any further requests from the caller) is a good approach if the person is genuinely from the incident response team. However, it may not be feasible or practical in all situations, especially if the organization has a distributed workforce or remote teams. Option B (Ask for the caller's name, verify the person's identity in the email directory, and provide the requested information over the phone) is not recommended because verifying the person's identity solely based on the email directory may not be enough to ensure their authenticity. upvoted 1 times Protract8593 2 months ago Option D (Request the caller send an email for identity verification and provide the requested information via email to the caller) is also not the best course of action, as responding to unsolicited emails can lead to phishing or other security risks. The best approach is to gather as much information as possible from the caller (name, phone number, purpose of the request) without divulging sensitive information. After hanging up, the technician should notify the organization's cybersecurity officer or the appropriate security personnel to verify the legitimacy of the request before taking any further action. upvoted 2 times Jonsmith24 2 months ago What if he is part of the organization's cybersecurity incident response team, and has the proper identity information? Why are you calling the cyber security officer before you even seen the identification? upvoted 2 times 店 Gaurabdon 3 months, 1 week ago 铺D Selected Answer: ; 店 铺 ; 学 学 In real world scenario, the answer is D. I work as an IT help desk in a MSP and the protocol is never to hang up on the person keeping in mind that the person calling can be a legitimate person as well. For that reason, it is best for both parties that the caller sends an email requesting the information so that it gets documented on who asked. If the user is legitimate, we can easily tell with the email address they are sending us from. From there, we can inform the cyber team if we can proceed with the request. upvoted 5 times 习 习 小 店 66 小 店 66 Kaps443 4 months, 3 weeks ago Selected Answer: C C. Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization's cybersecurity officer. The best course of action for the technician is to follow the principle of least privilege and verify the caller's identity before providing any sensitive information. The caller could potentially be a social engineer attempting to gain unauthorized access to the network. Writing down the phone number and the name of the person requesting information, hanging up, and notifying the cybersecurity officer will help prevent unauthorized access to the network. upvoted 1 times Yawannawanka 5 months ago 淘宝店铺:https://shop63989109.taobao.com/ C. Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization's cybersecurity officer. This scenario is an example of a social engineering attack where the attacker is trying to obtain sensitive information through deception. The caller is impersonating a member of the organization's cybersecurity incident response team and attempting to obtain the network's internal firewall IP address. Providing this information could compromise the organization's security. upvoted 1 times Yawannawanka 5 months ago A help desk technician receives a phone call from someone claiming to be a part of the organization's cybersecurity incident response team. The caller asks the technician to verify the network's internal firewall IP Address. Which of the following is the technician's BEST course of action? A. Direct the caller to stop by the help desk in person and hang up declining any further requests from the caller. B. Ask for the caller's name, verify the person's identity in the email directory, and provide the requested information over the phone. C. Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization's cybersecurity officer. Most Voted D. Request the caller send an email for identity verification and provide the requested information via email to the caller. upvoted 1 times 店 店 铺 铺 ; ; 学 学 Mkoenig69 5 months,习 3 weeks ago 习 小 小 Selected Answer: C 店 店 6 66 through email is not 6 organization's security at risk. Email can be easily intercepted, and identity verification D is not recommended as it puts the reliable. upvoted 1 times MasterControlProgram 6 months ago Selected Answer: C C. Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization's cybersecurity officer is the BEST course of action for the help desk technician. This is because the caller could potentially be a malicious actor attempting to gain unauthorized access to the network. The technician should not provide any sensitive information until they can verify the caller's identity through appropriate channels, such as contacting the organization's cybersecurity incident response team directly or verifying the request through established procedures. upvoted 1 times EricShon 6 months, 1 week ago Selected Answer: C C. Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization's cybersecurity officer is the BEST course of action for the help desk technician. The request from the caller to verify the network's internal firewall IP Address is a suspicious request, and the technician should take caution to ensure the identity of the caller is legitimate before providing any sensitive information. Writing down the caller's phone number and name and notifying the organization's cybersecurity officer will allow the incident response team to investigate the legitimacy of the request and prevent any potential social engineering or phishing attempts. upvoted 1 times xxxdolorxxx 7 months, 3 weeks ago So I read this a few times and maybe it's just me but the second half of D is throwing some red flags for me. "and provide the requested information via email to the caller." this implies that the company would then send the documents to the caller. Wouldn't that be a potential security risk? Originally I thought D. Now I feel like D is wrong. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #129 Which of the following would BEST provide detective and corrective controls for thermal regulation? A. A smoke detector B. A re alarm C. An HVAC system D. A re suppression system E. Guards 店 铺 Correct Answer: D 店 铺 ; ; 学 学 习 Community vote distribution 习 小 C (88%) 店 66 stoneface Highly Voted 小 店 12% 66 1 year ago Selected Answer: C What are the functions of an HVAC system? An HVAC system is designed to control the environment in which it works. It achieves this by controlling the temperature (THERMAL) of a room through heating and cooling. It also controls the humidity level in that environment by controlling the movement and distribution of air inside the room. So it provides detective and corrective controls for THERMAL regulation. upvoted 37 times sujon_london 1 month, 2 weeks ago Most Recent Selected Answer: D The optimal way to achieve detective and corrective thermal regulation is through a fire suppression system, which actively curbs fires and halts their escalation. While smoke detectors, fire alarms, and HVAC systems are significant, they lack the direct fire control capability of a suppression system. upvoted 1 times RevolutionaryAct 1 month, 2 weeks ago Wrong. It never mentions fire and fire suppression can only put out fires, it cannot raise temperatures nor slowly (or rapidly) cool unlike an HVAC system "corrective controls for thermal regulation" =/= fire upvoted 1 times RevolutionaryAct 2 weeks, 4 days ago OK now I retract that comment because elsewhere I see that a fire suppression system is considered a corrective and compensating control. upvoted 1 times ApplebeesWaiter1122 2 months ago Selected Answer: C An HVAC (Heating, Ventilation, and Air Conditioning) system can provide both detective and corrective controls for thermal regulation. The HVAC system helps detect abnormal temperature changes in the environment, which can indicate potential issues with thermal regulation. For example, if a server room becomes too hot, the HVAC system can trigger alarms or notifications to alert the relevant personnel about the issue. 店 店 铺 铺 Additionally, the HVAC system can be programmed to take corrective actions automatically in response to temperature fluctuations. It can adjust heating, cooling, and ventilation settings to bring the environment back to the desired temperature range. upvoted 2 times ; ; 学 学 习 习 小 店 sujon_london 1 month, 2 weeks ago 66 小 店 66 I do appreciate your contribution in this platform which is very helpful: just to check what aspect HVAC will detect and would be corrective ? This may helps to change answer c >d; The optimal way to achieve detective and corrective thermal regulation is through a fire suppression system, which actively curbs fires and halts their escalation. While smoke detectors, fire alarms, and HVAC systems are significant, they lack the direct fire control capability of a suppression system. upvoted 1 times Protract8593 2 months ago Selected Answer: C An HVAC (Heating, Ventilation, and Air Conditioning) system can provide both detective and corrective controls for thermal regulation. It is capable of detecting abnormal temperatures and adjusting the environment to maintain the desired temperature range. By doing so, it helps to prevent overheating or freezing of equipment, which can lead to system failures or damage. This makes the HVAC system an important component in maintaining the overall security and reliability of the infrastructure. upvoted 1 times 淘宝店铺:https://shop63989109.taobao.com/ EUGgrep 4 months ago Selected Answer: C D can't be the correct answer because a fire suppressor does not have detection capabilities. whereas the HVAC has detective and corrective powers, it detects the temperature and adjusts it accordingly depending on the settings. so the correct answer is C. upvoted 1 times Yawannawanka 5 months ago C. An HVAC system. An HVAC (heating, ventilation, and air conditioning) system can provide both detective and corrective controls for thermal regulation. The system is designed to detect changes in temperature and adjust the airflow and temperature accordingly. If the temperature goes beyond a certain threshold, the system can trigger an alarm or alert to notify the appropriate personnel. The HVAC system can also take corrective action to regulate the temperature by adjusting the airflow or turning on a cooling system, for example. A smoke detector and a fire alarm are designed to detect smoke and fire, respectively, and are not directly related to thermal regulation. A fire suppression system is designed to extinguish fires, but it does not provide detective or corrective controls for thermal regulation. Guards can provide physical security but are not directly related to thermal regulation. upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 Mkoenig69 5 months, 3 weeks ago 店 店 66 Selected Answer: C 66 Fire suppression systems are designed to extinguish fires and prevent them from spreading, but they do not provide any thermal regulation. upvoted 2 times MasterControlProgram 6 months ago Selected Answer: C C. An HVAC system would provide the best detective and corrective controls for thermal regulation. HVAC stands for Heating, Ventilation, and Air Conditioning, and it helps to maintain a comfortable temperature and humidity level inside a building. It can detect and correct issues related to temperature, such as too hot or too cold, and provide a way to regulate it through heating or cooling systems. Smoke detectors, fire alarms, fire suppression systems, and guards are designed to detect and prevent fire-related incidents and may not be effective in regulating temperature. upvoted 3 times hoott i 7 months, 2 weeks ago fire suppression is detective and corrective? upvoted 2 times assfedass nished 5 months, 4 weeks ago HVAC is a better answer. The odds of a fire are less than the odds of the temperature being 1+ degree hotter/colder than spec. HVAC can detect and correct that. upvoted 1 times DALLASCOWBOYS 7 months, 2 weeks ago C. HVAC system. It measures temperature and humidity, and corrects both if the measurements get out of the acceptable ranges. upvoted 1 times Blake89 8 months ago Selected Answer: C CompTia Study Guide book: 'HVAC systems ensures that the processes or systems are at the proper temperature and humidity." upvoted 3 times Boubou480 8 months, 2 weeks ago Selected Answer: C C. An HVAC system would provide the best detective and corrective controls for thermal regulation. An HVAC (heating, ventilation, and air conditioning) system can detect deviations in temperature and adjust accordingly to maintain a comfortable and safe range. It can also alert maintenance staff if there is a problem that needs to be corrected. upvoted 2 times 店 店 铺 铺 ; 学 jhfdkjshfkjdsho 9 months, 1 week ago 习 小 ; 学 习 小 店 店 or a combination of A fire suppression system, like a fire 66 sprinkler system, is used to extinguish or control fires, and is activated by heat, smoke, 66 the two. However, a fire suppression system uses gaseous, chemical, or foam fire suppression agents to suppress the fire, rather than water. So, it is Selected Answer: D a detective and corrective system upvoted 1 times Blake89 8 months ago Lol just stop it. The answer is C upvoted 2 times PraygeForPass 8 months, 2 weeks ago Thermal regulation isn't just fires/smoke. It can be extremely cold or humid in a building for example. A fire suppression system won't help with that. upvoted 3 times nul8212 9 months, 1 week ago Selected Answer: D This answer covers both parts of the question. upvoted 1 times 淘宝店铺:https://shop63989109.taobao.com/ FMMIR 9 months, 2 weeks ago Selected Answer: C An HVAC system would provide the best detective and corrective controls for thermal regulation. An HVAC (heating, ventilation, and air conditioning) system is a type of building management system that is used to control the temperature, humidity, and air quality within a building. HVAC systems typically include sensors that can detect changes in temperature, and control mechanisms that can adjust the heating or cooling output to maintain a comfortable and safe environment. This provides both detective and corrective controls for thermal regulation, as the sensors can detect deviations from the desired temperature range, and the control mechanisms can automatically adjust the heating or cooling output to correct the problem. Options A, B, D, and E do not provide the same level of control for thermal regulation as an HVAC system. A smoke detector and fire alarm can detect fires, but they do not provide the same level of control over the temperature within a building. A fire suppression system can extinguish fires, but it does not provide any control over the temperature. Guards do not provide any control over the temperature upvoted 2 times 店 babyzilla 10 months, 2 weeks ago 铺 ; 店 铺 ; 学 Selected Answer: C 学 习 习 Remember corrective and detective are AFTER an incident occurs. The first suppression system would kick in after a fire happened...I highly doubt that this is what the question is referring to. On the other hand, in order for a HVAC system to activate, a simple thermal change has to happen. Just like at home, you set your thermostat to heat or cool and set a temp. If it goes below or above your set temp, then the system will kick on. upvoted 3 times 小 小 店 店 66 66 The_F00L 10 months, 3 weeks ago its HVAC, but man... gotta love Fire supression as an answer. got a giggle out of me upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #130 Which of the following is a bene t of including a risk management framework into an organization's security approach? A. It de nes expected service levels from participating supply chain partners to ensure system outages are remediated in a timely manner. B. It identi es speci c vendor products that have been tested and approved for use in a secure environment. C. It provides legal assurances and remedies in the event a data breach occurs. D. It incorporates control, development, policy, and management activities into IT operations. Correct Answer: D 店 店 铺 Community vote distribution ; 学 D (89%) 习 小 店 铺 ; 11% 66 predsednik 1 month, 2 weeks ago 学 习 小 店 66 Selected Answer: D A risk management framework incorporates various control, development, policy, and management activities into an organization's IT operations. It provides a structured approach to identifying and managing risks, which includes defining risk appetite, risk assessment methodologies, risk treatment strategies, and risk monitoring and reporting. upvoted 1 times ApplebeesWaiter1122 2 months ago Selected Answer: D A risk management framework incorporates various control, development, policy, and management activities into an organization's IT operations. It provides a structured approach to identifying and managing risks, which includes defining risk appetite, risk assessment methodologies, risk treatment strategies, and risk monitoring and reporting. By integrating these activities into IT operations, the organization can effectively manage and mitigate risks, ensuring a more secure and resilient environment. upvoted 2 times Protract8593 2 months ago Selected Answer: D Including a risk management framework into an organization's security approach helps to integrate various aspects of security, including control implementation, development practices, policy creation, and management activities. A risk management framework provides a structured and systematic approach to identify, assess, and mitigate risks, ensuring that security measures are well-coordinated and aligned with the organization's goals and objectives. upvoted 1 times LeonardSnart 4 months, 1 week ago Selected Answer: D "Risk Management Framework (RMF) ・ A process that integrates security and risk management activities into the system development life cycle through an approach to security control selection and specification that considers effectiveness, efficiency, and constraints due to applicable laws, directives, Executive Orders, policies, standards, or regulations" -Jason Dion Comptia Security+ Study Notes upvoted 2 times Yawannawanka 5 months ago D. It incorporates control, development, policy, and management activities into IT operations. 店 店 铺 铺 including incorporating control, Including a risk; management framework into an organization's security approach has several benefits, ; a structured and systematic approach development, policy, 学and management activities into IT operations. A risk management framework provides 学 习 to prioritize risks and allocate to identify, assess, and习 manage risks to an organization's information systems and assets. It allows the organization 小 小 resources accordingly, which 店 can lead to more effective and efficient security measures. 店 66 66 Option A is related to service level agreements (SLAs) and supply chain management, which are not directly related to a risk management framework. Option B is related to vendor management and procurement, which are important components of a security program but not directly related to a risk management framework. Option C is related to legal compliance and liabilities, which are important but not directly related to a risk management framework. upvoted 2 times assfedass nished 5 months, 4 weeks ago Selected Answer: D Which of the following is a benefit of including a risk management framework into an organization's security approach? -D There are no legal assurances or remedies provided at all by the framework itself. Neither is that included in the org's security approach. The product of the RMF's incorporation into the org's security approach would provide those things. upvoted 1 times 淘宝店铺:https://shop63989109.taobao.com/ Omi0204 6 months, 2 weeks ago Answer is C. A strong risk management framework can offer organizations a number of key benefits, such as protection of assets, reputation management, and the optimization of data management. A risk management framework can also provide protection against losses of competitive advantage, legal risks, and business opportunities. Benefits of Risk Management Framework A risk management framework helps protect against potential losses of competitive advantage, business opportunities, and even legal risks. upvoted 3 times DALLASCOWBOYS 7 months, 2 weeks ago D is the best answer given. upvoted 2 times [Removed] 9 months, 3 weeks ago 店 铺 店 铺 ; ; I would go with D.学 There is nothing about legal assurence in books i read. 学 习 习 小 小your company can run Risk management is about identyfying vulnerabilities and threats in your company. To help you mitigater them, so 店 店 smoothly. 66 66 upvoted 4 times Selected Answer: D deeden 9 months, 3 weeks ago Selected Answer: C Agree with C. RMF goes beyond IT Operations and Supplier/Vendor management. upvoted 1 times passmemo 11 months, 2 weeks ago Selected Answer: D An effective risk management framework will prioritize understanding the risks that your business faces to take the necessary steps to protect your assets and your business upvoted 2 times skorza 11 months, 3 weeks ago Is it not A as the benefit is "to ensure system outages are remediated in a timely manner"? upvoted 2 times studant_devsecops 12 months ago Selected Answer: C Believe the keyword is reference to legal. Does anyone think same? upvoted 1 times [Removed] 12 months ago Where is it referencing "legal"? upvoted 3 times Gino_Slim 11 months ago It doesn't. Idk where they got that from. upvoted 3 times RonWonkers 1 year ago Selected Answer: D I agree with D upvoted 4 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #131 An organization maintains several environments in which patches are developed and tested before being deployed to an operational status. Which of the following is the environment in which patches will be deployed just prior to being put into an operational status? A. Development B. Test C. Production D. Staging 店 店 铺 Correct Answer: B 铺 ; ; 学 Community vote distribution 习 D (93%) 小 店 学 习 小 5% 店 66 bitezadusto 66 6 months ago Highly Voted remember this: Dont Throw Sausage Pizza Development >> Testing >> Staging >> Production upvoted 21 times BigIshai 1 month, 2 weeks ago The full acronym would be Development >> Testing >> Staging >> Production >> Quality Assurance. Don't Throw Sausage Pizza Quickly! lol (source: page 252 CompTIA+ SYO-601:Get Certified ahead. Darril Gibson) upvoted 3 times Samsonite363 Highly Voted 7 months, 3 weeks ago Selected Answer: D Development > Testing > Staging > Production upvoted 11 times RevolutionaryAct Most Recent 1 month, 2 weeks ago Hm, I am wondering if testing is indeed the right answer https://www.pagerduty.com/resources/learn/software-development-life-cycle/ upvoted 1 times predsednik 1 month, 2 weeks ago Selected Answer: D Development >> Testing >> Staging >> Production upvoted 1 times sujon_london 1 month, 2 weeks ago Selected Answer: B This is very critical question to answer, in my understanding and research through wording of question I have concluded precisely with B. Development: This is where patches are created and initial testing might occur. Test: Patches are thoroughly tested in this environment to identify any issues or conflicts before moving to the next stage. Staging: Patches are deployed to a staging environment that closely resembles the operational environment. This allows for final testing and verification and validation for the final stage before deployment. Production: Once patches have successfully passed testing in the staging environment, they are deployed to the operational or production environment for regular use. 店 店 铺 铺 ; ; 学 学 习 习 小 店 小 店 The confusion here maybe between resembles of final product and testing before deploying into the operational environment. Patches are throughly tested indeed at testing stage not staging stage. upvoted 1 times 66 66 ApplebeesWaiter1122 1 month, 4 weeks ago Selected Answer: D In the software development lifecycle, the staging environment serves as a final testing and validation phase before deploying changes to the production environment. It closely mirrors the production environment, allowing organizations to assess the impact of changes and ensure everything works as expected before going live. Once patches have been thoroughly tested in the staging environment and any potential issues have been addressed, they can then be deployed to the production environment for regular use. upvoted 1 times Protract8593 2 months ago Selected Answer: D The staging environment is the environment where patches and updates are deployed just before they are put into an operational status. It serves as a final step before deploying changes to the production environment, allowing organizations to validate the changes in a controlled setting 淘宝店铺:https://shop63989109.taobao.com/ and ensure that they work as expected before going live. upvoted 1 times Yawannawanka 5 months ago D. Staging. Staging is the environment in which patches will be deployed just prior to being put into an operational status. The staging environment is intended to replicate the production environment as closely as possible and is used to test changes, including patches, before they are implemented in the production environment. The development environment is used for developing and testing new features and functionality. The test environment is used to test the software or patches in a controlled environment before being moved to the staging environment. The production environment is the live environment where the system is used by end-users. upvoted 1 times assfedass nished 5 months, 4 weeks ago 店 铺 店 铺 Selected Answer: D ; ; If the patches are already developed and tested, but not yet deployed to the operational status, then the environment just before that is staging. upvoted 1 times 学 学 习 习 小 小 店 Omi0204 6 months, 2 weeks ago 店 66 66 A staging environment is very similar to a production environment, but it is used for testing purposes before the application is launched in production. This environment tries to simulate as much as possible the final production environment, so tests in staging are more accurate than tests done in development. upvoted 1 times GRIM95 6 months, 2 weeks ago I just read that staving is before every single one of these steps and testing is right before an operational environment ? upvoted 1 times Omi0204 6 months, 2 weeks ago patches are developed and tested before being deployed: It means patches are already passed through the development and test environment. so the third is the stage environment before production(Operational environment). Development -> Test -> Stage -> Production(Operational) upvoted 1 times DALLASCOWBOYS 7 months, 2 weeks ago D. Staging is the step right before production upvoted 2 times Comicbookman 8 months ago A staging environment is the last step before something goes into production and is visible on the live site. A staging site’s main purpose is to ensure that all new changes deployed from previous environments are working as intended before they hit the live website. By using a staging site and testing everything before deploying to a live website, you will be able to eliminate bugs and issues, so they never affect the user. Sometimes this process is referred to as quality assessment (QA). upvoted 2 times Boubou480 8 months, 2 weeks ago Selected Answer: D D. Staging The staging environment is where patches are deployed just prior to being put into an operational status. It is a test environment that closely resembles the production environment, and it is used to ensure that patches are working correctly before they are deployed to the production environment. 店 店 铺 铺 The development environment is where new patches are developed and tested before they are ready to be deployed to a test environment. The test environment is where patches are tested to ensure that they are working correctly before they are deployed to the staging environment. The production environment is the live operational environment where patches are deployed once they have been tested and approved. upvoted 1 times ; ; 学 学 习 习 小 店 Capt_Mundo 9 months ago 66 小 店 66 Selected Answer: C I think its C as it stated in the question "Which of the following is the environment in which patches will be deployed", the patches are being deployed during TESTING however, in STAGING patches are already been deployed and tested, its for observation whether for deployment to Production is feasible. upvoted 2 times Capt_Mundo 9 months ago I stand corrected B is my answer due to the reasons above. thanks upvoted 1 times rodwave 10 months, 2 weeks ago Selected Answer: D Answer: Staging 淘宝店铺:https://shop63989109.taobao.com/ Staging is an testing environment similar to production where software system will go through final testing to ensure the application will work properly when it's deployed to production ==================== Software Development Environment Stages: 1. Development - Where the actual development of the software takes place (source code/machine code) 2. Testing - The testing environment is where new or updated code functionalities from development is tested. The primary focus is components of the software vs the entire application. 3. Staging - After passing tests, the software system moves to the staging environment which is identical to production where the system will go through final testing to ensure the application will work properly when it's deployed to production 4. Production - This is the live environment that is available to users upvoted 6 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #132 During a trial, a judge determined evidence gathered from a hard drive was not admissible. Which of the following BEST explains this reasoning? A. The forensic investigator forgot to run a checksum on the disk image after creation. B. The chain of custody form did not note time zone offsets between transportation regions. C. The computer was turned off, and a RAM image could not be taken at the same time. D. The hard drive was not properly kept in an antistatic bag when it was moved. Correct Answer: B 店 店 铺 Community vote distribution ; 学 B (72%) 习 铺 ; 学 习 A (28%) 小 小 店 Dachosenone 店 66 Highly Voted 66 1 year ago Selected Answer: B The question states that a trial Judge determined evidence gathered from a hard drive was not admissible. It is obvious that this is a legal matter. All of the remaining answers are of a technical nature, So consequently the only issue that a Judge can rule on is a Chain of custody issue. So, ladies and gentlemen, I rest my case (quickly bangs a gavel upon the desk) upvoted 40 times Kurt43 2 days, 11 hours ago the question did not mention about transport or timezones. it only mentioned about HDD not admissible. Why would we assume a scenario that wasn't described? upvoted 1 times Luuke 6 months, 3 weeks ago Any video evidence ingested must include time stamp and time zone in order to convict - I used to run evidentiary collection for a 3 letter agency. These video drives had to be finalized in order to make them read-only as well. upvoted 3 times rline63 3 weeks, 3 days ago I'm confused by this. The checksum verifies the integrity of the file and confirms the evidence has not been tampered with. In my mind, it's almost like a police station creating a written document about what the evidence is before putting it into evidence. Without it, the evidence could have been modified and no one would know. I'm not saying the time isn't important, it is, but the gaps could be filled by looking at the physical location of the drive in correlation with the time documented. I feel like both are correct though and I struggle to identify one that seems more correct. upvoted 1 times Yaakb 1 month, 2 weeks ago I perfectly agree with Dachosenone upvoted 1 times Ay_ma Highly Voted 1 year ago Selected Answer: B If you read through the forensics chapter in Darril Gibson's (Ebook PG. 779) sce+ guide, Option B will make sense to you. Chain of Custody is one of the important parts of forensics, cause someone has to take responsibility for protecting the evidence. Your evidence also always has to show exact dates. And in this question, the evidence needed to be transported to multiple geographical locations before it got to the judge. So if there's a mismanagement of dates and times, it won't be legally admissible in court, cause 2 rules have been violated. upvoted 14 times 店 店 铺 铺 ; ; 学 学 Kurt43 2 days, 11习 hours ago 习 小 小would we assume a scenario the question did not mention about transport or timezones. it only mentioned about HDD not admissible. Why 店 店 that wasn't described? 66 66 upvoted 1 times Nikamy Most Recent 1 month, 3 weeks ago Selected Answer: B I choose B upvoted 1 times ApplebeesWaiter1122 1 month, 4 weeks ago Selected Answer: B The chain of custody is a critical document that tracks the handling and movement of evidence from the time it is collected until it is presented in court. It includes details such as who had custody of the evidence, when it was collected, transported, and stored, and any changes or alterations made to it. If the chain of custody is not properly maintained, it can cast doubt on the integrity and authenticity of the evidence, leading to its exclusion from the trial. upvoted 1 times Protract8593 2 months ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: B The chain of custody is a critical aspect of handling digital evidence. It is a documentation process that tracks the movement and handling of evidence from the time it is collected until it is presented in court. If the chain of custody is not properly maintained, it can lead to the evidence being deemed inadmissible in court, as it may cast doubt on the integrity and authenticity of the evidence. In this case, the judge determined that the evidence gathered from the hard drive was not admissible because the chain of custody form did not properly note the time zone offsets between transportation regions, raising concerns about the handling and integrity of the evidence during its movement. Let me explain why option A is incorrect. Option A states that the forensic investigator forgot to run a checksum on the disk image after creation. While running a checksum on the disk image is a good practice to verify the integrity of the data, it is not the reason for the judge determining the evidence as inadmissible. upvoted 2 times Protract8593 2 months ago 店 店 A checksum is a value calculated from the data in a file to ensure that it has not been altered or corrupted during storage or transmission. It is used to verify the integrity of the data and detect any changes or errors. However, the absence of a checksum alone does not make the evidence inadmissible in court. 铺 ; 铺 ; 学 学 习 习 custody, as mentioned in option The judge's decision to小 determine the evidence as inadmissible is most likely due to a breach in the chain of 小 店each person who had access B. The chain of custody is a店 legal concept that ensures the proper handling and control of evidence, documenting 6 6 and any changes made to it. If there are any issues or gaps in the chain of custody66documentation, it can to the evidence, the time of access, cast doubt on the integrity and authenticity of the evidence, leading to it being deemed inadmissible in court. In summary, the lack of a checksum on the disk image, as mentioned in option A, might be a procedural oversight, but it is not the primary reason for the evidence being considered inadmissible. The more critical concern is the proper maintenance of the chain of custody, as highlighted in option B. upvoted 1 times jb844 3 months, 2 weeks ago "A" going against the grain. Even lawyers can tell there is a time difference between cities in US and international. From: https://www.sans.org/blog/law-is-not-a-science-admissibility-of-computer-evidence-and-md5-hashes/ Could you get electronic evidence admitted without hashing? Yep. Will hashing help admissibility of my evidence? Certainly, but it is not legally required. What if someone brings up collisions in court? Again, usually an attempt to confuse the jury. But you can turn this on them by stating that it is more likely that before showing up for jury duty, all the jurors randomly put the same 7 numbers into the Powerball Lottery and won. That has a much greater chance of happening than a naturally occurring collision. (Thanks to Scott Moulton for that great analogy). With folks being prosecuted on partial fingerprint matches or eye witness testimony from a guy driving by in a car at 30 MPH, do we really think this is a show stopper for courts? I think not noting EST, CST or other is irrelevant WHERE it came from will be center stage. (city, state, country) Offset is not needed in my humble opinion. Hash is the most relevant. upvoted 1 times fouserd 4 months, 2 weeks ago Selected Answer: B The most likely reason for the judge to determine that evidence gathered from a hard drive was not admissible is B. The chain of custody form did not note time zone offsets between transportation regions. The chain of custody is a record of the handling and storage of evidence, including details such as who had access to the evidence, when it was accessed, and how it was transported. If the chain of custody form did not accurately record the time zone offsets between transportation regions, it could cast doubt on the integrity and reliability of the evidence, leading the judge to rule it inadmissible. upvoted 1 times Yawannawanka 5 months ago B. The chain of custody form did not note time zone offsets between transportation regions. The judge likely determined that the evidence gathered from the hard drive was not admissible due to a lack of proper documentation of the chain of custody. The chain of custody refers to the chronological documentation that records the handling and movement of evidence from the time it is collected until the time it is presented in court. The documentation must include detailed information, such as the date, time, location, and individuals who had custody of the evidence. 店 店 铺 铺 ; 学 习 ; 学 习 小 In this case, the chain of custody that the chain of custody 店 form did not note time zone offsets between transportation regions. This could小indicate 店 66the integrity of the was not properly documented or6that 6 there were inconsistencies or gaps in the documentation, which could compromise evidence. As a result, the judge may have determined that the evidence was not admissible in court. Options A, C, and D are not directly related to the admissibility of evidence and are not likely to be the reason why the judge determined the evidence to be inadmissible. upvoted 1 times Yawannawanka 5 months ago B. The chain of custody form did not note time zone offsets between transportation regions. The judge likely determined that the evidence gathered from the hard drive was not admissible due to a lack of proper documentation of the chain of custody. The chain of custody refers to the chronological documentation that records the handling and movement of evidence from the time it is collected until the time it is presented in court. The documentation must include detailed information, such as the date, time, location, and individuals who had custody of the evidence. In this case, the chain of custody form did not note time zone offsets between transportation regions. This could indicate that 淘宝店铺:https://shop63989109.taobao.com/ upvoted 1 times mosher21 5 months ago Selected Answer: A This is another crappy question. Both A and B is correct. With no hash being taken no one can prove that the data was not tampered with. Likewise, if chain of custody form was not held properly, judge can conclude it as inadmissible. In my opinion hashing the evidence for integrity check has bigger magnitude than noting timezone offsets. Imagine there is pictures in the hard drive that proves a murder was committed. With no hash check one can delete the pictures on the original hard drive later on, or worse a malicious forensic agent can insert fake AI generated pictures of a murder into the image and there would be no way to prove (or it would be very difficult to prove) which data is authentic. but with hashes you can prove no data was tampered with. upvoted 3 times Confuzed 5 months, 2 weeks ago Selected Answer: B Admissibility will always follow the chain of custody. The two sides can argue about how the evidence was processed and what it says, but the judge will make the admissibility determination based on the chain of custody. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 fouserd 5 months, 2 weeks ago 小 小 店 店 6 6 chain of custody form 6 The reasoning behind the judge’s decision that evidence gathered from a hard drive was not admissible could be due to6 Selected Answer: B did not note time zone offsets between transportation regions. The chain of custody form is a document that tracks the movement of evidence from one location to another. It is important that this document is accurate and complete to ensure that the evidence can be used in court. If there are any discrepancies or errors in the chain of custody form, it can call into question the integrity of the evidence and make it inadmissible in court. upvoted 1 times z3phyr 5 months, 3 weeks ago If it's a question about admissibility of evidence, chances are the answer has something to do with Chain of custody. upvoted 1 times MasterControlProgram 5 months, 3 weeks ago Selected Answer: B The correct answer is not provided, as the context of the case and the reason for the judge's decision are not clear. However, in general, the judge's decision to exclude evidence could be based on several factors, such as the relevance and reliability of the evidence, whether it was obtained legally and in accordance with the Fourth Amendment, or whether it was properly preserved and authenticated. In the case of a hard drive, the judge's decision to exclude evidence could be due to issues with the chain of custody, the collection and preservation process, the authenticity of the data, or other factors that could affect the admissibility of the evidence in court. upvoted 1 times EricShon 6 months, 1 week ago Selected Answer: B Option B. The chain of custody form not noting time zone offsets between transportation regions could be seen as a significant error that could call into question the integrity and authenticity of the evidence. It could suggest that there was not adequate control over the evidence and that it may have been tampered with or mishandled during transport. upvoted 1 times Real_Fake_doors 7 months ago Selected Answer: B I think the answer should be A, but unfortunately because this is Comptia it's going to be B. Speaking from experience, most judges are not going to throw out the evidence because of time zone changes unmarked. This is a comptia exam though so eff it let's say it's the time zone issue. upvoted 3 times Blake89 8 months ago 店 店 Selected Answer: B 铺 铺 "Regardless of the type of forensic data that is obtained or handled, it is important to maintain chain of custody if the forensic case may result in a legal case." - CompTIA Study Guide book upvoted 2 times ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #133 An organization wants to implement a biometric system with the highest likelihood that an unauthorized user will be denied access. Which of the following should the organization use to compare biometric solutions? A. FRR B. Di culty of use C. Cost D. FAR E. CER 店 店 铺 铺 ; ; 学 学 习 Correct Answer: E Community vote distribution Highly Voted 小 店 66 D (52%) stoneface 习 小 店 E (43%) 66 4% 1 year ago Selected Answer: E Crossover Error Rate (CER)—the point at which FRR and FAR meet. The lower the CER, the more efficient and reliable the technology. Errors are reduced over time by tuning the system. This is typically accomplished by adjusting the sensitivity of the system until CER is reached. upvoted 45 times PraygeForPass 8 months, 1 week ago The reason I like FAR (False acceptance rate) is because the company is more focused on making sure unauthorized users will be denied access. They aren't too worried about FRR (False rejection rate) as these users will already have access, so they don't need to focus on comparing both FAR and FRR using CER. That is why I pick D. upvoted 16 times Danalyst 1 year ago Probably right, I chose D. FAR but the question is worded strangely, 'what should they compare against?'' CER would be more useful. upvoted 6 times Halaa 1 year ago I agree with you . As the sensitivity of a biometric system increases, FRRs will rise and FARs will drop. upvoted 2 times ffsilveira10 5 months, 1 week ago But with low CER you are not certain that you have the lowest FAR.. In this case they are concerned about FAR, so I would go with option D. upvoted 3 times comeragh Highly Voted 1 year ago Selected Answer: D "with the highest likelihood that an unauthorized user will be denied access" - I would think this is D (False Acceptance Rate). upvoted 28 times Gino_Slim 11 months ago 店 铺 I hope you didn't select this on the exam... upvoted 5 times ; 学 店 铺 ; 学 习 习 DriftandLuna 1 month, 小 3 weeks ago 小 店 店unauthorised entry is not why not? It's the correct answer. Read it carefully, the question is not about overall accuracy, it is about ensuring 6 66 6 permitted. upvoted 2 times Mperor 10 months, 2 weeks ago lo. you funny upvoted 4 times zzzfox 1 year ago False Acceptance Rate means the likelihood that an unauthorized used will be accessed(Acceptance).. upvoted 4 times NICKJONRIPPER 10 months ago make this rate close to 0 to achieve the goal. upvoted 3 times Jacob_Kramer1995 Most Recent 淘宝店铺:https://shop63989109.taobao.com/ 3 weeks, 2 days ago Which of the following should the organization use to """"""""compare"""""""" biometric solutions. = CER upvoted 1 times rline63 3 weeks, 3 days ago Selected Answer: D CER is the best way to minimize errors in these systems. With this in mind, you can skew the errors in one direction if it is beneficial. In a high security system, it would be better for a legitimate request to be denied than a malicious request to be accepted. This is why it is better in the context of this question to focus on minimizing the false acceptance rate. upvoted 2 times sarah2023 1 month ago Selected Answer: D D. FAR as the accent is on preventing unauthorised access rather than overall accuracy. From the question I don't get the sense of them caring if someone would falsely get denied access if it's for the sake of making sure the person is legitimate. upvoted 1 times 店 店 铺 铺 ; ; ja1092m 1 month学 ago习 学 习 小 小 id go with D, CER is also known as the Equal Error Rate (EER). The Crossover Error Rate describes the overall accuracy of a biometric system, because they asked what would be used to compare biometrics upvoted 1 times 店 店 66 66 LetsDiscuss23 1 month, 1 week ago Selected Answer: D It is D upvoted 1 times predsednik 1 month, 2 weeks ago Selected Answer: D FAR (False Acceptance Rate) The False Acceptance Rate (FAR) measures the probability that an unauthorized user is incorrectly granted access. A lower FAR indicates a system that is less likely to accept unauthorized users, which aligns with the organization's goal of denying access to unauthorized users. Therefore, FAR is the most relevant metric for this specific objective. upvoted 1 times DriftandLuna 1 month, 3 weeks ago They are not asking about the accuracy of the system, they are asking which of these options will most likely reject an unauthorised user. FAR is the false acceptance rate, that is all the question is concerned about, not overall accuracy. Therefore the answer is D upvoted 1 times Nikamy 1 month, 3 weeks ago Selected Answer: D I choose D upvoted 1 times ApplebeesWaiter1122 1 month, 4 weeks ago Selected Answer: D FAR measures the probability that the biometric system incorrectly accepts the identity of an unauthorized user as a legitimate one. A lower FAR indicates that the system is less likely to allow unauthorized access. upvoted 2 times Protract8593 2 months ago Selected Answer: D 店 铺 The correct answer is D, not E. ; 店 铺 ; 学 学 likelihood that an unauthorized user The question asks which metric should the organization use to compare biometric solutions with the highest 习 习 as it represents the likelihood of will be denied access. In this 小context, the organization should focus on reducing the False Acceptance Rate (FAR), 小 店 店 an unauthorized user being incorrectly granted access (false positive). 66 66 The Crossover Error Rate (CER) is used to find the point where FAR and False Rejection Rate (FRR) are equal. While CER is helpful in comparing biometric systems overall, it does not directly address the organization's specific goal of maximizing the likelihood that unauthorized users will be denied access. Therefore, D. FAR (False Acceptance Rate) is the best choice for this scenario. upvoted 1 times LiteralGod 2 months ago Selected Answer: E Crossover Error Rate upvoted 1 times Haykinz 2 months, 1 week ago Selected Answer: E It’s CER since they’re ‘comparing’ biometric solutions. FRR vs FAR upvoted 2 times 淘宝店铺:https://shop63989109.taobao.com/ frejus 2 months, 2 weeks ago Selected Answer: E E is the best answer for me according to this part from the book "Crossover Error Rate (CER)—the point at which FRR and FAR meet. The lower the CER, the more efficient and reliable the technology. Errors are reduced over time by tuning the system. This is typically accomplished by adjusting the sensitivity of the system until CER is reached." upvoted 1 times Taitoo 2 months, 2 weeks ago Selected Answer: D The False Acceptance Rate (FAR) is a measure that indicates the probability of an unauthorized user being incorrectly granted access by the biometric system. the organization should use option D: FAR (False Acceptance Rate). upvoted 1 times Essi 4 months ago 店 店 铺 铺 ; ; The organization should 学 use D. FAR (False Acceptance Rate) to compare biometric solutions. 学 习 习 小 wanting to ensure the highest likelihood that an unauthorized user will be denied 小access, the FAR is the most In the context of an organization 店 店 relevant metric. This is because the FAR measures the probability that a biometric system will incorrectly grant access to6an unauthorized user. A 6 6 to prevent unauthorized access. 6 system with a lower FAR is more likely Selected Answer: D The other options like FRR, Difficulty of use, Cost, and CER are important considerations as well, but they do not directly address the concern of denying access to unauthorized users. FRR pertains to denying access to authorized users, difficulty of use impacts user experience, cost is a budgetary concern, and CER is usually related to character recognition systems rather than biometric authentication. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #134 A company recently experienced a signi cant data loss when proprietary information was leaked to a competitor. The company took special precautions by using proper labels; however, email lter logs do not have any record of the incident. An investigation con rmed the corporate network was not breached, but documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage. Which of the following is the BEST remediation for this data leak? A. User training B. CASB C. MDM D. DLP 店 店 铺 铺 ; ; 学 学 习 习 小 Correct Answer: A 店 66 Community vote distribution D (62%) stoneface 小 店 66 A (22%) Highly Voted Other 1 year ago Selected Answer: D This would be handled perfectly by a DLP agent installed on those COBE devices. upvoted 27 times sujon_london 1 month, 2 weeks ago DLP is valid choice, what on earth where cloud involved in this particular situation why we should go over CASB than DLP. CASB is well-suited answer in this particular situation. As inside threat persisted A user trading would not work be adequate/effective. upvoted 1 times Warza Highly Voted 1 year ago Selected Answer: A The first sentence legitimately tells you that they labeled the data properly for DLP and that the email system has no logs of DLP incidents. The user downloaded it themselves and shared it manually through a cloud provider. This can be remedied with user training. upvoted 18 times zzzfox 1 year ago Disagree, "passed to the competitor" indicate this person could be insider threat, user training wouldn't help at all. upvoted 24 times sujon_london 1 month, 2 weeks ago It could be even hacker hacked COPE tablet and downloaded then passed to competitor. Here bit gray area not clear wording upvoted 1 times RonWonkers 1 year ago zzzfox has a good point upvoted 1 times Sezz 8 months, 3 weeks ago 店 铺 店 铺 User Training does not make sense here. Trained user could also send this kind of sensitive or important infos or files by mistake. Cos of this we have DLP. upvoted 1 times ; ; 学 学 习 小 店 习 小 店 6 6 mean they're already used in a DLP solution. Top-secret documents were a thing6well 6 before the advent of Just because they labeled it doesn't Orean 10 months, 2 weeks ago the Digital Age and were labeled accordingly. User-training seems implausible because the user seems to be doing this deliberately by sharing it with competitors, meaning they're probably incorrigible in that regard. upvoted 6 times deeden 1 year ago Yeah... not sure how effective DLP is on personally enabled devices, especially when users have access to Yahoo or Gmail. upvoted 1 times andrizo 11 months, 2 weeks ago its a cope device upvoted 2 times mainskrillz Most Recent 6 days, 13 hours ago 淘宝店铺:https://shop63989109.taobao.com/ ANSWER IS CASB, DLP WAS NOT IN THE OPTIONS FOR ME upvoted 3 times RogerW 2 weeks, 6 days ago I believe it is DLP and not CASB. DLP is installed on the COPE. CASB is placed between the cloud and COPE. Since the user uploaded the file to cloud storage for a competitor, one has to assume that it is not the company's cloud storage. CASB would only be valid if the competitor had access to the same cloud. I think not. upvoted 2 times TOMSLICK 3 weeks, 4 days ago DLP is the BEST for data leaks. upvoted 1 times gho5tface 1 month ago 店 Key sentence. 铺 ; downloaded from an employee's COPE tablet" "but documents were 学 习 upvoted 1 times 小 店 gho5tface 1 month ago 66 店 铺 ; 学 习 小 店 66 D. DLP upvoted 1 times Yaakb 1 month, 2 weeks ago D. First of all, I agree with those who are saying the employee passed this info or data on purpose. So it wasn't that the employee didn't know what he was doing. So user training wouldn't be a good option in this scenario. upvoted 1 times ApplebeesWaiter1122 1 month, 3 weeks ago Selected Answer: B the BEST remediation for the data leak described in the scenario would be to implement a CASB (Cloud Access Security Broker) solution. CASB can provide visibility and control over cloud services and applications, including the ability to enforce security policies, detect and prevent data exfiltration, and monitor user activities in cloud environments. By implementing CASB, the company can gain better control over data stored in cloud services and prevent unauthorized access and data leakage, such as what occurred when proprietary information was leaked to a competitor via cloud storage. CASB can help address the security and data protection challenges associated with using cloud services and reduce the risk of future data breaches. upvoted 3 times Protract8593 2 months ago Selected Answer: D If the data was indeed labeled and the leak still occurred, it would suggest that a Data Loss Prevention (DLP) solution might already be in place, but it did not effectively prevent the data leak. Given that the data was downloaded from an employee's COPE tablet and passed to the competitor via cloud storage, it's possible that the existing DLP solution was not configured to detect or block such data transfers. In this case, the most appropriate remediation would be to reevaluate and enhance the current DLP configuration to include monitoring and blocking data transfers to unauthorized cloud storage services. In summary, the correct answer would be: D. DLP (Data Loss Prevention) By improving the DLP configuration to better detect and prevent unauthorized data transfers, the organization can reduce the risk of future data leaks and enhance the protection of its proprietary information. upvoted 1 times 店 铺 店 铺 ; ; need to prevent both scenarios so it's A well-trained user学 accidentally passing on sensitive info? Same result as a hacker doing it deliberately. You 学 DLP. 习 习 小 小 upvoted 1 times 店 店 66 66 Dan_26 4 months ago Kaps443 4 months, 3 weeks ago Selected Answer: D The BEST remediation for this data leak is to implement a Data Loss Prevention (DLP) solution. A DLP solution can help prevent sensitive data from being copied, downloaded, or transmitted to unauthorized destinations. It can also detect and alert on suspicious activities related to data access and exfiltration. User training, Cloud Access Security Broker (CASB), and Mobile Device Management (MDM) are all important security measures, but they cannot prevent data leakage as effectively as a DLP solution. upvoted 2 times MorganB 4 months, 4 weeks ago MorganB 0 minutes ago Awaiting moderator approval Pass my exam 27, April 23. This question was on my tested worded differently but the answer is the same. upvoted 2 times mosher21 5 months ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: B This exact question was on somewhere else and all options were same except DLP. It had EDR instead of DLP. So considering this, neither DLP nor EDR are correct. User training is definitely not correct since this is clearly an insider threat. So what we got are CASB and MDM. I go with CASB because it provides visibility over who accesses cloud and what they are doing etc. upvoted 1 times Yawannawanka 5 months ago D. DLP (Data Loss Prevention). Data Loss Prevention (DLP) is the best remediation for this data leak, as it is designed to identify, monitor, and protect sensitive data in use, in transit, and at rest. In this scenario, the data leak occurred when the proprietary information was downloaded from an employee's COPE tablet and passed to the competitor via cloud storage. DLP can help prevent data loss by monitoring and controlling how data is being used, identifying sensitive data and its location, and setting policies to prevent data exfiltration. Option A, user training, is important but not sufficient to prevent data loss. Even with proper training, employees may still inadvertently or intentionally leak sensitive information. Option B, CASB (Cloud Access Security Broker), can provide visibility and control over cloud services to detect and prevent data leaks, but it may not be sufficient in this scenario where the data was downloaded from a COPE tablet. Option C, MDM (Mobile Device Management), can help manage and secure mobile devices in the enterprise, but it may not prevent data leaks if the data is accessed through cloud storage. upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 Dutch012 5 months ago 66 Can the company force DLP on (CO Personal Enabled) Devices? I don't know the answer but I will go with C. upvoted 2 times sujon_london 1 month, 2 weeks ago Yes company can force DLP on COPE devices upvoted 1 times Bl1024 5 months, 1 week ago Selected Answer: C COPE Tablet means it can be installed with MDM to make it impossible to make improper use of information. upvoted 1 times Confuzed 5 months, 2 weeks ago Selected Answer: C I think MDM and DLP are equally good here. While DLP is probably the right answer, I think MDM may be better (depending on how it is implemented). MDM can force an always on VPN, so the user couldn't send the file out to the cloud. It can restrict the storage of files, or at least place them in secure storage on the device. It can restrict what apps can be used within the corporate partition of the device, preventing access to unapproved cloud storage. Without MDM, you can't enforce DLP on the tablet at all. For these reasons, I think MDM is the right answer, even if DLP is what CompTIA wants. upvoted 4 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #135 An attacker was eavesdropping on a user who was shopping online. The attacker was able to spoof the IP address associated with the shopping site. Later, the user received an email regarding the credit card statement with unusual purchases. Which of the following attacks took place? A. On-path attack B. Protocol poisoning C. Domain hijacking D. Bluejacking 店 店 铺 Correct Answer: A 铺 ; ; 学 Community vote distribution 习 学 习 小 店 A (85%) Josh_Feng Highly Voted 66 小 店 C (15%) 66 1 year ago Selected Answer: A On path attack is often known as man in the middle. upvoted 13 times banditring 1 year ago I was getting confused as to what an on path attack is upvoted 4 times NerdAlert 6 months, 1 week ago just think - the attacker is on the same path as the victim and their destination, just in the middle between them upvoted 3 times Kraken84 1 month, 2 weeks ago Most Recent " eavesdropping " LISTENING IN..... MITM..... upvoted 1 times ApplebeesWaiter1122 1 month, 3 weeks ago Selected Answer: A In an on-path attack, also known as a Man-in-the-Middle (MITM) attack, the attacker intercepts and relays communication between two parties, making them believe they are communicating directly with each other. The attacker can eavesdrop on the communication and even modify the data transmitted between the parties. In this scenario, the attacker was eavesdropping on the user's online shopping session, and by spoofing the IP address associated with the shopping site, they could intercept the user's communication with the site. The attacker then modified the data, resulting in the user receiving an email regarding unusual purchases on their credit card statement, which the attacker may have initiated. upvoted 1 times Protract8593 2 months ago Selected Answer: A Based on the information provided, the attack that took place is a: A. On-path attack 店 店 铺 铺 ; ; In an on-path attack (also known as a man-in-the-middle attack), the attacker intercepts and relays communication between two parties. In this scenario, the attacker eavesdropped on the user's communication with the shopping site and spoofed the IP address to trick the user into thinking they were communicating with the legitimate site while in reality, the attacker was in the middle of the communication. 学 学 习 小 店 习 小 店 6 66to the unusual credit As a result, the attacker was able to6obtain the user's credit card information and conduct unauthorized purchases, leading card statement. upvoted 1 times Protract8593 2 months ago The other options are not applicable to the given scenario: B. Protocol poisoning: This term is not commonly used, and it is not specifically related to the attack described in the scenario. C. Domain hijacking: Domain hijacking typically involves unauthorized changes to a domain's registration settings, which is not mentioned in the scenario. D. Bluejacking: Bluejacking refers to the practice of sending unsolicited messages or data over Bluetooth to a user's mobile device. It is unrelated to the eavesdropping and IP spoofing described in the scenario. Therefore, the correct answer is: 淘宝店铺:https://shop63989109.taobao.com/ A. On-path attack upvoted 1 times MasterControlProgram 5 months, 3 weeks ago Selected Answer: A A. On-path attack. The attacker was able to intercept and manipulate the communication between the user and the shopping site by spoofing the IP address, leading to the interception of the user's credit card information. upvoted 1 times Omi0204 6 months, 2 weeks ago Answer is B. DNS Highjacking and DNS spoofing/poisoning are the type of On-path attack. Now read this:DNS spoofing/cache poisoning: This is an attack where forged DNS data is introduced into a DNS resolver’s cache, resulting in the resolver returning an incorrect IP address for a domain. Instead of going to the correct website, traffic can be diverted to a malicious machine or anywhere else the attacker desires; often this will be a replica of the original site used for malicious purposes such as distributing malware or collecting login information. 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 In this question, IP spoofed and traffic diverted to the spoofed IP where attacker already craeted a replica copy of actual website. When use entered his/her credit card details, it was collected by attacker and then later on used user create card with collected information to make the purchase and then user received email with credit card statement. upvoted 3 times 66 66 medulan 7 months, 2 weeks ago Selected Answer: A If victim paid for example for shopping 50$ and it went to some other account then yes hijacking but there was many payments made for different stuff what suggests someone had his card details hence on-path attack upvoted 1 times Boubou480 8 months, 2 weeks ago Selected Answer: C C. Domain hijacking Domain hijacking refers to the unauthorized acquisition of control over a domain name. In this case, the attacker was able to spoof the IP address associated with the shopping site, which means they were able to redirect traffic intended for the legitimate website to a different website under their control. This allowed the attacker to eavesdrop on the user while they were shopping online and potentially steal their credit card information. An on-path attack is an attack in which the attacker has control over a network along the path between the sender and the receiver. Protocol poisoning is a type of attack in which an attacker modifies a protocol message in an attempt to disrupt or subvert normal communication. Bluejacking is a type of attack in which an attacker sends unsolicited messages to Bluetooth-enabled devices. None of these attacks are directly related to the scenario described in the question. upvoted 4 times rodwave 10 months, 2 weeks ago Selected Answer: A Answer: On-path attack An On-path attack(Man in the Middle) occurs when an attacker place themselves between two devices (often a web browser and a web server) and intercept or modify communications between the two. In this question, the attacker was eavesdropping on the connection which means they placed themselves between the user and the shopping site and intercepted the communication. The attacker had likely captured credit card information or account information from the site to be able to make the purchases. upvoted 2 times 店 店 铺 ; 学 铺 ; 学 习 Are you guys forgetting with 小in the question it states "The attacker was able to spoof the IP address associated习 小the shopping site" 店 店 upvoted 2 times 66 66 Bogardinc 8 months ago princajen 6 months, 2 weeks ago No, spoofing an IP address and hijacking a domain are two different types of attacks. In a domain hijacking attack, the attacker gains control of a domain name and redirects users to a different site that appears to be the legitimate one. In the scenario you described, the attacker spoofed the IP address of the shopping site, which means they sent packets to the user's computer with a false source IP address, making it appear as if the packets were coming from the shopping site. This allowed the attacker to intercept and view the user's traffic, including their credit card information, without the user's knowledge. This is an example of an on-path attack or a man-in-the-middle attack. upvoted 4 times alayeluwa 11 months, 2 weeks ago Selected Answer: A Man in the middle. upvoted 1 times ostralo 11 months, 2 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: A A, FYI, Domain hijacking is the act of changing the registration of a domain name without the permission of the original owner, or by abuse of privileges on domain hosting and domain registrar systems. upvoted 1 times comeragh 1 year ago Selected Answer: A "Eavesdroppping" - On-Path upvoted 2 times KetReeb 1 year ago A: On-path (MTM) - attacker was eavesdropping on the communications, spoofed the IP of the shopping site that the victim thought was legit, a purchase was attempted, credit info intercepted. upvoted 4 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #136 A company is considering transitioning to the cloud. The company employs individuals from various locations around the world. The company does not want to increase its on premises infrastructure blueprint and only wants to pay for additional compute power required. Which of the following solutions would BEST meet the needs of the company? A. Private cloud B. Hybrid environment C. Managed security service provider D. Hot backup site 店 店 铺 铺 ; ; 学 Correct Answer: B 学 习 Community vote distribution 小 店 Highly Voted 店 66 B (79%) RonWonkers 习 小 66 A (21%) 1 year ago Selected Answer: B The company does not want to increase its on premises infrastructure blueprint, it's B. upvoted 12 times Confuzed Highly Voted 5 months, 2 weeks ago Selected Answer: B The important thing to notice is that B is "hybrid ENVIRONMENT" not "hybrid CLOUD". A hybrid environment is a mix of private network and cloud, while a hybrid cloud is a mix of private cloud and public cloud. This company wants to provide services in the cloud, but maintain their existing on prem environment... that's a hybrid environment. upvoted 5 times ApplebeesWaiter1122 Most Recent 1 month, 3 weeks ago Selected Answer: B A hybrid environment combines the use of on-premises infrastructure with cloud-based services. In this scenario, the company can maintain its existing on-premises infrastructure blueprint and utilize additional compute power in the cloud as needed. This approach allows the company to scale resources dynamically, paying for the compute power required, without the need to invest in additional on-premises infrastructure. upvoted 1 times Protract8593 2 months ago Selected Answer: B A hybrid environment allows the company to take advantage of both on-premises infrastructure and cloud services. It provides the flexibility to use the cloud for additional compute power when needed, without the need to increase the on-premises infrastructure footprint. The company can scale up or down based on demand, and only pay for the additional resources required during peak times, optimizing costs. upvoted 1 times SHAKERRAB93 5 months ago B. Hybrid Reason: Company employees from different regions, they need to be able to access enviornmant- public access But the company needs to be able to privately utilize the environment and maintain security- Private …. Idk thinking outloud lmk upvoted 1 times 店 店 铺 铺 ; 学 习 z3phyr 5 months, 3 weeks小 ago 店 66their on-prem infrastructure with the cloud. It's Hybrid. They need to integrate ; 学 习 小 店 66 upvoted 3 times MasterControlProgram 5 months, 3 weeks ago Selected Answer: A A. Private cloud upvoted 2 times monzie 5 months, 4 weeks ago Selected Answer: A A. Private cloud A private cloud can provide the company with the ability to dynamically provision and deprovision compute resources based on the current needs of the organization. With a private cloud, the company can avoid the expense of additional on-premises infrastructure while still maintaining full 淘宝店铺:https://shop63989109.taobao.com/ control over the security and management of its data and applications. Additionally, a private cloud can be accessed by authorized personnel from anywhere in the world, making it ideal for a globally distributed workforce. upvoted 3 times examrobo 5 months, 3 weeks ago Do you always pick a different answer? upvoted 1 times medulan 7 months, 2 weeks ago This cloud is only going to be used by one company hence should be Private. It would be Hybrid if they wanted to expand operate in Public web upvoted 1 times Ranaer 7 months ago According to Messer: Hybrid cloud is - – Combination of internal cloud resources with external 店 店 铺 ; 铺 ; This means that B. Hybrid environment fits perfectly for the question. upvoted 1 times 学 学 习 习 小 小 店 店 T_dawg 6 months, 2 weeks ago 66 66 Well either Messer or you are wrong. Hybrid is public and private cloud, not cloud and on-premise. upvoted 1 times sirpsionics 2 months ago It's hybrid. Not sure why you or anyone else would say otherwise. https://cloud.google.com/learn/what-is-hybrid-cloud upvoted 1 times Boubou480 8 months, 2 weeks ago B. Hybrid environment A hybrid environment is a cloud computing model that combines on-premises infrastructure with a cloud infrastructure. This type of solution would allow the company to retain control over some of its infrastructure while also taking advantage of the flexibility and scalability of the cloud. This would allow the company to pay for additional compute power as needed and avoid the need to increase its on-premises infrastructure. A private cloud is a cloud infrastructure that is operated solely for a single organization. It is not suitable for a company with employees located around the world because it does not provide the flexibility and scalability of a public cloud. A managed security service provider is a third-party that provides security services to an organization. It is not directly related to the company's need to transition to the cloud. A hot backup site is a backup site that is always active and ready to take over in the event of a disaster. It is not related to the company's need to transition to the cloud. upvoted 2 times MathDayMan 10 months, 3 weeks ago B it's B. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #137 After multiple on premises security solutions were migrated to the cloud, the incident response time increased. The analysts are spending a long time trying to trace information on different cloud consoles and correlating data in different formats. Which of the following can be used to optimize the incident response time? A. CASB B. VPC C. SWG D. CMS 店 店 铺 铺 ; ; 学 Correct Answer: C 学 习 小 店 Community vote distribution Highly Voted 店 66 A (82%) stoneface 习 小 66 D (18%) 1 year ago Selected Answer: A CASB, better may to keep track accross multiple cloud based security solutions > Open to discussion upvoted 22 times zzzfox 1 year ago Agree, consider CASB can be deployed on-premised as well as cloud upvoted 1 times Kandy357 Highly Voted 8 months, 2 weeks ago Selected Answer: A Answer should be CASB. As per CompTIA Sec+ objectives, CMS is a content management system, not a cloud. CMP term is used for Cloud Management Platforms. upvoted 12 times shover 8 months, 1 week ago Thanks , i was just about to say that when i went to look up the Acronym in the objectives. upvoted 1 times ApplebeesWaiter1122 Most Recent 1 month, 3 weeks ago Selected Answer: A CASB stands for Cloud Access Security Broker, which is a security solution that helps organizations secure data and applications in cloud environments. CASBs act as intermediaries between cloud service users and cloud service providers, providing visibility, control, and security features to monitor and protect data as it moves between the organization's network and cloud services. In the given scenario, the incident response time increased after migrating security solutions to the cloud because analysts are dealing with different cloud consoles and data in various formats. Implementing a CASB can help optimize incident response time by providing a centralized platform to monitor and manage security events across multiple cloud services. CASBs can aggregate logs and events from various cloud platforms, standardize data formats, and provide a single pane of glass for security analysts to investigate and respond to incidents more efficiently. upvoted 1 times 店 店 铺 铺 ; ; Protract8593 2 months ago 学 Selected Answer: A 学 习 习 小 店 小 店 A Cloud Access Security Broker (CASB) is a security solution specifically designed to provide visibility, control, and data security across multiple cloud services. It acts as an intermediary between an organization's on-premises infrastructure and cloud providers, offering centralized visibility and management of cloud-related security incidents and data. 66 66 By using a CASB, security analysts can have a single point of access to monitor and manage security events and data across different cloud consoles. It helps to correlate data in a consistent format, simplifying the incident response process and reducing response times. upvoted 1 times Dutch012 4 months, 2 weeks ago Amm, so CASB acts like a SIEM solution but for cloud, Okay good to know. upvoted 3 times Yawannawanka 5 months ago A Cloud Access Security Broker (CASB) can be used to optimize the incident response time after multiple on premises security solutions are migrated to the cloud. CASBs provide centralized visibility and control over cloud applications and data, allowing analysts to quickly correlate data in a single console and take immediate action to mitigate incidents. Therefore, option A is the correct answer. 淘宝店铺:https://shop63989109.taobao.com/ VPC (Virtual Private Cloud) is a cloud networking construct that allows a company to create an isolated private network in the cloud, but it does not optimize the incident response time. SWG (Secure Web Gateway) is a cloud-based security solution that provides protection against webbased threats, but it does not directly address the issue of incident response time. CMS (Content Management System) is a software application that allows for the creation, modification, and publishing of digital content, but it is not a security solution and does not address incident response. upvoted 2 times user82 5 months ago Why do people keep typing “ago” upvoted 1 times Confuzed 5 months, 2 weeks ago Selected Answer: A I think the answer is CASB, for perhaps a different reason than others. It states that several security systems were moved from on prem to the cloud. It's likely that CASB could REPLACE those systems, providing a single pane of glass for responding to incidents. 店 店 铺 铺 No other solution is going to consolidate and simplify information from their legacy on prem solutions that they moved to the cloud. upvoted 1 times ; ; 学 学 习 2 weeks ago jhfdkjshfkjdsho 7 months, 小 店 Selected Answer: A 66 习 小 店 66 https://www.microsoft.com/en-us/security/business/security-101/what-is-a-cloud-access-security-broker-casb upvoted 1 times mlonz 7 months, 4 weeks ago A cloud access security broker (CASB) is a software tool or service deployed between an organizations network and the cloud provider. It provides security by monitoring traffic and enforcing security policies. A next generation secure web gateway (SWG) provide proxy service for traffic from clients to Internet sites, such as filtering URLs and scanning for malware. upvoted 2 times Sandon 8 months ago Selected Answer: D ChatGPT says the answer is D. Configuration management system upvoted 1 times ThreeKings 5 months, 2 weeks ago ChatGPT got the answer right (Option A) as of 09Apr23. The point? As a sole or primary source, ChatGPT is not a recommended resouce, however, it is getting better and it serves as another resource that provides good information most of the time. This community provides some of the best information for consideration and ChatGPT is great at expanding what the community recommends. upvoted 1 times ExamLSMotor 8 months ago ChatGPT wrong bro upvoted 6 times Sandon 7 months, 4 weeks ago Yes it is upvoted 1 times shover 8 months, 1 week ago As per the Comptia SYO-601 Acronym list : CMS: Content management system, not cloud management system. I'm sure Cloud management system is a real thing but according to the Sec+ exam objectives CMS is something totally different. upvoted 3 times 店 铺 Boubou480 8 months, 2 weeks ago ; Selected Answer: D D. CMS 学 店 铺 ; 学 习 习 小 店 66 小 店 66 A Cloud Management System (CMS) is a tool that helps to manage and monitor cloud resources. It can be used to optimize incident response time by providing a centralized platform for viewing and analyzing data from multiple cloud consoles. This can help analysts to more quickly trace information and correlate data, as they do not have to switch between different consoles and deal with data in different formats. A Cloud Access Security Broker (CASB) is a security solution that sits between an organization's on-premises infrastructure and the cloud and helps to secure data in the cloud. A Virtual Private Cloud (VPC) is a virtual network that is dedicated to an organization and isolated from other virtual networks in the cloud. A Secure Web Gateway (SWG) is a security solution that is used to protect an organization's users from internet-based threats. None of these solutions are directly related to optimizing incident response time in the way that a CMS is. upvoted 5 times mike47 9 months, 1 week ago Selected Answer: A CASB vs SWG CASB is the more optimal solution for multiple on premises security solutions CASB services are explicitly designed to fit the needs of large enterprises 淘宝店铺:https://shop63989109.taobao.com/ You can access link and read about it: https://www.gend.co/blog/casb-or-swg-which-is-best-option-for-your-enterprise upvoted 1 times FMMIR 9 months, 2 weeks ago Selected Answer: D To optimize the incident response time, the company could implement a Cloud Management System (CMS). A CMS is a tool that allows an organization to manage and monitor all of its cloud-based resources and services from a single, centralized platform. This would enable the analysts to quickly access and correlate data from different cloud consoles and formats, reducing the time and effort required to respond to security incidents. Other solutions such as a Cloud Access Security Broker (CASB) or a Secure Web Gateway (SWG) could also help to improve security in the cloud, but a CMS would be the most effective solution for optimizing incident response time in this scenario. A Virtual Private Cloud (VPC) would not be relevant in this context upvoted 3 times FMMIR 9 months, 2 weeks ago The difference between a Cloud Access Security Broker (CASB) and a Cloud Management System (CMS) is that a CASB is a security solution that sits between an organization's on-premises infrastructure and its cloud-based resources and services, while a CMS is a tool that allows an organization to manage and monitor all of its cloud-based resources and services from a single, centralized platform. A CASB can help to improve security by enforcing policies and controls on access to cloud-based resources, but it does not directly affect incident response time. A CMS, on the other hand, can help to optimize incident response time by enabling analysts to quickly access and correlate data from different cloud consoles and formats. Both solutions can be useful in optimizing security in the cloud, but they have different functions and capabilities. upvoted 4 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 66 Halaa 1 year ago Selected Answer: A https://www.instreamcorp.com/wp-content/uploads/2018/11/What-is-CASB.jpg upvoted 2 times Halaa 1 year ago (Image) upvoted 1 times Halaa 1 year ago CASB provides critical security tool that help control , monitoring, compliance management , data security and threat protection that will optimize incident response time. upvoted 2 times Yuyuyakuza 1 year ago C. SWG deploy swg as part of a SASE solution. could based service to insepct traffic and enforce policies without diverting traffic. esentially unlike CASB which hurts network performance and employee productivity. upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #138 Which of the following control types would be BEST to use in an accounting department to reduce losses from fraudulent transactions? A. Recovery B. Deterrent C. Corrective D. Detective Correct Answer: D 店 店 铺 Community vote distribution ; D (52%)学 习 铺 ; B (25%) 小 学 习 C (23%) 小 店 店 okay123 66 66 1 year ago Highly Voted Detective controls – look for both fraudulent and unintentionally improper transactions after the fact. Examples of detective controls include reconciliations, variance analyses, physical inventories, audits, and continuous monitoring through data analytics. upvoted 22 times andrizo Highly Voted 11 months, 2 weeks ago Selected Answer: D Just to break the gridlock. A - If the bank refunds the transactions B - If it's an insider threat C - Rectify skimmed transactions D- Definitely kibosh insider threats, and most likely to be implemented whether external or internal upvoted 10 times sarah2023 Most Recent 1 month ago Selected Answer: C C. Corrective because the question is about reducing the loss, not reducing the likelihood of the fraud happening. My understanding is that we talk about a post attack control. As per the CompTIA official guide: Corrective—the control acts to eliminate or reduce the impact of an intrusion event. A corrective control is used after an attack. upvoted 1 times ApplebeesWaiter1122 1 month, 3 weeks ago Selected Answer: B Deterrent controls are designed to discourage potential attackers or fraudsters from attempting to commit fraudulent activities. In the context of the accounting department, implementing deterrent controls would make it more challenging or risky for individuals to engage in fraudulent transactions, thus reducing the likelihood of such activities occurring in the first place. Examples of deterrent controls could include strict access controls, separation of duties, and clear policies and procedures regarding financial transactions. upvoted 1 times Protract8593 2 months ago Selected Answer: D Detective controls are designed to identify and detect incidents or fraudulent activities that have already taken place. In the context of an accounting department, detective controls could include the implementation of monitoring systems, audit trails, and log analysis to identify suspicious transactions and activities that may indicate fraudulent behavior. 店 店 铺 铺 ; ; 学 学 习 习 Detective controls are essential for incident response and help in uncovering fraudulent transactions after they have happened, which allows for timely investigation and remediation to reduce losses and prevent similar incidents in the future. upvoted 1 times 小 店 66 小 店 66 fouserd 4 months, 2 weeks ago Selected Answer: D To reduce losses from fraudulent transactions in an accounting department, the BEST control type to use would be D. Detective. Detective controls are designed to identify and detect fraudulent activities or errors that have already occurred. These controls can include activities such as reconciliations, audits, and reviews of transactions. By implementing detective controls, the accounting department can quickly identify and investigate any fraudulent transactions, thereby reducing losses. upvoted 1 times aw23 4 months, 2 weeks ago chatgpt said deterent upvoted 2 times Abdul2107 5 months ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: D D. Detective, based on ChatGPT: The best control type to use in an accounting department to reduce losses from fraudulent transactions is Detective. Detective controls are designed to identify and detect fraud after it has occurred. These controls can include things like monitoring bank accounts for unusual activity, conducting regular audits, and reviewing financial statements for discrepancies. By identifying fraudulent activity as soon as possible, corrective action can be taken to minimize losses. While other control types such as deterrent or corrective controls can also be useful in preventing fraud, they may not be as effective in detecting fraud that has already occurred. Recovery controls, on the other hand, are designed to recover lost assets after a fraud has occurred, which can be helpful but not as effective as detecting the fraud beforehand. upvoted 2 times mosher21 5 months ago Selected Answer: C 店 店 铺 铺 Corrective controls are implemented after detective controls to rectify the problem and (ideally) prevent it from happening again upvoted 2 times ; ; 学 学 习 习 小 小 店 店 Corrective controls are designed6to identify and correct issues that have already occurred. They are used to reduce the impact 66 of an event and to 6 prevent its recurrence. In this case, implementing corrective controls in an accounting department would be the best approach to reduce losses Yawannawanka 5 months ago from fraudulent transactions. This could include measures such as implementing separation of duties, performing regular audits, and implementing financial reporting controls. upvoted 1 times SOCK1 5 months, 1 week ago Selected Answer: B Deterrent Before it happens, Detective after it happened. upvoted 2 times LePecador 2 months, 1 week ago But the fraudulent transactions are already made, right ? That's why I choose D) Detective upvoted 1 times milktea810182 5 months, 2 weeks ago Selected Answer: B B is the answer. upvoted 2 times stonefacegroupie 5 months, 2 weeks ago On a previous question, detective was only a method used after an incident. If you can only detect then you can only see that you are losing money. Deterrent seems to be a better option given that if it will do its intended purpose it will deter people from committing fraudulence. upvoted 1 times MasterControlProgram 5 months, 3 weeks ago Selected Answer: B B. Deterrent controls are designed to discourage potential attackers or perpetrators from carrying out an attack or fraudulent activity. In the context of an accounting department, deterrent controls might include policies and procedures that establish clear guidelines for financial transactions, as well as oversight and accountability mechanisms to monitor for suspicious activity. By implementing strong deterrent controls, organizations can discourage fraudulent behavior before it occurs, reducing the risk of losses due to fraudulent transactions. upvoted 3 times monzie 5 months, 4 weeks ago Selected Answer: B 店 B. Deterrent. 店 铺 铺 ; ; 学 学 Deterrent controls are implemented to discourage an individual from attempting an unauthorized action. In this case, a deterrent control would discourage an employee from committing fraudulent transactions, and would include measures such as mandatory training on ethics, penalties for fraudulent behavior, and strong internal controls to prevent and detect fraudulent activities. upvoted 1 times 习 习 小 店 66 小 店 66 princajen 6 months, 2 weeks ago Selected Answer: B B. Deterrent Deterrent controls discourage or discourage fraudulent activities by implementing measures such as mandatory vacations, separation of duties, and regular auditing. By making it difficult or risky to engage in fraudulent activities, the likelihood of such activities occurring is reduced. In contrast, recovery controls help the organization recover from a loss after a fraudulent activity has occurred, corrective controls fix or correct the root cause of the problem, and detective controls help detect fraudulent activities after they have occurred. upvoted 4 times Nishkurup 6 months, 3 weeks ago B. Deterrent controls would be the best to use in an accounting department to reduce losses from fraudulent transactions, according to CompTIA. Deterrent controls are designed to prevent fraudulent transactions from occurring in the first place by discouraging individuals from attempting to commit fraud. Examples of deterrent controls include segregation of duties, mandatory vacations, and background checks. By implementing 淘宝店铺:https://shop63989109.taobao.com/ deterrent controls, the accounting department can reduce the likelihood of fraudulent transactions occurring and minimize the associated losses. Recovery controls (A) are designed to recover from losses after they have occurred, whereas corrective controls (C) are designed to correct the underlying cause of a problem. Detective controls (D) are designed to detect fraudulent transactions after they have occurred, but they do not prevent them from happening. upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #139 A company is receiving emails with links to phishing sites that look very similar to the company's own website address and content. Which of the following is the BEST way for the company to mitigate this attack? A. Create a honeynet to trap attackers who access the VPN with credentials obtained by phishing. B. Generate a list of domains similar to the company's own and implement a DNS sinkhole for each. C. Disable POP and IMAP on all Internet-facing email servers and implement SMTPS. D. Use an automated tool to ood the phishing websites with fake usernames and passwords. 店 铺 Correct Answer: B 店 铺 ; ; 学 学 习 Community vote distribution 习 小 小 店 店 66 66 B (100%) Josh_Feng Highly Voted 1 year ago Selected Answer: B DNS sinkhole prevents users from entering the site if they have a sinkhole for the domain name. So making a list of fake websites domain name and making a sinkhole will prevent access to these website if a user tried to search for it on accident. upvoted 12 times ApplebeesWaiter1122 Most Recent 1 month, 3 weeks ago Selected Answer: B The best way for the company to mitigate the phishing attack described is by generating a list of domains that are similar to the company's own domain and implementing a DNS sinkhole for each of these domains. A DNS sinkhole is a technique used to redirect malicious traffic to a controlled environment or block access to malicious domains. By implementing a DNS sinkhole for similar-looking domains, the company can prevent users from accessing phishing sites that may impersonate the company's website. When users click on links in the phishing emails, their DNS requests for those domains will be redirected to a safe location, preventing them from reaching the actual phishing sites. This approach helps protect users from falling victim to the phishing attack and helps in mitigating the risk of credential theft and other malicious activities associated with phishing. upvoted 2 times Protract8593 2 months ago Selected Answer: B By generating a list of domains that are similar to the company's own and implementing a DNS sinkhole for each of these domains, the company can prevent users from accessing phishing sites that look similar to their legitimate website. A DNS sinkhole involves redirecting traffic from the malicious domains to a non-existent or controlled server, effectively blocking users from accessing the phishing sites. This approach is an effective way to mitigate the phishing attack and protect users from falling victim to the fraudulent websites. It helps in preventing data loss and protecting the company's reputation from being exploited by attackers. upvoted 1 times MorganB 4 months, 4 weeks ago MorganB 0 minutes ago Awaiting moderator approval Pass my exam 27, April 23. This question was on my tested worded differently but the answer is the same. upvoted 4 times 店 铺 Dutch012 5 months ; ago 学correct, I would go with D. If all the answers are 习 小 upvoted 1 times 店 6 rline63 3 weeks, 3 days ago 6 店 铺 ; 学 习 小 店 66 I'm pretty sure D is illegal. Probably would work but takes a lot of resources, can be mitigated if the target uses proper protection, and like I said is ethically and legally questionable. upvoted 1 times MasterControlProgram 5 months, 3 weeks ago Selected Answer: B B. Generate a list of domains similar to the company's own and implement a DNS sinkhole for each would be the best way for the company to mitigate this attack. By generating a list of domains similar to the company's own and implementing a DNS sinkhole for each, the company can prevent users from accessing the phishing sites. A DNS sinkhole is a technique used to block access to malicious websites by redirecting requests for those sites to a non-existent IP address or a local web server that displays a warning message. This can help to prevent users from inadvertently accessing phishing sites that look similar to the company's own website. upvoted 1 times FMMIR 9 months, 2 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: B The best way for the company to mitigate this attack would be to implement a DNS sinkhole for domains similar to the company's own. A DNS sinkhole is a security measure that redirects traffic from known malicious or fraudulent websites to a safe location. By generating a list of domains similar to the company's own and setting up a DNS sinkhole for each, the company can prevent employees from accidentally accessing phishing websites that mimic the company's own domain. Other solutions such as disabling POP and IMAP on email servers, implementing SMTPS, or using an automated tool to flood phishing websites with fake credentials may also be effective, but a DNS sinkhole would be the most direct and effective way to prevent employees from accessing the phishing sites. Creating a honeynet would not be relevant in this scenario. upvoted 2 times RonWonkers 1 year ago Selected Answer: B I agree with B upvoted 3 times stoneface 1 year ago 店 店 This is a very confusing question -> Im inclining with D, other options will not directly try to reduce the danger associated with the fake sites upvoted 1 times 铺 铺 ; ; 学 学 习 习 [Removed] 8 months ago 小 the fckers revenge of the sith, lets DDOS 店 66 upvoted 4 times 小 店 66 stoneface 1 year ago After consideration Im choosing B -> I think the question implies that Typosqueatting is also on the table. So setting an internal DNS sinkhole that redirects all similar addresses (including the ones being used on the phishing campaign) to nothing will help mitigate this attack upvoted 3 times andrizo 11 months, 2 weeks ago but boy, wouldnt it be cool to DOS phishing sites upvoted 4 times zzzfox 1 year ago not sure flooding fake websites if is even a legal thing to do... upvoted 7 times Gino_Slim 11 months ago That was a very humorous answer choice to me upvoted 3 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #140 A SOC operator is receiving continuous alerts from multiple Linux systems indicating that unsuccessful SSH attempts to a functional user ID have been attempted on each one of them in a short period of time. Which of the following BEST explains this behavior? A. Rainbow table attack B. Password spraying C. Logic bomb D. Malware bot 店 店 铺 Correct Answer: A 铺 ; ; 学 Community vote distribution 习 学 习 小 店 B (90%) stoneface Highly Voted 66 10% 小 店 66 1 year ago SSH cannot take hash values as an input, so rainbow attack out of the table. Im left with password spraying. ... upvoted 29 times [Removed] 7 months, 4 weeks ago With rainbow attack, you don't attack with password hashes! First, you use the table to crack the password for a target user offline and then use it to attack live systems. Password spraying uses one or few passwords against a list of usernames. upvoted 6 times comeragh Highly Voted 1 year ago Selected Answer: B I believe this is password spraying - "multiple Linux systems to a functional user ID" upvoted 7 times Jacob_Kramer1995 3 weeks, 6 days ago Out of all the answers's password spraying the best, however, I don't like the wording. a functional user (singular) could indicate bruteforce or directory knowing it's a (singular user login creds) upvoted 2 times Yaakb Most Recent 1 month, 2 weeks ago B, because, password spraying targets multiple accounts on a system, which fits perfectly in this scenario. upvoted 2 times ApplebeesWaiter1122 1 month, 3 weeks ago Selected Answer: B Password spraying is a type of brute-force attack where the attacker attempts to gain unauthorized access to multiple accounts by trying a small number of commonly used passwords against many usernames. In this scenario, the continuous alerts from multiple Linux systems indicating unsuccessful SSH attempts to a functional user ID suggest that an attacker is trying different passwords against the same user ID on each system, which aligns with the behavior of a password spraying attack. The attacker is not attempting to guess different usernames but is trying a limited set of passwords against the same user ID on multiple systems. upvoted 4 times 店 店 铺 铺 Protract8593; 2 months ago ; 学 学 Selected Answer: B 习 习 小 Password spraying is a type of brute-force attack where an attacker tries a few common passwords against many小 In this scenario, the 店 systems indicating unsuccessful SSH attempts to a functional user ID suggestaccounts. 店 continuous alerts from multiple Linux that an 66 66 attacker is trying a limited set of passwords across various accounts in the hope of gaining unauthorized access. This is a common attack vector used to avoid detection from traditional brute-force protection mechanisms. upvoted 1 times Protract8593 2 months ago Password spraying can occur to a single account. Password spraying is a type of brute-force attack where attackers attempt to gain unauthorized access to multiple accounts by trying a few commonly used passwords against many usernames. Instead of attempting to guess passwords for a single account (which would be a regular brute-force attack), password spraying involves trying a small set of passwords against a large number of accounts. In the given scenario, the question states that unsuccessful SSH attempts have been made to a functional user ID on multiple Linux systems in a short period of time. This aligns with the behavior of password spraying, as the attackers are attempting to use a small set of passwords against multiple accounts (the functional user ID) on different systems. Given this understanding, Option B (Password spraying) would be the most likely correct answer for the question, as it matches the scenario described. 淘宝店铺:https://shop63989109.taobao.com/ upvoted 1 times excelchips11 1 week, 1 day ago For Password Spraying, it is done on multiple accounts NOT just one. Here, we have ONLY ONE functional user ID, several password and several systems are informed. Though, B is the closest answer but not the answer as SSH upvoted 1 times macrocarpa 4 months ago Selected Answer: B I think this is yet another poorly worded question meant to trip people up. First guess would be Rainbow Table Attack. But since it's over SSH it has to be password spraying. The question doesn't indicate more than one username being used which is what we've come to understand as password spraying. But password spraying is still a form of a brute-force attack which would have to be the answer imo. upvoted 1 times DanielBruse 3 months ago 店 店 Yes it’s a little tricky question but they say “multiple Linux systems to a funcional user ID” so they are trying more than one account upvoted 2 times 铺 铺 ; ; 学 学 习 习 strong1 4 months, 3 weeks ago 小 common password spraying tries the most 店 66Known as a “low-and-slow” passwords against many accounts. 小 店 66 attack, it attempts to bypass the password lockout by trying one common password against many targets and then circling back to try the next common password after a period of time. upvoted 1 times MorganB 4 months, 4 weeks ago MorganB 0 minutes ago Awaiting moderator approval Pass my exam 27, April 23. This question was on my tested worded differently but the answer is the same. upvoted 2 times TejasTony 5 months, 3 weeks ago where do these "correct" answers come from? Some of them are so far out there and ridiculous. upvoted 1 times Nishkurup 6 months, 3 weeks ago Selected Answer: B B. Password spraying is the BEST explanation for this behavior. Password spraying is a type of brute force attack where attackers try a small number of commonly used passwords against a large number of user accounts. In this scenario, the attackers are attempting to guess the password for a functional user ID on multiple Linux systems. The unsuccessful SSH attempts are generated by automated tools used by attackers attempting to gain unauthorized access to the systems. Rainbow table attacks (A) are a type of pre-computed password attack that attempt to crack password hashes. Logic bombs (C) are malicious code designed to execute a set of instructions when certain conditions are met. Malware bots (D) are a type of malware that allows an attacker to take control of a compromised system and use it to carry out malicious activities. None of these attacks specifically match the behavior described in the scenario. upvoted 2 times CJohnson219 7 months, 2 weeks ago How is this password spraying? it clearly says "to a functional user ID" that is a single user. password spraying is across multiple users upvoted 1 times NerdAlert 6 months, 1 week ago the wording on this question is dumb and ambiguous upvoted 2 times 店 Ertrexs 7 months, 2 weeks ago 铺 multiple Linux systems" "alerts from; upvoted 3 times 学 习 小 店 ago ronniehaang 7 months, 3 weeks 66 Selected Answer: B 店 铺 ; 学 习 小 店 66 B. Password spraying. Password spraying is a type of brute-force attack that targets multiple user accounts with a few commonly used passwords. This technique is used to avoid triggering account lockouts, which are a common security measure to prevent brute-force attacks. The attacker tries a small number of passwords against many accounts, with the hope of finding one that works. By targeting a large number of systems and trying a limited number of passwords, the attacker can avoid detection and quickly gain access to one or more systems. upvoted 1 times OnA_Mule 7 months, 3 weeks ago The question says "a functional user ID" suggesting it's a single account. So spraying does not apply upvoted 1 times FMMIR 9 months, 2 weeks ago Selected Answer: B 淘宝店铺:https://shop63989109.taobao.com/ The behavior described in the scenario is likely the result of a password spraying attack. Password spraying is a technique used by attackers to compromise accounts by trying a small number of commonly used passwords against a large number of user accounts. This allows the attacker to avoid triggering account lockout policies, which are designed to prevent brute-force attacks by locking an account after a certain number of failed login attempts. In this case, the attacker is likely using password spraying to try to gain access to the Linux systems via SSH using a functional user ID. A rainbow table attack, a logic bomb, or a malware bot could potentially cause similar symptoms, but the description of the behavior in the scenario is most consistent with a password spraying attack. upvoted 2 times OnA_Mule 7 months, 3 weeks ago Spraying would apply if it were multiple user accounts, but the question seems to indicate it is 1 user ID. So it's not spraying. upvoted 1 times Mahougbe 11 months ago Selected Answer: B A Password Spraying Attack is a type of brute force attack where a malicious actor attempts the same password on many accounts before moving on to another one and repeating the process. upvoted 4 times 店 店 铺 铺 ; ; 学weeks ago ostralo 11 months, 2 习 小 Selected Answer: A 店 学 习 小 店 66 66 I will go for the Rainbow table - because the perpetrator could guess a password using the leaked hash from the system prior to the attack to crack an account. Password spray attack - using the same password to crack many different accounts. upvoted 3 times Jakalan7 1 year ago Selected Answer: B Clearly B, password spraying. upvoted 2 times tibetbey 1 year ago Selected Answer: B Password Spraying is a variant of what is known as a brute force attack. In a traditional brute force attack, the perpetrator attempts to gain unauthorized access to a single account by guessing the password "repeatedly" in a very short period of time. upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #141 A tax organization is working on a solution to validate the online submission of documents. The solution should be carried on a portable USB device that should be inserted on any computer that is transmitting a transaction securely. Which of the following is the BEST certi cate for these requirements? A. User certi cate B. Self-signed certi cate C. Computer certi cate D. Root certi cate 店 店 铺 铺 ; ; 学 Correct Answer: B 学 习 66 A (70%) Highly Voted 小 店 Community vote distribution EubertT 习 小 店 C (24%) 66 7% 9 months, 2 weeks ago I'm going to give details of what is the use of each one, because I'm tired that are not giving the right answer: User Certificate: User certificates specify which resources a given user can have access to. They are sometimes used on devices that several users share. When different users log in, their profile and certificate are automatically loaded, granting them access to their required information. Self-signed certificate: A self-signed certificate is one that is not signed by a CA at all – neither private nor public. In this case, the certificate is signed with its own private key, instead of requesting it from a public or a private CA (Certificate Authority). Root Certificate: Root certificates are the cornerstone of authentication and security in software and on the Internet. They're issued by a certified authority (CA) and, essentially, verify that the software/website owner is who they say they are. So for this verification I'm completely 100% sure is A: User certificate upvoted 12 times RevolutionaryAct 1 month, 2 weeks ago User certificates are bound to 1 user, and this solution is supposed to be for any computer uploading/transmitting, which means it has more than one user and thus cannot be a user certificate. Self-signed it is. upvoted 1 times shitgod 9 months ago You didn't mention anything about a computer certificate. upvoted 4 times LeonardSnart 4 months ago "Machine/computer A company may want to encrypt the communication between computers on the network. For example, a company may want to encrypt communication between its servers. In order to do this, each computer needs a machine certificate, also known as a computer certificate, applied to it." -Comptia Security+ Certification Fourth Edition SY0-601 by Glen Clarke & Dan Lachance "Machine/Computer. Certificates issued to a device or a computer are commonly called machine certificates or computer certificates. The certificate is typically used to identify the computer within a domain." -Security+ Get Certified Get Ahead SY0-601 by Darril Gibson 店 店 铺 铺 "Machine/Computer. Assigning a certificate to individual computers isn’t too common, but there are places where this is used. Very highsecurity, enterprise-level 802.11 wireless networks using EAP-TTLS security can assign a machine certificate to every system." -Mike Meyers' Security+ Cert Guide Third Edition SY0-601 upvoted 2 times ; ; 学 学 习 习 小 店 deeden Highly Voted 66 1 year ago 小 店 66 Selected Answer: A I though option A make sense - if acquired from a publicly trusted CA. Found this link below from IdenTrust about IRS Secure Data Transfer... https://www.identrust.com/partners/department-treasury-irs-secure-data-transfer upvoted 8 times Confuzed 5 months, 2 weeks ago That is a user certificate (the requestor must provide their personal ID to obtain one). upvoted 1 times Tmans713 Most Recent 3 weeks, 6 days ago Selected Answer: A I answered A. The question mentions that the solution is on "a portable USB" meaning a user would need to insert it into whichever PC they're transmitting transactions from. Not necessarily contained to one computer as some have stated. 淘宝店铺:https://shop63989109.taobao.com/ upvoted 2 times HCM1985 3 weeks, 3 days ago At first I was thinking Computer certificates, but "portable" really is the key word here. So either a User certificate or a self signed could work. I'd go with a User's. upvoted 1 times RevolutionaryAct 1 month, 2 weeks ago User certificates are bound to 1 user, and this solution is supposed to be for any computer uploading/transmitting, which means it has more than one user and thus cannot be a user certificate. Ditto user certificates: "Computer Certificate Templates are intended to be bound to a single computer entity to provide identity and/ or encryption services for that computer" https://www.sciencedirect.com/topics/computer-science/computer-certificate 店 Root certificate wouldn't apply as it comes from a certified authority (CA). 铺 店 铺 ; Self-signed is referring various 学 to the USB being added to the computers which are currently uploading with; 学 users/computers, so this is a separate 习 习 thing from both. 小 小 upvoted 1 times 店 店 66 66 ApplebeesWaiter1122 1 month, 3 weeks ago Selected Answer: A A user certificate, also known as a client certificate, is the best certificate type for the given requirements. User certificates are used to identify and authenticate individual users or clients, and they can be stored on a portable USB device. When a user wants to perform a secure transaction, they can insert the USB device into any computer, and the certificate stored on the device will be used to establish a secure connection and validate the user's identity. This allows for secure online submission of documents while maintaining portability and ease of use for the users. upvoted 2 times Protract8593 2 months ago Selected Answer: A Given the context of the tax organization trying to validate online submissions, the BEST certificate for their requirements would indeed be an A. User certificate. A user certificate is issued to an individual user and is used to authenticate and verify the identity of the user during online transactions. It is typically associated with an individual and allows them to securely sign and encrypt data, which aligns with the tax organization's goal of validating online submission of documents by users. The other options (B. Self-signed certificate, C. Computer certificate, and D. Root certificate) are not as suitable for this scenario. Self-signed certificates may not provide the necessary level of trust in a public environment, computer certificates are issued to devices rather than individual users, and root certificates are used to establish trust in a certificate chain but are not directly associated with user authentication. Therefore, the correct answer is A. User certificate, as it aligns with the tax organization's goal of validating online submissions by users. upvoted 3 times Protract8593 2 months ago I changed my mind. C makes the most sense here (ChatGPT's explanation): In the scenario described, where the tax organization is working on a solution to validate the online submission of documents and the solution is carried on a portable USB device that should be inserted on any computer that is transmitting a transaction securely, a computer certificate would be the most appropriate choice. A computer certificate is used to authenticate and identify a specific computer system. It allows the computer to establish secure connections and transactions. By using a computer certificate on the portable USB device, the tax organization can ensure that any computer using the device for online transactions is validated and secure. upvoted 2 times 店 铺 Protract8593 2 months ago ; 店 铺 ; Option C (Computer certificate) is the best choice because the question mentions that the solution should be carried on a portable USB device and inserted on any computer that is transmitting a transaction securely. This implies that the solution needs to be installed and utilized on different computers, and the certificate used should be associated with the computer (device) itself rather than a specific user. 学 学 习 小 店 习 小 店 6 66 the identity of the 6 of digital certificate that is issued to a computer or device. It is used to authenticate A computer certificate is a type computer and establish a secure connection between the device and the server. In this context, the tax organization wants a solution that can be carried on a portable USB device and used on different computers to securely transmit transactions. Therefore, using a computer certificate on the USB device ensures that each computer the device is plugged into can be securely authenticated and trusted for transmitting transactions. upvoted 1 times Protract8593 2 months ago While user certificates are used to authenticate individual users, they are typically associated with user-specific actions, such as user authentication to access specific resources or services. In this scenario, a computer certificate is more appropriate because the focus is on securing the transactions on the computer level, not user-level authentication. upvoted 1 times muhaimin 4 months, 3 weeks ago A user certificate could also be a valid option depending on the specific requirements and use case of the tax organization's solution. A user certificate is issued to an individual user and is used to verify the identity of the user. 淘宝店铺:https://shop63989109.taobao.com/ If the tax organization requires the USB device to be used by a specific individual or group of individuals, then a user certificate would be appropriate. The user certificate would be stored on the USB device and would be used to verify the identity of the user when they insert the device into a computer to transmit a transaction securely. However, if the tax organization requires the USB device to be used by any computer to securely transmit transactions, then a computer certificate would be more appropriate. The computer certificate would be stored on the USB device and would be used to verify the identity of the device transmitting the transaction. upvoted 1 times ortizj118 5 months ago User Certificate is correct upvoted 1 times Yawannawanka 5 months ago Based on the requirements provided, the best certificate to use would be a user certificate. A user certificate is issued to a specific user and can be stored on a portable USB device. It can be used for authentication purposes when the user is transmitting a transaction securely from any computer. In contrast, a computer certificate is issued to a specific computer, while a root certificate is used to establish trust with a particular certificate authority (CA). A self-signed certificate is a certificate that is signed by the entity whose identity it certifies. However, it may not be the best option for this scenario as it may not be recognized by other systems. upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 DylanB2868 5 months ago 店 66 66 Selected Answer: C The USB authenticates the Computer not the User. upvoted 1 times Handsomeware 5 months, 1 week ago Selected Answer: C Chatgpt : Based on the given requirements, the BEST certificate for this scenario would be a Computer certificate. A Computer certificate is issued to a computer or device and is used to authenticate the identity of the computer or device in a network environment. This certificate is typically used to provide secure communication between a client computer and a server. In this scenario, the portable USB device needs to be inserted into any computer that is transmitting a transaction securely. By having a Computer certificate, the USB device can authenticate itself and the computer it is being inserted into, providing a secure and reliable way to validate online document submissions. User certificates are used to authenticate individual users, self-signed certificates are not recommended for production use, and Root certificates are used to sign other certificates and are typically used in a public key infrastructure (PKI) environment. upvoted 2 times Herb30 5 months, 2 weeks ago https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/creating-certificates-for-usb-storage-devices upvoted 1 times fouserd 5 months, 2 weeks ago Selected Answer: C A computer certificate, also known as a machine certificate, is issued to a computer or device to authenticate it in a network environment1. Computer certificates can be installed on a portable USB device and used to securely authenticate and encrypt transactions when inserted into any computer upvoted 1 times ganymede 5 months, 2 weeks ago Selected Answer: A 店 A. User certificate 铺 ; you would need a user certificate to digitally sign the documents. To validate a document 学 习 upvoted 1 times 小 店 monzie 5 months, 4 weeks ago 6 6 店 铺 ; 学 习 小 店 66 Selected Answer: C The BEST certificate for these requirements would be a computer certificate. A computer certificate, also known as a machine certificate, is issued to a computer or device and verifies the identity of the device when it connects to a network or communicates with other devices. In this case, the portable USB device needs to be validated when it is inserted into any computer for transmitting a transaction securely, which can be achieved by using a computer certificate. upvoted 2 times cutemantoes 6 months ago Correct me if im wrong, but i thought you cant use Root certificates on a network-connected machine. I thought it was only offline to create intermediary certificates... right? Im not sure. It says to validate 'online' submissions. That would have to be network connected right? So in this case, wouldn't it be stupid to use a root certificate on it regardless of how its being transferred or used? I'd probably go with A if not D in this Case. upvoted 1 times Omi0204 6 months, 2 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ A: User Certificate upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #142 A routine audit of medical billing claims revealed that several claims were submitted without the subscriber's knowledge. A review of the audit logs for the medical billing company's system indicated a company employee downloaded customer records and adjusted the direct deposit information to a personal bank account. Which of the following does this action describe? A. Insider threat B. Social engineering C. Third-party risk 店 店 铺 D. Data breach 铺 ; ; 学 学 习 习 小 Correct Answer: A 小 店 店 66 Community vote distribution 66 A (100%) i_bird 1 year ago Highly Voted Selected Answer: A going to jail..lol upvoted 14 times joelitof 11 months, 4 weeks ago xD rip that person upvoted 2 times ApplebeesWaiter1122 Most Recent 1 month, 3 weeks ago Selected Answer: A The action described in the scenario involves an employee of the medical billing company who abused their authorized access to the system to download customer records and manipulate direct deposit information for fraudulent purposes. This behavior is considered an insider threat because it involves a trusted individual within the organization using their access privileges to perform unauthorized and malicious actions. Insider threats are a significant concern for organizations as they can pose a serious risk to data security and privacy. upvoted 1 times Protract8593 2 months ago Selected Answer: A In this scenario, the employee of the medical billing company downloaded customer records and manipulated direct deposit information for personal gain. This type of action represents an insider threat, which refers to potential risks posed to an organization by its own employees, contractors, or other trusted individuals who have access to sensitive information and systems. The insider threat is a significant concern for organizations, and it's essential to implement proper security measures and monitoring to detect and prevent such malicious activities. upvoted 1 times Omi0204 6 months, 1 week ago Question is asking about Action so it is Data Breach. 店 店 Answer D is correct. upvoted 1 times 铺 铺 ; ; 学 习 NerdAlert 5 months, 4 weeks ago 小 店 it says what does this action DESCRIBE? It describes an insider threat upvoted 1 times 66 学 习 小 店 66 P_man 5 months, 4 weeks ago are you deliberately trying to cause people to fail this exam? While a data breach did occur, it was accomplished by an EMPLOYEE, so Insider Threat is the correct answer here. upvoted 2 times RonWonkers 1 year ago Selected Answer: A It is A, company employee = insider threat upvoted 4 times comeragh 1 year ago Selected Answer: A A - Insider Threat 淘宝店铺:https://shop63989109.taobao.com/ upvoted 4 times tibetbey 1 year ago Selected Answer: A Insider threat is the potential for an insider to use their authorized access or understanding of an organization to harm that organization upvoted 3 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #143 A recent audit cited a risk involving numerous low-criticality vulnerabilities created by a web application using a third-party library. The development staff state there are still customers using the application even though it is end of life and it would be a substantial burden to update the application for compatibility with more secure libraries. Which of the following would be the MOST prudent course of action? A. Accept the risk if there is a clear road map for timely decommission. B. Deny the risk due to the end-of-life status of the application. C. Use containerization to segment the application from other applications to eliminate the risk. D. Outsource the application to a third-party developer group. 店 铺 铺 ; ; 学 Correct Answer: C 学 习 Community vote distribution 习 小 小 店 66 A (54%) [Removed] 店 Highly Voted 店 66 C (46%) 1 year ago Selected Answer: C I think C is correct. You shouldn't have to take any risk at all if you can containerize the application. The goal of containerization is to isolate an application to prevent malware, intruders, system resources or other applications from interacting with the application – and any of its sensitive information — secured by the container. upvoted 38 times scarceanimal 7 months, 2 weeks ago Prudent: acting with or showing care and thought for the future. in this case C is not much of a prudent course of action, A specifies a "clear road for timely decommission" hence it being a better choice. Along with it being low risk it's a clear A. upvoted 5 times scarceanimal 7 months, 2 weeks ago i think this video will help https://www.youtube.com/watch?v=dQw4w9WgXcQ upvoted 33 times T4IT 7 months ago you made my day with this video, now I feel confident about passing the test. upvoted 7 times zits88 1 month, 1 week ago Bravo. Thank you for sharing this insightful video. upvoted 2 times Abdul2107 5 months ago C is clear for future for "more security risks" upvoted 1 times [Removed] 1 year ago Resource:https://www.proofpoint.com/sites/default/files/pp-containerization-and-app-reputation.pdf upvoted 2 times 店 店 铺 ; Voted 1 year ago stoneface Highly学 习 小 Selected Answer: A 店 66there is a clear road map for timely decommission -> IMO they should Accept the risk if 铺 ; 学 习 小 店 66 upvoted 19 times slenderjim 5 months ago You right bby upvoted 3 times deeden 1 year ago I agree with A. The web app will have the same threat vector 3rd-party library even after containerization, and is rated as low risk vulnerability. upvoted 6 times rline63 Most Recent 3 weeks, 2 days ago Selected Answer: A While C is an effective strategy to minimize the risk of this application, elimination is not a risk management strategy. C would result in a risk still, just a smaller one. Mitigation however is a risk management strategy. upvoted 1 times 淘宝店铺:https://shop63989109.taobao.com/ sujon_london 1 month, 2 weeks ago Selected Answer: A Using containerization can help mitigate risks, but it might not fully eliminate the risk of vulnerabilities. Containerization involves isolating applications and their dependencies within containers, which can add an extra layer of security and isolation. However, it won’t eliminate vulnerabilities within the application code or the third-party library itself. Containerization can limit the potential impact of vulnerabilities by containing them within the isolated environment. This can be particularly useful if the application interacts with other systems. However, it’s important to note that security updates and patches for the application and the third-party library would still be required to address the vulnerabilities at their source. So, while containerization can be a valuable step to reduce risks, it’s unlikely to fully eliminate all risks associated with the low-criticality vulnerabilities. In this case A should be chosen prudently upvoted 1 times 店 店 铺 铺 4vv 1 month, 2; weeks ago ; 学 学 These questions constantly 习 have you thinking if you're overthinking it or if youre underthinking it. 习 小 小 upvoted 2 times 店 店 6 66 Abdul2107 1 month, 3 weeks ago 6 Selected Answer: A A. Is correct. Keyword as mentioned by @scarceanimal, is “prudent” which means for “future” upvoted 1 times ApplebeesWaiter1122 1 month, 3 weeks ago Selected Answer: A While addressing the vulnerabilities and updating the third-party library would be the ideal solution, the development staff has stated that updating the application would be a substantial burden. In such cases, it may not be immediately feasible to fix all vulnerabilities. However, if there is a clear road map and plan in place to decommission the application in the near future, the organization can accept the risk for the time being while minimizing exposure. It is important to have a risk management plan in place, which includes monitoring the vulnerabilities and having a decommissioning plan in order to address the risks in the long term. Organizations should also implement compensating controls and security measures to reduce the impact of the vulnerabilities until the application can be decommissioned. upvoted 1 times Nikamy 1 month, 3 weeks ago Selected Answer: C C because of the prudent appraoch upvoted 2 times Protract8593 2 months ago Selected Answer: A Accepting the risk means acknowledging the vulnerabilities and deciding not to take further action to address them immediately. However, having a clear plan for decommissioning the application in a timely manner demonstrates that the organization is actively working to eliminate the risk in the long run. While there are low-criticality vulnerabilities in the web application due to the use of a third-party library, the development staff states that updating the application for compatibility with more secure libraries would be a substantial burden, and the application is already end-of-life. In this situation, accepting the risk with a clear plan to decommission the application in a timely manner would be the most prudent course of action. This decision acknowledges the risk while also taking steps to address it by eventually phasing out the application and minimizing the security exposure in the long term. upvoted 1 times 店 店 铺 铺 Aie_7 2 months, ;1 week ago ; 学 学 Selected Answer: A 习 小web application are low-criticality, and the application is end-of-life. This means习that 小the application is no longer The risks associated with the 店 店 being actively developed or maintained, and there is a risk that the third-party library could become obsolete or insecure. 66 66 However, the development staff has stated that there are still customers using the application, and it would be a substantial burden to update the application for compatibility with more secure libraries. In this case, the most prudent course of action is to accept the risk if there is a clear road map for timely decommissioning. This means that the organization should have a plan to sunset the application and migrate its users to a more secure platform upvoted 1 times jb844 3 months, 1 week ago Selected Answer: A because of literal meaning of "Most Prudent" only, C is good choice BUT, "Eliminate Risk" is not attainable, there is some risk always even if insignificant or low... upvoted 3 times Essi 4 months ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: A A. Accept the risk if there is a clear road map for timely decommission. Here's why: Given that the application is end-of-life and there are still customers using it, it is important to maintain functionality until it can be properly decommissioned. The risks posed by low-criticality vulnerabilities may be acceptable if a solid plan for decommissioning the application is in place. Containerization (option C) can provide some level of isolation but it doesn't eliminate the vulnerabilities within the application itself. Denying the risk (option B) doesn't actually mitigate it. The vulnerabilities remain whether they are denied or not. Outsourcing to a third-party developer group (option D) may be unnecessary and costly, especially for an application that is reaching its end of li upvoted 1 times 店 店 Xabovion 4 months, 1 week ago 铺 Selected Answer: A; 铺 ; 学 学the risk. I think the key is the low level Answer C states that the risk will be eliminated, which is not correct. It will isolate the app, but not remove 习 习 vulns. You can accept them 小as risk, if there is a decomission plan. I would go with A. 小 店 店 upvoted 1 times 66 66 Kaps443 4 months, 3 weeks ago Selected Answer: A A. Accept the risk if there is a clear road map for timely decommission. This option acknowledges the risk posed by the vulnerable third-party library but also recognizes the practical limitations in updating the application. By having a clear plan for decommissioning the application, the risk can be accepted temporarily while still working towards a resolution in the long term. This approach balances the need for security with the practical realities of maintaining legacy systems. Option B is not a practical solution as it ignores the risks and vulnerabilities in the current system. Option C may help to contain the risks of the vulnerable application but does not address the root cause of the vulnerabilities. Option D is not a suitable solution as outsourcing the application to a thirdparty group does not necessarily eliminate the risks posed by the vulnerable library. upvoted 1 times Abdul2107 5 months ago Selected Answer: C I think C is the answer, because A is conditions, there's "If" in the solution, so in case there was no clear road map, what should do? upvoted 2 times Yawannawanka 5 months ago Option A - Accept the risk if there is a clear roadmap for timely decommission - would be the MOST prudent course of action. The risk has been identified, and the development staff has already stated that updating the application with more secure libraries would be a substantial burden. Therefore, it would be acceptable to accept the risk and plan for timely decommission of the application. It is important to have a clear roadmap with deadlines and timelines to ensure that the decommission is carried out in a timely manner. Option C - Use containerization to segment the application from other applications to eliminate the risk - could also be a valid option, but it would require additional resources and expertise to implement. The other two options, B - Deny the risk due to the end-of-life status of the application, and D - Outsource the application to a thirdparty developer group, are not practical solutions as they do not address the identified risk. upvoted 1 times staoic 5 months, 1 week ago Selected Answer: C Answer C because it will "eliminate the risk" instead of taking a risk even if it's a very low risk. Eliminate the risk is better than taking a risk. Don't you agree? upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #144 A security analyst is evaluating solutions to deploy an additional layer of protection for a web application. The goal is to allow only encrypted communications without relying on network devices. Which of the following can be implemented? A. HTTP security header B. DNSSEC implementation C. SRTP D. S/MIME 店 店 铺 Correct Answer: A 铺 ; ; 学 Community vote distribution 习 学 习 小 A (92%) 店 66 stoneface Highly Voted 小 店 8% 66 1 year ago Selected Answer: A When enabled on the server, HTTP Strict Transport Security (HSTS), part of HTTP Security header, enforces the use of encrypted HTTPS connections instead of plain-text HTTP communication. upvoted 28 times comeragh Highly Voted 1 year ago Selected Answer: A I would agree with A on this one S/MIME - relates to email SRTP - relates to VOIP upvoted 6 times hrncgl Most Recent 2 weeks, 3 days ago The original recommendation of A. HTTP security header (specifically HTTP Strict Transport Security or HSTS) is the most common and effective method for enforcing encrypted communications for web applications. HSTS is specifically designed to ensure that web browsers use secure HTTPS connections for all interactions with a web application, thereby enforcing encryption. If the goal is to secure a web application and enforce encryption for all communications, HSTS is the appropriate solution. SRTP, on the other hand, is typically associated with securing real-time communication protocols like VoIP and is not designed for securing web applications. upvoted 1 times ApplebeesWaiter1122 1 month, 3 weeks ago Selected Answer: A To allow only encrypted communications for a web application without relying on network devices, a security analyst can implement HTTP security headers. These headers are added to the web application's HTTP response and provide instructions to the client's web browser on how to interact with the web application securely. One specific HTTP security header that can be implemented for this purpose is the "Strict-Transport-Security" (HSTS) header. When the web server sends the HSTS header to the client's browser, it instructs the browser to only access the web application over HTTPS (encrypted HTTP) for a specified period. This helps prevent any insecure connections and ensures that all communication between the client and the web application is encrypted. upvoted 2 times 店 铺 Protract8593 2 months ago ; 学 店 铺 ; 学 习 习 web application. One of the HTTP security headers are小 a set of HTTP response headers that a web server can use to enhance the security of a 小 店 Transport Security (HSTS) header, which allows a website to specify that it should店 security headers is the HTTP Strict a 66 By implementing the HSTS header, the web application can enforce encryptedonly 66be accessed over secure, encrypted connection (HTTPS). communications and Selected Answer: A prevent insecure connections. This additional layer of protection helps ensure that communications between the client and the server are encrypted, without relying solely on network devices for security. upvoted 1 times Yawannawanka 5 months ago HTTP security headers can be used to enforce secure communication between a web application and the client's web browser, ensuring that only encrypted traffic is allowed. Therefore, the correct answer is A. HTTP security header. DNSSEC implementation is used to secure the DNS infrastructure and does not provide additional protection for a web application. SRTP is used to secure real-time communication such as VoIP, and S/MIME is used to encrypt email messages. upvoted 3 times ThreeKings 5 months, 2 weeks ago Selected Answer: A The questions asks to deploy an additional layer of protection for a WEB APPLICATION (emphasis added); this points to HTTP with security header. The question also uses the term ENCRYPTED COMMUNICATIONS (emphases added),which might point to SRTP IF the nature of the 淘宝店铺:https://shop63989109.taobao.com/ communicaiton involves voice, video &/or mulitmedia. Because the question does not include voice/video/multimedia verbiage and because the question more explictily includes a (browser based) web applicaiton, HTTP with security header is a better fit. upvoted 2 times fouserd 5 months, 3 weeks ago Selected Answer: A initially i went with A but after asking Bing Chat this is what she said: The solution that can be implemented to allow only encrypted communications without relying on network devices is SRTP1. SRTP stands for Secure Real-time Transport Protocol and is used to provide confidentiality, message authentication, and replay protection to RTP (Real-time Transport Protocol) traffic1. upvoted 1 times elcan_22 5 months, 3 weeks ago Selected Answer: C 店 店 The correct answer is C. SRTP (Secure Real-time Transport Protocol) is a cryptographic protocol designed to provide secure communication for voice and video traffic over the Internet, typically used in VoIP (Voice over IP) applications. By implementing SRTP, the web application can ensure that all communications are encrypted end-to-end, without relying on network devices to enforce security. 铺 铺 ; ; 学 学 习 习 小 小 DNSSEC (Domain Name HTTP security headers can enhance the security of web applications, but they do not provide end-to-end encryption. 店 店 encryption for web System Security Extensions) is a protocol 66 that provides integrity and authentication to DNS data, but it does not provide 66 application communications. S/MIME (Secure/Multipurpose Internet Mail Extensions) is a protocol used for securing email communications, but it is not typically used for web application security. upvoted 2 times HCM1985 3 weeks, 3 days ago But SRTP would only be appliable for web applications that use some sort of WebRTC, no? upvoted 1 times monzie 5 months, 4 weeks ago Selected Answer: C The solution that can be implemented to allow only encrypted communications without relying on network devices for a web application is option C, SRTP (Secure Real-Time Transport Protocol). SRTP is a security extension of the RTP (Real-Time Transport Protocol) used for multimedia communications, such as voice and video. It provides confidentiality, integrity, and replay protection for the RTP traffic. This will ensure that the web application only uses encrypted communications, even if the network devices are not enforcing encryption. upvoted 1 times konanna 6 months, 1 week ago Selected Answer: C C. SRTP (Secure Real-time Transport Protocol) can be implemented to allow only encrypted communications without relying on network devices. SRTP is a protocol designed to provide encryption, message authentication, and integrity for real-time multimedia communication, such as voice and video over IP networks. By implementing SRTP, the web application can ensure that all communications are encrypted, even if they traverse untrusted networks or devices. HTTP security headers, DNSSEC implementation, and S/MIME are all useful security measures, but they do not directly address the goal of allowing only encrypted communications without relying on network devices. HTTP security headers are used to improve web application security by providing additional protections against various types of attacks, such as XSS and CSRF. DNSSEC is used to ensure the authenticity and integrity of DNS information, preventing DNS spoofing attacks. S/MIME is used to provide encryption and digital signatures for email communications. upvoted 1 times konanna 6 months, 1 week ago Its A never trust chatgpt upvoted 5 times uveal 6 months, 3 weeks ago 店 店 SRTP IS The solution that can be implemented to allow only encrypted communications without relying on network devices . HTTP security header, is used to enhance the security of web applications, but it doesn't provide end-to-end encryption. upvoted 1 times 铺 铺 ; 学 习 ronniehaang 7 months, 3小 weeks 店 ago 66 Selected Answer: A ; 学 习 小 店 66 A. HTTP security header - An HTTP security header can be added to the web application to enforce the use of encryption for all communication. This header can specify the use of Transport Layer Security (TLS) or Secure Sockets Layer (SSL) protocols to ensure that all data transmitted between the web server and client is encrypted. The header can also configure various security-related options such as disabling caching, preventing cross-site scripting (XSS) attacks, and mitigating cross-site request forgery (CSRF) attacks. HTTP security headers include: Strict-Transport-Security (HSTS) X-XSS-Protection X-Content-Type-Options X-Frame-Options Content-Security-Policy Note: HTTP security headers are not a replacement for encryption but rather a way to enforce encryption. upvoted 4 times 淘宝店铺:https://shop63989109.taobao.com/ rhocale 9 months, 1 week ago i thought HTTP isn't secure upvoted 1 times scarceanimal 7 months, 2 weeks ago *HTTP security header* upvoted 1 times deeden 1 year ago Selected Answer: A https://www.youtube.com/watch?v=064yDG7Rz80 upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #145 A company labeled some documents with the public sensitivity classi cation. This means the documents can be accessed by: A. employees of other companies and the press. B. all members of the department that created the documents. C. only the company's employees and those listed in the document. D. only the individuals listed in the documents. Correct Answer: C 店 店 铺 Community vote distribution ; 学 习 铺 ; 学 习 A (98%) 小 小 店 stoneface 店 66 Highly Voted 66 1 year ago Selected Answer: A Public (unclassified)—there are no restrictions on viewing the data. Public information presents no risk to an organization if it is disclosed but does present a risk if it is modified or not available. upvoted 33 times stonefaces_kitten 10 months, 1 week ago Thank you (: upvoted 10 times Boubou480 Highly Voted 8 months, 2 weeks ago Selected Answer: A A company labeled some documents with the public sensitivity classification means that the documents can be accessed by employees of other companies and the press. The public sensitivity classification indicates that the documents are intended for public access and can be shared with a wide audience, including employees of other companies and members of the media. This classification is often used for documents that contain information that is not sensitive or confidential and that can be shared freely with the public. In contrast, documents with other sensitivity classifications, such as "confidential" or "private," may have more restricted access and may only be shared with a limited group of individuals, such as employees of the company or those listed in the document. upvoted 6 times P_man 5 months, 4 weeks ago This clarification helps. Thank you. I was reading it as C, but I think A is correct now. upvoted 1 times Abbey2 Most Recent 2 weeks ago Wondering how 98% of the people voted the wrong answer! upvoted 1 times grumpy_farmer 3 weeks, 5 days ago Access vs distribution they weren't distributed but are able to be accessed.. they are stupid on semantics upvoted 1 times RevolutionaryAct 1 month, 2 weeks ago I think the real question is where are these documents located? If they are on internal servers not public facing then C, otherwise the answer is A upvoted 1 times 店 铺 ; 学 习 ApplebeesWaiter1122 1 month, 3 weeks ago 小 Selected Answer: A 店 66 店 铺 ; 学 习 小 店 Public: Information that is intended for unrestricted public access and does not contain sensitive or confidential data. upvoted 2 times 66 Protract8593 2 months ago Selected Answer: A Documents labeled with the "public" sensitivity classification are accessible to anyone, including employees of other companies and the press. This classification means there are no restrictions on viewing the data, and it is considered public information. upvoted 1 times fouserd 4 months, 3 weeks ago Selected Answer: A I think the key word for this one is "Public" Sensitivity Classification. upvoted 1 times MasterControlProgram 5 months, 3 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: A The public sensitivity classification means that the documents can be accessed by anyone, including individuals outside of the company. Therefore, the correct answer is: A. employees of other companies and the press. upvoted 1 times assfedass nished 5 months, 4 weeks ago Selected Answer: C I think the correct answer is C, as I read the question and the provided answers, it made me think of U/FOUO designation, or Unclassified/For Official Use Only. This designation indicates that the document with those markings are unclassified, but not appropriate for public release. I am biased, since that is primarily my background. upvoted 1 times Ahmed_aldouky 6 months, 4 weeks ago 店 铺 店 铺 If a company has labeled some documents with the public classification, it means that the documents can be accessed by anyone who has access to the documents, including employees of other companies and the press. ; ; 学 学 习 Option A, employees of other 小 companies and the press, is the correct answer. The public classification means习that小the documents are not 店 be shared with anyone who needs to access them. 店 confidential or sensitive and can 66 66 Option B, all members of the department that created the documents, is incorrect because the public classification does not limit access to a specific department or group of individuals. Option C, only the company's employees and those listed in the document, is incorrect because the public classification means that the documents are not restricted to the company's employees or any specific individuals. Option D, only the individuals listed in the documents, is incorrect because the public classification means that the documents can be accessed by anyone who has access to them, not just the individuals listed in the documents. upvoted 1 times Deeppain90 8 months, 1 week ago owww I get it now its "company labeled some documents with the public sensitivity classification" so DOCUMENTS in company even if they are unclassified are not for shere, from answer C is the one (sorry for my gramar) upvoted 5 times Deeppain90 8 months, 1 week ago Selected Answer: A WHY C is the chosen answer 0o upvoted 1 times Nome02 9 months, 4 weeks ago A is the correct answer. The Public Sensitivity is Public. upvoted 1 times Gino_Slim 11 months ago Selected Answer: A I aint going to lie...I read this all the way wrong. I was thinking that it was referring to NOT allowing the public to see it. But...BUT it is classified as "Public" information. upvoted 4 times aslakhaege 1 year ago Selected Answer: A A is correct upvoted 1 times 店 店 铺 铺 k9_462 1 year ago ; Selected Answer: A ; 学 学 习 小 should be A. public is the least sensitive data class upvoted 3 times 店 66 习 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #146 Which of the following is the MOST relevant security check to be performed before embedding third-party libraries in developed code? A. Check to see if the third party has resources to create dedicated development and staging environments. B. Verify the number of companies that downloaded the third-party code and the number of contributions on the code repository. C. Assess existing vulnerabilities affecting the third-party code and the remediation e ciency of the libraries' developers. D. Read multiple penetration-testing reports for environments running software that reused the library. Correct Answer: C 店 店 铺 Community vote distribution ; 学 习 铺 ; 学 习 C (100%) 小 小 店 comeragh 店 66 Highly Voted 66 1 year ago Selected Answer: C I would go with C also on this one. It seems to make the most sense. upvoted 5 times Protract8593 2 months ago Most Recent Selected Answer: C Before embedding third-party libraries in developed code, it is crucial to assess the existing vulnerabilities in the third-party code and evaluate the responsiveness and efficiency of the library developers in addressing these vulnerabilities. This check helps to ensure that the third-party libraries are secure and do not introduce unnecessary risks into the developed code. The other options may provide valuable information about the third-party libraries, but assessing existing vulnerabilities and the responsiveness of the library developers is the most relevant security check in this context. upvoted 1 times SabITSec 10 months ago b is the possible answer too upvoted 1 times Imanism 11 months, 1 week ago Selected Answer: C What to be done to best prevent issues in third-party code? Establish a baseline and process for every third-party software that is introduced into the organisation, including performing a risk assessment to establish the risk associated with implementing a certain piece of code. upvoted 4 times RonWonkers 1 year ago Selected Answer: C My guess is C upvoted 3 times varun0 1 year ago 店 店 Selected Answer: C C is correct 铺 ; upvoted 3 times 铺 ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #147 A help desk technician receives an email from the Chief Information O cer (CIO) asking for documents. The technician knows the CIO is on vacation for a few weeks. Which of the following should the technician do to validate the authenticity of the email? A. Check the metadata in the email header of the received path in reverse order to follow the email's path. B. Hover the mouse over the CIO's email address to verify the email address. C. Look at the metadata in the email header and verify the ג€From:ג€ line matches the CIO's email address. D. Forward the email to the CIO and ask if the CIO sent the email requesting the documents. 店 店 铺 Correct Answer: A 铺 ; ; 学 Community vote distribution 习 习 小 店 D (41%) stoneface 学 A (39%) 66 Highly Voted C (15%) 小 店 6% 66 1 year ago Selected Answer: A https://www.cmu.edu/iso/news/2020/email-spoofing.html upvoted 12 times vandybear 10 months, 3 weeks ago The URL you provided states, "Please note that email headers can be spoofed and are not always reliable. " Wouldn't that make answer A unreliable? upvoted 5 times Sandon 8 months ago Yes, yes it would upvoted 3 times ostralo 11 months, 2 weeks ago I concur return path verification is a must. upvoted 2 times Ertrexs 7 months, 2 weeks ago what are you talking about ostralo upvoted 3 times J0EL Most Recent 2 days, 15 hours ago Selected Answer: D According to DeepAi D. Forward the email to the CIO and ask if the CIO sent the email requesting the documents. This is the best practice to validate the authenticity of the email from the CIO. Since the technician knows that the CIO is on vacation, it is possible that the email could be fake or malicious. Forwarding the email to the CIO and asking for confirmation will ensure that the email is legitimate. Checking the metadata in the email header and verifying the email address may not be sufficient as email spoofing is a common tactic used to impersonate someone else's email address. Hovering the mouse cursor over the email address is also not a reliable method of validation. Checking the metadata in the email header in reverse order may be useful, but it may not be necessary in this case. upvoted 1 times 店 店 铺 ; 学 铺 ; 学 习 习 and being like "this you?" seems I don't know why so many小 people think its D. Forwarding a possibly malicious email to anyone much less the CIO小 店is on vacation for a few weeks. He likely wouldn't reply quickly and if he did it would店 crazy especially since it says he be with "why would you 6 66 forward this to me?" 6 revolt54 3 weeks, 3 days ago upvoted 3 times Kurt43 2 days, 9 hours ago A CIO that asks why he is asked to verify a request for security purposes could go on his vacation and never come back. He must be fired ASAP. upvoted 1 times bzona 1 month ago Selected Answer: A Answer is A. The only way to verify the authenticity of the sender is to verify the return path. This is email checking 101... upvoted 2 times Kurt43 2 days, 9 hours ago A, would have been correct if it was a SOC analyst. But he's a helpdesk upvoted 1 times thisguyfucks 1 month, 1 week ago 淘宝店铺:https://shop63989109.taobao.com/ Upon comprehensive review of Network+ and Security+ email security curriculum: Forwarding potential phishing attempts risks exposing recipients unnecessarily. Tracing email routes through backward header inspection proves technically challenging and not a supported verification method. Header validation of key identity fields like "From:" against organizational records remains their endorsed initial precaution. However, with this CIO absent for an extended period, no option achieves verification singularly. The most secure approach meeting their goal of authentication without enabling compromise aligning with documented techniques is: C. Look at the metadata in the email header and verify the "From." line matches the CIO's email address. Then contact another trustworthy affiliate to corroborate any request. upvoted 2 times 店 铺 thisguyfucks 1 month, 1 week ago ; 店 铺 ; 学 学 习 of Network+ and Security+ email security curriculum: Upon comprehensive review 小 店 66 risks exposing recipients unnecessarily. Forwarding potential phishing attempts Selected Answer: C 习 小 店 66 Tracing email routes through backward header inspection proves technically challenging and not a supported verification method. Header validation of key identity fields like "From:" against organizational records remains their endorsed initial precaution. However, with this CIO absent for an extended period, no option achieves verification singularly. The most secure approach meeting their goal of authentication without enabling compromise aligning with documented techniques is: C. Look at the metadata in the email header and verify the "From." line matches the CIO's email address. Then contact another trustworthy affiliate to corroborate any request. upvoted 1 times thisguyfucks 1 month, 1 week ago Upon comprehensive review of Network+ and Security+ email security curriculum: Forwarding potential phishing attempts risks exposing recipients unnecessarily. Tracing email routes through backward header inspection proves technically challenging and not a supported verification method. Header validation of key identity fields like "From:" against organizational records remains their endorsed initial precaution. However, with this CIO absent for an extended period, no option achieves verification singularly. The most secure approach meeting their goal of authentication without enabling compromise aligning with documented techniques is: C. Look at the metadata in the email header and verify the "From." line matches the CIO's email address. Then contact another trustworthy affiliate to corroborate any request. upvoted 1 times RevolutionaryAct 1 month, 2 weeks ago Selected Answer: C A. Check the metadata in the email header of the received path in reverse order to follow the email's path. - can be spoofed B. Hover the mouse over the CIO's email address to verify the email address. - not enough 店 店 C. Look at the metadata in the email header and verify the ג€From:ג€ line matches the CIO's email address. - this one covers both 铺 铺 ; ; D. Forward the email to the CIO and ask if the CIO sent the email requesting the documents. - no because it'd be spreading phishing/malware at worst or annoy the CIO at best upvoted 2 times 学 学 习 习 小 店 66 DriftandLuna 1 month, 3 weeks ago 小 店 66 Selected Answer: D I;m going for D here. As per the link Stoneface provided "Please note that email headers can be spoofed and are not always reliable." You are not replying to the email if you choose D, you are forwarding it to the email address you know belongs to the CIO. Having the person who is supposed to have sent you the mail confirm they actually did send it leaves no doubt and is therefor the BEST way to check the request is legitimate. upvoted 2 times Nikamy 1 month, 3 weeks ago Selected Answer: D I choose D upvoted 2 times Protract8593 2 months ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: D D makes the most sense here since help desk technicians usually don't have a lot of control over this stuff and have to escalate issues to higher level IT people. Me: Isn't this true? "help desk technicians usually don't have a lot of control over this stuff and have to escalate issues to higher level IT people." ChatGPT: You are correct. Help desk technicians may not have direct access to view the email header metadata or the authority to perform indepth email analysis. In a real-world scenario, when a help desk technician receives an email that appears suspicious, it is advisable for them to escalate the issue to higher-level IT personnel or the organization's security team. These more specialized personnel can then conduct a thorough examination of the email header metadata and other relevant information to determine the legitimacy of the email... upvoted 3 times Protract8593 2 months ago ...In the context of the CompTIA Security+ SY0-601 exam, the questions often present ideal scenarios where the technician has access to certain information or actions. However, in real-world situations, the roles and access levels of help desk technicians may vary, and they may need to rely on higher-level IT personnel or security experts to handle potential security incidents. The main takeaway from the question is the importance of validating the authenticity of an email, and in a real-world setting, help desk technicians should escalate such matters to appropriate personnel for further investigation. 店 店 铺 铺 ; ; 学 学 习 习 Me: So, keeping that mind, wouldn't it be D? 小 小 店 店 66 ChatGPT: 66 Yes, in a real-world scenario where help desk technicians typically don't have access to detailed email header metadata or advanced analysis tools, the best course of action for the technician would be to escalate the issue to higher-level IT personnel or the organization's security team. Therefore, in the context of the CompTIA Security+ SY0-601 exam, the most appropriate answer would indeed be option D: "Forward the email to the CIO and ask if the CIO sent the email requesting the documents." upvoted 1 times Protract8593 2 months ago By forwarding the suspicious email to the CIO and seeking confirmation from them directly, the technician can verify the authenticity of the request and ensure that it is not a phishing attempt or fraudulent activity. It's essential to verify such requests before taking any action to prevent potential security incidents. upvoted 1 times utrone 3 months, 3 weeks ago Selected Answer: D D has a key word "Forward". It may indicate to another working email address not the one to reply. upvoted 2 times Essi 4 months ago Selected Answer: A The metadata in the email header can provide significant information about the email's origin and path. By checking this information in reverse order, the technician can verify whether the email actually originated from the CIO's email account or from a potentially malicious source. upvoted 1 times Yawannawanka 5 months ago Yes, that's correct. Checking the metadata in the email header of the received path in reverse order to follow the email's path can help validate the authenticity of an email, as it can show if the email has been forwarded or spoofed. The other options are not as effective in validating the authenticity of the email. upvoted 1 times ThreeKings 5 months, 2 weeks ago Selected Answer: D A, B and C are variations of each other. In different ways they say "Check the email header information". But A, B and C do not account for the threat of Spoofing. D provides the best assurance for security and certainty of verifying the legitimacy of the email. upvoted 3 times 店 店 铺 ; fouserd 5 months, 2 weeks ago 学 习 铺 ; 学 习 小 小 The technician should look at店 the metadata in the email header and verify the “From:” line matches the CIO’s email address. 店 This will help to 66 ensure that the email is authentic6and that it was sent by the CIO. 6 Selected Answer: C upvoted 1 times MasterControlProgram 5 months, 3 weeks ago Selected Answer: D D. Forward the email to the CIO and ask if the CIO sent the email requesting the documents. This is the best option to validate the authenticity of the email. The help desk technician can confirm with the CIO whether they indeed sent the email requesting documents. It is always good practice to verify any suspicious emails or requests, especially when they involve sensitive information or actions. Checking the metadata in the email header or hovering over the email address may provide some additional information, but they can also be spoofed or manipulated. Therefore, it is not a reliable method of verification. upvoted 1 times ffsilveira10 5 months, 1 week ago Man you are gonna email the attacker, not CIO... CIO is on vacation and not seeing the email upvoted 2 times gunnyhwyusmc 4 months, 2 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Forwarding the email to the CIO is not replying to the email. If you forward, then there is no need to worry :) upvoted 1 times 店 店 铺 铺 ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #148 A company needs to validate its updated incident response plan using a real-world scenario that will test decision points and relevant incident response actions without interrupting daily operations. Which of the following would BEST meet the company's requirements? A. Red-team exercise B. Capture-the- ag exercise C. Tabletop exercise D. Phishing exercise 店 店 铺 Correct Answer: C 铺 ; ; 学 Community vote distribution 习 习 小 店 C (65%) TR3Y 学 66 D (20%) 小 店 A (15%) 66 1 year ago Highly Voted A Cyber Security tabletop exercise is a discussion-based event (not real). If they are looking for "real world" solution to validate their IRP then the best option would be a "Red Team" as they can simulate a real-world event testing your organizations IRP. let me know If I am missing something. upvoted 10 times 03allen 11 months, 1 week ago "without interrupting daily operation" would be the reason. upvoted 11 times Protract8593 2 months ago Most Recent Selected Answer: C A tabletop exercise is a type of scenario-based simulation that allows organizations to validate their incident response plan without executing the plan in a real-world environment. It involves a discussion-based approach, where key stakeholders come together in a controlled environment to walk through a hypothetical incident and discuss their responses, decision points, and actions. This exercise allows the organization to identify areas of improvement, test communication and coordination, and assess the effectiveness of their incident response procedures without disrupting regular operations. upvoted 1 times LiteralGod 2 months ago Selected Answer: A Guys a Tabletop exercise would still interrupt daily operations, whereas a red team would usually be subbed to a third party. upvoted 1 times Kurt43 2 days, 8 hours ago agreed. pulling resources from their desk to do tabletop interrupts their regular office functions. upvoted 1 times LeonardSnart 4 months ago Selected Answer: C key point- test decision points and relevant incident response actions without interrupting daily operations "A tabletop exercise (also called a desktop exercise) is discussion-based. A coordinator gathers participants in a classroom or conference room and leads them through one or more hypothetical scenarios such as a cyberattack or a natural disaster. As the coordinator introduces each stage of the scenario, the participants identify how they would respond based on an organization’s plan. This generates discussion about team members’ roles and responsibilities and the decision-making process during an incident." -Security+ Get Certified Get Ahead SY0-601 by Darril Gibson upvoted 2 times 店 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 fouserd 5 months, 1 week ago Selected Answer: C A tabletop exercise would BEST meet the company’s requirements as it is designed to simulate an incident in a low-risk environment, such as a conference room, where participants discuss and walk through the response plan and identify gaps and opportunities for improvement1. This type of exercise tests decision points and relevant incident response actions without interrupting daily operations upvoted 1 times assfedass nished 5 months, 3 weeks ago Selected Answer: C It's table top. The other activities, even a phishing exercise, interrupts daily activities. For the phishing activity, you receive a non-work related email, that interrupts your daily activities. upvoted 1 times MasterControlProgram 5 months, 3 weeks ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: C A tabletop exercise would BEST meet the company's requirements as it is designed to simulate an incident in a low-risk environment, such as a conference room, where participants discuss and walk through the response plan and identify gaps and opportunities for improvement. It would allow decision points to be tested, relevant incident response actions to be evaluated, and facilitate discussion of response and recovery procedures without interrupting daily operations. Red-team exercises, capture-the-flag exercises, and phishing exercises are all designed to simulate real-world attacks and test specific security controls, and may not be suitable for validating an incident response plan. upvoted 1 times gladtam 6 months ago The tabletop exercise is a verbally-simulated scenario that mimics a real cybersecurity incident which could have a damaging impact on your business continuity. upvoted 2 times mvckenzi 6 months, 3 weeks ago Selected Answer: A 店 We're testing decision points and incident response actions. The answer is A. 铺 店 铺 ; ; It's definitely not capture 学 the flag. 学 习away from daily ops. 习 It's not TTXs. Those take 小 小 and we're testing out our Phishing exercises isn't wrong, but red-table exercises would be the most correct fit since the network is being attacked 店 店 current incident response. 66 66 upvoted 1 times MSCerti cations 8 months ago Selected Answer: D I'll go with phishing upvoted 1 times nicekoda 8 months, 3 weeks ago Answer is Red team exercise. The actions are real world and intended to simulate the operational approach of a ransomware-style attack without overwriting sensitive files. upvoted 1 times alwaysrollin247 9 months, 1 week ago Selected Answer: A Red Team exercises differ from penetration testing in that they don’t focus on a single application or system, but instead set out to exploit multiple systems and potential avenues of attack. The gloves are off, and “Think like an attacker” is the rule of play. Usually, Red Teams are part of your internal security team, though sometimes they can be from external or dedicated agencies. While thinking like an attacker, a Red Team group acts as (and provides security feedback from the perspective of) a malicious threat or challenger. It’s up to the business’s dedicated security team – the Blue Team – to provide a suitable response in detecting, combating, and weakening their opposition. Prior to the Red Team exercise, it’s usual that the Blue Team won’t know the plan or what is coming. This is in order to make the exercise as realistic as possible. https://www.imperva.com/blog/what-are-red-team-exercises-and-why-are-they-important/ upvoted 1 times KingTre 9 months, 2 weeks ago Selected Answer: D Although table top is a the most voted answer , "without interruping daily operations" leads me to think D would be correct. Tabletops involve physical participants to sit down and talk through incidents. This would take time and people away from daily operations. A phishing tactic could be done by 1 security officer and sent out as a daily email. Correct me if I'm wrong. upvoted 3 times ja1092m 1 month ago That's not what they mean by "daily operations" that's why you're getting confused. Daily operation is referring to technical work imo upvoted 1 times 店 店 铺 铺 ; ; 学 习 assfedass nished 5 months, 3 weeks ago 小 Your phishing email would disrupt the daily activities of anyone who receives that email. upvoted 1 times 店 66 RonWonkers 1 year ago Selected Answer: C C is correct upvoted 3 times serginljr 1 year ago Selected Answer: C C is the correct answer upvoted 4 times 学 习 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #149 Security analysts are conducting an investigation of an attack that occurred inside the organization's network. An attacker was able to collect network tra c between workstations throughout the network. The analysts review the following logs: The Layer 2 address table has hundreds of entries similar to the ones above. Which of the following attacks has MOST likely occurred? 店 店 铺 ; A. SQL injection 铺 ; 学 学 习 习 小 小 店 B. DNS spoo ng 店 66 C. MAC ooding 66 D. ARP poisoning Correct Answer: C Community vote distribution C (100%) rodwave 10 months, 2 weeks ago Highly Voted Selected Answer: C Answer: MAC flooding The question mentions that the table is on Layer 2 which is the Data link layer. The data-link layer is where switches operates on to move traffic. Switches will use MAC addresses to find the physical address of the device. This is because the Layer 2 address(MAC Address) will be unique on the local network. MAC flooding is a cyber attack that overflows the MAC Table (Layer 2 Table) of switches by sending out invalid MAC addresses. When a MAC Address table is full, the switch is no longer able to save new addresses, so it will enter into fail-open mode and begin broadcasting data (like a hub) to all ports. This will allow an attacker to get data packets intended for another computer and be able to steal sensitive information. upvoted 18 times Protract8593 2 months ago Most Recent Selected Answer: C In MAC flooding (also known as MAC address table overflow attack), an attacker sends a large number of frames to a network switch with fake source MAC addresses, causing the switch's MAC address table to become full. When the MAC address table is full, the switch will operate in "failopen" mode and start broadcasting traffic to all ports instead of sending it only to the appropriate port, effectively turning it into a hub-like behavior. This allows the attacker to capture network traffic from multiple workstations on the network, as mentioned in the scenario. upvoted 1 times Yawannawanka 5 months ago 店 店 Based on the provided information, the attack that MOST likely occurred is MAC flooding, as the Layer 2 address table has hundreds of entries that are overwhelming the switch's ability to forward frames efficiently. This is a common technique used in denial-of-service (DoS) attacks, where the attacker floods the switch's MAC address table with fake addresses, causing it to slow down or stop forwarding frames altogether. SQL injection and DNS spoofing are application layer attacks, while ARP poisoning involves modifying ARP tables to redirect network traffic. upvoted 1 times 铺 铺 ; ; 学 学 习 习 小 店 fouserd 5 months, 2 weeks ago 66 小 店 66 Selected Answer: C The attack that has most likely occurred is MAC flooding. MAC flooding is a type of network attack that involves sending a large number of frames with different source MAC addresses to a switch. This causes the switch to flood its address table and forward all traffic to all ports, allowing an attacker to collect network traffic between workstations throughout the network. upvoted 1 times deeden 1 year ago Selected Answer: C I agree with MAC flooding. Here's a good read about it and how to prevent. https://www.omnisecu.com/ccna-security/what-is-mac-flooding-attack-how-to-prevent-mac-flooding-attack.php upvoted 3 times RonWonkers 1 year ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: C Hundreds of entries, I would assume its flooding upvoted 4 times _Tyler_ 1 year ago Selected Answer: C All the other answers involve an attack that changes data that is already present this question states that there are hundreds of entries indicating flooding. upvoted 4 times ScottT 1 year ago and Layer 2 ruling out SQL and DNS upvoted 2 times Yuyuyakuza 1 year ago 店 店 铺 铺 Mac Flooding "Layer 2.." upvoted 1 times ; ; 学 学 习 习 小 小 店 店 66 店 66 店 铺 铺 ; ; 学 学 习 习 小 店 66 小 店 66 淘宝店铺:https://shop63989109.taobao.com/ Topic 1 Question #150 A security policy states that common words should not be used as passwords. A security auditor was able to perform a dictionary attack against corporate credentials. Which of the following controls was being violated? A. Password complexity B. Password history C. Password reuse D. Password length 店 店 铺 Correct Answer: A 铺 ; ; 学 Community vote distribution 习 学 习 小 A (91%) 店 66 rodwave Highly Voted 4% 小 店 66 10 months, 2 weeks ago Selected Answer: A Answer: Password complexity Password complexity is a measure of how difficult a password is to guess in relation to any number of guessing or cracking methods. For the security auditor to be able to successfully perform a dictionary attack, that means that the credentials were too predictable and was likely a common password. upvoted 9 times Protract8593 Most Recent 2 months ago Selected Answer: A The security policy states that common words should not be used as passwords, which implies that the passwords should have certain complexity requirements to avoid using easily guessable passwords. A dictionary attack is an attempt to crack passwords by systematically trying words from a dictionary, and it can be successful when passwords lack complexity. By enforcing password complexity requirements, organizations aim to prevent attackers from using simple and common words as passwords. upvoted 1 times tutita 5 months, 3 weeks ago Selected Answer: A we need more easy questions like this upvoted 3 times user82 5 months ago I wish 6% of voters agreed. This question still has people picking D upvoted 1 times xxxdolorxxx 8 months ago Selected Answer: A A makes the most amount of sense to me. upvoted 1 times NICKJONRIPPER 10 months ago 店 店 铺 铺 passwords in common dictionary, we can find ; dictionary is not necessarily not complex. In the well-known "/usr/share/wordlists/rockyou.txt" ; 学 学 passwords like "arisDAN13032008", "arires_super13@hotmail.cpom"... So it`s about reuse, not about complexity. 习 习 upvoted 1 times 小 小 店 店 6 66 Sandon 9 months, 2 weeks ago6 Selected Answer: C That ain't it upvoted 4 times Gino_Slim 11 months ago Selected Answer: A Not even sure how that one person got D. The answer is A all the way. Complexity refers to how the password needs to be formatted. upvoted 1 times RonWonkers 1 year ago Selected Answer: A It is A upvoted 2 times Ay_ma 1 year ago 淘宝店铺:https://shop63989109.taobao.com/ Selected Answer: D According to guidance offered by the National Institute of Standards and Technology (NIST), password length is more important than password complexity. This actually makes a lot of sense as longer passphrases take longer to crack, and they are easier to remember than a string of meaningless characters. NIST has provided a number of additional recommendations for organizations to follow, some of which include: - Passphrases should consist of 15 or more characters. - Uppercase, lowercase, or special characters are not required. - Only ask users to change their passwords if you believe your network has been compromised. - Check all new passwords against a list of passwords that are frequently compromised. - Avoid locking your users out of their accounts after a number of unsuccessful login attempts, as hackers will often try to flood networks by purposely trying incorrect passwords in order to lock users out of the