淘宝店铺:https://shop63989109.taobao.com/
SY0-601 CompTIA Security+
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #1
A user is attempting to navigate to a website from inside the company network using a desktop. When the user types in the URL,
https://www.site.com, the user is presented with a certi cate mismatch warning from the browser. The user does not receive a warning when
visiting http://www.anothersite.com. Which of the following describes this attack?
on-path attack 路徑攻擊
A. On-path
B. Domain hijacking 域名劫持
C. DNS poisoning DNS投毒
D. Evil twin
店
店
铺
Correct Answer: B
铺
;
;
学
学
习
Community vote distribution
Highly Voted
小
店
66
C (63%)
comeragh
习
小
店
B (25%)
8%
66
1 year ago
Selected Answer: C
I would go with C/DNS poisoning here.
upvoted 24 times
SolventCourseisSCAM
Highly Voted
11 months, 2 weeks ago
C is the correct answer. By the way, there is a course in north carolina and they are receiving $4000 in advance and showing you 6-hour prerecorded videos every saturday. There is no human intervention and no update over time. They are lying and giving you fake promises before
signing up to course and then there is no contact after you became member. Be careful because they are completely SCAMMER.
upvoted 17 times
Skymaster8182
Most Recent
2 weeks, 1 day ago
Domain hijacking will not necessarily cause a "Certificate Mismatch" so the Answer should DEFINITELY be "C" DNS Poisoning. Hijacking can just be
as simple as "You know the User / Password" to Log into the Website to edit it which alone won't necessarily cause a "Mismatch Certificate". With
DNS Poisoning you are actually Compromising the Website which trigger a "Certificate Mismatch" to prompt.
I honestly people would put MORE effort into explaining why an answer is right or wrong vs saying what the answer is.
upvoted 2 times
sirpetey 2 weeks, 2 days ago
Selected Answer: C
"presented with a certificate mismatch warning"
Is the key term, which means that the website is taking the user to another website (DNS poisoning)
upvoted 1 times
HCM1985 3 weeks, 5 days ago
I don't know. This question is kinda of weird, specially because the second URL is http, not https, therefore it would NEVER give a warning. If I
assume that there could be some typos in it (like the second URL is https and the address is another.site.com) then I would probably go with C,
but how it is written it could be either A, B or C (more likely B or C).
upvoted 3 times
ebukiba 1 month ago
店
店
铺
铺attack. DNS poisoning is a form of DNS
The correct answer is "C - DNS poisoning". In this scenario, the user is experiencing a DNS poisoning
;
; website. In this case, the attacker has
attack where an attacker
学 modifies the DNS records of a website in an attempt to redirect users to a malicious
学
习 for "www.site.com", causing the user's browser to display a certificate mismatch
习 Meanwhile, the attacker has
poisoned the DNS records
warning.
小
小
not poisoned the records for "www.anothersite.com", so the user can still access that website without issue.
店
店
upvoted 3 times
66
66
Selected Answer: C
sarah2023 1 month, 1 week ago
Selected Answer: C
C DNS poisoning
upvoted 2 times
awasthi21 1 month, 2 weeks ago
Selected Answer: C
I would go with C, fake website by hacker injecting DNS of his own.
upvoted 3 times
kintis8804 1 month, 2 weeks ago
should I study the community answer or the right answer?
upvoted 3 times
MostofMichelle 1 month ago
淘宝店铺:https://shop63989109.taobao.com/
community answer. The answers on the test are wrong on purpose for copyright reasons.
upvoted 5 times
RevolutionaryAct 1 month, 2 weeks ago
Selected Answer: B
The answer is B Domain Hijack because the question discusses certificates. If it was a DNS poisoning (affects your system) then it'd be cache
related or ARP, but since it is certificates with one working and one not then it is a hijacking of site.com
https://www.malwarebytes.com/cybersecurity/business/what-is-dnshijacking#:~:text=DNS%20hijacking%20and%20DNS%20cache,actors%20corrupt%20the%20DNS%20cache.
upvoted 6 times
RevolutionaryAct 1 month, 2 weeks ago
The answer is B Domain Hijack because the question discusses certificates. If it was a DNS poisoning (affects your system) then it'd be cache
related or ARP, but since it is certificates with one working and one not then it is a hijacking of site.com
店
铺
店
铺
;
;
https://www.malwarebytes.com/cybersecurity/business/what-is-dns学
学
习
习
hijacking#:~:text=DNS%20hijacking%20and%20DNS%20cache,actors%20corrupt%20the%20DNS%20cache.
小
小
upvoted 3 times
店
店
66
66
Faisel 1 month, 3 weeks ago
Selected Answer: D
Answe is D,
Explanation: DNS poisoning is the attack where the attacker manipulate the DNS to redirect users to another website ( malicious website ).
upvoted 1 times
Faisel 1 month, 3 weeks ago
Sorry answer is C
upvoted 2 times
Cubicalplayer 1 month, 3 weeks ago
Confirmed with my instructor it is indeed C./DNS poisoning. I thought personally it was DNS hijacking (which is more of like stealing a deed and
turns into a civil matter basically, think Ozark on Netflix when Marty stole the deed for the strip club basically making him the owner)
upvoted 2 times
Protract8593 2 months ago
ChatGPT's answer (as of 7/22/2023):
Based on the provided information, the most likely attack described is C. DNS poisoning (also known as DNS spoofing).
DNS poisoning occurs when an attacker maliciously modifies the DNS (Domain Name System) records to redirect users to fake or unauthorized
websites. In this case, the user is attempting to navigate to "https://www.site.com," but the browser presents a certificate mismatch warning. This
warning indicates that the SSL/TLS certificate presented by the website does not match the expected certificate for "www.site.com," which
suggests that the user might have been redirected to a different, potentially malicious, website.
On the other hand, "http://www.anothersite.com" does not trigger the certificate mismatch warning, likely because the connection is not
encrypted using SSL/TLS (no "https"), so there's no certificate exchange involved. This suggests that the user might be accessing the real
"http://www.anothersite.com."
So, in this scenario, the most suitable answer is C. DNS poisoning.
upvoted 2 times
Faisel 2 months, 1 week ago
DNS Poisoning is the answer (c)
upvoted 1 times
店
铺
reverse01 3 months ago
;
The answer is B. Domain
学 Hijacking.
习
upvoted 1 times
小
店 1 week ago
ApplebeesWaiter1122 3 months,
66
店
铺
;
学
习
小
店
66
Selected Answer: C
The scenario describes a situation where the user is presented with a certificate mismatch warning when trying to access a website using HTTPS.
This could indicate that the DNS resolution for the website has been manipulated, leading to the user being redirected to a different IP address or
server controlled by an attacker. This type of attack is known as DNS poisoning, where the attacker maliciously modifies the DNS records to
redirect users to fraudulent or malicious websites.
upvoted 3 times
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #2
Which of the following tools is effective in preventing a user from accessing unauthorized removable media?
A. USB data blocker
B. Faraday cage
C. Proximity reader
D. Cable lock
Correct Answer: A
店
店
铺
Community vote distribution
;
学
习
铺
;
学
习
A (100%)
小
小
店
stoneface
店
66
Highly Voted
66
1 year ago
Selected Answer: A
USB data blocker ->
A USB data blocker, also known as a “USB condom” (really, no kidding!), is a device that allows you to plug into USB charging ports including
charging kiosks, and USB ports on gadgets owned by other people.
The main purpose of using one is to eliminate the risk of infecting your phone or tablet with malware, and even prevent hackers to install/execute
any malicious code to access your data.
upvoted 14 times
i_luv_stoneface 7 months, 1 week ago
do u wear condom
upvoted 6 times
comeragh
Highly Voted
1 year ago
Selected Answer: A
A is the only reasonable answer here I believe
upvoted 10 times
ebukiba
Most Recent
1 month ago
A is correct.
upvoted 2 times
D111111 1 month, 1 week ago
Guys, I must say, if you browse all 600 questions that are attached to this site and listen to the community dialogue you'll pass easily. With no base
I went in four days from clueless to passing, just follow the discussions and you'll do fine.
upvoted 6 times
sarah2023 1 month, 1 week ago
A usb data blocker
upvoted 1 times
Protract8593 2 months ago
店
铺
Selected Answer: A
;
ChatGPT answer as of 7/22/2023:
学
店
习 preventing a user from accessing unauthorized removable media is:
The tool that is effective in
小
店
66
A. USB data blocker
铺
;
学
习
小
店
66
A USB data blocker, also known as a USB data isolator or USB condom, is a hardware device that blocks data transfer between a USB port and a
USB device while still allowing power to flow through. It is commonly used to protect against potential threats from public charging stations or
untrusted USB ports, where unauthorized data transfer or malware infection could occur. By using a USB data blocker, users can charge their
devices safely without risking data theft or unauthorized access to their removable media.
The other options listed (B. Faraday cage, C. Proximity reader, D. Cable lock) are not specifically designed to prevent access to unauthorized
removable media.
So, the correct answer is A. USB data blocker.
upvoted 1 times
Faisel 2 months, 1 week ago
Selected Answer: A
A for sure
淘宝店铺:https://shop63989109.taobao.com/
upvoted 1 times
reverse01 3 months ago
USB Blocker. The answer is A.
upvoted 1 times
ApplebeesWaiter1122 3 months, 1 week ago
Selected Answer: A
The most effective tool among the options listed for preventing a user from accessing unauthorized removable media is a USB data blocker. A
USB data blocker, also known as a USB condom or USB defender, is a small device that blocks data transfer while allowing charging capabilities. It
achieves this by disabling the data pins in a USB connection, preventing any data exchange between the device and the computer. This prevents
the risk of malware infection or unauthorized data transfer when connecting to unknown or potentially compromised USB devices.
upvoted 1 times
CyberMrT 5 months ago
店
铺
A is correct
店
铺
Selected Answer: A
;
;
学
学
习
upvoted 1 times
习
小
小
店
mosher21 5 months, 1 week ago
店
Selected Answer: A
66
66
The question wording makes no sense at all but considering options it can only be A.
upvoted 2 times
leobro 5 months, 1 week ago
Selected Answer: A
I go with A
upvoted 1 times
NoSoyCerebrito 5 months, 3 weeks ago
Selected Answer: A
A. USB data blocker
upvoted 1 times
princajen 6 months, 2 weeks ago
Selected Answer: A
A. USB data blocker
upvoted 1 times
Ahmed_aldouky 7 months ago
Selected Answer: A
A is only logical answer in the potions .
upvoted 1 times
YoungNoble 7 months ago
Per question A is the right Answer
upvoted 1 times
Proctored_Expert 9 months, 1 week ago
Selected Answer: A
One tool that is effective in preventing a user from accessing unauthorized removable media is a USB data blocker.
A USB data blocker is a device that is designed to block data transfer between a USB device and a computer, while still allowing power to flow
through the connection. This can be useful in preventing users from accessing unauthorized removable media, such as USB drives, external hard
drives, and other types of storage devices.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #3
擴展性
靈活性
A Chief Security O cer is looking for a solution that can provide increased scalability and exibility for back-end infrastructure, allowing it to be
updated and modi ed without disruption to services. The security architect would like the solution selected to reduce the back-end server
resources and has highlighted that session persistence is not important for the applications running on the back-end servers. Which of the
following would BEST meet the requirements?
A. Reverse proxy
反向代理
B. Automated patch management
C. Snapshots
店
店
铺
D. NIC teaming
铺
;
;
学
学
习
习
小
Correct Answer: C
店
66
Community vote distribution
A (94%)
ender1701
小
店
Highly Voted
66
6%
1 year ago
Selected Answer: A
I'm not sure who the "expert verifier" is for some of these answers, but there are multiple questions that have the wrong answer selected, such as
this question being labeled as answer "C", when the real answer is "A". A snapshot doesn't do anything listed in the question, it's just a snap of the
state of a server at a specific time, used to restore from backup. I advise all participants on this site to check your answers.
upvoted 36 times
BholroBadsha 5 days, 18 hours ago
Thanks man , i was upset for most of my answers getting wrong , even questions are very odd.
upvoted 1 times
ronah 11 months, 2 weeks ago
here is the thing about this website. the comptia allow these sites as long they don't give the right answer. This is the only place people made
a comment or argue their answer. AND it does help you to search also the right answer. Where on earth do you get a questions like these?
upvoted 33 times
Ribeiro19
Highly Voted
1 year ago
Selected Answer: A
its the way to distribute load across different servers, at the same time you can remove from the cluster each server that you want to update.
upvoted 20 times
Papee 11 months, 1 week ago
why this is not NIC Teaming ? Any body with a better explanation
upvoted 2 times
Mercious 8 months, 1 week ago
They're looking for ways to provide increased scalability and flexibility for back-end infrastructure, not availability or fault tolerance. NIC
Teaming does not provide increased scalability and flexibility.
upvoted 4 times
店
店
铺
NIC Teaming
speed
; combines the throughput of 2 or more network adapters to provide a higher 铺
;than a single connection. This would help
学the speed, but the requirements between the CSO and architect were increase scalability,
学 increase flexibility, allowed to
with increasing
习
习 insignificant for the backend
make changes without
service disruption, reduce back-end server resources, and session persistence being
小
applications. Since increased
店 speed is not a requirement, NIC Teaming would NOT be the correct answer.小店
66
66
upvoted 7 times
nerdboy1992 9 months, 2 weeks ago
Joe1984 1 year ago
Agreed answer is A
upvoted 5 times
Qinin
Most Recent
2 weeks, 5 days ago
Selected Answer: A
Answer:A
upvoted 1 times
david124 4 weeks ago
Selected Answer: A
Based on the requirements provided, a Reverse Proxy would be the best choice to meet the objectives of both the Chief Security Officer and the
security architect. Here's a breakdown of why each option may or may not suit your needs:
淘宝店铺:https://shop63989109.taobao.com/
A. Reverse Proxy:
Increased Scalability: Reverse proxies can distribute incoming requests to various back-end servers, improving scalability and ensuring high
availability.
Flexibility for Updates: Since the reverse proxy handles client requests, backend servers can be taken down for maintenance or updates without
causing service disruption.
Reduced Server Resources: By caching content and offloading SSL termination, reverse proxies can reduce the load on back-end servers.
Session Persistence Not Important: A reverse proxy can operate without needing to maintain session persistence, aligning with your requirement.
upvoted 4 times
ebukiba 1 month ago
A is correct
upvoted 1 times
店
店
铺
铺
;
;
学
学
CharlieHope1Pass 1 month, 2 weeks ago
习
习
A is defo the answer! I have no clue how a snap is going to do anything!
upvoted 1 times
小
小
店
店
66
Protract8593 2 months ago
66
Selected Answer: A
A reverse proxy acts as an intermediary server between clients and back-end servers. It receives requests from clients, forwards those requests to
the appropriate back-end servers, and then sends the responses back to the clients. Reverse proxies are often used for load balancing, security,
and improving performance.
1. Increased scalability and flexibility: Reverse proxies can distribute client requests across multiple back-end servers, providing increased
scalability. They also allow for easier modification and updating of the back-end infrastructure without disrupting services, as changes can be
made to the back-end servers without affecting the clients directly.
2. Reduced back-end server resources: By distributing client requests across multiple back-end servers, a reverse proxy can balance the load,
reducing the burden on individual back-end servers and optimizing resource utilization.
3. Session persistence not important: In some scenarios, session persistence is critical to maintain user state across requests. However, in this case,
session persistence is explicitly stated as not important. This means the reverse proxy doesn't need to manage sticky sessions, further simplifying
the setup.
upvoted 8 times
david124 2 months, 2 weeks ago
A reverse proxy would be the best solution for increased scalability and flexibility for back-end infrastructure. Explanation: Correct option Because
a reverse proxy can give enhanced scalability and flexibility for back-end infrastructure .
upvoted 1 times
reverse01 3 months ago
I would go with C, snapshots, can provide increased scalability and flexibility for back-end infrastructure while reducing back-end server resources.
By taking snapshots of the server's state, you can capture a point-in-time image of the server configuration, which can be easily restored if any
modifications or updates cause disruptions.
Snapshots can also be used for rapid deployment of new server instances, as well as for testing and development purposes. They allow you to
quickly spin up new instances based on the captured snapshot, reducing the time and resources required for provisioning new servers.
upvoted 1 times
Kraken84 1 month, 3 weeks ago
uh, no
upvoted 1 times
店
铺
ApplebeesWaiter1122 3 months, 1 week ago
;
Selected Answer: A
学
店
铺
;
学
习
习
A reverse proxy would be the best solution to meet the requirements described. A reverse proxy sits between the clients and the back-end
servers, handling client requests on behalf of the servers. It provides increased scalability and flexibility by allowing the back-end infrastructure to
be updated and modified without disruption to services. The reverse proxy can distribute client requests across multiple back-end servers,
reducing the resource load on individual servers. Since session persistence is not important for the applications running on the back-end servers,
the reverse proxy can handle the requests in a load-balanced manner without the need for session affinity. This allows for better resource
utilization and flexibility in managing the back-end infrastructure.
upvoted 2 times
小
店
66
小
店
66
Gaurabdon 4 months ago
Selected Answer: A
The answer is without a doubt A. That is what reverse proxy is for. It takes the burdens out of the backend by load balancing and SSL termination
off the client devices.
upvoted 2 times
BevMe 5 months, 3 weeks ago
Selected Answer: A
In this context, scalability refers to the ability of a system to handle increasing levels of traffic or workload.
Flexibility, on the other hand, refers to the ability of a system to adapt to changing requirements or circumstances with minimal disruption to
淘宝店铺:https://shop63989109.taobao.com/
services.
By using a reverse proxy, the back-end servers can be updated or modified without disrupting services, as the proxy can redirect requests to
different servers as needed.
upvoted 2 times
Hiattech 5 months, 3 weeks ago
Selected Answer: A
Snapshots make no sense as the answer. They are literally only there to restore data if need be. This doesn't help as the solution for this in the
least.
upvoted 3 times
princajen 6 months, 2 weeks ago
Selected Answer: A
A. Reverse proxy.
店
店
铺
A reverse proxy is a type of server that sits in front of back-end servers and directs client requests 铺
to those servers. It can provide increased
;
; modified without disrupting services. A
scalability and flexibility
for
back-end
infrastructure
by
allowing
the
back-end
servers
to
be
updated
and 学
学
习 it from the cache instead of the
reverse proxy can also习
reduce the back-end server resources by caching frequently requested content and serving
小
小
back-end servers.
店
店
66
66
upvoted 6 times
attesco 6 months, 2 weeks ago
Selected Answer: C
I strongly believe the right answer is C. Because the snapshot takes the configuration of the server and compares it with the other backend servers
to ensure that there is no mistakes
upvoted 1 times
Samo1 6 months, 4 weeks ago
Selected Answer: A
The option that would BEST meet the Chief Security Officer's requirements is A. Reverse proxy.
upvoted 1 times
jim0thy 7 months ago
Selected Answer: A
For a kick off, none of the other answers make any sense in this context. A RP will allow users to connect to a single point (the RP itself) which in
turn serves a number of back end servers. As the need to scale up or take a server down for patching\other reason occurs you just add or remove a
server from the pool of servers behind the RP.
The other three have nothing to do with the question being asked.
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #4
Which of the following describes a social engineering technique that seeks to exploit a person's sense of urgency?
A. A phishing email stating a cash settlement has been awarded but will expire soon
B. A smishing message stating a package is scheduled for pickup
C. A vishing call that requests a donation be made to a local charity
D. A SPIM noti cation claiming to be undercover law enforcement investigating a cybercrime
Correct Answer: C
店
店
铺
Community vote distribution
;
学 A (93%)
习
小
店
Joe1984
铺
;
学
习
6%
小
店
66
Highly Voted
66
1 year ago
Selected Answer: A
Answer is A
upvoted 30 times
derfnick
Highly Voted
1 year ago
Selected Answer: A
Because of the part "will expire soon"
upvoted 19 times
LO353
Most Recent
6 days, 19 hours ago
A is the answer
upvoted 1 times
Buddada 1 week, 4 days ago
Selected Answer: A
A is a better example of urgency
upvoted 1 times
Qinin 2 weeks, 5 days ago
Selected Answer: A
Answer is A
upvoted 1 times
malibi 3 weeks, 6 days ago
Selected Answer: A
because of the word expiring soon
upvoted 1 times
scorpion_king149 3 weeks, 6 days ago
Selected Answer: A
How is it C? This question is common sense
upvoted 1 times
店
铺
; 5 days, 17 hours ago
BholroBadsha
学
习wrong on this website.
many of answers are
小
店
upvoted 1 times
66
ebukiba 1 month ago
A is correct.
upvoted 1 times
CharlieHope1Pass 1 month, 2 weeks ago
Selected Answer: A
A. A charity asking for money via phone??? Who verifies these questions???
upvoted 2 times
K3nz0420 1 month, 2 weeks ago
A is correct here
upvoted 2 times
Rider2053 1 month, 3 weeks ago
店
铺
;
学
习
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
A is Corre8ct8
upvoted 2 times
MyBJ 2 months ago
A phone call is immediately connected and the recipient may not see the email for a while.
If an email is really urgent, a phone call followup is expected.
This suggests that the correct answer is C.
upvoted 2 times
tch3m4rc10 2 months ago
Selected Answer: A
For me is this.
upvoted 1 times
Protract8593 2 months ago
店
店
铺
铺 awarded a cash settlement. However, the
This technique ;
is designed to create a sense of urgency in the recipient by claiming that they have been
学the settlement will expire soon, putting pressure on the recipient to act quickly.;
email also warns that
The学
attacker hopes that the urgency will
习
习 without carefully verifying the
override the recipient's normal
caution, leading them to click on malicious links or provide sensitive information小
小
authenticity of the email.
店
店
66
66
Selected Answer: A
Option C (A vishing call that requests a donation be made to a local charity) involves social engineering through voice communication (voice
phishing). While it might create a sense of importance or appeal to the recipient's emotions to encourage a donation, it doesn't specifically
exploit a person's sense of urgency as described in Option A.
Therefore, the correct answer is A. A phishing email stating a cash settlement has been awarded but will expire soon.
upvoted 1 times
ApplebeesWaiter1122 3 months, 1 week ago
Selected Answer: A
The social engineering technique that seeks to exploit a person's sense of urgency is described in option A. By stating that a cash settlement has
been awarded but will expire soon, the attacker creates a sense of urgency and tries to manipulate the recipient into taking immediate action
without thoroughly considering the authenticity or legitimacy of the email. This technique aims to pressure the target into making a hasty decision
or divulging sensitive information.
upvoted 2 times
Faraz73 4 months ago
The fastest way to reach someone is via calling them. Not email. Notice all anwers are correctly stated. In that a phishing attack is via an email, a
vishing attack does involve the phone system etc. That was a clue.
upvoted 1 times
T1zone 4 months ago
Selected Answer: A
answer is a
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #5
A security analyst is reviewing application logs to determine the source of a breach and locates the following log:
https://www.comptia.com/login.php?id='%20or%20'1'1='1
Which of the following has been observed?
A. DLL Injection
B. API attack
C. SQLi
D. XSS
店
店
铺
铺
;
;
学
Correct Answer: C
学
习
Community vote distribution
习
小
小
店
店
66
66
C (100%)
Joe1984
Highly Voted
1 year ago
Selected Answer: C
1=1 is true. SQL injection
upvoted 16 times
Proctored_Expert
Highly Voted
9 months, 1 week ago
Selected Answer: C
SQLi (SQL injection) has been observed.
SQL injection is a type of cyber attack that involves injecting malicious code into a database through a vulnerable web application. The malicious
code is typically designed to manipulate or extract data from the database, allowing the attacker to gain unauthorized access to sensitive
information.
The log provided in the question appears to be a URL for a login page, with a string of text appended to the end. This string includes the text "or
'1'1='1", which is a common syntax used in SQL injection attacks. This indicates that an SQL injection attack may have been attempted or
successfully carried out against the website.
upvoted 12 times
ebukiba
Most Recent
1 month ago
c is correct
upvoted 1 times
darkhat 2 months ago
SQL Injection is a type of cybersecurity attack where an attacker injects malicious SQL code into a web application's input fields to manipulate the
application's database. In this case, the URL parameter "id" is being manipulated with the input "' or '1'1='1".
upvoted 1 times
Protract8593 2 months ago
Selected Answer: C
The observed log indicates a potential SQL injection (SQLi) attack.
SQL injection is a type of cyberattack where an attacker manipulates the input of a web application to execute malicious SQL queries. In the given
log, the URL parameter "id" seems to be vulnerable to SQL injection as it includes the payload "' or '1'1='1". This payload is a classic technique
used in SQL injection to make the application's query always evaluate to true, which can lead to unauthorized access or data leakage.
店
店
铺
;
学
习
Let's break down the payload:
小
店
66 be used to terminate the intended query.
The single quote ' after "id=" might
The "or" keyword is then used to introduce a new condition.
"1'1='1" is a condition that always evaluates to true. In SQL, '1'='1' is always true.
铺
;
学
习
小
店
66
By appending this payload to the URL parameter "id," the attacker might be attempting to trick the application's database into returning data that
it shouldn't, potentially bypassing authentication mechanisms or accessing sensitive information.
Therefore, the correct answer is C. SQLi.
upvoted 1 times
reverse01 3 months ago
A big C. SQLi stands for SQL Injection. It is a type of web security vulnerability that occurs when an attacker is able to inject malicious SQL code
into a web application's database query. This can happen when the application does not properly validate or sanitize user-supplied input before
using it in SQL queries.
upvoted 1 times
ApplebeesWaiter1122 3 months, 1 week ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: C
The provided log entry indicates a potential SQL injection (SQLi) attack. In SQLi attacks, an attacker injects malicious SQL code into an application's
database query to manipulate or bypass the intended query logic. In this case, the presence of the "or '1'1='1" payload suggests an attempt to
bypass authentication or authorization checks by injecting a condition that always evaluates to true. This type of attack can allow unauthorized
access to sensitive data or perform unauthorized actions within the application's database.
upvoted 1 times
Hiattech 5 months, 3 weeks ago
Selected Answer: C
SQL Injection Attack
upvoted 1 times
ApplebeesWaiter1122 7 months, 2 weeks ago
店
店
Selected Answer: C
铺
Correct answer is C
upvoted 2 times
铺
;
学
习
小 4 weeks ago
DALLASCOWBOYS 7 months,
店
66
C. '1'1=1 indicator i=of an SQL injection
;
学
习
小
店
66
upvoted 2 times
xxxdolorxxx 8 months, 1 week ago
Selected Answer: C
I vote for C
upvoted 1 times
sauna28 9 months, 2 weeks ago
Selected Answer: C
1=1 is SQL INJECTION
upvoted 1 times
BillHealy 11 months, 2 weeks ago
Selected Answer: C
Sql injection attempt
upvoted 1 times
DCrest 1 year ago
In an SQL injection attack, when a hacker enters " ' or 1 = 1 - - " in the user name and password field, why does this result in a successful login?
3 answers
·
16 votes:
The server interprets everything after the “—” as a comment, so ignores it.
upvoted 4 times
comeragh 1 year ago
Selected Answer: C
SQL injection for sure agreed.
upvoted 3 times
stoneface 1 year ago
店
店
铺
SQL Injection (SQLi) is a type of an injection attack that makes it possible to execute malicious SQL铺
statements. These statements control a
; a web application. Attackers can use SQL Injection vulnerabilities to bypass application
;
database server behind
学
学 security measures.
习
习
upvoted 2 times
小
小
店
店
Ribeiro19 1 year ago
66
66
Selected Answer: C
Selected Answer: C
reason id='%20or%20'1'1='1
upvoted 2 times
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #6
An audit identi ed PII being utilized in the development environment of a critical application. The Chief Privacy O cer (CPO) is adamant that
this data must be removed; however, the developers are concerned that without real data they cannot perform functionality tests and search for
speci c data. Which of the following should a security professional implement to BEST satisfy both the CPO's and the development team's
requirements?
A. Data anonymization
B. Data encryption
C. Data masking
店
店
铺
铺
D. Data tokenization
;
;
学
学
习
习
小
Correct Answer: A
店
66
Community vote distribution
A (50%)
Boogie_79
小
店
66
C (48%)
Highly Voted
1 year ago
Selected Answer: A
Data anonymization is the alteration process of personally identifiable information (PII) in a dataset, to protect individual identification. This way
the data can be used and still be protected.
upvoted 28 times
TinyTrexArmz 8 months ago
I agree this is the right answer in this case because Data Masking would not allow them to search for specific data results. BUT as a protector of
privacy you should be careful when implementing this solution as it takes a certain amount of data to truly make it to where a data analyst
cannot figure out individuals. (Source: My partner is a data analyst and she has to approve the use of anonymized data before it can be used for
testing such as this)
upvoted 2 times
ThreeKings 5 months, 2 weeks ago
That makes sense to an extent, but the answer would be more helpful and complete if it could be known how the data analyst handles
requests for data that is masked.
upvoted 1 times
Proctored_Expert
Highly Voted
9 months, 1 week ago
Selected Answer: C
Data masking would best satisfy both the CPO's and the development team's requirements.
Data masking is a technique for obscuring sensitive data in a database or other data store, while still preserving the structure and format of the
data. Data masking can be used to protect personally identifiable information (PII) or other sensitive data from being accessed or exposed in the
development environment.
In this case, the CPO is concerned about PII being utilized in the development environment, and is adamant that it must be removed. At the same
time, the development team needs real data in order to perform functionality tests and search for specific data. Data masking would allow the
CPO's requirement to be satisfied, while still providing the development team with real data to work with.
upvoted 18 times
店
scorpion_king149 3 weeks, 6 days ago
铺
;
店
铺
;
Data masking involves replacing sensitive data with fictional or scrambled data. While this could address the CPO's concerns, the development
team's need for real data to perform functionality tests might not be met.
学
学
习
习
小
店
小
店
Data anonymization strikes a balance between privacy and functionality, making it the most suitable option in this scenario.
upvoted 1 times
66
66
CS3000 3 weeks, 6 days ago
I'm going to piggyback off this comment to explain in more detail WHY data masking is truly the answer! Let's compare data masking vs data
anonymization!
Data anonymization:
- Generalization of data (reducing the level of detail in the data)
- Aggregation (combining the data into groups to prevent identification [total sales per region])
- Randomization (adding noise to individual records to make them indistinguishable)
- Suppression (removing certain columns or data points that could lead to identification)
Data Masking:
- Substitution (replacing original data with fake but structurally similar [henry ford -> john doe]
- Shuffling (reordering the data in a column to break any connections between original values)
- Encryption & decryption
- Tokenization
淘宝店铺:https://shop63989109.taobao.com/
Data masking is combining the ability to hide the data, anonymize it, encrypt & decrypt and also the ability to tokenize it!
Open to discussion!
upvoted 2 times
freyprey
4 days, 16 hours ago
Most Recent
Selected Answer: C
The answer is masking !! ,, Ensuring full anonymization and preserving the
utility of data for analysis is usually very difficult " from COmptia Student Guide
upvoted 1 times
B_Dub 2 weeks, 3 days ago
Selected Answer: A
According to the All-In-One CompTIA Security+ Exam SYO-601 Exam Guide: Sixth Edition, the definition of Data Anonymization includes
“Separating the PII elements” and “retains the usefulness of the data”.
In this case, it seems to best satisfy CPO’s requirement that PII be removed and the developers’ requirement that they have useful data.
_____________________________________________________________________
Question text for reference:
An audit identified PII being utilized in the development environment of a critical application. The Chief Privacy Officer (CPO) is adamant that this
data must be removed; however, the developers are concerned that without real data they cannot perform functionality tests and search for
specific data. Which of the following should a security professional implement to BEST satisfy both the CPO's and the development team's
requirements?
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
66
CCNPsec 2 weeks, 3 days ago
C. Data masking
Data masking is a technique that involves replacing sensitive or personally identifiable information (PII) with fictional or scrambled data while
maintaining the data's format and structure. This allows developers to perform functionality tests and search for specific data without exposing
sensitive information.
Data anonymization (option A), data encryption (option B), and data tokenization (option D) also play essential roles in data security, but they may
not fully satisfy the requirements in this context. Anonymization typically involves irreversibly de-identifying data, making it challenging to
perform certain types of tests. Encryption secures data, but it doesn't allow for meaningful testing with the original data. Tokenization is a method
of replacing sensitive data with tokens, but it may not preserve the data's format and structure, making it less suitable for testing purposes. Data
masking strikes a balance by allowing testing while protecting sensitive information.
upvoted 1 times
Ayind3 3 weeks, 4 days ago
Why is nobody talking about the CPO's explicit request to REMOVE data, not anonymize or mask. I'll go with Tokenization. Tokenization, when
applied to data security, is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token, that has no
intrinsic or exploitable meaning or value. The token is a reference (i.e. identifier) that maps back to the sensitive data through a tokenization
system. Replacing live data with tokens in systems is intended to minimize exposure of sensitive data to those applications, stores, people and
processes, reducing risk of compromise or accidental exposure and unauthorized access to sensitive data.
upvoted 1 times
algiggio90 3 weeks, 4 days ago
Selected Answer: C
El lo correcto
upvoted 1 times
axexkil 3 weeks, 5 days ago
Selected Answer: C
Data masking
upvoted 2 times
店
店
铺
铺
je123 1 month, 1 week ago
;
Selected Answer: A
;
学
学
习
习
小
小
546. An audit identified PII being utilized in the development environment of a critical application. The Chief Privacy Officer (CPO) is adamant that
this data must be removed; however, the developers are concerned that without real data they cannot perform functionality tests and search for
specific data. Which of the following should a security professional implement to best satisfy both the CPO's and the development team's
requirements?
A. Data purge
B. Data encryption
C. Data masking
D. Data tokenization
店
66
店
66
Just putting it out there that theres a variation of this question, where data anonymization is not one of the choice. But still, based on my
understanding of Data anonymization and Data masking, I would think that data anonymization is the more accurate answer (i.e. replacing actual
data with fictitious data, but retaining the format and structure of the actual data)
upvoted 1 times
je123 1 month ago
similar question came out in the test. in fact 2 qns. exact questions from this examtopic test bank that were used in the actual test for my case
was probably about 30~40%%. remaining 70~60% of the questions werent from this 613 questions.
that said, your ability to answer the questions 淘宝店铺:https://shop63989109.taobao.com/
here, and knowing if chatgpt's response is not right, will be a good gauge whether you are able
to pass the actual test.
upvoted 2 times
Dark_Tarantula 1 month, 1 week ago
Selected Answer: C
Data masking is a way to create a fake, but a realistic version of your organizational data. Options like data anonymization and data tokenization
might not be as suitable in this case. Data anonymization typically involves stripping data of personally identifiable attributes, but the goal here
seems to be maintaining realistic data for functional testing.
upvoted 1 times
Etapa 1 month, 3 weeks ago
I think the answer is A. Refer to prof messer: https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/enhancing-privacy/
upvoted 1 times
店
店
Nikamy 1 month, 4 weeks ago
铺
Selected Answer: A
;
铺
;
学
Selected Answer: A
upvoted 1 times
学
习
习
小
小
店
店
66
jeetsidhu 2 months ago
66
Selected Answer: C
upvoted 1 times
darkhat 2 months ago
C. Data masking is the process of obfuscating sensitive data, such as PII, while maintaining the data's original format and structure. The sensitive
data is replaced with realistic but fictitious data, ensuring that the development team can still work with realistic data without exposing real PII.
upvoted 1 times
Protract8593 2 months ago
Selected Answer: A
The company should:
A. Classify the data.
Classifying data involves categorizing information based on its sensitivity, importance, and handling requirements. In this scenario, the company
has different types of data on the file server, such as Personally Identifiable Information (PII), financial information, and health information. By
classifying the data, the company can label each type appropriately and apply different DLP rules based on the data's classification.
With data classification in place, the DLP solution can be configured to enforce different security policies and controls based on the sensitivity of
the data. For example, more stringent DLP rules can be applied to PII and health information to ensure strict protection, while less restrictive rules
may be applied to less sensitive data.
In conclusion, to accomplish the goal of applying different DLP rules based on the type of data on the file server, the company should classify the
data according to its sensitivity and requirements.
upvoted 1 times
Protract8593 2 months ago
Answer to wrong question. Correction:
According to CompTIA Security+, the correct answer to BEST satisfy both the Chief Privacy Officer (CPO) and the development team's
requirements is:
C. Data masking.
Data masking is a technique used to protect sensitive data by replacing, encrypting, or otherwise obfuscating original data with fake or masked
data. This process allows developers to work with realistic data in a non-production environment without exposing actual sensitive
information.
店
店
铺
铺
;
;
学
学
By implementing data masking, the development team can perform functionality tests and search for specific data while ensuring that the
actual Personally Identifiable Information (PII) is not exposed in the development environment. This helps protect sensitive data and ensures
compliance with privacy regulations, satisfying the CPO's requirement.
习
习
小
店
66
小
店
66
In conclusion, according to CompTIA Security+, the BEST solution to satisfy both the CPO's and the development team's requirements is C.
Data masking. It allows the development team to work with realistic data while protecting sensitive information in the development
environment.
upvoted 4 times
Protract8593 2 months ago
Selected Answer: C
To satisfy both the Chief Privacy Officer's (CPO) requirement to remove Personally Identifiable Information (PII) and the development team's need
for real data to perform functionality tests and search for specific data, the BEST solution would be:
C. Data masking
Data masking is a technique that involves obfuscating sensitive data, such as PII, in non-production environments while keeping the data realistic
and functional for testing and development purposes. It replaces sensitive information with realistic but fictitious data, ensuring that the original
PII is not exposed to developers or testers.
淘宝店铺:https://shop63989109.taobao.com/
By using data masking, the development team can work with data that closely resembles the real production data, allowing them to perform
functionality tests and search for specific data patterns without the risk of exposing actual PII. The PII will be replaced with masked data, making it
anonymous and protecting the privacy of individuals whose data is involved.
In conclusion, data masking is the most suitable option as it allows the developers to work with realistic data while protecting the privacy of
individuals by removing actual PII from the development environment.
upvoted 1 times
bolun 2 months ago
how can you search for data if you alter pii in dataset using anonymization? how does it make sense?
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #7
A company is implementing a DLP solution on the le server. The le server has PII, nancial information, and health information stored on it.
Depending on what type of data that is hosted on the le server, the company wants different DLP rules assigned to the data. Which of the
following should the company do to help accomplish this goal?
A. Classify the data.
B. Mask the data.
C. Assign the application owner.
D. Perform a risk analysis.
店
店
铺
铺
;
;
学
Correct Answer: A
学
习
习
小
小
店
Community vote distribution
店
66
66
A (100%)
stoneface
Highly Voted
1 year ago
Data classification and typing schemas tag data assets so that they can be managed through the information life cycle. A data classification schema
is a decision tree for applying one or more tags or labels to each data asset. Many data classification schemas are based on the degree of
confidentiality required:
Public (unclassified)—there are no restrictions on viewing the data. Public information presents no risk to an organization if it is disclosed but
does present a risk if it is modified or not available.
Confidential (secret)—the information is highly sensitive, for viewing only by approved persons within the owner organization, and possibly by
trusted third parties under NDA.
Critical (top secret)—the information is too valuable to allow any risk of its capture. Viewing is severely restricted.
upvoted 10 times
Ribeiro19
Highly Voted
1 year ago
Selected Answer: A
Classify the data. permit to DLP distinguish the types of data, with intended to apply different rules depending on the classification.
upvoted 9 times
HackBishop
3 weeks, 5 days ago
Most Recent
You first perform a risk analysis before classifying data
upvoted 1 times
tannuc 1 month, 3 weeks ago
Selected Answer: A
A. Classify the Data: By classifying the data, the different DLP rules can be applied.
---B. Mask the data: Making the data involves obscuring specific data (like password, or credit card number) *****1235 or ******
C. Assign the application owner: not relate to DLP, just put someone is in charge of this application
D. Perform a risk analysis: Of course, not relate to DLP.
upvoted 1 times
darkhat 2 months ago
Data classification is the process of categorizing data based on its sensitivity, value, and regulatory requirements. By classifying the data on the file
server, the company can identify and label different types of data such as PII, financial information, and health information. Each category can then
be associated with specific DLP rules that are appropriate for the sensitivity and requirements of that type of data.
店
店
铺
铺
;
;
学
学
习
习
For example, the company can create DLP rules that trigger alerts or prevent certain actions (such as copying or emailing) when sensitive data, like
PII or health information, is detected being accessed or transmitted outside of authorized channels. Different rules can be applied to financial data
based on its specific requirements.
upvoted 1 times
小
店
66
小
店
66
Protract8593 2 months ago
Selected Answer: A
Classifying the data involves categorizing and labeling the data based on its sensitivity and criticality. By classifying the data, the company can
identify which files contain PII (Personally Identifiable Information), financial information, health information, or other sensitive data. Each category
of data can then be assigned different Data Loss Prevention (DLP) rules and security controls based on its classification.
For example, files containing PII might have stricter DLP rules to prevent unauthorized access or data leakage, while files with less sensitive
information may have less stringent restrictions. This approach allows the company to tailor the DLP policies according to the data's specific
requirements and compliance needs.
upvoted 1 times
reverse01 3 months ago
Data Classification. A
淘宝店铺:https://shop63989109.taobao.com/
upvoted 1 times
ApplebeesWaiter1122 3 months, 1 week ago
Selected Answer: A
To accomplish the goal of assigning different DLP rules based on the type of data hosted on the file server, the company should classify the data.
Data classification involves categorizing and labeling data based on its sensitivity, importance, and regulatory requirements. By classifying the data,
the company can assign specific DLP rules and policies to each classification category.
By classifying the data, the company can effectively differentiate between PII, financial information, and health information stored on the file
server. This allows for the implementation of tailored DLP rules and policies that are appropriate for each type of data. For example, stricter DLP
rules might be applied to PII compared to less sensitive financial information.
upvoted 1 times
princajen 6 months, 2 weeks ago
Selected Answer: A
店
店
A. Classify the data.
铺
铺
;
Once the data has been
学 classified, the company can apply different DLP rules to different categories of;data,
学 based on the sensitivity and
习For example, files containing PII might require stricter controls, while financial information
习 might be subject to different
importance of the data.
小
小
types of restrictions.
店
店
66
66
upvoted 1 times
thisguyfucks 7 months, 3 weeks ago
Its going to be A - Data classification is the process an organization follows to develop an understanding of its information assets, assign a value
to those assets, and determine the effort and cost required to properly secure the most critical of those information assets.
upvoted 1 times
sauna28 9 months, 2 weeks ago
Selected Answer: A
Classify data is no 1 before you proceed to the step
upvoted 1 times
[Removed] 10 months ago
Selected Answer: A
Yep, fully agree with A. The other options make no sense
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #8
A forensics investigator is examining a number of unauthorized payments that were reported on the company's website. Some unusual log
entries show users received an email for an unwanted mailing list and clicked on a link to attempt to unsubscribe. One of the users reported the
email to the phishing team, and the forwarded email revealed the link to be:
<a href="https://www.company.com/payto.do?routing=00001111&acct=22223334&amount=250">Click here to unsubscribe</a>
Which of the following will the forensics investigator MOST likely determine has occurred?
A. SQL injection
B. Broken authentication
C. XSS
店
店
铺
铺
;
;
学
D. XSRF
学
习
习
小
小
店
店
66
Correct Answer: B
66
Community vote distribution
D (93%)
dylansmith064
Highly Voted
5%
1 year, 4 months ago
CSRF or XSRF redirects you to something you didn't intend to go to when clicking a link
upvoted 46 times
fboy 1 year, 4 months ago
thank you!
upvoted 4 times
comeragh
Highly Voted
1 year ago
Selected Answer: D
Going with D also. Funds out of a bank account in most cases indicates CSRF.
upvoted 11 times
malibi
Most Recent
3 weeks, 6 days ago
Selected Answer: B
not csrf nor xsrf. assuming the user is log on to their banking website. if they click the link from this email, it is like session hijacking but since the
session is on, the link broke the authentication since it doesn't need to authenticate since the session is still active.
upvoted 1 times
malibi 3 weeks, 6 days ago
Broken authentication refers to any vulnerabilities involving the attackers impersonating the original users on applications. In other words,
authentication is broken when attacks can assume user identities by compromising passwords, session tokens, user account information and
other details.
upvoted 2 times
tannuc 1 month, 2 weeks ago
Selected Answer: D
XSRF or CSRF is the correct one, let me tell you why?
-> using the Process of Elimination, we eliminate A and B, there is no thing to deal with SQL injection and Broken Authentication in this case.
-> Only C (XXS) and D (XSRF). Remember about XXS, Cross-site scripting occurs when attackers try to inject JavaScript into the client's website. But
D (XSRF), Cross-site-request-forgery, will inject the POST request to change email, address of shipping, or transfer funds.
-> Pick D because the <a> link includes: routing=00001111&acct=22223334&amount=250
upvoted 3 times
店
店
铺
铺
;
;
学
学
习
习
小
店
MyBJ 2 months ago
66
小
店
66
The correct answer is B.
The subject of the question is "...examining a number of unauthorized payments...".
This simply points to broken authentication as the answer.
XSRF got the users there but that was not the subject of the investigation, rather it was what caused the unauthorized payments.
upvoted 1 times
RevolutionaryAct 1 month, 2 weeks ago
Nah, it's D https://brightsec.com/blog/csrf-example/
Broken authentication is not even a security+ term
upvoted 2 times
Protract8593 2 months ago
Selected Answer: D
淘宝店铺:https://shop63989109.taobao.com/
Cross-Site Request Forgery (XSRF) involves exploiting
the trust that a website has in a user's browser by using the user's active session to invoke
unauthorized actions on behalf of the victim. This is typically done by tricking the victim's browser into making unintended requests to a website,
without the user's knowledge or consent.
In the given example URL:
https://www.company.com/payto.do?routing=00001111&acct=22223334&amount=250
If the website does not have proper security measures in place, an attacker could craft a malicious email with the link to this URL, and if a loggedin user clicks on the link while their session is active, the website may process the request as if the user intended it. As a result, the unauthorized
payment of $250 could occur without the user's knowledge.
Since the user reported the email to the phishing team, it suggests that the email was part of a malicious attempt to trick users into performing an
unwanted action.
Therefore, based on the details provided, the most likely occurrence is XSRF (Cross-Site Request Forgery).
upvoted 2 times
店
铺
;
学
习
小
upvoted 1 times
店
铺
reverse01 3 months
; ago
学
Definitely XSRF. D
习
小
店
店
6 1 week ago
ApplebeesWaiter1122 3 months, 6
66
Selected Answer: D
In a CSRF attack, an attacker tricks a victim into unknowingly executing unwanted actions on a web application in which the victim is authenticated.
The attacker typically achieves this by crafting a malicious link or script that makes use of the victim's authenticated session.
In the given scenario, the email contains a link that appears to be for unsubscribing from a mailing list. However, when the user clicks on the link, it
leads to a payment-related action on the company's website. This indicates that the user's authenticated session was exploited to perform
unauthorized payments.
Therefore, the most likely determination by the forensics investigator would be that a Cross-Site Request Forgery (CSRF or XSRF) attack has
occurred, where the attacker manipulated the victim into unknowingly initiating the unauthorized payments through a crafted link.
upvoted 3 times
z3phyr 5 months, 3 weeks ago
Selected Answer: D
It's D. With XSRF/CSRF you are force the user into performing an action they are already allowed to do. In this case you are tricking the user to
click a link forcing them to transfer funds.
upvoted 2 times
SophyQueenCR82 6 months ago
The forensics investigator will most likely determine that a Cross-Site Request Forgery (CSRF) attack has occurred. In this attack, the attacker tricks
the victim into clicking on a link that will perform an unwanted action on a website the victim is authenticated to. The link in the email appears to
be an attempt to unsubscribe from a mailing list but actually contains a hidden request to make an unauthorized payment on the company's
website.
upvoted 3 times
GS1011 6 months, 2 weeks ago
D
“Cross site request forgery (CSRF), also known as XSRF, Sea Surf or Session Riding, is an attack vector that tricks a web browser into executing an
unwanted action in an application to which a user is logged in.
A successful CSRF attack can be devastating for both the business and user. It can result in damaged client relationships, unauthorized fund
transfers, changed passwords and data theft—including stolen session cookies.
CSRFs are typically conducted using malicious social engineering, such as an email or link that tricks the victim into sending a forged request to a
server. As the unsuspecting user is authenticated by their application at the time of the attack, it’s impossible to distinguish a legitimate request
from a forged one.”
店
店
铺
铺
;
;
学
学
习
习
This link: https://www.imperva.com/learn/application-security/csrf-cross-site-request-forgery/ has more details.
upvoted 5 times
小
店
66
princajen 6 months, 2 weeks ago
小
店
66
Selected Answer: D
D. XSRF
The forensics investigator will most likely determine that a Cross-Site Request Forgery (CSRF) attack has occurred. In a CSRF attack, an attacker
tricks a user into performing an unintended action on a website or application by forging a request that appears to come from a trusted source. In
this case, the users were directed to a website where they unknowingly made unauthorized payments by clicking on a link in a phishing email. The
link appears to be harmless, but actually contains code that instructs the user's browser to make a payment on the company's website. The
unauthorized payments were made because the website accepted the forged request without verifying the authenticity of the request.
upvoted 2 times
Ahmed_aldouky 7 months ago
the answer is B, as first AAA , you have to authenticate your self first , after you need to do the authorization , as this Q gives us a great example on
this , how can I transfer the money or do any of these requites without authenticating my self first , so it's a broken authentication
upvoted 2 times
Ahmed_aldouky 7 months ago
淘宝店铺:https://shop63989109.taobao.com/
unauthorized payments is the key word
upvoted 1 times
rf18 7 months, 2 weeks ago
Selected Answer: D
CSRF or XSRF
upvoted 1 times
BeOr 7 months, 3 weeks ago
Hello Guys,
Anyone here passed the exam using this website? It has a very very bad reviews as shown here. Please let me know. They say the questions are
outdated.
https://www.trustpilot.com/review/www.examtopics.com
upvoted 1 times
店
店
铺
铺
DALLASCOWBOYS
; 7 months, 4 weeks ago
;
Definitely D. XSRF.学
The malicious link hides its true intention. Link suggested to unsubscribe, but it's true 学
intent was to transfer money out of
习
习
account.
小
小
店
店
upvoted 1 times
66
66
fouserd 5 months, 1 week ago
I am going to take my exam on the 8th of May and i will report back to you. Besides this site I also use Avanset with an exam collector dumb
and so far looking like the same question. i have completed 410 out of 410 questions. I have also used this site to pass my A+ and Net+.
upvoted 1 times
lili00 5 months ago
good luck! =)
upvoted 1 times
Proctored_Expert 9 months, 1 week ago
Selected Answer: C
The forensics investigator will most likely determine that XSS (cross-site scripting) has occurred.
XSS is a type of cyber attack that involves injecting malicious code into a website or web application, with the goal of executing the code in the
context of the victim's browser. XSS attacks can be used to steal sensitive information, such as login credentials or personal data, or to manipulate
the behavior of the website or application.
The log entry provided in the question describes a link that was included in an email, which was clicked on by a user in an attempt to unsubscribe
from an unwanted mailing list. Upon investigation, the forwarded email revealed that the link contained malicious code, specifically an XSS attack.
This indicates that an XSS attack was carried out against the company's website.
upvoted 2 times
hieptran 8 months, 4 weeks ago
Wrong, CSRF utilized the current user session and use them to invoke the request on behalf of the victim.
In this example, there is no malicious javascript payload that indicates there is a Reflected XSS vulnerability in their website.
XSS is often used for session/cookie hijacking. But not this case.
upvoted 5 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #9
A report delivered to the Chief Information Security O cer (CISO) shows that some user credentials could be ex ltrated. The report also
indicates that users tend to choose the same credentials on different systems and applications. Which of the following policies should the CISO
use to prevent someone from using the ex ltrated credentials?
A. MFA
B. Lockout
C. Time-based logins
D. Password history
店
店
铺
铺
;
;
学
Correct Answer: A
学
习
小
店
Community vote distribution
66
A (59%)
Ribeiro19
习
小
Highly Voted
店
66
D (41%)
1 year ago
Selected Answer: A
is the only one that obligate to have more info than a password to login in the system
upvoted 18 times
Papee 11 months, 1 week ago
Prevent users from using the exfiltrated account. MFA would better security not prevent.
upvoted 5 times
bkrich
Most Recent
1 week, 2 days ago
Selected Answer: D
When they say exfiltrated, I think they mean leaked, the only thing that would prevent a user from using a bad exfiltrated password again is
password history (D), someone with the exfiltrated password can keep trying to logging in during work hours and hope for the user to have MFA
fatigue.
upvoted 2 times
Cisco103 2 weeks, 3 days ago
Selected Answer: A
to prevent someone from using the exfiltrated credentials => clearly A nothing to concern
upvoted 1 times
STODDY69 1 month, 1 week ago
Selected Answer: D
CompTIA Sec+ Objectives 3.7 Account policies:
- Password complexity
- Password history
- Password reuse
- Network location
- Geofencing
- Geotagging
- Geolocation
- Time-based logins
- Access policies
- Account permissions
- Account audits
- Impossible travel time/risky login - Lockout
- Disablement
2FA is not an account policy, has to be D
upvoted 3 times
店
铺
;
学
习
小
店
66
店
铺
;
学
习
小
店
66
tannuc 1 month, 2 weeks ago
Selected Answer: A
Let skip B (Lockout) and C (Time-based login) because nothing to deal with spray attacks or brute-force attacks, and the question doesn't mention
any about users logging in after the business hours
-> A (MFA) and D (Password history)
- But the question said, "Users tend to choose the same credentials on different systems and applications". Those systems' and applications'
policies might be isolated -> When you apply Password history, that can be applied to one system or one application. Ex: my password is
Passw0rd. I can use it in many systems and applications as long as they don't have the same password history.
-> MFA is the best choice in this scenario. It can prevent attackers who acquired the user's credentials because they need to pass another
authentication to get inside the system or application
upvoted 3 times
淘宝店铺:https://shop63989109.taobao.com/
Odisman1 2 months ago
does mfa prevent the user from utilizing the exfiltrated credentials? i go with D as the answer
upvoted 2 times
andresalcedo 1 month, 4 weeks ago
Yes, because in addition to the password it needs the MFA confirmation.
upvoted 1 times
Protract8593 2 months ago
Selected Answer: A
To prevent someone from using the exfiltrated credentials effectively, the CISO should implement:
A. MFA (Multi-Factor Authentication).
Multi-Factor Authentication (MFA) is a security mechanism that requires users to provide two or more forms of identification before gaining
access to a system or application. It adds an extra layer of security beyond just a username and password combination. The different factors can be
something the user knows (like a password), something the user has (like a smartphone or a security token), or something the user is (like a
fingerprint or other biometric data).
店
店
铺
铺
;
;
学
学
习
习
小
小 access even if the
In the given scenario, where user credentials have been exfiltrated, MFA can significantly reduce the risk of unauthorized
店
店additional factor (e.g., a
passwords are compromised. Even
66if an attacker gains access to the username and password, they would still need the
66
one-time code sent to the user's mobile device) to successfully log in. This makes it much more challenging for unauthorized individuals to use
the stolen credentials effectively.
upvoted 3 times
sander22 2 months, 1 week ago
Selected Answer: A
first i went with D and i was 100% sure about it, but if you read the question more carefully you will end up with A. They are talking about" more
systems" so if you use the same password for your work email, but you also use it for your private email. MFA will prevent someone to login with
your password. I am going with A
upvoted 2 times
SlySyrup 2 months, 1 week ago
Selected Answer: A
The actual question asks what prevents" someone from using the exfiltrated credentials". So it is actually asking what will stop someone AFTER the
credentials have already been exfiltrated - therefore it is MFA.
Password history is something that is typically enforced every 30 - 90 days. If a password is extracted on day 1, there are at least 29 more days
where the password isn't changed and the attacker can use that password freely. Furthermore, it states "on different systems and applications".
Password history stops you from using the same password on the same system - the user can still use the same new password across multiple
systems which then results in the same problem.
upvoted 3 times
ApplebeesWaiter1122 3 months, 1 week ago
Selected Answer: D
Password history is a security policy that enforces users to choose unique and previously unused passwords when changing their credentials. It
prevents users from reusing the same passwords that may have been compromised or obtained through unauthorized means.
By enforcing password history, users will be required to choose new passwords that they haven't used before, making it more difficult for an
attacker to gain unauthorized access using stolen credentials. This policy helps enhance the security of user accounts and protects against the
potential misuse of exfiltrated credentials.
upvoted 1 times
Gaurabdon 3 months, 4 weeks ago
Selected Answer: A
I feel like there is a lot of contradiction here between answers A and D. While answer D seems to be the correct answer because it is a policy that
prevents users from reusing the previous passwords when creating new ones. However, if we read the question properly and highlight the
keywords like "could be exfiltrated", meaning that there is a risk of exfiltration but it has not been yet. While password history seems a logical
answer, it does not fully satisfy what the question is asking here. Implementing MFA would be the first best choice as password alone would not
let anyone exfiltrate their data.
upvoted 4 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
k1l1manjar0 4 months, 1 week ago
小
店
66
Selected Answer: D
It's about preventing using exfiltrated passwords, not better account protection.
upvoted 1 times
on2it 4 months, 1 week ago
Selected Answer: D
Preventing from using the old password, is NOT MFA
upvoted 1 times
LeonardSnart 4 months, 2 weeks ago
Selected Answer: A
This is a Comptia exam, the questions are written to confuse purposefully. Break it down, and the second sentence is irrelevant. Read the first and
third sentences, and the answer that fits best is A. *IF* the credentials were leaked (question doesn't say they have been!), MFA would prevent them
q
y
淘宝店铺:https://shop63989109.taobao.com/
from being useable.
Just my 2 cents.
upvoted 3 times
y
p
ExamPasser420 4 months, 3 weeks ago
Password history is a policy. Not MFA. Adding MFA would not remedy the already leaked passwords
upvoted 1 times
Dutch012 4 months, 3 weeks ago
Selected Answer: D
For better security use MFA.
To prevent users from using old passwords '''password history'
so its D
upvoted 3 times
店
店
铺
铺
Dutch012 5 months, 1 week ago
;
Selected Answer: D
;
学
学
习 the exfiltrated credentials?"
"prevent someone from using
小
店
66
it is D
习
小
店
66
upvoted 3 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #10
A company wants to simplify the certi cate management process. The company has a single domain with several dozen subdomains, all of
which are publicly accessible on the internet. Which of the following BEST describes the type of certi cate the company should implement?
A. Subject alternative name
B. Wildcard
C. Self-signed
D. Domain validation
店
店
铺
Correct Answer: B
铺
;
;
学
Community vote distribution
习
学
习
小
B (91%)
店
66
Ay_ma
Highly Voted
小
店
7%
66
1 year ago
Selected Answer: B
B- Wildcard SSL(Secure Sockets Layer) Certificate: Wildcard SSL certificates are for a single domain and all its subdomains.
www.cloudfare.com
upvoted 16 times
comeragh
Highly Voted
1 year ago
Selected Answer: B
Agree with B wildcard being the correct answer here
upvoted 10 times
Ha89
Most Recent
2 weeks ago
Selected Answer: B
This question was on the exam and it's B. I took the test last week and passed! About 60% of the questions on my test is on exam topics. 2 0f the 3
PBQs were from exam topics I focused on PBQs about 2 hours before my exam. I recommend you read each discussion and learn about the
correct answer. I have zero experience in IT but thanks to exam topics(best $39 spent), Dion training, and professor Messer they helped me a lot in
my transition into cyber security. a friendly recommendation to those with little to no experience like myself. Before starting your course of study,
I suggest you memorize all the acronyms on the Comptia Security+ objective along with the 35 necessary ports(available on Dion training)
memorize them very good, even if doesn't make sense. Once you start studying, they start to make sense and make your study and the actual
exam a lot easier!
upvoted 2 times
TreeeSon 1 week, 3 days ago
anywhere i can reach you?
upvoted 2 times
Ha89 3 days ago
sure thing. harez.indy@gmail.com
upvoted 1 times
darkhat 2 months ago
wildcard certificate is the best for a company with a single domain and multiple subdomains
upvoted 1 times
店
铺
;
学 ago
Protract8593 2 months
习
小
Selected Answer: B
店
铺
;
学
习
店
66
The company should implement:
小
店
66
B. Wildcard certificate.
A Wildcard certificate is the best option for the company with a single domain and several dozen subdomains. It simplifies the certificate
management process by securing not only the main domain but also all its subdomains with a single certificate.
Here's how a Wildcard certificate works:
1. It is issued for a specific domain, such as ".example.com," where the asterisk () is a wildcard character that covers all subdomains of
"example.com."
2. With a single Wildcard certificate, the company can secure any number of subdomains (e.g., mail.example.com, shop.example.com,
blog.example.com, etc.) without needing separate certificates for each subdomain.
3. Wildcard certificates are especially beneficial when there are numerous subdomains to manage, as it significantly reduces the administrative
overhead and simplifies the renewal and deployment processes.
淘宝店铺:https://shop63989109.taobao.com/
Therefore, a Wildcard certificate is the most appropriate
choice for the company with a single domain and several dozen subdomains, providing a
streamlined and efficient certificate management process.
upvoted 1 times
reverse01 3 months ago
B. wildcard.
wildcards are used as placeholders to match multiple subdomains or URLs within a specific domain. The wildcard character (*) is commonly used
for this purpose.
upvoted 1 times
ApplebeesWaiter1122 3 months, 1 week ago
Selected Answer: B
A Wildcard certificate is designed to secure a domain and all its subdomains with a single certificate. It is denoted by an asterisk () in the leftmost
position of the domain name, such as ".example.com". This means that the certificate can be used to secure any subdomain under the main
domain.
店
店
铺
铺
In the case of the company with multiple subdomains, a Wildcard certificate would simplify the certificate management process. Instead of
obtaining and managing individual certificates for each subdomain, a single Wildcard certificate can be used to secure them all. This reduces
administrative overhead, simplifies the deployment process, and ensures consistent security across the domain and its subdomains.
upvoted 2 times
;
;
学
学
习
习
小
小
店
店
6
Gaurabdon 3 months, 4 weeks ago6
66
Selected Answer: B
The reason to choose option B is because the question mentions "single domain". SAN covers multiple domains (different domains) with a single
cert. WildCard certificate supports multiple subdomains off of a single domain. Hence, the answer is B.
upvoted 1 times
Dutch012 4 months, 3 weeks ago
Selected Answer: B
Wildcard: covers unlimited subdomains with a single Cert
SAN: covers multiple domains names with a single Cert
source: https://opensrs.com/blog/san-and-wildcard-certificates-whats-the-difference/
upvoted 1 times
Mroljrtnrty 5 months ago
Just Passed! 4/23/23 - This question was on the test but it was worded differently. They did mention wanting to simplify certificate management. I
chose wrong. Should have picked Wildcard but hey i still passed lol
upvoted 2 times
Dutch012 4 months, 3 weeks ago
good for you!, I am going to take it soon, and I am going to survive since I am a big fan of The Walking Dead.
upvoted 1 times
princajen 6 months, 2 weeks ago
Selected Answer: A
In this case, the best option would be a Subject Alternative Name (SAN) certificate, also known as a Unified Communications Certificate (UCC). A
SAN certificate can cover multiple domains, subdomains, and hostnames under a single certificate. This would allow the company to cover its
main domain and all subdomains, as well as any future domains or subdomains that may be added. SAN certificates are commonly used in
environments with multiple domains or subdomains.
upvoted 1 times
princajen 6 months, 2 weeks ago
After reviewing, the best option is a wildcard SSL certificate.
upvoted 4 times
店
铺
DALLASCOWBOYS 7 months, 4 weeks ago
;
B. Wildcard. Helps with a main domain, with multiple subdomains on websites.
upvoted 1 times
学
习
小
店
ShivP2 7 months, 4 weeks ago
66
店
铺
;
学
习
小
店
66
A. Subject alternative name (SAN) certificate would be the best option for a company with a single domain and several dozen subdomains that are
publicly accessible on the internet. SAN certificates allow a single certificate to be associated with multiple domain names, allowing the company
to secure all of its subdomains with a single certificate, simplifying the certificate management process.
A wildcard certificate would also be a valid option for a company with a single domain and several dozen subdomains that are publicly accessible
on the internet. It allows a single certificate to be associated with all subdomains of a domain, making it easy to secure all the subdomains under
one certificate. However, a Wildcard certificate would only work for subdomains and would not cover the main domain or any other domain that
is not a subdomain of the main domain, in this case if the company wants to add any other domain in the future it would require another
certificate.
upvoted 1 times
xxxdolorxxx 8 months ago
Selected Answer: B
淘宝店铺:https://shop63989109.taobao.com/
My vote goes to b.
upvoted 1 times
Proctored_Expert 9 months, 1 week ago
Selected Answer: B
The company should implement a wildcard certificate.
A wildcard certificate is a type of digital certificate that can be used to secure multiple subdomains within a single domain. Wildcard certificates
use the wildcard character (*) in the certificate's subject alternative name (SAN) field to match any subdomain within a given domain. This allows a
single wildcard certificate to be used to secure all subdomains within the domain, simplifying the certificate management process.
The company in this case has a single domain with several dozen subdomains, all of which are publicly accessible on the internet. Implementing a
wildcard certificate would allow the company to secure all of its subdomains with a single certificate, simplifying the certificate management
process.
upvoted 1 times
店
店
viksap 9 months, 1 week ago
铺
铺
;
;
学
Selected Answer: B
学
习
Wildcard is correct
upvoted 1 times
习
小
小
店
店
66
[Removed] 10 months ago
66
Selected Answer: B
With subdomains it's always wildcard.
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #11
Which of the following is an effective tool to stop or prevent the ex ltration of data from a network?
A. DLP
B. NIDS
C. TPM
D. FDE
Correct Answer: A
店
店
铺
Community vote distribution
;
学 A (91%)
习
小
店
Fitzd
1 year ago
Highly Voted
铺
;
学
习
9%
小
店
66
66
Just passed, what you see is what you get.....these dissussion help a lot.....thanks guys and this site is all the luck you need
upvoted 20 times
ELLEWOODS45 12 months ago
DID YOU REVIEW THE OLD DUMPS OR JUST THIS ONE
I AM TRYING TO PASS 😥, I NEED HELP 😭
upvoted 2 times
banditring 11 months, 4 weeks ago
theres an old dump? I must find it. I take the exam in 2 weeks and freaking out!!
upvoted 2 times
Dachosenone
Highly Voted
1 year ago
Selected Answer: A
Data loss prevention (DLP) makes sure that users do not send sensitive or critical information outside the corporate network.
upvoted 16 times
Protract8593
Most Recent
2 months ago
Selected Answer: A
DLP is a comprehensive security solution designed to identify, monitor, and protect sensitive data from unauthorized access, use, or exfiltration. It
helps organizations prevent data breaches and leakage by monitoring data movement both within the network and when data is being transferred
to external destinations, such as the internet.
1. Content inspection: DLP solutions inspect data in real-time and at rest to identify sensitive information, such as Personally Identifiable
Information (PII), financial data, intellectual property, or other confidential information.
2. Policy-based controls: Organizations can define policies that specify how sensitive data should be handled and protected. DLP tools enforce
these policies by taking appropriate actions when data matches predefined criteria, such as blocking, encrypting, or quarantining the data.
3. Network monitoring: DLP solutions monitor network traffic and endpoints to detect suspicious activities and potential data exfiltration
attempts.
4. Data encryption: DLP tools can include encryption capabilities, which add an extra layer of protection to sensitive data, making it unreadable to
unauthorized parties even if it is somehow intercepted.
upvoted 2 times
店
店
铺
铺
;
学
ApplebeesWaiter1122 3 months ago
习
小
;
学
习
小
店
DLP systems are designed to monitor
66 and control the flow of sensitive information within an organization's network.店They
66can detect and prevent
unauthorized data transfers, whether intentional or accidental, by monitoring network traffic, data storage systems, and endpoints. DLP systems
Selected Answer: A
can identify sensitive data based on predefined policies, such as personally identifiable information (PII), credit card numbers, or intellectual
property, and take actions to prevent its unauthorized disclosure.
upvoted 2 times
JR2463 5 months ago
I echo that these discussions really helped. I just passed as well.
upvoted 1 times
DALLASCOWBOYS 7 months, 4 weeks ago
A. DLP tracks data moving within the network, and can block the data when it is in danger of leaving the corporate network.
upvoted 3 times
Zonas 8 months ago
Correct Answer : A
淘宝店铺:https://shop63989109.taobao.com/
upvoted 1 times
Nirmalabhi 10 months, 2 weeks ago
Selected Answer: A
the answers right in front of you. option A
upvoted 1 times
Imok 11 months, 2 weeks ago
Selected Answer: A
Data Loss Prevention
upvoted 1 times
be9z 11 months, 2 weeks ago
FDE performs full disk encryption but it can not stop or prevent data exfiltration. The answer is A - Data Loss Prevention (DLP)
upvoted 2 times
店
店
铺
;
铺
;
VendorPTS 11 months, 4 weeks ago
学
学
习
Selected Answer: A
习
小 winner here.
Data Loss Prevention is the clear
店
66
upvoted 1 times
小
店
66
groger999 12 months ago
Correct Answer: DLP
upvoted 2 times
Ribeiro19 1 year ago
Selected Answer: A
it prevents data to be extracted form a corporate network.
upvoted 4 times
comeragh 1 year ago
Selected Answer: A
DLP correct here
upvoted 2 times
stoneface 1 year ago
Selected Answer: D
DLP - Data Loss Prevention
upvoted 3 times
Joe1984 1 year ago
A. DLP
upvoted 3 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #12
Several attempts have been made to pick the door lock of a secure facility. As a result, the security engineer has been assigned to implement a
stronger preventative access control. Which of the following would BEST complete the engineer's assignment?
A. Replacing the traditional key with an RFID key
B. Installing and monitoring a camera facing the door
C. Setting motion-sensing lights to illuminate the door on activity
D. Surrounding the property with fencing and gates
店
店
铺
Correct Answer: A
铺
;
;
学
Community vote distribution
习
学
习
小A (97%)
店
66
rodwave
小
店
66
10 months, 2 weeks ago
Highly Voted
Selected Answer: A
Replacing the traditional key with an RFID key - For this question, there is mention of "attempts have been made to pick the door lock". Out of the
options provided, only the option to replace the current door key with an RFID key directly addresses this issue. The other options can be viewed
as preventative access control systems/ deterrents as well.
============================
Helpful Info
Preventative access control - An access control that is used to stop unwanted or unauthorized activity from occurring, these could be policies,
firewalls, physical barriers etc.
RFID (Radio Frequency Identification) - A type of key card/fob access control system that uses a radio frequency signals to communicate between
a reader and an RFID tag. You would place the tag/card near the reader and if the reader identifies the signal as belonging to an authorized user,
they will be allowed access.
upvoted 12 times
Ribeiro19
Highly Voted
1 year ago
Selected Answer: A
B, C and D, are not a access control. So, A is the only XD
upvoted 5 times
be9z 11 months, 2 weeks ago
A and D are access controls, however, A is the correct answer because it focuses on securing the door and not the other security perimeter of a
facility. Hence RFID protects both external (who is not supposed to have access to the building) and internal threats (staff who are not
authorised to enter the room)
upvoted 5 times
Halaa 1 year ago
they are access control
upvoted 2 times
stoneface 1 year ago
YES, 'access control'
upvoted 2 times
店
店
铺
;
铺
学
RevolutionaryAct
Most Recent
Selected Answer: A
小
习
店
2 weeks, 5 days ago
;
学
习
小
店
The reason it is A and not D is because there is nothing in the question indicating that it is not an insider threat, so if it is one then gates and
fences won't stop them. Theoretically they don't have access to this area as an insider (otherwise why pick it) and an RFID card would work better.
upvoted 1 times
66
66
NetTech 4 weeks ago
Like many of these questions, the wording is not great in this one. A & D are both access controls. A door that has an RFID reader on it may still
have a door knob with a key hole and could still be picked. In fact you would likely still want a keyed lock on the door if there was a power failure,
the door would fail secure, but could be opened with a key in an emergency. Only a door that has a maglock on it that is released after a card scan
would address the issue. The answer is probably A but these questions need better editing by the authors.
upvoted 1 times
Protract8593 2 months ago
Selected Answer: A
Replacing the traditional key with an RFID (Radio Frequency Identification) key is a stronger form of access control compared to a physical key.
RFID keys use radio waves to communicate with an RFID reader, which grants access to the facility if the key is authorized. This technology
provides several advantages over traditional keys:
1. Increased security: RFID keys are more difficult 淘宝店铺:https://shop63989109.taobao.com/
to duplicate compared to physical keys, reducing the risk of unauthorized key copying.
2. Access control management: RFID keys can be easily activated or deactivated from the access control system, allowing the security team to
grant or revoke access quickly.
3. Audit trail: An RFID access control system can provide an audit trail, showing the times and dates of access attempts, successful entries, and
denied entries, which can aid in security investigations.
upvoted 1 times
reverse01 3 months ago
I took my exam today and passed with an 800. Thanks, everyone, for the great discussions and input; really helped me through the exam.
upvoted 2 times
ApplebeesWaiter1122 3 months ago
Selected Answer: A
replacing the traditional key with an RFID key, could also be a viable solution for implementing a stronger preventative access control for the
secure facility. This option introduces an electronic access control mechanism that can provide enhanced security compared to traditional keys.
店
店
铺
铺
;
;
学
学access control. RFID keys typically
By replacing the traditional
key with an RFID key, the security engineer can leverage technology to improve
习
习 granular control over who can
contain a unique identifier小
that can be scanned by a reader to grant or deny access. This system allows for more 小
店be restricted based on the specific RFID key credentials.
店
enter the facility, as access can
66
66
RFID keys can also offer additional features such as logging access events, enabling centralized access management, and facilitating quick
revocation of access in case of lost or stolen keys. These benefits enhance the overall security posture of the facility.
upvoted 1 times
Confuzed 5 months, 2 weeks ago
Selected Answer: A
As said previously, the key to this question is "PREVENTATIVE". CompTIA defines it thus:
Preventive—the control acts to eliminate or reduce the likelihood that an attack can succeed. A preventative control operates before an attack can
take place.
None of the other answers are both preventative, and meet the other terms in the question. However effective they might be to help mitigate the
risk.
upvoted 2 times
Adji91 6 months ago
Happy to pass my exam with a 799 score. This question was on that.
upvoted 3 times
princajen 6 months, 2 weeks ago
Selected Answer: A
A. Replacing the traditional key with an RFID key would be the BEST option in this scenario. The use of an RFID key system provides more secure
access control than traditional keys, as the keys cannot be duplicated easily, and the access logs are easier to maintain. Additionally, an RFID key
system allows the security team to more effectively monitor access to the facility and to limit access to specific areas as necessary. Installing a
camera or setting motion-sensing lights would be helpful for monitoring, but they would not necessarily prevent unauthorized access.
Surrounding the property with fencing and gates can also help with security, but it would not be the BEST option in this scenario as it does not
directly address the issue of the lock being picked.
upvoted 1 times
DALLASCOWBOYS 7 months, 4 weeks ago
A. Replace with an RFID Key. For B., Camera will act as a deterrent but won't prevent someone from attempting to pick lock. D Fencing, and
security gates generally people can still get around, it wont prevent them from picking the lock
upvoted 1 times
Bobbober12 8 months ago
店
铺
All but A are monitoring solutions.
upvoted 1 times
;
学
习
Sandon 8 months ago小
Not true
upvoted 1 times
店
66
店
铺
;
学
习
小
店
66
Tomtom11 10 months, 2 weeks ago
Selected Answer: B
Is the answer not B
A preventative control is one that prevents specific actions from occurring,
such as a mantrap prevents tailgating. Preventative controls act before an
event, preventing it from advancing. A firewall is an example of a
preventative control, as it can block access to a specific resource.
upvoted 1 times
RevolutionaryAct 1 month, 2 weeks ago
No, it is not. B. Installing and monitoring a camera facing the door is a deterrent it is not preventative. If I pick the lock and the lights come on,
it does not make access any more difficult i.e. it does not prevent anything, it might spook some and deter but it also might make my job
easier not to have to pick in the dark
淘宝店铺:https://shop63989109.taobao.com/
upvoted 1 times
Orean 11 months ago
Selected Answer: A
The operative word is PREVENTIVE. B and C are deterrent and/or detective in nature, whereas A and D are the only preventives. D could also be
effective in this context, though I'm leaning towards A because it directly addresses the door-lock concern in question.
upvoted 2 times
Halaa 1 year ago
RFID key is more secure.
upvoted 3 times
comeragh 1 year ago
Selected Answer: A
Agree with A. B,C and D are all physical controls.
upvoted 4 times
店
铺
;
店
铺
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #13
Which of the following can be used by a monitoring tool to compare values and detect password leaks without providing the actual credentials?
A. Hashing
B. Tokenization
C. Masking
D. Encryption
Correct Answer: A
店
店
铺
Community vote distribution
;
学
习
铺
;
学
习
A (100%)
小
小
店
Ribeiro19
店
66
Highly Voted
66
1 year ago
Selected Answer: A
Hashing, is the answer. Why? Because, with Hashing the tool can identify a credential without knowing the exact credential , by a mathematical
method (ex: multiply the credential by a number, and all different credentials have different results). comparing the Hashing of the local credential
with the Hashing of the web credentials the tool can extrapolate if the credential was compromised.
upvoted 24 times
AbdullxHanan
Most Recent
1 month, 3 weeks ago
Selected Answer: A
hashing is corect
upvoted 2 times
Protract8593 2 months ago
Selected Answer: A
Hashing is a cryptographic technique that takes input data (in this case, passwords) and converts it into a fixed-size string of characters, which is
the hash value. The hashing process is one-way, meaning it is not feasible to reverse the hash and obtain the original password from the hash value
alone.
When monitoring tools need to compare values (such as passwords) to detect password leaks, they can hash the values and then compare the
resulting hash values against a known database of leaked or compromised password hashes. If the hash of the user's password matches any entry
in the database, it indicates that the password has been compromised without actually revealing the original password itself.
This approach is widely used in password security practices, especially in situations where it's essential to protect the actual credentials from
exposure.
In conclusion, the most suitable option for a monitoring tool to compare values (passwords) and detect password leaks without providing the
actual credentials is A. Hashing.
upvoted 2 times
ApplebeesWaiter1122 3 months ago
Selected Answer: A
Hashing is a one-way mathematical function that takes an input (in this case, passwords) and produces a fixed-size string of characters, known as a
hash value or hash code. The important property of hashing is that it is computationally infeasible to reverse-engineer the original input from the
hash value
upvoted 1 times
店
店
铺
铺
;
学
DALLASCOWBOYS 7 months, 4 weeks ago
A. Hashing
upvoted 2 times
习
小
店
Deeppain90 8 months ago
66
;
学
习
小
店
66
Selected Answer: A
Hashing
upvoted 1 times
xxxdolorxxx 8 months, 1 week ago
Selected Answer: A
A makes the most sense to me.
upvoted 1 times
FMMIR 10 months, 1 week ago
Selected Answer: A
Because, with Hashing the tool can identify a credential without knowing the exact credential, by a mathematical method (ex: multiply the
credential by a number, and all different credentials have different results). comparing the Hashing of the local credential with the Hashing of the
淘宝店铺:https://shop63989109.taobao.com/
web credentials the tool can extrapolate if the credential
was compromised.
upvoted 2 times
okay123 10 months, 2 weeks ago
"Hashing is used to assure the authenticity of websites with which they may share personal and private information, in password storage
applications (personal or used by entities they interact with online), and is likely used by the antivirus solution they trust to keep their devices free
of malware." So if Hashing is used to validate the integrity of data, you can compare hashes to figure out if the data (password or whatever it is)
was compromised
https://www.uscybersecurity.net/csmag/what-the-hash-data-integrity-and-authenticity-in-american-jurisprudence/
upvoted 1 times
Sultan1990 1 year ago
i thinks C.
upvoted 1 times
店
店
Sultan1990 1 year ago
铺
铺
;
sorry A is answer
upvoted 6 times
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #14
A security engineer is building a le transfer solution to send les to a business partner. The users would like to drop off the les in a speci c
directory and have the server send the le to the business partner. The connection to the business partner is over the internet and needs to be
secure. Which of the following can be used?
A. S/MIME
B. LDAPS
C. SSH
D. SRTP
店
店
铺
铺
;
;
学
Correct Answer: C
学
习
小
店
Community vote distribution
66
C (92%)
rodwave
习
小
店
66
5%
10 months, 2 weeks ago
Highly Voted
Selected Answer: C
Answer: SSH - SSH or (Secure Shell) is a protocol that enables two computers to communicate securely by encrypting the connection. Since the
question is looking to transfer files over the internet to a specific directory, the FTP protocol can be used for the file transfer itself. As SSH can be
used with the FTP protocol, this allows for secure(SSH) file transfer(FTP) over the internet.
========================
Other Choices:
S/MIME (Secure/Multipurpose internet Mail Extensions) - Digitally signs and encrypts the contents of email messages.
LDAPS(Lightweight Directory Access Protocol) - Provides authentication for directory-based traffic
SRTP (Secure Real-time Transport Protocol) - Provides authentication/encryption for transmitted audio and video traffic.
upvoted 31 times
kiosk99
Highly Voted
1 year ago
Selected Answer: C
A File Transfer Protocol (FTP) server is typically configured with several public directories, hosting files, and user accounts.
SSH FTP (SFTP)
LDAP Secure (LDAPS)—the server is installed with a digital certificate, which it uses to set up a secure tunnel for the user credential exchange.
File transfer. Answer: SSH
upvoted 9 times
Protract8593
2 months ago
Most Recent
Selected Answer: C
SSH (Secure Shell) is a network protocol that provides secure encrypted communication over an unsecured network, such as the internet. It is
commonly used for secure remote access to servers and also for secure file transfer.
In the given scenario, the security engineer can set up an SSH server on the destination server hosted by the business partner. The users from the
company can then use an SSH client (such as OpenSSH) to securely transfer files to the specific directory on the business partner's server.
Here's how the file transfer process works using SSH:
店
店
1. The business partner sets up an SSH server (SSH daemon) on their server.
2. The security engineer configures the server to allow secure file transfer (SCP/SFTP) using SSH.
3. Users from the company can use SSH clients like OpenSSH (or graphical SFTP clients) to securely connect to the business partner's server and
transfer files to the designated directory.
铺
铺
;
;
学
学
习
习
小
店
小
店
With SSH, the file transfer process is secure and encrypted, protecting the data in transit from eavesdropping and tampering.
upvoted 1 times
66
66
ApplebeesWaiter1122 3 months ago
Selected Answer: C
SSH is a network protocol that provides secure remote access and file transfer capabilities. It encrypts the communication between the client and
server, ensuring confidentiality and integrity of the transferred data. SSH provides secure authentication and encryption mechanisms, making it
suitable for secure file transfer scenarios.
With SSH, the users can securely drop off the files in the specific directory on the server, and then the server can initiate a secure file transfer to
the business partner using SSH's file transfer capabilities (e.g., SCP - Secure Copy or SFTP - SSH File Transfer Protocol).
upvoted 1 times
z3phyr 5 months, 3 weeks ago
Selected Answer: C
SFTP is a file transfer protocol that uses SSH to create the secure connection.
淘宝店铺:https://shop63989109.taobao.com/
upvoted 1 times
Guseyayi 7 months, 1 week ago
Selected Answer: C
SSH is a secure method of connecting to remote servers over a
network because it encrypts data transmitted over a network.
upvoted 1 times
uday1985 8 months, 2 weeks ago
I think its D , but the messed up the letters SFTP became SRTP!
I dare you who have answered SSH to use the same answer when SFTP is next to it!
upvoted 1 times
[Removed] 8 months, 2 weeks ago
店
There is such thing as SRTP...
upvoted 3 times
铺
店
铺
;
;
学
学
习
习
小
小answer for this question.
His point is OP typo'd and
店 wrote SRTP instead of SFTP. If SFTP was an option, it would be the more accurate
店
6acronyms
6SRTP.
CompTIA rarely puts bogus
in
their
questions,
so
it's
more
likely
that
OP
simply
typo'd
SFTP
as
a
bogus
6
6
CTE_Instructor 7 months ago
upvoted 1 times
CTE_Instructor 7 months ago
Self correction: SRTP is Secure Real-Time Protocol, and is an objective on the Security+ 601. It's primarily used for real-time media
stream security like video & VoIP. It is not the correct answer for this question.
upvoted 3 times
Mr_BuCk3th34D 8 months, 3 weeks ago
Actually, a better answer would be SFTP (SSH with FTP), but since this is not an alternative, I'll go with SSH.
upvoted 1 times
lordguck 10 months, 3 weeks ago
C: LDAPS (B) is for authentication but that does not answer the question about the data transfer. SSH on the other hand can do both e.g. with
user/password or better yet certificates.
upvoted 1 times
be9z 11 months, 2 weeks ago
The answer is SSH. SSH can be used to transfer data from one computer to another over internet. And it is a secure connection
upvoted 1 times
RawToast 11 months, 2 weeks ago
Selected Answer: C
SSH is a suite of three utilities. SSH: Secure Shell for secure connection and command execution. SCP: Secure Copy Protocol, and slogin: enables
secure login. Both ends of an SSH connection are encrypted. SSH would allow for all of the criteria to be met.
upvoted 3 times
Mondicles 1 year ago
Selected Answer: C
This is definitely C.
LDAP is used to provide a central place for directory service authentication.
S/MIME is an internet standard to digitally sign and encrypt email messages. It ensures the integrity of email messages remains intact while being
received.
SSH can be used with FTP which is called SFTP, file transfer over encrypted tunnel.
upvoted 4 times
店
店
铺
铺
mark9999 1 year ago
;
;
学
学
LDAPS is for directory based traffic and S/MIME for email traffic. Sending files to another server using SSH will achieve the aim. Try it out on linux
based machines.
upvoted 1 times
习
习
小
店
monsteracid 1 year ago
66
小
店
LDAPS is used for authentication ONLY. It does not perform any encryption of files.
upvoted 1 times
Wiggie 1 year ago
LDAPS
https://library.netapp.com/ecmdocs/ECMP1366834/html/GUID-0E97E7F2-D46D-4883-B95B-A066B0D52B3D.html
upvoted 1 times
Dachosenone 1 year ago
Selected Answer: C
You can transfer files from server to server using SSH.
https://tecadmin.net/download-file-using-ssh/
66
淘宝店铺:https://shop63989109.taobao.com/
upvoted 2 times
comeragh 1 year ago
On review it looks to be LDAPS. Other sites also saying LDAPS.
upvoted 1 times
monsteracid 1 year ago
LDAPS is used for authentication ONLY. It does not perform any encryption of files.
upvoted 2 times
varun0 1 year ago
Selected Answer: C
S/MIME is the format used for email attachments, there is no way for the users to upload files to the directory and have it automatically sent to the
business partner. SSH can do this by sshing to the required directory and placing the files there. And having it sent using various ssh based file
transfer protocols like sftp, scp.
upvoted 4 times
店
铺
; ago
Wiggie 1 year学
习
https://www.miniorange.com/guide-to-setup-ldaps-on-windows-server
小
店
66
https://www.techtarget.com/searchmobilecomputing/definition/LDAP
店
铺
;
学
习
小
店
66
upvoted 2 times
Wiggie 1 year ago
Selected Answer: B
Directory = LDAPS
upvoted 2 times
Mondicles 1 year ago
LDAP is used as an authentication protocol for directory services.
upvoted 1 times
monsteracid 1 year ago
LDAPS is used for authentication ONLY. It does not perform any encryption of files.
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #15
An administrator needs to protect user passwords and has been advised to hash the passwords. Which of the following BEST describes what the
administrator is being advised to do?
A. Perform a mathematical operation on the passwords that will convert them into unique strings.
B. Add extra data to the passwords so their length is increased, making them harder to brute force.
C. Store all passwords in the system in a rainbow table that has a centralized location.
D. Enforce the use of one-time passwords that are changed for every login session.
店
店
铺
Correct Answer: A
铺
;
;
学
Community vote distribution
习
小A (96%)
店
66
varun0
Highly Voted
学
习
小
店
4%
66
1 year ago
Selected Answer: A
A 100% sure
upvoted 9 times
Protract8593
Most Recent
2 months ago
Selected Answer: A
Hashing is a cryptographic process that takes an input (such as a user password) and transforms it into a fixed-size, unique string of characters,
known as the hash value or hash code. The hashing algorithm performs a one-way function, meaning it is not possible to reverse the process and
retrieve the original password from the hash value alone. The resulting hash value is unique to the input, meaning different passwords will result in
different hash values.
By storing only the hash values of passwords instead of the passwords themselves, the administrator ensures that even if the database is
compromised, the actual passwords are not exposed to attackers. When a user attempts to log in, the password they provide is hashed and
compared to the stored hash value. If the hash values match, the password is considered correct, and access is granted.
upvoted 2 times
ApplebeesWaiter1122 3 months ago
Selected Answer: A
The administrator is being advised to hash the passwords. Hashing is a process of applying a mathematical algorithm to a password, resulting in a
unique string of characters known as a hash value or hash code. The hash value is typically of fixed length, regardless of the input password's
length.
When passwords are hashed, they are transformed into irreversible representations. Hash functions are designed in such a way that it is
computationally infeasible to reverse-engineer the original password from the hash value. This ensures that even if the hashed passwords are
compromised, the actual passwords remain protected.
Hashing is a widely used technique to securely store passwords. Instead of storing the passwords themselves, the system stores the hash values.
During the authentication process, the user's entered password is hashed and compared to the stored hash value. If the hashes match, the
password is considered correct.
upvoted 1 times
Navigator 4 months ago
店
Selected Answer: A
铺 meaningful answer here.
This is the most
;
学
upvoted 1 times
习
小 ago
princajen 6 months, 2 weeks店
66
Selected Answer: A
店
铺
;
学
习
小
店
66
The administrator is being advised to perform a mathematical operation on the passwords that will convert them into unique strings. Therefore,
the correct option is:
A. Perform a mathematical operation on the passwords that will convert them into unique strings.
Hashing is a process that takes a password as input, performs a mathematical operation on it, and generates a fixed-length string of characters as
output, called a hash. The hash can be stored in a database and used to authenticate the user. When the user enters their password, the same
mathematical operation is performed on it, and the resulting hash is compared to the stored hash. If the two hashes match, the user is
authenticated. The use of hashing is a widely accepted method for securing passwords.
upvoted 2 times
DALLASCOWBOYS 7 months, 4 weeks ago
A. is the definition of hashing
upvoted 1 times
xxxdolorxxx 8 months, 1 week ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: A
A.
Hashing pushes the data through a one way algorithm resulting in a string that you can use to compare against the original value.
All other answers don't really make any sense.
upvoted 1 times
KingDrew 8 months, 2 weeks ago
Selected Answer: A
Basically a cryptography method.
upvoted 1 times
whiteLightning0820 10 months, 4 weeks ago
Selected Answer: A
店
ITS A FO SHO
upvoted 1 times
店
铺
铺
;
;
学
学
习
习
alayeluwa 11 months, 2 weeks ago
Selected Answer: A
小
It is A
小
店
店
66
66
Option be will be salting.
upvoted 1 times
Mondicles 1 year ago
This question wants to test if you know that definition of a hash function which is described in OPTION A.
upvoted 2 times
FT1 1 year ago
A - What's Hashing About?
By dictionary definition, hashing refers to "chopping something into small pieces" to make it look like a "confused mess". That definition closely
applies to what hashing represents in computing.
In cryptography, a hash function is a mathematical algorithm that maps data of any size to a bit string of a fixed size. We can refer to the function
input as message or simply as input. The fixed-size string function output is known as the hash or the message digest. As stated by OWASP, hash
functions used in cryptography have the following key properties:
upvoted 2 times
dj450 1 year ago
Selected Answer: A
Admin is being advised to hash. A is the definition of hashing
upvoted 2 times
Ribeiro19 1 year ago
Selected Answer: A
Guys, don't invent the wheel again. The question is stating what the told the guy to do! That us hashing. And the answer A is the definition of hash.
You can find on google
upvoted 3 times
examprepkt 1 year ago
Seems like B would be the best option,
What is password salting? Password salting is a technique to protect passwords stored in databases by adding a string of 32 or more characters
and then hashing them. Salting prevents hackers who breach an enterprise environment from reverse-engineering passwords and stealing them
from the database.
店
铺
;
学
https://www.techtarget.com/searchsecurity/definition/salt
习
小
upvoted 2 times
店
66
Mondicles 1 year ago
店
铺
;
学
习
小
店
66
Option A literally defines what a hash is. Read the question carefully.
upvoted 3 times
stoneface 1 year ago
You are not adding any data when you are hashing - adding randomized value 'salting'
upvoted 3 times
KetReeb 1 year ago
A - Common uses of hashing algorithms are to store computer passwords and to ensure message integrity. The idea is that hashing can produce a
unique value that corresponds to the data entered, but the hash value is also reproducible by anyone else running the same algorithm against the
data.
upvoted 3 times
comeragh 1 year ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: B
B here for me seems the one that fits best.
upvoted 1 times
Ay_ma 1 year ago
That's 'salting'. The question didn't indicate that anything was added to the process.
upvoted 3 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #16
Which of the following would be indicative of a hidden audio le found inside of a piece of source code?
A. Steganography
B. Homomorphic encryption
C. Cipher suite
D. Blockchain
Correct Answer: A
店
店
铺
Community vote distribution
;
学
习
铺
;
学
习
A (100%)
小
小
店
店
66
rodwave
66
10 months, 2 weeks ago
Highly Voted
Selected Answer: A
Steganography is the technique of hiding secret data within an ordinary, non-secret, file or message in order to avoid detection. It's essentially
being able to hide in plain sight. The question is referring to a hidden file not some form of encryption, Steganography is not an encryption
method but can be used with encryption to add an extra step for protecting data.
==============================
Other Choices:
Homomorphic encryption - An encryption algorithm designed to allow calculations to be performed on the encrypted data without requiring
access to a secret key to decrypt the data. The result of such a computation remains in encrypted form, and can at a later point, the original data
can be accessed with the proper decryption key. This allows critical and sensitive data to be outsourced to third-parties without posing a serious
risk to the original owner of that data.
Cipher suite - Algorithms/Instructions required to enable secure network connections between servers and clients through TLS(SSL).
Blockchain - A shared, immutable ledger that facilitates the process of recording transactions and tracking assets in a business network.
upvoted 15 times
adam1p 3 months, 1 week ago
When's the next album dropping?
upvoted 1 times
Ribeiro19
Highly Voted
1 year ago
Selected Answer: A
Steganography is the art of punting information inside of information. Is like hiding something in front of everyone eyes.
upvoted 10 times
Protract8593
Most Recent
2 months ago
Selected Answer: A
Steganography is the practice of concealing information or files within other seemingly innocuous files or data to hide their existence. In the
context of the question, an audio file could be hidden inside a piece of source code using steganography techniques.
Steganography does not alter the functionality or appearance of the carrier file (in this case, the source code) but embeds the hidden information
in a way that is not apparent to casual observation. It can be used to hide various types of files, including audio, images, or documents, within
other files.
upvoted 1 times
店
店
铺
铺
;
学
ApplebeesWaiter1122 3 months ago
习
小
;
学
习
小
店
店
Steganography is the practice of 6
concealing information within other files or data in such a way that it is not easily detectable.
66 In the context of
6
digital files, steganography techniques can be used to hide one file, such as an audio file, within another file, such as source code.
Selected Answer: A
By employing steganography, the audio file can be embedded within the source code file without raising suspicion or altering the appearance of
the code. This hidden audio file can only be extracted by using specific methods or tools designed to detect and extract steganographic content.
upvoted 1 times
Guseyayi 7 months, 1 week ago
Selected Answer: A
Steganography is the art of using cryptographic techniques to embed
secret messages within another message.
upvoted 2 times
DALLASCOWBOYS 7 months, 4 weeks ago
A. Steganography which is the art of using cryptogaphuc techniques to embed secret messages within another file.
upvoted 1 times
KingDrew 8 months, 2 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: A
Steganography = Hiding secret data within other data
In this case, secret audio file is hidden within source code data
upvoted 1 times
batuhanzeyad 8 months, 2 weeks ago
Selected Answer: A
This is the right antwort
upvoted 1 times
mr_reyes 9 months, 1 week ago
Sooooo many of these are "A", and I believe it is right here also.
upvoted 1 times
店
铺
[Removed] 9 months, 3 weeks ago
;
A is the right answer
学
铺
;
学
习
upvoted 1 times
店
习
小
小
店
whiteLightning0820 10 months,64 weeks ago
6
店
66
Selected Answer: A
I think its A
upvoted 1 times
rindrasakti 11 months, 2 weeks ago
Ofcurse steganographi A
upvoted 1 times
comeragh 1 year ago
Selected Answer: A
Agree with A on this one
upvoted 1 times
IQ30 1 year ago
Selected Answer: A
Professor Messer notes :
Other steganography types
• Audio steganography
– Modify the digital audio file
– Interlace a secret message within the audio
– Similar technique to image steganography
upvoted 4 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #17
A user enters a username and a password at the login screen for a web portal. A few seconds later the following message appears on the screen:
Please use a combination of numbers, special characters, and letters in the password eld.
Which of the following concepts does this message describe?
A. Password complexity
B. Password reuse
C. Password history
D. Password age
店
店
铺
Correct Answer: A
铺
;
;
学
学
习
Community vote distribution
习
小
小
店
店
66
66
A (100%)
Ribeiro19
Highly Voted
1 year ago
Selected Answer: A
Password complexity - is the method that obligate users to use passwords this some characteristics. (like more than X characters, use numbers
symbols and letters) .
upvoted 8 times
comeragh
Highly Voted
1 year ago
Selected Answer: A
A correct answer here
upvoted 6 times
Protract8593
Most Recent
2 months ago
Selected Answer: A
Password complexity refers to the practice of requiring passwords to meet certain criteria to make them stronger and more resistant to
unauthorized access. The message instructs the user to create a password that includes a combination of numbers, special characters, and letters,
which are characteristics commonly associated with a complex password.
By using a combination of numbers, special characters (e.g., !, @, #, $, etc.), uppercase letters, and lowercase letters, the resulting password
becomes more difficult to guess or crack using brute-force or dictionary attacks.
upvoted 1 times
ApplebeesWaiter1122 3 months ago
Selected Answer: A
Password complexity refers to the requirements or rules set for creating a password that includes a combination of different character types such
as numbers, special characters, uppercase letters, and lowercase letters. By enforcing password complexity, the system aims to enhance the
security of user passwords.
In this case, the message is instructing the user to include a combination of numbers, special characters, and letters in their password. By using a
variety of character types, the resulting password becomes more resistant to common password cracking methods such as brute force or
dictionary attacks.
upvoted 1 times
店
铺
ExamPasser420 4 months, 3 weeks ago
;
Selected Answer: A
学
习 what to tell you
if you don't think its A.. idk小
店
upvoted 1 times
66
店
铺
;
学
习
小
店
66
DALLASCOWBOYS 7 months, 4 weeks ago
A. Making passwords more complex makes them harder to crack
upvoted 1 times
alwaysrollin247 9 months, 3 weeks ago
CompTIA is frustrating. My first thought here is that, this user is logging in not creating an account which would tell me this is the password age
expiring. However, the question asks what the message describes which, leaving out the rest of the question, the message itself describes
complexity.
upvoted 2 times
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #18
A company recently experienced an inside attack using a corporate machine that resulted in data compromise. Analysis indicated an
unauthorized change to the software circumvented technological protection measures. The analyst was tasked with determining the best
method to ensure the integrity of the systems remains intact and local and remote boot attestation can take place. Which of the following would
provide the BEST solution?
A. HIPS
B. FIM
C. TPM
D. DLP
店
店
铺
铺
;
;
学
Correct Answer: C
学
习
习
小
店
66
Community vote distribution
C (96%)
rodwave
小
店
Highly Voted
66
4%
10 months, 2 weeks ago
Selected Answer: C
In this question, an attack has already occurred so preventative measures such as HIPS, FIM, or DLP would not be helpful. Also, the analyst wants to
check the integrity of the system, and boot attestation can take place. TPM chips have mechanisms to prevent system tampering and boot
attestation can be done with TPM based hardware to verify the state of the firmware, bootloader, etc. TPM is the best option here.
=====================
Other Choices
HIPS (Host Intrustion Prevention System) - An installed software package which monitors a single host for suspicious activity by analyzing events
occurring within that host. This aims to stop malware by monitoring the behavior of code.
FIM (File Integrity Monitoring) - Technology that monitors and detects file changes that could be indicative of a cyberattack. FIM specifically
involves examining files to see if and when they change, how they change, who changed them, and what can be done to restore those files if
those modifications are unauthorized.
DLP (Data Loss Prevention) - A set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users.
upvoted 49 times
ELLEWOODS45 10 months, 1 week ago
I wish there was a way we could chat with each other, do y’all have a way you communicate ?
upvoted 10 times
BlackMamba_4 2 months ago
Discord, professor messer discord
upvoted 1 times
Ay_ma
Highly Voted
1 year ago
The key sentence in the question is: "The analyst was tasked with determining the best method to ensure the integrity of the systems remains
intact and local and remote boot attestation can take place"
The attack already happened. 'HIPS' looks out for attacks. But in the situation of trying to restore, TPM seems like the best option.
upvoted 10 times
店
铺
店
铺
;Most Recent 2 months ago
;
学
学
习
习
Selected Answer: C
小
小
店is a hardware-based security component that is designed to provide secure cryptographic
店 functions and protect
TPM (Trusted Platform Module)
6
66 and to support local
6 It is commonly used to ensure the integrity and security of a system's boot process
sensitive data on a computer or server.
Protract8593
and remote attestation.
Here's how TPM can provide the solution:
1. Boot integrity: TPM can store cryptographic measurements of the system's boot process, including the firmware, bootloader, and operating
system components. These measurements are known as Platform Configuration Registers (PCRs) and create a "hash chain" that represents the
system's boot state. Any unauthorized changes to the boot process will result in a different hash value, indicating potential tampering.
2. Remote attestation: TPM enables remote attestation, where the system can provide proof of its boot integrity to a remote server or entity. This
is crucial for verifying that the system's software and configurations have not been altered by unauthorized parties. Remote attestation can be
used to ensure the integrity of the system before allowing access to sensitive data or services.
upvoted 2 times
BigIshai 1 month, 3 weeks ago
@Protract8593, Thank you for the breakdown. very detailed.
淘宝店铺:https://shop63989109.taobao.com/
upvoted 1 times
ApplebeesWaiter1122 3 months ago
Selected Answer: C
TPM is a hardware-based security feature that provides cryptographic functions and secure storage for cryptographic keys. It offers a secure
environment for verifying the integrity of a system's boot process and critical components. By leveraging TPM, the analyst can establish a trusted
platform and ensure that the system's integrity is maintained.
Local boot attestation involves verifying the integrity of the system during the boot process on the local machine. TPM can measure and store
hashes of critical components and compare them against known good values, ensuring that unauthorized changes or tampering are detected.
Remote boot attestation enables the verification of a system's integrity even when it is booted remotely or in a networked environment. TPM can
generate and securely store cryptographic keys, which can be used for remote attestation and establishing trust with other systems or services.
upvoted 1 times
fouserd 4 months, 2 weeks ago
店
店
铺
铺
;
; remains intact and local and remote
A Trusted Platform学
Module (TPM) would provide the BEST solution to ensure the integrity of the systems学
习place. A TPM is a hardware-based security device that generates and stores cryptographic
习 keys and can be used to verify
boot attestation can take
小
小
the integrity of a system’s boot process.
店
店
66
66
upvoted 1 times
Selected Answer: C
davsharma 5 months ago
Selected Answer: B
Correct Answer is FIM
File Integrity Monitoring (FIM) is a security practice which consists of verifying the integrity of operating systems and application software files to
determine if tampering or fraud has occurred by comparing them to a trusted "baseline."
upvoted 1 times
Treasureprecious 5 months, 2 weeks ago
Thank you rodwave for your explanations
upvoted 3 times
princajen 6 months, 2 weeks ago
Selected Answer: C
The best solution to ensure the integrity of the system remains intact and local and remote boot attestation can take place would be to use a
Trusted Platform Module (TPM). TPM is a specialized chip on the motherboard of a computer that provides hardware-based security, which can
help protect against unauthorized access to a computer's data. It can be used to perform boot-time measurements and provide secure storage of
encryption keys and passwords, ensuring the system's integrity. With TPM, the system can perform secure boot attestation, which can detect
unauthorized changes to the software or firmware that could compromise system security. HIPS, FIM, and DLP are not designed to provide boottime measurements or to provide secure storage of encryption keys and passwords, which are essential for boot attestation.
upvoted 1 times
DALLASCOWBOYS 7 months, 4 weeks ago
C. TPM which is the Trusted Platform Module, which helps prevent unauthorized changes to firmware or software
upvoted 2 times
mlonz 8 months, 1 week ago
A trusted platform module is a hardware chip included on many laptops and mobile devicces. It provides full disk encryption
and supports a secure boot process and remote attestation. A TPM includes a unique RSA asymmetric key burned into the
chip that provides a hardware root of trust
upvoted 1 times
nerdboy1992 9 months, 1 week ago
Though File Integrity Monitoring (FIM) detects any changes to software, it wouldn't be correct in this instance. This is due to the question stating
"remote boot attestation". Trusted Platform Module (TPM) provides this feature.
upvoted 1 times
店
店
铺
铺
;
学
okay123 10 months, 2 weeks ago
习
小
Remote attestation: -Device provides an operational report to a verifcation server
- Encrypted and digitally signed with a TPM
店
66
;
学
习
小
店
So before a remote boot attestation can take place, TPM chips are needed
upvoted 2 times
Check_mate 10 months, 3 weeks ago
Selected Answer: B
It's clearly FIM it's a security Practice for ensuring integrity tPM is a trusted Platform Model for securing cryptoprocess
upvoted 2 times
Sandon 8 months ago
It's clearly not
upvoted 3 times
Mondicles 1 year ago
Selected Answer: C
66
淘宝店铺:https://shop63989109.taobao.com/
The answer is C.
TPM protects the device against unauthorized firmware and software modification by hashing critical sections of firmware and software.
upvoted 2 times
comeragh 1 year ago
Selected Answer: C
Sorry my earlier comment suggested HIPS. On further reading going with C - TPM
upvoted 3 times
Ribeiro19 1 year ago
Selected Answer: C
check this out guys https://docs.microsoft.com/en-us/azure/security/fundamentals/measured-boot-host-attestation
upvoted 1 times
varun0 1 year ago
店
店
铺
铺
Selected Answer: C
;
;
学
学
remote boot attestation only be done with something called measured boot which takes the hashes of the firmware, drivers, OS and stores them
in the TPM from where the admin can remotely ensure the integrity of the system and sure that it has not changed.
upvoted 4 times
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #19
Which of the following is a reason to publish les' hashes?
A. To validate the integrity of the les
B. To verify if the software was digitally signed
C. To use the hash as a software activation key
D. To use the hash as a decryption passphrase
Correct Answer: A
店
店
铺
Community vote distribution
;
学
习
铺
;
A (100%)
小
店
securityexam101
66
Highly Voted
1 year ago
学
习
小
店
66
Hashes = Integrity always
upvoted 9 times
varun0
Highly Voted
1 year ago
Selected Answer: A
A seems obvious to me.
upvoted 7 times
Protract8593
Most Recent
2 months ago
Selected Answer: A
Publishing files' hashes is a common practice used to validate the integrity of files and ensure that they have not been tampered with or
corrupted. A hash value is a unique fixed-size string of characters generated from the contents of a file using a cryptographic hashing algorithm.
Even a minor change in the file's content will result in a completely different hash value.
When files are distributed, users can independently calculate the hash value of the received file and compare it to the published hash value. If the
calculated hash matches the published hash, it means that the file has not been altered during transit, ensuring its integrity. If the hash values do
not match, it indicates that the file may have been tampered with, corrupted, or modified, and users should exercise caution before using the file.
upvoted 1 times
ApplebeesWaiter1122 3 months ago
Selected Answer: A
Publishing files' hashes is primarily done to validate the integrity of the files. Hash functions generate unique hash values based on the content of
a file. By calculating and publishing the hash values for files, users can compare them to verify the integrity of the files they possess.
When a file is downloaded or received from an untrusted source, comparing the calculated hash of the file with the published hash allows users to
determine if the file has been altered or tampered with during transmission. If the calculated hash matches the published hash, it indicates that the
file has not been modified and remains intact.
upvoted 1 times
DALLASCOWBOYS 7 months, 4 weeks ago
A. Publishing hashes allows the comparison of hash values to verifiy integrity
upvoted 2 times
店
店
铺
铺case they downloaded the software from 3rdI believe it's 'B'.;
Software vendors publish the hashes of their software products so the end users (in
; Digital signatures use hashes.
party websites) can学
verify if the software has not been tampered with (added malware or malicious code).学
习
习
upvoted 1 times
小
小
店
店
66
TinyTrexArmz 8 months ago 66
GetBuckets 9 months, 3 weeks ago
But a hash does not prove that it was digitally signed. You take a plain txt file and, using a hash generator, create a hash for it. If I then share the
text file with you and you wanted to make sure what is currently in the text file is the same as what I sent you then you'd use a compatible hash
generator to generate a hash for the file you received. If our hashes match then the file wasn't changed. If the hash is different then something
happened in transit and you can't trust that txt file. To accomplish this I didn't have to digitally sign it or encrypt it or anything. Just share the
file with you along with my original hash.
upvoted 4 times
rodwave 10 months, 2 weeks ago
Selected Answer: A
To validate the integrity of the files - Hash function algorithms compares the file's original and current hash values. And if a byte or even a piece of
the file's data has been changed, the original and current hash values will be different, and therefore you will know whether it's the same file or
not.
upvoted 3 times
lordguck 11 months ago
淘宝店铺:https://shop63989109.taobao.com/
"A" is right obviously, but I have an question training
dump from Okt/22 whicht says, "B" (rubbish if you ask me).
upvoted 1 times
Ribeiro19 1 year ago
Selected Answer: A
To validate the integrity of the files
upvoted 2 times
stoneface 1 year ago
Selected Answer: A
A - hashing
upvoted 3 times
comeragh 1 year ago
店
Selected Answer: A
铺
Agree with A being correct answer here
upvoted 1 times
;
店
铺
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #20
A security manager has tasked the security operations center with locating all web servers that respond to an unsecure protocol. Which of the
following commands could an analyst run to nd the requested servers?
A. nslookup 10.10.10.0
B. nmap -p 80 10.10.10.0/24
C. pathping 10.10.10.0 -p 80
D. ne -l -p 80
店
店
铺
Correct Answer: B
铺
;
;
学
Community vote distribution
习
学
习
小B (100%)
店
66
rodwave
小
店
66
10 months, 2 weeks ago
Highly Voted
Selected Answer: B
Answer: nmap -p 80 10.10.10.0/24 - Nmap or network mapper is a network discovery and security auditing tool mainly used to find services, hosts,
and open ports on a network. In this case, nmap will check for the HTTP port 80.
====================================
Other Choices
Nslookup - This command queries DNS servers to obtain DNS records
Pathping - This command provides information about network latency and packet loss at hops between a source and destination. Used for
troubleshooting network issues.
ne - Honestly not 100% here
upvoted 22 times
CTE_Instructor 7 months ago
The ne command would be used to see traffic on one specific interface, while nmap would scan the entire network and show which ports are
open on discovered IP addresses. For this question, nmap would be a more comprehensive scan and would show any IP address on the
network which has port 80 open.
upvoted 2 times
TinyTrexArmz 8 months ago
I agree the answer is nmap but I'll also say that the command would not find "all web servers" It would only find web servers on the
10.10.10.0/24 subnet.
Because of this fact and my not being familiar with that "ne" command, I chose it initially. Which I think is why it's there. To trick people like me
that get hung up on the word phrase "all web servers." As far as my search goes, I've not found a system that uses the "ne" command.
upvoted 1 times
varun0
Highly Voted
1 year ago
Selected Answer: B
nmap is looking for the unsecure port 80 (http), pathping only shows packet drops and latency.
upvoted 15 times
Protract8593
2 months ago
Most Recent
Selected Answer: B
店
店
1. nmap: nmap is a powerful network scanning tool used to discover hosts and services on a computer network.
2. -p 80: This option specifies that nmap should scan for open ports on port 80, which is the default port used for HTTP (unsecure web)
communication.
3. 10.10.10.0/24: This is the target network range or IP address range that the analyst wants to scan. The /24 indicates a subnet mask of
255.255.255.0, meaning it will scan all IP addresses in the 10.10.10.0 network.
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
By running this command, the security operations center analyst can identify all web servers within the specified network range (10.10.10.0/24) that
are responding on port 80, which is indicative of unsecure HTTP services. This information can then be used to further investigate and secure those
servers if needed.
upvoted 3 times
ApplebeesWaiter1122 3 months ago
Selected Answer: B
To find web servers that respond to an unsecure protocol, an analyst can run the command "nmap -p 80 10.10.10.0/24".
Explanation:
"nmap" is a popular network scanning tool used for host discovery and service enumeration.
"-p 80" specifies the port to scan, in this case, port 80, which is the default port for HTTP.
"10.10.10.0/24" represents the IP address range to scan. The "/24" denotes a CIDR notation indicating all IP addresses within the subnet.
By running this command, the analyst will scan the IP range 10.10.10.0/24 for open port 80. If a web server is listening on port 80, it indicates that
it is responding to unsecure HTTP requests.
淘宝店铺:https://shop63989109.taobao.com/
upvoted 1 times
princajen 6 months, 2 weeks ago
Selected Answer: B
B. nmap -p 80 10.10.10.0/24
The nmap command is a powerful network exploration and security auditing tool, which can be used to scan a range of IP addresses to determine
which ports are open and which services are running on those ports. In this case, the security operations center has been tasked with locating web
servers that respond to an unsecure protocol. Port 80 is the standard port for HTTP, which is an unsecure protocol. Therefore, the nmap command
can be used to scan the IP range specified (10.10.10.0/24) and check if any servers are running an HTTP service on port 80.
upvoted 1 times
xxxdolorxxx 8 months ago
Selected Answer: B
Nmap seems right to me. Done this a number of times when going for my eJPT.
upvoted 1 times
店
铺
; ago
comeragh 1 year学
习
Selected Answer: B
店
铺
;
学
习
小
小
店
店
66
B correct here
upvoted 4 times
66
stoneface 1 year ago
Selected Answer: B
b) nmap -p 80 10.10.10.0/24 ->
upvoted 4 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #21
Which biometric error would allow an unauthorized user to access a system?
A. False acceptance
B. False entrance
C. False rejection
D. False denial
Correct Answer: A
店
店
铺
Community vote distribution
;
学
习
铺
;
学
习
A (100%)
小
小
店
stoneface
店
66
Highly Voted
66
1 year ago
Selected Answer: A
FAR ( False Acceptance Rate ) ->
where an interloper is accepted (Type II error or false match rate [FMR]). FAR is measured as a percentage.
False rejection cause inconvenience to users, but false acceptance can lead to security breaches, and so is usually considered the most important
metric.
upvoted 16 times
rodwave
Highly Voted
10 months, 2 weeks ago
Selected Answer: A
False Acceptance - There are only two metrics that are used to determine the performance of biometrics: FAR (False Acceptance Rate) & FRR (False
Rejection Rate). False Acceptance Rate is a metric for biometric performance that determines the number of instances where unauthorized
persons were incorrectly authorized. For this question, a biometric error would mean that someone was authorized when they weren't supposed
to be authorized.
upvoted 8 times
Protract8593
Most Recent
2 months ago
Selected Answer: A
False acceptance, also known as a "false positive," occurs when the biometric system incorrectly matches the biometric input of an unauthorized
user to the biometric template of an authorized user. In other words, the system incorrectly identifies the unauthorized user as an authorized user
and grants them access.
This type of error is a security concern because it allows unauthorized individuals to gain access to the system, potentially compromising sensitive
data or resources. Reducing the false acceptance rate is essential for improving the overall security of the biometric system and ensuring that only
authorized users are granted access.
upvoted 1 times
ApplebeesWaiter1122 3 months ago
Selected Answer: A
False acceptance refers to a biometric system incorrectly accepting the identity of an unauthorized user as a legitimate user. It occurs when the
system incorrectly matches the biometric data of an unauthorized individual with that of an authorized user, granting access to someone who
should not have it.
upvoted 1 times
店
铺
DALLASCOWBOYS 7 months, 4 weeks ago
; allows unauthorized user and accepts them as valid.
A. False acceptance学
习
upvoted 1 times
小
店
66
varun0 1 year ago
Selected Answer: A
False Acceptance Rate - accepts wrong info
upvoted 5 times
店
铺
;
学
习
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #22
A company is auditing the manner in which its European customers' personal information is handled. Which of the following should the
company consult?
A. GDPR
B. ISO
C. NIST
D. PCI DSS
店
店
铺
Correct Answer: A
铺
;
;
学
Community vote distribution
习
学
习
小A (100%)
店
66
comeragh
Highly Voted
小
店
66
1 year ago
Selected Answer: A
GDPR correct here
upvoted 11 times
secplusme 12 months ago
GDPR is countries in the EU not all of Europe
upvoted 1 times
varun0
Highly Voted
1 year ago
Selected Answer: A
GDPR - Privacy law for Europeans citizens
upvoted 9 times
Protract8593
Most Recent
2 months ago
Selected Answer: A
GDPR is a comprehensive data protection regulation that governs the handling and processing of personal data of individuals located in the
European Union (EU). It sets strict requirements and guidelines for organizations that collect, store, or process personal data of EU citizens,
regardless of where the organization is based.
upvoted 1 times
ApplebeesWaiter1122 3 months ago
Selected Answer: A
The General Data Protection Regulation (GDPR) is a comprehensive data protection and privacy regulation in the European Union (EU). It outlines
the rules and requirements for handling personal data of individuals within the EU, including how personal information should be collected,
processed, stored, and protected.
Given that the company is auditing the handling of its European customers' personal information, GDPR is highly relevant. It provides specific
guidelines and obligations for organizations regarding the privacy and security of personal data.
upvoted 1 times
DALLASCOWBOYS 7 months, 4 weeks ago
店
店
A. GDPR is the General Data Protection Regulation implements security and privacy requirements for personal info of European residents
worldwide.
upvoted 4 times
铺
铺
;
学
习
小 ago
rodwave 10 months, 2 weeks
店
66
Selected Answer: A
;
学
习
小
店
66
Answer: GDPR - General Data Protection Regulation is a regulation in EU laws that requires businesses to protect the personal data and privacy of
EU citizens for transactions that occur within EU member states.
==============================
Other Choices:
ISO (International Organization for Standardization) - An independent, non-governmental organization that develops standards to ensure the
quality, safety and efficiency of products, services and systems.
NIST (National Institute of Standards and Technology) - A non-regulatory US government agency created to develop cybersecurity standards,
guidelines, best practices, and other resources to meet the needs of U.S. industry, federal agencies and the broader public.
PCI DSS (Payment Card Industry Data Security Standard) - A set of security standards for organizations that handle credit cards from major card
schemes.
upvoted 7 times
grinop 11 months, 1 week ago
淘宝店铺:https://shop63989109.taobao.com/
From what I see Global Data Protection Regulations
is EU but not sure all of Europe
upvoted 1 times
ExamTopicsDiscussor 11 months, 4 weeks ago
GDPR is for Europe.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #23
Which of the following are common VoIP-associated vulnerabilities? (Choose two.)
A. SPIM
B. Vishing
C. Hopping
D. Phishing
E. Credential harvesting
店
F. Tailgating
店
铺
铺
;
Correct Answer: AB
;
学
小
店
66
BE (51%)
Highly Voted
习
小
Community vote distribution
serginljr
学
习
店
AB (31%)
Other
66
1 year ago
Hopping does not exist in exam objectives
upvoted 32 times
NerdAlert 5 months, 3 weeks ago
heads up - vlan hopping one was of the choices on my exam, but credential harvesting was not! IDK which one is correct besides vishing, but
cred harvesting wasnt there.
upvoted 6 times
user82 5 months, 1 week ago
So the only reason "hopping" is not the answer is because it's not in the exam objectives? So I guess it's SPIM and credential harvesting
upvoted 2 times
BlackMamba_4 2 months ago
Spim and vishing
upvoted 6 times
MENAMONGMEN 5 months ago
he just said cred harvesting is NOT on the test.. :(
upvoted 2 times
k9_462
Highly Voted
1 year ago
Selected Answer: BE
after heavy consideration and reading through multiple sec+ books, i m kinda going with B & D. vishing and credential harvesting as being the
most common attacks, as hopping doesnt ever seem to come up in the material.
https://fitsmallbusiness.com/voip-security-threats/
upvoted 27 times
k9_462 1 year ago
although they dont specifically mention VOMIT, a common result of VOMIT would be credntial harvesting.
店
店
铺
铺 calls. VOMIT works by eavesdropping on
"VOMIT, is a;
VoIP hacking technique that extracts confidential data and voice packets directly from;
学 makes it easy to obtain company
phone calls and学
converting phone conversations into files straight from your business phone system. This
习
习
information, including 小
usernames, passwords, bank details, phone numbers, and call origin."
小
店
店
upvoted 12 times
66
66
Abbey2
Most Recent
4 weeks ago
The common VoIP-associated vulnerabilities are:
B. Vishing (Voice Phishing)
E. Credential Harvesting
Explanation:
Vishing (Voice Phishing) (Option B) involves using phone calls to deceive individuals into revealing sensitive information, such as passwords, credit
card numbers, or other personal details. Attackers manipulate victims into trusting the caller's identity and legitimacy.
Credential Harvesting (Option E) involves attempting to steal usernames, passwords, or other credentials from users. In the context of VoIP,
attackers might try to trick users into revealing their authentication information, potentially leading to unauthorized access.
upvoted 1 times
NetTech 4 weeks ago
Selected Answer: AB
淘宝店铺:https://shop63989109.taobao.com/
I'm going with A SPIM and B Vishing. The questions
is asking for "common" vulnerabilities. While RTP packets can be captured and listened to, I
don't think this is a common occurrence so not credential harvesting. Hopping or VLAN hopping can be used to move from the VoIP network over
the data network, but again I feel this would be uncommon.
upvoted 1 times
harakara 4 weeks, 1 day ago
Out of the given options, the common VoIP-associated vulnerabilities are:
A. SPIM
B. Vishing
SPIM is Unsolicited messages sent over VoIP messaging systems. It's similar to email spam but targets VoIP users, especially on instant messaging
platforms.
upvoted 1 times
feroze895 1 month, 1 week ago
I had this exact question on the exam.
upvoted 2 times
店
铺 3 weeks, 4 days ago
mpengly88
;
And did you get学
it correct?
习
upvoted 1 times
小
店
66
emd 1 month, 1 week ago
店
铺
;
学
习
小
店
66
Selected Answer: BE
B. Vishing (Voice phishing) - This involves attackers attempting to manipulate individuals into revealing sensitive information or performing
actions by impersonating a trusted entity over a phone call.
E. Credential harvesting - Attackers can try to gather usernames and passwords through various means, such as intercepting VoIP traffic or tricking
users into revealing their credentials.
upvoted 1 times
emd 1 month, 1 week ago
B. Vishing (Voice phishing) - This involves attackers attempting to manipulate individuals into revealing sensitive information or performing
actions by impersonating a trusted entity over a phone call.
E. Credential harvesting - Attackers can try to gather usernames and passwords through various means, such as intercepting VoIP traffic or tricking
users into revealing their credentials.
upvoted 1 times
RevolutionaryAct 1 month, 2 weeks ago
Selected Answer: AB
Clearly we all know Vishing, and originally I picked credential harvesting, but now I believe that SPIM is correct. I learned something today - you
can text over VoIP
https://simpletexting.com/blog/what-is-voip-texting-and-how-does-it-work/
Phishing is email
Hopping has to do with VLAN
Credential harvesting steals usernames and passwords, though it could be done with social engineering but VoIP is more permissible for SPIM and
Vishing
Tailgating has to do with following someone into a building through a secured doorway
upvoted 6 times
zits88 1 month, 3 weeks ago
It is 100% A & B. While you CAN credential harvest using VoIP, it is not the most precise answer. SPIM is considered a VoIP-based intrusion despite
what a lot of people on here are saying.
upvoted 3 times
店
店
铺
The question asked
most appropriate choices(A and B). Credential
; for vulnerabilities- weaknesses in the tech... SPIM and Vishing appear to be the铺
学a result of vishing and maybe not so much of a weakness when compared to the ;
学 options! just my thoughts.
harvesting could be
chosen
习
习
upvoted 2 times
小
小
店
店
6
66
AmesCB 1 month, 3 weeks ago 6
BigIshai 1 month, 3 weeks ago
is vishing not just a form of credential harvesting?
upvoted 1 times
assfedass nished 1 month, 3 weeks ago
Selected Answer: AB
Some Voip devices allow text to be received.
upvoted 2 times
Nikamy 1 month, 4 weeks ago
Selected Answer: BD
My answer: BD
upvoted 2 times
Protract8593 2 months ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: AB
A. SPIM (Spam over Internet Protocol): SPIM refers to unsolicited spam messages sent over VoIP systems. It is the VoIP equivalent of email spam.
B. Vishing (Voice Phishing): Vishing is a social engineering attack in which attackers use phone calls or VoIP to deceive individuals into providing
sensitive information or performing certain actions.
upvoted 4 times
DriftandLuna 2 months ago
I chose SPIM but then saw that SPIM refers to Spam over Instant Messaging so i don't think it can be SPIM
upvoted 1 times
Protract8593 2 months ago
Selected Answer: BE
店
ChatGPT thought SPIM stood for Spam over Internet Protocol...
铺
;
Correction:
店
铺
;
学
学
习
习
小
小 into providing sensitive
B. Vishing (Voice Phishing): Vishing is a social engineering attack that uses phone calls or VoIP to deceive individuals
店
店
information or performing certain
66 actions.
66
E. Credential harvesting: Credential harvesting can be part of vishing attacks in the context of VoIP. Attackers may attempt to gather sensitive
credentials through VoIP communication.
upvoted 1 times
darkhat 2 months ago
someone said "heads up - vlan hopping one was of the choices on my exam, but credential harvesting was not! IDK which one is correct
besides vishing, but cred harvesting wasnt there." if thats true than i guess we can remove that and focus on other options , what do you
think ?
upvoted 1 times
AmesCB 1 month, 3 weeks ago
thanks! credential harvesting is a broad name and I would think SPIM.
upvoted 1 times
LiteralGod 2 months, 1 week ago
Selected Answer: BE
It's B and E.
Voice Phishing is a vulnerability in VoIP and so is Credential Harvesting although uncommon.
Hopping isn't a vulnerability so this is not the answer.
upvoted 1 times
ApplebeesWaiter1122 3 months ago
Selected Answer: BE
B. Vishing (Voice Phishing)
Vishing is a form of social engineering attack that targets VoIP systems. Attackers use voice communication to deceive individuals into revealing
sensitive information, such as login credentials or personal data, by posing as a legitimate entity.
E. Credential Harvesting
Credential harvesting involves the unauthorized collection of user credentials, such as usernames and passwords. In the context of VoIP, attackers
may attempt to harvest credentials to gain unauthorized access to VoIP systems or services.
upvoted 1 times
店
ApplebeesWaiter1122 3 months ago
铺
店
铺
I know VLAN hopping is a valid choice as well but going with E here. Credential Harvesting, indirectly would be 1.1 in the exam objectives
(Impersonation). From Professor Messer's course notes:
;
学
习
;
学
习
小
小
B. Vishing (Voice Phishing)
店
店 individuals into
Vishing is a form of social engineering
attack that targets VoIP systems. Attackers use voice communication to deceive
66
66
revealing sensitive information, such as login credentials or personal data, by posing as a legitimate entity.
E. Credential Harvesting
Credential harvesting involves the unauthorized collection of user credentials, such as usernames and passwords. In the context of VoIP,
attackers may attempt to harvest credentials to gain unauthorized access to VoIP systems or services.
upvoted 1 times
ApplebeesWaiter1122 3 months ago
Ignore B/E in that comment. Meant to paste:
Eliciting information
• Extracting information from the victim
– The victim doesn’t even realize this is happening
– Hacking the human
• Often seen with vishing (Voice Phishing)
– Can be easier to get this information over the phone
淘宝店铺:https://shop63989109.taobao.com/
• These are well-documented psychological
techniques
– They can’t just ask, “So, what’s your password?”
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #24
Which of the following describes the exploitation of an interactive process to gain access to restricted areas?
A. Persistence
B. Buffer over ow
C. Privilege escalation
D. Pharming
Correct Answer: C
店
店
铺
Community vote distribution
;
学 C (88%)
习
小
店
varun0
铺
;
学
习
12%
小
店
66
Highly Voted
66
1 year ago
Selected Answer: C
exploitation of interactive process is the commandline from where exploits can be run to gain root permissions in a system
upvoted 19 times
Protract8593
Most Recent
2 months ago
Selected Answer: C
Privilege escalation is the process of exploiting a vulnerability or weakness in a system to gain higher-level access or privileges than the user
originally had. It involves elevating one's privileges from a standard or restricted user to an administrative or superuser level. By doing so, an
attacker can gain access to sensitive or restricted areas of the system, perform unauthorized actions, and potentially take control over the entire
system.
Privilege escalation can occur through various means, such as exploiting software vulnerabilities, misconfigurations, or weaknesses in access
controls. It is a critical security concern and is often used as part of sophisticated cyberattacks to gain deeper access to a targeted system or
network.
upvoted 1 times
ApplebeesWaiter1122 3 months ago
Selected Answer: C
Privilege escalation is the process of elevating one's privileges or access level beyond what is initially granted. In the context of security, it
typically refers to gaining higher privileges within a system or application to access restricted areas or perform unauthorized actions.
Exploiting an interactive process refers to taking advantage of a running program or process to manipulate it in a way that grants higher privileges
or access rights. By exploiting vulnerabilities or weaknesses in the interactive process, an attacker can escalate their privileges and gain
unauthorized access to restricted areas of the system.
upvoted 2 times
LeonardSnart 4 months, 2 weeks ago
Selected Answer: C
I thought it was B at first, but after checking the book C seems to be correct.
"There are a couple of ways to achieve privilege escalation. One way is to use existing privileges to perform an action that steals a better set of
credentials. You can obtain “better” credentials by using sniffers to grab credentials or by getting the Windows Security Account Manager (SAM)
or the Linux/Unix etc/passwd file. Another method is by exploiting
vulnerabilities or weaknesses in processes that are running with escalated privileges. Injecting malicious code into these processes can also
achieve escalated privilege."
店
铺
;
学
-All-in-one Comptia Security+
习 SY0-601 by Conklin, White, et al
小
upvoted 1 times
店
6
princajen 6 months, 2 weeks ago 6
店
铺
;
学
习
小
店
66
Selected Answer: C
C. Privilege escalation.
Privilege escalation is the exploitation of an interactive process to gain access to resources that are normally unavailable to an unauthorized user.
This can occur when an attacker gains access to a low-privileged account on a system and then uses that access to escalate privileges to a higher
level, allowing the attacker to perform actions they wouldn't normally be able to do. For example, an attacker might use a privilege escalation
exploit to gain administrative access to a system or to gain access to sensitive data.
upvoted 4 times
DALLASCOWBOYS 7 months, 4 weeks ago
C. Privilege Escalation seeks to increase the level of access that a user normally doesn't have. A restricted access area is an increased level of access.
upvoted 1 times
xxxdolorxxx 8 months ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: C
Priv esc.
upvoted 1 times
NICKJONRIPPER 10 months, 1 week ago
Selected Answer: B
interactive means input, gain restrict area means modify memory that not allowed to the application, this is buffer overflow. No mention to gain
another account(privilege escalation).
upvoted 4 times
Sandon 8 months, 1 week ago
That ain't it
upvoted 4 times
Dutch012 4 months, 2 weeks ago
店
铺
Agree with ya
upvoted 1 times
铺
;
店
;
学
学
习 months, 1 week ago
NICKJONRIPPER 10小
key is gain "area", not gain店
"account"
66
upvoted 3 times
习
小
店
66
FMMIR 10 months, 1 week ago
Selected Answer: C
With Privilege Escalation, hackers can use a NON-INTERACTIVE program (application) to gain access. Privilege escalation happens when a malicious
user exploits a bug, design flaw, or configuration error in an APPLICATION (either a batch program or an interactive program) or OPERATING
SYSTEM utility program to gain elevated access to resources that should normally be unavailable to that user.
upvoted 1 times
comeragh 12 months ago
Selected Answer: C
Agree with C here being the correct answer
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #25
An organization is planning to open other data centers to sustain operations in the event of a natural disaster. Which of the following
considerations would BEST support the organization's resiliency?
A. Geographic dispersal
B. Generator power
C. Fire suppression
D. Facility automation
店
店
铺
Correct Answer: A
铺
;
;
学
Community vote distribution
习
小A (100%)
店
66
varun0
Highly Voted
学
习
小
店
66
1 year ago
Selected Answer: A
Placing that datacenter far away, maybe in another country can help protect against disasters like an earthquake
upvoted 14 times
Gravoc
Highly Voted
1 year ago
At least 90 miles away for natural disaster industry standard guidelines.
upvoted 7 times
Protract8593
Most Recent
2 months ago
Selected Answer: A
Geographic dispersal refers to the practice of establishing data centers or facilities in different geographical locations, often at a considerable
distance from one another. By having data centers located in diverse geographic regions, the organization can increase its resiliency and ensure
continuity of operations even in the face of natural disasters or regional disruptions.
upvoted 2 times
ApplebeesWaiter1122 3 months ago
Selected Answer: A
Geographic dispersal refers to the strategic placement of data centers in different geographical locations. By having data centers spread across
diverse geographic areas, the organization ensures that its operations can continue even if one or more locations are affected by a natural disaster.
If a natural disaster, such as a hurricane, earthquake, or flood, occurs in one region, the organization's other data centers in unaffected areas can
sustain operations and maintain business continuity. Geographic dispersal reduces the risk of a single point of failure and increases the overall
resiliency of the organization's infrastructure.
upvoted 1 times
LeonardSnart 4 months, 2 weeks ago
"Geographic Dispersal The gold standard for system redundancy is to make perfect copies of the same system and spread them apart
geographically, then use the Internet to keep the copies identical. Geographic dispersal protects from natural disasters and widespread Internet
disruption. You can set up your own dispersed servers, but virtualization services make it easy."
-Mike Meyers Security+ Certification Guide Third Edition SY0-601
upvoted 2 times
店
店
铺
铺
DALLASCOWBOYS
; 7 months, 4 weeks ago
;
学
A. Geographic dispersal.
习Placing facilities in areas that are not going to be affected by the same disaster. 学习
小
小
upvoted 2 times
店
店
6
66
kasper13 10 months, 2 weeks ago 6
Selected Answer: A
Away from natural disasters and overheating
upvoted 1 times
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #26
A security engineer is deploying a new wireless network for a company. The company shares o ce space with multiple tenants. Which of the
following should the engineer con gure on the wireless network to ensure that con dential data is not exposed to unauthorized users?
A. EAP
B. TLS
C. HTTPS
D. AES
店
店
铺
Correct Answer: D
铺
;
;
学
Community vote distribution
习
习
小
店
D (50%)
Gravoc
学
66
Highly Voted
小
店
A (49%)
66
1 year ago
EAP has to be incorrect. EAP is an AUTHENTICATION protocol, and authentication does not provide confidentiality. Authentication encompasses
processes that allows systems and networks to determine if a user is who they say they are. That provides integrity, not confidentiality.
Confidentiality ensures that secret information is protected from UNAUTHORIZED disclosure.
The question also ends with "unauthorized users".
HTTPS is just HTTP that uses TLS to encrypt network traffic that is in-transit.
A stated above, TLS encrypts in-transit data.
This question specifically states preventing exposed data to unauthorized users. TLS and HTTPS only encrypt in-transit data. Data-at-rest in a
network is insecure, though.
Only AES meets the criteria of providing confidentiality to both data-at-rest and data-in-transit, preventing unauthorized users from seeing either.
upvoted 82 times
Sir_Learnalot 10 months, 2 weeks ago
For me it is exactly the last phrase you reference here which make me think "A". You want to prevent confidential information from leaking to
"unautorized users", so you should make sure only authorized users have access to your Wireless network. Therefor you should use EAP. I agree
on AES beeing the ovious choise for confidentiality but from the wording of the question I´d go with EAP
upvoted 17 times
hieptran 8 months, 2 weeks ago
AES is not commonly used for data encryption in transit.
Also, the question mentioned, "prevent unauthorized access". AES is only cryptographic and does not provide any authorization to the
network... just keep it simple
upvoted 5 times
MikeM3 5 months, 2 weeks ago
AES (Advanced Encryption Protocol) is a widely used encryption standard that provides strong encryption for dat at rest or in transit it is
considered one of the most secure encryptions algorithms available
upvoted 1 times
CTE_Instructor 7 months ago
店
铺
店
铺
The question prompt is to provide confidentiality from unauthorized users - the question is asking to configure authentication. The truest
answer is configuring EAP-TLS, but unfortunately CompTIA split them into to separate options. I would select EAP among these options
because that is an authentication protocol, and further specify in the actual real-world configuration page to use EAP-TLS, which is
authentication using TLS encryption.
upvoted 1 times
;
;
学
学
习
习
小
店
66
小
店
66
CTE_Instructor 7 months ago
I suppose when considering EAP with no encryption like TLS added, it would not solve the problem of confidentiality, in which case AES
would provide security to the wireless network. It's a bit of a misleading question in all honesty.
upvoted 2 times
Ay_ma
Highly Voted
1 year ago
EAP- Extensible Authentication Protocol (EAP), an authentication framework that provides general guidance for authentication methods. IEEE 802.1x
servers typically use one of these methods to increase the level of security during the authentication process
TLS- Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are encryption protocols that have been commonly used to encrypt data-intransit. For example, it is common to encrypt HTTPS with either SSL or TLS to ensure confidentiality of data transmitted over the Internet. They can
also be used to encrypt other transmissions such as File Transfer Protocol Secure (FTPS). However, TLS is now a replacement for SSL as SSL is
deprecated and shouldn't be used.
AES- Advanced Encryption Standard. A strong symmetric block cipher that encrypts data in 128-bit blocks. AES can use key sizes of 128 bits, 192
淘宝店铺:https://shop63989109.taobao.com/
bits, or 256 bits.
HTTPS- Hypertext Transfer Protocol Secure. A protocol used to encrypt HTTP traffic. HTTPS encrypts traffic with TLS using TCP port 443.
Definitions are from Gibson Darril's Study. Guide
upvoted 25 times
radagon
1 week ago
Most Recent
this question is so vague...
upvoted 1 times
32d799a 1 week, 3 days ago
Selected Answer: D
The issue is about confidentiality, so we need deploy an algorithm encryption. The answer is D - AES.
upvoted 1 times
店
铺
店
铺
;
; used to verify the identity of users or
Answer is D AES is 学
an encryption standard used to protect data, while EAP is an authentication framework 学
devices.
习
习
小
小
upvoted 1 times
店
店
66
66
excelchips11 1 week, 5 days ago
RevolutionaryAct 2 weeks, 5 days ago
Selected Answer: D
The question asks about AUTHORIZATION not AUTHENTICATION!!
Extensible Authentication Protocol = AUTHENTICATION
"Confidentiality refers to ensure that information is not accessed by unauthorized people [...] AES algorithm has been implemented for this
purpose."
https://development.libelium.com/security-programming-guide/confidentiality-privacy
Ergo, it is AES.
upvoted 1 times
_Vic_ 1 month ago
Selected Answer: A
When a security engineer deploys a new wireless network for a company, what should be configured on the wireless network to ensure that
confidential data is not exposed to unauthorized users the correct option A is the correct answer
To ensure that confidential data is not exposed to unauthorized users, the security engineer should configure EAP (Extensible Authentication
Protocol) on the wireless network. EAP is a wireless authentication framework that is commonly utilized in wireless networks.
EAP is utilized to secure wireless networks from unauthorized access by providing mutual authentication between the client and the network.
Thus, when a security engineer deploys a new wireless network for a company, the company shares office space with multiple tenants. The
engineer should configure EAP on the wireless network to ensure that confidential data is not exposed to unauthorized users.
upvoted 1 times
Dark_Tarantula 1 month, 1 week ago
Selected Answer: A
EAP (Extensible Authentication Protocol): EAP is an authentication framework that provides a method for secure communication between the
wireless client and the access point. It allows for various authentication methods to be used, including more secure ones that prevent
unauthorized users from gaining access to the network
upvoted 1 times
sarah2023 1 month, 1 week ago
Selected Answer: A
A) EAP
upvoted 1 times
店
店
铺
铺
;
学
RevolutionaryAct 1 month, 2 weeks ago
习
Selected Answer: D
小
店
66
;
学
习
小
店
66
The key phrase is "confidential data is not exposed" - it does not have anything to do with integrity or authentication in the CIA triangle.
AES is what you use in WPA2 when you're setting up the WiFi as it has to do with the physical and data link layers. WPA2 is defined in IEEE 802.11
extension with letter i and it uses layer 2, which comes before the others which fall under the other answer choices.
EAP = although extensible authentication protocol is layer 2, it not going to keep it confidential as it has to do with authentication
TLS = transport layer security, which is OSI layer 4, and since you're setting up for physical protection this wouldn't be appropriate
HTTPS = web protocol using SSL / TLS , though it's layer 7 you'd still need to set the physical and data link protections up first
upvoted 2 times
Abdul2107 1 month, 3 weeks ago
Selected Answer: A
A. EAP.
without authenticating, how can you ensure only authorized have access to it?
upvoted 1 times
churchdown 1 month, 2 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Your comment also applies to D. AES "Without encrypting, how can you ensure only unauthorised have access to it?"
upvoted 1 times
Abdul2107 4 weeks ago
well, the AES (Wi-Fi password) can be shared with them, and they can access it, however, it's harder for a user to share their credentials with
them.
upvoted 1 times
Rider2053 1 month, 3 weeks ago
AES - D is the correct answer
upvoted 2 times
Nikamy 1 month, 4 weeks ago
Selected Answer: A
店
店
铺
铺
My answer is A, EAP.
upvoted 1 times
;
;
学
学
习
darkhat 2 months ago
习
小
小
店
店
EAP is an authentication framework,
not an encryption mechanism. It is used to facilitate the secure exchange of authentication
6
66 itcredentials
between the client device and the 6
authentication server, ensuring that only authorized users can access the network. However,
does not address
the encryption of data transmitted over the network.
upvoted 1 times
Abdulaa 2 months ago
AES (Advanced Encryption Standard) is an encryption algorithm used to secure data in transit or at rest. While it is important to use strong
encryption such as AES to protect the confidentiality of data transmitted over a wireless network, it does not provide a mechanism for
authenticating users attempting to connect to the network. EAP, on the other hand, is specifically designed to provide secure authentication for
wireless networks. By using EAP, the security engineer can ensure that only authorized users are able to access the wireless network and the
confidential data it contains. Is there anything else you would like to know?
upvoted 1 times
Protract8593 2 months ago
Selected Answer: D
AES is a widely used encryption algorithm that provides strong data encryption to protect the confidentiality of data transmitted over the wireless
network. It is a symmetric encryption algorithm, meaning the same key is used for both encryption and decryption. When AES is enabled, data
transmitted between devices on the wireless network is encrypted, making it difficult for unauthorized users to intercept and decipher the data.
upvoted 3 times
Protract8593 2 months ago
According to CompTIA, the correct answer is:
A. EAP (Extensible Authentication Protocol).
As per CompTIA, EAP (Extensible Authentication Protocol) is the protocol used for secure authentication in wireless networks. It allows for
various authentication methods, providing a framework for secure identification and validation of users before granting access to the network
resources.
D. AES (Advanced Encryption Standard) is a strong encryption algorithm used to encrypt data transmitted over the wireless network. While
important for data protection, it is not directly related to authentication or preventing unauthorized access to the network.
Therefore, in the context of CompTIA, the answer to ensure that confidential data is not exposed to unauthorized users on the wireless network
is A. EAP (Extensible Authentication Protocol).
upvoted 1 times
LiteralGod 2 months, 1 week ago
店
铺 as this is a Authentication Protocol for wireless networks.
The answer is EAP
;
学
upvoted 1 times
习
小
店
66
Selected Answer: A
店
铺
;
学
习
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #27
The Chief Compliance O cer from a bank has approved a background check policy for all new hires. Which of the following is the policy MOST
likely protecting against?
A. Preventing any current employees' siblings from working at the bank to prevent nepotism
B. Hiring an employee who has been convicted of theft to adhere to industry compliance
C. Filtering applicants who have added false information to resumes so they appear better quali ed
D. Ensuring no new hires have worked at other banks that may be trying to steal customer information
店
店
铺
Correct Answer: C
铺
;
;
学
Community vote distribution
习
学
习
小
B (94%)
店
66
YusufMadkour
Highly Voted
小
店
6%
66
1 year ago
Selected Answer: B
B
Source: https://www.pcicomplianceguide.org/what-does-the-pci-dss-say-about-employee-background-checks/
PCI DSS requires background checks for employees handling credit card holder data.
upvoted 22 times
inkedia3
Highly Voted
1 year ago
It think the wording is a problem if you guys are considering B. Background checks is to identify falsification and misrepresentation. Answer is C
upvoted 18 times
Renfri 9 months, 3 weeks ago
You think the compliance officer wants to go through the trouble of doing a background check just so they can verify your experience? Lol
upvoted 8 times
rhocale 9 months, 2 weeks ago
speaking from experience a background check does not verify anything on a resume.
upvoted 9 times
z3phyr 5 months, 3 weeks ago
The answer is clearly B. We are talking about a Compliance Officer here. He wants to ensure new hires comply with the current hiring policy.
upvoted 1 times
z3phyr 5 months, 3 weeks ago
Not to mention this is a bank. No person with a criminal history would EVER be allowed to work at a bank.
upvoted 4 times
Blake89 6 months, 2 weeks ago
You and the 15 others liking this comment are either trolls or should highly consider pursuing another certification.
upvoted 10 times
店
RevolutionaryAct
铺
;
Most Recent
2 weeks, 5 days ago
店
铺
;
学
学 most sense because it covers B
C (Filtering applicants 习
who have added false information to resumes so they appear better qualified) makes the
习
小
小 you were during that time).
(failure to disclose convictions, and thus if you were convicted of theft you'd be in prison and have to lie about where
店
店
upvoted 1 times
66
66
Selected Answer: C
algiggio90 3 weeks, 3 days ago
Selected Answer: C
is true
upvoted 1 times
algiggio90 3 weeks, 3 days ago
Selected Answer: C
is True
upvoted 1 times
AmesCB 1 month, 3 weeks ago
Maybe it is a bit too much but the question is about new hires, not applicants, so the solution should not be for applicants no?
upvoted 1 times
Protract8593 2 months ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: B
The background check policy is designed to screen potential new hires for any criminal history, including convictions for theft or other crimes.
This policy helps the bank adhere to industry compliance and regulatory requirements by ensuring that employees with certain criminal
backgrounds are not hired for positions that may pose a risk to the organization or its customers.
upvoted 1 times
frejus 2 months, 2 weeks ago
Answer is B, Here is why
From the official book of Comptia S+ "A background check determines that a person is who they say they are and are
not concealing criminal activity, bankruptcy, or connections that would make them
unsuitable or risky. Employees working in high confidentiality environments or with
access to high value transactions will obviously need to be subjected to a greater
degree of scrutiny. For some jobs, especially federal jobs requiring a security clearance,
background checks are mandatory. Some background checks are performed internally,
whereas others are done by an external third party".
upvoted 2 times
店
铺
;
店
铺
;
学
学
ApplebeesWaiter1122
习3 months ago
习
小
小
Selected Answer: B
店
店
6
66 including any
By implementing a background check
6 policy, the bank ensures that potential employees' backgrounds are thoroughly reviewed,
criminal records. This helps to identify individuals who may have been convicted of theft or other relevant crimes, thus ensuring compliance with
industry regulations and standards.
upvoted 3 times
Confuzed 5 months, 2 weeks ago
Selected Answer: B
The key clue in this question is who ordered the background checks. The Chief COMPLIANCE Officer wouldn't care about people padding resumes
or nepotism. They are only concerned with regulations compliance (PCI DSS at a bank). Therefore B is the right answer.
upvoted 2 times
dagsrevy1 5 months, 3 weeks ago
Selected Answer: B
Tempting to go for A... but B
upvoted 2 times
tutita 5 months, 3 weeks ago
has to be B, C says "filtering applicants, they already hired these poeple are not longer applicants.
upvoted 1 times
gladtam 6 months ago
I’m confused. They are already hired. Can’t be B
upvoted 1 times
RethabileT 7 months ago
Well which answer appears in the exam?
upvoted 1 times
DALLASCOWBOYS 7 months, 4 weeks ago
B. In the banking industry, theft is a major concern. Being convicted of theft is an automatic red flag, and denial of employment.
upvoted 5 times
Zonas 8 months ago
Correct Answer is B
upvoted 3 times
店
店
铺
铺
emma234 8 months,
; 1 week ago
;
学
学
background check dose
习not check your resume but it check your criminal records, drugs test, etc
习
小 my resume can be true but working in a bank. but criminal history
小
I can be qualified for the job
店
店
upvoted 2 times
66
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #28
An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should
be disabled.
Which of the following can be used to accomplish this task?
A. Application allow list
B. SWG
C. Host-based rewall
D. VPN
店
店
铺
Correct Answer: B
铺
;
;
学
学
习
Community vote distribution
小
店
66
C (68%)
YusufMadkour
习
小
Highly Voted
店
B (31%)
66
1 year ago
Selected Answer: C
Not A or D.
Was not sure whether it should be B or C until I read the definition of SWGs in the official guide from CompTIA.
"An on-premises SWG is a proxy-based firewall, content filter, and intrusion detection/prevention system that mediates user access to Internet
sites and services"
upvoted 24 times
RevolutionaryAct 2 weeks, 5 days ago
Except these servers are not on-premises they are all on the cloud, meaning they are IaaS and virtualized, and thus there are not hosts to base
these firewalls on.
Secure Web Gateway works on OSI Layer 4, which blocks ports
https://www.ibm.com/products/securegateway#:~:text=The%20Secure%20Gateway%20service%20represents,server%2Dside%20and%20mutual%20authentication.
upvoted 1 times
NICKJONRIPPER 10 months, 1 week ago
So must be B, same result, but you can not configure 100 host-based firewall as C
upvoted 3 times
shitgod 9 months ago
Why not? It's so common and easy with cloud orchestration tools.
upvoted 3 times
Mondicles
Highly Voted
1 year ago
Selected Answer: C
This one asks which one is used for port blocking in WEB SERVERS.
SWG is primarily used to protect USERS from accessing or being infected by web threats.
I'll go with firewalls to explicitly allow 443.
upvoted 20 times
店
店
铺
铺
Cisco103 Most
;Recent 2 weeks, 2 days ago
;
学
学
Selected Answer: C
习
习
小
小gateway (SWG). As well as
according to offical guide "Content filters are now usually implemented as a class of product called a secure web
店
店access security brokers
filtering, a SWG performs threat analysis
66 and often integrates the functionality of data loss prevention (DLP) and cloud
66
(CASB) to protect against the full range of unauthorized egress threats, including malware command and control and data exfiltration"
upvoted 1 times
RevolutionaryAct 2 weeks, 5 days ago
Selected Answer: B
THERE ARE NO HOSTS to put firewalls on since all 100 web servers are hosted on the cloud! (Well, aside from the hypervisor) Servers are not onpremises they are all on the cloud, meaning they are IaaS and virtualized, and thus host based firewalls is wrong.
Secure Web Gateway works on OSI Layer 4, which blocks ports
https://www.ibm.com/products/securegateway#:~:text=The%20Secure%20Gateway%20service%20represents,server%2Dside%20and%20mutual%20authentication.
upvoted 2 times
Cumdumptia 1 month ago
Answer is C
淘宝店铺:https://shop63989109.taobao.com/
upvoted 1 times
sujon_london 1 month, 2 weeks ago
It SWG
upvoted 1 times
BigIshai 1 month, 3 weeks ago
I would go with B (SWG) based on two things. 1. we have the servers deployed in the cloud and 2. SWGs enable companies to:
- Block access to inappropriate websites or content based on acceptable use policies
- Enforce their security policies to make internet access safer
- Help protect data against unauthorized transfer. (source:https://www.paloaltonetworks.com/cyberpedia/what-is-secure-web-gateway)
upvoted 2 times
Protract8593 2 months ago
Selected Answer: C
店
店
A host-based firewall is a software-based firewall that runs on individual servers or systems. It allows administrators to control the incoming and
outgoing network traffic on a specific host, providing an additional layer of security to protect the server from unauthorized access.
铺
铺
;
;
学
学
习
习
By configuring the host-based firewall on each of the 100 web servers to block all web-server ports except port 443, the engineer can ensure that
only traffic on port 443 (HTTPS) is allowed, while all other incoming traffic to other web-server ports is blocked.
upvoted 3 times
小
店
66
小
店
66
imuetic 2 months, 2 weeks ago
Remember that the 100 web servers were deployed in a cloud environment. Host Based Firewalls are only installed on physical systems. I would
go with B..(SWG) because SWG is cloud based and that is where the web servers are located.
upvoted 3 times
BlackSpider 3 days, 7 hours ago
That's not true. All VMs deployed in the cloud have FWs that can be configured individually or by using Network Security Group (On Azure)
which you can apply to 100 servers like you apply a group policy.
upvoted 1 times
ApplebeesWaiter1122 3 months ago
Selected Answer: C
A host-based firewall is a software-based firewall that is installed and configured on individual servers or hosts. It allows administrators to control
incoming and outgoing network traffic on a specific server, including the ability to block or allow specific ports.
In this scenario, the engineer can configure the host-based firewall on each of the 100 web servers to block all incoming connections on ports
other than port 443. By doing so, only traffic on port 443 (typically used for HTTPS) will be allowed, effectively disabling all other web-server
ports.
In Dion's course he talks about this scenario in one of his videos.
I think a NGFW would be a better option
upvoted 5 times
Essi 4 months ago
C. Host-based firewall Most Voted
In this case, the best choice would be to use a host-based firewall. Firewalls can control inbound and outbound network traffic based on
predetermined security rules. By configuring a host-based firewall on each server, you can block all ports except for 443, which is typically used
for HTTPS, a secure web protocol.
A Secure Web Gateway (SWG, Option B) would provide protection against online security threats by enforcing company security policies and
filtering malicious internet traffic, but it would not be the best tool to block specific ports on a server.
upvoted 1 times
店
店
铺
铺 you added. SWG allows you to configure the
Since it is host-based
; you would have to configure the rules on all 100 webservers and for every host
;
学level
学
rules at the network
习
习
upvoted 2 times
小
小
店
店
6
66
6
Mroljrtnrty 5 months ago
DRvisin 4 months, 2 weeks ago
Just Passed! 787! 4/23/23 - This question was on the test. Host based firewall
upvoted 13 times
usernamesunknown 5 months ago
Congratulations! Hopefully i'll be ready to take my exam in the next 2 weeks :)
upvoted 2 times
mosher21 5 months, 1 week ago
Selected Answer: C
Host based firewalls with a centralized management tool.
upvoted 2 times
staoic 5 months, 1 week ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: C
A SWG (often pronounced “swig”) is designed to block access to or from malicious websites and links. It enforces granular use policies and stops
threats from accessing web applications by acting as a security gateway, and it does so by filtering web and internet traffic at the application level.
upvoted 1 times
lili00 5 months, 1 week ago
A host-based firewall is a software application that runs on each individual host and controls the incoming and outgoing network traffic based on
a set of rules. A host-based firewall can be used to block or allow specific ports, protocols, IP addresses, or applications.
An engineer can use a host-based firewall to accomplish the task of disabling all web-server ports except 443 on a group of 100 web servers in a
cloud environment. The engineer can configure the firewall rules on each web server to allow only HTTPS traffic on port 443 and deny any other
traffic. Alternatively, the engineer can use a centralized management tool to deploy and enforce the firewall rules across all web servers.
upvoted 1 times
BevMe 5 months, 1 week ago
店
店
铺
SGWs are not the most effective way to disable web-server ports. I go with the host-based FW. 铺
;
;
upvoted 1 times
学
学
习
习
小
小
店
店
66
66
Selected Answer: C
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #29
A technician was dispatched to complete repairs on a server in a data center. While locating the server, the technician entered a restricted area
without authorization. Which of the following security controls would BEST prevent this in the future?
A. Use appropriate signage to mark all areas.
B. Utilize cameras monitored by guards.
C. Implement access control vestibules.
D. Enforce escorts to monitor all visitors.
店
店
铺
Correct Answer: B
铺
;
;
学
Community vote distribution
习
C (71%)
Mamun1
Highly Voted
学
习
小
店
66
小
店
D (27%)
66
1 year ago
Selected Answer: C
How would the guard know every individual and their access rights?
The access control vestibule (AKA Mantrap) seems to be more appropriate to me.
upvoted 21 times
rhocale 9 months, 2 weeks ago
it wouldnt stop them just inform them
upvoted 1 times
guestionme
Most Recent
3 weeks, 3 days ago
No clue what the correct answer is but I'll go with "Implement access control vestibules." It's probably the closest to what CompTIA is thinking:
"access control"
upvoted 1 times
Lildj4sho 1 month, 1 week ago
Selected Answer: C
Honestly our perspective,D is the right answer believe me I know I work in IT and based on certain projects to go in the Data Center/Classified
Comm room visitors need to sign a sheet and be escorted sometimes set appointment to even get escorted. CompTIA is tricky so we need to go
base on what they think and honestly just an escort I highly doubt Comptia would have that as there answer I’ll go with C
upvoted 2 times
HCM1985 3 weeks, 5 days ago
I actuallt went right ahead with letter D for the same reason
upvoted 1 times
Kraken84 1 month, 2 weeks ago
He is not a visitor he is a technician who did not have access...."Access" >'keyword'<
upvoted 1 times
RevolutionaryAct 1 month, 2 weeks ago
You could make an argument for either
Implement access control vestibules OR
Enforce escorts to monitor all visitors
店
铺
;
学 "prevent" such a thing from recurring. Bad question.
But no way would cameras
习
upvoted 1 times
小
店
66 ago
assfedass nished 1 month, 3 weeks
店
铺
;
学
习
小
店
66
Selected Answer: D
Definitely not B
We have visitor badges that state escort required for just such a scenario. The AC Vestibule would not control un/authorized access to the DC
unless we're supposed to assume that directly following the AC Vestibule is the DC.
upvoted 1 times
DriftandLuna 2 months ago
Selected Answer: D
I chose escort as it mentions the tech is already in the DC. In my experience a mantrap is usually located near the entrance, the question seems to
suggest he is already in the DC and walking around.
It's a poorly worded question IMO though. When they talk about an area are they referring to say a few rows where racks are in a DC or are the
talking about a room? If its a room then mantrap, if its the fortmer then escort.
upvoted 4 times
淘宝店铺:https://shop63989109.taobao.com/
LO353 5 days, 23 hours ago
confusing because after the mantraps engineer can access anywhere
upvoted 1 times
darkhat 2 months ago
honestly, i am confused, whats the correct answer according to comptia guys ?
upvoted 2 times
BonCheshire 2 weeks, 1 day ago
go ask them
upvoted 2 times
Odisman1 2 months ago
A is the correct answer
upvoted 2 times
店
店
铺
铺
Protract8593;
2 months ago
;
学
学
Selected Answer: C
习
习
小also known as a mantrap, is a physical security measure that creates an intermediate
小
An access control vestibule,
space between two secure areas. It
店
店 a person must pass
typically consists of a small enclosed
area with two or more interlocking doors. To gain access to the second secure area,
6
66 person can enter the
6 and locks before the second door opens. This helps ensure that only one authorized
through the first door, which then closes
restricted area at a time, preventing unauthorized access and tailgating.
upvoted 3 times
LiteralGod 2 months, 1 week ago
Selected Answer: D
I know from experience that an escort is common place when directing engineers to the correct equipment in datacentres.
A mantrap would be fine for access into the front of the data centre where there are manned security but this would not work for every area within
the data centre. It can be done but it basically isn't done.
upvoted 3 times
101martin101 4 months, 1 week ago
Selected Answer: C
guard plus mantrap equals results
upvoted 4 times
Kaps443 4 months, 3 weeks ago
Definitely, C is correct. Read books from Comptia don't think practically think about how the book teaches you to address these types of attacks.
upvoted 2 times
MayHa 5 months ago
To prevent the technician to search for the server (as it says "While locating the server, the technician entered a restricted area"), it would be best
to escort the technician to the server
upvoted 2 times
mosher21 5 months, 1 week ago
Selected Answer: D
Definitely D. Imagine a malicious repairman walked into the server room after passing thru a mantrap with no escorts. He can tamper with other
servers/network devices if there is no one to oversee his actions. So the BEST option is to have some escorts with him.
upvoted 2 times
Confuzed 5 months, 2 weeks ago
Selected Answer: D
店
店
While a man trap will keep vendors out of a restricted area... it is not the BEST answer. Your entire datacenter should be a restricted area (perhaps
with some areas more restrictive than others). The ONLY way a third party should be on the floor of your datacenter is with an escort.
铺
铺
;
;
学
学
习
习
That said, the CompTIA study guide doesn't really go into escorts as a security measure. But they do say:
Physical security can be thought of in terms of zones. Each zone should be separated by its own barrier(s). Entry and exit points through the
barriers need to be controlled by one or more security mechanisms. Progression through each zone should be progressively more restricted.
小
店
66
小
店
66
So I suspect they would argue that if you have different zones with different restrictions, there should be a physical separation between them. But
if I see this question on my test, I will probably answer D in protest.
upvoted 4 times
ApplebeesWaiter1122 3 months ago
Professor Messer talks about escorts in one of his videos
upvoted 1 times
[Removed] 6 months, 2 weeks ago
No matter how impractical, the BEST to prevent this is D.
upvoted 1 times
z3phyr 5 months, 3 weeks ago
D cannot be the best because it is completely impractical.
淘宝店铺:https://shop63989109.taobao.com/
upvoted 1 times
Confuzed 5 months, 2 weeks ago
How so. EVERY data center I have ever been in had an escort policy. If you were not cleared/approved to be on the floor, you had to be
escorted at all times.
Of course, every datacenter I have ever been in also considers the entire datacenter a restricted area. You don't want people just walking
around in there free to do whatever they want.
upvoted 3 times
ApplebeesWaiter1122 3 months ago
We had HVAC guys come in one time to do repairs. We had to take turns escorting them around to make sure they weren't going into
places they weren't suppose to be. This was after the Mantrap.
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #30
Which of the following would BEST provide a systems administrator with the ability to more e ciently identify systems and manage
permissions and policies based on location, role, and service level?
A. Standard naming conventions
B. Domain services
C. Baseline con gurations
D. Diagrams
店
店
铺
Correct Answer: B
铺
;
;
学
Community vote distribution
习
Highly Voted
习
小
店
A (62%)
yoloson
学
66
小
店
B (38%)
66
1 year ago
Selected Answer: A
Quoting from the official guide below.
A standard naming convention for hardware assets, and for digital assets such as accounts and virtual machines, makes the environment more
consistent. This means that errors are easier to spot and that it is easier to automate through scripting. The naming strategy should allow
administrators to identify the type and function of any particular resource or location at any point in the CMDB or network directory. Each label
should conform to rules for host and DNS names.
upvoted 32 times
Dutch012 5 months, 1 week ago
But it does not manage "permissions and policies", I choose B.
upvoted 3 times
Jacob75 4 months, 4 weeks ago
It is only asking what provides the admin with the ability to more efficiently identify systems and manage permissions and policies. Not
asking what is actually doing the managing. A is correct
upvoted 7 times
Kraken84 1 month, 2 weeks ago
Keywords! 'identify'
upvoted 4 times
rodwave
10 months, 2 weeks ago
Highly Voted
Selected Answer: A
Answer: Standard naming conventions
These are naming frameworks used for naming hardware assets, and for digital assets such as accounts and virtual machines in a consistent way.
The naming strategy should allow administrators to identify the type and function of any particular resource or location at any point.
=============================
Helpful Info:
Domain Services - Services that stores centralized directory information and lets users and domains communicate. When a user attempts to
connect to a device or resource on a network, this service provides login authentication, verifying the user's login credentials and access
permissions.
店
店
铺
铺
Baseline configuration - A documented set of specifications for an information system, or a configuration item within a system, that has been
formally reviewed and agreed on at a given point in time, and which can be changed only through change control procedures.
upvoted 13 times
;
;
学
学
习
习
小
RevolutionaryAct
店
662 weeks, 5 days ago
Most Recent
Selected Answer: B
小
店
66
Absolutely Domain Services, everything is here:
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview
Definitely NOT naming conventions as that does not include locations, roles, permissions, policies.
upvoted 2 times
MO233 3 weeks, 3 days ago
Am systems admin and i literally use AD(Domain services) to do all of these things.
upvoted 5 times
je123 1 month, 1 week ago
Selected Answer: A
A over B as without A, having B won't be as effective. This is a tough question imo.
淘宝店铺:https://shop63989109.taobao.com/
upvoted 1 times
sujon_london 1 month, 2 weeks ago
Under Active Directory (AD) in a Windows environment, provide centralized management and organization of network resources, including
computers, users, and groups. It allows for efficient identification and grouping of systems based on various attributes, such as location, role, and
service level. With domain services, systems administrators can implement standardized naming conventions, manage permissions and access
control. Therefore B
upvoted 1 times
Nikamy 1 month, 4 weeks ago
Selected Answer: B
Domain Services
upvoted 1 times
Protract8593 2 months ago
店
店
铺
Domain services,
management and organization of network
;specifically Active Directory (AD) in a Windows environment, provide centralized铺
学computers, users, and groups. It allows for efficient identification and grouping of;systems
学 based on various attributes, such
resources, including
习
习
as location, role, and service
小level.
小
店
店
66
66access control through
With domain services, systems administrators
can implement standardized naming conventions, manage permissions and
Selected Answer: B
group policies, and assign users to specific groups based on their roles and responsibilities. This centralized management makes it easier to apply
consistent configurations, policies, and permissions to different sets of users and systems, streamlining the administration process.
upvoted 4 times
Protract8593 2 months ago
Why A is incorrect per ChatGPT:
A. Standard naming conventions: While standard naming conventions can assist in identifying systems, they may not be as effective as domain
services for managing permissions and policies based on attributes like location, role, and service level.
upvoted 2 times
ApplebeesWaiter1122 3 months ago
Selected Answer: A
A.... No, B.... It is A. I think....
standard naming conventions, can also provide a systems administrator with the ability to more efficiently identify systems and manage
permissions and policies based on location, role, and service level.
By implementing standard naming conventions for systems, users, and groups, administrators can establish a consistent and structured naming
scheme that reflects the location, role, or service level of each resource. This allows for easier identification and categorization of resources within
the network.
With standardized naming conventions in place, administrators can quickly identify systems based on their names and apply permissions and
policies accordingly. They can easily differentiate systems based on their location, department, function, or any other relevant criteria.
upvoted 1 times
Dan_26 4 months ago
I'm a support engineer at a large MSP. It's domain services such as Azure Active Directory and Active Directory, NOT 'naming conventions', which
are useful and good, but they're mostly used to identify device quickly. Your laptops might all start with 'LAP', ie, 'LAP-C-2345' and your Domain
Controllers 'DC-01, DC-02, DC03' etc. A switch might be 'SW-C-01' or SW-SOUTH-04--1'. They're for easy identification for remote access mostly,
so you don't spend hours working on the wrong device.
upvoted 3 times
JAMBER 4 months, 1 week ago
Selected Answer: B
店
...and manage permissions and policies... that part has me leaning towards "B"
upvoted 1 times
铺
;
学
习
fouserd 4 months, 4 weeks ago
小
店
店
铺
;
学
习
小
店
6
6 is B. Domain services. Domain services, such as Microsoft Active Directory, provide6centralized
6
According to chat GPT - "The answer
authentication
Selected Answer: B
and authorization for resources within a network. They allow systems administrators to efficiently manage permissions and policies based on
location, role, and service level by creating groups and applying permissions to those groups. With domain services, administrators can easily add
or remove users and computers, and can apply policies and configurations at a domain or OU (Organizational Unit) level. Standard naming
conventions, baseline configurations, and diagrams are important tools for network management, but they do not provide the same level of
centralized authentication and authorization capabilities as domain services."
upvoted 3 times
mosher21 5 months, 1 week ago
Selected Answer: B
With windows active directory domain services, you can have a centralized control over objects and grant permissions and rights.
upvoted 1 times
staoic 5 months, 1 week ago
Selected Answer: B
淘宝店铺:https://shop63989109.taobao.com/
Domain services manages global policy object (GPOs),
manage user/group permissions, server roles, sites, organization units (OU) and a lot more. I
will go with B: Domain services.
upvoted 1 times
Confuzed 5 months, 2 weeks ago
Selected Answer: B
Standard naming convention helps to more efficiently identify systems, but does not allow them to more efficiently mange permissions and
policies... at least not more efficiently than using a directory.
I could manage an AD domain, or a Redhat Directory Services Domain with 100,000 computers with no naming convention and still efficiently
manage permissions and policies. I could likely even identify systems faster using the directory than having a bunch of neatly named machines but
no directory.
upvoted 2 times
TheGuitarMan_61 5 months, 2 weeks ago
A) Page 337 COMPTIA guide States the naming conventions as a standard.
upvoted 2 times
店
铺
;
店
铺
;
学 weeks ago
darklion 5 months, 2 习
小
Selected Answer: B
店
学
习
小
店
66
66
The best option among the given choices to efficiently identify systems and manage permissions and policies based on location, role, and service
level is B. Domain services.
Domain services provide a centralized way of managing network resources, including user and computer accounts, permissions, and policies. By
creating a domain, a systems administrator can define a common set of policies and permissions that can be applied across all systems and users
within the domain, regardless of their location or role. Domain services also enable the use of group policies, which can be used to enforce
security settings, software deployments, and other configurations across all systems and users within the domain.
Standard naming conventions and diagrams can be helpful in identifying systems and understanding their relationships, but they do not provide a
way to manage permissions and policies based on location, role, and service level. Baseline configurations can be used to standardize system
settings and configurations, but they do not provide a way to manage permissions and policies.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #31
Which of the following would detect intrusions at the perimeter of an airport?
A. Signage
B. Fencing
C. Motion sensors
D. Lighting
E. Bollards
店
铺
Correct Answer: E
店
铺
;
;
学
学
习
Community vote distribution
习
小
C (93%)
店
66
ender1701
Highly Voted
小
店
3%
66
1 year ago
Selected Answer: C
Seriously, how does Bollards get identified as the correct answer on this site? It doesn't detect, it deters. It's a post.
upvoted 39 times
4342421222 11 months, 3 weeks ago
Right, but the first rule of security is physical. That's why it's correct. You would detect a vehicle driving up to a Bollard. Motion Senors are
similar to IDS's. Important, but physical is the more important part of the question.
upvoted 3 times
creativenickname 11 months, 3 weeks ago
But the question is "Which of the following would detect intrusions at the perimeter of an airport?". It's asking what object would detect.
Bollards can't detect anything, they're a cement or metal rod in the ground.
upvoted 9 times
Nokia6681 11 months, 3 weeks ago
Bollards are preventive, and Motion sensors are detection. Que says "detect".
upvoted 12 times
BlackMamba_4 2 months ago
They have to mark the incorrect answer to avoid CompTIA cease and desist
upvoted 4 times
Pharaoh301 7 months, 1 week ago
If you hit a bollard, it would definitely be detected.
upvoted 10 times
lili00 5 months ago
=)))) haha
upvoted 2 times
Sklark 11 months, 1 week ago
店
店
Hahaha your response is priceless! "Oh no! We must be very stealthy. We wouldn't want the bollards to see us!!"
upvoted 11 times
铺
铺
;
;
学
学
习9 months, 2 weeks ago
习
小
小 .
who reviews these questions 店
and answers . Bollards seriously .. its difficult to study when 60% of the answers are wrong
店
6
66
6
upvoted 18 times
m33lz
Highly Voted
Confuzed 5 months, 2 weeks ago
Not at all. None of us KNOW what the right answer is according to CompTIA, they don't tell you which questions you get right or wrong. That's
why there are discussions.
Most likely the wrong answers are identified by the first vote, or perhaps by the person who provided the question. Or as some speculate, they
are wrong on purpose so that CompTIA can't say that this site is providing all the correct answers to their actual exam questions.
Personally, I would rather they left the "correct answer" off altogether and just let our votes dictate the "right" answer. I find that I research the
answers myself if the community seems split, thus I learn more.
upvoted 7 times
BlackSpider
Selected Answer: C
Most Recent
3 days, 7 hours ago
C. Motion sensors - These devices actively detect淘宝店铺:https://shop63989109.taobao.com/
movement. They are designed to pick up on unauthorized movements or intrusions and can
trigger alarms when such movements are detected, making them a prime choice for detecting intrusions.
upvoted 1 times
RevolutionaryAct 1 month, 2 weeks ago
Selected Answer: E
Unpopular opinion but there is evidence that bollards do in fact detect motion:
https://www.manchester.gov.uk/info/500283/road_and_pavement_problems/560/bollards/5
Using the bollards and number plate recognition
Using the bollard system
The bollard system has a traffic light situated in the driver's line of sight.
You must wait for the signal to give you a green light. You can then move safely through the automatic bollards.
You must never try to access the system if the traffic indicator column is showing a red light. The bollards have safety loops which detect when a
vehicle is over the bollard system and so will not rise under a vehicle.
店
店
铺
铺
;
;
There is no intercom
学at the bollard system and so the bollards cannot be lowered by request.
学
习
习
小
小 personal details for a
You will not be able to access店
an area secured with automatic bollards if you have not pre-registered your vehicle and
店
permit.
66
66
upvoted 2 times
TreeeSon 1 week, 5 days ago
I disagree because it just mentions detection. It doesn't specify whether it's exclusively vehicle detection. A bollard isn't going to detect
someone on foot trying to intrude.
upvoted 1 times
Tejjo 1 month, 3 weeks ago
Selected Answer: C
A bollard is a sturdy, short, vertical post. The term originally referred to a post on a ship or quay used principally for mooring boats.
upvoted 1 times
lamrine04 1 month, 3 weeks ago
Selected Answer: C
Motion sensors detect motion. Examtopics probably had to mark this answer to make sure they stay compliant with some agreement they have
with CompTIA.
upvoted 3 times
Shir0E 1 month, 4 weeks ago
Why answer is E? Giving incorrect answer intentionally.
upvoted 1 times
Protract8593 2 months ago
Selected Answer: C
Motion sensors are devices used to detect movement or motion within their coverage area. They are commonly deployed as part of a security
system to monitor the perimeter of a facility, such as an airport, and detect unauthorized intrusions. When someone or something moves within
the range of a motion sensor, it triggers an alert, notifying security personnel of potential intruders.
In conclusion, according to CompTIA Security+, the correct option to detect intrusions at the perimeter of an airport is C. Motion sensors. These
sensors provide an active intrusion detection capability by alerting security personnel of potential unauthorized movement within the airport's
perimeter.
upvoted 1 times
md4946 2 months, 1 week ago
店
got it wrong
upvoted 1 times
店
铺
铺
;
rueyb 5 months ago
Selected Answer: C
;
学
学
习
习
小
店
Bollards dont detect anything
upvoted 1 times
66
小
店
66
Jacs 5 months, 1 week ago
a fence is the correct, an airport can install fences with sensors on it. then fences stop intruders and depending the sensor installer may alert the
security of any trespass.
upvoted 1 times
HCM1985 3 weeks, 5 days ago
yeah, but the fence itself won't detect anything without sensors on it
upvoted 1 times
GreenBird97 6 months, 2 weeks ago
Selected Answer: C
淘宝店铺:https://shop63989109.taobao.com/
ChatGPT
The option that would detect intrusions at the perimeter of an airport is:
C. Motion sensors
Motion sensors are devices that detect movement and are commonly used in security systems to detect intruders. They can be placed around the
perimeter of an airport and trigger an alarm or alert security personnel when movement is detected.
Signage (Option A) can serve as a deterrent and inform people about restricted areas, but it does not detect intrusions.
Fencing (Option B) can also serve as a deterrent and physical barrier, but it does not detect intrusions on its own.
Lighting (Option D) can make it more difficult for intruders to enter the perimeter undetected, but it does not detect intrusions.
Bollards (Option E) are physical barriers that can prevent vehicles from entering restricted areas, but they do not detect intrusions.
upvoted 1 times
店
店
铺
Woob 3 months ago
;
铺
;
You need to consult ChatGPT for something this simple?..
upvoted 1 times
学
学
习
习
小
小
店
店
66
asabi 6 months, 2 weeks ago
Selected Answer: C
66
The motion sensors would most likely be the most effective tool to detect any intruders at the perimeter of the airport, as they would alert
security officials if a perimeter breach is detected.
There are also other tools that could be used to detect intruders, such as cameras and thermal imaging, but motion sensors are generally
considered to be the best option for detecting intruders in a wide range of conditions, as they can be set to alert security if movement is
detected in a specific area of interest.
upvoted 1 times
Jacs 6 months, 4 weeks ago
Selected Answer: B
PIDS is a motion sensor installed in a fence
upvoted 1 times
matpet 7 months, 1 week ago
According to me is C. The question ask how to detect.
upvoted 2 times
Paramus 7 months, 1 week ago
I would surely go for motion sensor but found out it is bollards . Sometimes this answers don’t make sense
upvoted 2 times
Pharaoh301 7 months, 1 week ago
Here's why I think Bollard was selected as the correct answer; hitting a bollard would definitely create a detection. Furthermore, it seems
unrealistic to attempt to apply motion detectors to an airport perimmiter since there is likely always going to be motion in and around an airport
perimeter (regardless of how it's designed). At a minimum, there would always be birds. But depending on the part of the perimeter in question,
there would almost always be people.
upvoted 3 times
new_to_this 5 months ago
This makes a lot of sense. you actually put the location into concideration and hoe other system and devices might not work in that
environment
upvoted 1 times
Pharaoh301 7 months, 1 week ago
PIDS can detect breaches, but in airports, those are generally far more complex than simple motion detection systems.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #32
A security analyst is concerned about critical vulnerabilities that have been detected on some applications running inside containers. Which of
the following is the
BEST remediation strategy?
A. Update the base container Image and redeploy the environment.
B. Include the containers in the regular patching schedule for servers.
C. Patch each running container individually and test the application.
D. Update the host in which the containers are running.
店
店
铺
铺
;
;
学
Correct Answer: B
学
习
66
A (68%)
Highly Voted
小
店
Community vote distribution
Gravoc
习
小
店
C (17%)
66
Other
1 year ago
A is incorrect. The answer is D. Really shows that the voters don't know much about containers here. A container is merely a text file that allocates
resources and libraries to a virtual environment, which in turn allows an application to function in an isolated environment. That's it
The containers share the same Kernel as the base host system. Only the system Kernel and a text file of allocated resources and libraries stands
between a critical vulnerability, and gaining access to the standard host computing environment. Swiss Cheese model and Defense-in-Depth
applies here. Since there's no update to be applied to the container, and the base host & containers all are reliant on the same Kernel. Keeping the
host system up to date with all security patches and firmware patches is the best way to prevent a critical vulnerability from breaking out of a
container.
Look up the container hierarchy, "dirty-pipe-exploit', and Docker software.
Hardware > OS > Virtual Machine > Docker > Container
Updating the host machine is absolutely the answer.
upvoted 34 times
BevMe 5 months, 1 week ago
What is the host is managed by a third-party provider or if there are other applications running on the host that could be affected by the
update?
upvoted 2 times
BevMe 5 months, 1 week ago
*What if I mean
upvoted 1 times
MikeM3 5 months, 2 weeks ago
well this comment didn't age well. option D is a good sec measurer but it doesn't address the vulnerabilities in the containerized applications
themselves. the vulnerabilities may be specific to the containerized apps themselves and not the host itself so updating the host may not
address the issue. Option A is the correct answer.
upvoted 4 times
Hiattech 5 months, 3 weeks ago
店
店
This isn't necessarily true. Containers running can run on ESXI which is linux based. Updating ESXI is NOT going to update the individual
Windows machines. However, A is not correct either since redeploying a bunch of virtuals isn't an option either. The best option is to update
the machines individually, preferably on a schedule and with testing on dev machines.
upvoted 1 times
铺
铺
;
;
学
学
习
习
小
店
66
HCM1985 3 weeks, 5 days ago
小
店
66
ESXi's kernel is not a Linux kernel. Although it indeed uses a lot of opensource software for its tools, the kernel itself is proprietary.
About the question: we're talking about applications vulnerabilities inside the container, not the host OS's.
And updating an image and redeploying apps quickly with little to no downtime it's actually not very complex
upvoted 1 times
_bishalk__ 12 months ago
The only thing container shares with host machine is kernel so if we patch and upgrade the kernel version doesnt necessarily it will eliminate
the vulnerabilities associated with other packages in repos of that container so best way to patch a container must be followed. and that is only
possible when someone update the base container image and redeploy it. so correct answer is A here.
upvoted 9 times
VendorPTS 11 months, 4 weeks ago
Agreed. It's a bit of a tricky one because Gravoc isn't wrong that the host OS and kernel vulnerabilities there are important, but the question
says the analyst is concerned about "critical vulnerabilities that have been detected on some applications running *INSIDE* containers." As
you mentioned, aspects of the vulnerability may be limited to what is running in the container.
淘宝店铺:https://shop63989109.taobao.com/
Read the section "Containers let you patch continuously, automatically" in the article below
https://cloud.google.com/blog/products/containers-kubernetes/exploring-container-security-how-containers-enable-passive-patchingand-a-better-model-for-supply-chain-security
upvoted 9 times
kennyleung0514 11 months, 1 week ago
agreed. As containers should be short-life, or be more accurate, it should not have any modifications once deployed. If there's any
update on the containers, it would be faster to deploy it with updated base image
upvoted 10 times
rodwave
10 months, 2 weeks ago
Highly Voted
Selected Answer: A
Answer: Update the base container image and redeploy the environment (A)
店
铺
店
铺
In the scenario, the vulnerabilities found were critical meaning that patches would need to be applied immediately.
;
;
学
学how this vulnerability is critical, neither
The options to patch the
containers (B &C) could work, however, patching would likely take months, seeing
习
习
would address the concern's
小urgency.
小
店
店
6
66 only on some
6 could work, however, the scenario specified that the vulnerabilities have been detected
The option to update the host (D) also
applications and not on the host itself. While a container runs on a host machine, it does not mean they share the same vulnerabilities. So updating
the host would likely not patch the vulnerabilities that were found in the containers.
Out of the given options, the option to update on the base container image would 1.) addresses where the vulnerabilities were found and what
needs to be updated and 2.) addresses the urgency to patch the critical vulnerability.
upvoted 25 times
LePecador 2 months, 2 weeks ago
very helpful indeed
upvoted 2 times
Faisel 2 months, 3 weeks ago
very good explanation, well done!
upvoted 4 times
BossCatKodi
Most Recent
2 weeks, 5 days ago
Patch or Update the Vulnerable Components:
Identify the specific vulnerabilities and the affected components (e.g., libraries, dependencies) within the containerized applications.
Determine if patches or updates are available to address these vulnerabilities. Many software vendors release security updates and patches for
known vulnerabilities.
If patches or updates are available, apply them to the affected containers. This might involve rebuilding the container image with the patched
components and deploying the updated image.
upvoted 1 times
bolom2365 1 month ago
The best remediation strategy for critical vulnerabilities found in containerized applications is to update the base container image and redeploy
the environment.
The advantages of this approach are:
Containers are meant to be ephemeral and rebuilt frequently. Updating the image allows rebuilding secure containers.
Patching the base image once fixes the issue for all containers using that image. Individual container patching is inefficient.
Host patching does not fix vulnerabilities within the container images themselves.
Rebuilding from a patched base image is faster than live container or host patching.
Testing can be done on new containers from the updated image before redeploying en masse.
upvoted 1 times
店
铺
RevolutionaryAct 1 month, 2 weeks ago
;
Selected Answer: B
学
习
B. Makes the most sense here - think of containers like the apps on your smartphone.
小
店
铺
;
学
习
小
店
Though critical, these are not going
each and test.
66to affect the phone itself. Do automatic patching and you are good. Second best店is6patch
6
upvoted 1 times
Pezo 2 months ago
A is the correct answer. This option ensures that all containers launched from the updated base image will have the necessary security patches
applied, effectively addressing the vulnerabilities across the entire containerized environment. It is a proactive approach that helps prevent future
instances of the same vulnerabilities and ensures consistency across deployments.
upvoted 1 times
Protract8593 2 months ago
Selected Answer: A
Container images serve as the foundation for containers, and vulnerabilities in the base image can affect all containers created from that image. By
updating the base container image to one that includes the necessary security patches and fixes, the security analyst ensures that new containers
deployed from the updated image will not contain the known vulnerabilities. Redeploying the environment with the updated image helps
address the security concerns across all instances of the application running in containers.
淘宝店铺:https://shop63989109.taobao.com/
Why D is wrong:
D. Update the host in which the containers are running: Updating the host is essential for security, but it does not directly address the
vulnerabilities within the container images. The vulnerabilities are specific to the containers themselves, and updating the host would not
automatically resolve the issues within the containers.
In conclusion, according to CompTIA Security+, the BEST remediation strategy for addressing critical vulnerabilities in applications running inside
containers is A. Update the base container image and redeploy the environment. This approach ensures that new containers will not contain the
known vulnerabilities, providing a more secure foundation for the application.
upvoted 2 times
ApplebeesWaiter1122 3 months ago
Selected Answer: C
Patch each running container individually and test the application would be the best remediation strategy for addressing critical vulnerabilities
detected in applications running inside containers.
店
店
Containers provide a lightweight and isolated environment for applications, but they can still be vulnerable to security vulnerabilities. To
effectively remediate these vulnerabilities, it is important to patch the containers themselves.
铺
铺
;
;
学
学
习
习
The recommended approach is to patch each running container individually. This involves applying updates or patches specifically to the
container images or container runtime environment. By patching each container individually, you can ensure that the vulnerabilities are addressed
within the specific context of each application.
小
小
店
店
66
66
After patching, it is crucial to thoroughly test the application to ensure that the updates do not introduce any compatibility issues or unexpected
behavior. Testing helps validate the functionality and security of the patched containerized application.
upvoted 1 times
user82 5 months, 1 week ago
Selected Answer: A
Updating the base container image is replacing the current image with a new one with better security patches, bug fixes, etc. which addresses
vulnerabilities
upvoted 1 times
Confuzed 5 months, 2 weeks ago
Selected Answer: A
Despite what Gravoc says, the answer is still A. A container is not just a text file. The text file defines the layers of the container. These layers are
applied on top of the running host kernel, and provide a base os, any required libraries and associated applications, management tools (text
editor, cli tools, etc), and finally the application code is layered on top. Some containers can consist of several gigabytes of stuff across several
layers. For example a web application may have a base OS (alpine linux is common), then the Apache web server image, then perhaps an NGIX
reverse proxy image, and finally the application image. If a new Apache version is released, simply rebuilding the image and restarting it will
incorporate the changes and address any patched vulnerablities.
upvoted 1 times
darklion 5 months, 2 weeks ago
Selected Answer: A
A. Update the base container Image and redeploy the environment is the BEST remediation strategy. Critical vulnerabilities on containerized
applications can often be addressed by updating the base container image, which will automatically address the vulnerabilities for all running
containers that use that image. Redeploying the environment with the updated container image will ensure that all containers are using the
patched image, reducing the risk of exploitation. Patching each running container individually can be time-consuming and difficult to manage,
and patching the host may not address vulnerabilities that exist within the container itself.
upvoted 1 times
fouserd 5 months, 2 weeks ago
Selected Answer: C
The best remediation strategy for the security analyst to address the critical vulnerabilities that have been detected on some applications running
inside containers would be to patch each running container individually and test the application. This approach allows the analyst to address the
vulnerabilities in a targeted manner without disrupting other applications that may be running in other containers. Once the patches have been
applied, the analyst can test the application to ensure that it is still functioning correctly.
upvoted 2 times
店
店
铺
铺
;
;
学
学
习 ago
Hiattech 5 months, 3 weeks
小
店
Selected Answer: B
习
66
小
店
66
A is not correct since redeploying a bunch of virtuals isn't an option either.
B is the best option which is to include the containers on the regularly scheduled updates.
If patches are already being tested in development, then C isn't necessary.
D. isn't going to work since containers often run on different OS than the one their hosted on plus they don't associate with the host OS other than
to receive their resources. Updating the host would NOT update the clients.
upvoted 2 times
Caden_Liew 3 months, 4 weeks ago
I wouldnt choose B because of the keyword "critical vulnerabilities" which suggest immediate action instead of waiting for the next patch
schedule. I would go with C
upvoted 1 times
tutita 5 months, 3 weeks ago
Selected Answer: A
The only thing the containers share with the host 淘宝店铺:https://shop63989109.taobao.com/
is the kernel. If the kernel gets security updates, the containers see that. Anything else, you have
to also update inside the container, although usually you just rebuild the container. Often, the container is a completely different distro than the
host, so the update will be different commands.
upvoted 1 times
JDawgBenet 5 months, 4 weeks ago
Selected Answer: D
Top voted comment said it was D.
upvoted 1 times
asabi 6 months, 2 weeks ago
Selected Answer: A
The best remediation strategy in this situation would be to update the base container image and redeploy the environment.
This strategy would allow for a comprehensive update of the environment that would ensure that all security patches are applied in a consistent
manner. :)
店
店
铺
铺
;
Using a patch schedule
学 or updating each container individually could lead to a situation where patches;are学applied inconsistently or where some
习are applied properly and in a
updates are missed, so习
it is always important to have a thorough remediation strategy that ensures all patches
小
小
reliable manner.
店
店
66
66
upvoted 1 times
princajen 6 months, 2 weeks ago
Selected Answer: A
Option C suggests patching each running container individually and testing the application. While this may address the vulnerabilities in the
containers, it is not the most efficient remediation strategy, especially if there are many containers with the same vulnerabilities.
Updating the base container image and redeploying the environment (Option A) would ensure that all containers are patched with the latest
version and that the vulnerabilities are addressed in one go, saving time and effort.
Including containers in the regular patching schedule for servers (Option B) may also work, but it may not be as efficient as updating the base
container image and redeploying the environment
upvoted 1 times
princajen 6 months, 2 weeks ago
Option D, "Update the host in which the containers are running," may not be the best remediation strategy because updating the host may
require downtime or impact other applications running on the same host. Additionally, updating the host may not necessarily address the
specific vulnerabilities in the containers. Instead, it would be better to focus on updating the containers themselves, either by updating the
base image or patching each container individually. This would allow for targeted remediation of the vulnerabilities without impacting other
applications or requiring downtime for the host.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #33
An organization has decided to purchase an insurance policy because a risk assessment determined that the cost to remediate the risk is
greater than the ve- year cost of the insurance policy. The organization is enabling risk:
A. avoidance.
B. acceptance.
C. mitigation.
D. transference.
店
店
铺
Correct Answer: D
铺
;
;
学
Community vote distribution
习
学
习
小D (100%)
店
66
[Removed]
Highly Voted
小
店
66
1 year ago
Selected Answer: D
D. transference.
upvoted 11 times
rodwave
10 months, 2 weeks ago
Highly Voted
Selected Answer: D
Answer: Risk Transference
Risk Transference is transferring risk to a third party such as a vendor. In cyber security, that can be through utilizing cyber-risk insurance. Cyber
insurance generally covers a business' liability for a data breach involving sensitive customer information, such as account numbers, credit card
numbers, health records etc.
==============================================
Other Choices:
Risk Avoidance - Strategy that eliminates risk by avoiding activities that would expose themselves to the risk.
Risk Mitigation - the practice of reducing the impact of risks through preventative and reactive planning
Risk Acceptance - When a business or individual accepts the potential loss from a risk. Generally occurs when the business or individual feels that
the risk does not warrant the countermeasures.
upvoted 7 times
Protract8593
2 months ago
Most Recent
Selected Answer: D
The organization is enabling risk transference by purchasing an insurance policy to cover the potential financial losses associated with the
identified risk. Transference involves shifting the financial impact of a risk to another party, such as an insurance provider. In this scenario, the
organization is accepting the risk (by not investing in remediation) and transferring the financial consequences to the insurance policy provider.
upvoted 3 times
ApplebeesWaiter1122 3 months ago
Selected Answer: D
店
店
In this scenario, the organization has decided to purchase an insurance policy to cover the potential financial losses associated with a risk. By
transferring the risk to an insurance provider, the organization is shifting the financial burden and responsibility of managing the risk to the
insurance company. This allows the organization to mitigate the potential impact of the risk by having the insurance policy cover the costs of
remediation or any losses incurred.
upvoted 1 times
铺
铺
;
;
学
学
习
习
小
店
Otik 4 months ago
66
D, prime example of transferance
upvoted 1 times
Denniswhyz 4 months, 3 weeks ago
Selected Answer: D
Insurance = transference
upvoted 1 times
dagsrevy1 5 months, 3 weeks ago
Selected Answer: D
Paying the insurance company to share the risk. D
upvoted 1 times
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Paramus 7 months, 1 week ago
Selected Answer: D
Transferring
upvoted 1 times
DALLASCOWBOYS 7 months, 4 weeks ago
D. Any time insurance is used, you are transferring the risk to the insurance company
upvoted 3 times
Gr3gg3 10 months, 3 weeks ago
Selected Answer: D
D. Transferring the risk to a Third Party
upvoted 1 times
店
Jossie_C 10 months, 3 weeks ago
铺
You're transferring the risk to the insurer. D. TRANSFERENCE.
upvoted 1 times
;
店
铺
;
学
学
习
习
小 ago
banditring 11 months, 3 weeks
店
whenever I see insurance I always6go
6 with transference
小
店
66
upvoted 2 times
varun0 1 year ago
Transference as the financial loss if the risk materializes is transferred to the insurance company
upvoted 7 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #34
A security analyst receives an alert from the company's SIEM that anomalous activity is coming from a local source IP address of
192.168.34.26. The Chief
Information Security O cer asks the analyst to block the originating source. Several days later, another employee opens an internal ticket
stating that vulnerability scans are no longer being performed properly. The IP address the employee provides is 192.168.34.26. Which of the
following describes this type of alert?
A. True negative
B. True positive
店
店
C. False positive
铺
;
D. False negative
铺
;
学
学
习
习
小
小
店
店
66
Correct Answer: A
66
Community vote distribution
C (89%)
redsidemanc2
Highly Voted
8%
1 year ago
Selected Answer: C
True Positive: A legitimate attack which triggers to produce an alarm. You have a brute force alert, and it triggers. You investigate the alert and find
out that somebody was indeed trying to break into one of your systems via brute force methods.
False Positive: An event signalling to produce an alarm when no attack has taken place. You investigate another of these brute force alerts and find
out that it was just some user who mistyped their password a bunch of times, not a real attack.
False Negative: When no alarm is raised when an attack has taken place. Someone was trying to break into your system, but they did so below the
threshold of your brute force attack logic. For example, you set your rule to look for ten failed login in a minute, and the attacker did only 9. The
attack occurred, but your control was unable to detect it.
True Negative: An event when no attack has taken place and no detection is made. No attack occurred, and your rule didn’t make fire.
upvoted 19 times
redsidemanc2 1 year ago
alarms triggered and ciso blocked scanner ip. later scanner is not working cause ciso blocked the scanner
upvoted 2 times
ronniehaang
7 months, 3 weeks ago
Highly Voted
Selected Answer: C
C. False positive. A false positive is a security alert that is generated when there is no actual threat or security violation, but the security system
identifies it as such. In this scenario, the IP address 192.168.34.26 was blocked based on a security alert from the SIEM, but it turns out that the IP
address was associated with a legitimate source (vulnerability scans). This results in the false positive, where the security system is blocking a
legitimate activity.
upvoted 15 times
Rider2053
Most Recent
1 month, 1 week ago
C is the correct answer: as that Ip is used for Scanning purposes, there is no suspicious activity happeing with that IP>
upvoted 1 times
店
店
铺
铺
;
;
feroze895 1 month, 2 weeks ago
学
Selected Answer: A
Answer is A
upvoted 1 times
学
习
习
小
店
66
小
店
66
RevolutionaryAct 1 month, 2 weeks ago
Selected Answer: C
There's no way it is a true negative as there would be no detection in the first place if this were the case, which alone eliminates the two choices
with negative in the answer. What makes it a false positive is that it said there was malicious activity but instead there was none.
upvoted 2 times
Protract8593 2 months ago
Selected Answer: C
In this scenario, the SIEM generates an alert indicating anomalous activity from the local source IP address 192.168.34.26. The Chief Information
Security Officer (CISO) instructs the security analyst to block the originating source. However, after blocking the IP address, another employee
reports that vulnerability scans are no longer being performed properly, and the provided IP address is also 192.168.34.26.
A false positive occurs when a security tool, like the SIEM in this case, generates an alert for an event that is not actually malicious or a security
淘宝店铺:https://shop63989109.taobao.com/
threat. In other words, the initial alert was triggered
incorrectly, and the activity from the IP address was not actually anomalous or malicious.
Blocking the IP address based on the false positive alert caused unintended consequences and disrupted legitimate network activity, leading to
the reported issues with vulnerability scans.
upvoted 2 times
david124 2 months, 1 week ago
True positive: An alert generated by a security system that correctly identifies actual malicious activity or a real security threat.
True negative: When a security system correctly identifies that no malicious activity is occurring, and there is no actual security threat.
False positive: An alert generated by a security system for an event or activity that is not malicious or threatening, causing unnecessary actions or
disruptions.
False negative: When a security system fails to detect actual malicious activity or a real security threat, resulting in a missed detection.
In this case, the alert from the SIEM was a false positive as it led to blocking a benign internal IP address that was associated with vulnerability
scans.
upvoted 1 times
LiteralGod 2 months, 1 week ago
店
铺
店
铺
Selected Answer: C
;
;
The wording of the question is terrible but considering the initial anomalous activity was in fact a legitimate process (vulnerability scan), this
would be classified as a false positive.
upvoted 1 times
学
学
习
习
小
小
店
店
md4946 2 months, 1 week ago
66
66
Selected Answer: A
everyone here is dumb and dont know what is true negative , it is a scenario when legitimate activity is defined as legit and illegitimate is defined
as illegal. Here the officer blocked the IP so whoever will access it will get notification not permissible , its so obvious its true negative. How
people here are dumb and many of them even got their Security+ certificate , I suggest those certificate of those people who got this answer
wrong should be revoked or dismissed , because this question is one of the main terms and basic terms of security+ exam.
upvoted 1 times
imuetic 2 months, 2 weeks ago
...Several days later, another employee opens an internal ticket stating that vulnerability scans are no longer being performed properly. The IP
address the employee provides is 192.168.34.26. Which of the following describes this type of alert?
Answer is A...note that no attack occured days after the initial attack and when the ip was blocked.
True Negative: An event when no attack has taken place and no detection is made. No attack occurred, and your rule didn’t make fire.
upvoted 1 times
ApplebeesWaiter1122 3 months ago
Selected Answer: C
This situation indicates a false positive alert. A false positive occurs when a security system incorrectly identifies legitimate activity as malicious or
anomalous. In this case, the initial SIEM alert misidentified the activity originating from IP address 192.168.34.26 as anomalous, leading to the
decision to block it. However, the subsequent issue with vulnerability scans suggests that the IP address is actually a legitimate internal resource
required for proper scanning.
upvoted 2 times
darklion 5 months, 2 weeks ago
Selected Answer: C
Answer: C. False positive
Explanation:
A false positive is an alert that incorrectly indicates that something is wrong when it is not. In this case, the initial alert about anomalous activity
coming from the IP address 192.168.34.26 was a false positive. The SIEM incorrectly identified the activity as suspicious or malicious, leading the
security analyst to take action by blocking the IP address. However, this action caused a legitimate process or service to be disrupted, leading to a
new ticket being opened about the vulnerability scans not working properly.
upvoted 3 times
店
店
铺
铺
z3phyr 5 months, 3 weeks ago
;
Selected Answer: C
;
学
学
习
小
Lol really shows just how wrong some of these answers are. Always read the commends.....
upvoted 1 times
店
66
DALLASCOWBOYS 7 months, 4 weeks ago
习
小
店
66
B. This situation is a true positive, as the most recent ticket indicated that the vulnerability scan was no longer working properly, thus the malicious
activity was properly detected, indicating a malicious (anamoly) was detected properly.
upvoted 1 times
[Removed] 8 months, 1 week ago
Selected Answer: C
False Positive = False alert
upvoted 1 times
asum 8 months, 2 weeks ago
Selected Answer: B
True Positive: A legitimate attack which triggers to produce an alarm. You investigate the alert and find out that somebody was indeed trying to
break into one of your systems via brute force methods. <<Anomaly activity is from an IP address.>>
淘宝店铺:https://shop63989109.taobao.com/
upvoted 2 times
KingDrew 8 months, 2 weeks ago
Selected Answer: C
Activity was from employee, not threat, and no attack was performed. Answer is C
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #35
A security analyst wants to reference a standard to develop a risk management program. Which of the following is the BEST source for the
analyst to use?
A. SSAE SOC 2
B. ISO 31000
C. NIST CSF
D. GDPR
店
店
铺
Correct Answer: C
铺
;
;
学
Community vote distribution
习
学
习
小
店
B (86%)
stoneface
Highly Voted
66
小
店
14%
66
1 year ago
Selected Answer: B
ISO 31000 The ISO 31000 Risk Management framework is an international standard that provides businesses with guidelines and principles for risk
management from the International Organization for Standardization. Regulatory compliance initiatives are usually specific to a particular country
and applicable to certain sized businesses or businesses in specific industries. However, ISO 31000 is designed to be used in organizations of any
size. Its concepts work equally well in the public and the private sector, in large or small businesses and nonprofit organizations.
upvoted 36 times
carpathia
10 months, 2 weeks ago
Highly Voted
Depends how you define Security Analyst, if it's cyber then is NIST CSF, if he/she deals with general risk (not pnly cyber) then it's the ISO31000.
God help us with Comptia style questions...
upvoted 12 times
carpathia 10 months, 2 weeks ago
Coming back to my post, they mention "standard". I don't think NIST CSF is a standard per se, just recommendations. ISO is definitely a
standard.
upvoted 11 times
RevolutionaryAct 1 month, 2 weeks ago
This is why it's NIST https://www.onetrust.com/blog/iso-27001-vs-nist-cybersecurity-framework
upvoted 1 times
HackBishop
3 weeks, 5 days ago
Most Recent
Since the question refers to standard I will go with ISO 31000, if not the nist csf would have been my option
upvoted 1 times
RevolutionaryAct 1 month, 2 weeks ago
Selected Answer: C
Did a little digging and the key phrase is "management program" and BEST.
The main reason NIST is superior here is because ISO 31000 CANNOT be used for certification purposes whereas NIST CSF can be used:
https://www.iso.org/iso-31000-risk-management.html
店
店
Also NIST is free whereas ISO is not, so that's another advantage for NIST: https://www.auditboard.com/blog/nist-vs-iso-whats-the-difference/
upvoted 2 times
铺
铺
;
;
学
学
习
习
小
Protract8593 2 months ago
Selected Answer: B
店
66
小
店
66
ISO 31000 is an international standard for risk management issued by the International Organization for Standardization (ISO). It provides
principles, framework, and guidelines for managing risks effectively and efficiently in any organization. The standard focuses on the entire risk
management process and helps organizations identify, analyze, evaluate, treat, and monitor risks systematically.
upvoted 1 times
Kraken84 1 month, 2 weeks ago
ISO 31000 unfortunately cannot manage anything though...
upvoted 1 times
LiteralGod 2 months, 1 week ago
Selected Answer: B
ISO 32000 is a risk framework
upvoted 1 times
ApplebeesWaiter1122 3 months ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: B
ISO 31000 is an international standard that provides principles and guidelines for effective risk management. It offers a comprehensive framework
that organizations can utilize to establish, implement, and continuously improve their risk management processes. The standard emphasizes a
systematic and proactive approach to identifying, assessing, treating, and monitoring risks across the organization.
upvoted 1 times
new_to_this 5 months ago
Selected Answer: C
What is the difference between ISO 27001 and NIST CSF?
It is a standard you follow and with guidelines that are dependent on your own organizational security needs. Both NIST and ISO 27001 have their
own specific place in a security roadmap. NIST CSF is meant to guide your security needs, while ISO 27001 helps to prove your security.
upvoted 1 times
TheGuitarMan_61 5 months, 2 weeks ago
Per COMPTIA guide page 531, ISO 31000 = Risk Management.
upvoted 2 times
店
铺
店
铺
;
;
darklion 5 months,
学2 weeks ago
学
习
习
Selected Answer: B
小
小
店
店 recognized risk
ISO 31000 is the best source for the
analyst to use in order to develop a risk management program. ISO 31000 is a globally
6
66 regardless of size
6 principles, framework, and a process for managing risk. It is applicable to any organization,
management standard that provides
or industry, and is widely accepted as a best practice for risk management. The other options are more focused on specific areas such as
cybersecurity (NIST CSF), auditing (SSAE SOC 2), and privacy (GDPR).
upvoted 2 times
Pink_511 6 months ago
I feel it should be NIST CSF, based on the following argument :
ISO 31000 is a good choice for operationally mature organizations seeking certification and **NIST CSF may be best for organizations who are in
the first stages of developing** a cybersecurity risk management plan or attempting to mitigate prior failures or data breaches.
upvoted 1 times
GS1011 6 months, 2 weeks ago
B
https://www.skillmaker.edu.au/risk-management-standards/
upvoted 1 times
rf18 7 months, 2 weeks ago
Selected Answer: B
ISO 31000 foundation of Risk Management
upvoted 2 times
DALLASCOWBOYS 7 months, 4 weeks ago
B. ISO 31000 is a family of standards and guidelines for implementing a risk management-based security policy.
upvoted 1 times
[Removed] 9 months, 1 week ago
Selected Answer: C
Despite the complexity of implementing the NIST CSF, its ability to unify cybersecurity efforts and bridge the gap between technical and business
leaders makes it the gold standard for developing a risk management plan. Going with C…
upvoted 3 times
jhfdkjshfkjdsho 9 months, 2 weeks ago
Selected Answer: C
NIST CFS "The Framework Core consists of
five concurrent and continuous Functions—Identify, Protect, Detect, Respond, Recover.
When considered together, these Functions provide a high-level, strategic view of the
lifecycle of an organization’s management of cybersecurity risk."
upvoted 3 times
店
铺
;
学
习
小
店
sauna28 9 months, 2 weeks ago
Selected Answer: B
66
Risk Management Framework definitely ISO31000
upvoted 1 times
店
铺
;
学
习
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #36
The Chief Information Security O cer (CISO) requested a report on potential areas of improvement following a security incident. Which of the
following incident response processes is the CISO requesting?
A. Lessons learned
B. Preparation
C. Detection
D. Containment
E. Root cause analysis
店
店
铺
铺
;
Correct Answer: A
学
习
Community vote distribution
rodwave
;
学
Highly Voted
小
店
习
6
A (97%) 6
小
店
66
10 months, 2 weeks ago
Selected Answer: A
Answer: Lessons learned
Lessons learned is the final step in the incident response where the organization reviews their incident response and prepare for a future attack.
This is where you understand how/why an incident occurred, identify any weaknesses in your organization's practices, any positive elements or
practices that went well, and things that could be done to prepare for a future incident.
=========================
Incident Response - A set of instructions or procedures an IT staff follows to detect, respond to, recover and recover from a security incident.
Phases in the Incident Response Plan
1. Preparation: The organization plans out how they will respond to attack, this can involve:
2. Identification: Detecting and determining whether an incident has occurred.
3. Containment: Once a threat has been identified, the organization must limit or prevent any further damage.
4. Eradication: The removal of the threat
5. Recovery: Restoring systems affected by the incident
6. Lessons Learned: Where the organization reviews their incident response and prepare for a future attack
upvoted 17 times
Protract8593
Most Recent
2 months ago
Selected Answer: A
The Chief Information Security Officer (CISO) is requesting a report on potential areas of improvement following a security incident. This indicates
that the CISO wants to conduct a lessons-learned process. Lessons learned is a critical phase in incident response that involves analyzing the
incident after it has been resolved to identify what went wrong, what worked well, and what areas need improvement. This process helps
organizations enhance their incident response procedures and make adjustments to prevent similar incidents in the future.
upvoted 2 times
ApplebeesWaiter1122 2 months, 4 weeks ago
Selected Answer: A
Option A, "Lessons learned," refers to the practice of capturing and documenting the knowledge and insights gained from a security incident. It
involves analyzing the incident response process, identifying what worked well and what didn't, and extracting key takeaways and
recommendations for improvement.
店
店
铺
By conducting a;
lessons learned analysis, the organization can identify gaps or deficiencies in their铺
incident
response procedures, technical
;
controls, staff training,
or
other
areas
that
may
have
contributed
to
the
incident
or
hindered
the
response
efforts.
学
学 The report generated from the
习
lessons learned process provides valuable information for enhancing the organization's security posture and 习
strengthening its incident response
小
小
capabilities in the future.
店
店
66
66
upvoted 1 times
fouserd 5 months, 2 weeks ago
Selected Answer: A
The incident response process that the CISO is requesting is lessons learned. The lessons learned process involves reviewing the incident and
identifying areas where improvements can be made to prevent similar incidents from occurring in the future. This can include changes to policies
and procedures, additional training for employees, or changes to technical controls.
upvoted 1 times
Scott_wu 6 months ago
Selected Answer: E
potential areas of improvement
upvoted 1 times
assfedass nished 1 month, 3 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Potential areas of improvement are gleaned from
lessons learned.
upvoted 1 times
DALLASCOWBOYS 7 months, 4 weeks ago
A. Lessons Learned. Evaluates the response plan and procedures and improve them as necessary
upvoted 1 times
mlonz 8 months, 1 week ago
something straightforward
upvoted 1 times
mlonz 8 months, 1 week ago
something straighforward
upvoted 1 times
店
Korokokokokoko 10 months, 1 week ago
铺
Selected Answer: A
;
店
铺
;
学
This is the correct answer
upvoted 1 times
学
习
习
小
小
店
店
66
comeragh 1 year ago
66
Selected Answer: A
A - Lessons Learned agree with
upvoted 3 times
varun0 1 year ago
Selected Answer: A
Lessons learned is a process in incident response to learn from the incident and improve.
upvoted 3 times
stoneface 1 year ago
Selected Answer: A
What are lessons learned ? The Project Management Institute (PMI) defined as “the learning gained from the process of performing the project”.
In the context of security incidents, they usually take place after a security incident has occurred and has been mitigated.
upvoted 4 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #37
A company is providing security awareness training regarding the importance of not forwarding social media messages from unveri ed sources.
Which of the following risks would this training help to prevent?
A. Hoaxes
B. SPIMs
C. Identity fraud
D. Credential harvesting
店
店
铺
Correct Answer: A
铺
;
;
学
Community vote distribution
习
学
习
小
店
A (78%)
babyzilla
Highly Voted
66
14%
小
店
8%
66
10 months, 3 weeks ago
I read the comments below. Many of you are associating social media messages with fake news which is leading you to the answer: Hoax.
However, social media messages are usually just that, messages. Think of a DM via Instagram. That is a direct message through a social media
application. Most social medias have IM features. I think there is a false notion of fake news with this question. For this reason, I believe it is SPIM.
upvoted 19 times
CTE_Instructor 6 months, 3 weeks ago
The key phrase in this question is "unverified sources" - The main idea/principle of the question is to avoid spreading messages that have not
been verified as truth. This is to reduce hoaxes/misinformation from spreading, which are also primarily spread via social media.
SPIM is for instant message spam and is seen in the form of unsolicited messages on an instant messaging platform. From CompTIA's
perspective, instant messaging DMs and social media messages are not the same. Also, the training the company would do would not affect
SPIM anyway.
upvoted 6 times
Joe1984
Highly Voted
1 year ago
Selected Answer: A
Hoaxes
upvoted 13 times
z3phyr 5 months, 3 weeks ago
You are right Joe
upvoted 1 times
assfedass nished
Most Recent
1 month, 3 weeks ago
Selected Answer: A
Spammers send spam/spim.
If you fwd unverified mail, described in the question, that's a hoax.
upvoted 2 times
BigIshai 1 month, 3 weeks ago
I believe the reason a company would not want their employees to forward unverified messages would be so that they do not give credence to
possible fake news and stake the reputation of the organization carelessly. The truth is once the unverified source is proven wrong, the news will
read that an employee of a reputable organization, posted....... Bad press/ publicity is never good for business no matter how innocent. I would go
with A. (Hoaxes)
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
小
Protract8593 2 months ago
习
店
Selected Answer: A
66
小
店
66
Security awareness training that emphasizes not forwarding social media messages from unverified sources would help to prevent hoaxes. A hoax
is a deceptive message or information that is spread with the intention to mislead or deceive recipients. By educating employees not to forward
social media messages from unverified sources, the company can reduce the spread of false or misleading information, thereby minimizing the
impact of hoaxes.
upvoted 2 times
XTN 2 months, 1 week ago
Fake News
upvoted 2 times
ApplebeesWaiter1122 2 months, 4 weeks ago
Selected Answer: A
The training regarding not forwarding social media messages from unverified sources would help to prevent A. Hoaxes.
淘宝店铺:https://shop63989109.taobao.com/
Hoaxes are deceptive messages or information that
are spread widely, often through social media platforms or email, with the intention to
mislead or deceive recipients. These hoaxes may contain false claims, fabricated stories, or misleading information, and they can be harmful or
cause panic if shared without verification.
By training employees not to forward social media messages from unverified sources, individuals become more cautious and discerning about the
information they share. They are encouraged to verify the authenticity and accuracy of the content before spreading it further. This helps to
prevent the spread of hoaxes and reduces the potential negative impacts associated with misinformation.
upvoted 1 times
LeonardSnart 4 months, 2 weeks ago
Selected Answer: A
"We’ve all probably received the e-mails stating that little Timmy is dying of a serious disease and wants his e-mail forwarded to 10,000 people,
or that Bill Gates is giving away his fortune and you can receive a part of it if you forward the e-mail to 10 of your friends. You’ve probably also
seen e-mails asking you to provide bank account information so that a deposed prince or forgotten relative can deposit millions of dollars into
your bank account to save their fortune.
Hoaxes aren’t confined to e-mail; hoaxers can use fake Web sites, social media sites, and even telephone calls to perpetrate a hoax. Their goal may
be to get donations, spread a fake story, or even simply see how many people will fall for it. As with most other social engineering attacks, an
organization’s best defense against hoaxes is a good security education and training program for users."
店
店
铺
铺
;
;
学
学
习
习
-Mike Meyers, Security+ Cert Guide Third Edition SY0-601
upvoted 2 times
小
小
店
店
66
66
TheWaraba 5 months, 2 weeks ago
I read most of the comments here but I think what can help pick between Hoaxes and SPIM, is that a end user training would not prevent SPIM per
se, it would prevent user's from clicking on links in SPIM but not receiving them.
An end user training would definitely help users be aware of hoaxes and not spread them.
upvoted 2 times
diztrik 6 months ago
Selected Answer: B
I believe SPIM is the correct answer here.
upvoted 3 times
asabi 6 months, 2 weeks ago
Selected Answer: C
These types of training sessions would help to prevent identity fraud, as they help people to recognize the signs of malicious attacks or scams that
could be used to steal their identities or other personal info.
upvoted 1 times
goat23 7 months, 2 weeks ago
chatgpt says its a. hoaxes
upvoted 2 times
DALLASCOWBOYS 7 months, 4 weeks ago
A. Hoax. Is designed to convince targets to perform an action that would reduce or harm their IT security. often encourages victims to spread the
word. Since they are concerned with forwarding unverified sources, suggests it is a hoax they are concerned with.
upvoted 2 times
shi_ 7 months, 4 weeks ago
Selected Answer: B
this question really have vague answers options.... i was contemplating between hoaxes and SPIM however imo in term of loss, hoaxes don't cost
much for a company(example, resulting in a sense of urgency to forward threatening/frightening massages that affect company) however SPIM
can be quite fatal for a company error (for example, clicking a link resulting in malware/spyware)
upvoted 2 times
JustIyke 8 months, 2 weeks ago
店
店
Context is important in this question. Per COMPTIA definitions, the answer is SPIM because the message comes from Social Media. Hoax or any
other option will be correct in conventional terms, but for the purpose of this test I am 100% sure the answer is SPIM
upvoted 6 times
铺
铺
;
;
学
学
习
习
小
店
blacktaliban 10 months, 3 weeks ago
Selected Answer: A
66
Sharing unverifiable information on social media might as well say its fake news
upvoted 2 times
BigLao 10 months, 4 weeks ago
I would go with spim.
The question talks about social media and when you look at the definition of spim it ties with it perfectly.
upvoted 3 times
Jossie_C 10 months, 3 weeks ago
This is incorrect. Spam is Spam over instant messaging. Social media is not necessarily instant messaging
upvoted 2 times
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #38
A security analyst is receiving numerous alerts reporting that the response time of an internet-facing application has been degraded. However,
the internal network performance was not degraded. Which of the following MOST likely explains this behavior?
A. DNS poisoning
B. MAC ooding
C. DDoS attack
D. ARP poisoning
店
店
铺
Correct Answer: C
铺
;
;
学
Community vote distribution
习
学
习
小C (100%)
店
66
stoneface
Highly Voted
小
店
66
1 year ago
Selected Answer: C
Most denial of service (DoS) attacks against websites and gateways are distributed DoS (DDoS). This means that the attack is launched from
multiple hosts simultaneously. Typically, a threat actor will compromise machines to use as handlers in a command and control network. The
handlers are used to compromise hundreds or thousands or millions of hosts with DoS tools (bots) forming a botnet.
The internal network has not been affected by the attack.
upvoted 26 times
varun0 1 year ago
Agreed
upvoted 3 times
C_M_M
Highly Voted
6 months ago
In Ddos, both internal and external performance would be affected. This is because DDos consumes the resources of the server in question. In that
case, the server will be slow irrespective of whether it's being accessed internally or externally.
I don't think it's Ddos.
Maybe DNS poisoning. Those external users have been redirected to another fake server which is slow, but the real server is working just fine.
upvoted 6 times
Protract8593
Most Recent
2 months ago
Selected Answer: C
The scenario described, where the response time of an internet-facing application has been degraded while the internal network performance
remains unaffected, is indicative of a Distributed Denial of Service (DDoS) attack.
A DDoS attack involves overwhelming a target server or network with a large volume of traffic or requests from multiple sources, rendering the
target's services slow or unavailable. In this case, the application's internet-facing infrastructure is under attack, resulting in degraded response
times for external users trying to access the application.
upvoted 3 times
sujon_london 1 month, 2 weeks ago
Agreed
upvoted 1 times
店
铺
ApplebeesWaiter1122 2 months, 4 weeks ago
;
学
店
铺
;
学
习
The behavior described, where
小 the response time of an internet-facing application is degraded while internal习network
小 performance remains
店
店
unaffected, is indicative of a Distributed Denial of Service (DDoS) attack.
66
66
Selected Answer: C
A DDoS attack involves a large number of compromised or malicious systems flooding a target network or application with a high volume of
traffic, overwhelming its resources and causing service degradation or complete unavailability. The purpose of a DDoS attack is to disrupt the
normal functioning of a system or service by exhausting its resources.
In this scenario, the numerous alerts reporting degraded response time for the internet-facing application suggest that the application is under
heavy traffic load from the external network. The internal network performance remains unaffected because the attack is specifically targeting the
application from the internet, not the internal network infrastructure.
upvoted 1 times
princajen 6 months, 2 weeks ago
Selected Answer: C
C. DDoS attack
DNS poisoning, MAC flooding, and ARP poisoning are all types of attacks that can affect network performance, but they do not typically result in
the degradation of a single internet-facing application while leaving the rest of the network unaffected.
upvoted 3 times
ronniehaang 7 months, 3 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: C
C. DDoS attack.
A Distributed Denial of Service (DDoS) attack is a type of cyber attack in which multiple compromised computers are used to flood a targeted
system with high volumes of traffic, overloading it and making it unavailable for its intended users. If the targeted system is an internet-facing
application, it could result in degraded response times or even complete unavailability. In such cases, the internal network performance may not
be degraded, but the internet-facing application would be impacted by the increased traffic from the DDoS attack.
upvoted 1 times
DALLASCOWBOYS 7 months, 4 weeks ago
B. MAC Flooding. In MAC Flooding the attacker is not getting into the path between the client and server. Question states internal network was not
degraded. DDos denies service, The question stated performance was degraded, not denied.
upvoted 2 times
店
店
铺
铺
Keyword: "internet-facing application".
;
;
学
学
习 attack. Rather, it must be a layer 3
This means that the习
attack was from the outside, so the answer can't be an OSI layer 2 (Data Link Layer - MAC)
小
小 attack, but the question
(Network - IP) attack. Why? Because if the attacker were from inside the network, then it would be a layer 2 (MAC)
店
店 was definitely from the
doesn't mention that. Moreover,
66the question mentions that the internal network performance was fine, so the attack
66
outside, targeting a specific host that was open to the public internet.
Protract8593 2 months ago
For more information: https://www.cloudflare.com/learning/ddos/layer-3-ddos-attacks/
upvoted 1 times
TheWaraba 5 months, 2 weeks ago
DDoS can either degrade performance or deny service, depends on many factors. DDoS doesn't always mean that there's an actual denial of the
service.
upvoted 1 times
EvelynStandford 7 months, 1 week ago
i thought this also wor the words used in the question sadly there is no way to be 100% sure of the answer here
upvoted 1 times
duagreg 9 months, 3 weeks ago
DDoS for sure
upvoted 1 times
Iamboolean 1 year ago
Selected Answer: C
Answer C = Distributed Denial Of Service.
upvoted 1 times
comeragh 1 year ago
Good spot stoneface
upvoted 1 times
varun0 1 year ago
Selected Answer: C
DDOS seems obvious to me.
upvoted 3 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #39
Which of the following will increase cryptographic security?
A. High data entropy
B. Algorithms that require less computing power
C. Longer key longevity
D. Hashing
Correct Answer: A
店
店
铺
Community vote distribution
;
学
习
铺
;
学
习
A (98%)
小
小
店
stoneface
店
66
Highly Voted
66
1 year ago
Selected Answer: A
Entropy is a measure of disorder. A plaintext will usually exhibit low entropy as it represents a message in a human language or programming
language or data structure. The plaintext must be ordered for it to be intelligible to a person, computer processor, or database. One of the
requirements of a strong cryptographic algorithm is to produce a disordered ciphertext. Put another way, the ciphertext must exhibit a high level
of entropy. If any elements of order from the plaintext persist, it will make the ciphertext vulnerable to cryptanalysis, and the algorithm can be
shown to be weak.
upvoted 66 times
Kraken84 3 weeks, 1 day ago
What level of Entropy does America now exhibit? I learned me a new word
upvoted 1 times
Iamboolean 1 year ago
Very good explanation, thanks!
upvoted 2 times
varun0
Highly Voted
1 year ago
Selected Answer: A
Entropy seems obvious to me.
upvoted 6 times
gho5tface
Most Recent
1 month ago
Selected Answer: D
Going against the crowd
upvoted 1 times
faha83 2 months ago
not really familiar with Entropy. happy to learn
upvoted 3 times
Protract8593 2 months ago
Selected Answer: A
店
店
Increasing cryptographic security involves strengthening the randomness and unpredictability of cryptographic elements, such as keys, data, or
initialization vectors. High data entropy refers to data with a high degree of randomness, making it more challenging for attackers to predict or
guess. The use of high data entropy in cryptographic processes helps increase the security and effectiveness of encryption.
upvoted 4 times
铺
铺
;
;
学
习
小
店 4 weeks ago
ApplebeesWaiter1122 2 months,
66
学
习
小
店
66
Selected Answer: A
Data entropy refers to the randomness and unpredictability of data. High data entropy means that the data has a high degree of randomness,
making it difficult for an attacker to analyze or predict patterns within the data. When cryptographic algorithms operate on data with high entropy,
it adds an extra layer of security because the resulting encrypted data becomes more resistant to various cryptographic attacks, including bruteforce attacks and statistical analysis.
upvoted 3 times
10to1 5 months, 3 weeks ago
Selected Answer: C
Data entropy has nothing to do security. Key or Password Entropy however affects security. Answer is C because Key Longevity makes sure that the
key will remain secure even after more powerful computers try to break it in the future.
upvoted 1 times
TheWaraba 5 months, 2 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Read this, entropy is definitely relevant in security.
https://www.thesecuritybuddy.com/encryption/what-is-entropy-in-cryptography/2/
upvoted 2 times
ronniehaang 7 months, 3 weeks ago
Selected Answer: A
A. High data entropy
High data entropy refers to the unpredictability and randomness of data used as input to a cryptographic system. The higher the entropy, the
more difficult it is for an attacker to guess the input data, thereby increasing the cryptographic security of the system.
For example, in a password-based encryption system, high entropy in the password input would result in a more secure encryption key, making it
more difficult for an attacker to crack the encryption and access the protected data.
upvoted 3 times
DALLASCOWBOYS 7 months, 4 weeks ago
店
铺
A. high data entropy. The higher the randomness, the greater the security.
upvoted 4 times
;
店
铺
;
学
学
习 ago
CL_QRT 8 months, 2 weeks
小
店
A is the answer
习
小
店
66
upvoted 1 times
66
03allen 11 months, 3 weeks ago
Anyone can tell me why C and D are not right? It doesn't say the best one, right?
upvoted 1 times
lordguck 10 months, 4 weeks ago
C decreases security, as it gives attackes more time to break/use (e.g. if stolen and no one noticed) the keys.
D is not applicable, as the question already talks about crytographic security and this includes for all relevant methods in use, ways to detect
tampering.
upvoted 2 times
lordguck 10 months, 4 weeks ago
Sorry, I was wrong here due to a misunderstanding of the used term "key longevity". "longevity" refers to the trust one has in the qualities
(e.g. time to break) of an encryption method (Topic 5C handbook) and NOT to the lifetime of an certificate ("key" got me there).
Nevertheless I vote for A, as C "longevity" is not measurable in contrast to A.
upvoted 2 times
CTE_Instructor 6 months, 3 weeks ago
Key longevity is the time length the key encryption method is secure, whether due to brute forcing or by encryption algorithm cracking.
Longer key longevity is a good thing.
D is definitely relevant as hashing increases cryptographic security by providing a 1-way function to prevent attackers from seeing the
original data.
Honestly, A, C, and D are all possible answers. The question doesn't ask for "best", which makes this a poorly worded question. There isn't
any "best" answer either, because A, C, and D should all be used, and different situations will prioritize different solutions.
upvoted 2 times
alayeluwa 11 months, 2 weeks ago
The keyword in the question is “Increase”. Increase = best one.
upvoted 1 times
Ay_ma 1 year ago
Selected Answer: A
店
店
High data entropy: In cryptography, entropy is used to produce random numbers, which in turn are used to produce security keys to protect data
while it's in storage or in transit. The greater the quality of random number generation (RNG), the greater the quality of random keys produced,
and thus the higher the security value of the key
upvoted 4 times
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #40
Which of the following statements BEST describes zero-day exploits?
A. When a zero-day exploit is discovered, the system cannot be protected by any means.
B. Zero-day exploits have their own scoring category in CVSS.
C. A zero-day exploit is initially undetectable, and no patch for it exists.
D. Discovering zero-day exploits is always performed via bug bounty programs.
Correct Answer: C
店
店
铺
Community vote distribution
;
学
习
铺
;
学
习
C (100%)
小
小
店
varun0
店
66
Highly Voted
66
1 year ago
Selected Answer: C
I'll go with C.
A says it can be protected by ANY means which is not true, sure the exploit itself doesn't have a patch yet but we can isolate the effected system
or have some kind of compensating control in place.
upvoted 10 times
aellonfol 7 months ago
you mean CAN'T be protected
upvoted 1 times
Protract8593
Most Recent
2 months ago
Selected Answer: C
The statement that BEST describes zero-day exploits is that they are initially undetectable, and no patch for them exists. A zero-day exploit is a
security vulnerability or weakness in software or hardware that is unknown to the vendor or developers and, therefore, has no official patch or fix
available. As a result, attackers can take advantage of the vulnerability without any defense or mitigation in place.
upvoted 1 times
ApplebeesWaiter1122 2 months, 4 weeks ago
Selected Answer: C
The statement that best describes zero-day exploits is that they are initially undetectable, and no patch for them exists.
A zero-day exploit refers to a security vulnerability or weakness in software or systems that is unknown to the vendor or developer and, therefore,
lacks a patch or fix. The term "zero-day" signifies that the vulnerability is exploited on the same day it is discovered, with no prior knowledge or
defense against it.
upvoted 1 times
Paramus 7 months, 1 week ago
Selected Answer: C
Unknown vulnerability with no patch available
upvoted 1 times
ronniehaang 7 months, 3 weeks ago
店
铺
店
铺
;
;
C. A zero-day exploit
学is initially undetectable, and no patch for it exists.
学
习
习
小
A zero-day exploit refers to a type of cyber attack that utilizes a previously unknown vulnerability in software or 小
hardware that hasn't been
店
店 it a significant risk to
identified or fixed by the manufacturer.
As
a
result,
there
is
no
existing
protection
or
patch
to
defend
against
it,
making
66
66
organizations and individuals. When a zero-day exploit is discovered, the first priority is to alert the vendor and hope that they can develop a
Selected Answer: C
patch as quickly as possible.
upvoted 2 times
DALLASCOWBOYS 7 months, 4 weeks ago
C. zero day attacks are attacks that exploit a vulnerablity that is unknown, therefore, no patch is available.
upvoted 1 times
KingDrew 8 months, 2 weeks ago
Selected Answer: C
Zero-day = Never seen before attack
Therefore it cannot be patched or recognized in a database if it has not occurred or been documented before.
upvoted 1 times
Iamboolean 1 year ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: C
Answer C = A zero-day exploit is initially undetectable, and no patch for it exists.
The other closest answer could be -->
"A = When a zero-day exploit is discovered, the system cannot be protected by any means."
However, this statement is not precise as it implies the system cannot be protected by any means, which is not true.
Other answers are not as precise. Therefore, answer corresponds to letter C in my opinion...
upvoted 1 times
comeragh 1 year ago
Selected Answer: C
Agree with C being the best choice answer here
upvoted 3 times
店
铺
店
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #41
A company wants to restrict emailing of PHI documents. The company is implementing a DLP solution. In order to restrict PHI documents,
which of the following should be performed FIRST?
A. Retention
B. Governance
C. Classi cation
D. Change management
店
店
铺
Correct Answer: C
铺
;
;
学
Community vote distribution
习
学
习
小C (100%)
店
66
varun0
Highly Voted
小
店
66
1 year ago
Selected Answer: C
Data has to be first classified for the DLP to know which data can leave the network and which can't.
upvoted 14 times
Protract8593
Most Recent
2 months ago
Selected Answer: C
The first step the company should perform to restrict emailing of PHI (Protected Health Information) documents is Classification. In a Data Loss
Prevention (DLP) solution, classification involves identifying and labeling data based on its sensitivity or classification level. In this case, the
company would classify documents containing PHI as sensitive or confidential. This classification allows the DLP solution to recognize and enforce
policies that restrict the emailing of such documents or prevent them from being transmitted outside the organization.
upvoted 1 times
ApplebeesWaiter1122 2 months, 4 weeks ago
Selected Answer: C
In order to restrict emailing of PHI (Protected Health Information) documents, the first step should be to perform classification. Classification
involves identifying and categorizing data based on its sensitivity and importance. By classifying documents containing PHI as sensitive or
confidential, the company can implement appropriate security controls and restrictions.
Once the documents are classified, the DLP (Data Loss Prevention) solution can be configured to recognize and enforce policies specific to PHI
documents. The DLP solution can monitor outgoing emails, analyze the content and attachments, and prevent the transmission of PHI documents
based on the defined policies.
upvoted 1 times
DALLASCOWBOYS 7 months, 4 weeks ago
C. Classification. Data classification is the primary means by which data is protected based on its need for secrecy, sensitivity and confidentiality.
upvoted 1 times
BadPlayer 5 months ago
Explain in football terms?
upvoted 1 times
IYKMba 10 months, 3 weeks ago
店
铺
Selected Answer: C
; first step to determine what data contains PHI
Classification is the学
习
upvoted 2 times
小
店
xxxdolorxxx 8 months ago 66
店
铺
;
学
习
小
店
66
This is sort of what I'm thinking. Before knowing how to stop PHI from leaving...need to know exactly what data has PHI.
upvoted 1 times
hackerguy 11 months ago
Selected Answer: C
Data Classification:
Category based on the value to the organization and the sensitivity of the
information if it were to be disclosed
upvoted 1 times
[Removed] 1 year ago
Classification, sure... But I also think Change management, because changing any sort of business process typically starts with that.
upvoted 2 times
淘宝店铺:https://shop63989109.taobao.com/
Gravoc 1 year ago
Change management doesn't make sense in this context, because its asking what needs to be implemented first to assist the DPL in preventing
PHI from being emailed. Classification is the first thing the DLP needs to properly do it's job. Change management would be like going
through the approval process to add DLP as a tool to your security framework. In this case, the question already informed us that the DLP is in
place. Meaning we can assume that the change management approval process has already been completed in regards to the DLP, and any
implications imposed by the DLP. You wouldn't approve the use of the DLP without also approving the classification of sensitive and
proprietary information.
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #42
A security analyst is investigating some users who are being redirected to a fake website that resembles www.comptia.org. The following output
was found on the naming server of the organization:
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
Which of the following attacks has taken place?
66
66
A. Domain reputation
B. Domain hijacking
C. Disassociation
D. DNS poisoning
Correct Answer: B
Community vote distribution
D (93%)
stoneface
Highly Voted
7%
1 year ago
Selected Answer: D
DNS server cache poisoning aims to corrupt the records held by the DNS server itself. This can be accomplished by performing DoS against the
server that holds the authorized records for the domain, and then spoofing replies to requests from other name servers. Another attack involves
getting the victim name server to respond to a recursive query from the attacking host. A recursive query compels the DNS server to query the
authoritative server for the answer on behalf of the client.
upvoted 26 times
BlackSpider
Most Recent
3 days, 6 hours ago
Selected Answer: D
it is only happening to some users. This is the key here.
upvoted 1 times
DannaD 1 month, 2 weeks ago
I believe this is hijacking because the attacker has already hijacked the DNS management before attempting to poison the DNS
upvoted 1 times
RevolutionaryAct 1 month, 2 weeks ago
店
铺 that is another DNS not your own (which would be DNS poisoning)
It's hijacking as;
学
https://www.malwarebytes.com/cybersecurity/business/what-is-dns-hijacking
习
upvoted 1 times
小
店
66
sujon_london 1 month, 2 weeks ago
Selected Answer: B
店
铺
;
学
习
小
店
66
Answer is B.
After a domain hijacking incident, the attackers may have full control over the domain name settings, including the ability to change the domain
name and IP address associated with it.
Change Domain Name: The attackers can modify the domain's DNS settings and point it to a different domain name.
In this scenario exactly happen domain hijacked maybe through phishing or by other means, then changed the dns name or IP addresses.
Considering first domain hijacked and then changes IP address. Where most comments suggesting DNS poisoning.
Indeed answer should be B followed by question given sequence clues.
As many things can happen once domain hijacked.
upvoted 4 times
Protract8593 2 months ago
Selected Answer: D
淘宝店铺:https://shop63989109.taobao.com/
The given scenario describes a DNS poisoning attack. In this attack, the attacker has manipulated the DNS records on the naming server to
associate the domain name "www.comptia.org" with a malicious IP address (192.168.1.10). As a result, when users try to access the legitimate
website www.comptia.org, they are redirected to a fake website hosted at the malicious IP address.
upvoted 2 times
Kraken84 1 month, 2 weeks ago
SOUNDS GOOD, but what in this question instigates that 192.168.1.10 is a malicious IP address? I wanna believe your answer, but no where
does it state that this is a malicious IP address.
upvoted 2 times
Kingbumi777 2 weeks, 1 day ago
The IP 192.168.1.10 doesn't follow the standard of the other IP's and it is also a private IP address. Regardless, if you ever see the IP
"192.168.1.X", assume it doesn't belong.
upvoted 1 times
店
铺
店
铺
;
Following throught
because it's for a different network from
学 the question, the domain is comptia.org, and we can assume www has a fake;IP学
习 (I know it's silly and that in itself does not mean anything, but we work with what 习
all the other records
we have).
小
小
upvoted 1 times
店
店
66
66
HCM1985 3 weeks, 5 days ago
Haykinz 2 months, 1 week ago
Selected Answer: B
Option B: Several things can happen when a domain is hijacked. The hackers may take control of the website and use it for malicious purposes,
such as spreading malware or conducting phishing attacks. They could also redirect traffic to other websites, resulting in lost sales or damage to
your brand reputation
The D is correct because if DNS poisoning occurs most times the website is same and not a resemblance.
During a DNS poisoning attack, a hacker substitutes the address for a valid website for an imposter. Once completed, that hacker can steal valuable
information, like passwords and account numbers. Or the hacker can simply refuse to load the spoofed site.
Someone browsing the web may never know that DNS spoofing is happening. The person may visit a site that looks perfectly normal, and even
functions somewhat normally, so everything seems safe.
upvoted 2 times
RileyG 4 months, 2 weeks ago
Domain Hijacking is the act of changing the registration of a domain name without the permission of the original owner, or by abuse of privileges
on domain hosting and domain registrar systems.
DNS poisoning is when false information is entered into a DNS Cache, so that DNS queries return an incorrect response that directs users to the
wrong website.
The answer is D because the question says "redirected to a fake website" - and we are also looking at a DNS table in the picture which means the
answer is D.
upvoted 4 times
Dutch012 4 months, 2 weeks ago
Okay, now it's evident that DNS poisoning is the answer to Question 1, yay!
upvoted 1 times
TheGuitarMan_61 5 months, 2 weeks ago
Stoneface; agree 100% "some users" takes away the Domain Hijacking answer to Poisoning, as it it is only Some Users.
upvoted 3 times
Abdul2107 5 months, 1 week ago
Smart notice
upvoted 2 times
店
铺
;
店
学 5 months, 2 weeks ago
Neither_you_nor_me
习
小
Selected Answer: D
店
66 of the first question
This seems to be the practical version
铺
;
学
习
小
店
66
upvoted 2 times
princajen 6 months, 2 weeks ago
From ChatGPT:The output shown in the image is related to DNS, and specifically to the DNS zone file for comptia.org. It indicates that the DNS A
record for www.comptia.org has been changed to point to a different IP address than the legitimate one. This is consistent with DNS poisoning,
also known as DNS spoofing or DNS cache poisoning. Therefore, the correct answer is D. DNS poisoning.
upvoted 3 times
DALLASCOWBOYS 7 months, 2 weeks ago
D. DNS Poisoning. Redirected to a fake website
upvoted 3 times
JD2354 7 months, 3 weeks ago
I agree with the crowd, answer d. why are so many "correct answers" actually incorrect on this?
淘宝店铺:https://shop63989109.taobao.com/
upvoted 2 times
Kraken84 1 month, 2 weeks ago
Its all about the discussion.
upvoted 1 times
Kraken84 1 month, 2 weeks ago
zzz a way to keep this available :)
upvoted 1 times
Lance711 7 months, 2 weeks ago
I heard that the 'correct answer' is random and that the voted answers are the only reliable options. Apparently by giving the wrong answer this
site is allowed to be up because its a near perfect copy of the real CompTIA Security+ test
upvoted 7 times
店
店
nul8212 9 months, 1 week ago
铺
Selected Answer: D
;
铺
;
学
The answer is D.
学
习
习
小
Domain hijacking is where someone
店 tries to register your domain, access your
hosted control panel, and set up 6
a6
website that is similar to yours. This asnwer is wrong.
小
店
66
upvoted 2 times
Idkanything 10 months ago
Selected Answer: D
D. DNS poisoning
Domain name to IP address entries in a DNS server are altered
upvoted 3 times
alayeluwa 11 months, 2 weeks ago
Selected Answer: D
Question gave you the answer “Redirected to a fake website that resembles www.comptia.org“
DNS Poisoning it is.
upvoted 4 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #43
Which of the following describes the continuous delivery software development methodology?
A. Waterfall
B. Spiral
C. V-shaped
D. Agile
Correct Answer: D
店
店
铺
Community vote distribution
;
学
习
铺
;
学
习
D (100%)
小
小
店
店
66
rodwave
Highly Voted
66
10 months, 2 weeks ago
Selected Answer: D
Answer: Agile
Agile methodology is a way to manage a project by breaking it up into several phases. It involves constant collaboration with stakeholders and
continuous improvement at every stage. Once the work begins, teams cycle through a process of planning, executing, and evaluating.
=======================================
Helpful Info:
Waterfall - A sequential development process that flows like a waterfall through all phases of a project (analysis, design, development, and testing,
for example), with each phase completely wrapping up before the next phase begins.
upvoted 29 times
mlonz 8 months, 1 week ago
Nice information Rodwave, you should try to add information for every questions
thanks mate
upvoted 9 times
varun0
Highly Voted
1 year ago
Selected Answer: D
Agile seems right. Its a fast paced life cycle which iterates features according to the user's feedback.
upvoted 9 times
CCNPsec
Most Recent
2 weeks, 3 days ago
D. Agile
Continuous Delivery is a software development methodology that falls under the broader Agile umbrella. It emphasizes the rapid and continuous
delivery of software updates and improvements to production environments. In Continuous Delivery, development teams work in small,
incremental steps to develop and deliver software features, often using automation to streamline the deployment process.
In contrast, the other methodologies mentioned (A. Waterfall, B. Spiral, C. V-shaped) are not synonymous with Continuous Delivery and generally
follow different approaches to software development and project management. Waterfall, Spiral, and V-shaped are traditional, sequential
methodologies, whereas Continuous Delivery focuses on continuous iteration and deployment.
upvoted 1 times
店
Protract8593 2 months ago
铺
Selected Answer: D;
店
铺
;
学
学 and incremental development
The Agile software development
methodology, including the continuous delivery approach, emphasizes iterative
习
习iteration results in a potentially
processes. It involves breaking
小 down the development process into smaller, manageable iterations, where each
小
店stakeholders, allowing for
deployable increment of the 店
software. Agile methodologies promote collaboration between development teams and
6
66
6 cycles.
faster and more adaptive development
upvoted 2 times
ApplebeesWaiter1122 2 months, 4 weeks ago
Selected Answer: D
Agile is an iterative and incremental development methodology that emphasizes flexibility, collaboration, and the delivery of working software in
short iterations called sprints. Continuous delivery is a practice within the Agile methodology that focuses on ensuring that software is always in a
releasable state. It involves frequent and automated software builds, testing, and deployment to deliver new features, updates, and bug fixes more
rapidly and consistently.
upvoted 1 times
scarceanimal 7 months, 3 weeks ago
i never heard of this once, not sure if it was on exam objectives...
upvoted 1 times
ronniehaang 7 months, 3 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: D
D. Agile.
Continuous delivery is a software development methodology that is based on the principles of agile development. It emphasizes a rapid, iterative,
and frequent release cycle, where new features and bug fixes are delivered to customers on a regular basis. The goal of continuous delivery is to
ensure that code changes can be rapidly and reliably deployed to production, minimizing downtime and maximizing the value delivered to
customers. This approach relies on automation, collaboration, and communication to ensure that software is delivered quickly, with high quality,
and with minimal risk.
upvoted 2 times
DALLASCOWBOYS 7 months, 4 weeks ago
D. Agile, in this methodology, updates are made continually, piece-by-piece, enabling software code to be delivered to customers as soon as it is
completed and tested.
upvoted 2 times
店
铺
[Removed] 11 months, 2 weeks ago
;
Selected Answer: D
店
铺
;
学
学
习
Agile approach to software
小
习
小
店
店
development is to ensure customer satisfaction via early and
continuous delivery of software.
upvoted 2 times
66
66
sucram 12 months ago
syo 501
upvoted 1 times
RonWonkers 1 year ago
Selected Answer: D
Answer is D
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #44
Which of the following is the BEST example of a cost-effective physical control to enforce a USB removable media restriction policy?
A. Putting security/antitamper tape over USB ports, logging the port numbers, and regularly inspecting the ports
B. Implementing a GPO that will restrict access to authorized USB removable media and regularly verifying that it is enforced
C. Placing systems into locked, key-controlled containers with no access to the USB ports
D. Installing an endpoint agent to detect connectivity of USB and removable media
Correct Answer: B
店
店
铺
Community vote distribution
;
A (50%) 学
习
铺
;
B (39%)
小
学
习
11%
小
店
店
rodwave
66
66
10 months, 2 weeks ago
Highly Voted
Selected Answer: A
Answer: Putting security/antitamper tape over USB ports, logging the port numbers, and regularly inspecting the ports
=============================================
Explanation:
The question is asking for two specific requirements for the solution:
1. A solution that's cost-effective
2. A solution that's a physical control
The option to implement a GPO (B) and installing an endpoint agent (D) are software-based implementations, while in the case of the GPO being
cost-effective, they do not address the physical control requirement for the solution.
Option C would address the requirement as a physical control by preventing users from physically access the USB port and likely the best out all
of the given options, however, this option is not cheapest so it's not addressing the cost-effectiveness required for the solution.
Only option A would address each requirement of the solution being a cost-effective physical control that can be implemented.
upvoted 49 times
brewoz404sd 7 months, 1 week ago
The answer is GPO not A. Cost effective is only A, GPOs are configured in AD and require no additional cost accepts the network admin to
config. A requires purchasing tape, paying techs to go to all systems and cover! Not cost effective at all. What if the organization has 2000
computers, you are going to pay techs to go out with tape! No! Answer is GPO, easy, zero cost, and bullet proof!
upvoted 12 times
rline63 3 weeks, 4 days ago
GPO is undoubtedly a better solution. In the context of the question though, it is absolutely not correct. GPO is a technical control, not a
physical control.
upvoted 2 times
[Removed] 6 months, 1 week ago
100% agree with you. GPO is what the DoD use.
upvoted 1 times
hieptran 5 months, 3 weeks ago
店
GPT response
铺
店
铺
;
;
Option B is better than Option A because it provides a more automated and centralized approach to enforcing the USB removable media
restriction policy.
学
学
习
习
小
店
小
店
Option B involves implementing a Group Policy Object (GPO) that restricts access to authorized USB removable media. This is a more
centralized approach that allows administrators to apply the policy to multiple devices at once, rather than manually inspecting each device
as in Option A. Additionally, a GPO is more reliable than manual inspection, as it is less prone to human error and can be more easily
audited to ensure that the policy is being enforced.
66
66
Option A, on the other hand, involves manually putting security/antitamper tape over USB ports and regularly inspecting the ports. This is a
more decentralized approach that relies on manual effort and is more prone to human error. It can also be difficult to scale this approach to
larger organizations with many devices, as the manual effort required to inspect each device can become prohibitive.
Therefore, while both options can be effective in enforcing a USB removable media restriction policy, Option B is a more scalable,
automated, and centralized approach that is easier to manage and audit.
upvoted 1 times
Sentry13 5 months, 1 week ago
Also from GPT:
Group Policy Object (GPO) is not a physical control, but rather a technical control
淘宝店铺:https://shop63989109.taobao.com/
Physical controls are security measures that
are implemented physically, such as locks, fences, barriers, cameras, and security guards. They
are designed to prevent or deter unauthorized physical access to equipment, facilities, or information.
In the context of a USB removable media restriction policy, a physical control could be a USB port blocker, which is a physical device
that blocks access to USB ports on a computer or other device. This device physically prevents unauthorized USB devices from being
plugged in, thereby restricting the use of removable media.
So, the BEST example of a cost-effective physical control to enforce a USB removable media restriction policy would be option A,
putting security/antitamper tape over USB ports, logging the port numbers, and regularly inspecting the ports. While this option may
not be as effective as USB port blockers, it is a cost-effective physical control that can help enforce the policy.
upvoted 6 times
CTE_Instructor 6 months, 3 weeks ago
Option A involves a lot of additional cost for security tape and regular inspection... inspection = time = money.
Option B is essentially no cost because it uses existing domain software and infrastructure to enforce. Restricting access is by definition a
physical control.
店
店
铺
;
铺
;
Option C also involves money (Like option A) and is not cost effective.
学
学
习
习
Option D involves purchasing
小 individual end point agent software... again not cost effective.
小
店
店
6
6
They are all able to control the 6
physical hardware by disallowing removable media or otherwise restricting it, however6only one is cost effect Option B, implementing a Group Policy Object.
upvoted 12 times
Nirmalabhi 9 months, 3 weeks ago
absolutely agree with you. BTW your input on the discussion of the questions is phenomenal so thank you
upvoted 8 times
Hewn
Highly Voted
1 year ago
Selected Answer: B
It's pretty obviously B, I think ya'll are getting too hung up on a physical control being 100% physical. A biometric scanner isn't useful without
some kind of software running that compares my signature to a known copy of whatever it's scanning, yet it is still considered a physical control.
upvoted 23 times
HCM1985 3 weeks, 5 days ago
The idea behind a "physical control" is that the main control is based on something physical (just like the biometric scan is worthless if we
don't have a body part to scan).
A GPO is pure software solution. Also, a GPO does not forbid a user from plugging in a USB removable device during system boot and then
loading some sort of malware or even a new OS.
upvoted 2 times
bkrich
Most Recent
1 week, 2 days ago
Selected Answer: B
Cost-effective would be GPO (B)
upvoted 1 times
LoomH 1 week, 4 days ago
Selected Answer: A
It says physical so I am going with the tape.
upvoted 1 times
henri007 1 week, 5 days ago
Selected Answer: A
Guys, PHYSICAL control
upvoted 1 times
店
店
铺
铺
;days ago
Qinin 2 weeks, 5 学
习
Selected Answer: A
小
;
学
习
店
Answer: A
cost-effective "physical control"
upvoted 1 times
66
小
店
66
henri007 4 weeks ago
Selected Answer: A
Question is physical control! B is not phisical control
upvoted 1 times
Akibaware 4 weeks, 1 day ago
So if we choose B: could we not say that "regularly inspecting" is a physical control? Answer B has 2 control components.
upvoted 1 times
HCM1985 3 weeks, 5 days ago
"Regularly verifying that it is enforced" could be just checking if the GPO was applied by running gpresult.
upvoted 1 times
淘宝店铺:https://shop63989109.taobao.com/
cybtest_2 1 month, 1 week ago
Selected Answer: A
B is not a physical control!! A and C are the only physical controls and A is more cost-effective
upvoted 1 times
RevolutionaryAct 1 month, 2 weeks ago
Selected Answer: B
A and C cost more with physical controls and monitoring, D only detects but nothing to prevent, therefore B is something that can be installed
over the network or imaged and costs little and also prevents USB access.
upvoted 1 times
Abdul2107 1 month, 3 weeks ago
Selected Answer: A
A. Anti-tamper tape
only options A, and C are physician control, but option A is more cost-effective than C
upvoted 1 times
店
铺
;
店
铺
;
学
学
习
Protract8593 2 months ago
习
小
小
店
店
6
6
6
Placing systems into locked, key-controlled
containers with no access to the USB ports is a cost-effective physical control6to enforce a USB
Selected Answer: C
removable media restriction policy. This method physically prevents unauthorized access to the USB ports, ensuring that only authorized
personnel with the appropriate keys can use them.
upvoted 2 times
Protract8593 2 months ago
Let's reevaluate the options:
A. Putting security/antitamper tape over USB ports, logging the port numbers, and regularly inspecting the ports.
This option involves using security tape over USB ports to detect tampering and logging port numbers while regularly inspecting them. While
it provides a level of tamper detection, it does not completely enforce a USB removable media restriction policy. Tamper tape can be
removed or manipulated, and regular inspections may not prevent unauthorized USB usage in real-time.
B. Implementing a GPO that will restrict access to authorized USB removable media and regularly verifying that it is enforced.
This option involves using Group Policy Objects (GPOs) to restrict access to authorized USB removable media and verifying that the policy is
enforced. While GPOs can help control USB access, they are not physical controls, and their enforcement may require additional administrative
effort. Moreover, GPOs can be circumvented or tampered with by skilled attackers.
upvoted 2 times
Protract8593 2 months ago
C. Placing systems into locked, key-controlled containers with no access to the USB ports.
This option involves physically locking systems in key-controlled containers to prevent access to the USB ports. Placing systems into locked,
key-controlled containers is a cost-effective physical control that directly enforces the USB removable media restriction policy. It ensures
that only authorized personnel with the appropriate keys can access the USB ports.
Considering the best example of a cost-effective physical control to enforce a USB removable media restriction policy, option C is the most
suitable. The key-controlled containers provide a stronger physical barrier against unauthorized USB usage compared to the other options.
Therefore, according to the CompTIA Security+ SY0-601 exam objectives, the BEST answer is C. Placing systems into locked, key-controlled
containers with no access to the USB ports.
upvoted 1 times
LiteralGod 2 months, 1 week ago
Selected Answer: A
店
铺
This is another dodgy question.
B is the most cost effective but it is not a physical control.
The answer is A.
upvoted 2 times
;
学
习
小
店
Fulmi 2 months, 4 weeks ago
66
店
铺
;
学
习
小
店
66
Implementing a GPO that will restrict access to authorized USB removable media and regularly verifying that it is enforced: This option involves
implementing a Group Policy Object (GPO) to restrict access to authorized USB removable media and ensuring that the policy is consistently
enforced. While this is an effective control from a software perspective, the question specifically asks for a cost-effective physical control. Option
B does not address physical controls.
upvoted 1 times
Fulmi 2 months, 4 weeks ago
Selected Answer: C
lacing systems into locked, key-controlled containers with no access to the USB ports: This option involves physically securing the systems by
placing them inside locked, key-controlled containers where there is no direct access to the USB ports. This prevents unauthorized individuals
from physically connecting USB removable media to the systems, ensuring compliance with the USB removable media restriction policy. It is a
cost-effective physical control that provides a straightforward and efficient means of enforcement.
upvoted 1 times
淘宝店铺:https://shop63989109.taobao.com/
TGRAV3 3 months, 2 weeks ago
Selected Answer: A
The question states: cost-effective "physical" control. A GPO is not a physical solution. A is the most logic answer.
upvoted 1 times
jb844 3 months, 2 weeks ago
Selected Answer: A
A, going to agree with rodwave ( 1 & 2)..they do make tape for this
https://www.packaging-labelling.com/products/tamper-technologies-ltd/security-labels-for-laptops
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #45
A company suspects that some corporate accounts were compromised. The number of suspicious logins from locations not recognized by the
users is increasing.
Employees who travel need their accounts protected without the risk of blocking legitimate login requests that may be made over new sign-in
properties. Which of the following security controls can be implemented?
A. Enforce MFA when an account request reaches a risk threshold.
B. Implement geofencing to only allow access from headquarters.
C. Enforce time-based login requests that align with business hours.
店
铺
D. Shift the access control scheme to a discretionary access control.
;
店
铺
;
学
学
习
习
小
Correct Answer: A
小
店
店
66
Community vote distribution
66
A (100%)
stoneface
Highly Voted
1 year ago
Selected Answer: A
Enforce MFA is the most convenient way
upvoted 11 times
varun0 1 year ago
Agreed
upvoted 4 times
rodwave
10 months, 2 weeks ago
Highly Voted
Selected Answer: A
Answer: Enforce MFA when an account request reaches a risk threshold.
This is likely the most convenient implementation that would work for all employees as an additional element(s) would need to be needed for
authentication/authorization.
========================
(B) - Implementing geofencing to only allow access from headquarters might stop the suspicious logins, however, it would be inconvenient for
employees not physically located near headquarters such as the traveling employees.
(C) Enforcing time-based login requests to align with business hours could also be inconvenient for traveling/global employees that work in
different times compared the business's normal business hours.
(D) With Discretionary access control, the owner of a resource can decide who can have access to the resource and you can modify the access at
anytime. The option to shift the access control scheme to a discretionary access control wouldn't really address the login issue either if the
account of someone who is authorized to access a resource was compromised. The attacker can still access the resource using their credentials.
upvoted 9 times
Protract8593
2 months ago
Most Recent
Selected Answer: A
Enforcing Multi-Factor Authentication (MFA) when an account request reaches a risk threshold is an appropriate security control in this scenario.
MFA adds an extra layer of security by requiring users to provide additional authentication factors, such as a one-time code sent to their mobile
device, in addition to their password. By setting a risk threshold and triggering MFA when suspicious logins from unrecognized locations are
detected, the company can protect corporate accounts without unnecessarily blocking legitimate login requests made from new sign-in locations
during employee travel.
upvoted 3 times
店
店
铺
铺
;
;
学
学
习
小
店
6 3 weeks ago
ApplebeesWaiter1122 2 months, 6
习
小
店
66
Selected Answer: A
Implementing MFA adds an extra layer of security to the authentication process by requiring users to provide multiple forms of verification, such
as a password and a one-time code generated on their mobile device or a biometric factor like a fingerprint. By setting a risk threshold, such as
detecting suspicious login activity from unrecognized locations, the system can automatically trigger the enforcement of MFA. This helps to
mitigate the risk of unauthorized access even if the credentials have been compromised.
upvoted 1 times
ronniehaang 7 months, 3 weeks ago
Selected Answer: A
A. Enforce MFA when an account request reaches a risk threshold.
Multi-Factor Authentication (MFA) is an effective security control to mitigate the risk of unauthorized access to corporate accounts. By requiring an
additional factor of authentication, such as a one-time code sent to a user's phone or a fingerprint scan, MFA can help prevent attackers from
accessing an account even if they have stolen a password. By implementing MFA only when an account request reaches a risk threshold, the
淘宝店铺:https://shop63989109.taobao.com/
company can ensure that employees who travel and
need their accounts protected will not be negatively impacted by the security control, while
still providing an extra layer of security for those accounts that are at higher risk of being compromised.
upvoted 1 times
KingDrew 8 months, 2 weeks ago
Selected Answer: A
MFA increases security because even if one credential becomes compromised, unauthorized users will be unable to meet the second
authentication requirement and will not be able to access the targeted physical space, computing device, network, or database.
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #46
An organization wants to participate in threat intelligence information sharing with peer groups. Which of the following would MOST likely meet
the organization's requirement?
A. Perform OSINT investigations.
B. Subscribe to threat intelligence feeds.
C. Submit RFCs.
D. Implement a TAXII server.
店
店
铺
Correct Answer: D
铺
;
;
学
Community vote distribution
习
学
习
小
D (94%)
店
66
Boogie_79
Highly Voted
小
店
6%
66
1 year ago
Selected Answer: D
A TAXII server is a client that exchanges standardized and anonymized cyber threat intelligence among users. It works as a venue for sharing and
collecting Indicators of compromise, which have been anonymized to protect privacy.
upvoted 25 times
yasuke
Highly Voted
11 months ago
Trusted Automated Exchange of Intelligence Information (TAXII™) is an application protocol for exchanging CTI over HTTPS. TAXII defines a
RESTful API and a set of requirements for TAXII Clients and Servers
upvoted 8 times
Protract8593
2 months ago
Most Recent
Selected Answer: D
Implementing a TAXII (Trusted Automated Exchange of Indicator Information) server would most likely meet the organization's requirement for
threat intelligence information sharing with peer groups. TAXII is a standard for exchanging threat intelligence information, allowing organizations
to share and receive threat intelligence with other entities that also use TAXII.
Subscribing to threat intelligence feeds (Option B) is a valid approach to gain access to threat intelligence information, but it does not specifically
address the organization's requirement for actively participating in threat intelligence information sharing with peer groups.
In conclusion, according to the CompTIA Security+ SY0-601 exam objectives, the BEST option to meet the organization's requirement for threat
intelligence information sharing with peer groups is D. Implement a TAXII server. This enables the organization to actively share threat intelligence
with other entities and receive intelligence from them as well.
upvoted 2 times
DALLASCOWBOYS 7 months, 4 weeks ago
D. Implementing a TAXII server helps organizations exchange structured threat information relating to indicators of compromise.
upvoted 2 times
akingokay 9 months, 2 weeks ago
Selected Answer: D
agree to D
upvoted 1 times
店
店
铺 ago
varun0 1 year;
学
Selected Answer: D
铺
;
学
习
Sharing threat information小
习
店
I'll go with TAXII server
upvoted 4 times
66
小
店
66
stoneface 1 year ago
Selected Answer: B
It isn't typical for organizations to build TAXII servers, unless they are a security vendor, but they often connect to TAXII servers to download threat
intelligence documented in the STIX taxonomy. MISP can be configured to do this.
upvoted 2 times
Jakalan7 1 year ago
Yes, but the question states they would like to "participate in threat intelligence information sharing", so the answer must be D, TAXII server. If
they subscribe to security feeds, they are only receiving information - they are not sharing any in return.
upvoted 15 times
cutemantoes 6 months, 1 week ago
I was thinking it was B until you stated that.淘宝店铺:https://shop63989109.taobao.com/
Thanks for the help!
upvoted 4 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #47
Which of the following is the MOST effective control against zero-day vulnerabilities?
A. Network segmentation
B. Patch management
C. Intrusion prevention system
D. Multiple vulnerability scanners
Correct Answer: C
店
店
铺
Community vote distribution
;
A学
(67%)
习
铺
;
B (18%)
小
学
习
C (15%)
小
店
店
beardsly
66
Highly Voted
66
1 year ago
Had to look this up myself as there is no real clear answer here. One of the Sec+ books I have suggested IPS and segmenting. Google search even
says IPS in this regard as well. I would personally say Network Segmentation but otherwise not sure. My comment is not all that helpful I know but
just wanted to throw my thoughts out there.
upvoted 20 times
hieptran 8 months, 2 weeks ago
To be more clear, zero days is an unknown exploit. There are a few chances that the IPS will detect the attack payloads/signature. But
segregating the network would eventually prevent lateral movement even if the attacker has Remote Code Execution privilege on the
compromised server.
upvoted 11 times
DriftandLuna 4 months ago
Agreed, i chose IPS but was thinking segmentation as well for the reasons you stated.
upvoted 1 times
mascot45 7 months, 3 weeks ago
I believe it's B, patch management. I don't really get how segmenting network can defend or prevent a zero day for being exploited on your
network. I put this questions to chatGPT and it gave me B as the answer, so that's what I'm going with.
upvoted 7 times
sarah2023 1 month ago
Wrong, the essence of a zero day vulnerability is that you can't prevent or protect against something you have not encountered in the past.
upvoted 3 times
rondo24 7 months, 2 weeks ago
I did the same and then I pointed out to chat GPT that a Zero Day is by definition not known and it changed its answer and said "However,
even though the vendor may be unaware of the vulnerability, there are still ways to mitigate the risks posed by zero-day vulnerabilities. For
example, network segmentation, intrusion prevention systems, and multiple vulnerability scanners can help to reduce the attack surface and
limit the damage that can be done if a zero-day vulnerability is exploited."
upvoted 2 times
Sanj 7 months, 2 weeks ago
Regular software updates: Installing the latest software updates can help protect against known vulnerabilities and fix security holes that
could be exploited by zero-day attacks.
upvoted 2 times
店
店
铺
铺
;
学
;
学
习
I agree, there is no clear
will小
say in my 20 years of IT
小answer here. And though I don't think it's what the test would want us to answer I习
店
expereince that a good Patch management process is the most helpful when it comes to zero-day exploits. I say店
once a Zero Day
66 the vendor normally rushes to put out some kind of patch or workaround. Havingthisa6because
6 to deploy that in a
becomes public knowledge then
way
TinyTrexArmz 7 months, 3 weeks ago
quick and reliable manner is key to getting things back to secure as soon as possible.
But I would say IPS would be most effective against zero day vulnerabilities because you might be able to detect the usual traffic or activity.
Network segmentation will only help slow the intruder down. If you don't have anything to detect the oddity then the attacker could install a
back door and then work their way across the segments. What's the old saying? An once on prevention is worth a pound of cure. But in a
perfect world, both would be implemented. My vote is C.
upvoted 5 times
Ay_ma
Highly Voted
1 year ago
Selected Answer: A
IPS can only protect against known host and application-based attacks and exploits. IPS inspects traffic against signatures and anomalies, it does
cover a broad spectrum of attack types, most of them signature-based, and signatures alone cannot protect against zero-day attacks.
(www.rawcode7.medium.com)
However, with network segmentation, you're able淘宝店铺:https://shop63989109.taobao.com/
to isolate critical assets into different segments. And when a zero-day attack occurs, you're not
at risk of losing all and are able to isolate the attack's effect to one segment.
upvoted 19 times
CTE_Instructor 6 months, 3 weeks ago
But the question isn't about protecting other data, the question directly says how to "control zero-day vulnerabilities". If there is a zero-day
vulnerability in a new piece of software on a device, the BEST control against this is patch management to ensure the vulnerability is patched
out as soon as possible.
upvoted 1 times
SIFD32 5 months, 3 weeks ago
I believe it would still be network segmentation because when it mentions "zero-day" you have to automatically assume that there is no
work around. But with network segmentation, you can contain the vulnerability and not allow it to affect the rest of the network. Essentially
"controlling" it.
upvoted 5 times
店
店
DriftandLuna 4 months ago
铺
铺
;
;
the mention of zero day implies they mean attacks for which there is no patch yet. Patch management wont protect against something that
there isn't a patch for which is the definition of a zero day exploit.
upvoted 3 times
学
学
习
习
小
小
店
Notgoodwithcomputers99
66
Most Recent
店
66
1 week ago
Network segmentation is my guess. The idea of a zero-day attack is a vulnerability that has no patch, so patch management would not be
effective, and multiple vulnerability scans would not be able to identify this vulnerability since it is not known yet. Segmenting the network in the
case that a vulnerability exists and data exploitation occurs would prevent it from reaching the entire network as a whole, successfully quarantining
the attack and allowing for the company to handle it on a smaller scale.
upvoted 1 times
RogerW 1 week, 3 days ago
IPS is not only signature based. It is also behavior based.
upvoted 1 times
Sublime_Cheese 3 weeks, 2 days ago
In CompTIA's eyes, the wrong answers with all deal with Prevention and Detection. Leaving Network Segmentation as the only answer. answer.
upvoted 1 times
Sallyabat 3 weeks, 4 days ago
Selected Answer: B
I'd go for Patch Management. Network segmentation won't help mitigate zero-day attack but can only prevent lateral movement. Patch
Management, if done regularly, can increase the chances of being exploited because even program developers can push patches for holes they
have discovered themselves.
upvoted 1 times
Sallyabat 3 weeks, 4 days ago
Correction: Patch Management, if done regularly, can increase the chances of NOT being exploited because even program developers can push
patches for holes they have discovered themselves.
upvoted 1 times
sarah2023 1 month ago
Selected Answer: A
A. Segmentation because there are no patches for zero day vulnerabilies, it's basically the description of a zero day vulnerabilty. For the same
reason, no IPS or scanner will help you protect against a vulnerability that has never been seen before. Segmentation will isolate it and prevent
against spreading to other segments in the network which is the best you can do with it.
upvoted 1 times
je123 1 month, 1 week ago
店
店
铺
铺
Selected Answer: A
;
;
Just putting it out there that in Jason Dion's practice question, a similar question came up : "Which of the following would NOT be useful in
defending against a zero-day threat?
Allow listing
Threat intelligence
Patching
Segmentation
学
学
习
习
小
店
66
小
店
66
Explanation
OBJ-1.6: While patching is a great way to combat threats and protect your systems, it is not effective against zero-day threats. By definition, a zeroday threat is a flaw in the software, hardware, or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the
flaw. This attack has no time (or days) between the time the vulnerability is discovered and the first attack, and therefore no patch would be
available to combat it. Using segmentation, allow listing, and threat intelligence, a cybersecurity analyst, can put additional mitigations in place to
protect the network even if a zero-day attack was successful."
So im guessing Jason Dion will choose A.
upvoted 2 times
RevolutionaryAct 1 month, 2 weeks ago
Selected Answer: A
淘宝店铺:https://shop63989109.taobao.com/
Mistake in the answer because if the answer is C here
then the answer cannot be C in question #40, which is the best answer to describe zero day
exploits:
C. A zero-day exploit is initially undetectable, and no patch for it exists.
Therefore we know patches can't be the answer, nor can it be detected so scanners won't help. If it said zero-day "exploit" then IPS would possibly
make sense as it could detect an anomaly using heuristics, but the question says control in regards to "vulnerability" and therefore segmentation is
best.
https://cybriant.com/how-to-prevent-zero-day-attacks-in-5-steps
upvoted 1 times
RevolutionaryAct 2 weeks, 4 days ago
Actually I am changing this to C - IPS as I review these questions again. A is good but an IPS *could* be anomaly or heuristic based and
therefore detect, whereas segmentation might stop but wouldn't be ideal.
upvoted 1 times
店
铺
Nikamy 1 month, 4 weeks ago
;
店
铺
;
学
学
习
A - There are no patches availabe
A小
小 to a Zero Day when it first appears and none knows about it. I'm going with习
店
店
upvoted 1 times
66
66
Selected Answer: A
faha83 2 months ago
network segmentation seem more visible considering no patch is available
upvoted 1 times
Protract8593 2 months ago
Selected Answer: B
Patch management is the most effective control against zero-day vulnerabilities. Zero-day vulnerabilities are newly discovered and exploited
vulnerabilities for which there are no official patches or fixes available from the software vendors. Attackers exploit these vulnerabilities before the
vendor becomes aware of them and can release a patch.
By having a robust and proactive patch management process in place, organizations can regularly update and apply patches to their systems and
software as soon as they become available. This reduces the window of opportunity for attackers to exploit zero-day vulnerabilities. Keeping
systems up-to-date with the latest patches helps mitigate the risk posed by zero-day exploits.
Let's provide a thorough explanation of why option A, "Network segmentation," is not the most effective control against zero-day vulnerabilities.
Network segmentation is a security practice that involves dividing a network into smaller subnetworks or segments. Each segment is isolated from
others, creating barriers that restrict the lateral movement of threats within the network. The idea behind network segmentation is to contain the
impact of a security breach by limiting an attacker's ability to move freely across the network.
upvoted 1 times
Protract8593 2 months ago
While network segmentation is a valuable security measure and can help improve overall network security, it is not specifically designed to
address zero-day vulnerabilities. Here are some key points to consider:
1. Scope of Control: Network segmentation primarily deals with controlling network traffic and access between different segments. It does not
directly address the existence or exploitation of zero-day vulnerabilities in specific systems or applications.
2. Prevention vs. Mitigation: Zero-day vulnerabilities are newly discovered and exploited before vendors have had a chance to release patches
or fixes. Network segmentation does not prevent zero-day vulnerabilities from being exploited. It can only limit the spread of the impact if a
system is already compromised.
upvoted 1 times
Protract8593 2 months ago
3. Limitations of Network Segmentation: While network segmentation can be effective against known threats and attacks, it may not
provide complete protection against sophisticated attackers who can bypass network boundaries using advanced techniques.
店
店
铺
铺
;
;
4. Zero-Day Exploits Can Cross Segments: If a zero-day vulnerability is exploited on a system within a specific network segment, it is
possible for the attacker to leverage other vulnerabilities or attack vectors to move to other segments, especially if there are
misconfigurations or inadequate security controls in place.
学
学
习
小
店
习
小
店
6
6 (Option B) is a more effective control against zero-day vulnerabilities. By promptly66applying patches and
In contrast, patch management
updates to systems and software, organizations can close known vulnerabilities, including zero-day vulnerabilities, reducing the attack
surface and mitigating the risk of exploitation.
In summary, while network segmentation is an important security measure, it is not specifically tailored to address zero-day vulnerabilities.
Patch management remains the most effective control against zero-day vulnerabilities as it directly addresses the timely application of
patches to close known security holes.
upvoted 1 times
Nikamy 1 month, 4 weeks ago
There are no patches availabe to a Zero Day when it first appears and none knows about it. I'm going with A
upvoted 2 times
EEZ12 2 months ago
I will go with Network segmentation because most of the zero might not be picked up by the IPS.
upvoted 1 times
淘宝店铺:https://shop63989109.taobao.com/
sursur 2 months, 2 weeks ago
Selected Answer: B
Zero-day vulnerabilities refer to security vulnerabilities in software that are unknown to the software vendor and for which no patch or fix is
currently available. These vulnerabilities pose a significant risk because they can be exploited by attackers before a patch is released.
Patch management involves regularly applying updates, patches, and fixes to software and systems to address known vulnerabilities. While it does
not specifically target zero-day vulnerabilities, it is a crucial control for overall security. By keeping software and systems up to date with the latest
patches, organizations can mitigate the risk of both known vulnerabilities and, to some extent, zero-day vulnerabilities.
upvoted 1 times
Essi 4 months ago
Selected Answer: A
A. Network segmentation: This can limit the impact of a zero-day attack by preventing it from spreading across the network. However, it does not
prevent the initial exploitation of the zero-day vulnerability.
upvoted 2 times
店
店
铺
铺
Abdul2107 5;
months, 1 week ago
;
学
学
Selected Answer: A
习
习
小
C (IPS) and D (Vulnerability小
scanners) cannot detect zero-day.
店
店
Remain options are A (Network segmentation)
and B (Patch management).
6
6
As for “Control” which the question6is asking, Network Segmentation is more effective, as at the beginning of Zero attack,6it’s better you already
segmented your network to reduce the spreading across your network, then a patch maybe released after sometime.
So answer is A. Network Segmentation
upvoted 3 times
TheWaraba 5 months, 1 week ago
Patch management is wrong. By the definition of Zero-Day vulnerabilities there are no patches for it.
"A zero-day (or 0-day) vulnerability is a software vulnerability that is discovered by attackers before the vendor has become aware of it. By
definition, no patch exists for zero day vulnerabilities and user systems have no defenses in place, making attacks highly likely to succeed."
An IPS is one of the best solutions here, IPS doesn't always need a signature as some people are saying here, they can detect anomalies and
suspect traffic based on baseline traffic. They also comprise robust firewalls that can help detect and stop the attackers.
Good article here:
https://www.imperva.com/learn/application-security/zero-day-exploit/
upvoted 3 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #48
Which of the following is the GREATEST security concern when outsourcing code development to third-party contractors for an internet-facing
application?
A. Intellectual property theft
B. Elevated privileges
C. Unknown backdoor
D. Quality assurance
店
店
铺
Correct Answer: C
铺
;
;
学
Community vote distribution
习
学
习
小
C (93%)
店
66
varun0
Highly Voted
小
店
7%
66
1 year ago
Selected Answer: C
GREATEST security concern would be unknown backdoor
upvoted 16 times
Protract8593
2 months ago
Most Recent
Selected Answer: C
The GREATEST security concern when outsourcing code development to third-party contractors for an internet-facing application is the possibility
of an unknown backdoor being introduced into the code. An unknown backdoor refers to unauthorized access points deliberately inserted into
the software without the knowledge or consent of the organization.
When outsourcing code development, the organization has less direct control over the development process and may not have full visibility into
the contractor's practices. This lack of oversight could potentially lead to the inclusion of hidden backdoors, which can be exploited by malicious
actors to gain unauthorized access to the application and its data.
upvoted 2 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: C
While intellectual property theft, elevated privileges, and quality assurance are all important considerations when outsourcing code development,
the presence of an unknown backdoor poses the greatest security risk. An unknown backdoor is a hidden entry point or vulnerability intentionally
or unintentionally inserted into the code by a malicious or compromised developer. It can provide unauthorized access to the application or its
underlying systems, allowing attackers to exploit the application's functionality or compromise sensitive data.
An unknown backdoor can be difficult to detect and may remain undetected for an extended period, allowing attackers to maintain persistent
access and potentially exploit the application or compromise the organization's systems or data. It can bypass security controls and enable
unauthorized actions, posing a significant risk to the security and integrity of the internet-facing application.
upvoted 2 times
ronniehaang 7 months, 3 weeks ago
Selected Answer: C
The greatest security concern when outsourcing code development to third-party contractors for an internet-facing application is the possibility
of an unknown backdoor. This is because a contractor may intentionally or unintentionally insert malicious code into the application that could
compromise the security and privacy of user data and the organization's systems. This risk is elevated if the contractor is not fully vetted, or if the
organization does not have adequate safeguards in place to ensure the security and integrity of the codebase. To mitigate this risk, the
organization should have strict security policies and procedures in place for outsourcing, including background checks for contractors, code
review and testing procedures, and continuous monitoring and incident response processes.
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
DALLASCOWBOYS 7 months, 4 weeks ago
小
店
66
C. I think Unknown Backdoors would be the GREATEST security concern is the best answer. I do believe D is very good answer because that would
be the first step in risk assessment and mitigation is Quality Assurance.
upvoted 1 times
sonic1230 11 months, 1 week ago
Selected Answer: C
google
upvoted 3 times
Ay_ma 1 year ago
A- Intellectual Property Theft: I'm guessing by that point a legal contract is already on ground to mitigate such an issue.
Unknown Backdoor, in my opinion, is equivalent to a zero-day attack. You have no idea if these contractors knowingly or unknowingly but a
backdoor in your code
淘宝店铺:https://shop63989109.taobao.com/
Quality Assurance: I'm guessing that's why you hired them in the first place because you know they deliver quality service.
upvoted 3 times
comeragh 1 year ago
Selected Answer: C
GREATEST security concern - for me this would be C - Unknown Backdoor
upvoted 1 times
stoneface 1 year ago
Selected Answer: D
If you're outsourcing dev work, you probably have a contract with a legit company and you had probably also reviewed their documents and
AOC's and stuff.
Without good QA, there could be a purposeful OR unintended backdoor in the application if somebody was an incompetent developer
店
店
铺
铺 program.
With good QA, ideally they would be doing automated security testing to look for a backdoor in the
;
;
upvoted 2 times
学
学
习
习
小
小
Sandon 8 months, 1 week店
ago
店
66
66
Bad Stoneface, bad
upvoted 3 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #49
An organization has hired a red team to simulate attacks on its security posture. Which of the following will the blue team do after detecting an
IoC?
A. Reimage the impacted workstations.
B. Activate runbooks for incident response.
C. Conduct forensics on the compromised system.
D. Conduct passive reconnaissance to gather information.
店
店
铺
Correct Answer: C
铺
;
;
学
Community vote distribution
习
学
习
小
B (92%)
店
66
varun0
Highly Voted
小
店
8%
66
1 year ago
Selected Answer: B
Incident is detected, now incident response has to happen. Runbook describes everyone's roles during incident response.
upvoted 31 times
Sanj 7 months, 2 weeks ago
This is a simulation - so the blue team has to do forensics not incident response
upvoted 5 times
stoneface 1 year ago
agreed
upvoted 5 times
Wiggie
Highly Voted
1 year ago
Selected Answer: B
B is correct
upvoted 6 times
RevolutionaryAct
Most Recent
1 month, 2 weeks ago
Selected Answer: B
Forensics would never happen during or after a PenTest as not only do you know what the testers did as you hired them, but there are blue teams
(defense), white (referees) and purple (red/blue mix) teams which are meant to work to stop and / or respond to the attack.
The response to the IoC is what the blue needs to do and therefore the answer is B runbook.
https://www.quora.com/Is-penetration-testing-a-part-of-cyber-forensic
upvoted 1 times
Protract8593 2 months ago
Selected Answer: B
After detecting an Indicator of Compromise (IoC), the blue team's primary action will be to activate runbooks for incident response. Incident
response runbooks are predefined procedures and guidelines that outline the steps to be taken when specific security incidents are detected.
These runbooks are essential for organizing and streamlining the response process to security incidents, including those identified through IoCs.
upvoted 3 times
店
店
铺
铺
;
学
习
;
学
习
小
小 hence answers is B
From the official book of Comptia
店 S+ "Blue team—performs the defensive role by operating monitoring and alerting"
店
66infiltration.
66
controls to detect and prevent the
frejus 2 months, 3 weeks ago
upvoted 1 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: B
After detecting an Indicator of Compromise (IoC), the blue team would typically activate runbooks for incident response. Runbooks are
predefined procedures or processes that guide the response actions to be taken when a security incident or compromise is detected. These
runbooks outline the steps and actions to be followed, including notifying appropriate stakeholders, containing the incident, and initiating an
investigation.
upvoted 1 times
Dan_26 4 months ago
Answer is C. You've been compromised. There's an indicator it happened. The attack is over. It's in the past now. Whodunnit (attribution) is in the
future and the evidence needs to be acquired by gathering evidence (forensics). This is straight out of law enforcement: murder/forensics/blame
in that order.
upvoted 1 times
淘宝店铺:https://shop63989109.taobao.com/
LeonardSnart 4 months, 1 week ago
I thought since this is a pen test C would be right, but according to Mike Meyers B is correct.
"Penetration tests are treated as an exercise between two teams. The red team is tasked with the job of performing the penetration testing.
They’re the ones we more typically think of as the hacker types who use clever attacks and tools to get into other folks’ networks. Red teams
emulate potential attacker techniques. But the red team is only part of the pen test exercise. Every good pen test also includes a blue team, the
insider team, the defender if you will. Any good pen test isn’t just the red team against your infrastructure. Just as in
a real-world attack, your inside folks, your blue team, would work actively to mitigate any attack—even one taking place in real time."
Mike Meyers Security+ Cert Guide Third Edition SY0-601
upvoted 1 times
TheWaraba 5 months, 1 week ago
Read this article https://www.crowdstrike.com/cybersecurity-101/indicators-of-compromise/ioa-vs-ioc/
店
店
铺
铺response. We can forensics later.
IOC means the ;
system has already been breached, the most logical thing to do is to start an incident
;
学
学
upvoted 3 times
习
习
小
小
monzie 5 months, 4 weeks ago
店
店
6
66
6
Selected Answer: C
After detecting an Indicator of Compromise (IoC), the blue team will conduct forensics on the compromised system.
Forensics analysis will enable the blue team to identify the root cause of the security incident and determine the extent of the damage. It can also
help identify other compromised systems, as well as the tactics, techniques, and procedures (TTPs) used by the red team. Based on the findings,
the blue team can then take appropriate steps to contain, mitigate, and remediate the incident. Reimaging the impacted workstations may be one
of those steps, but it depends on the specific circumstances and the findings of the forensics analysis. Activating runbooks for incident response
and conducting passive reconnaissance are also important steps, but they are not directly related to detecting and analyzing an IoC.
upvoted 3 times
C_M_M 6 months ago
Forensics is primarily done to determine who is to blame. That's not the immediate next step. You should be more concerned with understanding
the compromise, and limiting it. You can do so while ensuring that evidence is preserved. This is where incident response comes in.
So the correct answer should B.
upvoted 1 times
Bruised_Warlock 6 months ago
I think the keyword here is IOC (Indicator of Compromise). I will use the analogy as follows, just because you are showing early signs of diabetes
does not make you a diabetic until you go to a doctor and are diagnosed a diabetic. The system shows signs of a compromise, however, it does
not make this an incident until the Blue Team in this scenario performs forensics to confirm the signs of a compromise and then call it an incident.
My answer would be C. Since, now it is confirmed an incident, we would then activate the runbooks for incident response.
upvoted 1 times
princajen 6 months, 2 weeks ago
Selected Answer: B
From ChatGPT:
the BEST answer to this question depends on the specific context of the scenario. If the organization wants to contain the attack quickly and
prevent further damage, reimaging the impacted workstations or activating runbooks for incident response may be the more appropriate
immediate response. Forensics analysis may come later, after the incident has been resolved, to help the organization identify any gaps in its
security posture and improve its response to future incidents.
upvoted 1 times
ronniehaang 7 months, 3 weeks ago
Selected Answer: B
B. Activate runbooks for incident response.
店
店
铺
铺
After detecting;
an Indicator of Compromise (IoC), the blue team will activate runbooks for incident response.
The purpose of runbooks is to have
学 and repeatable process to respond to security incidents. The blue team will;use学the runbooks to assess the scope of
a systematic, documented,
习
习
the attack, contain it, and minimize
damage. The runbooks will also help the blue team collect and preserve evidence,
perform root cause analysis,
小
店The blue team will take the information gathered from the runbooks and use it to小improve
店
and restore normal operations.
the organization's
6
6
security posture.
6
6
upvoted 5 times
DALLASCOWBOYS 7 months, 4 weeks ago
B. The blue team is the defense and will defend against the attack
upvoted 2 times
[Removed] 9 months, 1 week ago
Selected Answer: C
IoC = Forensics… Both answers seems fine but C answer could be right given the scenario (IoC).
upvoted 2 times
560exam 9 months, 3 weeks ago
Selected Answer: B
Indicator of Compromise (IOC), Analysts detects that the system has been compromised, next step is to activate run books. Im going with B.
淘宝店铺:https://shop63989109.taobao.com/
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #50
An amusement park is implementing a biometric system that validates customers' ngerprints to ensure they are not sharing tickets. The park's
owner values customers above all and would prefer customers' convenience over security. For this reason, which of the following features should
the security team prioritize
FIRST?
A. Low FAR
B. Low e cacy
C. Low FRR
店
店
铺
D. Low CER
铺
;
;
学
Correct Answer: C
学
习
习
小
小
店
店
66
Community vote distribution
66
C (100%)
varun0
Highly Voted
1 year ago
Selected Answer: C
since convenience should be prioritized over security, FIRST priority should be low FRR
upvoted 16 times
ScottT 1 year ago
https://www.recogtech.com/en/knowledge-base/security-level-versus-user-convenience - FAR = False Acceptance. FRR = False Rejections
upvoted 4 times
stoneface 1 year ago
concur
upvoted 4 times
rodwave
Highly Voted
10 months, 2 weeks ago
Selected Answer: C
Answer: Low FRR
There are two main metrics that are used to determine the performance of biometrics:
1. FAR (False Acceptance Rate)
2. FRR (False Rejection Rate)
False Acceptance Rate (FAR) is a metric for bio-metric performance that determines the number of instances where unauthorized persons were
incorrectly authorized. False Rejection Rate (FRR) is a metric that determines the number of instances where an authorized person are incorrectly
rejected.
If the emphasis is security, then making sure the False Acceptance Rate is low as a low FAR rate means a lower possibility for someone to be
authorized who shouldn't. If the emphasis is convenience, then you'd want to make sure the False Rejection Rate is low as a low FRR means a
lower possibility for someone to be rejected who should be authorized.
upvoted 12 times
店
Bro ovski
铺Most Recent 5 days, 11 hours ago
;security = FRR (False Rejection Rate)
convenience over
学 = FAR (False Acceptance Rate)
security over convenience
习
小
upvoted 1 times
店
66
cyberbb 1 month, 4 weeks ago
店
铺
;
学
习
小
店
66
real answe is C
upvoted 1 times
Protract8593 2 months ago
Selected Answer: C
In this scenario, where the amusement park owner values customers' convenience over security, the security team should prioritize a biometric
system with a low False Rejection Rate (FRR). The False Rejection Rate is the percentage of legitimate users who are incorrectly denied access by
the biometric system.
A low FRR means that the biometric system is more lenient in accepting valid fingerprints, reducing the likelihood of customers experiencing
inconvenience due to frequent false rejections. While this may slightly compromise security by allowing some potential ticket sharing, it aligns
with the park's focus on customer convenience.
upvoted 1 times
ApplebeesWaiter1122 2 months, 3 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: C
The False Rejection Rate (FRR) measures the likelihood of a biometric system incorrectly rejecting a valid user. A low FRR means that the system
will have fewer instances of denying access to legitimate customers, minimizing inconvenience for park visitors.
While security is still important, in this particular case, the park owner's preference for customer convenience takes precedence. By prioritizing a
low FRR, the security team can prioritize a seamless and user-friendly experience, ensuring that valid customers are not mistakenly rejected when
trying to access the park.
upvoted 1 times
BevMe 5 months, 1 week ago
Selected Answer: C
Low FRR minimizes customer inconvenience while maintaining an acceptable level of security.
upvoted 1 times
店
店
铺
A. False Acceptance
; Rate, means you are falsely accepting unauthorized users, therefore, park owner铺wants
; to prioritize convenience over security.
学
学
This will allow for convenience.
习
习
小
小
店authorized users which would impact convenience.
店
FRR would be falsely rejecting
6
66
6
upvoted 2 times
DALLASCOWBOYS 7 months, 4 weeks ago
DALLASCOWBOYS 7 months, 4 weeks ago
C. Changing answer to Low FRR, as you decrease False rjection rate you will increase the rate of false acceptance, therefore more convenience.
upvoted 1 times
i_m_Jatin 7 months, 4 weeks ago
Low FRR is good answer
upvoted 1 times
Sklark 11 months ago
Could you imagine the uproar of a zoo storing fingerprint data?
upvoted 6 times
J_Ark1 10 months ago
yes all the habitats and species going bananas in their enclosures lol
upvoted 5 times
Tjank 12 months ago
Selected Answer: C
FAR (False Acceptance Rate)
FRR (False Rejection Rate)
CER (Crossover Error Rate) AKA ERR (Equal Error Rate)
since he is willing to sacrifice Security for Customer Service, Best way to understand this is.
FAR has to go up in order for FRR to go down.
typical business practice is in the middle of both which would be near the CER.
upvoted 1 times
banditring 1 year ago
why would an amusement park even do this?
upvoted 3 times
darklion 5 months, 2 weeks ago
universal does this
upvoted 1 times
店
铺
; 2 weeks ago
RobV 11 months,
学
习 verifies guests.
Disneyworld fingerprint
小
店
upvoted 3 times
66
RonWonkers 1 year ago
For the same reason some dude in a math test buys 50 watermelons
upvoted 26 times
gladtam 6 months ago
This is hilarious hahaha
upvoted 1 times
banditring 11 months, 4 weeks ago
touche lol
upvoted 1 times
Wutan 1 year ago
awesome :D
店
铺
;
学
习
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
upvoted 1 times
varun0 1 year ago
Low CER?
upvoted 2 times
varun0 1 year ago
Disregard this
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #51
Which of the following organizations sets frameworks and controls for optimal security con guration on systems?
A. ISO
B. GDPR
C. PCI DSS
D. NIST
Correct Answer: D
店
店
铺
Community vote distribution
;
学 D (87%)
习
小
店
varun0
铺
;
学
习
13%
小
店
66
66
1 year ago
Highly Voted
Selected Answer: D
NIST I guess
upvoted 17 times
Tjank
Highly Voted
12 months ago
Both ISO and NIST have Frameworks for standards.
when searching parts of the question "sets frameworks and controls for optimal security configuration" only NIST came up specifically.
I personally hate these type of questions as I would utilize both to build from.
upvoted 15 times
LePecador 2 months, 1 week ago
I would choose NIST just because the questions is stating "frameworks" not "standards" (ISO is a standard) I know is weird, but CompTIA is
equally weird with these vague questions
upvoted 3 times
rodwave 10 months, 2 weeks ago
Agreed, not a huge fan of the question either. The question only mentions security where both ISO and NIST would cover but I would lean
towards NIST as its specifically for improving cybersecurity.
upvoted 3 times
sujon_london
Most Recent
1 month, 2 weeks ago
Selected Answer: D
Once mentioned security that’s should be recon it’s NIST
upvoted 1 times
Protract8593 2 months ago
Selected Answer: D
NIST (National Institute of Standards and Technology) is the organization that sets frameworks and controls for optimal security configuration on
systems. NIST is a non-regulatory agency of the United States Department of Commerce and plays a significant role in developing standards and
guidelines for various aspects of information security, including cybersecurity best practices and security configuration.
upvoted 5 times
Tiazzed 2 months ago
店
铺
I think ist nist
upvoted 1 times
;
学
习 months, 3 weeks ago
ApplebeesWaiter1122 2小
店
Selected Answer: D
66
店
铺
;
学
习
小
店
66
The organization that sets frameworks and controls for optimal security configuration on systems is NIST (National Institute of Standards and
Technology). NIST provides guidelines, standards, and best practices for various aspects of cybersecurity, including security configuration
management. Their publications, such as the NIST Special Publication 800-53, provide detailed controls and recommendations for securing
information systems and protecting sensitive data.
ISO (International Organization for Standardization) develops and publishes international standards for various industries, including cybersecurity,
but it does not specifically focus on security configuration management.
upvoted 1 times
JAMBER 4 months ago
Selected Answer: D
Very vague question for such broad reaching organizations. I went with D- NIST, but ISO seemed very likely as well.
upvoted 1 times
goodmate 6 months ago
淘宝店铺:https://shop63989109.taobao.com/
National versus international. Some frameworks are
used within
a single country (and referred to as national frameworks), while
others are used internationally. As an example, NIST created the
Cybersecurity Framework, which focuses on cybersecurity activities
and risks within the United States. In contrast, the International
Organization for Standardization (ISO) and the International
Electrotechnical Commission (IEC) create and publish international
standards. For example, ISO/IEC 27002 provides a framework for IT
security.
Source: Darill Gibson, ComptiaSecurity+ SY0-501 Study Guide, page: 690
upvoted 2 times
Omi0204 6 months, 2 weeks ago
https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/security-frameworks/
NIST answer would be D
upvoted 1 times
店
店
铺
铺
;
;
学
学
ronniehaang 7 months, 3 weeks ago
习
习
小
Selected Answer: D
小
店
店
D. NIST (National Institute of Standards and Technology) sets frameworks and controls for optimal security configuration on systems. NIST
provides guidelines, standards, and best practices for information security, including the development of security configuration baselines for
various technologies, such as operating systems and applications.
upvoted 3 times
66
66
DALLASCOWBOYS 7 months, 4 weeks ago
D. NIST ( National Institute of Standards and Technology) is the standard used by organizations to establish fundamental controls and processes
needed for optimum cybersecurity
upvoted 2 times
i_m_Jatin 7 months, 4 weeks ago
National Institute of Standards and Technology
upvoted 1 times
[Removed] 8 months, 1 week ago
Selected Answer: D
https://sopa.tulane.edu/blog/NIST-cybersecurityframework#:~:text=The%20National%20Institute%20of%20Standards,and%20how%20it%20is%20implemented.
upvoted 1 times
shitgod 9 months ago
The quality of this question is quite low...
upvoted 9 times
Knowledge33 11 months, 1 week ago
Selected Answer: D
ISO is for all standards, not only security, whereas NIST is only related to security.
upvoted 5 times
housecoatjapan 6 months, 1 week ago
Not true, but just memorize it.
The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to
promote American innovation and industrial competitiveness. NIST's activities are organized into physical science laboratory programs that
include nanoscale science and technology, engineering, information technology, neutron research, material measurement, and physical
measurement. From 1901 to 1988, the agency was named the National Bureau of Standards.[4]
upvoted 1 times
店
店
铺
铺
;
Wutan 1 year ago学
Selected Answer: A
;
学
习
习
小
店
I'd also say its ISO as the question does not state any cybersecurity related information only general security.
upvoted 2 times
66
jmb335 1 year ago
I think its NIST, they created the "CSF Cybersecurity Framework" to help organizations manage risk.
upvoted 3 times
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #52
An organization discovered les with proprietary nancial data have been deleted. The les have been recovered from backup, but every time the
Chief Financial
O cer logs in to the le server, the same les are deleted again. No other users are experiencing this issue. Which of the following types of
malware is MOST likely causing this behavior?
A. Logic bomb
B. Cryptomalware
C. Spyware
店
店
铺
铺
D. Remote access Trojan
;
;
学
学
习
习
小
Correct Answer: A
店
66
Community vote distribution
小
店
66
A (100%)
cozzmo
Highly Voted
1 year ago
Logic bomb: a set of instructions secretly incorporated into a program so that if a particular condition is satisfied they will be carried out, usually
with harmful effects.
upvoted 20 times
varun0 1 year ago
Agreed
upvoted 3 times
rodwave
Highly Voted
10 months, 2 weeks ago
Selected Answer: A
Answer: Logic Bomb
A logic bomb is inserted code that will intentionally set off a malicious function when specified conditions are met. In this question, the logic
bomb could be related to when the CFO logs in as no other user is experiencing this issue.
==================================
Helpful info:
Cryptomalware - A type of ransomware that will encrypt user's files and demand a random
Spyware - a form of malware that hides on your device, monitors activity and steals sensitive information.
Remote Access Trojan (RAT) - malware an attacker uses to remotely control an infected computer
upvoted 11 times
Protract8593
Most Recent
2 months ago
Selected Answer: A
A logic bomb is a type of malicious code that is intentionally inserted into a system or software application with the purpose of executing a
malicious action at a specific time or when certain conditions are met. In this scenario, the files with proprietary financial data are being deleted
every time the Chief Financial Officer logs in to the file server, suggesting that the deletion is triggered by a specific action, which is characteristic
of a logic bomb.
upvoted 1 times
店
店
铺
铺
ApplebeesWaiter1122
2 months, 3 weeks ago
;
;
学
学
Selected Answer: A
习
习
小
小is a type of malware that is
Based on the given scenario, the most likely type of malware causing this behavior is a logic bomb. A logic bomb
店
店when the Chief Financial
programmed to execute a malicious
66 action when specific conditions are met. In this case, the logic bomb is triggered
66
Officer (CFO) logs into the file server, resulting in the deletion of the proprietary financial data.
upvoted 1 times
ronniehaang 7 months, 3 weeks ago
Selected Answer: A
A. Logic bomb is most likely causing this behavior.
A logic bomb is a type of malware that triggers an action based on certain conditions. In this scenario, the files with proprietary financial data are
being deleted every time the Chief Financial Officer logs in to the file server, which is a clear indication of a logic bomb in action. This type of
malware is designed to cause harm to a target system and can have devastating effects, including data loss and system shutdown.
upvoted 2 times
DALLASCOWBOYS 7 months, 4 weeks ago
A. Logic bomb. Attack is triggered when certain conditions are met.
upvoted 1 times
淘宝店铺:https://shop63989109.taobao.com/
xxxdolorxxx 8 months ago
Selected Answer: A
I'm saying A. Circumstance happens when a specific set of sequences takes place. I.e. Logic Bomb.
.
B. Cryptomalware (No mention of crypto here)
C. Spyware (No mention of spying or ads specific ads)
D. Remote access Trojan (Not really applicable here)
upvoted 1 times
nobodyridesforfree 11 months, 1 week ago
Selected Answer: A
Logic Bomb is correct as it requires a specific action to occur.
upvoted 1 times
alayeluwa 11 months, 2 weeks ago
店
铺
店
铺
Selected Answer: A
;
;
学
Logic bomb
学
习
习
小
小
If user-account = chief-financial-officer;
Execute bla bla bla
upvoted 3 times
店
店
66
66
Fastytop 11 months, 2 weeks ago
Logic bomb not the types of malware!!!
upvoted 1 times
VendorPTS 11 months, 4 weeks ago
Selected Answer: A
Logic bomb. Occurs upon meeting preset criteria (e.g. a particular user logging on).
upvoted 1 times
Gravoc 1 year ago
Logic bomb. When set criteria's/conditions are met, something happens. The condition in this case is the files being accessed = erase.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #53
A security analyst has identi ed malware spreading through the corporate network and has activated the CSIRT. Which of the following should
the analyst do
NEXT?
A. Review how the malware was introduced to the network.
B. Attempt to quarantine all infected hosts to limit further spread.
C. Create help desk tickets to get infected systems reimaged.
D. Update all endpoint antivirus solutions with the latest updates.
店
铺
店
铺
;
;
学
Correct Answer: B
学
习
习
小
小
店
Community vote distribution
店
66
66
B (97%)
varun0
Highly Voted
1 year ago
Selected Answer: B
Quarantine to limit further spread
upvoted 16 times
rodwave
10 months, 2 weeks ago
Highly Voted
Selected Answer: B
Answer: Attempt to quarantine all infected hosts to limit further spread.
As soon as the malware was identified, the incident response begins. The steps for incident response are:
1. Preparation - Preparing for an attack and how to respond
2. Identification - Identifying the threat
3. Containment - Containing the threat
4. Eradication - Removing the threat
5. Recovery - Recovering affected systems
6. Lessons Learned - Evaluating the incident response, see where there can be improvements for a future incident.
In the scenario, the malware has already been identified, which means that we are past the Identification step. The next step would be to begin
containment as to limit the amount of damage the malware can cause, so, quarantining infected hosts would be the best option here.
upvoted 11 times
Roosey
Most Recent
1 month, 2 weeks ago
Selected Answer: B
Quarantine
upvoted 1 times
Protract8593 2 months ago
Selected Answer: B
When a security analyst identifies malware spreading through the corporate network and activates the Computer Security Incident Response Team
(CSIRT), the immediate next step should be to attempt to quarantine all infected hosts to limit further spread of the malware. Quarantining
infected hosts can help contain the malware and prevent it from infecting other systems on the network.
upvoted 1 times
店
店
铺
;
ApplebeesWaiter1122 2 months, 3 weeks ago
学
Selected Answer: B
习
小
店
铺
;
学
习
小
店
When a security analyst has identified malware spreading through the corporate network and activated the Computer Security Incident Response
Team (CSIRT), the next step would be to attempt to quarantine all infected hosts to limit further spread. This is crucial to prevent the malware
from infecting more systems and potentially causing additional damage.
upvoted 1 times
66
66
RileyG 4 months, 1 week ago
Selected Answer: B
The sensible next step is to isolate the malware to prevent spread. AKA quarantine the incident.
upvoted 1 times
Jacs 5 months, 1 week ago
Selected Answer: C
Could be C because the plan was already activated and one phase included in the IRP states that the threat must be identified and contained
which means trying to avoid spreading the virus to the entire company. Then the next logical step must be to reimage the infected PCs.
upvoted 1 times
RevolutionaryAct 2 weeks, 4 days ago
淘宝店铺:https://shop63989109.taobao.com/
Nope, all that has happened is that the malware was identified and CSIRT was notified:
1. Preparation - Preparing for an attack and how to respond
2. Identification - Identifying the threat << You are here
3. Containment - Containing the threat << Need to go here
4. Eradication - Removing the threat
5. Recovery - Recovering affected systems << Too far into the future
6. Lessons Learned - Evaluating the incident response, see where there can be improvements for a future incident.
upvoted 1 times
DALLASCOWBOYS 7 months, 4 weeks ago
B. Quarantine to limit the spread
upvoted 1 times
sauna28 9 months, 2 weeks ago
店
店
铺
铺
;
;
Phases in the Incident
学 Response Plan
学
习
习
1. Preparation: The organization
plans out how they will respond to attack, this can involve:
小
小
2. Identification: Detecting and determining whether an incident has occurred.
店
店 The removal of the
3. Containment: Once a threat has6been identified, the organization must limit or prevent any further damage. 4. Eradication:
66
6
threat
Selected Answer: B
5. Recovery: Restoring systems affected by the incident
6. Lessons Learned: Where the organization reviews their incident response and prepare for a future attack
upvoted 2 times
lordguck 10 months, 4 weeks ago
This question is free for interpretation again :-( A is my bet, whereas B (containment)/C (recovery) could be right, too. By activating the CSIRT his
duties regarding containment and recovery could be fullfilled/handed over and the analyst goes to "lessons learnt".
upvoted 1 times
Jossie_C 10 months, 3 weeks ago
Nope. Step 4 isn't urgent unlike quarantining. It's like COVID: quarantine everyone infected, which is containment, then figure out what
happened.
upvoted 1 times
RonWonkers 1 year ago
Selected Answer: B
Incident response cycle, step 2 identification > step 3 containment
upvoted 3 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #54
During an incident response, an analyst applied rules to all inbound tra c on the border rewall and implemented ACLs on each critical server.
Following an investigation, the company realizes it is still vulnerable because outbound tra c is not restricted, and the adversary is able to
maintain a presence in the network.
In which of the following stages of the Cyber Kill Chain is the adversary currently operating?
A. Reconnaissance
B. Command and control
C. Actions on objective
店
店
铺
D. Exploitation
铺
;
;
学
Correct Answer: C
学
习
习
小
店
66
Community vote distribution
B (89%)
stoneface
小
店
Highly Voted
66
7%
1 year ago
Selected Answer: B
Command and control (C2)—establishment of outbound communications from a victim system for secure communications between victim and
adversary systems. Compromised hosts typically beacon out and await further instruction or exploit when higher order interaction or data
exchange is required. This is the hallmark of advanced persistent threat (APT) attacks and data exfiltration.
upvoted 27 times
varun0
Highly Voted
1 year ago
Selected Answer: B
able to maintain a presence in the network = C2
upvoted 8 times
IT__noob
Most Recent
1 month, 1 week ago
While "Command and control" (answer B) is a valid consideration, the scenario you provided primarily indicates that the adversary has already
bypassed the initial security measures and is maintaining a presence in the network. This aligns more closely with the "Actions on objective" stage,
as they are actively carrying out their malicious activities.
"Command and control" generally refers to the stage where the attacker establishes communication channels and controls compromised systems
remotely. In your scenario, the attacker has already progressed beyond this stage by maintaining a presence and potentially interacting with the
network.
It's important to note that incident response and cyber threat scenarios can be complex, and stages might overlap or evolve. In the given context,
"Actions on objective" seems to be the most appropriate stage based on the information provided.
upvoted 4 times
TreeeSon 1 week, 2 days ago
Actions on objective is assuming that the attacker has performed malicious actions. However, this isn't stated in the question. Although C seems
logical; this is CompTIA we CANNOT assume anything.
upvoted 1 times
narensnair 1 month, 1 week ago
店
铺
店
铺
;
;might originate from an effected end
The c2c is established,
学 team blocked all inbound ports, but no action taken against outbound traffic that
习suspects still the attack is going on point to the next stage of action on object or学data
习 exfiltration or any such malicious
point, if the organization
小
小
action
店
店
upvoted 1 times
66
66
Selected Answer: C
RevolutionaryAct 1 month, 2 weeks ago
Selected Answer: C
If it was Command and Control, then the adversary could not communicate with the internal network from the outside, however because they are
in the network and affecting outgoing traffic they have completed actions on objectives:
https://www.eccouncil.org/cybersecurity-exchange/threat-intelligence/cyber-kill-chain-seven-steps-cyberattack/
upvoted 1 times
Protract8593 2 months ago
Selected Answer: B
In the scenario described, the adversary has already breached the network and is maintaining a presence. The fact that outbound traffic is not
restricted allows the adversary to communicate with their command and control (C2) servers without hindrance. By maintaining this
communication, the attacker can control and continue their operations within the network.
upvoted 2 times
ApplebeesWaiter1122 2 months, 3 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: B
In the given scenario, the incident response team implemented rules on inbound traffic and applied ACLs on critical servers. This indicates that the
organization has taken measures to address the initial entry point and potential exploitation of their systems. However, the adversary is still able to
maintain a presence in the network, suggesting that they are communicating and controlling their activities from within the network.
The "Command and control" stage of the Cyber Kill Chain involves the adversary establishing communication channels and control mechanisms to
manage their presence in the compromised environment. By maintaining this control, they can continue their malicious activities and work
towards achieving their objectives, which may include data exfiltration, further network compromise, or other malicious actions.
upvoted 2 times
Abdul2107 5 months, 1 week ago
Selected Answer: B
Check this, it’s clear:
https://en.m.wikipedia.org/wiki/File:Intrusion_Kill_Chain_-_v2.png
upvoted 1 times
店
铺
店
铺
;
;
C_M_M 6 months学
ago
学
习
习
Why not Action on Objective?
小
店 so C2 is essentially blocked. Even though the malware can communicate with 小
店 center, it's unable to
They have locked out all inbound,
its control
6
66
recieve commands when all inbound
6 traffic is blocked.
However, if the malware is at the stage of Action on Objective, which often includes data exfiltration, just outbound traffic is enough for the
malware to keep operating.
I will go for Action on Objective.
upvoted 4 times
Vulturized 4 months, 3 weeks ago
You have answered your own question "Action on Objective, which often includes data exfiltration". Does the test question state they have
done any exfiltration any other kind of action? No.
Also, all incoming traffic being blocked does not mean they cannot communicate with the system at all. The compromised system can be the
one to initiate the communication and most of the time firewalls will allow incomming traffic if the session was iniated from inside outwards.
Therefore, all the hackers would have to do is wait and listen on a port for the malware to connect to it. And then they will be able to do the
next step, which would be Action on Objective.
upvoted 2 times
Nishkurup 6 months, 1 week ago
Selected Answer: B
Phases of the Cyber Kill Chain Process
Phase 1: Reconnaissance
Phase 2: Weaponization
Phase 3: Delivery
Phase 4: Exploitation
Phase 5: Installation
Phase 6: Command and Control
In Command & Control, the attacker is able to use the malware to assume remote control of a device or identity within the target network. In this
stage, the attacker may also work to move laterally throughout the network, expanding their access and establishing more points of entry for the
future.
Phase 7: Actions on Objective
In this stage, the attacker takes steps to carry out their intended goals, which may include data theft, destruction, encryption or exfiltration.
upvoted 4 times
EricShon 7 months, 3 weeks ago
Selected Answer: B
Command and control (C2 or C&C)—the weaponized code establishes an outbound channel to a remote server that can then be used to control
the remote access tool and possibly download additional tools to progress the attack.
upvoted 1 times
店
铺
ronniehaang 7 months, 3 weeks ago
;
Selected Answer: B
学
店
铺
;
学
习
习 characterized by the adversary
The adversary is currently 小
operating in the Command and Control (C2) stage of the Cyber Kill Chain. This stage is小
establishing and maintaining 店
persistent access to the target network, often through outbound traffic. By maintaining店
a presence in the network, the
66 and exfiltrate data from the target network, even though inbound traffic is restricted.
66
adversary is able to receive instructions
upvoted 1 times
DALLASCOWBOYS 7 months, 4 weeks ago
Another tricky ansewer, but B is the best answer as the question indicates the attacker still has the presence in the network. While the outbound
port is still open for communication, which means the attacker still could exfiltrate data, which would suggestion Actions on Objective, the
question does not say the attacker is exfiltrating data.
upvoted 1 times
its_melly 9 months, 1 week ago
Selected Answer: D
At this stage the installation of a remote access Trojan or backdoor on the victim system allows the adversary to maintain persistence inside the
environment.
https://www.usprotech.com/7-essential-steps-cybersecurity-kill-chainprocess/#:~:text=Step%205%3A%20INSTALLATION,maintain%20persistence%20inside%20the%20environment.
淘宝店铺:https://shop63989109.taobao.com/
upvoted 2 times
Nome02 9 months, 4 weeks ago
C2 is confirmed correct answer as it is mentioned "adversary is able to maintain a presence in the network".
upvoted 1 times
bengy78 10 months, 1 week ago
They have it right C. C2 (B) is for establishing the outbound connection, C per Comptia Certmaster would be correct to transfer data "7. Actions on
objectives—in this phase, the attacker typically uses the access he has achieved to covertly collect information from target systems and transfer it
to a remote system (data exfiltration). An attacker may have other goals or motives, however"
upvoted 1 times
rodwave 10 months, 2 weeks ago
Selected Answer: B
Answer: Command and control
店
店
铺
铺
Command and control is when a data channel has to be established been a compromised host to the attackers central control software so that the
attacker will be able to remotely control the host. This is generally done from inside the target network.
;
;
学
学
习
习
小
小versa. Generally you cannot
Connections initiated from inside of the company network are ,in most cases, allowed by the firewalls, but not vice
店
connect from the outside so easily.
66So, in many documented attacks identifying the command and control channel in店firewall
66 or DNS logs was
actually the first proof that indicated the presence of compromised systems and it's still one of the first methods of detecting
apts in your
network.
upvoted 4 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #55
A recent security breach exploited software vulnerabilities in the rewall and within the network management solution. Which of the following
will MOST likely be used to identify when the breach occurred through each device?
A. SIEM correlation dashboards
B. Firewall syslog event logs
C. Network management solution login audit logs
D. Bandwidth monitors and interface sensors
店
店
铺
Correct Answer: A
铺
;
;
学
Community vote distribution
习
学
习
小A (100%)
店
66
varun0
Highly Voted
小
店
66
1 year ago
Selected Answer: A
SIEM could tell when the breach occurred in firewall AND in network management solution
upvoted 30 times
stoneface 1 year ago
I concur
upvoted 6 times
Protract8593
2 months ago
Most Recent
Selected Answer: A
A SIEM (Security Information and Event Management) system is designed to collect, analyze, and correlate log and event data from various devices
and applications across the network. In the context of the given scenario, a SIEM system would be the most appropriate tool to identify when the
breach occurred through each device (firewall and network management solution).
In contrast, SIEM correlation dashboards can aggregate and correlate logs from multiple sources, allowing security analysts to piece together the
timeline of events and detect anomalies and potential breaches more effectively. This makes it the most appropriate option for identifying when
the breach occurred through each device in the given scenario, according to the CompTIA Security+ SY0-601 exam objectives.
upvoted 2 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: A
SIEM correlation dashboards collect and analyze security event logs from various devices and systems within an organization's network, including
firewalls and network management solutions. By aggregating and correlating these logs, the SIEM can identify patterns and anomalies that may
indicate a security breach. This can help in pinpointing the timeframe in which the breach occurred through each device.
upvoted 1 times
MGMKING 5 months, 2 weeks ago
SIEM (security information and event management) dashboards are the windows into the SIEM datastore, a collection of information that can tell
you where attacks are occurring and provide a trail of breadcrumbs to show how the attacker got into the network and moved to where they are
now. SIEM systems act as the information repository for information surrounding potential and actual intrusions. During an investigation, the SIEM
system can provide a host of information concerning a user, what they have done, and so on. The fundamental purpose of a SIEM system is to
provide alerts and relevant information to incident response teams that are investigating incidents. If something happens that initiates an
investigation, and the SIEM system has no relevant information, then this suggests that the SIEM and its component elements need better tuning
to provide meaningful surveillance of the system for potential problems.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #56
Which of the following is the FIRST environment in which proper, secure coding should be practiced?
A. Stage
B. Development
C. Production
D. Test
Correct Answer: A
店
店
铺
Community vote distribution
;
学 B (87%)
习
小
店
varun0
铺
;
学
习
9%
小
店
66
Highly Voted
66
1 year ago
Selected Answer: B
Development
The developer has to start writing secure code from beginning itself. Which will then be tested, staged and finally production
upvoted 24 times
comeragh
Highly Voted
12 months ago
Selected Answer: B
Development, Testing, Staging, Production
upvoted 12 times
redrio6
Most Recent
1 week, 2 days ago
Selected Answer: B
Development, Secure coding should be practiced at all times. The only times practice code should be used is in IED away from the environment
upvoted 1 times
RevolutionaryAct 1 month, 2 weeks ago
Selected Answer: B
https://livecodestream.dev/post/development-testing-staging-production-whats-the-difference/#when-is-security-considered-in-theapplication-development-cycle
When Is Security Considered in the Application Development Cycle?
Security should always be considered at any stage and in any environment. This means that developers need to think about security when they are
coding, and they should also be aware of the potential risks of the libraries and frameworks they are using.
upvoted 1 times
Protract8593 2 months ago
Selected Answer: B
In the software development lifecycle, secure coding practices should be implemented and practiced from the very beginning, which is the
development stage. This ensures that security is built into the software from its inception and throughout the development process. By integrating
security practices early in the development phase, potential vulnerabilities can be identified and addressed before the software moves on to other
stages like testing, staging, or production. This approach helps reduce the risk of security flaws and ensures that the final product is more secure.
upvoted 3 times
店
店
铺
铺
;
;
Haykinz 2 months, 1 week ago
学
Selected Answer: A
学
习
习
小
店
Laying emphasis on the proper , secure coding. I’ll code A over B.
66
小
店
66
A staging environment is very similar to a production environment, but it is used for testing purposes before the application is launched in
production. This environment tries to simulate as much as possible the final production environment, so tests in staging are more
accurate(PROPER) than tests done in development
upvoted 1 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: B
The Development environment is where software applications and systems are built and coded. It is the initial stage of the software development
life cycle (SDLC) where developers write, test, and debug code. Implementing secure coding practices in the Development environment helps to
ensure that security considerations are integrated from the early stages of application development.
By following secure coding practices during development, such as input validation, secure data handling, and proper use of encryption,
developers can mitigate common vulnerabilities and weaknesses that could be exploited in later stages. This proactive approach reduces the
likelihood of introducing security flaws and weaknesses that can lead to security breaches and incidents in subsequent environments like Testing,
Staging, and Production.
淘宝店铺:https://shop63989109.taobao.com/
upvoted 1 times
Givemore 3 months ago
Selected Answer: B
Development
upvoted 1 times
Yawannawanka 5 months ago
The FIRST environment in which proper, secure coding should be practiced is in the development environment, option B. It is important to
implement secure coding practices from the beginning of the software development process, as it is more cost-effective to address security
issues early in the development lifecycle rather than later in production or post-production. Secure coding practices can help prevent security
vulnerabilities such as injection attacks, buffer overflows, and cross-site scripting. While testing, staging, and production environments are
important for ensuring the functionality and stability of the code, secure coding practices should be implemented from the start in the
development environment to ensure a strong foundation for the software. (ChatGpt generated answer)
upvoted 2 times
店
铺
Omi0204 6 months, 2 weeks ago
;
店
铺
;
学
B
学
习
习
小
小programming, you also need to
Secure coding is more than just writing, compiling, and releasing code into applications. To fully embrace secure
店
店 and services and
create a secure development environment
built on a reliable and secure IT infrastructure using secure hardware, software,
66
66
providers.
upvoted 2 times
princajen 6 months, 2 weeks ago
Selected Answer: D
B. Development
Testing and staging are important steps in the software development life cycle, but they come after the development stage, and should not be
the first environments where secure coding is practiced.
upvoted 1 times
geekneek 7 months, 1 week ago
Selected Answer: B
B. Development: Proper, secure coding practices should be implemented and followed in the development environment first. This is because it is
during the development phase that the code is written and tested before it is deployed to production. By incorporating secure coding practices
during development, vulnerabilities, and potential security threats can be identified and addressed before the code is deployed to production,
reducing the risk of security incidents.
upvoted 1 times
[Removed] 7 months, 2 weeks ago
WhatsApp +1(409)223 7790 PASS CIPP,CIPM,CIPT EXAMS,PAY AFTER PASS RESULTS https://ittca.org/pass-cipp-e-exam/
Book for online proctor exam and we’ll remotely take the exam for you. Pay us after confirmation of results
ITTCA.org
upvoted 1 times
DALLASCOWBOYS 7 months, 4 weeks ago
B. Development which is the 1st step and secure practicing code should be used in all phases.
upvoted 1 times
[Removed] 8 months ago
GET CERTIFIED.
100%PASS GUARANTEED.
WhatsApp +1(409)223 7790
1. COMPTIA (network+ security+)
店
铺
;
学
3: IAPP Certifications
(CIPP/ CIPM, CIPT)
店
铺
2: GMAT,GRE exams
;
学
习
小
店
6 CRISC)
4: ISACA certifications (CISA,CISM/ 6
5: EC-COUNCIL Certification (CEH , CCISO )
6: PMI (PMP/CAPM/ACP/PBA ,RMP)
7: IMA (CMA certification)
8: CIA,IFRS, CERTIFICATIONS
9: ACCA,CFA,ICAEW certifications
10: ISO certification
11 PASS CISSP EXAM
12. CSCP CERTIFICATION
习
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Book for online proctor exam and we’ll remotely take the exam for you. Pay us after confirmation of results
ITTCA.org
WhatsApp +1(409)223 7790
upvoted 1 times
nul8212 9 months, 1 week ago
Selected Answer: A
The question needs to ask what the first step of the environment is. It asks for the first step before the software is ready to get sold.
Staging: ensure quality assurance before we roll it out to production.
upvoted 1 times
Sandon 8 months, 1 week ago
Wrong, it does not ask for the first step before the software is ready to get sold.
upvoted 2 times
店
铺
;
店
铺
;
Nirmalabhi 9 months, 3 weeks ago
学
学
习
习
小 in the environment stages. its pretty straight forward
development is the first stage店
66
upvoted 1 times
Selected Answer: A
店
小
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #57
A cloud service provider has created an environment where customers can connect existing local networks to the cloud for additional computing
resources and block internal HR applications from reaching the cloud. Which of the following cloud models is being used?
A. Public
B. Community
C. Hybrid
D. Private
店
店
铺
Correct Answer: C
铺
;
;
学
Community vote distribution
习
学
习
小
店
C (75%)
varun0
Highly Voted
66
D (21%)
小
店
4%
66
1 year ago
Selected Answer: C
Hybrid cloud since internal network and cloud computing is combined
upvoted 20 times
T_dawg 6 months, 2 weeks ago
hybrid is private and public cloud, not private cloud and internal network. D. Private
upvoted 3 times
okay123
10 months, 1 week ago
Highly Voted
Selected Answer: C
See because they mentioned internal HR + External Customers = Hybrid
upvoted 10 times
RevolutionaryAct 1 month, 2 weeks ago
No mention of the word "external" so it could be the onsite client making it private
upvoted 1 times
AmesCB
1 month, 3 weeks ago
Most Recent
chat GPT says:
In a Hybrid Cloud environment, a cloud service provider offers a combination of both private and public cloud services. It allows customers to
connect their existing local networks (private cloud) to the cloud provider's infrastructure (public cloud) for additional computing resources,
scalability, and flexibility.
upvoted 1 times
Protract8593 2 months ago
Selected Answer: C
The scenario described in the question where customers connect their existing local networks to the cloud for additional computing resources
and block internal HR applications from reaching the cloud is an example of a hybrid cloud model. A hybrid cloud model combines both private
and public cloud services, allowing organizations to take advantage of the benefits of both environments.
In a hybrid cloud model, certain applications and data can be kept in a private cloud, which offers greater control, security, and customization,
while other applications and data can be hosted in the public cloud, which provides scalability and cost-efficiency. The two environments are
connected through encrypted and secure connections, enabling seamless data exchange between them while maintaining the necessary security
and access controls.
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
店
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: C
66
小
店
66
The Hybrid cloud model combines both public and private cloud environments to meet specific business requirements. In this case, the cloud
service provider has created an environment where customers can connect their existing local networks (private cloud) to the cloud provider's
infrastructure (public cloud) for additional computing resources.
The mention of blocking internal HR applications from reaching the cloud suggests that there is a separation between the customer's private
network and the resources available in the cloud. This is a characteristic of the Hybrid cloud model, where certain sensitive or critical applications
and data are kept within the private cloud, while utilizing the scalability and flexibility of the public cloud for other non-sensitive workloads.
upvoted 1 times
yummysec 4 months, 1 week ago
Selected Answer: C
I think C is the correct answer. in my opinion hybrid solution is a mix of on prem and hybrid
upvoted 2 times
Yawannawanka 5 months ago
淘宝店铺:https://shop63989109.taobao.com/
The cloud model being used in this scenario is option C, hybrid cloud. A hybrid cloud is a combination of two or more cloud deployment models,
typically a mix of private, public, and/or community clouds, that remain unique entities but are bound together by standardized technology. In
this scenario, the cloud service provider is providing a way for customers to connect their existing local networks (which would typically be private
clouds) to the cloud service (which could be a public or community cloud) for additional computing resources. This is an example of a hybrid
cloud deployment. Additionally, the provider is also blocking internal HR applications from reaching the cloud, which is a common security
practice in a hybrid cloud environment where sensitive applications and data are kept on-premises to provide additional control and security.
upvoted 1 times
SHAKERRAB93 5 months, 1 week ago
A customer utilizing the service provided by the 3rd party SP would be using a public local network, the SP is providing the ability to block HR
from reaching the network providing the client with a private environment?
Public networks= large amount of users ( employees)
Private network= Restricted user access (HR)
Public + private=Hybrid
I might be wrong let me know.
upvoted 2 times
店
店
铺
;
铺
;
学
学
习
习
The cloud model being used
小 in this scenario is Hybrid cloud.
小
店
店
6
66 with one or more
Hybrid cloud is a cloud computing6environment that combines a private cloud environment (i.e., on-premises data center)
FreK 5 months, 2 weeks ago
public cloud environments (i.e., third-party cloud service providers). In a hybrid cloud environment, the private and public cloud environments are
integrated, and data and applications can be shared between them.
In this scenario, the cloud service provider has created an environment that allows customers to connect their existing local networks (i.e., private
cloud) to the cloud service provider's environment (i.e., public cloud) for additional computing resources. This integration between the private
and public cloud environments is characteristic of a hybrid cloud environment.
Additionally, the cloud service provider has blocked internal HR applications from reaching the cloud, which is an example of how security can be
managed in a hybrid cloud environment. By limiting access to certain applications and data, organizations can maintain control over sensitive
information while still leveraging the benefits of cloud computing.
upvoted 1 times
Confuzed 5 months, 2 weeks ago
Selected Answer: A
I'm going to swim against the current here.
Connecting your private network to the cloud does not make it a private cloud. AWS is a public cloud provider, and has tons of customers who
connect their private networks to it.
For this to be a private cloud, the vendor would have had to create multiple environments (one per customer) not 'an' environment.
The fact that the customers can block HR applications is irrelevant. I could do that all day long on AWS, Azure, or GCP and it doesn't make the
private or hybrid.
Therefore, this is a public cloud provider.
upvoted 2 times
Kraken84 1 month, 2 weeks ago
"for additional computing resources" should be the giveaway.
upvoted 1 times
Dutch012 4 months, 2 weeks ago
Agree with ya, I was surprised by their answers
upvoted 1 times
arrowphoto7604493ahmed 5 months, 4 weeks ago
店
铺
店
铺
;
; their existing local networks to the cloud
The cloud service provider
学 in this scenario is providing an environment that allows customers to connect
学
习 resources. At the same time, the provider is also blocking internal HR applications
习
for additional computing
from accessing the cloud, which
小
小
indicates that the cloud environment
is
not
fully
open
to
the
public.
店
店
66
66
Selected Answer: C
Therefore, the cloud model being used in this scenario is a hybrid cloud. Hybrid cloud is a cloud computing model that combines public cloud
and private cloud infrastructure, allowing data and applications to be shared between them. In this case, the local network of the customer is a
private cloud, and the cloud environment provided by the service provider is a public cloud. The combination of these two clouds makes a hybrid
cloud.
upvoted 2 times
JagamonFiya 7 months ago
Was anyone else looking for RodWave opinion/explanation on this?
upvoted 6 times
gladtam 6 months ago
Yes, where did he go? Lol
upvoted 1 times
ronniehaang 7 months, 3 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: C
C. Hybrid. A hybrid cloud model combines a private cloud with a public cloud and is used by organizations that need to keep some data and
applications in-house for privacy, security, or regulatory reasons, but also want to take advantage of the scalability and cost-effectiveness of public
cloud services for other workloads. In this scenario, the customer has connected their existing local network to the cloud for additional computing
resources and has taken steps to block certain internal applications from reaching the cloud, which indicates that the hybrid cloud model is being
used.
upvoted 1 times
DALLASCOWBOYS 7 months, 4 weeks ago
C. A Hybrid cloud is a mixture of private and public cloud components. Example, an org. can host a private cloud for exclusive internal use, but
distribute some resources on a public cloud for business partners, customers, etc.
upvoted 2 times
[Removed] 8 months, 1 week ago
Selected Answer: C
店
店
Hybrid cloud refers to a combination of at least 2 computing environments that share information with one another and run a uniform series of
applications for a business or enterprise. Those environments may include: At least 1 private cloud and at least 1 public cloud. 2 or more private
clouds. 2 or more public clouds.
upvoted 2 times
铺
铺
;
;
学
学
习
习
小
小
店
店
66
ZDW 8 months, 1 week ago
66
I see people keep saying that a "public cloud" isn't mentioned but is that not what a "Clous Service Provider" is? A Cloud Service Provider (public
cloud) has created an environment for customers sounds like either public or hybrid (only because it does not expressly say there is a private
cloud at all)
upvoted 2 times
viksap 9 months, 1 week ago
Selected Answer: D
Hybrid is combination for Public and Private but question doesn’t have that mentioned so I’m going with D
upvoted 1 times
[Removed] 8 months ago
Private is the internal HR
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #58
An organization has developed an application that needs a patch to x a critical vulnerability. In which of the following environments should the
patch be deployed
LAST?
A. Test
B. Staging
C. Development
D. Production
店
店
铺
Correct Answer: C
铺
;
;
学
学
习
Community vote distribution
Highly Voted
小
店
D (85%)
varun0
习
小
66
店
66
Other
1 year ago
Selected Answer: D
LAST place to deploy the patch is production
upvoted 22 times
stoneface
Highly Voted
1 year ago
Selected Answer: D
Production should be the last place where to apply patches as you have already tested properly
upvoted 12 times
BlackSpider
Most Recent
2 days, 19 hours ago
Selected Answer: D
The correct answer is:
D. Production
In a typical software development lifecycle, patches or updates are first applied in development, then tested in the test environment, and finally
moved to staging for further validation. Production is the last environment where updates are applied to ensure that they are stable and won't
cause disruptions to live services.
upvoted 1 times
J0EL 4 days, 16 hours ago
Selected Answer: A
A. Test
Deploying patches should always start with the testing environment before deployment to the production environment. Testing provides an
opportunity to evaluate the impact of the patch on the intended systems and also ensures that the patch is working as intended. The testing
environment should replicate the production environment as closely as possible, including hardware and software configurations, network
topology, and any other relevant factors that may affect the application's functionality. Once the patch has been successfully tested, it can be
deployed to the staging and production environments following established change control procedures.
upvoted 1 times
店
铺
malibi 3 weeks ago
;
Selected Answer: C
学
店
铺
;
学
习
习 stage right? you can apply a
rephrasing the question, is小
like where would you last apply a patch...... you will not apply a patch on the development
小
店apply a patch during
patch during staging, you can店
apply a patch during testing and or during production.... but you will most likely will not
6
66
development! this is the last thing 6
you would do!
upvoted 1 times
RevolutionaryAct 2 weeks, 4 days ago
You would still need to go through change management and such, and test to make sure it doesn't break your systems, so no, Production.
upvoted 1 times
koolkids4life 1 month, 1 week ago
It's Production
upvoted 1 times
Kraken84 1 month, 2 weeks ago
BARD"The patch should be deployed to the production environment last. This is because the production environment is the most critical environment
and should only be patched after the patch has been thoroughly tested in the staging and testing environments."
淘宝店铺:https://shop63989109.taobao.com/
upvoted 2 times
RevolutionaryAct 1 month, 2 weeks ago
Selected Answer: C
https://livecodestream.dev/post/development-testing-staging-production-whats-the-difference/#when-is-security-considered-in-theapplication-development-cycle
When Is Security Considered in the Application Development Cycle?
Security should always be considered at any stage and in any environment. This means that developers need to think about security when they are
coding, and they should also be aware of the potential risks of the libraries and frameworks they are using.
upvoted 1 times
RevolutionaryAct 2 weeks, 4 days ago
Whoops wrong question this went to, I hate this site's setup.
I meant to pick D Production.
upvoted 1 times
店
铺
;
店
铺
;
Protract8593 2 months ago
学
学
习
习
小
小 patches, should be
In the software development 店
life cycle, the production environment is the last environment where changes, including
店
66
66
deployed. The software is fully developed,
tested, and ready to be used by end-users in the production environment. Deploying
patches directly
Selected Answer: D
to the production environment without proper testing in lower environments (such as development, staging, and testing) can introduce risks and
potentially disrupt critical operations.
The idea behind deploying patches to lower environments first is to identify and mitigate any potential issues or conflicts with existing systems,
so that the production environment remains stable and secure.
upvoted 1 times
JohanLondon 2 months, 3 weeks ago
Beta testing
In this testing environment, the software is released to a limited number of real-world users outside the organization to obtain their feedback
which is then forwarded back to developers to optimize and improve the release as needed before releasing to all users.
upvoted 1 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: D
Once the patches have been tested and verified in these lower environments, they can be deployed in the Production environment. The
Production environment is the live or operational environment where the application is used by end-users or customers. It is crucial to ensure that
the patches have been thoroughly tested and verified before deploying them in the Production environment to minimize any potential
disruptions or issues.
upvoted 1 times
fouserd 4 months, 2 weeks ago
Selected Answer: D
The patch should be deployed LAST in the D. Production environment. The production environment is where the application is used by end-users
and is critical to the organization’s operations. Before deploying the patch to the production environment, it should be thoroughly tested in the
development, test, and staging environments to ensure that it fixes the vulnerability and does not introduce any new issues. Once the patch has
been successfully tested and validated in these environments, it can be deployed to the production environment.
upvoted 1 times
Yawannawanka 5 months ago
The patch should be deployed LAST in the production environment, option D. Production environments are the live systems that are used by
customers or end-users, and any changes made to these systems can potentially impact business operations and customer experience. Therefore,
it is important to thoroughly test and validate any patches or updates in lower environments such as development, test, and staging before
deploying them to production. This allows for any issues or bugs to be identified and fixed before they can cause harm to the production
environment. Once the patch has been thoroughly tested and validated in lower environments, it can then be deployed to the production
environment as the final step in the release process. (chatGPT generated answer)
upvoted 1 times
店
店
铺
铺
;
;
学
习
SueySauce 5 months, 3 weeks ago
小
店
学
习
小
店
6
6
The first part of the question kinda6throws me off because the Staging phase is the best place to test new patches before6deploying. However, the
Selected Answer: D
key words to focus on are in the second part especially the the word "LAST". Production phase is the last stage when developing an application.
upvoted 1 times
examrobo 5 months, 3 weeks ago
Selected Answer: D
Going with stoneface i think the guy who voted B just wants to start confusion
upvoted 1 times
MasterControlProgram 6 months, 2 weeks ago
Selected Answer: B
The correct answer is B. Staging.
The patch should be deployed last in the staging environment, which is typically an environment where the patch is tested before being released
to production. This allows the organization to ensure that the patch does not have any adverse effects on the production environment, and that it
淘宝店铺:https://shop63989109.taobao.com/
is effective in addressing the vulnerability. Once the
patch has been tested and validated in the staging environment, it can be deployed in
production.
upvoted 3 times
Ruthless937 2 weeks, 2 days ago
which means production stage would be the LAST stage to deploy the patch. picked the wrong answer yet somehow explained the correct
answer anyways.
upvoted 1 times
ThomasKong 7 months, 1 week ago
Logically, you dare to patch the critical update in Production phase ?... The down time, Change all have the process which is spend more time.
How about the dev phase ? you can do whatever you want, and test out what impact for the patches and roll back . PROD ? dude, time to write
incident report to management.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #59
An organization is building backup server rooms in geographically diverse locations. The Chief Information Security O cer implemented a
requirement on the project that states the new hardware cannot be susceptible to the same vulnerabilities in the existing server room. Which of
the following should the systems engineer consider?
A. Purchasing hardware from different vendors
B. Migrating workloads to public cloud infrastructure
C. Implementing a robust patch management solution
D. Designing new detective security controls
店
店
铺
铺
;
;
学
Correct Answer: B
Community vote distribution
Highly Voted
习
小
小
店
A (80%)
Gravoc
学
习
66
店
10%
66
7%
1 year ago
Don't let this one trip you up. A seems to be too easy of an answer, but it's A. Part of the reason it tripped me up is anytime I learned about vender
diversity, it was always in the context of anti-malware, SIEM, NIDS, etc. Never dawned on me that vendor diversity also applies to physical
hardware, but it makes sense. Vender diversity is a part of the swiss cheese model, or defense-in-depth. Having your production server, and your
backup server running identical configurations means that there's two perfectly aligned holes in the swiss cheese model. Meaning the integrity of
the backup server cannot be trusted in the event of an attack that damages or shuts down the production server. Different hardware is a defense
layer that gives the defenders a buffer time to get their operation back in order, and defend against potentially inbound attacks on the backup
server.
upvoted 11 times
Strykar
Highly Voted
1 year ago
Selected Answer: A
It's A. Who's answering these questions?
upvoted 6 times
Demilitarized_zone 10 months, 4 weeks ago
help me ask please.... i feel the owners of this platform should get professionals to answer these questions. Many of the answers are clearly
wrong.
upvoted 4 times
Ggonza3 10 months, 2 weeks ago
I think that they're not allowed to outright post the correct answers, hence why this website is community based.
upvoted 4 times
Kraken84 1 month, 2 weeks ago
they need to be for this to not be TOO perfect of a place to join and DISCUSS all these wonderful questions.
upvoted 1 times
Dtimap
Most Recent
5 days, 16 hours ago
Selected Answer: A
B cannot be correct. The question states they are purchasing and building new server rooms. Hence, utilizing a cloud for data storage conflicts
with the statement that they are purchasing their own equipment and creating their own physical facility. Go with A
upvoted 1 times
店
铺
;
店
铺
;
学
学
RevolutionaryAct 1 习
month, 2 weeks ago
习
小
小
Selected Answer: A
店
店
66 the public cloud is using, no right to audit, no right to patch, no right to run scans,
6etc.
It's A because you have no idea what
6 and for all you know
they are using the same hardware as you and have zero control over it as opposed to buying your own hardware.
upvoted 2 times
Protract8593 2 months ago
Selected Answer: D
The organization is building backup server rooms in geographically diverse locations to enhance redundancy and business continuity. The Chief
Information Security Officer (CISO) wants to ensure that the new hardware in these backup server rooms does not have the same vulnerabilities as
the existing server room.
To address this requirement, the systems engineer should consider designing new detective security controls. Detective controls are designed to
identify and detect potential security incidents or vulnerabilities. By implementing new detective controls in the backup server rooms, the
organization can continuously monitor for any vulnerabilities that might exist in the hardware or software and take appropriate actions to mitigate
them.
淘宝店铺:https://shop63989109.taobao.com/
Why it's not A according to ChatGPT (which has been
fed the CompTIA Security+ SY0-601 exam objectives and is insistent that D is the correct
answer for this question):
upvoted 2 times
Protract8593 2 months ago
Option A, which suggests purchasing hardware from different vendors to ensure vendor diversity, may indeed provide some level of
protection against vulnerabilities that are specific to a particular vendor's hardware or software. Vendor diversity can reduce the risk of a single
point of failure and can introduce variations in security implementations across different products.
However, the CISO's requirement is specifically focused on ensuring that the new hardware in the backup server rooms is not susceptible to the
same vulnerabilities as the existing server room. While vendor diversity can be a valuable strategy for increasing overall resilience, it does not
guarantee that all the hardware from different vendors will be free from the same vulnerabilities present in the existing environment.
upvoted 1 times
Protract8593 2 months ago
Vulnerabilities can arise from various sources, such as misconfigurations, software bugs, or design flaws, and they may exist across multiple
vendors' products. Therefore, relying solely on vendor diversity to address the CISO's requirement may not be sufficient.
店
铺
店
铺
;
; comprehensive approach to address the
Designing new
学detective security controls, as mentioned in option D, can be a more proactive and
学
习 These controls will continuously monitor and detect vulnerabilities or potential
习 issues in the new hardware,
specific requirement.
security
小
小
regardless of the vendor.
店By doing so, the organization can take appropriate actions to mitigate any risks effectively.
店
66
66
In summary, while vendor diversity can be part of an overall security strategy, it may not fully address the CISO's requirement to ensure that
the new hardware in the backup server rooms is not susceptible to the same vulnerabilities as the existing server room. Therefore,
designing new detective security controls would be a more direct and suitable approach to meet the specified requirement.
upvoted 1 times
Dan_26 4 months ago
They're BUYING hardware. You rent in the cloud. So the answer is A. Buy it from someone else. A Palo Alto firewall will have different problems
than a Fortigate, as an example. An Aruba switch will be different from a Cisco.
upvoted 3 times
McLobster 5 months, 2 weeks ago
An organization is building backup server rooms in geographically diverse locations. The Chief Information Security Officer implemented a
requirement on the project that states the new hardware cannot be susceptible to the same vulnerabilities in the existing server room. Which of
the following should the systems engineer consider?
The question itself gives away the answer it mentions "the new hardware" cannot be susceptible... So pretty much get different hardware.
The answer is A.
upvoted 1 times
Saphi 6 months ago
"An organization is building backup server rooms"
The exact reason why it can't be C. I agree that Cloud would be the most resilient to downtime but the point is that if they're building a new server
room it has to be A.
upvoted 1 times
MasterControlProgram 6 months, 2 weeks ago
Selected Answer: A
To ensure that the new hardware is not susceptible to the same vulnerabilities as the existing server room, the systems engineer should consider
purchasing hardware from different vendors. This approach will increase the likelihood that any vulnerabilities present in the existing hardware will
not be present in the new hardware.
upvoted 1 times
princajen 6 months, 2 weeks ago
Selected Answer: C
店
C. Patch management
铺
店
铺
;
; vendors does not guarantee that
This is because vulnerabilities
can exist in hardware from any vendor, and purchasing hardware from different
学
学
习
vulnerabilities will not习
be present in the new backup server rooms.
小
小
upvoted 1 times
店
店
66
66
z3phyr 5 months, 3 weeks ago
The requirement is to avoid the *same* vulnerabilities that exist with the current hardware. Purchasing hardware from a different vendor may
introduce new vulnerabilities, but if so they would almost certainly different ones.
upvoted 1 times
ThomasKong 7 months, 1 week ago
Purchasing hardware from different vendors what relate to below ?
"susceptible" ?
"same vulnerabilities in the existing server room" ?
change vendor can add more safe percentage% to HA ?
I will go to B. Cloud .
upvoted 1 times
CTE_Instructor 6 months, 3 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
The organization is already building new server
rooms, so putting your backups on the cloud is not necessary.
If there is a vulnerability in Unifi equipment or Palo Alto equipment, then having another vendor's equipment that does not have that same
vulnerability will increase defense in depth. Don't put all your eggs in one basket.
upvoted 1 times
brewoz404sd 7 months, 3 weeks ago
The answer is C, not A at all! Different hw does nothing to mitigate failure or vulnerabilities. Migrating some infrastructure / workloads to cloud
mitigates the SAME failure / vulnerabilities as the previous dc. C!
upvoted 2 times
[Removed] 8 months, 1 week ago
Selected Answer: A
"new hardware cannot be susceptible to the same vulnerabilities in the existing server room"
upvoted 2 times
店
铺
jhfdkjshfkjdsho 9 months, 1 week ago
;
Selected Answer: B
店
铺
;
学
学
习
习 solution.
Different vendors can use 小
similar chips. It says "geographically diverse locations" That is why the cloud is the best
小
店
店
upvoted 3 times
66
66
RevolutionaryAct 1 month, 2 weeks ago
Except you have no idea what systems the public cloud uses, so no
upvoted 1 times
blacktaliban 10 months, 3 weeks ago
Different vendors different hardware ,different vulnerabilities
upvoted 3 times
Libraboy 11 months, 1 week ago
Selected Answer: A
"....that states the new hardware cannot be susceptible to the same vulnerabilities..."
emphasis on the new hardware!
upvoted 3 times
_bishalk__ 12 months ago
Vendor diversity. Ans is A.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #60
A security analyst is working on a project to implement a solution that monitors network communications and provides alerts when abnormal
behavior is detected.
Which of the following is the security analyst MOST likely implementing?
A. Vulnerability scans
B. User behavior analysis
C. Security orchestration, automation, and response
D. Threat hunting
店
店
铺
铺
;
;
学
Correct Answer: B
学
习
小
店
Community vote distribution
66
B (71%)
Nirmalabhi
习
小
Highly Voted
店
66
C (28%)
9 months, 3 weeks ago
Selected Answer: B
Not 100% sure but i will go with B. User behavior Analysis.
Reason: As per Comptia objectives, User behavior Analysis comes under SIEM. Well as the Question asks whats most likely the solution being
implemented hence User behavior analysis seems to be the direct answer. SOAR simply means you are adding automation and servers handle the
security tasks automatically and take action. happy to discuss. Some of the question are to confuse so i ll stick to most direct connection in this
case. B
upvoted 20 times
Sepu
1 year ago
Highly Voted
Selected Answer: B
B.
SOAR will react to the alert.
upvoted 17 times
deeden 9 months, 3 weeks ago
You mean C. SOAR ?
upvoted 5 times
RevolutionaryAct
Most Recent
1 month, 2 weeks ago
initially I thought it was SOAR but as I read this now I am believing it is B. User behavior analysis as it does not detect anomalies in behavior. SOAR
is low level/signature based
https://www.technology.org/2019/04/30/siem-ueba-and-soar-whats-the-difference/
SOAR technologies meet the need for a missing component of SIEM tools, which is the ability to take action against malicious activity. SIEM tools
can flag suspicious behavior, however, problems such as false positives and incident prioritization can deter from their proper use.
SOAR tools allow for automated responses to low-level incidents and correct incident prioritization. Because of their ability to orchestrate
information from many different sources, SOAR systems also provide a greater level of efficiency and effectiveness to an organization’s
information security defenses.
upvoted 1 times
店
店
铺
铺
;
学
sujon_london 1 month, 2 weeks ago
Selected Answer: B
习
小
店
;
学
习
小
店
BA would be right answer as here directly nothing to do with automation or orchestration. The configurations of various Behavior analysis settings
will helps SIEM to detect anomalies and alert based on that.
upvoted 1 times
66
66
Protract8593 2 months ago
Selected Answer: B
I'm going to go with B. ChatGPT keeps switching between B and C.
User behavior analysis involves monitoring and analyzing network communications to identify abnormal behavior or patterns that may indicate a
security threat. It helps in detecting suspicious activities, such as unusual login patterns, data access attempts, or unauthorized network access, and
raises alerts to security analysts for further investigation.
Why C is apparently wrong:
C. Security orchestration, automation, and response (SOAR) involves automating incident response processes, but it is not directly related to
monitoring network communications for abnormal behavior.
upvoted 2 times
淘宝店铺:https://shop63989109.taobao.com/
streak007 2 months, 1 week ago
Selected Answer: C
The question is asked system that sends the alert after detecting the abnormality in user behaviour which is SIEM
upvoted 1 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: B
User behavior analysis involves monitoring and analyzing network communications, user activities, and system behavior to identify patterns and
anomalies. By analyzing user behavior, such as login patterns, access patterns, data transfer activities, and other network interactions, abnormal
behavior can be detected. This can help identify potential security incidents, unauthorized access, insider threats, and other suspicious activities.
Implementing a solution that monitors network communications and provides alerts for abnormal behavior aligns with the goals of user behavior
analysis. It helps enhance the organization's security posture by detecting and responding to potential security incidents in real-time.
upvoted 2 times
店
LeonardSnart 4 months, 1 week ago
铺
;
店
铺
;
学
学 network- and server-type events,
"SIEMS are systems built
习to apply rules to sets of data with respect to specific patterns. Traditionally this meant
习
小 that alerted an operator that the system was not responding in a normal manner...Advances
小 in user behavioral
failures, and other conditions
店
店 do it. If every day, upon
analysis has provided another interesting
use of the SIEM: monitoring what people do with their systems and how they 6
6
6
6
beginning work, the
Selected Answer: B
accountants start the same programs, then when an accountant account logs in and does something totally different, like accesses a system they
have never accessed before, this indicates a behavioral change worth looking into."
Comptia Security+ Exam Guide Sixth Edition SY0-601 by Conklin et al.
SOAR on the other hand is automated with playbooks, not what this question is asking about.
upvoted 1 times
Yawannawanka 5 months ago
The security analyst is MOST likely implementing option B, user behavior analysis. User behavior analysis is a type of security solution that uses
machine learning and artificial intelligence to monitor network communications and identify abnormal behavior that may indicate a security
threat. By analyzing patterns in user behavior, the solution can detect anomalies and generate alerts for further investigation by security personnel.
This type of solution is commonly used in network security operations centers (SOCs) to enhance threat detection capabilities and reduce the time
it takes to detect and respond to security incidents. Options A, C, and D are different types of security solutions that may also be implemented by
security analysts, but they are not specifically related to monitoring network communications for abnormal behavior.
upvoted 1 times
arrowphoto7604493ahmed 5 months, 4 weeks ago
Selected Answer: B
The security analyst is most likely implementing a User Behavior Analysis (UBA) solution, which uses machine learning and statistical analysis
techniques to monitor network traffic and detect abnormal user activity that deviates from the normal behavior of users in the network. UBA
solutions can identify threats such as insider threats, compromised user accounts, and malware infections that might be missed by traditional
security controls like firewalls and antivirus software. The solution will generate alerts when it detects abnormal behavior, which can be used to
trigger further investigation by the security team.
upvoted 3 times
MasterControlProgram 6 months, 2 weeks ago
Selected Answer: B
The security analyst is most likely implementing a user behavior analysis solution, which monitors network communications and provides alerts
when abnormal behavior is detected. Answer: B. User behavior analysis.
upvoted 1 times
Ahmed_aldouky 6 months, 3 weeks ago
Selected Answer: B
店
店
User behavior analysis (UBA) is a type of security solution that monitors network communications and user activities to detect abnormal behavior
and potential threats. UBA solutions use machine learning and artificial intelligence algorithms to establish a baseline of normal user behavior and
identify deviations from this baseline that could indicate potential security threats.
铺
铺
;
;
学
学
习
习
小
小
Vulnerability scans, security orchestration, automation, and response (SOAR), and threat hunting are different types of security solutions that are
not directly related to monitoring network communications and detecting abnormal behavior.
店
66
店
66
Vulnerability scans are automated tools that identify vulnerabilities and weaknesses in a system or network. SOAR solutions automate incident
response and security operations workflows to increase efficiency and reduce response time. Threat hunting involves actively searching for threats
and vulnerabilities that may not be detected by traditional security solutions.
Therefore, the security analyst is most likely implementing user behavior analysis to monitor network communications and detect abnormal
behavior.
upvoted 3 times
Nishkurup 6 months, 3 weeks ago
Selected Answer: B
the security analyst is most likely implementing User Behaviour Analytics (UBA) solution. UBA is a security solution that uses machine learning
algorithms and statistical analysis to identify abnormal behaviour patterns of users on the network. It monitors the user's activity, including logins,
file accesses, and network traffic, and compares the behaviour against a baseline of expected behaviour for that user or group. When UBA detects
an abnormal behaviour pattern, it generates an alert that can be used by security analysts to investigate and respond to potential threats or
security incidents. UBA can help identify insider threats, compromised accounts, and other unauthorized activity on the network. On the other
hand, SOAR solutions are focused on automating淘宝店铺:https://shop63989109.taobao.com/
and orchestrating security processes to improve incident response time, reduce manual efforts,
and improve the overall security posture. SOAR solutions typically include incident response playbooks, automation workflows, and integration
with other security solutions such as SIEM, NIDS, and endpoint detection and response.
upvoted 2 times
tebirkishaw 7 months, 3 weeks ago
Selected Answer: B
There is no automation of tasks going on, just an alert. Nothing is being fixed. Has to be B
upvoted 3 times
DALLASCOWBOYS 7 months, 4 weeks ago
C. SOAR.
upvoted 1 times
P0wned 8 months, 3 weeks ago
店
店
铺
The security analyst
(SOAR).
; is most likely implementing security orchestration, automation, and response 铺
; SOAR solutions are designed to monitor
学 and provide alerts when abnormal behavior is detected. SOAR solutions typically
学use artificial intelligence and machine
network communications
习
习
learning to analyze network
traffic and identify potential security threats. They can also be configured to take automated
小
小 responses, such as
blocking malicious traffic or quarantining
suspicious files, to help protect the network.
店
店
66
66
Selected Answer: C
Vulnerability scans, user behavior analysis, and threat hunting are all important security practices, but they are not specifically related to
monitoring network communications and providing alerts when abnormal behavior is detected.
upvoted 2 times
LaoX 8 months, 3 weeks ago
Selected Answer: B
Seems to me like something for IDS. The IDS is a particular procedure that is used to identify intruders by analyzing user behavior in the system
after the user logged in. It identifies user suspicious behavior as an intrusion or normal behavior but the SOAR helps coordinate, execute and
automate tasks between various people and tools all within a single platform. Totally different purpose.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #61
Data ex ltration analysis indicates that an attacker managed to download system con guration notes from a web server. The web-server logs
have been deleted, but analysts have determined that the system con guration notes were stored in the database administrator's folder on the
web server. Which of the following attacks explains what occurred? (Choose two.)
A. Pass-the-hash
B. Directory traversal
C. SQL injection
D. Privilege escalation
店
店
铺
铺
E. Cross-site scripting
;
F. Request forgery
;
学
学
习
习
小
小
店
店
66
Correct Answer: BD
66
Community vote distribution
BD (84%)
carpathia
Highly Voted
Other
10 months, 1 week ago
Selected Answer: BD
"admin's folder" - Priv escalation, + dir transversal. "database" is thrown in as a decoy for SQL answer.
upvoted 12 times
LO353 5 days, 21 hours ago
database admin folder caught me out ,
upvoted 1 times
rodwave
Highly Voted
10 months, 2 weeks ago
Selected Answer: BD
Answer: B. Directory traversal & D. Privilege escalation
Directory traversal is a type of HTTP exploit in which a hacker uses the software on a web server to access data in a directory other than the server's
root directory. If the attempt is successful, the threat actor can view restricted files or execute commands on the server.
Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to
gain elevated access to resources that are normally protected from an application or user.
upvoted 10 times
Protract8593
Most Recent
2 months ago
Selected Answer: BD
1. Directory traversal: In a directory traversal attack, the attacker exploits improper input validation to access files and directories that are outside
the intended directory. In this scenario, the attacker used directory traversal to access the database administrator's folder on the web server and
download the system configuration notes.
2. Privilege escalation: Privilege escalation involves gaining higher-level privileges on a system to access resources or perform actions beyond the
intended scope. In this case, the attacker likely escalated their privileges to gain access to the database administrator's folder and retrieve the
system configuration notes.
upvoted 1 times
店
铺
; 4 weeks ago
monzie 5 months,学
习
Selected Answer: BC
小
店 what occurred are:
The two attacks that could explain
66
店
铺
;
学
习
小
店
66
B. Directory traversal: This attack involves using a specially crafted input to access files or directories that are outside of the intended directory
structure. In this scenario, it is possible that the attacker used a directory traversal attack to access the database administrator's folder on the web
server and retrieve the system configuration notes.
C. SQL injection: This attack involves injecting malicious SQL code into an application's input field, which can then be used to access or modify
sensitive data in a database. It is possible that the attacker used a SQL injection attack to access the database administrator's folder on the web
server and retrieve the system configuration notes.
upvoted 1 times
MasterControlProgram 6 months, 1 week ago
Selected Answer: BD
The two attacks that explain the scenario are:
B. Directory traversal: Directory traversal is an attack in which an attacker can access files and directories that are stored outside the web root folder
by manipulating a web application's input parameters, such as file paths or directory names. In this case, the attacker was able to access the system
configuration notes by traversing to the database淘宝店铺:https://shop63989109.taobao.com/
administrator's folder on the web server.
D. Privilege escalation: Privilege escalation is an attack in which an attacker gains elevated privileges to a system or network by exploiting a
vulnerability or weakness. In this case, the attacker was able to access the database administrator's folder on the web server, which suggests that
they may have escalated privileges to gain access to that folder.
upvoted 1 times
cutemantoes 7 months ago
Selected Answer: BC
Yes B and D sound correct. However, just because they accessed the notes from an admins folder still doesnt mean that a privilege escalation
occurred. It does say that it was on the databases admin folder, making it seem as theres a database. Im on the fence between B and D, and B and
C.
upvoted 2 times
LePecador 2 months, 1 week ago
I'll choose B and D because priviledge escalation is related to lateral movement in which a cyberattacker moves deeper into a network in
search of high-value assets. In this case, the system configuration notes in the database administrator's folder
upvoted 1 times
店
店
铺
铺
;
;
学
学
习 ago
G4ct756 11 months, 1 week
小
店
Selected Answer: CD
习
小
店
66
66
C & D,
- c, the admin notes are stored in "the database", Will require SQLi to interact with DB.
- d, need privilege to clear the system logs.
upvoted 2 times
hieptran 8 months, 2 weeks ago
Read the question carefully. It clearly stated: "database administrator's folder". It has nothing to do with SQL injection.
upvoted 1 times
j0n45 1 year ago
Selected Answer: BD
Directory traversal and Privilege escalation.
upvoted 5 times
FT1 1 year ago
B&D
The simplest example of a directory traversal attack is when an application displays or allows the user to download a file via a URL parameter.
upvoted 4 times
Wiggie 1 year ago
Selected Answer: BC
B and C
upvoted 1 times
Wiggie 1 year ago
Correction, B and D
upvoted 2 times
varun0 1 year ago
Selected Answer: BD
B & D seem to be correct.
upvoted 3 times
varun0 1 year ago
店
店
铺
铺
Also don't assume just because there's a db admin there'd be a database. DB or web application interface (XSS) is not a requirement for a web
server, don't assume there is one.
upvoted 1 times
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #62
A junior security analyst is conducting an analysis after passwords were changed on multiple accounts without users' interaction. The SIEM
have multiple login entries with the following text: suspicious event - user: scheduledtasks successfully authenticate on AD on abnormal time
suspicious event - user: scheduledtasks failed to execute c:\weekly_checkups\amazing-3rdparty-domain-assessment.py suspicious event - user:
scheduledtasks failed to execute c:\weekly_checkups\secureyourAD-3rdparty-compliance.sh suspicious event - user: scheduledtasks successfully
executed c:\weekly_checkups\amazing-3rdparty-domain-assessment.py
Which of the following is the MOST likely attack conducted on the environment?
A. Malicious script
店
店
B. Privilege escalation
铺
铺
;
C. Domain hijacking
;
学
学
习
习
小
D. DNS poisoning
小
店
店
66
Correct Answer: A
66
Community vote distribution
A (78%)
CertAddict69
Highly Voted
B (21%)
1 year ago
Selected Answer: A
This is obviously A, malicious script. Look at the name of the script that is running:
"amazing-3rdparty-domain-assessment.py"
I'm sure they used the word amazing in the file name so that the script appears as a malicious script that is disguised as a 3rd party domain
assessment script.
upvoted 32 times
6R15 7 months, 1 week ago
.py = Python script
.sh = shell script
So the attacker is trying to run malicious script, answer A
upvoted 10 times
Kraken84 1 month, 2 weeks ago
Simplicity is key, thank you :)
upvoted 1 times
sujon_london 1 month, 2 weeks ago
Agreed .py python based script
upvoted 3 times
DWISE1
Highly Voted
6 months ago
just Passed with 799 please study everything here. if you can cram cram
90% came out from here. if you want to go through what came out with me reach me on linkdin israel olumese
upvoted 14 times
店
店
铺
铺
Recent 3 weeks ago
RogerW Most;
;
学is B, because the script,
学
I believe the answer
习
习 execute. However, on the second
c:\weekly_checkups\amazing-3rdparty-domain-assessment.py
is executed twice. On the first attempt, it failed to小
小
店 This means the user, scheduled task, privilege was elevated prior to successfully店executing the script.
attempt it was successfully executed.
66
66
upvoted 1 times
Protract8593 2 months ago
Selected Answer: A
The SIEM entries indicate that suspicious events related to scheduled tasks are occurring. Specifically, there are references to the successful and
failed execution of scripts located in the "c:\weekly_checkups" directory. This suggests that a malicious script is being executed through
scheduled tasks without user interaction, which can lead to unauthorized actions, data exfiltration, or other malicious activities on the affected
systems.
Options B (Privilege escalation), C (Domain hijacking), and D (DNS poisoning) are not directly supported by the evidence presented in the SIEM
logs. While they could be potential threats in different scenarios, the logs provided in the question primarily point towards the execution of a
malicious script through scheduled tasks.
Why B is wrong according to ChatGPT:
B. Privilege escalation:
淘宝店铺:https://shop63989109.taobao.com/
The SIEM logs do not indicate any activities related
to unauthorized elevation of privileges. Privilege escalation typically involves gaining higherlevel access or permissions on a system, which is not evident from the provided logs.
upvoted 1 times
Kraken84 1 month, 2 weeks ago
"In other words, ChatGPT arrives at an answer by making a series of guesses, which is part of why it can argue wrong answers as if they were
completely true.
While it's great at explaining complex concepts, making it a powerful tool for learning, it's important not to believe everything it says."
https://www.makeuseof.com/openai-chatgpt-biggest-probelms/
upvoted 1 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: A
Malicious script: The suspicious events indicate that a script named "amazing-3rdparty-domain-assessment.py" and "secureyourAD-3rdpartycompliance.sh" was executed by the user "scheduledtasks." These scripts were executed from the directory "c:\weekly_checkups." The fact that
these scripts were executed without user interaction and resulted in changes to multiple account passwords suggests the presence of a malicious
script that is responsible for the unauthorized password changes.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
Yawannawanka 5 months
小ago
小
店
店 The suspicious login
Based on the provided information,
66the MOST likely attack conducted on the environment is option A, malicious script.
66
events indicate that a scheduled task was created on the compromised system, which executed two scripts (amazing-3rdparty-domain-
assessment.py and secureyourAD-3rdparty-compliance.sh) that failed to execute and one script (amazing-3rdparty-domain-assessment.py) that
successfully executed. This is a strong indication that a malicious actor or malware was responsible for the creation and execution of these scripts,
possibly as a means of gathering information or establishing persistence on the compromised system. Privilege escalation is also a possibility, as
the malicious actor or malware may have gained elevated permissions to create and execute the scheduled task and scripts, but the information
provided does not provide conclusive evidence of this. Domain hijacking and DNS poisoning are less likely scenarios, as there is no information
provided to suggest that the attacker attempted to take control of the domain or manipulate DNS records.
upvoted 1 times
Neither_you_nor_me 5 months, 2 weeks ago
Selected Answer: A
"scheduledtask"
Entire process as the same user
No indication of user changing here
upvoted 1 times
MasterControlProgram 6 months, 1 week ago
Selected Answer: A
Based on the provided information, the MOST likely attack conducted on the environment is A. Malicious script. The suspicious events indicate
that a scheduled task was created on the affected machines, and a script was executed that appears to be assessing third-party domains and
checking compliance. It is possible that this script was a malicious file downloaded and executed by the attacker or an authorized script that was
tampered with to include a malicious payload. Further investigation is necessary to determine the root cause of the issue.
upvoted 1 times
princajen 6 months, 2 weeks ago
Selected Answer: A
The SIEM events suggest that a malicious script or set of scripts was used to change the passwords on multiple accounts without user interaction.
The successful execution of a script called "amazing-3rdparty-domain-assessment.py" and the failed execution of other scripts may indicate that
the attacker was using a variety of tools to achieve their objectives, rather than relying solely on privilege escalation.
Therefore, based on the information provided, the most likely attack that was conducted on the environment is the use of a malicious script.
upvoted 1 times
Nishkurup 6 months, 3 weeks ago
Selected Answer: B
店
店
Based on the provided information, it is more likely a Privilege Escalation attack rather than a Malicious Script attack. The reason being, the
suspicious event logs show that a user account named "scheduledtasks" was able to successfully authenticate on AD at an abnormal time, which
indicates that the user account had sufficient privileges to perform the authentication. The account was then able to execute a script related to 3rd
party domain assessment, which suggests that the account had elevated privileges on the system. In a Privilege Escalation attack, an attacker gains
access to a low-level user account and attempts to elevate their privileges to gain access to more sensitive data or resources. Attackers can abuse
scheduled tasks by creating malicious tasks to execute code, such as backdoors or malware, with system-level privileges. By gaining access to a
privileged scheduled task, attackers can bypass security controls and execute arbitrary code.
upvoted 1 times
铺
铺
;
;
学
学
习
习
小
店
66
Nishkurup 6 months, 1 week ago
After more research, I think its malicious script
upvoted 1 times
gladtam 6 months ago
I love how you corrected yourself. thank you
upvoted 1 times
scarceanimal 7 months, 3 weeks ago
Selected Answer: A
"amazing-3rdparty-domain-assessment.py" lol they put amazing hilarious
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
upvoted 1 times
hsdj 7 months, 3 weeks ago
passwords were changed on multiple accounts without users' interaction - looks like privileged account activity to me
upvoted 1 times
hsdj 7 months, 3 weeks ago
option "malicious script" is not TYPE of attack! so my answer is privilege escalation B
upvoted 1 times
CTE_Instructor 6 months, 3 weeks ago
While the changed passwords potentially could be privilege escalation, there is definitely malicious scripts occurring that were recorded in
the SIEM logs.
Objective 6.1 covers "Malicious code or script execution", including python (.py), bash (.sh), powershell (.ps1), visual basic (.vba), and macro
scripts.
店
店
铺
铺
;
;
Because the prompt has clear malicious scripts that were blocked by the security software, and the lack of proof of privilege escalation, I'm
more inclined to select A as the correct answer. In reality, it was probably a combination of privilege escalation and malicious scripts that
truly occurred here.
upvoted 1 times
学
学
习
习
小
小
店
店
66
66
asum 8 months, 1 week ago
Selected Answer: B
It is talking about attack. So B
upvoted 2 times
farisAl 8 months, 2 weeks ago
Selected Answer: A
execute c:\weekly_checkups\amazing-3rdparty-domain-assessment.py
The .py at the end gave it away it's a malicious script
upvoted 2 times
LaoX 8 months, 3 weeks ago
Selected Answer: A
Definitely A: Malicious Scripts. Cos look at these: 1. weekly_checkups\secureyourAD-3rdparty-compliance.sh 2. scheduledtasks, and 3. amazing3rdparty-domain-assessment. All those are definitely malicious names that results in password changes.
upvoted 1 times
rhocale 9 months, 1 week ago
agreed this is a malicious script you can tell this bc of the .PY at the end meaning Pythin script
upvoted 1 times
[Removed] 9 months, 4 weeks ago
Selected Answer: A
I also agree that's an A
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #63
A customer service representative reported an unusual text message that was sent to the help desk. The message contained an unrecognized
invoice number with a large balance due and a link to click for more details. Which of the following BEST describes this technique?
A. Vishing
B. Whaling
C. Phishing
D. Smishing
店
店
铺
Correct Answer: D
铺
;
;
学
Community vote distribution
习
学
习
小D (100%)
店
66
comeragh
Highly Voted
小
店
66
1 year ago
Selected Answer: D
Agree with D being correct here
upvoted 11 times
varun0 1 year ago
Agreed
upvoted 2 times
Protract8593
Most Recent
2 months ago
Selected Answer: D
The correct answer is D. Smishing.
Explanation:
- Vishing (A) is a social engineering technique where attackers use voice calls to deceive individuals into revealing sensitive information or
performing certain actions.
- Whaling (B) is a form of phishing that targets high-profile individuals, such as executives or CEOs, to steal sensitive information or gain access to
valuable assets.
- Phishing (C) is a broad term for social engineering attacks where attackers use emails, messages, or websites that appear to be from a reputable
source to deceive recipients into providing sensitive information or performing actions.
- Smishing (D) is a specific type of phishing that uses SMS or text messages to trick individuals into clicking malicious links, disclosing personal
information, or taking other harmful actions.
In the given scenario, the unusual text message containing a link to click for more details is characteristic of a smishing attempt, making option D
the correct answer.
upvoted 3 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: D
Smishing is a form of phishing that specifically targets individuals through text messages (SMS). In this case, the customer service representative
received an unusual text message containing a suspicious invoice number and a link to click for more details. This aligns with the characteristics of
a smishing attack, where the attacker uses text messages to deceive and manipulate individuals into divulging sensitive information or performing
actions that compromise their security.
upvoted 1 times
店
铺
;
学 7 months, 3 weeks ago
DALLASCOWBOYS 习
小
D. Smishing is phishing via text
店
66
upvoted 2 times
店
铺
;
学
习
小
店
66
xxxdolorxxx 8 months, 1 week ago
Smishing = Text Message
upvoted 2 times
Orean 11 months ago
Selected Answer: D
Pretty straightforward. Smishing, a portmanteau of SMS and phishing, is a specific type of phishing done via text messaging, and it's commonly
used to orchestrate invoice scams or otherwise harvest credentials.
upvoted 3 times
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #64
Which of the following actions would be recommended to improve an incident response process?
A. Train the team to identify the difference between events and incidents.
B. Modify access so the IT team has full access to the compromised assets.
C. Contact the authorities if a cybercrime is suspected.
D. Restrict communication surrounding the response to the IT team.
店
店
铺
Correct Answer: A
铺
;
;
学
学
Community vote distribution
习
A (80%)
小
习
小
B (20%)
店
店
66
hazeleyes
Highly Voted
66
1 year ago
Selected Answer: A
A is correct. this training can help CSIRT to know whether to trigger IR mechanisms and reduce instances of false alert. With B - I don't really see
why giving the IT team access can be beneficial, as this could very likely violate least privilege principle.
upvoted 7 times
varun0
Highly Voted
1 year ago
Selected Answer: B
B according to me
upvoted 5 times
BM9904 1 year ago
I agree this step comes before training your team in the process
upvoted 2 times
cymm 10 months, 3 weeks ago
Any change after a comprise may not be possible. Only way to guarantee full access would be to modify before hand. Then you would violate
principle of least privilege.
upvoted 2 times
vidwj
Most Recent
1 month, 1 week ago
A is correct
upvoted 1 times
Kraken84 1 month, 2 weeks ago
Why do so many put so much faith in a human fed machine that learns by our own code that we teach it to learn from? The data sets used to
educate an AI are literally fed by humans. Why would we put all faith in such a concept? It is cool and all and can help with my sports bets, but I
cannot bargain my 380$ for ChatGPT, BARD or any other AI's opinions. Because in essence, AI, as a Deep/Machine Learning model only knows what
we 'INSTRUCT' it too. From that instruction comes opinion and argument. Try it, they will argue with you. We can feed it all the data in the world
but the MACHINE that LEARNS (which is coded by humans) has limits.
https://fortune.com/2023/07/19/chatgpt-accuracy-stanford-study/
upvoted 1 times
店
Protract8593 2 months ago
铺
Selected Answer: A;
店
The correct answer学
is A.
习Train the team to identify the difference between events and incidents.
小
店
Explanation:
66
铺
;
学
习
小
店
66
- A well-prepared incident response process involves properly identifying and handling security events and incidents. Training the team to
distinguish between events (normal activities that do not pose a security threat) and incidents (actual security breaches or potential threats) is
crucial. This helps ensure that the team can focus on the real security incidents and respond effectively.
Why it's not B according to ChatGPT:
- Option B, modifying access so the IT team has full access to the compromised assets, is not a recommended action as it may lead to a conflict of
interest and hinder proper investigation and containment. It is important to maintain the principle of least privilege and involve specialized
incident response personnel.
upvoted 2 times
Kraken84 1 month, 2 weeks ago
https://fortune.com/2023/07/19/chatgpt-accuracy-stanford-study/
upvoted 1 times
ApplebeesWaiter1122 2 months, 3 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: A
Improving the incident response process involves various actions, but one recommended step is to train the team to differentiate between events
and incidents. This training helps the team understand that not every event is necessarily an incident that requires immediate response and
investigation. By being able to identify and classify events correctly, the team can focus their efforts on addressing actual incidents that pose a
threat to the organization's security.
upvoted 1 times
DALLASCOWBOYS 7 months, 3 weeks ago
A. Training team to differentiate between incidents and events,
upvoted 1 times
KingDrew 8 months, 2 weeks ago
Selected Answer: A
A is correct since it helps create more response efficiency.
upvoted 1 times
店
铺
;
店
铺
;
学
学
okay123 10 months, 习
2 weeks ago
习
小
小
Selected Answer: A
店
店
66anything...
Training the team makes sense, I 6
don't
see
how
giving
the
whole
IT
team
full
access
to
zombie
computers
is
going
to
do
6
upvoted 3 times
Gravoc 1 year ago
An event is defined as an attempt, successful or unsuccessful, to gain unauthorized access to, disrupt or misuse an Information System or
information stored on such Information System.
An incident is defined as a breach of a system's security policy in order to affect its integrity or availability and/or the unauthorised access or
attempted access to a system or systems
upvoted 2 times
carpathia 1 year ago
Selected Answer: A
The Preparation (initial phase) involves correct data events are being logged, the reporting of potential incidents is happening and personnel
training. Nothing in B, C and D is referring to that.
upvoted 2 times
j0n45 1 year ago
Of course the answer is "A", logically speaking, if the "CSIRT" and not "IT" team is trained to differentiate between events and incidents, that
would drastically improve their IR process. 🐱🚀🐱💻
upvoted 3 times
j0n45 1 year ago
Also to add:
Security Incidents Are Events That Produce Consequences
It’s when an event results in a data breach or privacy breach that the event is then deemed a security incident.
For example, a delay in patching a security weakness in vital company software would be an event. It would only be deemed an incident after
your security monitoring team confirmed a resulting data breach by hackers who capitalized on the weakness.
upvoted 2 times
MarceloFontes1979 1 year ago
A - I believe is the best choice.
upvoted 2 times
Liftedkris 1 year ago
店
店
铺
Selected Answer: A
;
I’m leaning towards training so A for me
upvoted 4 times
学
习
小
店
66
铺
;
学
习
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #65
A cybersecurity administrator needs to implement a Layer 7 security control on a network and block potential attacks. Which of the following
can block an attack at
Layer 7? (Choose two.)
A. HIDS
B. NIPS
C. HSM
D. WAF
E. NAC
店
店
铺
铺
;
;
学
学
习
F. NIDS
习
小
小
店
店
66
Correct Answer: BD
66
Community vote distribution
BD (74%)
varun0
Highly Voted
DE (17%)
9%
1 year ago
Selected Answer: BD
B & D seems correct, it has to BLOCK the traffic remember.
upvoted 15 times
rodwave
Highly Voted
10 months, 2 weeks ago
Selected Answer: BD
Answer: (B) NIPS and (D) WAF
A WAF or web application firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the
Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection,
among others. A WAF is a protocol layer 7 defense (in the OSI model).
A network intrusion protection system (NIPS) is an umbrella term for a combination of hardware and software systems that protect computer
networks from unauthorized access and malicious activity. NIPS consists of NIDS and IPS. WAF is a firewall. NIPS can operate up to layer 7 by
passing or allowing traffic
upvoted 13 times
sujon_london 1 month, 2 weeks ago
Agreed with ur very well versed explanation. Thank you
upvoted 1 times
Protract8593
Most Recent
2 months ago
Selected Answer: BD
- B. NIPS (Network Intrusion Prevention System): A NIPS is an intrusion detection system that can actively block and prevent detected threats. It
operates at Layer 7 of the OSI model, just like NIDS (Network Intrusion Detection System). However, NIPS goes beyond detection and takes
proactive measures to block potential attacks at the network level.
- D. WAF (Web Application Firewall): A WAF is a security control that operates at Layer 7 of the OSI model. It is specifically designed to monitor,
filter, and block HTTP/HTTPS traffic to and from web applications. By doing so, it can prevent web-based attacks, such as SQL injection, cross-site
scripting (XSS), and other OWASP Top 10 vulnerabilities.
店
铺
;
店
铺
;
学
学
Why A is wrong according
习 to ChatGPT:
习
小
小
店
店 on Layer 7 protection. It
A. HIDS (Host Intrusion Detection6System): HIDS operates on individual hosts or endpoints and is not specifically focused
66
6 attacks.
is not designed to block network-based
upvoted 2 times
Bro111 2 months, 2 weeks ago
Selected Answer: AD
HIDS is a Layer 7, not NIPS
upvoted 1 times
Abdul2107 2 months, 2 weeks ago
True HIDS is Layer7, but it's Detection, it will not Prevent/Blcok.
upvoted 3 times
Bro111 2 months, 2 weeks ago
Sorry HIDS is a Layer 7 but it doesn't block attacks.
淘宝店铺:https://shop63989109.taobao.com/
upvoted 1 times
Yawannawanka 5 months ago
The two security controls that can block an attack at Layer 7 are:
D. WAF (Web Application Firewall): A WAF is a Layer 7 security control that sits between a web application and the internet, inspecting all
incoming and outgoing traffic. It can block attacks targeting web applications, such as SQL injection, cross-site scripting (XSS), and remote file
inclusion (RFI), by examining the content of HTTP requests and responses and blocking any that match predefined rules.
B. NIPS (Network Intrusion Prevention System): A NIPS is a Layer 7 security control that can inspect and block attacks targeting specific network
protocols and applications. It can identify and block attacks at the network layer, transport layer, and application layer, including Layer 7. NIPS uses
signature-based detection and behavioral analysis to detect and block known and unknown attacks.
Therefore, options B (NIPS) and D (WAF) are the correct answers. The other options, including HIDS, HSM, NAC, and NIDS, do not specifically target
Layer 7 and may not be effective at blocking attacks targeting specific applications or protocols.
upvoted 2 times
店
店
铺
铺
cutemantoes 6 months ago
;
;
学
学
习
习 on layer 3 i believe. So that
I initally was going to say 小
NIPS as well. Yes a NIPS blocks traffic but it says at Layer 7. Im pretty sure NIPS operates
小
店
would mean im guessing the 店
answer is D and E.
6
66
6
upvoted 2 times
Selected Answer: DE
RevolutionaryAct 1 month, 2 weeks ago
Not NAC as that's layers 2 and 3
https://www.varonis.com/blog/network-access-control-nac
upvoted 1 times
z3phyr 5 months, 3 weeks ago
NAC is network access control. It control access to a network, which has nothing to do with preventing attacks.
upvoted 3 times
z3phyr 5 months, 3 weeks ago
NAC also operates at level 3, not level 7.
upvoted 3 times
GS1011 6 months, 2 weeks ago
B & D.
* Network access control (NAC) is typically implemented at either the data link (layer two) or network layer (layer three) of the open standards
interconnection model. Enforcement mechanisms vary between different products, and some have multiple options.
upvoted 2 times
scott2969 6 months, 3 weeks ago
Why not NIDS Network Intrusion Detection System?
upvoted 1 times
CTE_Instructor 6 months, 3 weeks ago
IDS are designed to detect/alert to events, but not to block or take action. Because the scenario asked for a security control that will block
traffic, any IDS option (HIDS or NIDS) should not be selected. IPS options will be prioritized, or firewalls (WAF)
upvoted 2 times
DALLASCOWBOYS 7 months, 3 weeks ago
B&D. Web Apllication Firewall is at the Application Layer, and NIPS, is a prevention system.
upvoted 2 times
店
Sandon 8 months, 1 week ago
铺DE
Selected Answer:
;
学
ChatGPT says it's WAF and NAC.
upvoted 5 times
习
小
店
datsrobin 6 months, 3 weeks 6
ago
6
店
铺
;
学
习
小
店
66
How come it's saying WAF and NIDS on mine Lol
upvoted 2 times
princajen 6 months, 2 weeks ago
Mine said WAF and NIPS lol
upvoted 1 times
asum 8 months, 1 week ago
Selected Answer: BD
The IPS sensor analyzes at Layer 2 to Layer 7 the payload of the packets for more sophisticated embedded attacks that might include malicious
data.
upvoted 2 times
P0wned 8 months, 3 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: DE
D. WAF (Web Application Firewall) and E. NAC (Network Access Control) can block attacks at Layer 7.
A HIDS (Host-based Intrusion Detection System) is a security system that monitors and analyzes the logs and events on a single host for signs of
potential attacks or malicious activity. It operates at the host level, rather than at the network level, and therefore cannot block attacks at Layer 7.
A NIPS (Network Intrusion Prevention System) is a security system that analyzes network traffic in real-time to identify and prevent potential
attacks or malicious activity. It operates at the network level, rather than at the host level, and therefore cannot block attacks at Layer 7.
upvoted 1 times
RevolutionaryAct 1 month, 2 weeks ago
Not NAC as that's layers 2 and 3
https://www.varonis.com/blog/network-access-control-nac
upvoted 1 times
Jossie_C 10 months, 3 weeks ago
店
铺
NIPS consists of NIDS and IPS. WAF is a firewall.
upvoted 2 times
;
店
铺
;
学
学
习
习
小
jgp 1 year ago
小
店
店
66
Selected Answer: BD
66
B & D.
> An inline NIPS is “in line” with traffic, acting as a Layer 3–7 firewall by passing or allowing traffic
upvoted 2 times
Wiggie 1 year ago
Selected Answer: AD
A&D
Layer 7 = Host Intrusion Detection System and Web Application Firewall
upvoted 3 times
CapJackSparrow 11 months, 1 week ago
I generally look for what you would go for and pick the opposite...
upvoted 15 times
gladtam 6 months ago
You guys are funny lol
upvoted 2 times
Gino_Slim 11 months ago
That is actually hilarious
upvoted 2 times
ramesh2022 1 year ago
HIDS only detects and alerts you, can't block or program to block. HIPS or NISP can do.
upvoted 3 times
redsidemanc2 1 year ago
BLOCK.IDS only detects. its b and D
upvoted 1 times
zzzfox 1 year ago
The question asking block potential attacks. IDS doesnt block the traffic
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #66
A business operations manager is concerned that a PC that is critical to business operations will have a costly hardware failure soon. The
manager is looking for options to continue business operations without incurring large costs. Which of the following would mitigate the
manager's concerns?
A. Implement a full system upgrade.
B. Perform a physical-to-virtual migration.
C. Install uninterruptible power supplies.
D. Purchase cybersecurity insurance.
店
铺
店
铺
;
;
学
Correct Answer: B
学
习
小
店
B (100%)
66
Community vote distribution
xxxdolorxxx
习
小
Highly Voted
店
66
8 months ago
Selected Answer: B
I got for B.
A. Implement a full system upgrade. (Not cost effective)
B. Perform a physical-to-virtual migration. (Cloud would be much more redundant against physical hardware breaking)
C. Install uninterruptible power supplies. (Would only help really if an external power failure, would do nothing if say a hard drive fails)
D. Purchase cybersecurity insurance. (Hardware will still fail)
upvoted 5 times
Protract8593
2 months ago
Most Recent
Selected Answer: B
Performing a physical-to-virtual (P2V) migration involves converting the existing physical system (the critical PC) into a virtual machine (VM)
running on a virtualization platform. By doing so, the PC's operating system and applications are encapsulated in a virtual environment, allowing it
to run on different hardware or even multiple servers simultaneously.
By using a virtual machine, the critical PC can benefit from the following advantages:
1. Hardware Independence: The VM is decoupled from the physical hardware, so it can be migrated easily to different host servers without being
affected by the underlying hardware.
2. Snapshot and Backup Capabilities: VMs can be snapshot for backup purposes, allowing easy restoration in case of hardware failures.
3. Cost Savings: Virtualization can lead to cost savings in terms of hardware maintenance, power consumption, and space requirements.
While option C (Install uninterruptible power supplies) can provide short-term power backup during outages, it does not directly address the
concern of a potential hardware failure in the PC.
upvoted 2 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: B
Option B, performing a physical-to-virtual migration, is a viable option to mitigate the business operations manager's concerns about potential
hardware failure. By migrating the critical PC to a virtual machine, the organization can leverage virtualization technology to ensure business
continuity even if the physical hardware fails.
店
店
A physical-to-virtual migration involves converting the existing physical system into a virtual machine (VM) that runs on a virtualization platform.
This migration allows the VM to be hosted on different hardware resources, providing increased flexibility, scalability, and resilience.
upvoted 2 times
铺
铺
;
;
学
学
习
小
KingDrew 8 months, 2 weeks ago
Selected Answer: B
店
66
习
小
店
66
Answer is B
Cloud is far more secure and reliable than a stand-alone computer, and there are many applications out right now for little to no cost that can
store data and software.
upvoted 1 times
rodwave 10 months, 2 weeks ago
Selected Answer: B
Answer: Perform a physical-to-virtual migration.
A Physical to virtual migration (P2V), is the migration of physical machines to virtual machines. Converting the PC to a VM temporarily will allow
the PC to continue to its operations on a different host. The other options would require that PC be turned off so the organization would not have
access to its function.
upvoted 4 times
carpathia 10 months, 2 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: B
It must be B. Purchasing insurance is Transference, not Mitigation.
upvoted 1 times
zzzfox 1 year ago
Selected Answer: B
B - Migrate Physical Server to Cloud(Virtual)
upvoted 2 times
comeragh 1 year ago
Read my full comment Ribeiro I didnt say it was D I was referring to the point you might be in an exam and trying to narrow it down...
upvoted 4 times
comeragh 1 year ago
店
店
Selected Answer: B
铺
铺
To narrow it down for me it would be either B or D. Going with B as the question mentions "without incurring large costs"
upvoted 4 times
;
;
学
学
习
Ribeiro19 1 year ago 小
习
小
店
店
66
66
Man wake up, D is for cybersecurity, not for hardware failure. the option B is the only answer.
upvoted 6 times
varun0 1 year ago
Selected Answer: B
B seems right, without incurring large costs which means full system upgrade is out of question
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #67
An organization has activated an incident response plan due to a malware outbreak on its network. The organization has brought in a forensics
team that has identi ed an internet-facing Windows server as the likely point of initial compromise. The malware family that was detected is
known to be distributed by manually logging on to servers and running the malicious code. Which of the following actions would be BEST to
prevent reinfection from the infection vector?
A. Prevent connections over TFTP from the internal network.
B. Create a rewall rule that blocks a 22 from the internet to the server.
C. Disable le sharing over port 445 to the server.
店
店
铺
铺
D. Block port 3389 inbound from untrusted networks.
;
;
学
学
习
习
小
Correct Answer: C
店
66
Community vote distribution
D (91%)
stoneface
小
店
Highly Voted
66
7%
1 year ago
Selected Answer: D
The SMB Protocol (in all its version) doesn't provide functionality to execute files at the remote systems. Its main objective is to support the
sharing of file and print resource between machines.
The only feasible option left is loggin through RDP and manually executing the file.
Correct me if I am wrong
upvoted 50 times
hfzazm6 5 months, 3 weeks ago
you are never wrong stoneface
upvoted 3 times
J_Ark1 10 months, 3 weeks ago
yeahh :)
upvoted 1 times
darkgypsy 10 months, 4 weeks ago
You rock !
upvoted 1 times
banditring 1 year ago
you the best stoneface :)
upvoted 7 times
rodwave
10 months, 2 weeks ago
Highly Voted
Selected Answer: D
Answer: Block port 3389 inbound from untrusted networks.
店
店
3389 is the default port for RDP connections. RDP is the protocol used to connect to windows desktops/servers remotely. In the scenario, the
malware family is known to be distributed through manually logging on to servers and RDP would require a manual login to access the machine
and be able to easily run scripts on the server especially through a GUI.
upvoted 21 times
铺
铺
;
;
学
学
习
小
店 ago
section8santa 7 months, 2 weeks
66
love you rodwave!
upvoted 2 times
gladtam 6 months ago
You are my hero!
upvoted 1 times
LePecador 2 months, 1 week ago
OUR hero
upvoted 1 times
sujon_london
Selected Answer: C
Most Recent
1 month, 2 weeks ago
习
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Followed by given question clue; The malware family
that was detected is known to be distributed by manually logging on to servers and running
the malicious code and suspecting reification from initial vector.
In this case first step should be focus on port 445; reson behind is Port 445 is used for the Microsoft-DS (Directory Services) protocol, also known
as Microsoft-DS SMB (Server Message Block). It facilitates file and printer sharing, as well as communication between Windows computers on a
network.
Here many of u chosen RDP based 3389. That's not primary action. We should consider printer and other computer on same network connected
with infected server/computer. That's why I will go for C. Correct me if I'm wrong.
upvoted 1 times
Protract8593 2 months ago
Selected Answer: D
Blocking port 3389 inbound from untrusted networks is a security measure commonly recommended to protect against potential RDP-based
attacks. Here's more information on why option D is the correct choice:
1. Malware Distribution: The question mentions that the malware is distributed by manually logging on to servers and running the malicious code.
This indicates that the attackers are gaining access to the server through a legitimate remote access method like RDP.
2. Port 3389: RDP uses port 3389 by default to establish remote connections to Windows servers. By blocking inbound traffic on port 3389 from
untrusted networks, you effectively limit the exposure of the server to potential attackers trying to use RDP as a means to gain unauthorized
access.
3. Mitigating Unauthorized Access: By blocking inbound RDP traffic from untrusted networks, you are preventing potential attackers from
attempting to brute-force or exploit RDP vulnerabilities to gain unauthorized access to the server.
upvoted 3 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
66
Protract8593 2 months ago
4. Defense-in-Depth Strategy: Implementing network-level controls like blocking port 3389 is part of a defense-in-depth strategy, which
involves using multiple layers of security measures to protect systems and data. In this case, it complements other security controls and helps
mitigate risks associated with unauthorized remote access.
5. Least Privilege: Limiting access to RDP only from trusted networks or specific IP ranges aligns with the principle of least privilege, which
reduces the attack surface and potential impact of security incidents.
In conclusion, blocking inbound traffic on port 3389 from untrusted networks is a recommended security practice to prevent unauthorized
access to RDP services and help protect against potential malware infections that rely on manual logins to servers.
upvoted 2 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: C
Disabling file sharing over port 445 helps to prevent the malware from being manually copied and executed on the server. By closing this filesharing port, the organization can effectively block the specific method through which the malware was distributed.
upvoted 1 times
CyberMrT 5 months ago
Selected Answer: A
I have seen this question in other places and the answer is listed as A. If you think about the question..."prevent reinfection from the initial
infection vector"; I am interpreting this to mean the spread AFTER the windows-facing server is compromised. If you look at it that way, they want
to know how you would protect the internal network from further infection. Thoughts?
upvoted 2 times
Yawannawanka 5 months ago
Based on the information provided, the malware was likely manually installed on the internet-facing Windows server by logging in to the server
and running the malicious code. Therefore, the best action to prevent reinfection from this infection vector is to prevent unauthorized access to
the server. Option D, "Block port 3389 inbound from untrusted networks," is the best choice to prevent unauthorized access to the server.
Port 3389 is used by the Remote Desktop Protocol (RDP), which allows users to log in to the server remotely. By blocking inbound traffic on this
port from untrusted networks, the organization can prevent attackers from logging in to the server and manually installing the malware. This
control is especially important for internet-facing servers, which are more likely to be targeted by attackers.
The other options may be valid controls for other types of attacks or malware, but they do not directly address the infection vector described in
this scenario. Therefore, option D is the BEST choice in this scenario.
upvoted 1 times
店
店
铺
铺
;
;
学 ago
T_dawg 6 months, 2 weeks
习
小
Selected Answer: D
店
3389 - RDP
port 22 - SSH if it was a Linux
upvoted 1 times
学
习
66
小
店
66
ronniehaang 7 months, 3 weeks ago
Selected Answer: D
D. Block port 3389 inbound from untrusted networks.
Blocking port 3389, which is used for Remote Desktop Protocol (RDP), would prevent remote access to the server from untrusted networks,
making it less likely for attackers to manually log on to the server and run the malicious code. This would be the best action to prevent reinfection
from the initial infection vector.
upvoted 2 times
Jimbobilly 9 months, 1 week ago
Selected Answer: C
淘宝店铺:https://shop63989109.taobao.com/
Curveball, the person was physically in front of the
server and logged in.
upvoted 3 times
GMuney 10 months, 1 week ago
Selected Answer: C
Can't it be C? If we're looking to prevent reinfection then wouldn't we want to block file sharing so that the malicious code wouldn't end up on
the server in the first place?
upvoted 1 times
babyzilla 10 months, 3 weeks ago
Selected Answer: D
D makes the most sense as the best solution to prevent manually logging into a system would be to block RDP. SSH is for Linux. RDP is for
Windows. C would probably be the next step.
upvoted 2 times
店
yasuke 11 months ago
铺
it had to be a windows
; server :D
学
block rdp
习
upvoted 3 times
小
店
店
铺
;
学
习
小
店
66
rindrasakti 11 months, 2 weeks ago
66
Selected Answer: D
Read carefully on "to be distributed by manually logging on to servers and running the malicious code" it's mean using RDP. simple way to
prevent is by blocked the RDP port
upvoted 1 times
Jakalan7 1 year ago
Selected Answer: D
The answer is clearly D, the question states "The malware family that was detected is known to be distributed by manually logging on to servers
and running the malicious code." By blocking inbound conncetions on port 3389 (RDP), they would be preventing reinfection.
upvoted 1 times
Michelle2022 1 year ago
I think answer c is correct.
"Do I need port 445 open?
We also recommend blocking port 445 on internal firewalls to segment your network – this will prevent internal spreading of the ransomware.
Note that blocking TCP 445 will prevent file and printer sharing – if this is required for business, you may need to leave the port open on some
internal firewalls. "
upvoted 4 times
sujon_london 1 month, 2 weeks ago
Agreed make sense c is the right answer
upvoted 1 times
yorkwu 1 year ago
Selected Answer: D
Agree with D
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #68
Which of the following uses SAML for authentication?
A. TOTP
B. Federation
C. Kerberos
D. HOTP
Correct Answer: B
店
店
铺
Community vote distribution
;
学
习
铺
;
学
习
B (100%)
小
小
店
店
KetReeb
66
66
1 year ago
Highly Voted
Answer: B: Federation, or identity federation, defines policies, protocols, and practices to manage identities across systems and organizations.
Federation’s ultimate goal is to allow users to seamlessly access data or systems across domains. Federation is enabled through the use of industry
standards such as Security Assertion Markup Language (SAML)
upvoted 26 times
varun0 1 year ago
I agree
upvoted 1 times
Protract8593
2 months ago
Most Recent
Selected Answer: B
Federation uses SAML (Security Assertion Markup Language) for authentication and single sign-on (SSO) between multiple systems or
organizations. SAML is an XML-based open standard used to exchange authentication and authorization data between identity providers (IdP) and
service providers (SP) to facilitate secure SSO. It enables users to access multiple applications or services with a single set of credentials, making it
a key technology for enabling seamless authentication across federated systems.
upvoted 2 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: B
Federation is the option that uses Security Assertion Markup Language (SAML) for authentication. SAML is an XML-based open standard for
exchanging authentication and authorization data between parties, typically in the context of web-based single sign-on (SSO) systems. Federation
allows for the sharing of authentication and authorization information across different organizations or domains, enabling users to access multiple
systems using a single set of credentials. SAML is commonly used in federation scenarios to facilitate secure authentication and authorization
across various applications and systems.
upvoted 2 times
RvR109 7 months ago
Selected Answer: B
SAML (Security Assertion Markup Language) is a protocol that you can use to perform federated single sign-on from identity providers to service
providers. In federated single sign-on, users authenticate at identity provider.
upvoted 2 times
KingDrew 8 months, 2 weeks ago
店
铺
;
Federation is correct
upvoted 1 times
;
学
学
习
习
小
店
Knowledge33 11 months ago
Selected Answer: B
店
铺
Selected Answer: B
66
小
店
66
Federation, or identity federation, defines policies, protocols, and practices to manage identities across systems and organizations. Federation’s
ultimate goal is to allow users to seamlessly access data or systems across domains. Federation is enabled through the use of industry standards
such as Security Assertion Markup Language (SAML).
upvoted 3 times
db97 1 year ago
B - Federation
upvoted 1 times
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #69
The SOC for a large MSSP is meeting to discuss the lessons learned from a recent incident that took much too long to resolve. This type of
incident has become more common in recent weeks and is consuming large amounts of the analysts' time due to manual tasks being performed.
Which of the following solutions should the SOC consider to BEST improve its response time?
A. Con gure a NIDS appliance using a Switched Port Analyzer.
B. Collect OSINT and catalog the artifacts in a central repository.
C. Implement a SOAR with customizable playbooks.
D. Install a SIEM with community-driven threat intelligence.
店
铺
店
铺
;
;
学
Correct Answer: C
学
习
习
小
小
店
Community vote distribution
店
66
66
C (100%)
varun0
Highly Voted
1 year ago
Selected Answer: C
SOAR allows for automation of IR
upvoted 11 times
Tjank
12 months ago
Highly Voted
Selected Answer: C
SOAR (Security Orchestration, Automation, and Response)
Can use either playbook or runbook. It assists in collecting threat related data from a range of sources and automate responses to low level
threats. (frees up some of the CSIRT time)
upvoted 7 times
bolajiambex
2 weeks, 2 days ago
Most Recent
SOAR is correct
upvoted 1 times
Kraken84 1 month, 2 weeks ago
.."large amounts of the analysts' time due to manual tasks being performed" In need of Automation?
upvoted 2 times
Protract8593 2 months ago
Selected Answer: C
SOC (Security Operations Center) can improve its incident response time and efficiency by implementing a SOAR (Security Orchestration,
Automation, and Response) platform with customizable playbooks. SOAR platforms help automate and streamline various security tasks and
processes, allowing analysts to respond to incidents more quickly and effectively. By using customizable playbooks, the SOC can define
automated workflows tailored to their specific incident response needs, reducing manual efforts and improving overall response time to security
incidents.
upvoted 2 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: C
店
店
铺
铺
Implementing a SOAR with customizable playbooks would be the best solution to improve the SOC's response time in this scenario. SOAR
platforms are designed to streamline and automate incident response processes, allowing security analysts to respond more efficiently to security
incidents.
;
;
学
学
习
习
小
店
小
店
By creating customizable playbooks, the SOC can define predefined response actions and automate the execution of common and repetitive
tasks. This reduces the reliance on manual processes and enables faster response times. The playbooks can include automated investigation,
enrichment of data with OSINT (Open Source Intelligence), and execution of response actions based on predefined rules and logic.
upvoted 1 times
66
66
KingDrew 8 months, 2 weeks ago
Selected Answer: C
SOAR is automated, and includes security orchestration and response to help resolve security issues more efficiently and timely.
upvoted 1 times
Jossie_C 10 months, 3 weeks ago
Selected Answer: C
Sounds like football but ok
upvoted 3 times
淘宝店铺:https://shop63989109.taobao.com/
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #70
Business partners are working on a security mechanism to validate transactions securely. The requirement is for one company to be responsible
for deploying a trusted solution that will register and issue artifacts used to sign, encrypt, and decrypt transaction les. Which of the following
is the BEST solution to adopt?
A. PKI
B. Blockchain
C. SAML
D. OAuth
店
店
铺
Correct Answer: A
铺
;
;
学
学
习
Community vote distribution
Highly Voted
小
店
66
A (87%)
BigV
习
小
店
13%
66
11 months, 2 weeks ago
The question mentions one trusted company, "centralized", it can not be Blockchain which is a "de-centralized" technology.
upvoted 16 times
ronniehaang
Highly Voted
7 months, 3 weeks ago
Selected Answer: A
A. PKI (Public Key Infrastructure) is the best solution to adopt as it provides the means to securely issue, manage, and revoke digital certificates
used to verify the identity of users and systems. PKI is commonly used to secure transactions and provide secure communication between entities,
making it a suitable solution for the described scenario.
upvoted 8 times
Protract8593
Most Recent
2 months ago
Selected Answer: A
PKI (Public Key Infrastructure) is the best solution for deploying a trusted mechanism that can register and issue artifacts used for signing,
encrypting, and decrypting transaction files securely. PKI is a set of policies, procedures, hardware, software, and encryption technologies that
enable secure communications and authentication over a network. It relies on public and private key pairs to provide authentication, data integrity,
and non-repudiation, making it suitable for securely validating transactions and ensuring the authenticity and confidentiality of data exchanged
between business partners.
upvoted 3 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: A
PKI (Public Key Infrastructure) is the best solution to adopt in this scenario. PKI is a security mechanism that uses asymmetric encryption and digital
certificates to establish the authenticity, integrity, and confidentiality of electronic transactions. It provides a framework for generating, managing,
and distributing digital certificates, which are used to verify the identity of users and entities involved in transactions.
upvoted 1 times
Dan_26 4 months ago
Blockchain sucks at everything except sucking, and the concept needs to be kicked out of CompTIA as it's a terrible technology.
upvoted 1 times
店
店
铺
Based on the requirements described in the scenario, the BEST solution to adopt would be PKI, or铺
Public Key Infrastructure.
;
;
学
习a combination of public and private keys to provide secure communication over学
PKI is a system that uses
an 习
insecure network. It uses digital
小
小
certificates, which are issued by a trusted third party, to authenticate the identities of users and devices. These certificates
店
店 can be used to sign,
encrypt, and decrypt transactions,6ensuring their confidentiality and integrity.
66
6
Yawannawanka 5 months ago
In the scenario, one company is responsible for deploying a trusted solution that will register and issue artifacts used to sign, encrypt, and decrypt
transaction files. PKI is a well-established and widely used technology for this purpose, and it meets the requirements described in the scenario.
Blockchain, SAML, and OAuth are all useful technologies in their own right, but they may not be the best fit for the scenario described. Blockchain,
for example, is more commonly used for secure distributed ledgers rather than transaction signing and encryption. SAML and OAuth are used
more for authentication and authorization rather than encryption and decryption. Therefore, PKI is the BEST solution to adopt in this scenario
upvoted 3 times
Confuzed 5 months, 2 weeks ago
The main reason this is not blockchain is that blockchain is all about transparency. The transaction record is visible to all, and can be verified by the
hash. Blockchain is not used to encrypt or decrypt anything.
upvoted 1 times
monzie 5 months, 4 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: A
A. PKI (Public Key Infrastructure) is the best solution to adopt in this case. PKI is a system that uses digital certificates and public key cryptography
to secure communications and transactions. With PKI, one company can act as a Certificate Authority (CA), issuing digital certificates that can be
used to sign, encrypt, and decrypt transaction files. This provides a trusted mechanism for validating transactions securely between business
partners. Blockchain, SAML, and OAuth are all useful technologies for certain security scenarios, but they may not be the best fit for this particular
use case.
upvoted 3 times
Blake89 10 months, 2 weeks ago
PKI (Public Key Infrastructure)
• Combining asymmetric cryptography with symmetric cryptography along with the hashing and digital certificates, giving us hybrid cryptography.
Straight from the CompTIA study guide
upvoted 3 times
elkol 12 months ago
店
铺
店
铺
;
Answer is PKI. PKI involves
a decentralized
or distributed system. I think
学 one trusted third-party or middleman which is the company. Blockchain is ;
学
习 Blockchian as the answer due to "valid transaction" being mentioned which I understand
习
some people lean towards
but I will go with "A - PKI"
小
小
upvoted 5 times
店
店
66
66
Selected Answer: A
hazeleyes 1 year ago
Selected Answer: A
PKI. "register and issue artifacts used to sign, encrypt, and decrypt transaction files" - for PKI this artifact is a digital certificate. what artifact does
the blockchain "register" and "issue" that does this?
upvoted 4 times
KetReeb 1 year ago
Selected Answer: A
I have to go with A: PKI.
Ref the following: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn786417(v=ws.11)
upvoted 4 times
varun0 1 year ago
Selected Answer: A
PKI seems like it
upvoted 5 times
Wiggie 1 year ago
Selected Answer: B
Blockchain
upvoted 3 times
CapJackSparrow 11 months, 1 week ago
I was going to go with blockchain, then I seen YOU went with blockchain.. so now I'm pretty sure it's not blockchain.
upvoted 17 times
gladtam 6 months ago
I don’t even want to pass this exam. I’m just here for your comments.
upvoted 1 times
Jossie_C 10 months, 3 weeks ago
Block chain is decentralized. Incorrect
upvoted 1 times
店
铺
varun0 1 year ago
;
Selected Answer: B
学
习transactions
Blockchain is the best for 小
店
upvoted 2 times
66
varun0 1 year ago
Disregard this, I'm going with PKI after much consideration
upvoted 7 times
店
铺
;
学
习
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #71
A security analyst has been asked by the Chief Information Security O cer to:
✑ develop a secure method of providing centralized management of infrastructure
✑ reduce the need to constantly replace aging end user machines
✑ provide a consistent user desktop experience
Which of the following BEST meets these requirements?
A. BYOD
B. Mobile device management
C. VDI
店
店
铺
;
D. Containerization
铺
;
学
学
习
习
小
小
店
店
66
Correct Answer: C
66
Community vote distribution
C (100%)
varun0
Highly Voted
1 year ago
Selected Answer: C
VDI seems to be it
upvoted 7 times
nickolas789
Most Recent
4 weeks, 1 day ago
is this an accurate site?
upvoted 1 times
Protract8593 2 months ago
Selected Answer: C
VDI is a technology that allows users to access a virtualized desktop environment hosted on a centralized server. It provides a secure method of
centrally managing infrastructure because all virtual desktops are hosted and managed from a centralized location, making it easier to apply
security policies and updates uniformly.
VDI also reduces the need to constantly replace aging end-user machines since the virtual desktops can be accessed from various devices,
including older machines with less processing power and resources. Users can access their virtual desktops from different devices without the
need for extensive hardware upgrades.
Additionally, VDI provides a consistent user desktop experience since users are interacting with a standardized virtual desktop environment that
remains consistent across different devices. This allows for a seamless user experience regardless of the device they use to access their virtual
desktop.
In summary, VDI is the best option that meets the requirements of providing centralized management of infrastructure, reducing the need to
replace aging end-user machines, and providing a consistent user desktop experience.
upvoted 2 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: C
店
店
VDI is the best option that meets the provided requirements. VDI allows for centralized management of infrastructure, as it provides a virtualized
desktop environment hosted on servers in the data center. This allows for centralized control and management of the desktop images,
applications, and user configurations.
铺
铺
;
学
习
;
学
习
小
小 and computing are handled
With VDI, aging end-user machines can be replaced with thin clients or repurposed devices, as the actual processing
店
店
by the servers in the data center. 6
This reduces the need for frequent hardware replacements and extends the lifespan of6end-user devices.
6
6
VDI also provides a consistent user desktop experience since users access their virtual desktops, which are based on standardized images,
applications, and configurations. Any changes or updates can be applied centrally, ensuring a consistent experience across all devices.
upvoted 1 times
mtw5 6 months, 3 weeks ago
why not containerization? doesn't this centralize applications and make management easier?
upvoted 1 times
Dan_26 4 months ago
Not for endpoints. Servers sure, but not user machines like a laptop.
upvoted 1 times
applepieboy 8 months ago
Selected Answer: C
淘宝店铺:https://shop63989109.taobao.com/
Pretty clearly VDI. 2 big giveaways
1. VDI makes centralized management easier
2. Since you push the same desktop it is the only thing that provides a consistent desktop experience.
upvoted 2 times
rodwave 10 months, 2 weeks ago
Selected Answer: C
Answer: VDI
Virtual Desktop Infrastructure (VDI) is a technology that refers to the use of virtual machines to provide and manage virtual desktops. VDI hosts
desktop environments on a centralized server and deploys them to end-users on request.
upvoted 4 times
Jossie_C 10 months, 3 weeks ago
Virtual desktops so that it can be combined with BYOD to save money.
upvoted 2 times
店
铺
;
店
铺
;
Katyaz 11 months, 2 weeks ago
学
VDI appears to be correct
习
小
upvoted 1 times
学
习
小
店
店
comeragh 1 year ago
66
66
Selected Answer: C
Agree with C VDI - "consistent user desktop experience"
upvoted 3 times
stoneface 1 year ago
plus, no need to replace aging end user machines
upvoted 5 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #72
Which of the following terms describes a broad range of information that is sensitive to a speci c organization?
A. Public
B. Top secret
C. Proprietary
D. Open-source
Correct Answer: C
店
店
铺
Community vote distribution
;
学
习
铺
;
学
习
C (100%)
小
小
店
IQ30
Highly Voted
1 year ago
店
66
66
Professor Messer notes:
• Proprietary
– Data that is the property of an organization
– May also include trade secrets
– Often data unique to an organization
upvoted 11 times
Protract8593
Most Recent
2 months ago
Selected Answer: C
The term "proprietary" describes a broad range of information that is sensitive and owned by a specific organization. Proprietary information is
considered confidential and is not intended for public disclosure. It may include trade secrets, intellectual property, customer data, financial
information, and other sensitive data unique to the organization.
upvoted 1 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: C
Proprietary information refers to a broad range of sensitive information that is specific to a particular organization. It includes trade secrets,
confidential business strategies, customer data, financial information, intellectual property, and any other information that is considered valuable
and exclusive to the organization. Proprietary information is typically protected from unauthorized access, use, or disclosure to maintain the
competitive advantage and confidentiality of the organization.
upvoted 1 times
DALLASCOWBOYS 7 months, 3 weeks ago
C. Proprietary is specific to 1 organization
upvoted 2 times
applepieboy 8 months ago
Selected Answer: C
Proprietary would definitely be the answer on an exam, but top secret is still accurate.
upvoted 2 times
Nirmalabhi 9 months, 3 weeks ago
Selected Answer: C
店
铺
no brainer. Proprietary should be the answer
upvoted 2 times
;
学
店
铺
;
学
习
习
[Removed] 10 months, 2 小
weeks ago
小
店
店 guaranteed in just a single
hello everyone, are you interested
66in taking any exam certification exam? Contact me now for remote support. Success
66
attempt. wa.me/12694315721
upvoted 2 times
viksap 10 months, 1 week ago
what's the proposal?
upvoted 1 times
eli_2000 10 months, 2 weeks ago
i need that
upvoted 2 times
rodwave 10 months, 2 weeks ago
Selected Answer: C
Answer: Proprietary
淘宝店铺:https://shop63989109.taobao.com/
Proprietary information, also known as a trade secret,
is information a company wishes to keep confidential
upvoted 3 times
RonWonkers 12 months ago
Selected Answer: C
I agree with C
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #73
A Chief Security O cer (CSO) is concerned that cloud-based services are not adequately protected from advanced threats and malware. The CSO
believes there is a high risk that a data breach could occur in the near future due to the lack of detective and preventive controls. Which of the
following should be implemented to BEST address the CSO's concerns? (Choose two.)
A. A WAF
B. A CASB
C. An NG-SWG
D. Segmentation
店
店
铺
E. Encryption
铺
;
学
F. Containerization
;
学
习
习
小
小
店
店
66
Correct Answer: CD
66
Community vote distribution
BC (94%)
stoneface
Highly Voted
4%
1 year ago
Selected Answer: BC
NG-SWG -> NG SWG) is designed to address the key cloud and web security use cases encompassing granular policy controls, web filtering,
threat protection, and data protection spanning managed and unmanaged apps, cloud services, and web traffic.
CASB The CASB serves as a policy enforcement center, consolidating multiple types of security policy enforcement and applying them to
everything your business utilizes in the cloud—regardless of what sort of device is attempting to access it, including unmanaged smartphones, IoT
devices, or personal laptops.
upvoted 40 times
carpathia
Highly Voted
10 months, 1 week ago
Selected Answer: BC
CASB and NGSWG (pg 164 in D Gibson's book on SY0-601).
upvoted 8 times
Protract8593
Most Recent
2 months ago
Selected Answer: BC
The correct answers are:
B. A CASB (Cloud Access Security Broker)
A CASB is a security solution that helps organizations extend their security policies and controls to the cloud environment. It provides visibility
into cloud-based services, detects and prevents cloud-specific threats, and enforces security policies.
C. An NG-SWG (Next-Generation Secure Web Gateway)
An NG-SWG is a security solution that combines traditional web filtering with advanced security features, such as application control, URL filtering,
anti-malware, and data loss prevention. It can help protect against advanced threats and malware in cloud-based services accessed through web
browsers.
店
店
铺
铺 and malware by providing additional
Both B and C address
; the CSO's concerns about protecting cloud-based services from advanced threats
;
学visibility into cloud activities.
学
security controls and
习
习
upvoted 5 times
小
小
店
店
6
66
ApplebeesWaiter1122 2 months, 6
3 weeks ago
Selected Answer: BC
An NG-SWG combines traditional secure web gateway capabilities with advanced security features such as advanced threat detection, sandboxing,
data loss prevention, and SSL/TLS inspection.
By deploying an NG-SWG, organizations can apply granular security policies to monitor and control web traffic to and from cloud-based services,
ensuring that malicious activity is detected and blocked. The NG-SWG can provide advanced threat intelligence, content filtering, and behavioral
analysis to protect against known and unknown threats. It also offers visibility into user activities, allowing organizations to detect anomalies and
potential security breaches.
A Cloud Access Security Broker (CASB) can also help address the concerns by providing additional security controls and visibility into cloud-based
services. A CASB acts as an intermediary between users and cloud service providers, allowing organizations to enforce security policies, monitor
user activity, and detect and prevent unauthorized access to cloud resources.
upvoted 3 times
Yawannawanka 5 months ago
淘宝店铺:https://shop63989109.taobao.com/
Based on the requirements described in the scenario,
the BEST solution to adopt would be PKI, or Public Key Infrastructure.
PKI is a system that uses a combination of public and private keys to provide secure communication over an insecure network. It uses digital
certificates, which are issued by a trusted third party, to authenticate the identities of users and devices. These certificates can be used to sign,
encrypt, and decrypt transactions, ensuring their confidentiality and integrity.
In the scenario, one company is responsible for deploying a trusted solution that will register and issue artifacts used to sign, encrypt, and decrypt
transaction files. PKI is a well-established and widely used technology for this purpose, and it meets the requirements described in the scenario.
Blockchain, SAML, and OAuth are all useful technologies in their own right, but they may not be the best fit for the scenario described. Blockchain,
for example, is more commonly used for secure distributed ledgers rather than transaction signing and encryption. SAML and OAuth are used
more for authentication and authorization rather than encryption and decryption. Therefore, PKI is the BEST solution to adopt in this scenario.
upvoted 2 times
Abdul2107 5 months ago
Your answer does not apply here, it’s for 3 questions back (question 70)
upvoted 5 times
店
铺
;
店
铺
;
学
学
Yawannawanka 5 months ago
习
习
A Chief Security Officer (CSO) is concerned that cloud-based services are not adequately protected from advanced threats and malware. The CSO
believes there is a high risk that a data breach could occur in the near future due to the lack of detective and preventive controls. Which of the
following should be implemented to BEST address the CSO's concerns? (Choose two.)
小
小
店
店
66
66
A. A WAF
B. A CASB Most Voted
C. An NG-SWG Most Voted
D. Segmentation
E. Encryption
F. Containerization
upvoted 1 times
Kraken84 1 month, 2 weeks ago
B. A CASB
C. An NG-SWG
upvoted 1 times
darklion 5 months, 2 weeks ago
Selected Answer: BC
A CASB (Cloud Access Security Broker) provides visibility into cloud application usage and provides security policies that can be used to prevent
risky activities. This helps detect and prevent advanced threats and malware in cloud-based services.
An NG-SWG (Next-Generation Secure Web Gateway) provides advanced security features, such as web filtering, SSL inspection, and cloud
application control, which can help detect and prevent advanced threats and malware in cloud-based services.
Therefore, options B and C should be implemented to best address the CSO's concerns.
upvoted 2 times
cmyjw 5 months, 3 weeks ago
Can anyone tell me why WAF is not a right answer?
upvoted 1 times
leobro 4 months, 1 week ago
i think because it is a cloud based service the answer is NG-SWG & CASB
upvoted 1 times
monzie 5 months, 4 weeks ago
Selected Answer: AB
店
A. A WAF
B. A CASB
店
铺
铺
;
;
学
学
习
习
Explanation:
A WAF (Web Application Firewall) can provide security controls to protect against advanced threats, including malware. It can detect and block
malicious requests and payloads, and it can also help prevent data leakage from web applications. A WAF can also provide real-time monitoring
and threat intelligence.
小
店
66
小
店
66
A CASB (Cloud Access Security Broker) can provide visibility and control over cloud services to prevent data breaches. It can detect and prevent
unauthorized access to cloud services, enforce policies for data protection, and provide real-time monitoring and threat intelligence.
upvoted 1 times
skeletor23 6 months ago
C and D, NG SWG seems obvious. D "a physical or virtual architectural approach dividing a network into multiple segments, each acting as its own
subnetwork providing additional security and control"
upvoted 1 times
MasterControlProgram 6 months, 1 week ago
Selected Answer: AB
A. A WAF and B. A CASB are the two best solutions to address the CSO's concerns. A WAF can help detect and prevent web-based attacks on
cloud-based services, while a CASB can provide visibility and control over cloud-based services to prevent data breaches. Segmentation,
淘宝店铺:https://shop63989109.taobao.com/
encryption, and containerization are also good security
measures, but they do not specifically address the risks associated with cloud-based
services. An NG-SWG (Next-Generation Secure Web Gateway) may help, but a CASB is a more specialized solution for cloud security.
upvoted 2 times
Nishkurup 6 months, 3 weeks ago
A CASB: A Cloud Access Security Broker (CASB) can provide visibility and control over cloud-based services. CASBs can monitor user activity,
enforce security policies, and protect data in the cloud. They can also detect and block unauthorized access attempts, enforce encryption policies,
and prevent data leakage. CASBs can help the CSO to gain better visibility and control over cloud-based services, and protect them from advanced
threats and malware.
Segmentation: Segmentation can be used to limit the access of different parts of the network to one another, making it more difficult for
attackers to move laterally within the network. Implementing segmentation for cloud-based services can help reduce the risk of a data breach and
protect against advanced threats and malware.
While the other solutions such as a WAF, NG-SWG, encryption, and containerization can provide additional security measures, they may not
address the concerns of the CSO regarding the security of cloud-based services as effectively as the CASB and segmentation solutions.
upvoted 1 times
店
Nishkurup 6 months, 1 week ago
铺 go for CASB and NGSWG
I think I will
;
upvoted 1 times 学
习
小 ago
scarceanimal 7 months, 3 weeks
店
66
Selected Answer: BC
店
铺
;
学
习
小
店
66
both cloud controls that address the dude's concerns. :)
upvoted 1 times
mhmtn 7 months, 3 weeks ago
I think C and D. I have been inspired divide and manage policy that is a British tactic on the head of century:)
upvoted 1 times
okay123 10 months, 2 weeks ago
Selected Answer: BC
Correct would be B & C
upvoted 1 times
carpathia 10 months, 2 weeks ago
Selected Answer: BC
https://www.netskope.com/blog/where-casb-and-swg-are-headed
It looks like segmentation in the cloud is not that efficient or you'll still need to secure the segments with, well, SWGs probably.
upvoted 1 times
BigV 10 months, 3 weeks ago
How Does Cloud Network Segmentation Support a Defense In-Depth Strategy?
Cloud network segmentation, at its heart, is a Defense-in-Depth cybersecurity approach. It can effectively reduce the risk of data breaches as it
wraps layer upon layer of security around IT systems and data. This multi-layered cybersecurity strategy prevents malicious malware from
spreading across every network in a business organization. It can also efficiently block hackers from quickly accessing networks and eliminate the
possibility of sensitive data from being exposed.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #74
An organization is planning to roll out a new mobile device policy and issue each employee a new laptop. These laptops would access the users'
corporate operating system remotely and allow them to use the laptops for purposes outside of their job roles. Which of the following
deployment models is being utilized?
A. MDM and application management
B. BYOD and containers
C. COPE and VDI
D. CYOD and VMs
店
店
铺
铺
;
;
学
Correct Answer: B
学
习
小
店
Community vote distribution
C (94%)
stoneface
习
小
Highly Voted
66
店
66
4%
1 year ago
Selected Answer: C
Bring your own device (BYOD)—the mobile device is owned by the employee. The mobile will have to meet whatever profile is required by the
company (in terms of OS version and functionality) and the employee will have to agree on the installation of corporate apps and to some level of
oversight and auditing. This model is usually the most popular with employees but poses the most difficulties for security and network managers.
Corporate owned, business only (COBO)—the device is the property of the company and may only be used for company business.
Corporate owned, personally-enabled (COPE)—the device is chosen and supplied by the company and remains its property. The employee may
use it to access personal email and social media accounts and for personal web browsing (subject to whatever acceptable use policies are in
force).
Choose your own device (CYOD)—much the same as COPE but the employee is given a choice of device from a list.
upvoted 39 times
Ay_ma
Highly Voted
1 year ago
Selected Answer: C
COPE: Corporate-Owned Personally Enabled. The question states that the company is handing out laptops but then they can use them outside of
business requirements.
VDI (Virtual Desktop Infrastructure): You can access Operating Systems Virtually, It's like a whole desktop, but virtual.
Regarding the question, the employees can access company data through VDI, while being able to use the laptops for personal stuff.
upvoted 7 times
BobsUrUncle2
Most Recent
9 hours, 7 minutes ago
Selected Answer: C
The laptops are company owned i.e. COPE
upvoted 1 times
Protract8593 2 months ago
Selected Answer: C
The correct answer is:
C. COPE and VDI (Corporate-Owned, Personally Enabled, and Virtual Desktop Infrastructure)
In the scenario described, the organization is planning to issue laptops to its employees (corporate-owned) and allow them to use the laptops for
personal purposes (personally enabled). Additionally, the laptops would access the users' corporate operating system remotely, which implies the
use of Virtual Desktop Infrastructure (VDI). The COPE model refers to the practice of providing employees with corporate-owned devices that can
also be used for personal activities.
upvoted 5 times
店
店
铺
铺
;
;
学
学
习
小
店
6 3 weeks ago
ApplebeesWaiter1122 2 months, 6
习
小
店
66
Selected Answer: C
In a COPE model, the organization provides employees with corporate-owned devices, such as laptops, while allowing them some level of
personal use. This means that employees can use the laptops for both work-related tasks and personal purposes.
VDI, on the other hand, refers to Virtual Desktop Infrastructure, which enables users to access their corporate operating system remotely. With VDI,
the actual operating system and applications run on virtual machines hosted on centralized servers, and users connect to these virtual machines
from their laptops or other devices. This allows employees to access their corporate environment and use the provided laptops for work
purposes.
upvoted 3 times
fouserd 5 months, 2 weeks ago
Selected Answer: C
The scenario involves the organization issuing laptops to employees for work purposes and allowing them to use the laptops for personal
purposes as well. This is characteristic of the COPE deployment model, in which the organization owns and manages the device, but employees
淘宝店铺:https://shop63989109.taobao.com/
are allowed to use it for personal purposes as well.
upvoted 1 times
Drealjesusfreak 6 months, 2 weeks ago
So, can CYOD be used for both cooperate and personal use and i though CYOD is also property of the compony?
upvoted 1 times
applepieboy 8 months ago
Selected Answer: C
There is no way to no whether or not VDI is involved in this situation, but the answer is clearly the one with COPE (corporate owned, personally
enabled). The workers don't own the device, but it is allowed to be used for personal business. By definition COPE
upvoted 5 times
byfener 9 months, 2 weeks ago
Selected Answer: C
店
店
铺
铺
It has to be C , in the explanation say " An organization is planning to roll out a new mobile device policy and issue each employee a new laptop. "
upvoted 1 times
;
;
学
习
carpathia 1 year ago
学
习
小
Selected Answer: C
小
店
店
66
66
VDI is installed on laptops, no probs (search best laptops for VDI on Google). I don't think anyone uses Terminals anymore. COPE does allow users
to use the device for personal activities.
upvoted 4 times
Swarupam 1 year ago
Selected Answer: C
answer is hidden in the question! Company is providing the laptops .. so its COPE
upvoted 4 times
remtech 7 months, 3 weeks ago
says - issue each employee COPE
upvoted 1 times
cozzmo 1 year ago
NOT VDI: issue each employee a new laptop. (VDI is a virtual workspace on a server. so you don't get a laptop).
NOT BYOD: issue each employee a new laptop.
NONE of these work!
upvoted 1 times
TR3Y 1 year ago
VDI can be used with COPE devices. I currently work at an organization that leverages VDI and gives us laptops....
upvoted 6 times
Wiggie 1 year ago
Selected Answer: A
https://www.ibm.com/topics/mobile-device-management
upvoted 1 times
comeragh 1 year ago
Selected Answer: C
Agree with C here. "issue each employee a new laptop". Laptops are issued so cannot be BYOD or CYOD.
upvoted 1 times
varun0 1 year ago
店
铺
Selected Answer: C
; the laptops and can be used for personal use
Corporate is providing
学
习
upvoted 1 times
小
店
Wiggie 1 year ago
66
店
铺
;
学
习
小
店
66
Selected Answer: A
https://control.connectwise.com/blog/remote-support-access/what-is-mobile-device-managementmdm#:~:text=of%20traditional%20RMM.-,MDM%20is%20a%20type%20of%20security%20software%20used%20by%20an,being%20used%20in%2
0the%20organization.
upvoted 1 times
Kristi 1 year ago
Selected Answer: D
If the company is issuing the laptop's in not BYOD whatever their purpose is.Tricky question
upvoted 1 times
Sandon 7 months, 4 weeks ago
It's really not
upvoted 1 times
淘宝店铺:https://shop63989109.taobao.com/
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #75
Certain users are reporting their accounts are being used to send unauthorized emails and conduct suspicious activities. After further
investigation, a security analyst notices the following:
✑ All users share workstations throughout the day.
✑ Endpoint protection was disabled on several workstations throughout the network.
✑ Travel times on logins from the affected users are impossible.
✑ Sensitive data is being uploaded to external sites.
All user account passwords were forced to be reset and the issue continued.
Which of the following attacks is being used to compromise the user accounts?
店
铺
店
铺
;
;
学
A. Brute-force
学
习
习
小
B. Keylogger
店
66
C. Dictionary
小
店
66
D. Rainbow
Correct Answer: B
Community vote distribution
B (100%)
stoneface
Highly Voted
1 year ago
Selected Answer: B
A Keylogger would be the reason of why even after resetting the passwords the issue persisted.
There is no information about the password itself that would allows to determine if any brute force attack method is being used
upvoted 21 times
varun0
Highly Voted
1 year ago
Selected Answer: B
Keyloggers seems to be it.
Enduser protection is disabled and someone installed a keyloggers since workstations are being shared. Changing password doesn't uninstall this
keylogger which is likely recording the new changed passwords and sending them out to the attacker.
upvoted 12 times
Protract8593
Most Recent
2 months ago
Selected Answer: B
- All users sharing workstations could mean that the keylogger is capturing keystrokes across multiple user sessions.
- Endpoint protection being disabled on several workstations suggests that the attackers might have gained administrative access to the
workstations, allowing them to disable security software without detection.
- Impossible travel times on logins from the affected users indicate that someone other than the legitimate user might be logging in using their
credentials, possibly from a different location.
- Sensitive data being uploaded to external sites indicates unauthorized access to sensitive information, likely obtained through captured
keystrokes.
店
店
铺
铺
The hint that everyone
; missed:
;
✑ Sensitive data is学
being uploaded to external sites.
习 was hardware-based and it must have had a WAP that the attacker was able学
This means that the keylogger
to习
connect
to and retrieve all the users'
小
小
keystrokes through the login 店
portal of the keylogger (a local IP like 192.168.0.10).
店
6
66
upvoted 2 times
6
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: B
The key indicators in the scenario point towards the presence of a keylogger:
All users share workstations throughout the day: This means that multiple users are accessing the same workstations, making it easier for a
keylogger to capture keystrokes from different users.
Endpoint protection was disabled on several workstations: Disabling endpoint protection allows malware, including keyloggers, to go undetected
on the compromised workstations.
Impossible travel times on logins: This suggests that the attacker is remotely accessing the compromised accounts, which is consistent with the
use of a keylogger.
Sensitive data uploaded to external sites: The presence of a keylogger enables the attacker to capture sensitive information, such as login
credentials and other data, and upload it to external sites for unauthorized use.
upvoted 2 times
淘宝店铺:https://shop63989109.taobao.com/
z3phyr 5 months, 3 weeks ago
Nothing was clear until you pick out the fact that the password resets didn't help. Makes it pretty clear
upvoted 2 times
skeletor23 6 months ago
passwords have been reset but the issue continue, in this case can only be a keylogger which is "recording" the new password entered
upvoted 1 times
rodwave 10 months, 2 weeks ago
Selected Answer: B
Answer - Keylogger
A keylogger or keystroke logger is a type of monitoring software that can be used to collect keystrokes that you type. A keylogger was likely used
to capture various sensitive information and credentials. As the issue continued after the password reset, the keylogger was still capturing
information as it wasn't removed.
=========================
Brute-force - trail and error attempts to guess login info
Dictionary - a form of brute force attack that uses common words, phrases and variations
Rainbow - uses tables of reversed hashes to crack passwords
upvoted 5 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
Knowledge33 11 months ago
66
66
There is no relationship between the context and the questions/responses. It's so weird
upvoted 7 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #76
A security forensics analyst is examining a virtual server. The analyst wants to preserve the present state of the virtual server, including memory
contents. Which of the following backup types should be used?
A. Snapshot
B. Differential
C. Cloud
D. Full
E. Incremental
店
店
铺
铺
;
Correct Answer: A
学
习
Community vote distribution
stoneface
;
学
习
小
Highly Voted
小
店
店
6
A (97%) 6
66
1 year ago
Selected Answer: A
A snapshot preserves the state and data of a virtual machine at a specific point in time.
The state includes the virtual machine’s power state (for example, powered-on, powered-off, suspended).
The data includes all of the files that make up the virtual machine. This includes disks, memory, and other devices, such as virtual network interface
cards.
A virtual machine provides several operations for creating and managing snapshots and snapshot chains. These operations let you create
snapshots, revert to any snapshot in the chain, and remove snapshots. You can create extensive snapshot trees.
upvoted 22 times
Protract8593
Most Recent
2 months ago
Selected Answer: A
A snapshot backup is the appropriate type to use when the security forensics analyst wants to preserve the present state of the virtual server,
including memory contents. A snapshot is a point-in-time copy of the virtual machine (VM) that captures its entire state, including its memory. This
allows for the virtual server to be restored to the exact state it was in when the snapshot was taken, including any volatile data present in memory
at that moment.
For the purpose of preserving the present state of the virtual server, including memory contents, a snapshot backup is the most appropriate
choice.
upvoted 1 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: A
A snapshot is a point-in-time copy of a virtual machine's disk file, including its memory state. It captures the entire state of the virtual server at a
specific moment, including the memory contents, disk contents, and configuration settings. This allows for the preservation of the virtual server's
current state, which can be useful for forensic analysis, system recovery, or other purposes.
upvoted 1 times
Tango58 6 months ago
Selected Answer: B
FULL backup will store everything on it.
upvoted 1 times
店
铺
;
HCM1985 3 weeks,
学 4 days ago
习 state
But no the current memory
小
店
upvoted 3 times
66
店
铺
;
学
习
小
店
66
skeletor23 6 months ago
Answer is A, a good practical of this is to download oracle VM set up a virtual machine and in software there is an option to "snapshot" current
device
upvoted 2 times
JaMorant 7 months, 3 weeks ago
present state is the keyword in this case so snapshot will do the job
upvoted 2 times
kennyleung0514 8 months, 4 weeks ago
A VM snapshot file consists of all the files stored on the storage devices of a virtual machine. Taking a snapshot creates files with extensions .vmdk,
-delta.vmdk, .vmsd, and .vmsn, which are stored with the VM base files.
A memory snapshot also includes a memory state file (with extension .vmsn) that holds the memory of the VM at the time of the snapshot capture.
The size of the memory file and the time it takes 淘宝店铺:https://shop63989109.taobao.com/
to capture the memory state depends on the configured maximum memory for the
original/parent VM.
upvoted 1 times
hackerguy 11 months ago
Selected Answer: A
per dion training notes:
Type of backup primarily used to capture the entire operating system
image including all applications and data
§ Snapshots are also commonly used with virtualized systems
upvoted 2 times
comeragh 1 year ago
Selected Answer: A
店
Agree with A snapshot being the correct answer here
upvoted 2 times
铺
;
店
铺
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #77
After returning from a conference, a user's laptop has been operating slower than normal and overheating, and the fans have been running
constantly. During the diagnosis process, an unknown piece of hardware is found connected to the laptop's motherboard. Which of the following
attack vectors was exploited to install the hardware?
A. Removable media
B. Spear phishing
C. Supply chain
D. Direct access
店
店
铺
Correct Answer: A
铺
;
;
学
学
习
Community vote distribution
小
店
66
D (69%)
YusufMadkour
习
小
Highly Voted
店
A (23%)
8%
66
1 year ago
Selected Answer: D
D because no hardware can be installed on the motherboard unless the perpetrator had direct access to the machine.
upvoted 30 times
Sandon 8 months, 1 week ago
Or the supply chain
upvoted 4 times
scarceanimal 7 months, 3 weeks ago
that's not an attack vector
upvoted 3 times
CTE_Instructor 6 months, 3 weeks ago
Security+ 601 Objectives Section 1.5 Explain different threat actors, vectors, and intelligence sources.
Vectors:
* Direct Access
* Email
* Supply Chain
* Social Media
* Removable media
* Cloud
The answer is *most likely* direct access, as the problem started after going to the conference. It's implied someone gained physical
access to this laptop and installed hardware on the motherboard -or- plugged in a USB drive. It's unlikely, however it's possible a supply
chain attacker could have also installed hardware inside the laptop prior to shipping to a company.
Either way, the attacker would have needed direct access to complete this attack. It's more general than the other options, and covers all
possibilities.
upvoted 4 times
5 months, 3 weeks ago
店 Butankiuser
so 铺
the attacker doesn't need direct access.
铺 the user could have found the USB on the floor and plugged it in themselves,店
;
;
upvoted
学1 times
学
习
习
小5 days, 17 hours ago
小
TreeeSon
店
店
DO NOT make assumptions
on CompTIA exams. If it isn't stated, it never happened.
66
66
upvoted 1 times
80drag 1 year ago
but it doesnt say installed just connected. The usb connector is attached to the motherboard
upvoted 5 times
TheDarkSide2405 8 months, 1 week ago
USB doesn't unknown piece of hardware
upvoted 3 times
80drag 1 year ago
I redact the previous statement
upvoted 3 times
Boogie_79
Highly Voted
1 year ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: D
Direct access
upvoted 5 times
Dogeo
Most Recent
3 weeks, 3 days ago
A Removable Media.
Direct Access is being physically at the device to perform malicious acts rather than the use of software or hardware, the question says that
hardware has been connected to the mother board, everything including USB ports are connected to the motherboard so this dose not rule out
USB hardware
Although they would need Direct Access to attach the hardware it is the hardware itself causing the issue.
upvoted 1 times
Dogeo 1 month ago
Its A, the question states unknow hardware has been attached to the motherboard (removeable media)
店
店
铺
;
铺
;
Direct access would be the malicious user performing an attack while physically at the device.
upvoted 1 times
学
学
习
习
小
小
店
店
RevolutionaryAct 1 month, 2 weeks ago
Selected Answer: A
66
66
Well I learned something new, you can directly add removable media to the motherboard, whic is what I picked but for different reasons. One
could say direct access but hardware attached to a motherboard is removable:
https://www.howtogeek.com/201493/ask-htg-can-i-plug-a-usb-device-right-into-my-motherboard/
upvoted 1 times
sujon_london 1 month, 2 weeks ago
Selected Answer: A
This very straight forward question with given clue that found hardware connected with motherboard. As we all know that any USB port connected
with motherboard of the Computer. It’s simple of-course we maybe thinking critically due to CompTIA or easy option given.
upvoted 1 times
Protract8593 2 months ago
Selected Answer: D
In the given scenario, the laptop issues started after the user returned from a conference. Furthermore, an unknown piece of hardware was found
connected to the laptop's motherboard. These details indicate that someone had physical access to the laptop and inserted the unknown
hardware directly.
A direct access attack involves an attacker physically accessing a device to compromise it. In this case, the attacker likely inserted malicious
hardware or tampered with the laptop's internal components to gain unauthorized access and control over the system.
Why A and C are wrong according to ChatGPT:
- A. Removable media: This option involves using external devices like USB drives, CDs, or DVDs to introduce malware to a system. While it's a
possible attack vector, it does not explain the presence of unknown hardware on the laptop's motherboard.
- C. Supply chain: A supply chain attack involves compromising devices or components during the manufacturing or distribution process. In this
case, the laptop was not new, and the issue occurred after the user returned from a conference, making a supply chain attack less likely.
upvoted 2 times
Aleem001 2 months, 1 week ago
Selected Answer: A
Come on Guys,
Have you ever opened a computer to see the motherboard, its A, as USB port is connected to the motherboard after all, plus it happed in the
conference room, not in any computer hardware Lab.
upvoted 2 times
店
铺 2 months, 1 week ago
Aleem001
;
学 piece of hardware is found.
Scenario says : unknown
习
upvoted 2 times
小
店
663 weeks ago
ApplebeesWaiter1122 2 months,
店
铺
;
学
习
小
店
66
Selected Answer: D
Direct access refers to physically accessing a device or its components, and in this case, it seems that someone had direct physical access to the
laptop and installed the unknown hardware on the motherboard. The symptoms of the laptop operating slower, overheating, and constant fan
activity further suggest that a physical modification or tampering has occurred.
Supply chain attacks typically involve compromising the supply chain process to introduce malicious software or components into devices during
manufacturing or distribution. While supply chain attacks can result in compromised hardware, they are not the most likely explanation in this
specific scenario, as the user's laptop was affected after returning from a conference.
upvoted 2 times
JAMBER 4 months ago
Selected Answer: C
Got to love some of these questions. I went with C supply chain. I didn't read enough clues to determine it to be
A. Removable Media: usually external storage and not internally attached to motherboard.
淘宝店铺:https://shop63989109.taobao.com/
B. Spear Phishing: well yeah, the throw away choice
D. Direct Access: typically refers to unauthorized physical access
C. Supply Chain with possible (hardware) time-delayed attack.
upvoted 1 times
DylanB2868 5 months ago
Selected Answer: D
D because it said "after returning from an event" This means the hardware was not there before hand and therefore eliminates the idea of a supply
chain vector.
upvoted 1 times
HypeMan_crew 5 months, 1 week ago
Selected Answer: D
This is not supply chain. This laptop has been in use for a while and not a new laptop. The issue happened after the conference meaning that there
was a direct contact or access from someone on that laptop.
upvoted 1 times
店
店
铺
铺
; weeks ago
tutita 5 months, 3学
习
Selected Answer: D
小
;
学
习
小
店
has to be direct access, usb media
in a laptop is extremely obvious, and they mention "after returning" meaning he 店
left6
unattended the laptop
6
6
6
somewhere.
upvoted 1 times
skeletor23 6 months ago
although both seem correct to me, question asks which attack vector was explotied? direct access is an attack vector, which includes removable
media
upvoted 2 times
demetress 6 months ago
Selected Answer: C
Based on the given scenario, it is likely that the attack vector that was exploited to install the unknown piece of hardware on the laptop's
motherboard is C. Supply chain.
The fact that the user's laptop began to experience issues after returning from a conference suggests that the unknown hardware was likely
introduced through the supply chain, meaning that it may have been added to the laptop during the manufacturing or distribution process. This
type of attack is known as a supply chain attack, which involves compromising the supply chain to deliver malicious components to a target
system or device.
Removable media and spear phishing are also common attack vectors, but they typically involve user interaction, such as opening an infected
email attachment or inserting a compromised USB drive into a computer. Direct access attacks involve physically accessing a device, which may
not be feasible in this scenario.
upvoted 3 times
MasterControlProgram 6 months, 1 week ago
Selected Answer: C
The attack vector that was most likely exploited to install the hardware on the user's laptop is the supply chain. This attack involves tampering with
hardware, firmware, or software during the manufacturing or distribution process, allowing the attacker to gain access to the targeted system. The
hardware found on the laptop's motherboard is an indication that an attacker may have tampered with the laptop before or during the
manufacturing process. The overheating and slow performance of the laptop could be caused by malicious software or firmware installed by the
attacker.
upvoted 1 times
9e39727 6 months, 2 weeks ago
Selected Answer: D
Voting D (Direct Access) due to the wording. While A (Removable Media) is being used, the question is asking how the removable media was
installed.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #78
After a recent security breach, a security analyst reports that several administrative usernames and passwords are being sent via cleartext
across the network to access network devices over port 23. Which of the following should be implemented so all credentials sent over the
network are encrypted when remotely accessing and con guring network devices?
A. SSH
B. SNMPv3
C. SFTP
D. Telnet
E. FTP
店
店
铺
铺
;
;
学
学
习
习
小
小
店
Correct Answer: A
店
66
Community vote distribution
66
A (100%)
comeragh
Highly Voted
1 year ago
Selected Answer: A
Telnet (port 23) is insecure and should be replaced with SSH (port 22)
upvoted 14 times
[Removed] 1 year ago
Correct, SSH is the answer.
upvoted 3 times
rodwave
10 months, 2 weeks ago
Highly Voted
Selected Answer: A
Answer: SSH (22)
Port 23 (Telnet) and Port 22 (SSH) are network protocols used to remotely access and manage systems however telnet does not encrypt the
connection so captured traffic appears in cleartext whereas an ssh connection would be encrypted.
=========================
SNMP (Simple Network Management Protocol) - is a protocol for collecting and organizing information about managed devices on networks.
Devices that typically support SNMP include servers/desktops, routers, switches, etc.
SFTP (Secure File Transfer Protocol) is a secure file transfer protocol that uses SSH encryption to securely sending and receiving file transfers.
FTP (File Transfer Protocol) - For file transfers
upvoted 8 times
Protract8593
2 months ago
Most Recent
Selected Answer: A
SSH (Secure Shell) is a cryptographic network protocol used to securely access and manage network devices remotely. Unlike Telnet (Option D),
which sends credentials in cleartext over port 23, SSH encrypts all communication between the client and server, providing a secure remote login
and management solution. It ensures that administrative usernames and passwords are not sent in plaintext, making it the best choice for securing
remote access to network devices.
upvoted 2 times
店
店
铺
铺
;
;
学
习
ApplebeesWaiter1122 2 months, 3 weeks ago
小
店
学
习
小
店
6
66 It provides strong
6 designed for secure remote login, command execution, and data communication.
SSH is a cryptographic network protocol
Selected Answer: A
encryption and authentication mechanisms, protecting the confidentiality and integrity of the transmitted data, including usernames and
passwords. Unlike Telnet (option D), which sends data in clear text, SSH encrypts the communication channel, preventing unauthorized
interception and eavesdropping.
upvoted 1 times
fuweezy 5 months, 1 week ago
Selected Answer: A
A is correct
upvoted 1 times
scarceanimal 7 months, 3 weeks ago
Selected Answer: A
ssh replaces telnet in that it provides an encrypted session. Telnet sends in clear text, unsecure.
淘宝店铺:https://shop63989109.taobao.com/
upvoted 1 times
DALLASCOWBOYS 7 months, 3 weeks ago
A. SSH. SSH is an encryption protocol used to connect to systems.
upvoted 1 times
Samsonite363 8 months ago
Selected Answer: A
Easiest question in this guide.
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #79
Which of the following provides a calculated value for known vulnerabilities so organizations can prioritize mitigation steps?
A. CVSS
B. SIEM
C. SOAR
D. CVE
Correct Answer: A
店
店
铺
Community vote distribution
;
学
习
铺
;
学
习
A (100%)
小
小
店
stoneface
店
66
Highly Voted
66
1 year ago
Selected Answer: A
CVSS is maintained by the Forum of Incident Response and Security Teams (first.org/cvss). CVSS metrics generate a score from 0 to 10 based on
characteristics of the vulnerability, such as whether it can be triggered remotely or needs local access, whether user intervention is required, and
so on
upvoted 14 times
Protract8593
Most Recent
2 months ago
Selected Answer: A
CVSS (Common Vulnerability Scoring System) is a standardized scoring system used to assess and quantify the severity of known vulnerabilities. It
provides a calculated value or score for each vulnerability based on its characteristics and potential impact. The CVSS score helps organizations
prioritize their mitigation efforts by understanding the severity of each vulnerability and taking appropriate action accordingly. Higher CVSS
scores indicate more severe vulnerabilities that require immediate attention and mitigation.
upvoted 1 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: A
CVSS is a standardized framework used to assess and quantify the severity of vulnerabilities in software systems. It provides a numerical score to
represent the risk level associated with a specific vulnerability. The score takes into account various factors, such as the impact of the vulnerability,
its exploitability, and the level of security controls in place. The score helps organizations prioritize their mitigation efforts by focusing on
vulnerabilities with higher scores, indicating a greater potential impact.
upvoted 2 times
temple12 6 months, 1 week ago
Selected Answer: A
cvss is the correct answer
upvoted 1 times
DALLASCOWBOYS 7 months, 3 weeks ago
A. CVSS. The Common Vulnerability Scoring System is an industry standard for assessing the severity of security vulnerabilities.
upvoted 3 times
Jossie_C 10 months, 3 weeks ago
店
Selected Answer: A
铺
Common Vulnerability
Scoring System
;
upvoted 1 times
学
习
小months, 4 weeks ago
ExamTopicsDiscussor 11
店
66
CVSS stands for the correct
upvoted 1 times
carpathia 1 year ago
Selected Answer: A
"calculated" = CVSS
upvoted 1 times
comeragh 1 year ago
Selected Answer: A
Agree with A - CVSS here as the correct answer
upvoted 1 times
店
铺
;
学
习
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #80
Several universities are participating in a collaborative research project and need to share compute and storage resources. Which of the
following cloud deployment strategies would BEST meet this need?
A. Community
B. Private
C. Public
D. Hybrid
店
店
铺
Correct Answer: A
铺
;
;
学
Community vote distribution
习
学
习
小
店
A (88%)
66
小
店
13%
66
Protract8593 2 months ago
Selected Answer: A
In a community cloud deployment model, multiple organizations or entities with common interests share computing and storage resources. It is
designed for specific communities of users who have shared concerns or requirements, such as research projects, government agencies, or
educational institutions. In this scenario, where several universities are participating in a collaborative research project and need to share compute
and storage resources, a community cloud deployment strategy would be the best fit.
upvoted 2 times
matace 2 months, 1 week ago
Selected Answer: D
The best cloud deployment strategy for several universities participating in a collaborative research project to share compute and storage
resources would be a hybrid cloud deployment.
A hybrid cloud deployment allows organizations to use a combination of public and private cloud resources. This gives the universities the
flexibility to choose the right cloud platform for their specific needs. For example, they could use the public cloud for resources that need to be
highly scalable and available, such as data storage and computing power. They could then use the private cloud for resources that need to be
more secure and compliant, such as sensitive research data.
A hybrid cloud deployment would also allow the universities to share resources more efficiently. For example, they could use the public cloud for
peak demand periods, such as when they are running large-scale simulations. They could then use the private cloud for more consistent demand
periods, such as when they are running smaller-scale experiments.
upvoted 1 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: A
A community cloud is a deployment model that is specifically designed to serve a specific community or group of organizations with shared
interests and requirements. In this case, the universities participating in the research project form a community that can leverage the community
cloud model.
With a community cloud, the universities can establish a shared infrastructure that is dedicated to their specific needs. They can collectively pool
their resources, such as computing power and storage, and share them among the participating universities. This allows for efficient resource
utilization, cost-sharing, and collaborative research efforts.
upvoted 1 times
店
铺
scarceanimal 7 months, 3 weeks ago
;
Selected Answer: A
学
sharing infrastructure
upvoted 2 times
店
铺
;
学
习
习
小
店
66
DALLASCOWBOYS 7 months, 3 weeks ago
小
店
66
A. Community Cloud Deployment, where tenants are limited to members of a specifically designed community. Community memberships is
normally based on a shared mission, similar security and compliance requirements, or other commonalities.
upvoted 1 times
Astra10 8 months ago
D. Hybrid cloud deployment strategy would BEST meet the need for universities participating in a collaborative research project to share compute
and storage resources. A hybrid cloud deployment allows organizations to use a combination of public and private cloud resources. In this case,
the universities can keep sensitive data on their private cloud while sharing the compute and storage resources on a public cloud. This way, the
universities can have the benefits of both the public and private cloud.
A. Community cloud deployment strategy is when multiple organizations share a cloud infrastructure, but the resources are only available to a
specific community of users.
B. Private cloud deployment strategy is when an organization builds and maintains a cloud infrastructure for its own use.
淘宝店铺:https://shop63989109.taobao.com/
C. Public cloud deployment strategy is when an organization
uses a cloud infrastructure provided by a third-party provider, available to the
general public.
upvoted 2 times
assfedass nished 3 weeks, 1 day ago
No, it's community cloud. You're adding data to the question that it does not ask for.
upvoted 1 times
bsComptia 8 months, 1 week ago
A community cloud deployment strategy, while it may be able to meet the need for sharing compute and storage resources among a group of
universities, would likely not be the best option. A community cloud is typically shared among organizations with similar security and compliance
requirements, and is often managed by a third-party provider. However, the level of control and customization offered by a community cloud
may be limited compared to a hybrid cloud deployment strategy, which combines elements of both public and private cloud deployment. This
would give the universities more control and flexibility in terms of how they manage and utilize their shared resources.
upvoted 1 times
店
bsComptia 8 months, 1 week ago
铺
;
how about this?
upvoted 1 times
店
铺
;
学
学
习
习
小
小
店
店
bsComptia 8 months, 1 week ago
66
66
A hybrid cloud deployment strategy is a combination of both private and public cloud deployment. This approach allows organizations to
take advantage of the benefits of both types of clouds, depending on their specific needs.
In a hybrid cloud deployment, sensitive and/or regulated data is kept on the private cloud, which provides a higher level of security and
compliance. Meanwhile, less sensitive workloads can be run on the public cloud, which allows for greater scalability and cost-effectiveness.
The two clouds are connected through secure, dedicated connections, such as VPNs, allowing for data and application portability.
This deployment strategy allows organizations to take advantage of the benefits of both public and private clouds, depending on their
specific needs. It also allows organizations to reduce costs by using public cloud resources for non-sensitive workloads, and to improve
security by keeping sensitive data on the private cloud.
upvoted 1 times
[Removed] 8 months, 1 week ago
Selected Answer: A
A community cloud is defined as a cloud infrastructure in which multiple organizations share resources and services based on common
operational and regulatory requirements.
upvoted 2 times
[Removed] 9 months, 3 weeks ago
Selected Answer: D
D - becouse they only share compute and storage - so they connect on presmise network with cloud - which they share.
upvoted 1 times
Jossie_C 10 months, 3 weeks ago
Selected Answer: A
Community is when different organizations share same stuff
upvoted 3 times
nobodyridesforfree 11 months, 1 week ago
Selected Answer: A
Community (shared)
upvoted 1 times
comeragh 1 year ago
店
Selected Answer: A
铺 " share compute and storage resources"
A - Community;
学
upvoted 2 times
习
小
varun0 1 year ago
店
66
Selected Answer: A
Community
upvoted 1 times
店
铺
;
学
习
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #81
A forensic analyst needs to prove that data has not been tampered with since it was collected. Which of the following methods will the analyst
MOST likely use?
A. Look for tampering on the evidence collection bag.
B. Encrypt the collected data using asymmetric encryption.
C. Ensure proper procedures for chain of custody are being followed.
D. Calculate the checksum using a hashing algorithm.
店
店
铺
Correct Answer: D
铺
;
;
学
Community vote distribution
习
D (63%)
rodwave
Highly Voted
学
习
小
店
66
小
店
C (37%)
66
10 months, 2 weeks ago
Selected Answer: D
Answer: Calculate the checksum using a hashing algorithm. (D)
A checksum is specifically intended to verify the integrity of data or find data corruption. Comparing a file's original and current checksum. And if
a byte or even a piece of the file's data has been changed, the original and current checksum will be different, and therefore you will know
whether it's the same file or not.
=====================
(A) - This is essentially the physical version of checking if something was tampered but wouldn't work for virtual data
(B) - Dont need to encrypt anything
(C) - Even if a proper chain of custody was followed, it doesn't guarantee that data hasn't been modified by anyone that had access to the data.
upvoted 25 times
stoneface
Highly Voted
1 year ago
Selected Answer: C
Procedure to establish the Chain of Custody
In order to assure the authenticity of the chain of custody, a series of steps must be followed. It is important to note that the more information
Forensic expert obtains concerning the evidence, the more authentic is the created chain of custody. You should ensure that the following
procedure is followed according to the chain of custody for electronic devices:
Save the original material
Take photos of the physical evidence
Take screenshots of the digital evidence.
Document date, time, and any other information on the receipt of the evidence.
Inject a bit-for-bit clone of digital evidence content into forensic computers.
Perform a hash test analysis to authenticate the working clone.
upvoted 17 times
KetReeb 1 year ago
While your reasoning is a best practice, the only way to Prove the integrity of the data after its been handled is by verifying the checksum
(Answer D).
upvoted 36 times
店
stoneface 1 year ago
铺
I stand corrected
; -> D is correct - ensuring is not a method
学
upvoted 20 times
习
小 2 weeks ago
Kraken84 1 month,店
66
Now that is a RFM!
店
铺
;
学
习
小
店
66
upvoted 1 times
KetReeb 1 year ago
I'm sorry stoneface, I have to retract my comment after running across the following in the all-in-one review: regarding checksums - A
disadvantage is that they miss larger numbers of errors as a second error can cancel the effect of the first on a checksum. Thus,
checksums serve no real purpose in digital forensics.
Your answer is best.
upvoted 11 times
CTE_Instructor 6 months, 3 weeks ago
It's near impossible for a second change in data integrity to "undo" the hash effect of the first error. Multiple changes in file data will
still produce different hash results. Checking hash results of the original collection vs present state is standard for verifying data
integrity.
upvoted 2 times
assfedass nished
Most Recent
淘宝店铺:https://shop63989109.taobao.com/
3 weeks, 1 day ago
Selected Answer: D
It's D. Consider the role. The analyst, as the expert, would validate the checksum. A lawyer or court official would validate via the CoC.
Additionally, anyone can access the data, change it, and properly mark up the chain of custody. If only using the chain of custody without
validating the integrity, false data would be accepted.
upvoted 1 times
BigIshai 1 month, 3 weeks ago
The question asked for what method to verify the integrity of the file in question. the simple answer is to compare the hash valve with the original
when it was collected. The correct answer is D. Ensuring that the proper chain of custody was followed is still subject to interpretation and can not
prove the data has not changed.
upvoted 1 times
Nikamy 1 month, 4 weeks ago
店
店
铺
My answer is D;
铺
Selected Answer: D
upvoted 1 times
;
学
学
习
习
小
Protract8593 2 months ago
小
店
Selected Answer: D
店
66
66
A checksum is a value derived from the content of data, and it serves as a unique identifier for that data. When data is collected for forensic
analysis, the forensic analyst can calculate the checksum using a hashing algorithm (such as MD5, SHA-256, etc.). If the data remains unchanged and
has not been tampered with, the checksum will remain the same. Any alteration or tampering of the data would result in a different checksum
value.
By comparing the calculated checksum of the collected data with a known, trusted checksum (such as the original value), the forensic analyst can
verify that the data has not been tampered with since it was collected. This process ensures data integrity and is commonly used in digital
forensics to validate the authenticity of evidence.
upvoted 1 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: D
Calculating the checksum using a hashing algorithm is a common technique in forensic analysis to ensure data integrity. A hashing algorithm takes
the data as input and generates a unique hash value, which is a fixed-length string of characters. Even a small change in the input data will result in
a significantly different hash value. By comparing the calculated checksum of the collected data with a previously generated checksum of the
original data, the forensic analyst can determine if any tampering or alteration has occurred.
upvoted 2 times
EvelynStandford 4 months, 1 week ago
Selected Answer: C
i started with C after i read all the comment and i was sure it was D but i find this and it make me change my mind
Difference Between a Checksum and a Hash
Checksums and similarity hashes are often used interchangeably, but they have slight differences.
In a nutshell, a Checksum is a hash, but a hash isn’t necessarily a Checksum.
Hashing Applications
Encryption
Storage
Performance
Why Use Checksums?
Why use checksums to compare data over byte-by-byte comparison?
The answer: because it is much smaller (256 bits).
店
店
Byte by Byte comparison requires having the entire copy of files which can be very large (gigabytes).
铺
; small size is small enough to be treated as file metadata.
A checksum’s relatively
学
习
小
How can Checksums be Used?
店ways:
Checksums can be used in many 6
6
铺
;
学
习
小
店
66
in search engines to check for duplicate documents,
in engineering to check for corrupted files
in cryptography to transfer data securely.
upvoted 1 times
EvelynStandford 4 months, 1 week ago
also i find an other source where they say
Step 5: Run the validate command with the clip file name attached to get the checksum for that clip (For PC: Hash = Checksum)
Command
for a proper chain of custody, so if they ensure that the checksum is included in the procedure
upvoted 1 times
fouserd 4 months, 2 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: C
To prove that data has not been tampered with since it was collected, a forensic analyst would MOST likely calculate the checksum using a hashing
algorithm. A hashing algorithm generates a unique fixed-size string of characters, called a hash or checksum, from a given input. By calculating the
hash of the collected data and comparing it to the hash calculated at the time of collection, the analyst can verify that the data has not been
altered.
upvoted 1 times
fouserd 4 months, 2 weeks ago
Apologies meant to click D not C
upvoted 2 times
Yawannawanka 5 months ago
C. Ensure proper procedures for chain of custody are being followed.
Proper chain of custody procedures ensure that the evidence is properly collected, stored, and transferred to prevent tampering or alteration. By
following these procedures, the forensic analyst can demonstrate that the evidence has not been tampered with since it was collected, and can be
relied upon as authentic and admissible in court. The other options do not directly address the issue of proving that data has not been tampered
with.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
Confuzed 5 months, 2 weeks ago
Selected Answer: D
66
66
While ensuring proper chain of custody is critical, following the process is how you ensure that tampering/mishandling doesn't occur, not how
you prove it didn't. To prove that tampering did not occur, the analyst would use hashing.
upvoted 2 times
KnifeClown1 5 months, 2 weeks ago
Selected Answer: D
A checksum is a unique value that is generated from a mathematical algorithm applied to the data. If the data is tampered with in any way, the
checksum value will also change, indicating that the data has been altered. By comparing the original checksum value with the current checksum
value, the forensic analyst can determine whether the data has been tampered with since it was collected.
upvoted 1 times
ffsilveira10 5 months, 2 weeks ago
Selected Answer: C
I believe that the correct option is C. When they say "data" they do not specific which type of data, could be digital or not. If not digital then the
checksum will not be helful. In this case the most likely approach would be keep chain of custody.
upvoted 2 times
darklion 5 months, 2 weeks ago
Selected Answer: D
D. Calculate the checksum using a hashing algorithm.
The checksum calculated using a hashing algorithm can be used to verify that the data has not been altered since it was collected. Any changes to
the data will result in a different checksum, providing evidence that the data has been tampered with. Other methods, such as checking the
evidence collection bag or following proper chain of custody procedures, can help ensure the integrity of the evidence but do not directly prove
that the data has not been tampered with. Encrypting the data using asymmetric encryption will protect the confidentiality of the data but will not
ensure its integrity.
upvoted 1 times
examrobo 5 months, 3 weeks ago
Selected Answer: D
Says prove so D
upvoted 1 times
店
Auzilch 6 months ago
铺
Selected Answer: C;
学
Whenever they ask questions
习 like these, it's pretty much always chain of custody.
小
upvoted 2 times
店
6
Pegasus127 6 months, 1 week ago6
Selected Answer: C
https://www.geeksforgeeks.org/chain-of-custody-digital-forensics/
"It demonstrates trust to the courts and to the client that the evidence has not tampered."
upvoted 1 times
店
铺
;
学
习
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #82
Multiple business accounts were compromised a few days after a public website had its credentials database leaked on the Internet. No
business emails were identi ed in the breach, but the security team thinks that the list of passwords exposed was later used to compromise
business accounts. Which of the following would mitigate the issue?
A. Complexity requirements
B. Password history
C. Acceptable use policy
D. Shared accounts
店
店
铺
Correct Answer: B
铺
;
;
学
学
习
Community vote distribution
小
店
66
B (65%)
antster1000
习
小
Highly Voted
店
C (18%)
A (17%)
66
1 year ago
Don't really feel like any of the answers are sufficient. Would be looking for something like MFA for this.
upvoted 35 times
CTE_Instructor 6 months, 3 weeks ago
Yeah. A few days after the breach, the passwords were a vulnerability? Password history would not be realistic for this scenario. If it said 7
months later, that would make more sense.
Imagine having a 24-hour password policy :cry:
upvoted 8 times
stoneface
Highly Voted
1 year ago
Selected Answer: B
Password reuse is an important concern in any organization. Many users want to reuse the same password for their account over a long period of
time.
upvoted 19 times
stonefacegroupie 5 months, 2 weeks ago
I concur
upvoted 2 times
assfedass nished
Most Recent
2 weeks, 2 days ago
Selected Answer: B
Password history is the least bad of these bad answers.
upvoted 2 times
Kraken84 1 month, 2 weeks ago
"... was later used" is a our key statement here.
upvoted 2 times
BigIshai 1 month, 3 weeks ago
店
店
铺
The scenario indicates
; business accounts have been compromised in an aftermath of a non-related铺security
; incident. Meaning the malicious actors
学the leaked information and used the same on corporate accounts which evidently
学 got compromised because the endgot information from
also
习
习 secondary incident. (logic
users must have reused passwords.
Hence an acceptable policy against password reuse would have mitigated the
小
小
appears sound but open to debate)
店
店
6
66
6
upvoted 2 times
Selected Answer: C
Protract8593 2 months ago
Selected Answer: B
Implementing password history would be an effective measure to mitigate the issue of compromised business accounts in this scenario. Password
history keeps track of previously used passwords, and users are not allowed to reuse old passwords when creating a new one. This prevents
attackers from reusing leaked passwords to gain unauthorized access to business accounts, even if the leaked credentials are known to them.
By enforcing password history, organizations can improve their security posture and protect against credential reuse attacks.
upvoted 1 times
LiteralGod 2 months, 1 week ago
Selected Answer: B
I think given the information we have it would be password history.
upvoted 1 times
ApplebeesWaiter1122 2 months, 3 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: B
Password history: Implementing a password history policy ensures that users cannot reuse their previously used passwords. This prevents attackers
from reusing compromised passwords to gain unauthorized access to business accounts. By maintaining a password history, users are forced to
choose unique passwords each time they update their credentials.
upvoted 1 times
Loonie 3 months ago
I would say B password history, keyword "exposed was later used"
upvoted 1 times
mosher21 5 months, 1 week ago
Selected Answer: A
None of the options are correct. This is another question that sucks. Comptia charges almost 400 dollars for the exam and gives us this nonsense
in return. kudos to them.
upvoted 7 times
店
店
铺
;
铺
;
学2 weeks ago
Confuzed 5 months,
习
小
Selected Answer: A
店
66 solution that makes sense.
Complexity requirements is the only
学
习
小
店
66
An AUP dictates what a user may do with corporate systems, it does not address how the
user should manage their passwords, that would be Code of Conduct or some other policy.
Password history only serves to prevent password reuse on the corporate network; it will do nothing to prevent the user from using the same
passwords on a public site. MAYBE, had the question stated that the password database was old, then password history may make sense, but even
then complexity is the better answer.
A shared account would absolutely do nothing to help with this.
So by elimination we can say it's complexity. However, it intuitively makes sense. A leaked password database would contain password hashes that
need to be cracked, weak passwords are trivial to extract using rainbow table or dictionary attacks while complex passwords may never be
recovered from a leaked password database. Thus the hacker will have a list of weak passwords they will use in their attack. Enforcing complex
passwords nullifies that list.
upvoted 4 times
z3phyr 5 months, 3 weeks ago
Password history > enforces new passwords > makes the leaked passwords irrelevant
upvoted 3 times
TheNoblesse 5 months, 4 weeks ago
Selected Answer: C
Password History only means that once the password leaked, all compromised password should be changed or reset differently
upvoted 1 times
C_M_M 6 months ago
Isn't password history about how long a password can be used before it can be changed?
I don't see how it applies here.
The problem here is users using their corporate passwords on other non-corporate sites
I think Acceptable use policy should address this.
upvoted 1 times
MasterControlProgram 6 months, 1 week ago
Selected Answer: B
A. Complexity requirements and B. Password history are two effective controls to mitigate password-related issues, including the use of weak
passwords or the reuse of previously compromised passwords. By enforcing password complexity requirements, organizations can require users
to use stronger passwords that are more difficult to guess or crack. By enforcing password history, organizations can prevent users from reusing
previously used passwords or the recently compromised ones. This would make it harder for attackers to gain unauthorized access to business
accounts using previously leaked passwords.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
princajen 6 months, 2 weeks ago
Selected Answer: B
Another question that the answer really don't address the questions or issue.
upvoted 3 times
Drealjesusfreak 6 months, 2 weeks ago
this question was not clear tho
upvoted 2 times
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #83
A security analyst wants to ngerprint a web server. Which of the following tools will the security analyst MOST likely use to accomplish this
task?
A. nmap -pl-65535 192.168.0.10
B. dig 192.168.0.10
C. curl --head http://192.168.0.10
D. ping 192.168.0.10
店
店
铺
Correct Answer: C
铺
;
;
学
Community vote distribution
习
习
小
店
C (72%)
stoneface
学
66
Highly Voted
小
店
A (28%)
66
1 year ago
Selected Answer: C
Agreed, for those wondering a curl --head 1.1.1.1 will output this :
HTTP/1.1 301 Moved Permanently
Server: cloudflare
Date: Thu, 01 Sep 2022 22:36:50 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://1.1.1.1/
CF-RAY: 74417cb04d6b9a50-MFE
upvoted 25 times
TinyTrexArmz 7 months, 3 weeks ago
While nmap can be used to fingerprint a webserver, those are not the right parameters to do so. You would use nmap -sV <target> not p<port-range>
upvoted 7 times
Gravoc
Highly Voted
1 year ago
curl --head is similar to curl get. Remember from your studies that get is when a user/entity is requesting to get/download resources from a
server across the internet. Get requests include a header and a body. By doing curl --head, you're sending a request to get information from a
server. The server will reply by providing only the headers of the request, rather than including the body. Therefore a curl --head is a way to send
requests for header-only get requests. This allows people a quick summary of a response server, or in this case, to view it's fingerprint.
upvoted 15 times
Protract8593
2 months ago
Most Recent
Selected Answer: C
Using the command "curl --head" allows the security analyst to perform an HTTP HEAD request to the specified web server (http://192.168.0.10)
without actually downloading the contents. This will retrieve only the headers of the web server's response, which often includes server
information, such as the server software and version, that can be used to fingerprint the web server.
A. nmap -pl-65535 192.168.0.10
店
店
The "nmap" command is used for network scanning, but the given command is not correct. The option "-pl-65535" is invalid. The correct option
for scanning all 65535 TCP ports would be "-p-".
铺
铺
;
;
学
习
Corrected command: nmap -p- 192.168.0.10
小
Output (example):
店
66
学
习
小
店
66
Starting Nmap 7.91 ( https://nmap.org ) at 2023-07-22 12:00 UTC
Nmap scan report for 192.168.0.10
Host is up (0.0020s latency).
Not shown: 65534 closed ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
upvoted 1 times
Protract8593 2 months ago
B. curl --head http://192.168.0.10
The "curl" command is a tool used for transferring data with URLs. The "--head" option is used to perform an HTTP HEAD request and retrieve
only the headers of the web server's response.
淘宝店铺:https://shop63989109.taobao.com/
Output (example):
HTTP/1.1 200 OK
Date: Thu, 22 Jul 2023 12:00:00 GMT
Server: Apache/2.4.41 (Unix)
Last-Modified: Wed, 21 Jul 2023 10:00:00 GMT
ETag: "12345-56789"
Content-Type: text/html
Content-Length: 1234
In this example, the output includes server information such as "Server: Apache/2.4.41 (Unix)", which can be used to fingerprint the web server.
upvoted 2 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: C
The tool that the security analyst would most likely use to fingerprint a web server is option C: curl --head http://192.168.0.10.
店
店
铺
铺 servers. By using the --head option, the
The curl command
is commonly used for making HTTP requests and retrieving information from web
;
;
security analyst can学
send an HTTP HEAD request to the web server specified by the given IP address (192.168.0.10).
This request retrieves only the
学
习
习
HTTP headers of the server's response, which often include information about the server software, version, and other relevant details.
小
小
店
店 such as the server type
By analyzing the server's response6headers, the security analyst can gather information about the web server's fingerprint,
66
6
(e.g., Apache, Nginx) and the specific version. This helps in identifying the server software being used and assists in further analysis and assessment
of potential vulnerabilities or security configurations.
upvoted 2 times
Yawannawanka 5 months ago
Curl is a command-line tool for transferring data from or to a server, and it can be used to obtain the headers of a web server's HTTP response,
which can provide information about the server and its configuration. Therefore, the tool that the security analyst will MOST likely use to
fingerprint a web server is:
C. curl --head http://192.168.0.10
upvoted 1 times
Confuzed 5 months, 2 weeks ago
Selected Answer: A
While "C" is actually more valuable, based on what is in the Official CompTIA study guide I have to go with A.
The only reference to service discovery and fingerprinting in the guide talks about doing so with NMAP. While it clearly talks about using various
switches, I suspect that this is just a poorly worded question.
The command line in A would be part of service discovery rather than fingerprinting... But discovery is done before fingerprinting, so I suspect
that they think that the FIRST command the user will run is what is shown in A... then additional switches used to actually perform fingerprinting of
the services that were discovered?
upvoted 1 times
Kraken84 1 month, 2 weeks ago
"so I suspect that they think"...
....maybe you can think about awhile
upvoted 1 times
cutemantoes 6 months, 1 week ago
Im looking at this question with my wife right now and we both agree this has to be the most dirtiest security plus question we've come across XD
upvoted 1 times
NerdAlert 5 months, 4 weeks ago
ive got bad news for you brotha... keep going 😂
upvoted 2 times
店
铺
;
princajen 6 months, 2 weeks ago
学
Selected Answer: C
习
小
店
店
铺
;
学
习
小
店
Of the options provided, curl is the most likely tool a security analyst would use to fingerprint a web server. The "--head" option tells curl to send
an HTTP HEAD request to the server, which will return a response that includes important metadata about the web server, such as the software
type, version number, and possibly other configuration details.
66
66
The other options listed are not appropriate for fingerprinting a web server. Nmap is a port scanner, which can help identify open ports and
services running on a target system, but it does not provide information about the web server software. Dig is a tool for querying DNS servers to
resolve domain names to IP addresses, and ping is used to test network connectivity, but neither of these tools provide information about the
web server software.
upvoted 1 times
geekneek 7 months, 1 week ago
Selected Answer: C
Curl is a command-line tool that is commonly used to test web applications and is also a popular choice for web application fingerprinting. The "-head" option is used to request only the header information of the web server's response, which can contain information about the web server's
software and version.
Option A, "nmap -pl-65535 192.168.0.10," is a command to perform a ping scan using Nmap. While this may reveal the IP address of the web
淘宝店铺:https://shop63989109.taobao.com/
server, it is not designed for fingerprinting the web
server software.
Option B, "dig 192.168.0.10," is a command for performing DNS queries to retrieve information about domain names. It does not have any direct
relation to fingerprinting a web server.
Option D, "ping 192.168.0.10," is a command to test the connectivity between two devices on a network. It does not provide any information
related to web server fingerprinting.
Therefore, the most appropriate tool for fingerprinting a web server would be "curl --head http://192.168.0.10".
upvoted 3 times
EricShon 7 months, 2 weeks ago
Selected Answer: A
A. nmap -pl-65535 192.168.0.10
upvoted 2 times
店
ronniehaang 7 months, 3 weeks ago
铺
;
店
铺
;
学
Selected Answer: A
学
习
习
The detailed analysis of services on a particular host is often called fingerprinting. This is because each OS or application software that underpins a
network service responds to probes in a unique way. This allows the scanning software to guess at the software name and version, without having
any sort of privileged access to the host. This can also be described as banner grabbing, where the banner is the header of the response returned
by the application.
Nmap is very widely used for this task, or you could use hping or Netcat.
upvoted 1 times
小
小
店
店
66
66
ronniehaang 7 months, 3 weeks ago
A security analyst would most likely use the tool "nmap" to fingerprint a web server. The command "nmap -p1-65535 192.168.0.10" will scan
the target IP address (192.168.0.10) for open ports, which can provide information about the web server software and operating system being
used. The tool nmap is commonly used for network exploration, security auditing, and finding open ports and services on a target system.
upvoted 1 times
Sandon 8 months ago
Selected Answer: A
ChatGPT says it's A
upvoted 3 times
P0wned 8 months, 2 weeks ago
Selected Answer: A
The security analyst will MOST likely use nmap -p1-65535 192.168.0.10 to fingerprint a web server.
nmap is a network exploration and security auditing tool that can be used to fingerprint a wide variety of network devices, including web servers.
The -p option tells nmap to scan only the specified ports (1-65535 in this case) rather than all ports. This command will give the analyst
information about the open ports and the services running on them.
dig is a command-line tool for querying DNS servers, it can give information about the DNS information but it doesn't fingerprint a web server.
Curl is a command-line tool for sending HTTP requests and it can give information about the HTTP headers, but it doesn't fingerprint a web server.
Ping is a command-line tool for testing whether a particular host is reachable across an IP network, it can give information about reachability but it
doesn't fingerprint a web server.
upvoted 4 times
bsComptia 8 months, 1 week ago
Agreed
A. nmap -pl-65535 192.168.0.10 is the most likely tool that a security analyst would use to fingerprint a web server. Nmap is a powerful tool for
network exploration, management, and security auditing, and can be used to fingerprint web servers to identify the operating system, services
running, and open ports.
Curl is a command-line tool for transferring data using various protocols, including HTTP. The `--head` option sends an HTTP request with the
`HEAD` method, which retrieves only the headers of the response, not the full response body. While this can provide some information about
the server, such as the server type, it is not as comprehensive as using a tool like nmap, which can provide more detailed information about the
server's operating system, services, and open ports.
Additionally, nmap can also be used to fingerprint the web server to identify the version of the web server software, and the available plugins,
which can be valuable information for identifying vulnerabilities and potential attack vectors.
upvoted 3 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
Lars87 1 year ago
Selected Answer: C
C 100%
upvoted 1 times
comeragh 1 year ago
sorry on review it seems C would be a better answer.
upvoted 1 times
varun0 1 year ago
Selected Answer: C
curl command shown outputs fingerprint which is type and version of web server.
upvoted 3 times
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
comeragh 1 year ago
Selected Answer: A
I would go with A here - NMAP
upvoted 3 times
KetReeb 1 year ago
the command syntax is not correct for nmap.
upvoted 6 times
lordguck 10 months, 4 weeks ago
The syntax is correct: map all port from 1-65535 on 192.168.0.10. C is correct as it is about a web server: Web server fingerprinting is the
task of identifying the type and version of web server that a target is running on.
upvoted 2 times
[Removed] 7 months, 4 weeks ago
店No, there is a typo in "nmap -pl-65535 x.x.x.x" command. If you replace letter "I" with店1 or omit it, then nmap will work as an active
铺
fingerprinting
type
; tool to scan all web server ports. "Curl --head" will provide OS web server铺
;if it's not behind a WAF.
学
学
upvoted 1 times
习
习
小
小
店
店
66
66
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #84
A penetration tester was able to compromise an internal server and is now trying to pivot the current session in a network lateral movement.
Which of the following tools, if available on the server, will provide the MOST useful information for the next assessment step?
A. Autopsy
B. Cuckoo
C. Memdump
D. Nmap
店
店
铺
Correct Answer: A
铺
;
;
学
Community vote distribution
习
学
习
小
D (92%)
店
66
stoneface
Highly Voted
小
店
4%
66
1 year ago
Selected Answer: D
Autopsy is a digital forensics analysis tool - maily targetted to hard drive analysis - not very helpful for the requeriments
Nmap would be the correct answer. we want to pivot to another devices on the NETWORK, so next step is to do reconnaisance, port scanning, etc
upvoted 30 times
Demilitarized_zone
Highly Voted
10 months, 4 weeks ago
WHY ARE THE ADMIN GIVING US WRONG ANSWERS PLEASE. THIS IS WICKED. COME ON
upvoted 26 times
NerdAlert 5 months, 4 weeks ago
so we dont get shut down! check discussions
upvoted 11 times
loccodennis 4 months ago
Is there a way to access non purchased comptia things anymore? all of the tests are gone for me
upvoted 1 times
will305 3 months, 3 weeks ago
as long as you're logged in you can google the pages. "exam name" examtopics
upvoted 1 times
Abbey2
Most Recent
2 weeks, 2 days ago
C. Memdump
Explanation:
In this scenario, the penetration tester has compromised an internal server and is attempting lateral movement within the network. To determine
the most useful information for the next assessment step, memory analysis can be critical. Memory analysis tools like "memdump" are used to
capture the content of a server's memory at a specific point in time. Analyzing this memory dump can reveal valuable information, including active
processes, running services, user credentials, and potential vulnerabilities.
upvoted 1 times
店
铺
malibi 3 weeks ago
;
学
店
铺
;
学
习
Autopsy. Autopsy® is a digital
小 forensics platform and graphical interface to The Sleuth Kit® and other digital习forensics
小 tools. It is used by law
店 examiners to investigate what happened on a computer.
店
enforcement, military, and corporate
6
66
6
upvoted 1 times
Selected Answer: A
ccnaexam28 1 month, 4 weeks ago
this was on my exam.
Took the exam 27/7/2023, i scored 840 and got 82 questions in total.
90%+ is from this site and I have no contributor access though I think it's also just luck on what set you'll get from their questions' pool. good
luck!
upvoted 7 times
AmesCB 1 month, 3 weeks ago
congratulations!
So what was the answer? or are you not allowed to say?
upvoted 2 times
Protract8593 2 months ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: D
Nmap is a versatile network scanning tool that can be used for various purposes, including network reconnaissance and discovering hosts and
services on a computer network. In the given scenario, the penetration tester has already compromised an internal server and is looking to pivot
and move laterally within the network. Running Nmap on the compromised server can provide valuable information about other hosts and
services within the network, helping the tester identify potential targets for further exploitation.
Nmap can reveal open ports, services, and operating systems on the target hosts, which can be useful for the penetration tester to plan their next
steps. By understanding the network topology and available services, the tester can identify additional attack vectors and potential vulnerabilities
to exploit for further lateral movement.
upvoted 2 times
LiteralGod 2 months, 1 week ago
Why would Nmap need to be available on the server ?
upvoted 1 times
ApplebeesWaiter1122 2 months, 3 weeks ago
店
铺
店
铺
;
Nmap (Network Mapper)
学 is a powerful network scanning tool that can be used for network exploration;and
学security auditing. It can help the
习information about the network, identify hosts, discover open ports, and detect services
习 running on those ports. With this
penetration tester gather
小
小their next steps.
information, the tester can assess the network's topology, identify potential targets for lateral movement, and plan
店
店
66
66
upvoted 1 times
Selected Answer: D
aw23 4 months, 2 weeks ago
If a penetration tester has already compromised a server and is attempting to move laterally through the network, the focus is more likely to be
on gaining access to additional systems and extracting information from the compromised system. Therefore, tools like Memdump, which can
provide information about the state of the system and active network connections, are more relevant in this context.
upvoted 2 times
Yawannawanka 5 months ago
If the goal is to pivot the current session in a network lateral movement, the most useful tool would be Nmap, as it can be used to scan the local
network for other vulnerable machines that can be targeted. So the correct answer is D.
upvoted 2 times
NerdAlert 5 months, 4 weeks ago
a memdump would be more helpful for identifying suspicious processes, but with nmap you can scan for what connections are opening on the
other machine and see if they are trying to make lateral movement (connecting to other machines) in an easier way
upvoted 3 times
monzie 5 months, 4 weeks ago
Selected Answer: C
C. Memdump. A memory dump (memdump) can provide a wealth of information about a system, including active processes, services, network
connections, open files, registry keys, and more. With this information, a penetration tester can identify additional targets to compromise and
pivot through the network. Autopsy is a forensics tool used to analyze disk images. Cuckoo is a malware sandboxing platform. Nmap is a network
scanning tool. While these tools can be useful for various tasks, they are not as helpful as a memdump for network lateral movement.
upvoted 2 times
hieptran 5 months, 3 weeks ago
No one use memdump for lateral movement when conducting a penetration test.
upvoted 1 times
NerdAlert 5 months, 4 weeks ago
a memdump would be more helpful for identifying suspicious processes, but with nmap you can scan for what connections are opening on the
other machine and see if they are trying to make lateral movement (connecting to other machines) in an easier way
upvoted 2 times
MasterControlProgram 6 months, 1 week ago
店
铺
店
铺
Selected Answer: D
;
;
If a penetration tester was able to compromise an internal server and is trying to pivot the current session in a network lateral movement, the most
useful tool, if available on the server, would be Nmap. This is because Nmap can be used to scan the network for additional targets and map out
the network topology, allowing the penetration tester to identify other potential targets for exploitation. Autopsy is a digital forensics tool used
for analyzing and recovering data from hard disks and other storage devices. Cuckoo is a sandbox tool used for analyzing malware behavior.
Memdump is a tool used for creating a memory dump of a system. While these tools may be useful in other phases of the assessment, they are
not specifically designed for lateral movement.
upvoted 3 times
学
学
习
习
小
店
66
小
店
66
liya0 6 months, 2 weeks ago
Can someone explain why the answer isn't memdump? i asked chatgpt and this is what it said "the question mentions that the penetration tester
has already compromised an internal server and is trying to pivot the current session in a network lateral movement. This suggests that the tester
has already gained access to one system within the network and is attempting to move laterally to other systems. In this scenario, the tester needs
to gather real-time information about the compromised server in order to identify other vulnerable systems within the network. Therefore,
Memdump would be the most useful tool for this purpose."
upvoted 2 times
xxxdolorxxx 8 months, 1 week ago
I vote for NMAP although I have no first hand experience with Autopsy.
upvoted 1 times
淘宝店铺:https://shop63989109.taobao.com/
mlonz 8 months, 1 week ago
"Which of the following tools, if available on the server " how come Nmap will be available on the server
upvoted 2 times
jhfdkjshfkjdsho 9 months, 1 week ago
Selected Answer: A
Network Lateral Movement, or what is more commonly referred to simply as, “Lateral Movement”, refers to the techniques cyber attackers, or
“threat actors”, use to progressively move through a network as they search for the key data and assets that are ultimately the target of their attack
campaigns. So, It is not mapping the network
upvoted 1 times
scarceanimal 7 months, 3 weeks ago
the question calls for what the next step is not the defintion of network lateral movement
upvoted 1 times
店
店
Sandon 8 months ago
铺
It's not A
铺
;
学
upvoted 3 times
;
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #85
Field workers in an organization are issued mobile phones on a daily basis. All the work is performed within one city, and the mobile phones are
not used for any purpose other than work. The organization does not want these phones used for personal purposes. The organization would
like to issue the phones to workers as permanent devices so the phones do not need to be reissued every day. Given the conditions described,
which of the following technologies would BEST meet these requirements?
A. Geofencing
B. Mobile device management
C. Containerization
店
店
铺
铺
D. Remote wiping
;
;
学
Correct Answer: B
学
习
习
小
B (92%)
Highly Voted
店
66
Community vote distribution
stoneface
小
店
66
8%
1 year ago
Selected Answer: B
MDM is the best solution here, Company wants to issue a COBO device therefore no containerization < - tailored to BYOD
Geofencing and remote wiping are capabilites that are provided by an MDM solution
upvoted 15 times
Protract8593
Most Recent
2 months ago
Selected Answer: B
MDM allows organizations to centrally manage and control mobile devices used by their employees, ensuring that they are configured and used
in accordance with the organization's policies. With MDM, the organization can set up and enforce strict configurations on the mobile phones
issued to field workers, ensuring they are used exclusively for work purposes and not for personal use.
MDM solutions offer features such as device enrollment, configuration management, application management, security policy enforcement, and
remote management capabilities. Through MDM, the organization can push work-related applications to the devices, restrict the installation of
unauthorized apps, enforce security policies, and remotely wipe devices if necessary.
upvoted 2 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: B
The technology that would best meet the described requirements is Mobile Device Management (MDM).
MDM enables organizations to manage and secure mobile devices, including smartphones, tablets, and other endpoints, from a central platform.
With MDM, the organization can enforce policies and restrictions on the mobile devices, ensuring that they are used only for work purposes and
preventing unauthorized access or use.
In this case, the organization can use MDM to configure the mobile phones issued to field workers in a way that limits their functionality to workrelated tasks only. The MDM solution can enforce restrictions such as disabling personal app installations, blocking access to non-work-related
websites or applications, and restricting certain device functionalities. Additionally, MDM provides capabilities for device tracking, monitoring,
and remote management.
upvoted 1 times
店
店
铺
铺
MorganB 4 months,
; 4 weeks ago
;
学
I just passed my exam 习
27 Apr 23. I must say that none of the questions here were on my exam. I think that学
this
is however a great study tool to use
习
but that’s about it. Trust me
this
Test
I
took
had
now
of
the
410
questions
on
my
exam.
But
I
can
say
that
reading
the discussions here truly helped
小
小
店
me pass my exam. Trust me if you are going to take this exam base off these questions your going to find it difficult店
to pass. Good luck to anyone
66 Study from other sources please. You live to thank me someday.
66
that is getting ready to take the exam.
upvoted 2 times
Samo1 6 months, 4 weeks ago
Selected Answer: C
C. Containerization would be the best technology to meet the requirements of the organization. Containerization allows work applications and
data to be separated from the personal applications and data on the phone. This enables the organization to issue the phones as permanent
devices, knowing that the personal use of the phones is not a concern. In addition, if an employee leaves the organization, the container can be
easily wiped from the phone without affecting the employee's personal data. Geofencing, Mobile device management, and Remote wiping are
not as relevant to this particular scenario.
upvoted 2 times
rueyb 5 months ago
they dont want it to be used for personal at all..
upvoted 1 times
Sir_Learnalot 10 months, 2 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: B
MDM will do the job
upvoted 1 times
grinop 11 months, 1 week ago
I agree that MDM is corrrect. Te question almost tricked me into selecting geofencing however MDM is best suited since geofencing would only
accomplish limiting loaction.
upvoted 3 times
scarceanimal 7 months, 3 weeks ago
yes, after all they can still use it for personal use within geofencing perimeters. mdm will prevent that
upvoted 1 times
Bob455 1 year ago
店
店
铺
铺
A. a MDM would be used if the org was concerned about the users using thr devices for other purposes but the questioons states they are not and
it gives a geohraphical clue with "users work in one city"
upvoted 1 times
;
;
学
学
习
习
小
小
店
redsidemanc2 1 year ago
店
66
66
MDM is best solution.
MDM provides the other 3 in one solution
upvoted 1 times
comeragh 1 year ago
Selected Answer: B
Agree with B - MDM as being correct answer here
upvoted 2 times
Boogie_79 1 year ago
Selected Answer: B
agreed
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #86
Which of the following control types is focused primarily on reducing risk before an incident occurs?
A. Preventive
B. Deterrent
C. Corrective
D. Detective
Correct Answer: A
店
店
铺
Community vote distribution
;
学 A (88%)
习
小
店
铺
;
学
习
12%
小
店
cozzmo
66
Highly Voted
66
1 year ago
Selected Answer: A
Yay.. finally one that makes sense!
upvoted 16 times
carpathia
1 year ago
Highly Voted
Selected Answer: A
"Preventive controls act before an event, preventing it from advancing". Deterrent - "acts to discourage the attacker by reducing the likelhood of
success from the perspective of the attacker".
upvoted 6 times
ScottT 1 year ago
https://www.sciencedirect.com/topics/computer-science/preventative-control
upvoted 1 times
Protract8593
2 months ago
Most Recent
Selected Answer: A
Preventive controls are security measures and practices that are put in place to reduce the likelihood of security incidents or breaches from
occurring. Their primary focus is on proactively reducing risk before any incident takes place. These controls aim to prevent potential threats and
vulnerabilities from being exploited.
Examples of preventive controls include firewalls, intrusion prevention systems (IPS), access controls, encryption, security awareness training,
security policies, and patch management. By implementing these measures, organizations aim to create a more secure environment and reduce
the chances of security incidents and data breaches.
upvoted 2 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: A
Preventive controls are implemented to proactively mitigate risks and prevent incidents from happening in the first place. These controls are
designed to minimize vulnerabilities, strengthen security measures, and establish safeguards to reduce the likelihood of security breaches or
incidents.
Examples of preventive controls include implementing strong access controls, enforcing strong passwords and authentication mechanisms,
conducting regular security awareness training for employees, performing security assessments and vulnerability scans, deploying firewalls and
intrusion prevention systems, and implementing secure coding practices.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
小
MasterControlProgram 6 months, 1 week ago
Selected Answer: A
店
66
习
小
店
66
A. Preventive control types are focused primarily on reducing risk before an incident occurs. They aim to prevent incidents from happening in the
first place. Examples of preventive controls include access controls, training and awareness programs, security policies and procedures, and regular
maintenance and updates of hardware and software systems.
upvoted 2 times
DALLASCOWBOYS 7 months, 3 weeks ago
A. Preventive controls stop a security issue before it occurs.
upvoted 1 times
[Removed] 8 months, 1 week ago
Selected Answer: A
Preventive—the control acts to eliminate or reduce the likelihood that an attack can
succeed. A preventative control operates BEFORE an attack can take place.
upvoted 1 times
淘宝店铺:https://shop63989109.taobao.com/
FMMIR 10 months ago
Selected Answer: A
preventive controls are controls intended to completely avoid an incident from being able to occur. Deterrent controls, alternatively, are intended
to discourage a bad actor from an unlawful activity that they had originally intended to perform.
upvoted 1 times
okay123 10 months, 2 weeks ago
Selected Answer: A
Deterrent controls reduce the likelihood of a deliberate attack. Preventative controls protect vulnerabilities and make an attack unsuccessful or
reduce its impact.
https://www.sciencedirect.com/topics/computer-science/deterrentcontrol#:~:text=Deterrent%20controls%20reduce%20the%20likelihood%20of%20a%20deliberate%20attack.&text=Preventative%20controls%20p
rotect%20vulnerabilities%20and,unsuccessful%20or%20reduce%20its%20impact.
店
店
So A ("reducing risk")
upvoted 1 times
铺
铺
;
;
学
学
习
Halaa 1 year ago
习
小
小
店
店
66
reducing risk before it happens--deterrent
Selected Answer: B
66
upvoted 4 times
Jakalan7 1 year ago
I can see where you are coming from, but they are asking what reduces risk - so the answer has to be A. Deterrents are " intended to discourage
someone from doing something", they don't actually prevent a risk though. For example, a fence is a deterrent, but people can still get a
ladder and climb over it, it does not reduce the risk.
upvoted 4 times
HCM1985 3 weeks, 4 days ago
I also think that it is Preventive. Because we can never forget that nothing is 100% safe, so even preventive techniques will not reduce the
risk to 0.
upvoted 1 times
[Removed] 7 months, 4 weeks ago
Question says it's "focused primarily on reducing". Preventive controls primarily function as preventive control not reducing.
upvoted 1 times
Libraboy 11 months, 1 week ago
A fence reduces the number of people that will be hoping to break in. in this case, a preventive measure would be an electric fence.
upvoted 4 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #87
A systems administrator reports degraded performance on a virtual server. The administrator increases the virtual memory allocation, which
improves conditions, but performance degrades again after a few days. The administrator runs an analysis tool and sees the following output:
==3214== timeAttend.exe analyzed
==3214== ERROR SUMMARY:
==3214== malloc/free: in use at exit: 4608 bytes in 18 blocks.
==3214== checked 82116 bytes
==3214== de nitely lost: 4608 bytes in 18 blocks.
The administrator terminates the timeAttend.exe, observes system performance over the next few days, and notices that the system performance
does not degrade. Which of the following issues is MOST likely occurring?
店
铺
;
A. DLL injection
店
铺
;
学
学
习
习
小
B. API attack
小
店
店
66
C. Buffer over ow
66
D. Memory leak
Correct Answer: D
Community vote distribution
D (100%)
stoneface
Highly Voted
1 year ago
Selected Answer: D
Definitely memory leak ' key sentence' -> The administrator increases the virtual memory allocation, which improves conditions, but performance
degrades again after a few days.
Memory leak occurs when programmers create a memory in heap and forget to delete it.
The consequences of memory leak is that it reduces the performance of the computer by reducing the amount of available memory. Eventually, in
the worst case, too much of the available memory may become allocated and all or part of the system or device stops working correctly, the
application fails, or the system slows down vastly .
upvoted 81 times
TheRoot9 4 months, 3 weeks ago
If the checked bytes were greater than 4608*18, would it be buffer overflow ?
upvoted 1 times
sujon_london 1 month, 2 weeks ago
Brilliant sighting! Good calculation @theroot9
upvoted 1 times
Gino_Slim 11 months ago
Stoneface will help you pass this everyone (lol)
upvoted 27 times
gladtam 6 months ago
店
I’m gonna have to treat stoneface when I pass this exam!
upvoted 2 times
铺
;
学
习
Most Recent
店
铺
;
学
习
1 month, 2 weeks ago
小
小
店
店
Selected Answer: D
66
66
I love these questions, answer is right in the question :) I bet we get at least 15 of those on the test, yeah? A+, AZ-900, SC-900, all of em seem to
Kraken84
follow the same scheming.
upvoted 1 times
Protract8593 2 months ago
Selected Answer: D
The output from the analysis tool indicates that there is a memory issue, specifically a memory leak. A memory leak occurs when a program fails to
release memory that is no longer needed, leading to the gradual consumption of memory over time. In this case, the timeAttend.exe process is
causing the memory leak, and terminating the process has resolved the performance degradation issue.
upvoted 2 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: D
A memory leak occurs when a program or process does not release memory resources properly after it is no longer needed. As a result, memory
consumption continues to increase over time, leading to degraded performance and potential system instability.
淘宝店铺:https://shop63989109.taobao.com/
In this case, the system administrator observed degraded performance on the virtual server, which improved temporarily after increasing the
virtual memory allocation. However, the performance degraded again after a few days. The output of the analysis tool indicates that there are
4608 bytes in 18 blocks of memory that are "definitely lost" at the time of exit.
By terminating the "timeAttend.exe" process and observing that the system performance does not degrade afterward, it suggests that the memory
leak issue was related to the "timeAttend.exe" process. Terminating the process would release the allocated memory, resolving the memory leak
and improving system performance.
upvoted 2 times
ronniehaang 7 months, 3 weeks ago
Selected Answer: D
The issue that is most likely occurring is a memory leak. A memory leak occurs when a program allocates memory dynamically, but does not free it
properly. Over time, this results in a gradual increase in memory usage, leading to degraded system performance and eventually to a crash. The
output from the analysis tool shows that timeAttend.exe is the cause of the memory leak, as it has 4608 bytes in 18 blocks of memory that are
definitely lost. Terminating the timeAttend.exe process and observing improved system performance confirms this diagnosis.
upvoted 2 times
店
店
铺
铺
;
;
学
学
jjhidalgo21 9 months, 3 weeks ago
习
WHO IS STONEFACE?
习
小
小
店
店
66
upvoted 3 times
66
bitezadusto 6 months ago
the GOAT
upvoted 3 times
MusaKeita 11 months, 1 week ago
memory leak
upvoted 1 times
MarciaL 11 months, 1 week ago
I think B. API attack
upvoted 1 times
Wanafresh 11 months, 3 weeks ago
Memory leaks are usually caused by failure to deallocate memory that has been allocated.
upvoted 2 times
cozzmo 1 year ago
Thank you Stoneface!
upvoted 3 times
comeragh 1 year ago
Well spotted stoneface. Agree with you on D for this one.
upvoted 3 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #88
An administrator is experiencing issues when trying to upload a support le to a vendor. A pop-up message reveals that a payment card number
was found in the le, and the le upload was blocked. Which of the following controls is most likely causing this issue and should be checked
FIRST?
A. DLP
B. Firewall rule
C. Content lter
D. MDM
店
店
铺
铺
E. Application allow list
;
;
学
学
习
习
小
小
店
Correct Answer: A
店
66
Community vote distribution
66
A (100%)
stoneface
Highly Voted
1 year ago
Selected Answer: A
DLP - Data Loss Prevention uses exact data matching or regex matching - in this case a regex rule for detecting credit card numbers could be in
place that is actively blocking the upload of the document Regex for detecting and Amex Card: ^3[47][0-9]{13}$
Source https://stackoverflow.com/questions/9315647/regex-credit-card-number-tests
upvoted 36 times
Protract8593
Most Recent
2 months ago
Selected Answer: A
The control that is most likely causing this issue and should be checked FIRST is Data Loss Prevention (DLP). Data Loss Prevention is designed to
prevent sensitive information, such as payment card numbers or personally identifiable information (PII), from being accidentally or maliciously
disclosed outside the organization.
upvoted 1 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: A
DLP is a security control that is designed to prevent sensitive or confidential information from being leaked, intentionally or unintentionally,
outside of the organization's network. It helps identify and block the transmission of sensitive data, such as payment card numbers, to
unauthorized recipients.
In this scenario, the pop-up message indicates that a payment card number was found in the file, and as a result, the file upload was blocked. This
behavior aligns with the functionality of a DLP control, which scans files or data being transferred and checks for the presence of specific patterns
or formats that match sensitive information.
upvoted 1 times
MorganB 4 months, 4 weeks ago
Just to exam. This was not on test.
upvoted 1 times
店
铺
店
铺
;
;
KingDrew 8 months,
学2 weeks ago
学
习
习
Selected Answer: A
小
小
店
店
DLP keeps sensitive data such as 6
PHI, PII, and PCI-DSS secure from escaping the network or being leaked.
66
6
upvoted 3 times
learnNcurve 9 months, 4 weeks ago
Selected Answer: A
A data loss prevention (DLP) device can reduce the risk of employees emailing confidential information outside the organization
upvoted 1 times
comeragh 1 year ago
Selected Answer: A
Agree with DLP being the correct answer here
upvoted 2 times
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #89
Which of the following risk management strategies would an organization use to maintain a legacy system with known risks for operational
purposes?
A. Acceptance
B. Transference
C. Avoidance
D. Mitigation
店
店
铺
Correct Answer: A
铺
;
;
学
Community vote distribution
习
习
小
店
A (63%)
stoneface
学
66
Highly Voted
小
店
D (37%)
66
1 year ago
Selected Answer: A
Accepting risk, or risk acceptance, occurs when a business or individual acknowledges that the potential loss from a risk is not great enough to
warrant spending money to avoid it.
upvoted 54 times
Gino_Slim 11 months ago
In stoneface we trust
upvoted 22 times
Confuzed
5 months, 2 weeks ago
Highly Voted
Selected Answer: D
Per the CompTIA official study guide:
"By definition, legacy platforms are unpatchable. Such systems are highly likely to be vulnerable to exploits and must be protected by security
controls other than patching, such as isolating them to networks that an attacker cannot physically connect to."
"Risk acceptance (or tolerance) means that no countermeasures are put in place either because the level of risk does not justify the cost or because
there will be unavoidable delay before the countermeasures are deployed."
So Risk acceptance would be counter to what CompTIA says MUST be done with legacy systems.
"Risk mitigation (or remediation) is the overall process of reducing exposure to or the effects of risk factors. If you deploy a countermeasure that
reduces exposure to a threat or vulnerability that is risk deterrence (or reduction). Risk reduction refers to controls that can either make a risk
incident less likely or less costly (or perhaps both)."
That is what CompTIA says MUST be done on a legacy system... reduce risk. So the answer is risk mitigation.
upvoted 12 times
J0EL
4 days, 15 hours ago
Most Recent
Selected Answer: D
D. Mitigation.
The organization would use the risk management strategy of mitigation to maintain a legacy system with known risks for operational purposes.
Mitigation strategies are used to reduce the potential impact of risks or likelihood of occurrence. For a legacy system, mitigation measures may
include regular maintenance and patching, limiting who has access to the system, and monitoring the system for any signs of compromise.
Acceptance involves acknowledging the risks associated with the system but choosing to use it anyway without taking any additional action to
reduce the risk. Transference involves transferring the risk to a third party through insurance or outsourcing, while avoidance involves avoiding the
use of the system altogether.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
TreeeSon 5 days, 16 hours ago
Selected Answer: A
I will go with A seeing as how legacy systems have more limitations/ vulnerabilities that cannot be completely eliminated
upvoted 1 times
RogerW 2 weeks, 6 days ago
The answer is A.
The key word is maintain. I thought it implied fixing. I was wrong. It means "
: to keep in an existing state (as of repair, efficiency, or validity) : preserve from failure or decline". In other words, keep it running without making
changes.
upvoted 1 times
Protract8593 2 months ago
Selected Answer: A
淘宝店铺:https://shop63989109.taobao.com/
Acceptance involves acknowledging the risks associated
with a particular system or activity but deciding to continue with it despite those risks.
This is often done when the cost of mitigating the risks or replacing the system outweighs the potential impact of the risks.
upvoted 1 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: A
Acceptance is a risk management strategy where the organization acknowledges the existence of a risk but consciously decides to tolerate or
accept it. This means that the organization is aware of the risks associated with the legacy system but chooses to continue using it despite those
risks. This decision is usually based on factors such as cost, feasibility of alternatives, business requirements, and the understanding that the risks
can be managed within acceptable levels.
upvoted 1 times
clean_it_up_janny 4 months, 4 weeks ago
Selected Answer: D
Maintain keyword
upvoted 3 times
店
铺
店
铺
;
;
ffsilveira10 5 months,
学 1 week ago
学
习
习
Selected Answer: D
小
小
店
店 the risk.
I would go with D (mitigation)... when
66 you have a legacy system you need to put mitigation control in place to minimize
66
upvoted 3 times
ankiuser 5 months, 3 weeks ago
D. Chatgpt3.5: In some cases, the risk management strategy of mitigation may be more appropriate than acceptance, especially if the risks
associated with a legacy system are significant or could have severe consequences. Mitigation involves taking actions to reduce the likelihood or
impact of a risk, which could include implementing additional security controls, performing regular vulnerability assessments, and conducting
regular security awareness training for users.
upvoted 1 times
cutemantoes 6 months, 1 week ago
Selected Answer: D
It says to maintain the legacy system. Meaning to mitigate the risk. Answer is D. If it was acceptance, its knowing that theres a risk and doing
nothing about it and continue on about your day.
upvoted 4 times
Omi0204 6 months, 1 week ago
Selected Answer: D
Despite their operational value to organizations, a legacy system can pose a major security threat because they are outdated technology that is no
longer updated, supported or maintained by their vendor or manufacturer.
Organizations using legacy systems tend to give limited access to these systems and operate them with the phrase “out of sight, out of mind”
being central. This almost perfect storm of security issues — no updates, no support and not being watched closely, has placed legacy systems
and legacy software at the heart of security breaches.
So are you still going to accept the known risk(breach, hack, attack) or try to put mitigation (limited access).
Answer is D.
upvoted 3 times
geekneek 7 months, 1 week ago
Selected Answer: A
Acceptance is a risk management strategy in which an organization accepts the risks associated with a particular activity, process, or system. This
strategy is typically used when the cost of reducing the risk is too high, or the risk is considered acceptable to the organization. In the case of a
legacy system with known risks that needs to be maintained for operational purposes, the organization may determine that the cost of upgrading
or replacing the system is too high, or that the system is critical to their operations and the risks associated with it are acceptable.
upvoted 1 times
店
铺
[Removed] 7;
months,
学 2 weeks ago
习 and DALLASCOWBOYS gonna make us pass.
I'm just here to say stoneface
小
upvoted 5 times
店
66
gladtam 6 months ago
店
铺
;
学
习
小
店
66
Hahaha same my friend. Same
upvoted 2 times
scarceanimal 7 months, 3 weeks ago
Selected Answer: D
question asks what they'd use to *maintain*. They're accepting residual risk with the fact that they're using a legacy system, but they intend to
actually use it and maintain it for operational purposes. Mitigation and acceptance of the residual risk is the right call here.
upvoted 1 times
DALLASCOWBOYS 7 months, 3 weeks ago
A. Acceptance. The organization has chosen to accept the risk because the risk is known.
upvoted 1 times
[Removed] 8 months, 1 week ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: A
Risk acceptance (or tolerance) means that no countermeasures are put in place either
because the level of risk does not justify the cost or because there will be unavoidable
delay before the countermeasures are deployed. In this case, you should continue to
monitor the risk (as opposed to ignoring it).
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #90
Which of the following is the BEST action to foster a consistent and auditable incident response process?
A. Incent new hires to constantly update the document with external knowledge.
B. Publish the document in a central repository that is easily accessible to the organization.
C. Restrict eligibility to comment on the process to subject matter experts of each IT silo.
D. Rotate CIRT members to foster a shared responsibility model in the organization.
Correct Answer: D
店
店
铺
Community vote distribution
;
学
B (73%)
习
小
铺
;
学
习
D (27%)
小
店
店
G4ct756
66
Highly Voted
66
11 months, 1 week ago
Selected Answer: B
I think is B, because there are 2 requirements " Consistent & Auditable".
D, will foster consistent IR process, but not auditable.
B, will ensure consistency in understanding in IR process & document is auditable.
upvoted 18 times
sterfryy
Highly Voted
9 months, 2 weeks ago
The best action to foster a consistent and auditable incident response process is to publish the document in a central repository that is easily
accessible to the organization. This will ensure that all members of the organization have access to the latest version of the document and can
refer to it easily in the event of an incident. It will also enable the organization to track changes to the document over time, helping to ensure that
the incident response process remains up to date and effective.
upvoted 9 times
Protract8593
Most Recent
2 months ago
Selected Answer: B
By publishing the incident response document in a central repository that is easily accessible to the organization, all stakeholders, including team
members, management, and relevant personnel, can have access to the latest version of the document. This ensures that everyone is on the same
page and follows a consistent incident response process. Having a centralized repository also facilitates version control, making it easier to audit
and track changes to the document over time.
Option D, rotating CIRT members to foster a shared responsibility model, can be a good practice to promote knowledge sharing and avoid
overreliance on specific individuals. However, it might not directly address the need for a consistent and auditable incident response process.
upvoted 3 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: B
Publishing the incident response document in a central repository that is easily accessible to the organization ensures that all relevant stakeholders
have access to the latest version of the document. This promotes consistency in the incident response process as everyone is working from the
same set of guidelines and procedures.
upvoted 2 times
Dan_26 4 months ago
D. We have a centralized repository and thinking that'll create consistency? Don't make me laugh! No, create a team (smallish) and make them do
it to tightly-defined parameters.
upvoted 2 times
店
铺
;
店
铺
;
学
学
Yawannawanka 5 months
习 ago
习
小
小 repository that is easily
The BEST action to foster a consistent
and auditable incident response process is to publish the document in a central
店
店
accessible to the organization. By6making the document easily accessible, all employees can access the document and understand
the incident
66
6
response process, ensuring consistency in the incident response process. Additionally, having a central repository makes it easier to audit the
incident response process to ensure compliance with policies and regulations.
upvoted 1 times
MasterControlProgram 6 months ago
Selected Answer: B
B. Publish the document in a central repository that is easily accessible to the organization is the BEST action to foster a consistent and auditable
incident response process.
upvoted 2 times
MasterControlProgram 6 months, 1 week ago
Selected Answer: B
B. Publish the document in a central repository that is easily accessible to the organization would be the BEST action to foster a consistent and
auditable incident response process. By publishing the document in a central repository that is easily accessible to the organization, all members
of the organization will have access to the incident response process and will be able to refer to it as needed. This will help ensure that the
淘宝店铺:https://shop63989109.taobao.com/
process is consistent and that all incidents are handled
in the same way. Additionally, by making the process easily accessible, it will be easier to
audit and ensure that it is being followed properly.
upvoted 2 times
seagnull 7 months, 1 week ago
Selected Answer: B
i work as a CIRT and document is a must-have so that your company's future CIRTs will process any future incidents the same as we are doing
today. Consistency is the key + you can audit your new resources using the document.
upvoted 4 times
sarah2023 7 months, 3 weeks ago
Selected Answer: D
It´s clearly stated in the materials provided that the answer is D
upvoted 1 times
店
店
铺
铺
Maybe quote
;the materials you're looking at and/or provide a reference.
;
学
学
upvoted 9 times
习
习
小
小
店3 weeks ago
店
DALLASCOWBOYS 7 months,
6
6 response is to publish the SOP where everyone can view the procedures. Now that66doesn't mean that
B. The only way to foster a consistent
TinyTrexArmz 7 months, 3 weeks ago
everyone will follow the procedures competently. It is the BEST answer of the choices given.
upvoted 3 times
Sandon 8 months ago
ChatGPT says it's B
upvoted 3 times
[Removed] 8 months, 1 week ago
Selected Answer: B
knowledge base or documentation for a consistent and auditable incident response process.
upvoted 2 times
RvR109 8 months, 1 week ago
Selected Answer: B
According to ChatGPT:
B. Publish the document in a central repository that is easily accessible to the organization.
Making the incident response process document easily accessible to the entire organization is the best way to foster a consistent and auditable
incident response process. This ensures that everyone in the organization is aware of the process and is able to refer to it when needed. It also
allows for easy updates and revisions to be made as needed, and for the document to be readily available for audits.
Option A is not the best option as it could lead to a lack of consistency and understanding of the incident response process among new hires.
Option C is not the best option as it could lead to siloed knowledge and inefficiency in incident response.
Option D is not the best option as it does not ensure that everyone in the organization is aware of the incident response process and could lead
to lack of consistency."
upvoted 5 times
asum 8 months, 1 week ago
Selected Answer: D
Incident response will typically require
24/7 availability, which will be expensive to provide. It is also worth considering that
members of the CIRT should be rotated periodically to preclude the possibility of
infiltration
upvoted 2 times
店
铺
店
铺
;
;
scarceanimal学
7 months, 3 weeks ago
习auditable since only those members will be knowledgeable of the process 学习
inconsistent and not
小
小
upvoted 1 times
店
店
66
66
KingDrew 8 months, 2 weeks ago
Selected Answer: B
Answer is B, because despite users there will always be that same documentation to follow.
upvoted 2 times
LaoX 8 months, 3 weeks ago
Selected Answer: B
I am voting B because we need to address the "consistent and auditable" process. At the Point of writing this, Options B and D have 50% votes.
Wow!
upvoted 4 times
淘宝店铺:https://shop63989109.taobao.com/
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #91
During a recent penetration test, the tester discovers large amounts of data were ex ltrated over the course of 12 months via the internet. The
penetration tester stops the test to inform the client of the ndings. Which of the following should be the client's NEXT step to mitigate the
issue?
A. Conduct a full vulnerability scan to identify possible vulnerabilities.
B. Perform containment on the critical servers and resources.
C. Review the rewall and identify the source of the active connection.
D. Disconnect the entire infrastructure from the internet.
店
店
铺
铺
;
;
学
Correct Answer: B
学
习
小
店
Community vote distribution
66
B (92%)
stoneface
习
小
Highly Voted
店
66
5%
1 year ago
Selected Answer: B
Perform containment on the critical servers and resources -> Isolation or containment is the first thing to do after an incident has been discovered
upvoted 32 times
[Removed]
Highly Voted
9 months, 4 weeks ago
Selected Answer: B
If we follow Incident Response Process:
1) Preparation - hardening
2) Identification - detection
3) Containment :)
4) Eradication
5) Recovery
6) Lesson Learned
So it has to be CONTAINMENT :)
upvoted 15 times
freyprey
1 week, 3 days ago
Most Recent
Selected Answer: A
here is a quote from CompTIA study guide. The most recent :
,, Platform as a Service
Platform as a service (PaaS) provides resources somewhere between SaaS and IaaS.
A typical PaaS solution would provide servers and storage network infrastructure
(as per IaaS) but also provide a multi-tier web application/database platform on top.
This platform could be based on Oracle or MS SQL or PHP and MySQL. Examples
include Oracle Database (oracle.com/database), Microsoft Azure SQL Database (azure.
microsoft.com/services/sql-database), and Google App Engine (cloud.google.com/
appengine).
As distinct from SaaS though, this platform would not be configured to actually
do anything. Your own developers would have to create the software (the CRM or
e-commerce application) that runs using the platform. The service provider would
be responsible for the integrity and availability of the platform components, but you
would be responsible for the security of the application you created on the platform. "
SO reading this i think this debate is closed. The answer is SaaS although in practice things are a little more different.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
BigIshai 1 month, 3 weeks ago
Selected Answer: B
66
小
店
66
I agree on containment because the pen tester already must have conducted a vulnerability assessment and in the course of pen testing would
have the details- (identification) of what system the exfiltrated data is from hence the next step is to contain.
upvoted 1 times
Protract8593 2 months ago
Selected Answer: B
When the penetration tester discovers data exfiltration, the immediate concern should be to prevent further damage and limit the attacker's
access. By performing containment on critical servers and resources, the client can isolate the affected systems from the rest of the network,
preventing further data exfiltration and minimizing the impact of the breach.
upvoted 1 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: B
淘宝店铺:https://shop63989109.taobao.com/
Performing containment involves isolating or segregating
the affected servers and resources to prevent further unauthorized access or data
exfiltration. This can be done by disconnecting the compromised systems from the network, disabling their access to sensitive data or critical
resources, or implementing network segmentation to isolate the affected parts of the infrastructure.
Containment is a crucial step to prevent the ongoing exfiltration and minimize the potential impact of the breach. By limiting the attacker's ability
to access or extract sensitive information, the organization can mitigate the risk of further data loss or damage.
upvoted 1 times
Nippilous 6 months ago
Selected Answer: B
https://www.sciencedirect.com/topics/computer-science/containment-strategy
upvoted 2 times
MasterControlProgram 6 months ago
Selected Answer: B
店
店
B. Perform containment on the critical servers and resources should be the client's NEXT step to mitigate the issue.
upvoted 2 times
铺
铺
;
;
学
学
习
习
[Removed] 9 months, 4 weeks ago
小 Process:
If we follow Incident Response
店
66
1) Preparation - hardening
小
店
66
2) Identification - detection
3) Containment :)
4) Eradication
5) Recovery
6) Lesson Learned
So it has to be CONTAINMENT :)
upvoted 3 times
Sarooor 10 months, 1 week ago
Selected Answer: B
Perform containment on the critical servers and resources -> Isolation or containment is the first
thing to do after an incident has been discovered.
upvoted 2 times
Tjank 12 months ago
Selected Answer: C
following the Incident Response process:
Preparation, Identification (detection), Containment, Eradication, Recovery, Post-Incident.
Pen Tester would be the Preparation phase ( constantly new vulnerabilities)
Identification is needed to know which systems are affected and the extend of the containment needed.
Containment is next. you use what you have identified to know if you need to segment, isolate, or even shutdown completely.
upvoted 3 times
Tafari 12 months ago
Selected Answer: A
He stopped so he needs to finish so all vulnerable systems are contained
upvoted 1 times
i_bird 12 months ago
read the question well..
it's the client that is the subject of the question, not the pen tester, and its asking for MITIGATION steps
upvoted 2 times
sujon_london 1 month, 2 weeks ago
店
铺
店
铺
I assume u got mistaken abt pentester doing test on behalf of client; so client perspective should tk initiative for containment.
upvoted 1 times
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #92
A security analyst is designing the appropriate controls to limit unauthorized access to a physical site. The analyst has a directive to utilize the
lowest possible budget. Which of the following would BEST meet the requirements?
A. Preventive controls
B. Compensating controls
C. Deterrent controls
D. Detective controls
店
店
铺
Correct Answer: D
铺
;
;
学
Community vote distribution
习
小C (96%)
店
66
stoneface
Highly Voted
学
习
小
店
2%
66
1 year ago
Selected Answer: C
This is a confusing one - > Without thinking too much, deterrent controls seems to be less expensive
I hear you ....
upvoted 48 times
kingsAffection 1 year ago
indeed a confusing one. but I agree deterrence will only use minimum controls to deter action.
upvoted 2 times
housecoatjapan 6 months ago
I believe the keyword is a "physical site"
upvoted 1 times
banditring
Highly Voted
11 months, 3 weeks ago
Selected Answer: C
a piece of paper with a crayon that says 'STAY OUT OF HERE" is the cheapest method if you ask me
upvoted 44 times
sandra001 8 months ago
as funny as this sounds, yea it is the cheapest
upvoted 6 times
DALLASCOWBOYS 7 months, 3 weeks ago
LOL good one.
upvoted 2 times
Gino_Slim 11 months ago
This is the answer. Well for me at least. I wouldn't suggest you do this on the exam.
upvoted 4 times
店
Protract8593
2 months ago
Most Recent
铺
Selected Answer: C
;
店
铺
;
学
学
Deterrent controls are measures designed to discourage potential attackers or unauthorized individuals from attempting to gain access to a
physical site. These controls are often cost-effective and can be a more budget-friendly option compared to other control types.
习
习
小
店
66
小
店
66
Examples of deterrent controls include visible security cameras, warning signs, access control badges, security guards, and physical barriers like
fences or gates. While deterrent controls may not physically prevent access, their presence can deter or discourage unauthorized individuals from
attempting to breach the site.
upvoted 2 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: C
Deterrent controls are designed to discourage potential intruders or unauthorized individuals from attempting to gain access to a physical site.
They focus on creating a perception of risk or increasing the effort required for unauthorized access. Deterrent controls are typically cost-effective
and can be effective in preventing or reducing security incidents.
upvoted 2 times
twingods77 4 months ago
God, who wrote these kinds of questions?
upvoted 3 times
Confuzed 5 months, 2 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: A
Its impossible to say if deterrent or preventative controls would be cheaper. If a site has a single door, it may be cheaper to put a lock on, than to
post signs.
However the question said the control must LIMIT unauthorized access. Limit in this context is synonymous with restrict. While deterrents may
reduce incidents of unauthorized access... they do nothing to actually limit/restrict it.
upvoted 2 times
fouserd 5 months, 2 weeks ago
Selected Answer: C
The best option for the security analyst to utilize the lowest possible budget would be deterrent controls. Deterrent controls are designed to
discourage potential attackers from attempting to gain unauthorized access to a physical site. This can be achieved through the use of signs,
fencing, and other physical barriers that make it clear that the site is protected and that unauthorized access is not permitted. This can be an
effective way to prevent unauthorized access without requiring significant investment in more expensive security measures.
upvoted 1 times
店
店
铺
铺
; ago
Invade 6 months 学
;
学
习
习
小
小
店
店
Compensating controls are used 6
when the preferred control is not viable for one reason or the other. I think everyone is6misinterpreting this... lol.
6 its cheap
6
You cant just put poster banners cause
Selected Answer: B
upvoted 2 times
bitezadusto 6 months ago
Selected Answer: C
think of it as having a sign in front of your house saying "we have security cameras installed by SecurityCameras Inc"
upvoted 1 times
rob_cherrywood 6 months, 3 weeks ago
Selected Answer: C
It's c
upvoted 1 times
MacheenZero 7 months ago
Deterrent - Sign that reads ~stupid ass CompTIA questions inside, stay out~
upvoted 6 times
gladtam 6 months ago
Hahaha good one
upvoted 1 times
CTE_Instructor 6 months, 3 weeks ago
That would deter me, for sure
upvoted 1 times
DALLASCOWBOYS 7 months, 3 weeks ago
C. Deterrent controls would be the least expensive option. Examples would include signage, not monitored CCTV cameras. It does not prevent,
but it may deter an attacker from taking action.
upvoted 3 times
[Removed] 8 months, 1 week ago
Selected Answer: C
deterrent control A type of security
control that discourages intrusion
attempts.
upvoted 1 times
店
铺
;
学
习
小
NovaWarrior 9 months, 1 week ago
Selected Answer: C
店
66
店
铺
;
学
习
小
店
66
To meet the requirement of utilizing the lowest possible budget, the security analyst should consider using deterrent controls.
Deterrent controls are security measures that are designed to discourage potential attackers from attempting to gain unauthorized access to a site.
These controls typically involve visible measures such as signage, fencing, and security guards, and are intended to make it clear to potential
attackers that unauthorized access will not be tolerated. Deterrent controls are often less expensive than other types of controls, such as
preventive or detective controls, and can be an effective way to limit unauthorized access without breaking the budget.
upvoted 4 times
Korokokokokoko 10 months, 1 week ago
Selected Answer: C
According to CompTIA handbooks
Deterrent—the control may not physically or logically prevent access, but psychologically discourages an attacker from attempting an intrusion.
This could include signs and warnings of legal penalties against trespass or intrusion. So this is the loweset possible budget. Also the question
specify to limit unauthorized access, not prevent it entirely.
Using Preventive controls will eliminate or reduce淘宝店铺:https://shop63989109.taobao.com/
unauthorized access but not the lowest on these categories while detective controls doesn't
deter or prevent access but will identify and record any attempt or successful intrusion.
upvoted 3 times
Tomtom11 11 months, 2 weeks ago
Selected Answer: D
A detective control is one that facilitates the detection of a physical security
breach. Detective controls act during an event, alerting operators to specific
conditions. Alarms are common examples of detective controls. An IDS is
an example of an IT security alarm that detects intrusions.
upvoted 1 times
Sklark 11 months ago
Detective controls don't prevent acc4ess to a physical site. There's not information on operators being present 24/7 and not every facility has
that. I'd be careful about reading into the question to make such assumptions on the circumstance.
upvoted 1 times
店
店
铺
;
铺
;
andrizo 11 months, 2 weeks ago
学
学
习
习
Does not sound cost-effective. I would go with preventive as secondary before detective.
upvoted 2 times
小
小
店
店
66
comeragh 12 months ago
66
Selected Answer: C
I would go with C here also. Example: video surveillance which would be cheaper option.
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #93
A company is looking to migrate some servers to the cloud to minimize its technology footprint. The company has 100 databases that are on
premises. Which of the following solutions will require the LEAST management and support from the company?
A. SaaS
B. IaaS
C. PaaS
D. SDN
店
店
铺
Correct Answer: A
铺
;
;
学
Community vote distribution
习
A (66%)
Hewn
Highly Voted
学
习
小
店
66
C (32%)
小
店
66
1 year ago
Selected Answer: A
I think this is one of those questions where real-life experience doesn't answer the question correctly here. The question seems to be focusing
more on which form of cloud computing requires the LEAST amount of management (SaaS) with the database part of the question being filler.
upvoted 40 times
[Removed] 1 year ago
Honestly I think you're right. PaaS requires management and resource allocation, and SaaS (database software for instance) wouldn't require
nearly as much.
upvoted 6 times
db97 12 months ago
I agree, real-life experience says "PaaS" but theory says "SaaS" lol
upvoted 5 times
YusufMadkour
Highly Voted
1 year ago
Selected Answer: C
If they have 100 databases they need to migrate, then they will need a Platform. I don't see how the SaaS model can help with migrating
databases to the cloud.
upvoted 24 times
stoneface 1 year ago
I concur with this - an example of a Database service offered as a PaaS model is Azure SQL Database, is a fully managed platform as a service
(PaaS. PaaS capabilities built into Azure SQL Database enable you to focus on the domain-specific database administration and optimization
activities that are critical for your business.
https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-database-paas-overview?view=azuresql
upvoted 17 times
scarceanimal 7 months, 3 weeks ago
they need to migrate the servers. the database part is there to deter you. The question also calls for the least management which Saas answers
for.
upvoted 3 times
店
店
铺
铺
Recent 2 days, 15 hours ago
Kurt43 Most ;
;
学
学and servers to the cloud.
if you check out the definition of SaaS, I dont really know how that is an answer in migrating 100 databases
习
习
upvoted 1 times
小
小
店
店
6
66
6
freyprey 1 week, 3 days ago
Selected Answer: A
here is a quote from CompTIA study guide. The most recent :
,, Platform as a Service
Platform as a service (PaaS) provides resources somewhere between SaaS and IaaS.
A typical PaaS solution would provide servers and storage network infrastructure
(as per IaaS) but also provide a multi-tier web application/database platform on top.
This platform could be based on Oracle or MS SQL or PHP and MySQL. Examples
include Oracle Database (oracle.com/database), Microsoft Azure SQL Database (azure.
microsoft.com/services/sql-database), and Google App Engine (cloud.google.com/
appengine).
As distinct from SaaS though, this platform would not be configured to actually
do anything. Your own developers would have to create the software (the CRM or
e-commerce application) that runs using the platform. The service provider would
be responsible for the integrity and availability of the platform components, but you
淘宝店铺:https://shop63989109.taobao.com/
would be responsible for the security of the application
you created on the platform. "
SO reading this i think this debate is closed. The answer is SaaS although in practice things are a little more different.
upvoted 1 times
Abdul2107 4 weeks ago
Selected Answer: C
PaaS
It's Platform, as you need to bring your database (install it on the cloud), it's not mentioned that you use some 3rd party ready DB.
upvoted 1 times
sujon_london 1 month, 2 weeks ago
Selected Answer: A
It’s a SaaS not PaaS
upvoted 1 times
店
店
铺
铺 management' is added.
From a purely theoretical
standpoint, SaaS is the answer. plus the fact that the phrase 'least amount of;
;
学
学
:)
习
习
upvoted 1 times
小
小
店
店
6
66
Protract8593 2 months ago
6
AmesCB 1 month, 3 weeks ago
Selected Answer: A
SaaS is a cloud computing model where the cloud provider hosts applications and makes them available to users over the internet. In this model,
the cloud provider takes care of managing the infrastructure, middleware, software, and data, allowing the company to focus solely on using the
applications without worrying about the underlying maintenance and management.
In the case of migrating databases to the cloud using SaaS, the company would not have to deal with database server administration, patching,
backups, or other maintenance tasks. The cloud provider handles all of these aspects, making it the option that requires the least management and
support from the company.
upvoted 4 times
sujon_london 1 month, 2 weeks ago
Agreed to the point. Another justifying point is where PaaS and SaaS both available in the options SaaS should be selected as SaaS is niche
option for migrating data bases into to the SaaS as a computer model.
upvoted 1 times
LeonardSnart 4 months, 1 week ago
Selected Answer: C
From this excerpt it sounds to me like PaaS would be correct
"Platform as a service (PaaS) offers a business a computing platform—such as a Web application server or database server, for example—that it
can use to provide services both internally and to customers on the Internet. Many online storefronts use this model to conduct business, rather
than hosting on their own premises the physical servers, Web sites, databases, and applications. Again, the advantages of using this type of service
are cost savings, no requirement to build and maintain the infrastructure on site, and the guarantee of around-the-clock availability—plus, the PaaS
provider takes care of the patching and configuration work."
-Mike Meyers Security+ Cert Guide SY0-601
upvoted 2 times
Yawannawanka 5 months ago
Option A (SaaS) and C (PaaS) will require the least management and support from the company. SaaS (Software as a Service) solutions are fully
managed by the cloud provider, while PaaS (Platform as a Service) solutions provide a platform on which the company can deploy their
applications, but the cloud provider manages the underlying infrastructure. Option B (IaaS) provides the company with more control over the
infrastructure but will require more management and support from the company, including patching, updates, and security management. Option
D (SDN) is a networking technology and not relevant to the question. Therefore, the BEST option for the company to require the LEAST
management and support is either SaaS or PaaS.
upvoted 1 times
店
Exlr8me 铺
5 months, 3 weeks ago
;
学
Selected Answer: A
习
小 SaaS
it has to be A since PaaS follows
店
upvoted 2 times
66
店
铺
;
学
习
小
店
66
sujon_london 1 month, 2 weeks ago
Here PaaS is the base but SaaS is the answer
upvoted 1 times
MasterControlProgram 6 months ago
Selected Answer: A
A. SaaS will require the LEAST management and support from the company.
SaaS (Software-as-a-Service) is a cloud computing model in which a third-party provider hosts applications and makes them available to
customers over the internet. With SaaS, the third-party provider is responsible for managing and maintaining the infrastructure, platform, and
software, which means that the company does not need to manage or support any of the underlying technology.
upvoted 2 times
Drealjesusfreak 6 months, 2 weeks ago
I changed my answer because i got confused last minute. i chose Paas but i think its Saas.
淘宝店铺:https://shop63989109.taobao.com/
upvoted 1 times
geekneek 6 months, 3 weeks ago
Selected Answer: A
The solution that will require the least management and support from the company to migrate 100 databases from on-premises to the cloud is A.
SaaS, specifically by using a managed database service like Amazon RDS, Microsoft Azure SQL Database, or Google Cloud SQL. This is because the
cloud provider manages the underlying infrastructure, minimizing management and support required by the company.
upvoted 3 times
TinyTrexArmz 7 months, 3 weeks ago
Selected Answer: A
There is not enough information provided to make an informed decision or even a good start of a project plan. Given the details of "some
servers," "100 databases on-prem," and "least maintenance," I'm going to say SaaS. But technically, you can't migrate a server to SaaS. You move an
application to SaaS. If you just want to lift and shift an on-prem server to "the cloud," then you'd be using IaaS. But I'm still going with SaaS on this
very poorly written question.
upvoted 1 times
店
店
铺
铺
;
;
TinyTrexArmz
学7 months, 3 weeks ago
学
习
习 here.
Also, surely this isn't on小
the SY0-601 test, right?? This is a cloud architecture question. Nothing to do with Security
小
店
店
upvoted 1 times
66
66
CTE_Instructor 6 months, 3 weeks ago
Security+ 601 Objective 2.2 Summarize virtualization and cloud computing concepts
Cloud models
- Infrastructure as a service (IaaS)
- Platform as a service (PaaS)
- Software as a service (SaaS)
- Anything as a service (XaaS)
- Public
- Community
- Private
- Hybrid
upvoted 4 times
mhmtn 7 months, 3 weeks ago
Selected Answer: A
SaaS (sometimes called cloud application services) is cloud-hosted, ready-to-use application software. Users pay a monthly or annual fee to use a
complete application from within a web browser, desktop client or mobile app. The application and all of the infrastructure required to deliver it
- servers, storage, networking, middleware, application software, data storage - are hosted and managed by the SaaS vendor.
upvoted 3 times
DALLASCOWBOYS 7 months, 3 weeks ago
C. Platform as a service. The CSP provider builds and manages the infrastructure, and offers customers an execution environment. PaaS includes
multiple infrastructure components including servers, networking equipment, operating systems, storage services, middleware and databases.
upvoted 3 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #94
Which of the following employee roles is responsible for protecting an organization's collected personal information?
A. CTO
B. DPO
C. CEO
D. DBA
Correct Answer: B
店
店
铺
Community vote distribution
;
学
习
铺
;
学
习
B (100%)
小
小
店
stoneface
店
66
Highly Voted
66
1 year ago
Selected Answer: B
A data protection officer (DPO) is an enterprise security leadership role required by the General Data Protection Regulation (GDPR). Data
protection officers are responsible for overseeing a company's data protection strategy and its implementation to ensure compliance with GDPR
requirements
upvoted 24 times
MorganB
4 months, 4 weeks ago
Highly Voted
This was on my exam. I took my exam 27, ARP 23.
upvoted 11 times
Protract8593
2 months ago
Most Recent
Selected Answer: B
The Data Protection Officer (DPO) is responsible for protecting an organization's collected personal information and ensuring compliance with
data protection regulations and policies. The DPO is a key role in ensuring that the organization handles personal data in a lawful and secure
manner, protecting the privacy and rights of individuals whose data is collected and processed.
upvoted 1 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: B
The Data Protection Officer (DPO) is responsible for ensuring that an organization complies with data protection laws and regulations. This
includes protecting the personal information collected by the organization. The DPO is responsible for developing and implementing policies
and procedures related to data protection, conducting privacy impact assessments, monitoring data handling practices, and ensuring compliance
with data protection regulations such as the General Data Protection Regulation (GDPR) in the European Union.
upvoted 1 times
MasterControlProgram 6 months ago
Selected Answer: B
B. DPO (Data Protection Officer) is responsible for protecting an organization's collected personal information.
A DPO is responsible for ensuring an organization's compliance with data protection laws and regulations, including protecting the privacy rights
of individuals whose personal information the organization collects and processes. This includes implementing appropriate technical and
organizational measures to ensure the security of personal data and preventing unauthorized access, use, or disclosure.
upvoted 2 times
店
Boubou480 8 months, 2 weeks ago
铺
;
Selected Answer: B
学
DPO is the right role
upvoted 2 times
铺
;
学
习
Sklark 11 months ago
店
习
小
店
66
小
店
66
Selected Answer: B
You know if they would list the name of the acronym this would be an incredibly easy exam, but knowing the acronym is the answer here: Data
Protection Officer (DPO).
upvoted 5 times
Boogie_79 1 year ago
Selected Answer: B
The answer is literally in the question DATA is the keyword!
upvoted 3 times
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #95
Against the recommendation of the IT security analyst, a company set all user passwords on a server as `P@55w0rD`. Upon review of the
/etc/passwd le, an attacker found the following: alice:a8df3b6c4fd75f0617431fd248f35191df8d237f
bob:2d250c5b2976b03d757f324ebd59340df96aa05e chris:ea981ec3285421d014108089f3f3f997ce0f4150
Which of the following BEST explains why the encrypted passwords do not match?
A. Perfect forward secrecy
B. Key stretching
C. Salting
店
店
铺
铺
;
D. Hashing
;
学
学
习
习
小
小
店
Correct Answer: C
店
66
Community vote distribution
66
C (100%)
Boogie_79
Highly Voted
1 year ago
Selected Answer: C
Salting refers to adding random data to the input of a hash function to guarantee a unique output. The set password, in this case, is already hashed
so to further secure it salting is the next step in cryptography i.e. adding more security to the password. Think of it as "salt bae" making it just that
much better.
upvoted 31 times
MorganB
4 months, 4 weeks ago
Highly Voted
Passed my exam 27, April 23. This question was on my test.
upvoted 6 times
Protract8593
2 months ago
Most Recent
Selected Answer: C
The reason the encrypted passwords do not match is due to the use of salting. In password hashing, salting involves adding a random value (the
salt) to the password before hashing it. The salt value is unique for each user, which means even if two users have the same password, their hashed
passwords will be different due to the different salt values.
In the given scenario, the three encrypted passwords for Alice, Bob, and Chris do not match each other because each password is hashed with a
different salt. This adds an extra layer of security and prevents attackers from easily identifying common passwords by looking at the hashed
values.
upvoted 2 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: C
In password storage, salting is the practice of adding a random value (salt) to each password before hashing it. The salt is then stored alongside
the hashed password. Salting enhances the security of stored passwords by introducing uniqueness to each password hash, even if two users have
the same password.
In the given scenario, the encrypted passwords do not match because each password has been salted before being hashed. This means that even
though the original passwords were the same (P@55w0rD), the addition of a unique salt value resulted in different hashed representations for
each user.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
mosher21 5 months ago
Selected Answer: C
习
小
店
66
Why not key stretching tho? It well can be key stretching too.
upvoted 1 times
小
店
66
MasterControlProgram 6 months ago
Selected Answer: C
The encrypted passwords do not match because of "Salting." Salting is a technique that adds a random string of characters to a password before
hashing it, so that even if two users have the same password, their encrypted passwords will be different. This makes it more difficult for attackers
to use precomputed tables of hashes to crack passwords. In the given scenario, if salting was not used, all users would have the same password
hash, making it easy for an attacker to gain unauthorized access to all accounts by cracking just one password.
upvoted 1 times
ApplebeesWaiter1122 6 months, 3 weeks ago
Selected Answer: C
C, salt
淘宝店铺:https://shop63989109.taobao.com/
upvoted 1 times
DALLASCOWBOYS 7 months, 3 weeks ago
C. Salting. Salts eliminate the possibility that duplicate hashes are stored for different user accounts that have the same password.
upvoted 1 times
xxxdolorxxx 8 months, 1 week ago
Selected Answer: C
C all day long
upvoted 1 times
[Removed] 8 months, 1 week ago
salt A security countermeasure that
mitigates the impact of a rainbow table
attack by adding a random value to
("salting") each plaintext input
upvoted 1 times
店
铺
;
店
铺
;
学
学
习
Sklark 11 months ago
习
小
小
店
店
6
66 passwords to the same
6 IT recommendations" but can you imagine a company actually setting everyone's
Haha I get that the question says "Against
Selected Answer: C
password? There would be no least privilege or admin credentials. Haha anyways the example is testing to see why hash values of the same
password would be different and that would be done by adding salt which is an arbitrary or mathematical extra something to the password to
give it a different value when hashed.
upvoted 3 times
Libraboy 11 months, 1 week ago
Selected Answer: C
different passwords have different hashes but in this case, the same password is used and the only way to achieve different outcomes is by
salting...adding random data to the password (same or not) when hashing to change the stored hash value.
upvoted 1 times
[Removed] 1 year ago
I'm no expert, but I believe the hashed passwords are actually stored in etc/shadow. Anyways, it's salting.
upvoted 4 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #96
After gaining access to a dual-homed (i.e., wired and wireless) multifunction device by exploiting a vulnerability in the device's rmware, a
penetration tester then gains shell access on another networked asset. This technique is an example of:
A. privilege escalation.
B. footprinting.
C. persistence.
D. pivoting.
店
店
铺
Correct Answer: D
铺
;
;
学
Community vote distribution
习
学
习
小D (100%)
店
66
stoneface
Highly Voted
小
店
66
1 year ago
Selected Answer: D
Pivoting -> The act of an attacker moving from one compromised system to one or more other systems on the network
upvoted 35 times
Protract8593
2 months ago
Most Recent
Selected Answer: D
In the given scenario, the penetration tester gains access to a multifunction device with both wired and wireless interfaces. Then, after exploiting a
vulnerability in the device's firmware, the tester gains shell access on another networked asset. This technique is an example of "pivoting."
Pivoting is a method used by attackers or penetration testers to leverage their initial access to a compromised system or network to gain access to
other systems within the same network. In this case, the attacker is using the compromised multifunction device as a pivot point to gain access to
other networked assets.
upvoted 1 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: D
Pivoting is a technique used by attackers or penetration testers to move from one compromised system or network to another. In this scenario,
the attacker gained access to a multifunction device through a vulnerability in its firmware. From there, they used that compromised device to
gain shell access on another networked asset, essentially using the compromised device as a pivot point to access other systems or networks.
upvoted 1 times
MasterControlProgram 6 months ago
Selected Answer: D
This technique is an example of "pivoting". Pivoting is a technique used by attackers to move from one compromised system to another system
on the same network, or to a different network, in order to expand their access and control. In this scenario, the attacker gained access to the
multifunction device and then used that as a jumping-off point to gain shell access on another networked asset. This is an example of pivoting
because the attacker used the initial compromise to "pivot" to another system and expand their access.
upvoted 2 times
xxxdolorxxx 8 months, 1 week ago
Selected Answer: D
店
店
Pivoting is correct.
upvoted 2 times
铺
铺
;
;
学
学
习
Idkanything 10 months ago
习
小
店
Why not privilege escalation?
upvoted 1 times
66
小
店
66
ApplebeesWaiter1122 2 months, 3 weeks ago
privilege escalation, refers to the act of gaining higher levels of access or privileges on a system or network. While privilege escalation may
occur during the attack process, it does not specifically describe the technique used in this scenario.
upvoted 1 times
applepieboy 8 months ago
Nothing in the question implies the level of access the attacker has. They do however pivot to another device.
upvoted 2 times
xxxdolorxxx 8 months ago
Priv Esc is more on the same machine. Going from a user to root.
upvoted 5 times
Jossie_C 10 months, 3 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: D
Lateral movement AKA pivoting
upvoted 2 times
EDSAL 1 year ago
answer is D Pivoting
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #97
Which of the following should be monitored by threat intelligence researchers who search for leaked credentials?
A. Common Weakness Enumeration
B. OSINT
C. Dark web
D. Vulnerability databases
Correct Answer: C
店
店
铺
Community vote distribution
;
学
习
铺
;
学
习
C (100%)
小
小
店
Protract8593 2 months ago
店
66
66
Selected Answer: C
Threat intelligence researchers who search for leaked credentials should monitor the dark web. The dark web is a part of the internet that is not
indexed by traditional search engines and is intentionally hidden and anonymous. It is a common platform for illegal activities, including the
buying and selling of stolen data, including credentials.
upvoted 1 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: C
Threat intelligence researchers who search for leaked credentials should primarily monitor the dark web. The dark web refers to a part of the
internet that is not indexed by traditional search engines and is often used for illicit activities. It is a common marketplace for buying and selling
stolen data, including leaked credentials such as usernames and passwords.
By monitoring the dark web, threat intelligence researchers can identify if any leaked credentials associated with their organization or clients are
being traded or shared. This information can be crucial for organizations to take proactive measures to protect their systems and accounts from
unauthorized access.
upvoted 1 times
MasterControlProgram 6 months ago
Selected Answer: C
Threat intelligence researchers who search for leaked credentials should monitor the "dark web". The dark web is a part of the internet that is not
indexed by search engines and is accessible only through special software, such as Tor. It is often used for illegal activities, including the buying
and selling of stolen data, such as login credentials. By monitoring the dark web, threat intelligence researchers can identify and track leaked
credentials and other information that could be used for malicious purposes.
upvoted 2 times
scarceanimal 7 months, 3 weeks ago
Selected Answer: C
C wouldn't help too much at all really, but its the best choice lol.
upvoted 4 times
hieptran 8 months, 2 weeks ago
Selected Answer: C
C fo sho
upvoted 1 times
店
铺
;
学3 weeks ago
Arcd3746 9 months, 习
小
Selected Answer: C
店
66
There's no better choice
店
铺
;
学
习
小
店
66
upvoted 1 times
Mewchan 1 year ago
Selected Answer: C
Darkweb
https://www.hackers-arise.com/post/open-source-intelligence-osint-finding-breached-email-addresses-passwords-and-other-credentials
upvoted 3 times
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #98
A security analyst needs to be able to search and correlate logs from multiple sources in a single tool. Which of the following would BEST allow
a security analyst to have this ability?
A. SOAR
B. SIEM
C. Log collectors
D. Network-attached storage
店
店
铺
Correct Answer: B
铺
;
;
学
Community vote distribution
习
学
习
小B (100%)
店
66
Gravoc
Highly Voted
小
店
66
1 year ago
Every single time I've seen the word correlate in questions, the answer has always been SIEM.
From google:
SIEM event correlation is an essential part of any SIEM solution. It aggregates and analyzes log data from across your network applications,
systems, and devices, making it possible to discover security threats and malicious patterns of behaviors that otherwise go unnoticed and can lead
to compromise or data loss.
upvoted 16 times
Fitzd
Highly Voted
1 year ago
SIEM has log repository and analysis capabilities that SOAR platforms typically do not. The SOAR has response capabilities that the SIEM does not
upvoted 7 times
scarceanimal 7 months, 3 weeks ago
yep they're commonly used in conjunction for that reason.
upvoted 1 times
Protract8593
Most Recent
2 months ago
Selected Answer: B
A SIEM (Security Information and Event Management) system is designed to collect, store, and analyze log data from various sources in real-time.
It allows security analysts to search and correlate logs from multiple sources in a single tool, enabling them to identify and respond to security
incidents effectively.
upvoted 2 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: B
SIEM (Security Information and Event Management) systems are designed to collect, analyze, and correlate log data from various sources such as
network devices, servers, applications, and security systems. They provide a centralized platform where logs can be ingested, normalized, and
indexed for efficient searching and analysis.
With a SIEM, security analysts can perform log searches, create custom queries, and apply correlation rules to identify patterns, anomalies, and
potential security incidents. SIEMs also provide features like real-time monitoring, alerting, and reporting to help analysts detect and respond to
security events effectively.
upvoted 1 times
店
铺
;
学 7 months, 3 weeks ago
DALLASCOWBOYS 习
小 what a SIEM does and is.
B. SIEM. This describes exactly店
66
upvoted 2 times
店
铺
;
学
习
小
店
66
rhocale 9 months, 1 week ago
this would not be SOAR just bc they dont want security prevention or automation correct? someone explain why not SOAR.
upvoted 1 times
Yebby 9 months, 3 weeks ago
SIEM - Security Information and Event Management
upvoted 3 times
Knowledge33 11 months ago
Selected Answer: B
Log collectors are pieces of software that function to gather data from multiple independent sources and feed it into a unified source such as a
SIEM. Log collectors only collects the logs. SIEM store all logs
upvoted 3 times
淘宝店铺:https://shop63989109.taobao.com/
RonWonkers 1 year ago
Selected Answer: B
I believe it is SIEM
upvoted 5 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #99
A security analyst is investigating suspicious tra c on the web server located at IP address 10.10.1.1. A search of the WAF logs reveals the
following output:
Which of the following is MOST likely occurring?
店
铺
铺
;
;
学
A. XSS attack
店
学
习
习
小
店
B. SQLi attack
66
C. Replay attack
小
店
66
D. XSRF attack
Correct Answer: B
Community vote distribution
B (100%)
comeragh
Highly Voted
1 year ago
Selected Answer: B
SQLi - the giveaway is 1=1
upvoted 25 times
xxxdolorxxx 8 months, 1 week ago
You are correct.
upvoted 2 times
rodwave
Highly Voted
10 months, 2 weeks ago
Selected Answer: B
Answer: SQLi attack
SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access
information that was not intended to be displayed. The giveaway here is the 1=1 in the query which is essentially creating a condition that will
automatically be true.
======================
Helpful Info:
XSS (Cross-Site Scripting) attacks -a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites.
Replay Attack - a kind of man-in-the-middle attack in which an attacker sniffs messages being sent on a channel to intercept them and resend
them under the cloak of authentic messages.
CSRF (Cross Sit Request Forgery)- attacks that target functionality that causes a state change on the server, such as changing the victim's email
address or password, or purchasing something.
upvoted 18 times
店
店
铺
铺
Protract8593;Most Recent 2 months ago
;
学
学
Selected Answer: B
习
习
小
小 server is likely vulnerable to
In the provided logs, the presence of characters like -- and +OR+1=1-- in the requested URL indicates that the web
店
店 SQL code into the input
SQL injection (SQLi) attacks. SQL 6
injection is a type of web application vulnerability where an attacker can inject malicious
66
6 the underlying database and potentially gain unauthorized access or extract sensitive
fields of a web application to manipulate
information.
upvoted 1 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: B
From Dion's material: If you see a 1=1 it is most likely a SQL injection
upvoted 1 times
MasterControlProgram 6 months ago
Selected Answer: B
The most likely attack occurring based on the provided information is a "SQLi attack" (SQL Injection attack). The second log entry indicates that
the attacker is attempting to exploit a SQL injection vulnerability by appending a payload to the "category" parameter of the contact form. The
payload "OR 1=1--" is a common technique used to bypass authentication or gain unauthorized access by modifying the SQL query to always
return true. The double-dash "--" indicates the start of a comment in SQL, which helps the payload to avoid syntax errors.
淘宝店铺:https://shop63989109.taobao.com/
upvoted 1 times
DALLASCOWBOYS 7 months, 3 weeks ago
SQLi. Key is the 1=1 is the dead giveaway for the SQL injection attack
upvoted 2 times
hieptran 8 months, 2 weeks ago
Selected Answer: B
B - Typical SQL Injection payload
upvoted 1 times
Queenica 10 months ago
I selected SQL Injection. However every SQL Statement Query starts with SELECT which is missing. Confused with the wording of the question.
upvoted 1 times
店
店
RonWonkers 1 year ago
铺
铺
;
Selected Answer: B
;
学
学
习
1=1 so its SQLi
upvoted 2 times
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #100
Which of the following components can be used to consolidate and forward inbound internet tra c to multiple cloud environments though a
single rewall?
A. Transit gateway
B. Cloud hot site
C. Edge computing
D. DNS sinkhole
店
店
铺
Correct Answer: A
铺
;
;
学
Community vote distribution
习
学
习
小A (100%)
店
66
stoneface
Highly Voted
小
店
66
1 year ago
Selected Answer: A
VPC peering relationships can quickly become difficult to manage, especially if each VPC must interconnect in a mesh-like structure. A transit
gateway is a simpler means of managing these interconnections. Essentially, a transit gateway is a virtual router that handles routing between the
subnets in each attached VPC and any attached VPN gateways (aws.amazon.com/transit-gateway).
upvoted 29 times
kameel1221
Highly Voted
7 months, 3 weeks ago
Hardest Question in Ohio
upvoted 14 times
Protract8593
Most Recent
2 months ago
Selected Answer: A
A transit gateway is a networking component that can be used to consolidate and forward inbound internet traffic to multiple cloud environments
through a single firewall. It acts as a hub to connect multiple Virtual Private Clouds (VPCs) or cloud environments within the same cloud service
provider or across different cloud service providers. The transit gateway allows organizations to centralize their network traffic and security
controls for efficient management and security monitoring.
upvoted 2 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: A
A transit gateway is a networking construct that allows organizations to connect multiple virtual private clouds (VPCs), on-premises networks, and
remote networks through a central hub. It acts as a transit point for network traffic, enabling the routing and forwarding of traffic between
different network environments.
By deploying a transit gateway, organizations can consolidate their inbound internet traffic from various sources, such as multiple cloud
environments, and route it through a single firewall or security appliance. This centralizes the traffic management and allows for consistent
security controls to be applied.
upvoted 2 times
ronniehaang 7 months, 3 weeks ago
Selected Answer: A
a transit gateway is a virtual router that handles routing between the subnets in each attached VPC and any attached VPN gateways
upvoted 1 times
店
铺
;
店
铺
;
学
学
DALLASCOWBOYS 习
7 months, 3 weeks ago
习
小
小or cloud router.
A. Transit gateway establishes a simple and seamless integration of VPCs and local systems through a centeral hub
店
店
upvoted 1 times
66
66
Jakalan7 1 year ago
Selected Answer: A
A is the only answer that makes sense here.
upvoted 7 times
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #101
A DBA reports that several production server hard drives were wiped over the weekend. The DBA also reports that several Linux servers were
unavailable due to system les being deleted unexpectedly. A security analyst veri ed that software was con gured to delete data deliberately
from those servers. No backdoors to any servers were found. Which of the following attacks was MOST likely used to cause the data loss?
A. Logic bomb
B. Ransomware
C. Fileless virus
D. Remote access Trojans
店
店
铺
E. Rootkit
铺
;
;
学
学
习
习
小
店
66
Community vote distribution
A (86%)
stoneface
小
店
Correct Answer: A
Highly Voted
66
8%
1 year ago
Selected Answer: A
"software was configured to delete data deliberately from those servers"
This could be achieved by a cronjob
upvoted 26 times
guestionme
Most Recent
3 weeks, 2 days ago
Rootkit seems right to me because the question says "system files being deleted." Does anyone know the actual answer?
upvoted 1 times
Protract8593 2 months ago
Selected Answer: A
A logic bomb is a type of malicious code or software that is intentionally inserted into a system and designed to execute a specific malicious
action when certain conditions are met. In this scenario, the logic bomb was deliberately configured to delete data from the production server
hard drives and Linux servers unexpectedly. It is important to note that logic bombs can be triggered by various conditions such as a specific date,
time, or event, and they are intended to cause harm or damage to the targeted system or data.
upvoted 2 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: A
A logic bomb is a type of malicious code or script that is intentionally inserted into a system with the purpose of executing a harmful action at a
specific time or when specific conditions are met. In this scenario, the deliberate deletion of data from the production server hard drives and the
unexpected deletion of system files on the Linux servers indicate the presence of a logic bomb.
upvoted 1 times
MasterControlProgram 6 months ago
Selected Answer: A
The most likely attack used to cause the data loss is a "Logic bomb" attack. A logic bomb is a type of malicious code that is intentionally inserted
into a software program or system with the intention of causing damage or destruction at a specific time or under specific conditions, such as a
particular date or event. In this case, the fact that the software was configured to delete data deliberately from the servers indicates that a logic
bomb may have been used to trigger the deletion.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
Mismomano 7 months ago
店
66
小
店
66
Selected Answer: E
A rootkit allows someone to maintain command and control over a computer without the computer user/owner knowing about it. Once a rootkit
has been installed, the controller of the rootkit has the ability to remotely execute files and change system configurations on the host machine.
upvoted 1 times
Boulet_Dude 6 months ago
Wouldn’t a root kit create a back door?
upvoted 6 times
DALLASCOWBOYS 7 months, 3 weeks ago
A. Logic bomb would suggest software was configured to be deleted data deliberately from the servers.
upvoted 3 times
Nirmalabhi 9 months, 3 weeks ago
its a trap.I also first thought it was rootkit. but i ll 淘宝店铺:https://shop63989109.taobao.com/
go with logic bomb. Although no conditions specified, Q says it happened over weekend which
means the software was configured to delete data automatically over the weekend.
upvoted 4 times
NerdAlert 6 months, 1 week ago
I thought so too, but then I noticed "no backdoors were found" - rootkits are usually a type of backdoor
upvoted 1 times
Conejo_Negro 9 months, 3 weeks ago
Selected Answer: C
I believe the answer is C Fileless virus. Rootkits usually require a back door..question states no back door found..there no pattern or condition
stated in the question..the “software was configured to delete data from those servers “ Fileless attacks usually attaches itself to legitimate
software. https://www.trellix.com/en-us/security-awareness/ransomware/what-is-fileless-malware.html
upvoted 3 times
店
Confuzed 5 months, 2 weeks ago
铺
店
铺
A fileless virus resides in memory... they wouldn't be able to say "software was configured" if it were a running process that did this. Software
on the system was configured to do this, we can assume that it doesn't just keep doing this constantly, so it must have a trigger (time, event,
etc), a trigger is logic. So it's a logic bomb.
upvoted 1 times
;
;
学
学
习
习
小
小
店
Sandon 8 months ago
店
66
66
That ain't it
upvoted 2 times
[Removed] 9 months, 4 weeks ago
Selected Answer: E
I also sway to the ROOTKIT. "no BACKDOOR was found" <---- rootkit hides its presence that why no backdoor was found.
The term ROOTKIT derives from UNIX/Linux where any process running as root has unrestricted access to everything from the root of the file
system down.
upvoted 1 times
NerdAlert 6 months, 1 week ago
rootkits are usually a type of backdoor
upvoted 1 times
Sandon 8 months ago
That ain't it
upvoted 1 times
Jossie_C 10 months, 3 weeks ago
Key word is deliberately, i.e., intentionally. It's a trap
upvoted 1 times
EDSAL 1 year ago
A Logic bomb
upvoted 1 times
gen2dee 1 year ago
"software was configured"
upvoted 2 times
WondaByte 1 year ago
Correct Answer E
Rootkit fits the answer to the question. A condition has to be true for Logic Bomb to occur which in this case isn't there. Correct Answer E
upvoted 3 times
店
铺
;
店
铺
;
学
学
Orean 10 months,习
3 weeks ago
习
小
小 and time—such as the
The condition could be time-based,
meaning the logic bomb might have been set to activate at a specified date店
店
weekend of the data wipe. 66
66
upvoted 3 times
Gino_Slim 11 months ago
Hey everyone, this is NOT the right answer.
upvoted 2 times
Halaa 1 year ago
But no BACKDOOR was found.
upvoted 4 times
Boogie_79 1 year ago
Selected Answer: A
Its simply LOGIC
upvoted 2 times
淘宝店铺:https://shop63989109.taobao.com/
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #102
Digital signatures use asymmetric encryption. This means the message is encrypted with:
A. the sender's private key and decrypted with the sender's public key.
B. the sender's public key and decrypted with the sender's private key.
C. the sender's private key and decrypted with the recipient's public key.
D. the sender's public key and decrypted with the recipient's private key.
Correct Answer: A
店
店
铺
Community vote distribution
;
学 A (85%)
习
小
店
stoneface
铺
;
学
习
Other
小
店
66
Highly Voted
66
1 year ago
In order to verify the authenticity of a digital signature we need to encrypt the initial message with the sender's private key.
The receiver then can verify the authenticity by decrypting the message with the sender's public key.
https://docs.huihoo.com/globus/gt4-tutorial/ch09s03.html
upvoted 38 times
Knowledge33
Highly Voted
11 months ago
Selected Answer: A
There are 2 general ways to use asymetric algorithm.
1 - For communication between 2 hosts: If bob sends a message to Alice, bob uses Alice's public key to encrypt the message, and Alice uses her
private key to decrypt the message.
2 - For digital signature/Authentication: If ALice need to authenticate Bob, BOB uses his private key to sign the message, and Alice uses the public
key of bob to decrypt the message. This process help to make sure the signature is owned by Bob.
On this example, A is totally correct.
upvoted 25 times
Xynned 2 months, 3 weeks ago
Didn't knew there were different usage for asymmetric cryptography in terms of mail usage. Was only aware of S/MIME which uses recipient's
public key to encrypt the message and uses the recipient's private key to decrypt. Thanks for this info!
upvoted 1 times
scarceanimal 7 months, 3 weeks ago
I NEVER KNEW THIS wow ty
upvoted 3 times
lamrine04
Most Recent
1 month, 3 weeks ago
Selected Answer: B
From ChatGPT:
The correct answer is B. the sender's public key and decrypted with the sender's private key.
In digital signatures, the message is first hashed (using a cryptographic hash function) to generate a fixed-length digest. Then, this digest is
encrypted with the sender's private key to create the signature. The recipient of the message can then verify the signature by decrypting it using
the sender's public key, which should result in the same hash value. If the decrypted hash matches the hash value calculated from the received
message, it confirms the integrity of the message and the authenticity of the sender.
店
店
铺
铺
;
;
学
学
习
习
So, digital signatures use asymmetric encryption in such a way that the message is encrypted with the sender's private key and decrypted with the
sender's public key for verification.
upvoted 1 times
小
店
66
小
店
66
TuanDinh 4 weeks ago
chat GPT sometime stupid
upvoted 5 times
Protract8593 2 months ago
Selected Answer: A
Digital signatures use asymmetric encryption, but when it comes to signing a message or file with a digital signature, the process is as follows:
A. The sender's private key is used to encrypt the hash or digest of the message, and the recipient uses the sender's public key to decrypt the hash
or digest and verify the authenticity of the signature.
So, for digital signatures, the correct answer is A.
upvoted 1 times
Aleem001 2 months, 1 week ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: B
Digital signatures use asymmetric encryption. This means the message is encrypted with:
A. the sender's private key and decrypted with the sender's public key. Most Voted
B. the sender's public key and decrypted with the sender's private key.
C. the sender's private key and decrypted with the recipient's public key.
D. the sender's public key and decrypted with the recipient's private key.
ChatGPT
B. the sender's public key and decrypted with the sender's private key.
upvoted 1 times
sirpsionics 2 months ago
I find it sorta funny that Bard and Bing give the answer as C. Given that I am having a hard time understanding how things work, I have no clue if
the answer is A, B, or C.
upvoted 1 times
店
店
铺
铺
;
;
学
学
ApplebeesWaiter1122
习2 months, 3 weeks ago
习
小
小
Selected Answer: A
店
店
6
66 by the sender. This
The purpose of using the sender's 6
private key for encryption is to create a unique digital signature that can only be generated
provides authenticity and non-repudiation, as only the sender possessing the corresponding private key can create a valid signature. The recipient
can then decrypt the signature using the sender's public key to verify the integrity and authenticity of the message.
upvoted 1 times
Dutch012 4 months, 2 weeks ago
guys it's B
the sender encrypts the message with your public key and you decrypt it by using your private key, your public key is shared with others, and they
can not decrypt the message with your public key.
upvoted 2 times
RobbieT 5 months ago
The key thing here is signature. You sign with your private key.
upvoted 1 times
mkimchi 5 months, 2 weeks ago
These answer choices are worded wrong. Asymmetric encryption uses two keys: public and private. Anything encrypted with the public key can
only be decrypted with the matching private key. Anything encrypted with the private key can only be decrypted with the matching public key. For
digital signatures, to send the message with encryption, you use the sender’s private key and decrypt the message with the sender’s public key.
upvoted 3 times
MGMKING 5 months, 2 weeks ago
asymmetric encryption
Also called public key cryptography, a data encryption system that uses two mathematically derived keys to encrypt and decrypt a message—a
public key, available to everyone, and a private key, available only to the owner of the key.
upvoted 1 times
MGMKING 5 months, 2 weeks ago
Asymmetric Encryption
Also called public key cryptography, a data encryption system that uses two mathematically derived keys to encrypt and decrypt a message—a
public key, available to everyone, and a private key, available only to the owner of the key.
Make your own assumptions per the above definition.
upvoted 1 times
店
monzie 5 months, 4 weeks ago
铺
Selected Answer: B
;
学
店
铺
;
学
B. The sender's public key is used to encrypt the message, and the sender's private key is used to decrypt the message.
习
习
小
Digital signatures use asymmetric
their
店 encryption to ensure authenticity and integrity of a message. The sender uses 小
店private key to encrypt a
66 which verifies the
digital signature that is appended6to
the
message.
The
recipient
uses
the
sender's
public
key
to
decrypt
the
digital
signature,
6
authenticity and integrity of the message
upvoted 2 times
PenTestKing 7 months ago
A is correct for digital signature, B would be for messaging
upvoted 1 times
DALLASCOWBOYS 7 months, 3 weeks ago
A. If the sender wants to digitally sign a message(Bob), Bob encrypts the message using his private key. When the recipient(Judy) receives the
digitally signed message, Judy decrypts the digital signature using Bob's public key.
upvoted 1 times
carpathia 10 months ago
Selected Answer: A
淘宝店铺:https://shop63989109.taobao.com/
This question is wonky. They mention 'message encryption'
which is encrypt with recepient's public certificate (key) and decrypt with recepient's
private key (cert). Instead encryption they should have written SIGN. But I am guessing is A as in sign an email.
upvoted 1 times
Queenica 10 months ago
Assymetric Key
My PRIVATE KEY is MINE. Not Shared with anyone.
Message I encrypt with MY PRIVATE KEY.
I send MY PUBLIC KEY to You.
Message reaches you You Decrypt with MY PUBLIC KEY.
upvoted 9 times
NerdAlert 6 months, 1 week ago
thank you
upvoted 1 times
店
Sir_Learnalot 10 months, 2 weeks ago
铺
;
店
铺
;
学
digital signatures are used
the习
private key. Everybody with the
习 to verify authenticity and non-repudiation, as only the real sender would have 学
小
小
senders public key could decrypt the message and therefore validate that it really comes from the original sender
店
店
upvoted 2 times
66
66
Selected Answer: A
cutemantoes 6 months, 1 week ago
This whole thing has been confusing to understand and yours is the one that makes sense to me. TY!
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #103
A security engineer was assigned to implement a solution to prevent attackers from gaining access by pretending to be authorized users. Which
of the following technologies meets the requirement?
A. SSO
B. IDS
C. MFA
D. TPM
店
店
铺
Correct Answer: C
铺
;
;
学
Community vote distribution
习
学
习
小C (100%)
店
66
小
店
66
mm777 1 month, 2 weeks ago
What about SSO? MFA is authentication not authorization technology
upvoted 2 times
Copmp 1 month, 1 week ago
The attackers are trying to get in by pretending to be someone who is allowed right? SSO doesnt help to prevent attackers from fooling the
system. SSO is just using username and password often in a federation setting. MFA makes the attacker have two different things to sign on
(such as password and fingerprint). So MFA would be the answer
upvoted 1 times
Protract8593 2 months ago
Selected Answer: C
Multi-Factor Authentication (MFA) is a security mechanism that requires users to provide two or more forms of identification before gaining
access to a system. It is designed to prevent attackers from gaining access by pretending to be authorized users because they would need to
provide multiple pieces of evidence to prove their identity.
upvoted 2 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: C
MFA adds an extra layer of security by requiring users to provide multiple forms of identification or verification before accessing a system or
application. It typically combines something the user knows (such as a password), something the user has (such as a physical token or mobile
device), or something the user is (such as biometric data) to authenticate their identity.
By implementing MFA, even if an attacker manages to obtain or guess a user's password, they would still need the additional factor (such as a
physical token or biometric data) to successfully authenticate as the authorized user.
upvoted 1 times
DALLASCOWBOYS 7 months, 3 weeks ago
C. Multifactor authentication.
upvoted 2 times
comeragh 1 year ago
Selected Answer: C
店
铺
C - Multi Factor Authentication (MFA)
upvoted 3 times
;
学
Josh_Feng
习
1 year ago
Selected Answer: C
小
店
66
C is correct since MFA = harder to impersonate due to having multifactor authentication.
upvoted 4 times
店
铺
;
学
习
小
店
66
Papee 11 months, 1 week ago
is MFA a technology ?
upvoted 1 times
EubertT 10 months, 2 weeks ago
YEs MFA is a technology. Multifactor authentication (MFA) is a security technology that requires multiple methods of authentication from
independent categories of credentials to verify a user's identity for a login or other transaction.
upvoted 2 times
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #104
The Chief Information Security O cer (CISO) has requested that a third-party vendor provide supporting documents that show proper controls
are in place to protect customer data. Which of the following would be BEST for the third-party vendor to provide to the CISO?
A. GDPR compliance attestation
B. Cloud Security Alliance materials
C. SOC 2 Type 2 report
D. NIST RMF workbooks
店
店
铺
Correct Answer: C
铺
;
;
学
Community vote distribution
习
学
习
小
店
C (76%)
Nirmalabhi
Highly Voted
66
小
店
A (24%)
66
9 months, 3 weeks ago
Do not overthink. The question is simply on auditing.. note the words in the question. "...has requested that a third-party vendor provide
supporting documents." Hence the correct answer is indeed SOC 2. See below directly from Professer messer notes:
If your organization has undergone an audit, then you’re probably familiar with the SSAE SOC 2 types I and II. This is from the American Institute of
Certified Public Accountants, or the AICPA. It’s an auditing standard called the Statement on Standards for Attestation Engagements number 18, or
SSAE 18. During these audits, there’s a series of reports that are created, and the name for the suite of reports that are associated with trust services
criteria, or security controls, is the SOC 2, that’s the System and Organization Controls number two. This audit focuses on topics that can include
firewalls, intrusion prevention, or intrusion detection, or multi-factor authentication.
upvoted 14 times
stoneface
Highly Voted
1 year ago
I am split between SOC Type 2 and GDPR compliance ->
SOC Type 2 -> A SOC 2 Type 2 report is an internal controls report capturing how a company safeguards customer data and how well those
controls are operating. Companies that use cloud service providers use SOC 2 reports to assess and address the risks associated with third party
technology services.
GDPR Compliance Attestations -> ATC 315 also helps mature your internal controls over GDPR compliance and can help you manage GDPR
compliance risk beyond what internal risk assessments and audits provide. ATC 315 can identify deficiencies in internal controls, pinpoint areas for
improvement, and will strengthen your organization’s GDPR compliance posture.
It seems that SOC Type 2 Report better matches the requirement.
I listen to you ...
upvoted 7 times
DriftandLuna 1 month, 3 weeks ago
yes - If i am unsure i usually only use GDPR if Europe is mentioned.
upvoted 1 times
andrizo 11 months, 2 weeks ago
gdpr only applies to collection of consumer data in europe
upvoted 1 times
KetReeb 1 year ago
店
店
铺
铺
SOC Type 2 Report would verify that the vendor is an organization that maintains a high level of information security.
upvoted 1 times
;
;
学
Protract8593
Selected Answer: C
习
小 2 months ago
店
66
Most Recent
学
习
小
店
66
A SOC 2 (Service Organization Control 2) Type 2 report is a widely recognized report that provides assurance about the controls and security
measures implemented by a service organization. It is designed to evaluate a service provider's controls relevant to security, availability,
processing integrity, confidentiality, and privacy. The SOC 2 Type 2 report specifically assesses the effectiveness of these controls over a specified
period of time.
Given that the Chief Information Security Officer (CISO) is requesting supporting documents to show proper controls in place to protect customer
data, a SOC 2 Type 2 report would be the best choice. This report demonstrates that the third-party vendor has undergone an independent audit
of its controls, providing valuable information about its security practices and compliance with industry standards.
upvoted 1 times
LiteralGod 2 months, 1 week ago
Selected Answer: A
GDPR specifically relates to customer data so that's what I went with.
The question doesn't mention the EU, but it also doesn't mention anywhere outside of the EU.
淘宝店铺:https://shop63989109.taobao.com/
upvoted 1 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: C
A SOC 2 (System and Organization Controls 2) report is a widely recognized standard for evaluating and reporting on the effectiveness of an
organization's controls related to security, availability, processing integrity, confidentiality, and privacy. A Type 2 report specifically covers a
specified period of time and provides more in-depth information about the design and effectiveness of controls.
By providing a SOC 2 Type 2 report, the third-party vendor can demonstrate that they have undergone a comprehensive assessment of their
controls by an independent auditor and that they have implemented appropriate measures to protect customer data.
upvoted 1 times
LeonardSnart 4 months, 1 week ago
Selected Answer: C
"...[T]he System and Organization Controls (SOC) 2 report covers organizational cybersecurity controls. The auditor creates the SOC 2 report after
evaluating an organization’s security controls. The SOC 2 report indicates that the organization is SOC 2 compliant and gives customers a level of
assurance that the organization has adequate security controls in place. SOC 2 addresses five trust service principles: confidentiality, integrity,
availability, security, and privacy.
• SOC 2 Type II. The Type II report describes an organization’s systems and covers security controls’ operational effectiveness over a range of
dates, such as 12 months. In this context, operational effectiveness refers to how well the security controls worked when
mitigating risks during the range of dates. Soc 2 Type 2 compliance gives a higher level of assurance than SOC 2 Type I."
Security+ SY0-601 Get Certified Get Ahead by D. Gibson
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
66
mosher21 5 months ago
Selected Answer: C
A SOC 2 Type 2 report is an internal controls report capturing how a company safeguards customer data and how well those controls are
operating. Companies that use cloud service providers use SOC 2 reports to assess and address the risks associated with third party technology
services.
https://www.onelogin.com/compliance/soc-2-type-2
upvoted 1 times
Drealjesusfreak 6 months, 2 weeks ago
this is one of those questions that just throw you of then cent.
upvoted 1 times
DALLASCOWBOYS 7 months, 3 weeks ago
C. In the SOC 2 Type report, the auditor confirms that the controls are functioning properly.
upvoted 2 times
atrax 10 months, 2 weeks ago
Selected Answer: C
I work in GRC and third party vendonrs provides a soc2 report. GDPR is almost a law where they stated they compliance, but its never
audited/certified
upvoted 3 times
Knowledge33 10 months, 2 weeks ago
Selected Answer: A
The SOC 2 is a separate report that focuses on controls at a service provider relevant to security, availability, processing integrity, confidentiality,
and privacy of a system. GDPR is the unique possible response, even though It's only applied in EU. The other responses are not related to client
data.
upvoted 3 times
Gravoc 1 year ago
店
店
GDPR only applies when the entity operates or collects data in any EU country. This question doesn't specify if the personal information in
question belongs to an EU member country. Therefore, we can eliminate option A. If the question stated anything at all about Europe, it would be
A. Since it didn't, It's SOC 2 Type 2 is the correct answer.
铺
铺
;
;
学
学
习
习
小
小
It's basically a modernized security audit that occurs usually at a minimum of every 6 months. A 3rd party supplying the results from its internal
SOC 2 Type 2 audit would provide the required supporting documents to satisfy the CISO.
upvoted 2 times
店
66
redsidemanc2 1 year ago
Selected Answer: C
GDPR related to EU nothing in question to say they are in EU.
SOC type 2 : tests security controls in place
upvoted 6 times
ScottT 1 year ago
https://www.itgovernance.co.uk/soc-reporting
upvoted 1 times
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #105
Which of the following is assured when a user signs an email using a private key?
A. Non-repudiation
B. Con dentiality
C. Availability
D. Authentication
Correct Answer: A
店
店
铺
Community vote distribution
;
学 A (90%)
习
小
店
IQ30
Highly Voted
1 year ago
铺
;
学
习
10%
小
店
66
66
Selected Answer: A
Professor Messer notes
• Non-Repudiation
– Confirm the authenticity of data
– Digital signature provides both integrity
and non-repudiation
upvoted 23 times
guestionme
Most Recent
3 weeks, 2 days ago
Non-repudiation is a legal concept that's widely used in information security and refers to a service, which provides proof of the origin and
integrity of data.
A, No?
upvoted 1 times
zygmunt 1 month, 2 weeks ago
In the chapter for digital signatures in CompTIA's Certmaster Learn for Security+, only authentication and integrity are mentioned. I don't doubt
non-repudiation is also proved (a later page even states non-repudiation is linked to authentication), but I'm going to go with authentication here.
upvoted 2 times
Protract8593 2 months ago
Selected Answer: A
When a user signs an email using a private key, it provides assurance of non-repudiation. Non-repudiation is the property that ensures the sender
of a message cannot deny sending it. By signing the email with their private key, the sender creates a digital signature that can only be decrypted
and verified with their corresponding public key. This process ensures that the sender's identity is authenticated and cannot be denied later,
providing non-repudiation.
upvoted 2 times
ApplebeesWaiter1122 2 months, 3 weeks ago
Selected Answer: A
It could be A or It could be D. Another Comptia-esque question. Looking at Messer's notes for section 2.8 he states that Non-Repudiation can
authentic and provides integrity
upvoted 1 times
店
fouserd 5 months, 1 week ago
铺
Selected Answer: D;
店
铺
;
学
学
D. Authentication is assured
习 when a user signs an email using a private key.
习
小
店 a private key, it provides a digital signature that verifies the authenticity of the 小
店and the sender. This process
When a user signs an email using
email
6
66tampered with during
6
ensures that the recipient can be confident
that the email is from the claimed sender, and that the message has not been
transit. Authentication is the process of verifying the identity of a user or entity, and in this case, the digital signature provides this verification.
Therefore, the correct answer is D. Authentication.
Note that signing an email with a private key does not necessarily provide confidentiality (B) or availability (C), as these are separate aspects of
information security that require different measures to achieve. Non-repudiation (A) is related to authentication, but it refers specifically to the
inability of the sender to deny having sent the message once it has been signed with their private key.
upvoted 3 times
TheGuitarMan_61 5 months, 2 weeks ago
when a sender signs a message with their private key, they guarantee the message's authenticity, illustrating that they were indeed the message's
source. And in this way, the sender's public key, which the recipient has access to, is the sole method of decrypting the sender's message. After the
Email is sent then "A".
upvoted 1 times
goodmate 6 months ago
淘宝店铺:https://shop63989109.taobao.com/
It seems answer D. Non-repudiation. The sender cannot
later deny sending the
message. This is sometimes required with online transactions. For
example, imagine Homer sends an order to sell stocks using a digitally
signed email. If the stocks increase after his sale completes, he can’t
deny the transaction. Source: Darill Gibson, CompTIA Security+:Get Certified Get Ahead SY0-501 Study Guide
upvoted 1 times
Omi0204 6 months, 1 week ago
Message signing, on the other hand, uses the sender's private key to sign the message, and his or her public key is used to read the signature.
Message signing helps ensure data integrity, message authentication, and non-repudiation.
So Option A and D both are correct. :)
upvoted 2 times
cutemantoes 7 months ago
I agree that its A. However, it states "what is assured when a user signs an email..", it doesnt say if it was sent. Just that it was signed. CompTIA is
more than likely going to do answer D. Knowing them, they'd do that.
upvoted 3 times
店
店
铺
铺
;
;
学
学
习
习
小
小
DALLASCOWBOYS 7 months, 3 weeks ago
店
店
A. Non-repudiation. It is a concept that the sender cannot deny that they sent the message.
upvoted 1 times
66
66
Gravoc 1 year ago
Non Repudiation is your virtual John Hancock. It's a way of virtually stamping any data or document with "I am who I say I am". Only way to break
this would be if the private key owners' private key became compromised. Which at that point you got bigger problems than Non Repudiation.
upvoted 3 times
Gino_Slim 11 months ago
"John Hancock" is another way of saying "signature" for those that don't know
upvoted 2 times
EDSAL 1 year ago
A- Non Repudation confirms that the signature comes from what it sayst it comes
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #106
A systems administrator is troubleshooting a server's connection to an internal web server. The administrator needs to determine the correct
ports to use. Which of the following tools BEST shows which ports on the web server are in a listening state?
A. ipcon g
B. ssh
C. ping
D. netstat
店
店
铺
Correct Answer: D
铺
;
;
学
Community vote distribution
习
小D (96%)
店
66
Gino_Slim
Highly Voted
学
习
4%
小
店
66
11 months ago
Selected Answer: D
Answer is D
A. ipconfig - Just shows you the IP information for your current machine
B. ssh - this is used for file transfers (ftp etc etc)
C. ping - this is just to reach out to a node to get a response from it
These are simple ways of explaining. Don't come behind me and getting real granular super duper tech people -_upvoted 35 times
scarceanimal 7 months, 3 weeks ago
thanks gino slim!
upvoted 1 times
rodwave 10 months, 2 weeks ago
the explanations are perfectly fine
upvoted 4 times
comeragh
Highly Voted
1 year ago
Selected Answer: D
Netstat shows listening ports
upvoted 9 times
Protract8593
Most Recent
2 months ago
Selected Answer: D
The netstat command is a network utility used to display network connections, routing tables, and network interface statistics on a system. It can
show which ports on the web server are in a listening state, allowing the systems administrator to troubleshoot the server's connection to the
internal web server.
upvoted 1 times
ApplebeesWaiter1122 2 months, 3 weeks ago
店
店
铺
铺 ports, and related network statistics. By
Netstat (Network Statistics) is a command-line tool used to display active network connections, listening
;
; (numeric format), the administrator can
using the appropriate
学 command-line parameters, such as "-a" (all connections and listening ports) or "-n"
学
习ports on the web server that are in a listening state.
习
obtain a list of all open
小
小
店
店
Options A, B, and C are not relevant
66for determining the open ports on a web server:
66
Selected Answer: D
ipconfig is a command-line tool used to display IP configuration information on a local system, such as IP address, subnet mask, and default
gateway. It does not provide information about open ports on a remote web server.
ssh (Secure Shell) is a network protocol used for secure remote access to systems. It is not specifically designed to display open ports on a web
server.
ping is a utility used to test the connectivity and reachability of a network host using Internet Control Message Protocol (ICMP). It does not
provide information about open ports on a web server.
upvoted 1 times
MasterControlProgram 6 months ago
Selected Answer: D
The tool that BEST shows which ports on a server are in a listening state is netstat. Therefore, the correct answer is D.
upvoted 1 times
Ahmed_aldouky 6 months, 3 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: D
The correct answer is D. netstat.
Netstat is a command-line tool that displays information about network connections and network statistics. It can be used to show which ports on
a server are in a listening state, among other things. This information can be very useful for troubleshooting network issues.
A. ipconfig is a command-line tool that displays network configuration information for a computer. It does not show which ports on a web server
are in a listening state.
B. ssh is a network protocol that allows secure remote access to a server. It does not show which ports on a web server are in a listening state.
C. ping is a command-line tool that tests network connectivity between two devices. It does not show which ports on a web server are in a
listening state.
upvoted 2 times
T4IT 8 months ago
店
店
铺
铺
Selected Answer: A
;
Netstat is correct
upvoted 2 times
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #107
Which of the following BEST reduces the security risks introduced when running systems that have expired vendor support and lack an
immediate replacement?
A. Implement proper network access restrictions.
B. Initiate a bug bounty program.
C. Classify the system as shadow IT.
D. Increase the frequency of vulnerability scans.
店
店
铺
Correct Answer: A
铺
;
;
学
Community vote distribution
习
小A (96%)
店
66
Jakalan7
学
习
小
店
4%
66
1 year ago
Highly Voted
Selected Answer: A
A is the only answer that makes sense here.
upvoted 11 times
Papee 11 months, 1 week ago
I agree. Network segmentation.
upvoted 4 times
03allen 10 months, 2 weeks ago
I don't think A means network segmentation.
upvoted 1 times
Ranaer
Highly Voted
8 months ago
Selected Answer: A
We are asked to REDUCE risk.
A. Implement proper network access restrictions. - This more or less reduces risk by limiting who has access to the legacy system.
B. Initiate a bug bounty program. - We dont need that, since its a legacy system, which we havent developed. We most likely cannot patch this
anyway.
C. Classify the system as shadow IT. - Irrelevant to the question.
D. Increase the frequency of vulnerability scans. - As in B, us knowing that issues exist, wont help us much, since we cannot patch the system.
upvoted 9 times
Protract8593
2 months ago
Most Recent
Selected Answer: A
Implementing proper network access restrictions helps to reduce the security risks associated with running systems that have expired vendor
support and lack an immediate replacement. By restricting network access, unauthorized parties are less likely to exploit vulnerabilities in the
unsupported systems. This is a proactive approach to limit potential risks until a more permanent solution can be implemented.
upvoted 1 times
ApplebeesWaiter1122 2 months ago
Selected Answer: A
店
店
Implementing proper network access restrictions is the best option to reduce the security risks introduced by running systems that have expired
vendor support and lack an immediate replacement. By limiting the network access of these systems, you can minimize their exposure to potential
threats from the internet or unauthorized users. This reduces the attack surface and helps mitigate the risk of security breaches and vulnerabilities.
upvoted 1 times
铺
铺
;
;
学
学
习
习
小
mosher21 5 months ago
店
66
小
店
66
Selected Answer: A
AKA airgap them.
upvoted 1 times
monzie 5 months, 4 weeks ago
Selected Answer: D
D. Increase the frequency of vulnerability scans would be the BEST option to reduce the security risks introduced when running systems that have
expired vendor support and lack an immediate replacement.
When vendor support for a system has expired, it is no longer receiving security updates or patches from the vendor. This leaves the system
vulnerable to known and unknown vulnerabilities. Increasing the frequency of vulnerability scans allows for the identification and remediation of
any vulnerabilities that may be present. By identifying vulnerabilities earlier, the organization can take action to minimize the risk of exploitation.
upvoted 1 times
Confuzed 5 months, 2 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
I would agree except that if you do identify a new vulnerability you cannot remediate it so increasing the scans will only increase the risks that
you must accept and do nothing to mitigate them.
upvoted 2 times
TinyTrexArmz 7 months, 2 weeks ago
Maybe it's my lack of imagination, but I can't think of a case where you wouldn't Implement proper network access restrictions by default even on
a system with vendor support still active and can be immediately replaced.
upvoted 2 times
mick1 9 months, 3 weeks ago
I would say D - as system is not changing role, and in ANY use case, network access should be minimized (or at least planned for system) - so if i
don't want to change device role, just reduce risk, I would go with more scans.
upvoted 1 times
店
店
铺
铺attack not reduce the probability of chance of
Unfortunately that doesn't reduce the risk, they can still attack, and the scans will only detect that
;
;
it happening. I choose
学 A.
学
习
习
upvoted 2 times
小
小
店
店
Jossie_C 10 months, 3 weeks ago66
66
KingDrew 8 months, 1 week ago
Prevent the computer from connecting to the internet where the bad guys are
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #108
Due to unexpected circumstances, an IT company must vacate its main o ce, forcing all operations to alternate, off-site locations. Which of the
following will the company MOST likely reference for guidance during this change?
A. The business continuity plan
B. The retention policy
C. The disaster recovery plan
D. The incident response plan
店
店
铺
Correct Answer: A
铺
;
;
学
Community vote distribution
习
学
习
小
店
A (87%)
stoneface
Highly Voted
66
小
店
13%
66
1 year ago
Selected Answer: A
BCP is to empower an organization to keep crucial functions running during downtime. This, in turn, helps the organization respond quickly to an
interruption, while creating resilient operational protocols.
upvoted 28 times
rodwave
Highly Voted
10 months, 2 weeks ago
Selected Answer: A
Answer - The business continuity plan
A business continuity is a plan that ensures a company can maintain core operations without interrupts especially in a event of a crisis.
===========================
Retention Policy - determines how long business a record/resource is stored and how to dispose of the record when it is time to do so.
Disaster Recovery - A set of instructions created by an organization on how to respond and recover from unplanned incidents. Generally involving
a hardware failure, destruction, etc.
Incident Response - a set of steps a incident response team follows to properly prepare and respond to incidents.
upvoted 14 times
Protract8593
Most Recent
2 months ago
Selected Answer: A
When an IT company must vacate its main office and move to alternate, off-site locations due to unexpected circumstances, it would most likely
reference the business continuity plan. The business continuity plan outlines the procedures and strategies that an organization will use to ensure
that essential business functions can continue during and after a disaster or other disruptive event. It includes measures to protect personnel,
assets, and business processes to ensure the organization's continuity.
On the other hand, the disaster recovery plan is focused on restoring critical systems and services after a significant disruption, and it deals with
the technical aspects of recovery. While both plans are related to managing disruptive events, the business continuity plan takes a broader
approach, encompassing business processes and personnel, while the disaster recovery plan primarily focuses on IT systems and data recovery.
upvoted 3 times
ApplebeesWaiter1122 2 months ago
店
铺
店
铺
;
During the unexpected
off-site
学 circumstance of vacating the main office and moving operations to alternate, ;
学 locations, the IT company would
习
习 to ensure the continued
most likely reference the business continuity plan. The business continuity plan outlines strategies and procedures
小
小 operations, recover critical
operation of critical business 店
functions during and after disruptive events. It includes measures to maintain essential店
systems, and resume normal business
66 activities in the face of unexpected events that could disrupt normal business operations.
66
Selected Answer: A
upvoted 1 times
mosher21 5 months ago
Selected Answer: C
I say C because the given info implies something big and severe, aka a disaster, happened that you have to move all of your operations to an off
site. So you would consult your disaster recovery plan during such incidents.
upvoted 2 times
MasterControlProgram 6 months ago
Selected Answer: A
The IT company will most likely reference the business continuity plan for guidance during the change. The business continuity plan is designed to
help an organization continue operations in the event of a disruption or disaster, and is intended to minimize the impact on the business. The plan
typically includes procedures and processes for identifying critical business functions, establishing alternate locations, and outlining how
operations will continue during the disruption.
淘宝店铺:https://shop63989109.taobao.com/
upvoted 1 times
Drealjesusfreak 6 months, 2 weeks ago
The word, unexpected circumstances is the key. I think the answer is C. I have checked other questions and it says disaster recovery plan is the
answer.
upvoted 2 times
tebirkishaw 7 months, 3 weeks ago
Selected Answer: C
It is C. The business continuity plan goes over what you can do in the event you can't access your normal resources, or if things aren't working. For
example if your payment portal is down, you would have something saying you take payments by phone. In this question they have all of their
resources, just working at a different site. Professor Messer's videos on this explain it really well as well.
upvoted 1 times
tebirkishaw 7 months, 3 weeks ago
店
Actually I had my definitions mixed up lol... I think the answer would be A
upvoted 1 times
铺
;
店
铺
;
学
学
习
习
小
A. Business Continuity Plans focus
for the vacating of the
店 on keeping an organization functional when misfortune or incidents occur. The小reason
66way, based on the information provided, that a disaster ( natural or man-made has店occurred)
66
office isn't specified, so there is no
DALLASCOWBOYS 7 months, 3 weeks ago
upvoted 1 times
Sandon 8 months ago
Selected Answer: C
ChatGPT says it's C
upvoted 2 times
xxxdolorxxx 8 months, 1 week ago
Selected Answer: A
A seems like the correct answer
upvoted 2 times
carpathia 10 months ago
Selected Answer: A
This should normally be BIA, but BIA is part of BCP, so BCP.
upvoted 1 times
DoDaResearch 10 months, 3 weeks ago
Selected Answer: C
See CompTIA Security + study guide page 518
Disaster Recovery plan -- A disaster can be seen as a special class of incident where the organizations primary business function is disrupted.
Disaster recovery requires considerable resources, sush as SHIFTING PROCESSING TO A SECONDARY SITE. Disaster recovery will involve a wider
range of stakeholders than a less serious incidents.
Business Continuity Plan (BCB) -- this identifies how business processes should deal with both minor and disaster-level disruption. During an
incident, a system may need to be isolated. Continuity planing ensures that there is processing redundancy supporting the workflow so that when
a server is taken offline for security remediation, processing can failover to a separate system. If systems do not have this sort of planned
resilience, incident response will be much more disruptive.
upvoted 3 times
DoDaResearch 10 months, 3 weeks ago
Not all disasters are natural, if a fire marshal closes your building for various reasons that may not even be related to your building, you still can
not enter
upvoted 1 times
店
店
铺
铺
Gravoc 1 year ago
;
;
Remember that BCP is all-encompassing, including natural disaster recovery. Since the question did not specify this is a disaster, then BCP is the
only option left that can be correct.
upvoted 3 times
学
学
习
习
小
店
Yuyuyakuza 1 year ago
66
A.BCP no indication of a natural disaster.
upvoted 1 times
comeragh 1 year ago
Selected Answer: A
Agree with A - BCP
upvoted 2 times
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #109
While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is alerted to a subsequent token reuse
moments later on a different service using the same single sign-on method. Which of the following would BEST detect a malicious actor?
A. Utilizing SIEM correlation engines
B. Deploying Net ow at the network border
C. Disabling session tokens for all sites
D. Deploying a WAF for the web server
店
店
铺
Correct Answer: D
铺
;
;
学
Community vote distribution
习
学
习
小A (100%)
店
66
stoneface
Highly Voted
小
店
66
1 year ago
Selected Answer: A
I think that SIEM correlation would be the best way to detect an attacker in this case.
The initial compromise was a malicious request on a web server. Moments later the token created with SSO was used on another service, the
question does not specify what type of service.
Deploying a WAF on the web server will detect the attacker but only on that server. If the attacker issues the same malicious request to get
another SSO token correlating that event with using that SSO token in other services would allows to detect the malicious activity.
Correct me if I am wrong
upvoted 38 times
hieptran 8 months, 2 weeks ago
I think the same with you,
The token type could be varies, but I don't think that it will be detected and prevented by WAF or anything since it could be a legitimate
request with stolen/hacked token.
In the context of this question, it is best to collerate logs and find which system is compromised.
upvoted 2 times
RogerW
Most Recent
1 week, 4 days ago
It looks like a CSRF attack. The SIEM detected the attack and notified the user. If the question asked what would be the BEST to "protect" as
opposed to "detect", I would have selected, D WAF. Since is asking what would be BEST to detect, I pick A.
upvoted 1 times
malibi 3 weeks ago
Selected Answer: A
The question mentions about Web Application!
A WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application, and prevents
any unauthorized data from leaving the app.
upvoted 1 times
Protract8593 2 months ago
店
铺
店
铺
;
;to detect a malicious actor in this
Utilizing SIEM (Security
学 Information and Event Management) correlation engines would be the best way
学
习 devices. By using correlation
scenario. SIEM systems习
collect and analyze log data from various sources, including web applications and network
小
小 when analyzing each event
rules, the SIEM can identify patterns
of behavior and detect abnormal or malicious activities that might not be apparent
店
店
in isolation.
66
66
Selected Answer: A
In the given scenario, the SIEM can correlate the alerts from the two different services that detected the subsequent token reuse. This correlation
would help identify the abnormal behavior and raise an alert for further investigation by the cybersecurity analyst. SIEM systems play a crucial role
in identifying complex and sophisticated attack patterns and improving incident detection and response capabilities.
upvoted 1 times
ApplebeesWaiter1122 2 months ago
Selected Answer: A
SIEM (Security Information and Event Management) correlation engines are designed to collect, analyze, and correlate data from various sources
across an organization's IT infrastructure. By using SIEM correlation rules, the cybersecurity analyst can identify patterns and relationships between
events and data from different systems and applications. In the given scenario, the SIEM correlation engine can detect the subsequent token reuse
moments after the initial malicious request on one web application. This correlation can help identify the presence of a malicious actor
attempting to exploit the single sign-on method and potentially moving laterally to other services.
upvoted 1 times
Ahmed_aldouky 6 months, 3 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: A
. Utilizing SIEM correlation engines would BEST detect a malicious actor.
SIEM correlation engines can be used to analyze and correlate events from different systems and applications. In this case, the cybersecurity
analyst can use a SIEM correlation engine to correlate the request on the web application and the subsequent token reuse on a different service.
This can help to identify the malicious actor and take appropriate actions to prevent further attacks.
B. Deploying Netflow at the network border can help to monitor network traffic and identify anomalies, but it may not provide enough context to
detect the malicious actor in this scenario.
C. Disabling session tokens for all sites is not a recommended solution as it can have negative impacts on legitimate user access.
D. Deploying a WAF for the web server can help to detect and block attacks on the web application, but it may not provide enough visibility to
detect the subsequent token reuse on a different service.
upvoted 2 times
店
店
铺
铺
brewoz404sd;
7 months, 3 weeks ago
;
学
Answer is D. A waf looks
specifically at session / token use, as well as monitoring all traffic between web /学
user.
You can deploy a waf to protect
习
习
ALL web apps behind it. Answer
is
clearly
D,
its
exactly
what
a
WAF
is
designed
to
do.
小
小
店
店
upvoted 1 times
66
66
[Removed] 9 months, 3 weeks ago
i still think D
upvoted 1 times
Gravoc 1 year ago
SIEM correlation dashboards. From google:
"It aggregates and analyzes log data from across your network applications, systems, and devices, making it possible to discover security threats
and malicious patterns of behaviors that otherwise go unnoticed and can lead to compromise or data loss."
Web application firewall is a good candidate, except that it will log both events into separate log files. Which can go unnoticed by security
administrators, and will require additional tools to automate the process of alerting the correlated events together. Such as a SIEM.
upvoted 4 times
Lars87 1 year ago
Selected Answer: A
SIEM i think correct
upvoted 1 times
okay123 1 year ago
The software analyzes the log entries to identify signs of malicious activity. In addition, since the system gathers events from different sources
across the network, it can recreate the timeline of an attack, enabling a company to determine the nature of the attack and its impact on the
business.
https://www.techtarget.com/searchsecurity/definition/security-information-and-event-management-SIEM
I thought D but key word is differint devices.. so SIEM correlation i think
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #110
Two organizations plan to collaborate on the evaluation of new SIEM solutions for their respective companies. A combined effort from both
organizations' SOC teams would speed up the effort. Which of the following can be written to document this agreement?
A. MOU
B. ISA
C. SLA
D. NDA
店
店
铺
Correct Answer: A
铺
;
;
学
Community vote distribution
习
学
习
小A (100%)
店
66
Gravoc
Highly Voted
小
店
66
1 year ago
MOU - Memorandum of Understanding
MOA - Memorandum of Agreement
A MOU is the initialization phase for two companies who plan to work together. It establishes what each company is looking to achieve/get out of
the arrangement. It's not a signed contract.
A MOA is a step above the MOU. It's a signed contract that indicates both parties understand and agree with the terms placed forward by both
parties.
upvoted 23 times
RonWonkers 12 months ago
Thanks for the explanation
upvoted 1 times
stoneface
Highly Voted
1 year ago
Selected Answer: A
A document that regulates security-relevant aspects of an intended connection between an agency and an external system. It regulates the security
interface between any two systems operating under two different distinct authorities. It includes a variety of descriptive, technical, procedural, and
planning information. It is usually preceded by a formal MOA/MOU that defines high- level roles and responsibilities in management of a crossdomain connection.
upvoted 16 times
stoneface 1 year ago
Add ISA at the beginning -> source https://csrc.nist.gov/glossary/term/interconnection_security_agreement
upvoted 3 times
ccnaexam28
Most Recent
1 month, 4 weeks ago
this was on my exam. i chose A.
Took the exam 27/7/2023, I scored 840 and got 82 questions in total(with 3 PBQs). (not quite sure what questions I got right or wrong, there were
tons that have 50/50 percentage in this site)
90%+ is from this site and I have no contributor access though I think it's also just luck on what set you'll get from their questions' pool. good
luck!
upvoted 7 times
店
店
铺
铺
;
学
Protract8593 2 months ago
习
小
;
学
习
小
店
店 to work together on a
A Memorandum of Understanding
66(MOU) is a written agreement between two or more parties outlining their intention
66
specific project or endeavor. It is a non-binding document that establishes the framework and terms of cooperation between the parties involved.
Selected Answer: A
In this scenario, the MOU can be used to document the agreement between the two organizations to collaborate on the evaluation of new SIEM
(Security Information and Event Management) solutions. It outlines their joint effort and commitment to work together towards a common goal
without creating a formal legal contract.
upvoted 1 times
ApplebeesWaiter1122 2 months ago
Selected Answer: A
A Memorandum of Understanding (MOU) is a written agreement between two or more parties that outlines the understanding and terms of their
collaboration. In this scenario, the two organizations plan to collaborate on the evaluation of new SIEM solutions, and the MOU can be used to
document their agreement on the joint effort. It will specify the objectives of the collaboration, the roles and responsibilities of each
organization's SOC teams, the resources they will contribute, the duration of the collaboration, and any other relevant terms and conditions.
upvoted 1 times
MorganB 4 months, 4 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Pass my exam 27, April 23. This question was on my
tested worded differently but the answer is the same.
upvoted 4 times
ronniehaang 7 months, 3 weeks ago
Selected Answer: A
A. MOU (Memorandum of Understanding) is the best option to document the agreement between two organizations to collaborate on the
evaluation of new SIEM solutions.
An MOU is a non-binding agreement between two or more parties outlining the goals and objectives of a project or collaboration. It outlines the
responsibilities, resources, and expectations of each party involved, and serves as a framework for future cooperation and collaboration. In this
case, the MOU between the two organizations would outline the purpose and goals of their collaboration to evaluate new SIEM solutions, the
roles and responsibilities of each organization's SOC team, and any timelines or expectations for the evaluation process.
An MOU is a good option as it provides a clear understanding of the expectations and responsibilities of both organizations without binding
either organization to a specific course of action or committing to a formal agreement.
upvoted 1 times
店
铺
DALLASCOWBOYS
; 7 months, 3 weeks ago
学they are collaborating, thus not requiring a legal agreement.
A. MOU. It just states
习
小
upvoted 6 times
店
66
店
店
铺
;
学
习
小
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #111
The Chief Information Security O cer wants to prevent ex ltration of sensitive information from employee cell phones when using public USB
power charging stations. Which of the following would be the BEST solution to implement?
A. DLP
B. USB data blocker
C. USB OTG
D. Disabling USB ports
店
店
铺
Correct Answer: B
铺
;
;
学
Community vote distribution
习
B (69%)
FQ
Highly Voted
学
习
小
店
66
A (31%)
小
店
66
1 year ago
Selected Answer: A
The question is talking about PUBLIC USB power charging stations, the CISO cannot for sure place USB data blocker on all publich USB ports in the
world !
The CISO also can't disable employees cell phones ports, as these are usually personal properties.
USB OTG is obviously playing the oppostie of what's required if used.
DLP is the answer, and it can be implemented as following:
1. Create a User Group based on AD - (You will need to have a Directory Connection configured)
2. Create a policy that detects the data AND includes a rule for the User Group. - This way it will ONLY work for those users
3. Test to make sure the policy works for ONLY those users.
4. Create a Response rule that BLOCK Endpoint AND only applies to USB
5. Apply this new Response Rule to the Policy (Response Rule Tab)
upvoted 25 times
arrowphoto7604493ahmed 5 months, 4 weeks ago
USB data blockers (also known as USB condom or USB port blocker) are small devices that can be placed between a USB charging port and a
USB cable.
upvoted 2 times
sujon_london 1 month, 2 weeks ago
DLP It’s reasonable option if USB option not there. while in market USB blocker are there available in that case answer is USB data blocker. I
think physically we should know how its look alike and how to use it.
upvoted 2 times
ExamPasser420 4 months, 3 weeks ago
What does stoneface think?
upvoted 5 times
EricShon 6 months, 1 week ago
Then just but the data blocker on the cable being used...
upvoted 2 times
Blake89
店 Highly Voted 8 months, 1 week ago
店
铺B
铺
Selected Answer:
;
;stations. Y'all overthink way too much
The CompTia Sec+学
Study Guide book literally talks about USB data blockers when using public charging 学
习
习
sometimes.
小
小
upvoted 23 times
店
店
66
66
fgfj
Most Recent
2 days, 17 hours ago
Selected Answer: A
USB data blocker
upvoted 1 times
Protract8593 2 months ago
Selected Answer: B
A USB data blocker, also known as a "USB condom" or "USB pass-through device," is a hardware device that prevents data transfer over USB
connections while allowing the device to charge. It does this by physically blocking the data pins on the USB cable, only allowing power transfer
between the device and the charging station. By using a USB data blocker, employees can safely charge their cell phones at public USB power
charging stations without worrying about data exfiltration or potential malware infections through the USB port.
The other options are not suitable for the scenario described:
A. DLP (Data Loss Prevention) is a broader security淘宝店铺:https://shop63989109.taobao.com/
measure used to prevent unauthorized data exfiltration or leakage, but it typically operates at
the software or network level and may not directly address the USB charging station issue.
upvoted 3 times
ApplebeesWaiter1122 2 months ago
Selected Answer: B
A USB data blocker, also known as a USB condom or charging blocker, is a small device that allows a device to be charged using a USB charging
cable but blocks data transfer between the device and the USB port. When connected to a public USB charging station, it prevents any potential
data exfiltration or unauthorized access to sensitive information from the connected device.
upvoted 1 times
Pythetic 5 months, 1 week ago
From a Security standpoint, a data blocker is much more secure as it physically takes away the data pins this is the "best" method as although DLP
might give slight convenience if you forgot your cable, there are still ways around it
upvoted 2 times
店
铺
arrowphoto7604493ahmed 5 months, 4 weeks ago
;
Selected Answer: B
店
铺
;
学
学
习
习 a USB charging port and a USB
USB data blockers (also known
as USB condom or USB port blocker) are small devices that can be placed between
小
小
cable
店
店
6
66
6
upvoted 1 times
attesco 6 months, 1 week ago
Selected Answer: A
The right answer for this question is A. The question ask for the best solution and the best solution is to deploy a DLP software on each employee
cell phone. It is a way much cheaper to do than buy a piece of hardware( USB Data Blocker) for each employee.
Secondly, if the employee failed or forgot to use the USB Data Blocker at Airport or coffee shops.............It becomes an ineffective solution. But the
DLP software either Endpoint DLP or Network DLP works without human interference to prevent Data Loss. The correct Answer is A and it`s the
BEST solution according to the question. Thank you
upvoted 2 times
princajen 6 months, 2 weeks ago
Selected Answer: B
B. USB Data Blocker.
an employee could carry a USB data blocker device with them to use at public USB power charging stations. A USB data blocker is a small device
that plugs into the USB port and blocks the data transfer pins, while allowing the power pins to connect, so the device can be charged without any
data being transferred. This would prevent any potential data exfiltration from the employee's device while it is being charged at a public
charging station.
upvoted 1 times
Omi0204 6 months, 2 weeks ago
Answer is B.
A USB data blocker, also known as a “USB condom” (really, no kidding!), is a device that allows you to plug into USB charging ports including
charging kiosks, and USB ports on gadgets owned by other people.
The main purpose of using one is to eliminate the risk of infecting your phone or tablet with malware, and even prevent hackers to install/execute
any malicious code to access your data.
upvoted 1 times
ApplebeesWaiter1122 6 months, 3 weeks ago
Selected Answer: B
Dont over think this question, the answer is B
upvoted 3 times
店
铺
AlwaysRunning 6 months, 3 weeks ago
;
Selected Answer: B
学
店
铺
习
;
Espero no causar molestias por dejar opinios en español, sin duda a muchos les servira.
小
店
66
学
习
小
店
66
La respuesta correcta es la B, la guía oficial habla de bloqueadores de datos USB como la mitigación contra el robo de datos cuando un dispositvo
es conectado en un cargador público.
upvoted 3 times
ramesh2022 7 months, 1 week ago
DLP is the right answer. This is looking for a solution for multiple employees (company-wide solution).
upvoted 1 times
LaoX 8 months, 3 weeks ago
Selected Answer: A
The CISO shouldn't place a USB data blocker on personnel's device but a DLP is best to implement.
upvoted 1 times
sujon_london 1 month, 2 weeks ago
Basically USB data blocker is portable one; it can be carry and use along with USB cable. Google search for image of USB data blocker would
helps to understand how to use it and works.
淘宝店铺:https://shop63989109.taobao.com/
upvoted 1 times
jhfdkjshfkjdsho 9 months, 1 week ago
Selected Answer: B
It says public charging... This is not under the control of the company. You can't apply DLP... etc for a charging station in an airport. The employee
can use a USB condom that doesn't have data pins.
upvoted 4 times
FMMIR 9 months, 2 weeks ago
Selected Answer: B
The best solution to prevent exfiltration of sensitive information from employee cell phones when using public USB power charging stations
would be to use a USB data blocker. A USB data blocker is a device that can be used to physically block the data pins on a USB cable, preventing
data transfer while still allowing the device to be charged. This would prevent employees from accidentally or maliciously transferring sensitive
data from their cell phones to the public charging station. Options A, C, and D would not be effective in preventing this type of data exfiltration
upvoted 2 times
店
店
铺
铺
okay123 10 months,
; 1 week ago
;
学
学
Selected Answer: B
习
习
小
Y'all are over thinking this,小
it's B. Data blockers are portable and it's used for this very purpose.
店
店
upvoted 4 times
66
66
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #112
The board of directors at a company contracted with an insurance rm to limit the organization's liability. Which of the following risk
management practices does this BEST describe?
A. Transference
B. Avoidance
C. Mitigation
D. Acknowledgement
店
店
铺
Correct Answer: A
铺
;
;
学
Community vote distribution
习
学
习
小A (100%)
店
66
stoneface
Highly Voted
小
店
66
1 year ago
Selected Answer: A
organization's liability -> organization's RESPONSABILITY
upvoted 9 times
Protract8593
2 months ago
Most Recent
Selected Answer: A
Transference is a risk management practice in which an organization shifts the financial burden of potential risks or losses to another party. In this
scenario, by contracting with an insurance firm, the company is transferring the liability of certain risks to the insurance company. If an incident
occurs that is covered by the insurance policy, the insurance company would bear the financial responsibility, thereby limiting the organization's
liability.
upvoted 2 times
ApplebeesWaiter1122 2 months ago
Selected Answer: A
Contracting with an insurance firm to limit the organization's liability is an example of risk transference. In this practice, the company transfers the
financial consequences of certain risks to an insurance provider. In case of a covered event, the insurance firm would bear the financial burden,
reducing the potential impact on the company's assets and resources.
upvoted 1 times
DALLASCOWBOYS 7 months, 3 weeks ago
A. Insurance is transferring the risk to the insurance company
upvoted 2 times
Boubou480 8 months, 2 weeks ago
Selected Answer: A
Insurance = Tranfert
upvoted 2 times
FMMIR 9 months, 2 weeks ago
Selected Answer: A
The board of directors at a company contracted with an insurance firm to limit the organization's liability BEST describes the risk management
practice of transference. Transference is the process of transferring the risk of loss from one party to another, typically through the use of
insurance. In this case, the company is transferring the risk of potential liability to the insurance firm by purchasing an insurance policy. This allows
the company to limit its potential losses in the event of a liability claim. Options B, C, and D do not accurately describe the situation described in
the question.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
db97 12 months ago
if something happens, the insurance company will assume responsibility (Transference)
upvoted 2 times
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #113
Which of the following is a risk that is speci cally associated with hosting applications in the public cloud?
A. Unsecured root accounts
B. Zero-day
C. Shared tenancy
D. Insider threat
Correct Answer: C
店
店
铺
Community vote distribution
;
学 C (89%)
习
小
店
铺
;
学
习
11%
小
店
IGUESS
66
Highly Voted
66
1 year, 7 months ago
Shared Tenancy Vulnerabilities.
In a multi-tenant environment, such as the cloud, a “container” vulnerability can allow an attacker to compromise containers of other tenants on
the same host. Flaws in chip design can also result in the compromise of tenant information in the cloud through side-channel attacks.
upvoted 21 times
Protract8593
2 months ago
Most Recent
Selected Answer: C
Shared tenancy is a risk that is specifically associated with hosting applications in the public cloud. Public cloud providers offer shared resources
to multiple customers on the same physical infrastructure. This means that multiple virtual machines and applications from different customers are
running on the same physical server. While cloud providers take measures to isolate and secure these resources, there is always a risk of potential
data leakage or unauthorized access if the isolation mechanisms are not robust.
upvoted 1 times
ApplebeesWaiter1122 2 months ago
Selected Answer: C
Hosting applications in the public cloud means that multiple customers share the same physical infrastructure and resources provided by the
cloud service provider. This shared infrastructure introduces the concept of "shared tenancy," where multiple customers' data and applications
coexist on the same servers and network devices. While cloud providers implement strong security measures to isolate customer data, there is
always a risk of a breach or misconfiguration that could potentially expose one customer's data to another. This risk is commonly associated with
hosting applications in the public cloud.
upvoted 2 times
arrowphoto7604493ahmed 5 months, 4 weeks ago
Selected Answer: C
shared tenancy model means that sensitive data, such as encryption keys, may be stored on the same physical hardware as other tenants,
potentially increasing the risk of unauthorized access
upvoted 1 times
MasterControlProgram 6 months ago
Selected Answer: C
C. Shared tenancy is a risk specifically associated with hosting applications in the public cloud. Public cloud environments typically host multiple
tenants on the same physical hardware. While cloud providers implement security measures to ensure tenant separation and protection, the
possibility of one tenant gaining unauthorized access to another tenant's data cannot be completely ruled out.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
小
DALLASCOWBOYS 7 months, 3 weeks ago
店
C. Shared tenancy is the risk associated with the Cloud.
upvoted 2 times
66
习
小
店
66
FMMIR 9 months, 2 weeks ago
Selected Answer: C
A risk that is specifically associated with hosting applications in the public cloud is shared tenancy. Shared tenancy refers to the practice of
multiple customers sharing the same physical infrastructure in a cloud environment. This can create security risks, as the actions of one customer
can potentially impact the security and performance of other customers on the same infrastructure. Options A, B, and D are not specifically
associated with hosting applications in the public cloud, although they can be potential risks in any computing environment.
upvoted 3 times
Sir_Learnalot 10 months, 2 weeks ago
Selected Answer: C
"C" shared tenancy is a cloud specific threat. Insider threats are also applicable to on-prem
upvoted 1 times
淘宝店铺:https://shop63989109.taobao.com/
Jakalan7 1 year ago
Selected Answer: C
The answer has to be C, since A, B and D are not specific to cloud platforms.
upvoted 2 times
ishallgetit 1 year, 5 months ago
Selected Answer: C
"specifically associated with hosting applications in the public cloud"
C: shared tenancy
upvoted 4 times
Branch ake 1 year, 5 months ago
I read this twice and still missed the "public " cloud. Shared Tenancy
upvoted 1 times
店
铺
店
铺
;
; cloud?" Insider threats are everywhere
Why would it be D?
How is an insider threat "specifically associated with hosting applications in the public
学
学
- not just in the cloud.习
习
小
小
upvoted 2 times
店
店
66
66
Dunzel 1 year, 6 months ago
CLAW_ 1 year, 6 months ago
I didnt read the question properly and chose Unsecured Accounts, this is wrong. The correct answer is Shared Tenancy given that the clue in the
question is "Public" cloud.
upvoted 2 times
szl0144 1 year, 7 months ago
Selected Answer: C
C is the correct answer, cloud server are multi-tenant
upvoted 2 times
bugrovac 1 year, 8 months ago
Selected Answer: D
Correct Answer: D
upvoted 2 times
ansenlool88 1 year, 7 months ago
insider threat is also on different types of cloud, or premise location and any datacenter or LAN or WAN. dont think D is correct. keywords on
the question is PUBLIC CLOUD
upvoted 3 times
greenerme 1 year, 7 months ago
An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former
employees, contractors or business associates, who have inside information concerning the organization's security practices, data and
computer systems
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #114
DDoS attacks are causing an overload on the cluster of cloud servers. A security architect is researching alternatives to make the cloud
environment respond to load uctuation in a cost-effective way. Which of the following options BEST ful lls the architect's requirements?
A. An orchestration solution that can adjust scalability of cloud assets
B. Use of multipath by adding more connections to cloud storage
C. Cloud assets replicated on geographically distributed regions
D. An on-site backup that is displayed and only used when the load increases
店
店
铺
Correct Answer: D
铺
;
;
学
Community vote distribution
习
学
习
小A (100%)
店
66
stoneface
Highly Voted
小
店
66
1 year ago
Selected Answer: A
A. An orchestration solution that can adjust scalability of cloud assets -> this is the correct answer IMO - this is what elasticity in cloud is all about,
we are only creating new resources when there is a workload spike.
B. Use of multipath by adding more connections to cloud storage -> this doest address the issue of dealing with the additional load on the
servers
C. Cloud assets replicated on geographically distributed regions -> hot or warm recovery sites ( not cost effective )
D. An on-site backup that is displayed and only used when the load increases ( not cost effective since the on-site will be always on behind the
scenes)
upvoted 52 times
Gino_Slim 11 months ago
In stoneface we trust (that means this is the right answer)
upvoted 23 times
RevolutionaryAct
Most Recent
1 month, 2 weeks ago
Kind of torn, I can see either in that orchestration might cost a lot plus scaleability = more resource costs
On the other hand a passive load balancing server costs more in hardware but isn't used regularly, and would have to cost less than scaling, SOAR,
etc.
upvoted 1 times
Protract8593 2 months ago
Selected Answer: A
An orchestration solution that can adjust the scalability of cloud assets is the best option to fulfill the security architect's requirements.
Orchestration in the context of cloud computing refers to the automated management and coordination of various cloud resources to handle
changes in demand and optimize performance. By using an orchestration solution, the cloud environment can dynamically scale resources up or
down based on load fluctuations caused by DDoS attacks or any other factors. This allows the organization to respond to changing demands in a
cost-effective and efficient manner.
upvoted 1 times
ApplebeesWaiter1122 2 months ago
Selected Answer: A
店
店
An orchestration solution allows for dynamic scaling of cloud resources based on the current load or demand. This means that as the DDoS attack
causes an overload on the cloud servers, the orchestration solution can automatically increase the number of servers (scale-out) to handle the
increased traffic. Similarly, when the load decreases, the solution can scale down by removing unnecessary servers to save costs.
铺
铺
;
学
习
;
学
习
小
小 ensuring that the cloud
This approach provides an efficient
and cost-effective way to respond to load fluctuations caused by DDoS attacks, 店
店
environment can handle the increased
66 demand without compromising performance or incurring unnecessary expenses.66
upvoted 1 times
Mkoenig69 5 months, 3 weeks ago
Selected Answer: A
An orchestration solution that can adjust scalability of cloud assets would likely be the best option for fulfilling the security architect's
requirements. This would allow the cloud environment to dynamically adjust the scalability of its assets based on load fluctuation, effectively
managing the overload caused by DDoS attacks. By automatically provisioning or deprovisioning resources as needed, an orchestration solution
can help maintain optimal performance while minimizing costs.
upvoted 1 times
Exlr8me 5 months, 3 weeks ago
Selected Answer: A
A is the correct answer
upvoted 1 times
MasterControlProgram 6 months ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: A
A. An orchestration solution that can adjust scalability of cloud assets would be the best option to fulfill the architect's requirements. An
orchestration solution allows for automatic scaling of resources based on traffic demands, which will help the cloud environment respond to load
fluctuation. Additionally, it can be cost-effective because it can scale resources up or down as needed, meaning that resources are only allocated
when needed, and are released when they are no longer required. This reduces unnecessary resource consumption and costs.
upvoted 2 times
carpathia 10 months ago
Selected Answer: A
It cannot be B: "What is multipathing in cloud computing?
Multipathing, also called SAN multipathing or I/O multipathing, is the establishment of multiple physical routes between a server and the storage
device that supports it."
upvoted 2 times
店
店
RonWonkers 1 year ago
铺
铺
;
;
学
Selected Answer: A
学
习
I think A
upvoted 1 times
习
小
小
店
店
66
Gravoc 1 year ago
66
I agree with stoneface on A. Remember that backups are expensive. Which is the entire reason for the convoluted process of hot, warm, and cold
sites.
Scaling cloud infrastructures can experience lag during the periods of high activity, where other assets have to either be added, or become active.
This is the compromise for a cost-effective solution that scales. The company could go for a system that is absolutely overkill on assets at all
times, in preparation for those brief peak moments. But this is expensive, and unlikely to be taken by most companies. Only case you would want
to use one of these is if you have a sensitive or critical service that MUST remain online. Stock exchange servers, military servers, bank servers, etc.
come to mind for this criteria.
upvoted 3 times
lucasvs_ 1 year ago
Selected Answer: A
Yes a ido
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #115
Which of the following documents provides expectations at a technical level for quality, availability, and responsibilities?
A. EOL
B. SLA
C. MOU
D. EOSL
Correct Answer: B
店
店
铺
Community vote distribution
;
学
习
铺
;
学
习
B (100%)
小
小
店
店
Strykar
66
Highly Voted
66
12 months ago
Selected Answer: B
This site needs a Dark Mode.
upvoted 26 times
snofear 11 months, 3 weeks ago
Use Dark Reader-Chrome extension
upvoted 10 times
J_Ark1 10 months, 3 weeks ago
thanks for that :)
upvoted 2 times
banditring 11 months, 4 weeks ago
AGREED!
upvoted 3 times
comeragh
Highly Voted
1 year ago
Selected Answer: B
B - Service Level Agreement (SLA)
upvoted 9 times
Protract8593
Most Recent
2 months ago
Selected Answer: B
A Service Level Agreement (SLA) is a document that outlines the specific expectations at a technical level for quality, availability, responsibilities,
and other metrics related to the services provided by one party to another. SLAs are commonly used in service contracts between providers and
customers to define the level of service that the customer can expect and the consequences for not meeting those service levels.
upvoted 1 times
ApplebeesWaiter1122 2 months ago
Selected Answer: B
An SLA (Service Level Agreement) is a formal agreement between two parties that outlines the expectations and responsibilities for a service. It
provides specific details at a technical level, including quality, availability, and the responsibilities of each party involved in the agreement. SLAs
are commonly used in various business relationships, such as between a service provider and a customer or between different departments within
an organization. The SLA sets clear expectations for the level of service that should be provided and the consequences for failing to meet those
expectations.
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
店
NerdAlert 6 months, 1 week ago
MSP workers where you at?!
upvoted 4 times
66
Sandon 8 months ago
An old ITIL question. Definitely B
upvoted 1 times
KingDrew 8 months, 1 week ago
Selected Answer: B
B: SLA (Service Level Agreement)
upvoted 1 times
FMMIR 9 months, 2 weeks ago
Selected Answer: B
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
A document that provides expectations at a technical
level for quality, availability, and responsibilities is a Service Level Agreement (SLA). An SLA is
a contract between a service provider and a customer that specifies the level of service that the provider will deliver. This typically includes
technical details such as uptime, response times, and performance criteria. The SLA is used to ensure that the customer receives the level of
service that they have agreed to and that the provider is held accountable for meeting those expectations. Options A, C, and D are not related to
the technical level of service expectations. EOL refers to the end of life for a product or service, MOU is a memorandum of understanding, and
EOSL is the end of service life.
upvoted 5 times
Topic 1
Question #116
Which of the following is an example of transference of risk?
店
店
铺
A. Purchasing insurance
;
学
B. Patching vulnerable 习
servers
小
铺
;
学
习
小
店
C. Retiring outdated applications
店
66
66
D. Application owner risk sign-off
Correct Answer: A
Community vote distribution
A (100%)
comeragh
Highly Voted
1 year ago
Selected Answer: A
Correct answer A here
upvoted 11 times
rodwave
Highly Voted
10 months, 2 weeks ago
Selected Answer: A
Answer: Purchasing Insurance
Cyber insurance covers a business' liability for a data breach involving sensitive customer information like health records, credit card numbers,
account numbers etc. A few things insurance generally handle are legal fees, notifying customers of the data breach, and repairing damaged
systems.
Risk transference is about assigning risk to a third-party. The risk here being the financial loss that can be incurred after a data breach from legal
fees, repairing system etc. The organization is assigning this risk to an insurance company.
upvoted 5 times
Protract8593
Most Recent
2 months ago
Selected Answer: A
Transference of risk involves shifting the financial consequences of a risk to another party, typically through the use of insurance or outsourcing. By
purchasing insurance, an organization transfers the financial risk of potential incidents to the insurance provider, who will cover the costs
associated with those incidents up to the limits specified in the insurance policy.
upvoted 1 times
店
ApplebeesWaiter1122 2 months ago
铺
Selected Answer: A;
店
铺
;
学
学of risk management, purchasing
Transference of risk involves
shifting the potential impact of a risk to another party or entity. In the context
习
习 burden of potential losses or
insurance is a common example
小 of risk transference. By purchasing insurance, an organization transfers the financial
小
店 In case of an adverse event covered by the insurance policy, the insurance company
店 will bear the cost of the
damages to the insurance company.
6
66
loss, reducing the financial impact 6
on the organization.
upvoted 1 times
Navigator 4 months ago
Selected Answer: A
Transference because you are moving the risk to the insurance company.
upvoted 1 times
Sarooor 10 months, 3 weeks ago
can someone explain why the correct
answer is A??
upvoted 1 times
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #117
An employee received a word processing le that was delivered as an email attachment. The subject line and email content enticed the employee
to open the attachment. Which of the following attack vectors BEST matches this malware?
A. Embedded Python code
B. Macro-enabled le
C. Bash scripting
D. Credential-harvesting website
店
店
铺B
Correct Answer:
铺
;
;
学
Community vote distribution
习
学
习
小B (100%)
店
66
IQ30
小
店
66
1 year ago
Highly Voted
Jason Dion notes:
Macro
o Virus embedded into a document and is executed when
the document is
opened by the user
upvoted 19 times
rodwave
10 months, 2 weeks ago
Highly Voted
Selected Answer: B
Answer: Macro-enabled file
Phishing emails with a word document attachment typically will have macros that can be ran for malicious purposes. Macros are scripts that can
run whatever you want and however many times you want it to run, it's generally used for automating frequently used tasks.
Since macros can practically do whatever you want, they can be used for malicious purposes such as infecting other files, or
downloading/installing other malicious software.
Macros would normally run as soon as the document is opened but now macros are disabled in Office apps by default so you would need to
manually enable marcos on the file for them to run.
upvoted 8 times
Protract8593
2 months ago
Most Recent
Selected Answer: B
A macro-enabled file is a type of document (such as a word processing file) that contains embedded macros, which are scripts or programs that
can be executed to automate tasks within the document. In the context of this question, the employee received a word processing file as an email
attachment, and the subject line and email content enticed the employee to open the attachment. This is a common tactic used in phishing
attacks, where attackers send malicious files with enticing content to trick users into opening them, thereby executing the embedded macros,
which may deliver malware or perform other malicious actions.
upvoted 1 times
ApplebeesWaiter1122 2 months ago
Selected Answer: B
店
店
In this scenario, the most likely attack vector is a macro-enabled file. Macro-enabled files are commonly used in phishing attacks. The email
attachment appears to be a harmless document (e.g., Word, Excel), but it contains embedded macros. When the user opens the file and enables
the macros as prompted, the malicious code within the macros gets executed, potentially leading to the installation of malware or other harmful
activities on the user's system. This type of attack takes advantage of users' curiosity or interest in the content of the email to trick them into
executing the malicious code.
upvoted 1 times
铺
铺
;
;
学
学
习
习
小
店
66
samwin111 11 months, 2 weeks ago
Selected Answer: B
Python will not run on doc files
Macro runs on doc files
upvoted 3 times
comeragh 1 year ago
Selected Answer: B
B - correct answer here
upvoted 2 times
Sublime_Cheese 1 week, 1 day ago
valid point
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
upvoted 1 times
Topic 1
Question #118
A security proposal was set up to track requests for remote access by creating a baseline of the users' common sign-in properties. When a
baseline deviation is detected, an MFA challenge will be triggered. Which of the following should be con gured in order to deploy the proposal?
A. Context-aware authentication
B. Simultaneous authentication of equals
C. Extensive authentication protocol
店
铺
D. Agentless network access control
;
学
习
店
66
Community vote distribution
铺
;
学
习
小
Correct Answer: A
店
小
店
66
A (100%)
stoneface
Highly Voted
1 year ago
Selected Answer: A
Context-Aware authentication -> An access control scheme that verifies an object's identity based on various environmental factors, like time,
location, and behavior.
upvoted 46 times
J_Ark1 10 months, 3 weeks ago
yes i agree
upvoted 1 times
Protract8593
Most Recent
2 months ago
Selected Answer: A
Context-aware authentication is a form of authentication that takes into account various factors or context information when determining whether
to grant access to a user. In the given scenario, the security proposal aims to track requests for remote access by creating a baseline of the users'
common sign-in properties. When a deviation from this baseline is detected, an MFA (Multi-Factor Authentication) challenge will be triggered.
Context-aware authentication fits this scenario well as it can analyze multiple contextual factors such as user behavior, location, time, device, and
more to make an informed decision about whether additional authentication steps are required.
upvoted 3 times
ApplebeesWaiter1122 2 months ago
Selected Answer: A
Context-aware authentication is the appropriate choice for the security proposal described. Context-aware authentication takes into consideration
various factors or context elements, such as user behavior, location, device, time of access, and more, to assess the risk associated with a specific
authentication attempt.
In this scenario, the proposal aims to track requests for remote access and create a baseline of users' common sign-in properties. When a
deviation from the baseline is detected, an MFA challenge is triggered. Context-aware authentication allows for the evaluation of various
contextual factors to determine whether the sign-in properties match the expected baseline or not. If a deviation is detected, the system can
enforce the MFA challenge to provide an additional layer of security for remote access.
upvoted 1 times
店
店
铺
铺
Gravoc 1 year;
ago
;
学
学can be fully understood and assessed."
Context: "The circumstances
that form the setting for an event, statement, or idea, and in terms of which it
习
习
小
店 is that the login attempt deviates from the baseline, triggering an additional小
店
CAA is likely correct, as the context
authentication
layer.
6
6
6
6
upvoted 4 times
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #119
Which of the following secure coding techniques makes compromised code more di cult for hackers to use?
A. Obfuscation
B. Normalization
C. Execution
D. Reuse
Correct Answer: A
店
店
铺
Community vote distribution
;
学
习
铺
;
学
习
A (100%)
小
小
店
varun0
店
66
Highly Voted
66
1 year ago
Selected Answer: A
A is correct
upvoted 10 times
ScottT 1 year ago
https://en.wikipedia.org/wiki/Obfuscation_(software)
upvoted 1 times
Fitzd
1 year ago
Highly Voted
Three of the most common techniques used to obfuscate data are encryption, tokenization, and data masking.
upvoted 7 times
Protract8593
2 months ago
Most Recent
Selected Answer: A
Obfuscation is a secure coding technique that involves modifying the source code to make it more difficult for hackers to understand or reverse
engineer the code. By using obfuscation, the code's logic and structure become more complex and convoluted, making it harder for attackers to
identify vulnerabilities or manipulate the code for malicious purposes. This technique aims to increase the level of effort required to exploit or
reuse compromised code, thereby enhancing the security of the application.
upvoted 3 times
ApplebeesWaiter1122 2 months ago
Selected Answer: A
Obfuscation is a secure coding technique that makes compromised code more difficult for hackers to understand and use. It involves modifying
the source code in such a way that it becomes more complex, convoluted, or difficult to read and comprehend. The goal of obfuscation is to
make the code harder to reverse-engineer, making it challenging for attackers to understand its logic, control flow, and vulnerabilities.
By using obfuscation techniques, the code's original intent and functionality are preserved, but its structure and appearance are intentionally made
confusing and obscure. This can help protect sensitive information, intellectual property, or proprietary algorithms within the code.
upvoted 1 times
LeonardSnart 4 months, 1 week ago
Selected Answer: A
"Obfuscation attempts to make something unclear or difficult to understand, and code obfuscation (or code camouflage) attempts to make the
code unreadable. It does things like rename variables, replace numbers with expressions, replace strings of characters with hexadecimal codes,
and remove comments. For example, a meaningful variable of strFirstName might be renamed to 94mdiwl, and the number 11 might be changed
to 0xF01B – 0x73 – 0xEF9D (which still results in the decimal number 11).
It’s worth noting that most security experts reject security through obscurity as a reliable method of maintaining security. Similarly, code
obfuscation might make the code difficult to understand by most people. However, it’s still possible for someone with skills to dissect the code."
-Security+ Get Certified Get Ahead SY0-601 by Darril Gibson
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
madmax1984 8 months ago
Selected Answer: A
Code obfuscation makes the code more difficult to read. Stored procedures are used with SQL databases and can be used for input validation.
Normalization refers to organizing tables and columns in a database to reduce redundant data and improve overall database performance.
upvoted 3 times
xxxdolorxxx 8 months, 1 week ago
Selected Answer: A
A is the right answer here.
I know because I've done exactly that for web dev stuff, lol.
upvoted 2 times
rodwave 10 months, 2 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: A
Answer: Obfuscation
Obfuscation is the action of making something obscure, unclear, or unintelligible. In software development, obfuscation is the act of creating
code that is difficult for humans or computers to understand.
upvoted 7 times
Gravoc 1 year ago
Don't forget that obfuscation works in the reverse as well. Hackers usually obfuscate their malware and viruses to avoid signature detectors. Things
such as writing arbitrary and benign looking code, and sneaking malicious functions into it. Or hackers also like to stretch the key length of their
encryption, or use naming conventions that are only easily understandable by the person who created it.
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #120
As part of a security compliance assessment, an auditor performs automated vulnerability scans. In addition, which of the following should the
auditor do to complete the assessment?
A. User behavior analysis
B. Packet captures
C. Con guration reviews
D. Log analysis
店
店
铺
Correct Answer: A
铺
;
;
学
Community vote distribution
习
C (57%)
stoneface
学
习
小
店
66
Highly Voted
D (37%)
小
店
6%
66
1 year ago
Selected Answer: C
Configuration reviews should also be performed.
upvoted 58 times
suwayne 3 weeks, 3 days ago
Thanks for this. Key phrase that helps with this answer in my opinion; "performs automated vulnerability scans". The right answer is C.
upvoted 1 times
DJCODING 6 months ago
While user behavior analysis, packet captures, and log analysis are also important tools for detecting security incidents and identifying
potential threats, they are not directly related to completing a security compliance assessment. These tools are typically used as part of
incident response and forensic investigations.
upvoted 6 times
calculator 6 months ago
We are with you sir!
upvoted 1 times
hazeleyes
Highly Voted
1 year ago
Selected Answer: D
D. log analysis. It's not C because configuration review is part of the vulnerability scan. Vulnerability scan can produce false positives, which is why
its effectiveness can be enhanced by log reviews to see whether an identified vulnerability is in fact valid.
upvoted 34 times
CS3000 1 month ago
analyzing the settings and configurations of systems, applications and devices is important to ensure they align with industry best practices,
security policies and compliance requirements. Misconfigurations are a common source of vulnerabilities and security breaches.
upvoted 1 times
[Removed] 7 months, 4 weeks ago
Compliance is all about configuration. Log analysis and packet captures are more of troubleshooting tools than compliance factors.
upvoted 10 times
店
店
铺
;
铺
;
学
学
I think this is key习
to how I understand the question. Log analysis is a good step in ensuring you have a secure
习 network but I do not believe it
小
小
is related to compliance in any way.
店
店
upvoted 1 times
66
66
rline63 3 weeks, 3 days ago
brewoz404sd 7 months ago
No config is not part of any security compliance. Logs however are 100% as all logs are correlated into the siem for analysis. No need for
config checks. Scans will tell you what you need to know regarding week configuration of devices. The answer is logs.
upvoted 1 times
Confuzed 5 months, 2 weeks ago
Are you insane. What is SCAP, OSPP, PCI-DSS, or STIG around for then? Most large environments have some security baseline compliance
expectation. For example, federal systems must have frequent STIG compliance scans performed which ensures that the systems do not
have any insecure configurations that may pose a risk.
upvoted 7 times
freyprey
Most Recent
Selected Answer: D
1 week, 2 days ago
淘宝店铺:https://shop63989109.taobao.com/
,, The main types of security assessment are usually
classed as vulnerability
assessment, threat hunting, and penetration testing. A vulnerability assessment is an
evaluation of a system's security and ability to meet compliance requirements based
on the configuration state of the system. Essentially, the vulnerability assessment
determines if the current configuration matches the ideal configuration (the baseline).
Vulnerability assessments might involve manual inspection of security controls, but are
more often accomplished through automated vulnerability scanners. "
SO the automated vulnerability scanners checks configurations that means the best suited answer is D
upvoted 1 times
Dark_Tarantula 3 weeks, 3 days ago
Selected Answer: C
The key here is that this is a security compliance ASSESSMENT, he is evaluating their security posture.
upvoted 3 times
sace 4 weeks, 1 day ago
店
铺
Auditor's cannot do anything but configuration review.
;
店
铺
;
学
学
Imagine them trying to习
perform packet analysis, log analysis or behavior analysis - seems out of scope right?
习
小
小
upvoted 2 times
店
店
6
66
tomf021959 4 weeks, 1 day ago 6
Selected Answer: C
Vulnerability scan does not include a config review...
"The difference between vulnerability scanners and configuration auditing software"
https://www.titania.com/about-us/news-media/the-difference-between-vulnerability-scanners-and-configuration-auditingsoftware#:~:text=Vulnerability%20Scanning%20doesn%27t%20take,standards%20require%20both%20as%20mandatory
"Vulnerability Scanning doesn't take away the need for Configuration Auditing but used alone, Configuration Auditing cannot secure the entire
network. Both are important when it comes to assessing and maintaining cybersecurity and many of the accepted industry standards require both
as mandatory."
upvoted 1 times
above 1 month, 1 week ago
Its almost like saying I can apply Linux compliance checks against a Windows system, or deselect some pertinent checks and the scan comes back
clean and its OK. Just because you perform a vulnerability scan does not mean you are performing the correct checks. The auditor will look at the
vulnerability scan results as well as review the configurations that were applied to ensure they are applicable to the systems and meet the
STIGs/DoD etc standards. Answer is C. They don't look at the logs as part of the Vulnerability scan analysis.
upvoted 1 times
above 1 month, 1 week ago
Its almost like saying I can apply Linux compliance checks against a Windows system, or deselect some pertinent checks and the scan comes back
clean and its OK. Just because you perform a vulnerability scan does not mean you are performing the correct checks. The auditor will look at the
vulnerability scan results as well as review the configurations that were applied to ensure they are applicable to the systems and meet the
STIGs/DoD etc standards. Answer is C. They don't look at the logs as part of the Vulnerability scan analysis.
upvoted 1 times
DriftandLuna 1 month, 3 weeks ago
I went with d but thinking about it, c is correct. Log analysis will usually be done in response to an incident. An admin may may also do it as part of
general day to day checking and operations to ensure there is not something happening they have missed but the question is really about
compliance.
Compliance is about ensuring what you have set up is configured correctly, not finding live issues
upvoted 1 times
Nikamy 1 month, 3 weeks ago
Selected Answer: C
I choose C. Usually Logs are verified during an incident.
upvoted 1 times
店
铺
;
frejus 2 months ago
学
习
店
铺
;
学
习
小
As a real life exemple, when PCI
report,
店DSS auditors came to audit a bank, after gathering the vulnerability assessement小
店 the next step is to
66all in-scope devices. therefore answer is C
66
conduct a configuration review on
Selected Answer: C
upvoted 3 times
Protract8593 2 months ago
As part of a security compliance assessment, an auditor should perform automated vulnerability scans to identify potential vulnerabilities in the
systems. However, configuration reviews are also an essential part of the assessment process. Configuration reviews involve examining the
configuration settings of various systems, applications, and devices to ensure they comply with security policies, best practices, and industry
standards. It helps identify misconfigurations that could lead to security issues and provides an opportunity to make necessary adjustments to
improve security posture.
Log analysis is an essential security practice, but it is not explicitly mentioned as part of a security compliance assessment in the given context. Log
analysis involves the review and analysis of log data from various systems and applications to detect security incidents, anomalies, and potential
threats. It helps in identifying unauthorized access attempts, abnormal user behavior, and potential security breaches.
upvoted 1 times
Protract8593 2 months ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: C
upvoted 1 times
ApplebeesWaiter1122 2 months ago
Selected Answer: C
Configuration reviews (option C) involve manually inspecting and analyzing the configuration settings of systems, applications, and network
devices to ensure they align with security best practices and comply with the organization's security policies and standards.
Configuration reviews are essential in assessing security compliance as they can identify misconfigurations, weak security settings, unnecessary
services or ports, and other configuration issues that automated vulnerability scans might miss. They provide valuable insights into the security
hygiene of the organization's IT infrastructure and help identify areas that need improvement to enhance overall security.
upvoted 2 times
LiteralGod 2 months ago
I think it's A or C.
店
店
铺
铺
It's definitely nothing to do with logs as this is not something that would be included in a vulnerability assessment.
upvoted 1 times
;
;
学
学
习 ago
Kaps443 4 months, 3 weeks
小
店
Selected Answer: C
习
小
店
66
66
Configuration reviews would be important for the auditor to complete the assessment. Vulnerability scans can identify potential vulnerabilities in
a system, but a configuration review is necessary to ensure that the system is properly configured to address these vulnerabilities. User behavior
analysis, packet captures, and log analysis can all provide valuable information for security assessments, but they are not necessarily required to
complete a vulnerability scan assessment.
upvoted 2 times
Yawannawanka 5 months ago
C. Configuration reviews.
Automated vulnerability scans are just one aspect of a security compliance assessment. To complete the assessment, the auditor should also
perform configuration reviews to ensure that systems and applications are properly configured to mitigate vulnerabilities. User behavior analysis
and log analysis can also be useful in detecting and investigating potential security incidents, but they are not directly related to the assessment of
vulnerabilities and compliance. Packet captures can be helpful in identifying network-based vulnerabilities, but they may not always be necessary
or relevant to the assessment.
upvoted 2 times
moroy 5 months, 1 week ago
Selected Answer: C
The question refers to a security compliance assessment. Emphasis on compliance. It is not a forensic assessment.
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #121
A database administrator wants to grant access to an application that will be reading and writing data to a database. The database is shared
by other applications also used by the nance department. Which of the following account types is MOST appropriate for this purpose?
A. Service
B. Shared
C. Generic
D. Admin
店
店
铺
Correct Answer: C
铺
;
;
学
Community vote distribution
习
学
习
小A (98%)
店
66
stoneface
Highly Voted
小
店
66
1 year ago
Selected Answer: A
Service accounts are a special type of non-human privileged account used to execute applications and run automated services, virtual machine
instances, and other processes. Service accounts can be privileged local or domain accounts, and in some cases, they may have domain
administrative privileges
upvoted 39 times
ApplebeesWaiter1122
Most Recent
2 months ago
Selected Answer: A
A. Service
The most appropriate account type for an application that needs to read and write data to a shared database is a "Service" account. Service
accounts are used to run specific services or applications in a controlled manner, allowing them to access resources and perform specific actions
on behalf of the application or service they represent.
In this scenario, the application needs to interact with the database on a regular basis, so a dedicated service account should be created for it. This
service account should have the necessary permissions to read and write data to the specific tables or data objects required by the application.
Using a service account provides better control and accountability over the actions performed by the application. It allows the database
administrator to restrict the application's access to only the required resources and minimize the risk of unauthorized access to other parts of the
database that are unrelated to the application's functionality.
upvoted 1 times
Protract8593 2 months ago
Selected Answer: A
A service account is typically used for applications and services that need access to specific resources, such as a database. In this scenario, the
application that reads and writes data to the database should have its own dedicated service account. By using a service account, the access can be
specifically granted and restricted as needed, providing appropriate permissions for the application to interact with the database without
compromising other accounts used by the finance department or other applications.
Option B (Shared), Option C (Generic), and Option D (Admin) are not suitable choices in this context. Shared and Generic accounts are not
specifically intended for application access, and granting admin privileges to an application is unnecessary and risky, as it may lead to
unauthorized access or actions. It is always best practice to use the least privilege principle and provide only the necessary permissions for the
application to perform its required tasks.
upvoted 1 times
店
店
铺
铺
;
学
LeonardSnart 4 months, 1 week ago
习
小
;
学
习
小
店
"Service accounts. Some applications
66 and services need to run under the context of an account, and a service account店fills
66this need. As an
example, SQL Server is a database
Selected Answer: A
application that runs on a server, and it needs access to resources on the server and the network. Administrators create a regular user account,
name it something like sqlservice, assign it appropriate privileges, and configure SQL Server to use this account. Note that this is like a regular
end-user account. The only difference is that it’s used by the service or application, not an end user. Credential policies may require long, complex
passwords for these accounts, but they should not expire. If the password expires, the account can no longer log on, and the service or application
will stop."
-Security+ Get Certified Get Ahead SY0-601 by Darril Gibson
upvoted 1 times
strong1 4 months, 3 weeks ago
Service accounts are accounts that specific applications or
services use to interact with the system. For example, if you have an
FTP server that interacts with an FTP service, you might use a
service account with limited permissions to allow that service to
access the system. This enables you to apply very tight security
controls to the service account, rather than using 淘宝店铺:https://shop63989109.taobao.com/
a general user
account to perform the activity
upvoted 1 times
Kaps443 4 months, 3 weeks ago
Selected Answer: A
A is correct.
upvoted 1 times
EricShon 6 months, 1 week ago
Selected Answer: A
A. Service account is the most appropriate for this purpose.
upvoted 1 times
seagnull 7 months ago
店
店
铺
铺
Selected Answer: A
;
;
学
学
"A database administrator wants to grant access to an application". Service accounts are created for apps and services.
upvoted 2 times
习
习
小
小
店 weeks ago
DALLASCOWBOYS 7 months, 3 6
6
店
66
A. Service accounts are associated with applications and services.
upvoted 1 times
nul8212 9 months, 1 week ago
Selected Answer: C
generic account A preset, standard, common, guest, fixed, shared, or anonymous
user account.
upvoted 1 times
Dacoder 3 weeks, 5 days ago
It is an application, not a person.
upvoted 1 times
Blake89 8 months, 1 week ago
Absolutely not. People like you need to stop commenting on these threads.
upvoted 11 times
zharis 11 months ago
Service accounts are used by scheduled processes and application server software such as databases
upvoted 2 times
[Removed] 11 months, 2 weeks ago
Selected Answer: A
Service accounts associated with applications and services.
upvoted 1 times
ergo54 11 months, 3 weeks ago
Selected Answer: A
Agreed its A. The study guide explicitly states that generic accounts are for many different individuals doing the same work whereas a service
account is explicitly for a application/service to run its work.
upvoted 3 times
RonWonkers 1 year ago
店
店
Selected Answer: A
铺 appropriate
I think A is most
;
upvoted 1 times
学
习
小
k9_462 1 year ago
铺
;
学
习
店
Selected Answer: A
66
i would go with A-service account
upvoted 1 times
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #122
A security analyst generated a le named host1.pcap and shared it with a team member who is going to use it for further incident analysis.
Which of the following tools will the other team member MOST likely use to open this le?
A. Autopsy
B. Memdump
C. FTK imager
D. Wireshark
店
店
铺
Correct Answer: D
铺
;
;
学
Community vote distribution
习
学
习
小D (100%)
店
66
rodwave
Highly Voted
小
店
66
10 months, 2 weeks ago
Selected Answer: D
Answer: Wireshark
PCAP or Packet Capture is an interface used for capturing live network packet data. PCAP files like 'host1.pcap' are data files created by network
analyzers like Wireshark that are used to collect and record packet data from a network. These files which can be used for analyzing the network
traffic.
==================================
Other Tools/Options
(A) Autopsy - A platform that provides digital forensic tools
(B) Memdump - The memdump tool is a program that can do memory dumps. A memory dump is the process of taking all data in RAM and
storing it on a hard drive for like applications or for the case of a system crash. The memdump tool will dump the contents of physical memory by
default.
(c) FTk Imager - Forensic Toolkit (FTK) is forensics software and FTK Imager a tool that can be used to create forensic images. Forensic images is
basically a copy of an entire physical hard drive including files, folders etc.
upvoted 10 times
Blake89 8 months, 1 week ago
Autopsy IS a TOOL. Not a platform for multiple tools. It's main purpose is to view and recover data from storage devices. People like you need
to really stop talking in here.
upvoted 2 times
Elyria 8 months ago
How about you get a life and YOU stop commenting here. All I see under every discussion is you crying about other people participating.
Grow up.
upvoted 10 times
Blake89 8 months ago
Elyria, How about you quit crying about me calling out people who are talking nonsense and giving out false information? These are not
opinions, it's all factual. Take your little delicate sensitivities to Facebook.
upvoted 1 times
店
铺
ApplebeesWaiter1122
;
学
Most Recent
2 months ago
店
铺
;
学
习
习 traffic. It is commonly used by
Wireshark is a widely used小
open-source network protocol analyzer that allows users to capture and analyze network
小
security analysts and network店
administrators to examine network packets, troubleshoot network issues, and perform店
incident analysis.
66
66
Selected Answer: D
In the scenario described, the security analyst generated a file named host1.pcap, which is likely a packet capture file in the PCAP format. To
further analyze the network traffic and incidents captured in this file, the team member would most likely use Wireshark. Wireshark can open and
read PCAP files, allowing the user to inspect the captured packets, filter the data, and gain insights into the network activity and potential security
issues.
upvoted 1 times
Protract8593 2 months ago
Selected Answer: D
Wireshark is a widely used network protocol analyzer and packet capture tool. It is commonly used for opening and analyzing files with the
".pcap" extension, which contain captured network traffic data. With Wireshark, the team member can view the contents of the "host1.pcap" file
and perform further incident analysis by examining the network packets and their associated data.
upvoted 1 times
DALLASCOWBOYS 7 months, 3 weeks ago
D. Wireshark analyzes packet captures
淘宝店铺:https://shop63989109.taobao.com/
upvoted 2 times
xxxdolorxxx 8 months, 1 week ago
Selected Answer: D
Wireshark. Did this for my eJPT exam.
upvoted 1 times
RonWonkers 1 year ago
Selected Answer: D
pcap is wireshark
upvoted 3 times
Gravoc 1 year ago
Wireshark. I've opened enough pcap's in wireshark to know this one :p.
upvoted 4 times
店
铺
;
店
铺
;
学
学
Wireshark is a network习
packet analyzer. A network packet analyzer presents captured packet data in as much detail
习 as possible.
小
小
upvoted 1 times
店
店
66
66
comeragh 1 year ago
okay123 1 year ago
Selected Answer: D
D - Wireshark
upvoted 4 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #123
An application developer accidentally uploaded a company's code-signing certi cate private key to a public web server. The company is
concerned about malicious use of its certi cate. Which of the following should the company do FIRST?
A. Delete the private key from the repository.
B. Verify the public key is not exposed as well.
C. Update the DLP solution to check for private keys.
D. Revoke the code-signing certi cate.
店
店
铺
Correct Answer: D
铺
;
;
学
Community vote distribution
习
学
习
小D (100%)
店
66
stoneface
Highly Voted
小
店
66
1 year ago
Selected Answer: D
We need to revoke the code-signing certificate as this is the most secure way to ensure that the comprised key wont be used by attackers. Usually
there are bots crawking all over repos searching this kind of human errors.
upvoted 23 times
ApplebeesWaiter1122
Highly Voted
2 months ago
Selected Answer: D
In this scenario, the company's code-signing certificate private key has been exposed to the public, which is a significant security concern. The first
and most critical step the company should take is to revoke the compromised code-signing certificate. By revoking the certificate, the company
informs all parties that the certificate is no longer trustworthy and should not be used for signing applications or code.
After revoking the certificate, the company can then proceed with other necessary actions, such as verifying that the public key is not exposed,
deleting the private key from the repository, and updating the Data Loss Prevention (DLP) solution to check for private keys. However, the
immediate priority is to prevent the malicious use of the compromised certificate by revoking it as soon as possible.
upvoted 5 times
Protract8593
Most Recent
2 months ago
Selected Answer: D
In the scenario described, the company's code-signing certificate private key has been accidentally uploaded to a public web server. This poses a
significant security risk as malicious actors could potentially use the private key to sign malicious code, impersonating the company. The first and
most critical step the company should take is to revoke the code-signing certificate. By revoking the certificate, any code that was previously
signed with it will no longer be trusted, and the risk of malicious use is mitigated.
After revoking the certificate, the company can take further actions such as deleting the private key from the repository, verifying the public key is
not exposed, and updating the Data Loss Prevention (DLP) solution to check for private keys. However, the immediate priority is to revoke the
certificate to prevent further damage or misuse.
upvoted 1 times
MorganB 4 months, 4 weeks ago
MorganB 0 minutes ago Awaiting moderator approval
Pass my exam 27, April 23. This question was on my tested worded differently but the answer is the same.
upvoted 4 times
店
铺
DALLASCOWBOYS 7 months, 3 weeks ago
;
D. Revoke the code-signing
certificate.
学
习
upvoted 1 times
小
店
66ago
Sir_Learnalot 10 months, 2 weeks
店
铺
;
学
revoke the certificate and you should perform user training to minimize the chance for this to happen again
upvoted 2 times
Jossie_C 10 months, 3 weeks ago
Selected Answer: D
D is containment
upvoted 1 times
RonWonkers 1 year ago
Selected Answer: D
This is D
upvoted 1 times
Gravoc 1 year ago
习
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Revoke they certificate with a revocation authority,
and go about getting a new one with a certificate authority.
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #124
An organization implemented a process that compares the settings currently con gured on systems against secure con guration guidelines in
order to identify any gaps. Which of the following control types has the organization implemented?
A. Compensating
B. Corrective
C. Preventive
D. Detective
店
店
铺
Correct Answer: D
铺
;
;
学
Community vote distribution
习
习
小
店
D (52%)
Gravoc
学
66
Highly Voted
小
店
C (47%)
66
1 year ago
From the official study guide:
"Compensating - controls designed to mitigate the risk associated with exceptions made to a security policy.
Corrective - remediate security issues that have already occurred. Restoring backups after a ransomware attack is an example of a corrective
control.
Preventive - intend to stop a security issue before it occurs. Firewalls and encryption are examples of preventive controls.
Detective - identify security events that have already occurred. Intrusion detection systems are detective controls."
Based on this, Preventive makes the most sense to me. They are comparing the configurations to a secure guideline to ensure no gaps. Meaning
they are pre-emptively hardening their systems against future attack vectors.
upvoted 67 times
J_Ark1 10 months, 3 weeks ago
Stone face wisdom here :)
upvoted 11 times
Luuke 6 months, 3 weeks ago
True dat
upvoted 1 times
assfedass nished 5 months, 4 weeks ago
You're not given information concerning whether a security event has occurred. How can undetected gaps be prevented?
upvoted 1 times
BigLao 10 months, 4 weeks ago
They're comparing to "identify any gaps" not to ensure any gaps.
Two different things
upvoted 8 times
jgp
Highly Voted
店
Selected Answer: D
铺
"...identify..." ;
upvoted 22 times
1 year ago
店
铺
;
学
学
习
习
小
Strykar 12 months ago
店
66
小
"Identify so it can be Prevented". It better to read and understand the whole question and not just a keyword.
upvoted 8 times
店
66
RvR109 7 months, 2 weeks ago
It doesn't say anywhere that it's to "prevent" anything, only to "identify". Which makes it Detective.
upvoted 6 times
brewoz404sd 7 months, 1 week ago
No, detective is after an incident, not finding gaps. Can't be detective at all.
upvoted 6 times
ffsilveira10 5 months, 1 week ago
If any gaps be identified, so it would be an "incident" and you had detected it. Scan the environment for gaps will not prevent they
from occur, will in first instance identify them.
upvoted 3 times
freyprey
4 days, 4 hours ago
Most Recent
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: C
In the CompTIA Security + study guide detective actions are taken when a attack takes place. Here all the actions are Preventive ( before an attack ),
in order to solve security breaches.
upvoted 1 times
MooWasHere 1 week, 2 days ago
Selected Answer: C
they are trying to prevent any gaps from happening
upvoted 1 times
RevolutionaryAct 2 weeks, 4 days ago
Selected Answer: A
Compensating as this is comparing gaps.
From All-In-One Exam Guide:
"Compensating controls are used to meet a requirement when there is no control available to directly address a threat. Fire suppression systems
do not prevent fire damage, but if properly employed, they can mitigate or limite the level of damage from a fire."
店
店
铺
铺
;
;
学
学
习
习
小
小
Corrective is used after an event so it cannot be that one
Detective is during an event so it cannot be that one
Preventive is to stop an event from occurring, but this is about comparing gaps.
upvoted 1 times
店
店
66
66
Dark_Tarantula 3 weeks, 3 days ago
Selected Answer: D
Detective controls are designed to identify and alert when security violations or deviations from security policies occur. In this case, the process of
comparing the current settings against secure configuration guidelines is aimed at detecting any gaps between the actual system configurations
and the recommended secure configurations.
upvoted 2 times
gho5tface 4 weeks, 1 day ago
Selected Answer: D
The organization is implementing a detective control by comparing settings to identify any deviations from the secure configuration guidelines.
upvoted 1 times
Rider2053 1 month ago
Identify the gaps : Detection -> Detective
upvoted 1 times
predsednik 1 month, 2 weeks ago
Selected Answer: C
Preventive - as Gravoc explained already:
Preventive - intend to stop a security issue before it occurs. Firewalls and encryption are examples of preventive controls.
Based on this, Preventive makes the most sense to me. They are comparing the configurations to a secure guideline to ensure no gaps. Meaning
they are pre-emptively hardening their systems against future attack vectors.
upvoted 1 times
BigIshai 1 month, 2 weeks ago
Selected Answer: D
"compares the settings currently configured on systems against secure configuration guidelines in order to identify any gaps" Compares is the
action word here based on the scenario. We are at this point in time trying to detect/identify gaps. But when looking at the overall picture we are
still in the preventive space...then again we have not been asked inferred solution. Hence the most appropriate is D.
upvoted 2 times
店
店
铺
铺
;
学
RobertAtDoveton 1 month, 2 weeks ago
习
;
学
习
Preventive controls are measures implemented to proactively stop or mitigate potential risks before they occur. They are designed to prevent
security incidents from happening in the first place. In the given scenario, the organization is not stopping incidents from occurring beforehand;
instead, they are identifying any gaps or discrepancies after the settings are configured.
小
店
66
小
店
66
The described process involves comparing the current system settings against secure configuration guidelines to identify any gaps that may have
occurred during or after configuration. This is a Detective control because it aims to detect deviations from the secure configuration after they
have potentially occurred, rather than preventing them from happening in advance.
upvoted 1 times
Abdul2107 1 month, 3 weeks ago
Selected Answer: D
D. Identify
Keyword: Identify = Detect
upvoted 1 times
Nikamy 1 month, 3 weeks ago
Selected Answer: D
I go with D
淘宝店铺:https://shop63989109.taobao.com/
upvoted 1 times
ApplebeesWaiter1122 2 months ago
Selected Answer: C
A preventive control is designed to prevent security incidents from occurring by establishing security measures and best practices proactively. In
this case, comparing the settings on systems against secure configuration guidelines is a preventive control because it aims to ensure that the
systems are configured securely and in compliance with the established guidelines, thus reducing the likelihood of security incidents related to
misconfigurations.
Detective controls, on the other hand, are designed to detect and identify security issues or incidents after they have occurred, such as security
monitoring, log analysis, and intrusion detection systems.
upvoted 2 times
Protract8593 2 months ago
Selected Answer: D
店
店
The organization has implemented a process to compare the settings on systems against secure configuration guidelines to identify any gaps. This
process is aimed at detecting and identifying deviations from the recommended secure configurations. Detective controls are put in place to
identify and discover security incidents or events that have occurred or are in progress. In this case, the configuration comparison process is a
detective control as it helps identify potential security risks or vulnerabilities by detecting deviations from the secure configuration guidelines.
铺
铺
;
;
学
学
习
习
小
小
店
Let's examine why option C (Preventive)
66 is not the correct answer.
店
66
Preventive controls are designed to proactively prevent security incidents from occurring. These controls are put in place to reduce the likelihood
of security breaches or attacks. They are implemented to deter potential threats and block them from exploiting vulnerabilities.
upvoted 2 times
Protract8593 2 months ago
In the scenario described, the organization has implemented a process that compares the current settings on systems against secure
configuration guidelines. This process is not preventing incidents from occurring; rather, it is used to identify any gaps in the system
configurations. It is more of a post-incident or detective measure rather than a preventive measure.
Detective controls, on the other hand, focus on identifying security incidents or events that have already occurred or are in progress. The
process of comparing system settings against secure configuration guidelines falls under the category of detective controls because it aims to
detect deviations from the secure configuration and identify potential security risks.
Therefore, the correct answer is D. Detective.
upvoted 3 times
LiteralGod 2 months ago
Selected Answer: C
It's preventative.
Detective is in relation to detection of actual threats.
upvoted 2 times
jbell 2 months, 2 weeks ago
Selected Answer: D
It does not prevent misconfiguration, it just identifies it after gap occurs.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #125
The Chief Information Security O cer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS
applications to be blocked from user access. Which of the following is the BEST security solution to reduce this risk?
A. CASB
B. VPN concentrator
C. MFA
D. VPC endpoint
店
店
铺
Correct Answer: A
铺
;
;
学
Community vote distribution
习
学
习
小A (100%)
店
66
Mamun1
Highly Voted
小
店
66
1 year ago
Selected Answer: A
A cloud access security broker (CASB) is on-premises or cloud-based software that sits between a cloud service consumer and a cloud service
provider. It serves as a tool for enforcing an organization's security policies through risk identification and regulation compliance whenever its
cloud-residing data is accessed.
upvoted 27 times
ScottT 1 year ago
For me the key clue is SaaS suggesting cloud computing. With that being decided CASB is the only option
upvoted 9 times
comeragh
Highly Voted
1 year ago
Selected Answer: A
By process of elimination A seems to be the correct answer
upvoted 7 times
Gino_Slim 11 months ago
That's exactly what I did. Even if I didn't know what CASB meant, the others didn't make any sense
upvoted 7 times
ApplebeesWaiter1122
Most Recent
2 months ago
Selected Answer: A
A Cloud Access Security Broker (CASB) is the best security solution to reduce the risk of shadow IT related to unsanctioned high-risk SaaS
applications. CASB provides visibility and control over the use of cloud services within an organization, helping to detect and block unauthorized
cloud applications. It acts as an intermediary between users and cloud services, allowing organizations to enforce security policies, monitor cloud
activity, and prevent access to unsanctioned or high-risk cloud applications.
By implementing a CASB solution, the Chief Information Security Officer (CISO) can gain better visibility into the usage of cloud services, enforce
security policies, and block access to unauthorized or high-risk applications, effectively reducing the risk of shadow IT and enhancing overall cloud
security.
upvoted 3 times
Protract8593 2 months ago
店
铺
店
铺
;
CASB is a security solution
学 that provides organizations with visibility into and control over cloud-based;services
学 and applications accessed by their
习 between users and cloud service providers, allowing security teams to enforce
习security policies and monitor cloud
users. It acts as an intermediary
小
小
usage.
店
店
66
66
Selected Answer: A
By implementing a CASB, the organization can gain insights into all cloud applications being used by its employees, including unsanctioned ones,
and apply policy-based controls to block access to high-risk SaaS applications. This helps mitigate the risks associated with shadow IT, enhances
security, and ensures compliance with organizational policies.
The other options (B. VPN concentrator, C. MFA, and D. VPC endpoint) are not directly related to managing or controlling access to SaaS
applications, and thus, they would not be the best choice for reducing the risk of unsanctioned high-risk SaaS applications.
upvoted 2 times
DALLASCOWBOYS 7 months, 3 weeks ago
A. SaaS is a cloud based service, therefore, a CASB, Cloud Access Security Broker
upvoted 3 times
FMMIR 9 months, 2 weeks ago
Selected Answer: A
淘宝店铺:https://shop63989109.taobao.com/
The best security solution to reduce the risk of shadow
IT and unsanctioned high-risk SaaS applications is a Cloud Access Security Broker (CASB). A
CASB is a security solution that is designed to provide visibility and control over cloud applications and services. It can be used to block access to
unsanctioned applications and to enforce security policies and compliance requirements for cloud services. In this case, the CASB would be used
to block access to unsanctioned high-risk SaaS applications, reducing the risk of shadow IT and helping the organization to maintain control over
its cloud environment. Options B, C, and D are not specifically related to reducing the risk of shadow IT and unsanctioned SaaS applications. A VPN
concentrator is a network device that is used to manage and terminate VPN connections, MFA is a security control that requires multiple factors
for authentication, and a VPC endpoint is a networking feature that allows private access to AWS services.
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #126
A technician enables full disk encryption on a laptop that will be taken on a business trip. Which of the following does this process BEST
protect?
A. Data in transit
B. Data in processing
C. Data at rest
D. Data tokenization
店
店
铺
Correct Answer: C
铺
;
;
学
Community vote distribution
习
学
习
小C (100%)
店
66
Gravoc
Highly Voted
小
店
66
1 year ago
Data in transit is incorrect. The official terminology is data in motion.
Data-in-Motion: Data that is in transit over a network. Think data packets working their way across the internet.
Data-at-Rest: Stored data that resides on hard drives, tapes, in the cloud, or on other storage media. When this is taught, it's almost always taught
as a USB stick laying on a desk in an office. Don't forget that this is broad category.
Data-in-Processing: Data that is actively in use by a computer system. Includes data stored in memory while processing takes place.
upvoted 9 times
xxxdolorxxx
Highly Voted
8 months, 1 week ago
C is the right answer. They tried to throw a curveball with the "traveling" thing, lol.
upvoted 5 times
ApplebeesWaiter1122
Most Recent
2 months ago
Selected Answer: C
Full disk encryption (FDE) is a security measure that protects data at rest, meaning data that is stored on a device, such as a laptop's hard drive.
When FDE is enabled, all the data on the disk is encrypted, and it remains encrypted even when the device is powered off or not in use.
This ensures that if the laptop is lost, stolen, or accessed by unauthorized individuals, the data on the disk is still protected and cannot be easily
accessed or read without the decryption key. FDE helps to safeguard sensitive information from potential data breaches or unauthorized access to
the physical device.
upvoted 2 times
Protract8593 2 months ago
Selected Answer: C
Full disk encryption (FDE) is a security measure that encrypts the entire hard drive or storage media of a device, such as a laptop, to protect the
data stored on it when the device is powered off or not in use. It ensures that if the laptop is lost, stolen, or accessed by unauthorized individuals,
the data on the disk remains encrypted and inaccessible without the appropriate decryption key or password. This protects the data at rest from
being compromised in such situations.
upvoted 2 times
Zdane 5 months, 1 week ago
店
铺
店
铺
It's funny, because the part "laptop that will be taken on a business trip" is a decoy for the answer "Data in transit"
upvoted 1 times
;
;
学
习
小
学
习
小
店
店
C. Data at rest, such as when data6stored on the device when it is in an off state, or when a laptop is in sleep mode.
66
6
upvoted 1 times
DALLASCOWBOYS 7 months, 3 weeks ago
kstevens11 10 months, 3 weeks ago
Selected Answer: C
Full DISK encryption - disk data is data at rest
upvoted 3 times
serginljr 1 year ago
Selected Answer: C
Data at Rest is correct Answer.
Data at rest: Data at rest is data in its stored or resting state, which is
typically on some type of persistent storage such as a hard drive or tape.
Symmetric encryption is used in this case.
淘宝店铺:https://shop63989109.taobao.com/
upvoted 5 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #127
A security analyst was called to investigate a le received directly from a hardware manufacturer. The analyst is trying to determine whether the
le was modi ed in transit before installation on the user's computer. Which of the following can be used to safely assess the le?
A. Check the hash of the installation le.
B. Match the le names.
C. Verify the URL download location.
D. Verify the code signing certi cate.
店
店
铺
Correct Answer: A
铺
;
;
学
Community vote distribution
习
学
习
小
店
A (83%)
Gravoc
Highly Voted
66
小
店
D (17%)
66
1 year ago
The hardware manufacturer will post the hash of the file publicly, and anyone who receives a copy of that file will be able to run a checksum on
the file themselves, and compare them to the official manufacturer-provided checksum. Hashing is almost always the correct answer in these type
of questions. You'll see a lot of Github repositories using hashed checksums as well for verification, and I recently just installed Java onto my new
computer. Java provided me with a hashed checksum for the setup executable.
upvoted 17 times
Blake89
8 months ago
Highly Voted
Selected Answer: A
Directly from the CompTIA Sec + Study Guide: "• The most common way to validate that a forensic copy matched an original copy is to create a
hash of the copy and to create a hash of the original drive, and then compare them. If the hashes match, the forensic copy is identical to the
original."
upvoted 5 times
1bagwell 6 months, 2 weeks ago
hey there! how can I be able to get the study guide?
upvoted 1 times
predsednik
Most Recent
1 month, 2 weeks ago
Selected Answer: A
The most common way to validate that a forensic copy matched an original copy is to create a hash of the copy and to create a hash of the
original drive, and then compare them. If the hashes match, the forensic copy is identical to the original.
upvoted 1 times
ApplebeesWaiter1122 2 months ago
Selected Answer: A
When you download a file from a reputable source, the provider often publishes the hash value (such as MD5, SHA-256, etc.) of the original file on
their website. After downloading the file, you can calculate the hash of the downloaded file and compare it to the published hash. If the hashes
match, it means the file was not modified in transit and is likely the same as the original file provided by the hardware manufacturer. If the hashes
do not match, it suggests that the file might have been altered during transmission or is a different version from the one provided by the
manufacturer.
upvoted 2 times
店
店
Protract8593 2 months ago
铺
铺
;
Selected Answer: A
;
学
学
习
习
Hashing is a cryptographic method used to generate a unique fixed-size string of characters (hash value) from the content of a file. By calculating
the hash value of the original installation file and comparing it to the hash value of the received file, the security analyst can determine whether
the file has been modified in transit or remains unchanged. If the hash values match, it is highly likely that the file was not tampered with during
transmission. If the hash values differ, it indicates that the file has been altered, and it should not be trusted.
小
店
66
小
店
66
Option B (Match the file names) and Option C (Verify the URL download location) are not sufficient for ensuring the integrity of the file, as an
attacker can use the same file name or spoof the download location to trick users into installing malicious content.
Option D (Verify the code signing certificate) is relevant for verifying the authenticity and integrity of software files but might not be applicable in
this case if the file is not digitally signed by the manufacturer. In such situations, checking the file's hash would be a more general and reliable
method to assess the file's integrity.
upvoted 2 times
z3phyr 5 months, 3 weeks ago
Selected Answer: A
Code signing certificates are for software code. Nowhere does the question state that this is for code. It says "file".
upvoted 1 times
assfedass nished 5 months, 4 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: A
Check the Hash(es)
Is a collision possible, yes, likely, no - especially considering reviewing more than one hash.
upvoted 1 times
monzie 5 months, 4 weeks ago
Selected Answer: D
D. Verify the code signing certificate.
Verifying the code signing certificate ensures that the file was not modified during transit, as the certificate provides assurance that the file
originated from a trusted source and has not been tampered with since it was signed.
upvoted 1 times
DALLASCOWBOYS 7 months, 3 weeks ago
店
铺
A. Check the hash of the file to verifiy the integrity of the file to see if it was modified.
upvoted 1 times
;
店
铺
;
学
学
习 ago
[Removed] 8 months, 1 week
小
店
Selected Answer: A
66
习
小
店
66
Hashing
upvoted 2 times
FMMIR 9 months, 2 weeks ago
Selected Answer: A
The security analyst can safely assess the file by checking the hash of the installation file. A hash is a unique value that is generated based on the
contents of a file. When a file is sent from one party to another, the sender can compute the hash of the file and provide it to the recipient. The
recipient can then compute the hash of the received file and compare it to the original hash. If the hashes match, it indicates that the file has not
been modified and is identical to the original file. This can provide assurance that the file has not been tampered with or corrupted in transit.
Options B, C, and D are not reliable methods for determining whether a file has been modified in transit. Matching file names does not guarantee
the integrity of the file, verifying the URL download location does not provide information about the file itself, and verifying the code signing
certificate does not guarantee that the file has not been modified.
upvoted 3 times
[Removed] 9 months, 3 weeks ago
Selected Answer: A
A. Always when it's about checking if app wasnt't modified by 3rd party - you compare hashes :p
upvoted 3 times
kstevens11 10 months, 3 weeks ago
Selected Answer: A
keywords: "determine whether a file was modified", and you need a hash comparison for this. Code signing is more for nonrepudiation, I thought.
upvoted 3 times
MathDayMan 11 months ago
A
Hashed is the right one
upvoted 1 times
G4ct756 11 months, 1 week ago
Selected Answer: D
D. There are possibility of hash collision, and we can't verify if file is from manufacturer.
Code sign certificate, verify file is not tampered together with Signer's identity.
I would think code sign certificate will hold more weight over file hash.
upvoted 3 times
店
铺
;
学
Tomtom11 11 months, 1 week ago
Selected Answer: A
习
小
店
66
File is Hashed
Code is Signed to ensure it has not be altered
upvoted 3 times
店
铺
;
学
习
小
店
66
abrilo 11 months, 2 weeks ago
Another use of digital certificates, is often used when we are distributing software. A developer will create an executable or a piece of software
that needs to be distributed, and then they will sign that software with a code signing certificate. This means that we can receive that software and
install it and during the installation process, we can validate that the program that we’re installing is exactly the same executable as the one that
was distributed by the manufacturer.
upvoted 1 times
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #128
A help desk technician receives a phone call from someone claiming to be a part of the organization's cybersecurity incident response team. The
caller asks the technician to verify the network's internal rewall IP Address. Which of the following is the technician's BEST course of action?
A. Direct the caller to stop by the help desk in person and hang up declining any further requests from the caller.
B. Ask for the caller's name, verify the person's identity in the email directory, and provide the requested information over the phone.
C. Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the
organization's cybersecurity o cer.
D. Request the caller send an email for identity veri cation and provide the requested information via email to the caller.
店
店
铺
Correct Answer: D
铺
;
;
学
学
习
小
店
Community vote distribution
66
C (63%)
stoneface
习
小
Highly Voted
店
66
D (37%)
1 year ago
Selected Answer: D
D->Request the caller send an email for identity verification and provide the requested information via email to the caller. -> This will allow to
have a record of the requested information as well as identifying the requester.
upvoted 17 times
Ruthless937 3 weeks, 5 days ago
if the attacker has spoofed the email address then they could bypass the email identity verification.
upvoted 1 times
Ruthless937 1 week, 3 days ago
also you would never send an internal IP like that over email for anyone to read.
upvoted 1 times
OneTooManyCert 5 months, 3 weeks ago
I answer C but the lord himself answer D, now i'm confused
upvoted 6 times
chaddaddy 3 days, 13 hours ago
LOL! An anarchy is foaming
upvoted 1 times
J_Ark1 10 months, 3 weeks ago
For the SIEM systems to be able to know who it was that attacked and compromised the system?
upvoted 1 times
J_Ark1 10 months, 3 weeks ago
The issue is that a random individual is trying to gain acess to the internal network and hence we do not know their intended purpose, so it
makes sense to notify the cyber security officer so that they can confirm their authorisation via the right channels of communication.
upvoted 3 times
店
rodwave
10 months, 2 weeks ago
Highly Voted
铺
Selected Answer: C
;
店
铺
;
学
学
Answer: Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the
organization's cybersecurity officer.
习
习
小
店
66
小
店
66
In this scenario, the help desk technician should be wary of the person's request as help desk technicians would not have this information. Also, if
the person claimed to be from the cybersecurity incident response team, they would more likely to have access to this information anyway, or at
least know who to contact.
For the sake of the technician, it would be best to get as much information as possible and delegate the task of confirming the person's identity
to the cybersecurity officer. Even in the very slim chance that it was a legitimate request, it would still be best for the cyber security officer to
provide this information instead of a tech.
upvoted 14 times
malibi
Most Recent
3 weeks ago
Selected Answer: D
emailing a helpdesk is like creating a helpdesk ticket. 1. email add of the sender will be verified, 2. the request will go on the proper channel!. just
my 2 cents
upvoted 1 times
ja1092m 1 month ago
It asked for the BEST course of action, wouldn't C淘宝店铺:https://shop63989109.taobao.com/
be the most secure?
upvoted 1 times
RevolutionaryAct 1 month, 2 weeks ago
Selected Answer: C
D doesn't make sense given the firewall is supposedly compromised, why would you send data in the clear over email when the firewall is in
question?
It's C
upvoted 1 times
predsednik 1 month, 2 weeks ago
Selected Answer: C
I would go with C because in case someone is trying to scam help desk tech claiming that he belongs to cyber security team, then help desk tech
should check and verify this information with Cybersec team if that person exists in their team and does he need that information.
店
店
铺
In case you decide for D and send requested info to sender without verifying his identity with the 铺
cyber sec team you could be wrong and send
; to the hacker who maybe stole email credentials from the real guy.
;
sensitive information
学
学
习
习
upvoted 1 times
小
小
店
店
ApplebeesWaiter1122 2 months6ago
66
6
Selected Answer: C
In this situation, the technician should be cautious and follow proper security protocols. The caller's request to verify the network's internal firewall
IP address is sensitive information that should not be disclosed over the phone without proper verification. Instead, the technician should gather
as much information as possible about the caller, including their name and phone number, and then hang up the call. The next step is to notify the
organization's cybersecurity officer or a designated authority about the incident so they can verify the legitimacy of the request and take
appropriate actions if necessary.
upvoted 1 times
Protract8593 2 months ago
Selected Answer: C
In this scenario, the help desk technician receives a call from someone claiming to be from the organization's cybersecurity incident response
team. It is essential to follow proper security protocols and procedures when dealing with sensitive information or requests for verification.
Option A (Direct the caller to stop by the help desk in person and hang up declining any further requests from the caller) is a good approach if the
person is genuinely from the incident response team. However, it may not be feasible or practical in all situations, especially if the organization
has a distributed workforce or remote teams.
Option B (Ask for the caller's name, verify the person's identity in the email directory, and provide the requested information over the phone) is
not recommended because verifying the person's identity solely based on the email directory may not be enough to ensure their authenticity.
upvoted 1 times
Protract8593 2 months ago
Option D (Request the caller send an email for identity verification and provide the requested information via email to the caller) is also not
the best course of action, as responding to unsolicited emails can lead to phishing or other security risks.
The best approach is to gather as much information as possible from the caller (name, phone number, purpose of the request) without
divulging sensitive information. After hanging up, the technician should notify the organization's cybersecurity officer or the appropriate
security personnel to verify the legitimacy of the request before taking any further action.
upvoted 2 times
Jonsmith24 2 months ago
What if he is part of the organization's cybersecurity incident response team, and has the proper identity information? Why are you calling the
cyber security officer before you even seen the identification?
upvoted 2 times
店
Gaurabdon 3 months, 1 week ago
铺D
Selected Answer:
;
店
铺
;
学
学
In real world scenario, the answer is D. I work as an IT help desk in a MSP and the protocol is never to hang up on the person keeping in mind that
the person calling can be a legitimate person as well. For that reason, it is best for both parties that the caller sends an email requesting the
information so that it gets documented on who asked. If the user is legitimate, we can easily tell with the email address they are sending us from.
From there, we can inform the cyber team if we can proceed with the request.
upvoted 5 times
习
习
小
店
66
小
店
66
Kaps443 4 months, 3 weeks ago
Selected Answer: C
C. Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the
organization's cybersecurity officer.
The best course of action for the technician is to follow the principle of least privilege and verify the caller's identity before providing any
sensitive information. The caller could potentially be a social engineer attempting to gain unauthorized access to the network. Writing down the
phone number and the name of the person requesting information, hanging up, and notifying the cybersecurity officer will help prevent
unauthorized access to the network.
upvoted 1 times
Yawannawanka 5 months ago
淘宝店铺:https://shop63989109.taobao.com/
C. Write down the phone number of the caller if possible,
the name of the person requesting the information, hang up, and notify the
organization's cybersecurity officer.
This scenario is an example of a social engineering attack where the attacker is trying to obtain sensitive information through deception. The caller
is impersonating a member of the organization's cybersecurity incident response team and attempting to obtain the network's internal firewall IP
address. Providing this information could compromise the organization's security.
upvoted 1 times
Yawannawanka 5 months ago
A help desk technician receives a phone call from someone claiming to be a part of the organization's cybersecurity incident response team. The
caller asks the technician to verify the network's internal firewall IP Address. Which of the following is the technician's BEST course of action?
A. Direct the caller to stop by the help desk in person and hang up declining any further requests from the caller.
B. Ask for the caller's name, verify the person's identity in the email directory, and provide the requested information over the phone.
C. Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the
organization's cybersecurity officer. Most Voted
D. Request the caller send an email for identity verification and provide the requested information via email to the caller.
upvoted 1 times
店
店
铺
铺
;
;
学
学
Mkoenig69 5 months,习
3 weeks ago
习
小
小
Selected Answer: C
店
店
6
66 through email is not
6 organization's security at risk. Email can be easily intercepted, and identity verification
D is not recommended as it puts the
reliable.
upvoted 1 times
MasterControlProgram 6 months ago
Selected Answer: C
C. Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the
organization's cybersecurity officer is the BEST course of action for the help desk technician. This is because the caller could potentially be a
malicious actor attempting to gain unauthorized access to the network. The technician should not provide any sensitive information until they can
verify the caller's identity through appropriate channels, such as contacting the organization's cybersecurity incident response team directly or
verifying the request through established procedures.
upvoted 1 times
EricShon 6 months, 1 week ago
Selected Answer: C
C. Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the
organization's cybersecurity officer is the BEST course of action for the help desk technician. The request from the caller to verify the network's
internal firewall IP Address is a suspicious request, and the technician should take caution to ensure the identity of the caller is legitimate before
providing any sensitive information. Writing down the caller's phone number and name and notifying the organization's cybersecurity officer will
allow the incident response team to investigate the legitimacy of the request and prevent any potential social engineering or phishing attempts.
upvoted 1 times
xxxdolorxxx 7 months, 3 weeks ago
So I read this a few times and maybe it's just me but the second half of D is throwing some red flags for me. "and provide the requested
information via email to the caller." this implies that the company would then send the documents to the caller. Wouldn't that be a potential
security risk? Originally I thought D. Now I feel like D is wrong.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #129
Which of the following would BEST provide detective and corrective controls for thermal regulation?
A. A smoke detector
B. A re alarm
C. An HVAC system
D. A re suppression system
E. Guards
店
铺
Correct Answer: D
店
铺
;
;
学
学
习
Community vote distribution
习
小
C (88%)
店
66
stoneface
Highly Voted
小
店
12%
66
1 year ago
Selected Answer: C
What are the functions of an HVAC system?
An HVAC system is designed to control the environment in which it works. It achieves this by controlling the temperature (THERMAL) of a room
through heating and cooling. It also controls the humidity level in that environment by controlling the movement and distribution of air inside the
room. So it provides detective and corrective controls for THERMAL regulation.
upvoted 37 times
sujon_london
1 month, 2 weeks ago
Most Recent
Selected Answer: D
The optimal way to achieve detective and corrective thermal regulation is through a fire suppression system, which actively curbs fires and halts
their escalation. While smoke detectors, fire alarms, and HVAC systems are significant, they lack the direct fire control capability of a suppression
system.
upvoted 1 times
RevolutionaryAct 1 month, 2 weeks ago
Wrong. It never mentions fire and fire suppression can only put out fires, it cannot raise temperatures nor slowly (or rapidly) cool unlike an
HVAC system
"corrective controls for thermal regulation" =/= fire
upvoted 1 times
RevolutionaryAct 2 weeks, 4 days ago
OK now I retract that comment because elsewhere I see that a fire suppression system is considered a corrective and compensating control.
upvoted 1 times
ApplebeesWaiter1122 2 months ago
Selected Answer: C
An HVAC (Heating, Ventilation, and Air Conditioning) system can provide both detective and corrective controls for thermal regulation. The HVAC
system helps detect abnormal temperature changes in the environment, which can indicate potential issues with thermal regulation. For example,
if a server room becomes too hot, the HVAC system can trigger alarms or notifications to alert the relevant personnel about the issue.
店
店
铺
铺
Additionally, the HVAC system can be programmed to take corrective actions automatically in response to temperature fluctuations. It can adjust
heating, cooling, and ventilation settings to bring the environment back to the desired temperature range.
upvoted 2 times
;
;
学
学
习
习
小
店
sujon_london 1 month, 2 weeks ago
66
小
店
66
I do appreciate your contribution in this platform which is very helpful: just to check what aspect HVAC will detect and would be corrective ?
This may helps to change answer c >d; The optimal way to achieve detective and corrective thermal regulation is through a fire suppression
system, which actively curbs fires and halts their escalation. While smoke detectors, fire alarms, and HVAC systems are significant, they lack the
direct fire control capability of a suppression system.
upvoted 1 times
Protract8593 2 months ago
Selected Answer: C
An HVAC (Heating, Ventilation, and Air Conditioning) system can provide both detective and corrective controls for thermal regulation. It is
capable of detecting abnormal temperatures and adjusting the environment to maintain the desired temperature range. By doing so, it helps to
prevent overheating or freezing of equipment, which can lead to system failures or damage. This makes the HVAC system an important
component in maintaining the overall security and reliability of the infrastructure.
upvoted 1 times
淘宝店铺:https://shop63989109.taobao.com/
EUGgrep 4 months ago
Selected Answer: C
D can't be the correct answer because a fire suppressor does not have detection capabilities. whereas the HVAC has detective and corrective
powers, it detects the temperature and adjusts it accordingly depending on the settings. so the correct answer is C.
upvoted 1 times
Yawannawanka 5 months ago
C. An HVAC system.
An HVAC (heating, ventilation, and air conditioning) system can provide both detective and corrective controls for thermal regulation. The system
is designed to detect changes in temperature and adjust the airflow and temperature accordingly. If the temperature goes beyond a certain
threshold, the system can trigger an alarm or alert to notify the appropriate personnel. The HVAC system can also take corrective action to
regulate the temperature by adjusting the airflow or turning on a cooling system, for example.
A smoke detector and a fire alarm are designed to detect smoke and fire, respectively, and are not directly related to thermal regulation. A fire
suppression system is designed to extinguish fires, but it does not provide detective or corrective controls for thermal regulation. Guards can
provide physical security but are not directly related to thermal regulation.
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
小
Mkoenig69 5 months, 3 weeks ago
店
店
66
Selected Answer: C
66
Fire suppression systems are designed to extinguish fires and prevent them from spreading, but they do not provide any thermal regulation.
upvoted 2 times
MasterControlProgram 6 months ago
Selected Answer: C
C. An HVAC system would provide the best detective and corrective controls for thermal regulation. HVAC stands for Heating, Ventilation, and Air
Conditioning, and it helps to maintain a comfortable temperature and humidity level inside a building. It can detect and correct issues related to
temperature, such as too hot or too cold, and provide a way to regulate it through heating or cooling systems. Smoke detectors, fire alarms, fire
suppression systems, and guards are designed to detect and prevent fire-related incidents and may not be effective in regulating temperature.
upvoted 3 times
hoott i 7 months, 2 weeks ago
fire suppression is detective and corrective?
upvoted 2 times
assfedass nished 5 months, 4 weeks ago
HVAC is a better answer. The odds of a fire are less than the odds of the temperature being 1+ degree hotter/colder than spec. HVAC can
detect and correct that.
upvoted 1 times
DALLASCOWBOYS 7 months, 2 weeks ago
C. HVAC system. It measures temperature and humidity, and corrects both if the measurements get out of the acceptable ranges.
upvoted 1 times
Blake89 8 months ago
Selected Answer: C
CompTia Study Guide book: 'HVAC systems ensures that the processes or systems are at the proper temperature and humidity."
upvoted 3 times
Boubou480 8 months, 2 weeks ago
Selected Answer: C
C. An HVAC system would provide the best detective and corrective controls for thermal regulation. An HVAC (heating, ventilation, and air
conditioning) system can detect deviations in temperature and adjust accordingly to maintain a comfortable and safe range. It can also alert
maintenance staff if there is a problem that needs to be corrected.
upvoted 2 times
店
店
铺
铺
;
学
jhfdkjshfkjdsho 9 months, 1 week ago
习
小
;
学
习
小
店
店 or a combination of
A fire suppression system, like a fire
66 sprinkler system, is used to extinguish or control fires, and is activated by heat, smoke,
66
the two. However, a fire suppression system uses gaseous, chemical, or foam fire suppression agents to suppress the fire, rather than water. So, it is
Selected Answer: D
a detective and corrective system
upvoted 1 times
Blake89 8 months ago
Lol just stop it. The answer is C
upvoted 2 times
PraygeForPass 8 months, 2 weeks ago
Thermal regulation isn't just fires/smoke. It can be extremely cold or humid in a building for example. A fire suppression system won't help
with that.
upvoted 3 times
nul8212 9 months, 1 week ago
Selected Answer: D
This answer covers both parts of the question.
upvoted 1 times
淘宝店铺:https://shop63989109.taobao.com/
FMMIR 9 months, 2 weeks ago
Selected Answer: C
An HVAC system would provide the best detective and corrective controls for thermal regulation. An HVAC (heating, ventilation, and air
conditioning) system is a type of building management system that is used to control the temperature, humidity, and air quality within a building.
HVAC systems typically include sensors that can detect changes in temperature, and control mechanisms that can adjust the heating or cooling
output to maintain a comfortable and safe environment. This provides both detective and corrective controls for thermal regulation, as the
sensors can detect deviations from the desired temperature range, and the control mechanisms can automatically adjust the heating or cooling
output to correct the problem. Options A, B, D, and E do not provide the same level of control for thermal regulation as an HVAC system. A smoke
detector and fire alarm can detect fires, but they do not provide the same level of control over the temperature within a building. A fire
suppression system can extinguish fires, but it does not provide any control over the temperature. Guards do not provide any control over the
temperature
upvoted 2 times
店
babyzilla 10 months, 2 weeks ago
铺
;
店
铺
;
学
Selected Answer: C
学
习
习
Remember corrective and detective are AFTER an incident occurs. The first suppression system would kick in after a fire happened...I highly doubt
that this is what the question is referring to. On the other hand, in order for a HVAC system to activate, a simple thermal change has to happen. Just
like at home, you set your thermostat to heat or cool and set a temp. If it goes below or above your set temp, then the system will kick on.
upvoted 3 times
小
小
店
店
66
66
The_F00L 10 months, 3 weeks ago
its HVAC, but man... gotta love Fire supression as an answer. got a giggle out of me
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #130
Which of the following is a bene t of including a risk management framework into an organization's security approach?
A. It de nes expected service levels from participating supply chain partners to ensure system outages are remediated in a timely manner.
B. It identi es speci c vendor products that have been tested and approved for use in a secure environment.
C. It provides legal assurances and remedies in the event a data breach occurs.
D. It incorporates control, development, policy, and management activities into IT operations.
Correct Answer: D
店
店
铺
Community vote distribution
;
学 D (89%)
习
小
店
铺
;
11%
66
predsednik 1 month, 2 weeks ago
学
习
小
店
66
Selected Answer: D
A risk management framework incorporates various control, development, policy, and management activities into an organization's IT operations.
It provides a structured approach to identifying and managing risks, which includes defining risk appetite, risk assessment methodologies, risk
treatment strategies, and risk monitoring and reporting.
upvoted 1 times
ApplebeesWaiter1122 2 months ago
Selected Answer: D
A risk management framework incorporates various control, development, policy, and management activities into an organization's IT operations.
It provides a structured approach to identifying and managing risks, which includes defining risk appetite, risk assessment methodologies, risk
treatment strategies, and risk monitoring and reporting. By integrating these activities into IT operations, the organization can effectively manage
and mitigate risks, ensuring a more secure and resilient environment.
upvoted 2 times
Protract8593 2 months ago
Selected Answer: D
Including a risk management framework into an organization's security approach helps to integrate various aspects of security, including control
implementation, development practices, policy creation, and management activities. A risk management framework provides a structured and
systematic approach to identify, assess, and mitigate risks, ensuring that security measures are well-coordinated and aligned with the
organization's goals and objectives.
upvoted 1 times
LeonardSnart 4 months, 1 week ago
Selected Answer: D
"Risk Management Framework (RMF)
・ A process that integrates security and risk management activities into the system development life cycle through an approach to security
control selection and specification that considers effectiveness, efficiency, and constraints due to applicable laws, directives, Executive Orders,
policies, standards, or regulations"
-Jason Dion Comptia Security+ Study Notes
upvoted 2 times
Yawannawanka 5 months ago
D. It incorporates control, development, policy, and management activities into IT operations.
店
店
铺
铺 including incorporating control,
Including a risk;
management framework into an organization's security approach has several benefits,
; a structured and systematic approach
development, policy,
学and management activities into IT operations. A risk management framework provides
学
习 to prioritize risks and allocate
to identify, assess, and习
manage risks to an organization's information systems and assets. It allows the organization
小
小
resources accordingly, which 店
can lead to more effective and efficient security measures.
店
66
66
Option A is related to service level agreements (SLAs) and supply chain management, which are not directly related to a risk management
framework. Option B is related to vendor management and procurement, which are important components of a security program but not directly
related to a risk management framework. Option C is related to legal compliance and liabilities, which are important but not directly related to a
risk management framework.
upvoted 2 times
assfedass nished 5 months, 4 weeks ago
Selected Answer: D
Which of the following is a benefit of including a risk management framework into an organization's security approach?
-D
There are no legal assurances or remedies provided at all by the framework itself. Neither is that included in the org's security approach. The
product of the RMF's incorporation into the org's security approach would provide those things.
upvoted 1 times
淘宝店铺:https://shop63989109.taobao.com/
Omi0204 6 months, 2 weeks ago
Answer is C.
A strong risk management framework can offer organizations a number of key benefits, such as protection of assets, reputation management, and
the optimization of data management. A risk management framework can also provide protection against losses of competitive advantage, legal
risks, and business opportunities.
Benefits of Risk Management Framework
A risk management framework helps protect against potential losses of competitive advantage, business opportunities, and even legal risks.
upvoted 3 times
DALLASCOWBOYS 7 months, 2 weeks ago
D is the best answer given.
upvoted 2 times
[Removed] 9 months, 3 weeks ago
店
铺
店
铺
;
;
I would go with D.学
There is nothing about legal assurence in books i read.
学
习
习
小
小your company can run
Risk management is about identyfying vulnerabilities and threats in your company. To help you mitigater them, so
店
店
smoothly.
66
66
upvoted 4 times
Selected Answer: D
deeden 9 months, 3 weeks ago
Selected Answer: C
Agree with C. RMF goes beyond IT Operations and Supplier/Vendor management.
upvoted 1 times
passmemo 11 months, 2 weeks ago
Selected Answer: D
An effective risk management framework will prioritize understanding the risks that your business faces to take the necessary steps to protect your
assets and your business
upvoted 2 times
skorza 11 months, 3 weeks ago
Is it not A as the benefit is "to ensure system outages are remediated in a timely manner"?
upvoted 2 times
studant_devsecops 12 months ago
Selected Answer: C
Believe the keyword is reference to legal. Does anyone think same?
upvoted 1 times
[Removed] 12 months ago
Where is it referencing "legal"?
upvoted 3 times
Gino_Slim 11 months ago
It doesn't. Idk where they got that from.
upvoted 3 times
RonWonkers 1 year ago
Selected Answer: D
I agree with D
upvoted 4 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #131
An organization maintains several environments in which patches are developed and tested before being deployed to an operational status.
Which of the following is the environment in which patches will be deployed just prior to being put into an operational status?
A. Development
B. Test
C. Production
D. Staging
店
店
铺
Correct Answer: B
铺
;
;
学
Community vote distribution
习 D (93%)
小
店
学
习
小
5%
店
66
bitezadusto
66
6 months ago
Highly Voted
remember this: Dont Throw Sausage Pizza
Development >> Testing >> Staging >> Production
upvoted 21 times
BigIshai 1 month, 2 weeks ago
The full acronym would be Development >> Testing >> Staging >> Production >> Quality Assurance. Don't Throw Sausage Pizza Quickly! lol
(source: page 252 CompTIA+ SYO-601:Get Certified ahead. Darril Gibson)
upvoted 3 times
Samsonite363
Highly Voted
7 months, 3 weeks ago
Selected Answer: D
Development > Testing > Staging > Production
upvoted 11 times
RevolutionaryAct
Most Recent
1 month, 2 weeks ago
Hm, I am wondering if testing is indeed the right answer
https://www.pagerduty.com/resources/learn/software-development-life-cycle/
upvoted 1 times
predsednik 1 month, 2 weeks ago
Selected Answer: D
Development >> Testing >> Staging >> Production
upvoted 1 times
sujon_london 1 month, 2 weeks ago
Selected Answer: B
This is very critical question to answer, in my understanding and research through wording of question I have concluded precisely with B.
Development: This is where patches are created and initial testing might occur.
Test: Patches are thoroughly tested in this environment to identify any issues or conflicts before moving to the next stage.
Staging: Patches are deployed to a staging environment that closely resembles the operational environment. This allows for final testing and
verification and validation for the final stage before deployment.
Production: Once patches have successfully passed testing in the staging environment, they are deployed to the operational or production
environment for regular use.
店
店
铺
铺
;
;
学
学
习
习
小
店
小
店
The confusion here maybe between resembles of final product and testing before deploying into the operational environment.
Patches are throughly tested indeed at testing stage not staging stage.
upvoted 1 times
66
66
ApplebeesWaiter1122 1 month, 4 weeks ago
Selected Answer: D
In the software development lifecycle, the staging environment serves as a final testing and validation phase before deploying changes to the
production environment. It closely mirrors the production environment, allowing organizations to assess the impact of changes and ensure
everything works as expected before going live. Once patches have been thoroughly tested in the staging environment and any potential issues
have been addressed, they can then be deployed to the production environment for regular use.
upvoted 1 times
Protract8593 2 months ago
Selected Answer: D
The staging environment is the environment where patches and updates are deployed just before they are put into an operational status. It serves
as a final step before deploying changes to the production environment, allowing organizations to validate the changes in a controlled setting
淘宝店铺:https://shop63989109.taobao.com/
and ensure that they work as expected before going
live.
upvoted 1 times
Yawannawanka 5 months ago
D. Staging.
Staging is the environment in which patches will be deployed just prior to being put into an operational status. The staging environment is
intended to replicate the production environment as closely as possible and is used to test changes, including patches, before they are
implemented in the production environment.
The development environment is used for developing and testing new features and functionality. The test environment is used to test the
software or patches in a controlled environment before being moved to the staging environment. The production environment is the live
environment where the system is used by end-users.
upvoted 1 times
assfedass nished 5 months, 4 weeks ago
店
铺
店
铺
Selected Answer: D
;
;
If the patches are already developed and tested, but not yet deployed to the operational status, then the environment just before that is staging.
upvoted 1 times
学
学
习
习
小
小
店
Omi0204 6 months, 2 weeks ago
店
66
66
A staging environment is very similar to a production environment, but it is used for testing purposes before the application is launched in
production. This environment tries to simulate as much as possible the final production environment, so tests in staging are more accurate than
tests done in development.
upvoted 1 times
GRIM95 6 months, 2 weeks ago
I just read that staving is before every single one of these steps and testing is right before an operational environment ?
upvoted 1 times
Omi0204 6 months, 2 weeks ago
patches are developed and tested before being deployed: It means patches are already passed through the development and test environment.
so the third is the stage environment before production(Operational environment).
Development -> Test -> Stage -> Production(Operational)
upvoted 1 times
DALLASCOWBOYS 7 months, 2 weeks ago
D. Staging is the step right before production
upvoted 2 times
Comicbookman 8 months ago
A staging environment is the last step before something goes into production and is visible on the live site.
A staging site’s main purpose is to ensure that all new changes deployed from previous environments are working as intended before they hit the
live website. By using a staging site and testing everything before deploying to a live website, you will be able to eliminate bugs and issues, so
they never affect the user. Sometimes this process is referred to as quality assessment (QA).
upvoted 2 times
Boubou480 8 months, 2 weeks ago
Selected Answer: D
D. Staging
The staging environment is where patches are deployed just prior to being put into an operational status. It is a test environment that closely
resembles the production environment, and it is used to ensure that patches are working correctly before they are deployed to the production
environment.
店
店
铺
铺
The development environment is where new patches are developed and tested before they are ready to be deployed to a test environment. The
test environment is where patches are tested to ensure that they are working correctly before they are deployed to the staging environment. The
production environment is the live operational environment where patches are deployed once they have been tested and approved.
upvoted 1 times
;
;
学
学
习
习
小
店
Capt_Mundo 9 months ago
66
小
店
66
Selected Answer: C
I think its C as it stated in the question "Which of the following is the environment in which patches will be deployed", the patches are being
deployed during TESTING however, in STAGING patches are already been deployed and tested, its for observation whether for deployment to
Production is feasible.
upvoted 2 times
Capt_Mundo 9 months ago
I stand corrected B is my answer due to the reasons above. thanks
upvoted 1 times
rodwave 10 months, 2 weeks ago
Selected Answer: D
Answer: Staging
淘宝店铺:https://shop63989109.taobao.com/
Staging is an testing environment similar to production
where software system will go through final testing to ensure the application will work
properly when it's deployed to production
====================
Software Development Environment Stages:
1. Development - Where the actual development of the software takes place (source code/machine code)
2. Testing - The testing environment is where new or updated code functionalities from development is tested. The primary focus is components
of the software vs the entire application.
3. Staging - After passing tests, the software system moves to the staging environment which is identical to production where the system will go
through final testing to ensure the application will work properly when it's deployed to production
4. Production - This is the live environment that is available to users
upvoted 6 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #132
During a trial, a judge determined evidence gathered from a hard drive was not admissible. Which of the following BEST explains this reasoning?
A. The forensic investigator forgot to run a checksum on the disk image after creation.
B. The chain of custody form did not note time zone offsets between transportation regions.
C. The computer was turned off, and a RAM image could not be taken at the same time.
D. The hard drive was not properly kept in an antistatic bag when it was moved.
Correct Answer: B
店
店
铺
Community vote distribution
;
学
B (72%)
习
铺
;
学
习
A (28%)
小
小
店
Dachosenone
店
66
Highly Voted
66
1 year ago
Selected Answer: B
The question states that a trial Judge determined evidence gathered from a hard drive was not admissible. It is obvious that this is a legal matter.
All of the remaining answers are of a technical nature, So consequently the only issue that a Judge can rule on is a Chain of custody issue. So, ladies
and gentlemen, I rest my case (quickly bangs a gavel upon the desk)
upvoted 40 times
Kurt43 2 days, 11 hours ago
the question did not mention about transport or timezones. it only mentioned about HDD not admissible. Why would we assume a scenario
that wasn't described?
upvoted 1 times
Luuke 6 months, 3 weeks ago
Any video evidence ingested must include time stamp and time zone in order to convict - I used to run evidentiary collection for a 3 letter
agency. These video drives had to be finalized in order to make them read-only as well.
upvoted 3 times
rline63 3 weeks, 3 days ago
I'm confused by this. The checksum verifies the integrity of the file and confirms the evidence has not been tampered with. In my mind, it's
almost like a police station creating a written document about what the evidence is before putting it into evidence. Without it, the evidence
could have been modified and no one would know. I'm not saying the time isn't important, it is, but the gaps could be filled by looking at the
physical location of the drive in correlation with the time documented. I feel like both are correct though and I struggle to identify one that
seems more correct.
upvoted 1 times
Yaakb 1 month, 2 weeks ago
I perfectly agree with Dachosenone
upvoted 1 times
Ay_ma
Highly Voted
1 year ago
Selected Answer: B
If you read through the forensics chapter in Darril Gibson's (Ebook PG. 779) sce+ guide, Option B will make sense to you.
Chain of Custody is one of the important parts of forensics, cause someone has to take responsibility for protecting the evidence. Your evidence
also always has to show exact dates. And in this question, the evidence needed to be transported to multiple geographical locations before it got
to the judge. So if there's a mismanagement of dates and times, it won't be legally admissible in court, cause 2 rules have been violated.
upvoted 14 times
店
店
铺
铺
;
;
学
学
Kurt43 2 days, 11习
hours ago
习
小
小would we assume a scenario
the question did not mention
about transport or timezones. it only mentioned about HDD not admissible. Why
店
店
that wasn't described?
66
66
upvoted 1 times
Nikamy
Most Recent
1 month, 3 weeks ago
Selected Answer: B
I choose B
upvoted 1 times
ApplebeesWaiter1122 1 month, 4 weeks ago
Selected Answer: B
The chain of custody is a critical document that tracks the handling and movement of evidence from the time it is collected until it is presented in
court. It includes details such as who had custody of the evidence, when it was collected, transported, and stored, and any changes or alterations
made to it. If the chain of custody is not properly maintained, it can cast doubt on the integrity and authenticity of the evidence, leading to its
exclusion from the trial.
upvoted 1 times
Protract8593 2 months ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: B
The chain of custody is a critical aspect of handling digital evidence. It is a documentation process that tracks the movement and handling of
evidence from the time it is collected until it is presented in court. If the chain of custody is not properly maintained, it can lead to the evidence
being deemed inadmissible in court, as it may cast doubt on the integrity and authenticity of the evidence. In this case, the judge determined that
the evidence gathered from the hard drive was not admissible because the chain of custody form did not properly note the time zone offsets
between transportation regions, raising concerns about the handling and integrity of the evidence during its movement.
Let me explain why option A is incorrect.
Option A states that the forensic investigator forgot to run a checksum on the disk image after creation. While running a checksum on the disk
image is a good practice to verify the integrity of the data, it is not the reason for the judge determining the evidence as inadmissible.
upvoted 2 times
Protract8593 2 months ago
店
店
A checksum is a value calculated from the data in a file to ensure that it has not been altered or corrupted during storage or transmission. It is
used to verify the integrity of the data and detect any changes or errors. However, the absence of a checksum alone does not make the
evidence inadmissible in court.
铺
;
铺
;
学
学
习
习 custody, as mentioned in option
The judge's decision to小
determine the evidence as inadmissible is most likely due to a breach in the chain of 小
店each person who had access
B. The chain of custody is a店
legal concept that ensures the proper handling and control of evidence, documenting
6
6 and any changes made to it. If there are any issues or gaps in the chain of custody66documentation, it can
to the evidence, the time of access,
cast doubt on the integrity and authenticity of the evidence, leading to it being deemed inadmissible in court.
In summary, the lack of a checksum on the disk image, as mentioned in option A, might be a procedural oversight, but it is not the primary
reason for the evidence being considered inadmissible. The more critical concern is the proper maintenance of the chain of custody, as
highlighted in option B.
upvoted 1 times
jb844 3 months, 2 weeks ago
"A" going against the grain. Even lawyers can tell there is a time difference between cities in US and international. From:
https://www.sans.org/blog/law-is-not-a-science-admissibility-of-computer-evidence-and-md5-hashes/
Could you get electronic evidence admitted without hashing? Yep.
Will hashing help admissibility of my evidence? Certainly, but it is not legally required.
What if someone brings up collisions in court? Again, usually an attempt to confuse the jury. But you can turn this on them by stating that it is
more likely that before showing up for jury duty, all the jurors randomly put the same 7 numbers into the Powerball Lottery and won. That has a
much greater chance of happening than a naturally occurring collision. (Thanks to Scott Moulton for that great analogy). With folks being
prosecuted on partial fingerprint matches or eye witness testimony from a guy driving by in a car at 30 MPH, do we really think this is a show
stopper for courts?
I think not noting EST, CST or other is irrelevant WHERE it came from will be center stage. (city, state, country) Offset is not needed in my humble
opinion. Hash is the most relevant.
upvoted 1 times
fouserd 4 months, 2 weeks ago
Selected Answer: B
The most likely reason for the judge to determine that evidence gathered from a hard drive was not admissible is B. The chain of custody form
did not note time zone offsets between transportation regions. The chain of custody is a record of the handling and storage of evidence,
including details such as who had access to the evidence, when it was accessed, and how it was transported. If the chain of custody form did not
accurately record the time zone offsets between transportation regions, it could cast doubt on the integrity and reliability of the evidence, leading
the judge to rule it inadmissible.
upvoted 1 times
Yawannawanka 5 months ago
B. The chain of custody form did not note time zone offsets between transportation regions.
The judge likely determined that the evidence gathered from the hard drive was not admissible due to a lack of proper documentation of the
chain of custody. The chain of custody refers to the chronological documentation that records the handling and movement of evidence from the
time it is collected until the time it is presented in court. The documentation must include detailed information, such as the date, time, location,
and individuals who had custody of the evidence.
店
店
铺
铺
;
学
习
;
学
习
小
In this case, the chain of custody
that the chain of custody
店 form did not note time zone offsets between transportation regions. This could小indicate
店
66the integrity of the
was not properly documented or6that
6 there were inconsistencies or gaps in the documentation, which could compromise
evidence. As a result, the judge may have determined that the evidence was not admissible in court.
Options A, C, and D are not directly related to the admissibility of evidence and are not likely to be the reason why the judge determined the
evidence to be inadmissible.
upvoted 1 times
Yawannawanka 5 months ago
B. The chain of custody form did not note time zone offsets between transportation regions.
The judge likely determined that the evidence gathered from the hard drive was not admissible due to a lack of proper documentation of the
chain of custody. The chain of custody refers to the chronological documentation that records the handling and movement of evidence from the
time it is collected until the time it is presented in court. The documentation must include detailed information, such as the date, time, location,
and individuals who had custody of the evidence.
In this case, the chain of custody form did not note time zone offsets between transportation regions. This could indicate that
淘宝店铺:https://shop63989109.taobao.com/
upvoted 1 times
mosher21 5 months ago
Selected Answer: A
This is another crappy question. Both A and B is correct. With no hash being taken no one can prove that the data was not tampered with. Likewise,
if chain of custody form was not held properly, judge can conclude it as inadmissible. In my opinion hashing the evidence for integrity check has
bigger magnitude than noting timezone offsets. Imagine there is pictures in the hard drive that proves a murder was committed. With no hash
check one can delete the pictures on the original hard drive later on, or worse a malicious forensic agent can insert fake AI generated pictures of a
murder into the image and there would be no way to prove (or it would be very difficult to prove) which data is authentic. but with hashes you can
prove no data was tampered with.
upvoted 3 times
Confuzed 5 months, 2 weeks ago
Selected Answer: B
Admissibility will always follow the chain of custody. The two sides can argue about how the evidence was processed and what it says, but the
judge will make the admissibility determination based on the chain of custody.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
fouserd 5 months, 2 weeks ago
小
小
店
店
6
6 chain of custody form
6
The reasoning behind the judge’s decision
that evidence gathered from a hard drive was not admissible could be due to6
Selected Answer: B
did not note time zone offsets between transportation regions. The chain of custody form is a document that tracks the movement of evidence
from one location to another. It is important that this document is accurate and complete to ensure that the evidence can be used in court. If there
are any discrepancies or errors in the chain of custody form, it can call into question the integrity of the evidence and make it inadmissible in
court.
upvoted 1 times
z3phyr 5 months, 3 weeks ago
If it's a question about admissibility of evidence, chances are the answer has something to do with Chain of custody.
upvoted 1 times
MasterControlProgram 5 months, 3 weeks ago
Selected Answer: B
The correct answer is not provided, as the context of the case and the reason for the judge's decision are not clear. However, in general, the
judge's decision to exclude evidence could be based on several factors, such as the relevance and reliability of the evidence, whether it was
obtained legally and in accordance with the Fourth Amendment, or whether it was properly preserved and authenticated. In the case of a hard
drive, the judge's decision to exclude evidence could be due to issues with the chain of custody, the collection and preservation process, the
authenticity of the data, or other factors that could affect the admissibility of the evidence in court.
upvoted 1 times
EricShon 6 months, 1 week ago
Selected Answer: B
Option B. The chain of custody form not noting time zone offsets between transportation regions could be seen as a significant error that could
call into question the integrity and authenticity of the evidence. It could suggest that there was not adequate control over the evidence and that it
may have been tampered with or mishandled during transport.
upvoted 1 times
Real_Fake_doors 7 months ago
Selected Answer: B
I think the answer should be A, but unfortunately because this is Comptia it's going to be B. Speaking from experience, most judges are not going
to throw out the evidence because of time zone changes unmarked. This is a comptia exam though so eff it let's say it's the time zone issue.
upvoted 3 times
Blake89 8 months ago
店
店
Selected Answer: B
铺
铺
"Regardless of the type of forensic data that is obtained or handled, it is important to maintain chain of custody if the forensic case may result in a
legal case." - CompTIA Study Guide book
upvoted 2 times
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #133
An organization wants to implement a biometric system with the highest likelihood that an unauthorized user will be denied access. Which of
the following should the organization use to compare biometric solutions?
A. FRR
B. Di culty of use
C. Cost
D. FAR
E. CER
店
店
铺
铺
;
;
学
学
习
Correct Answer: E
Community vote distribution
Highly Voted
小
店
66
D (52%)
stoneface
习
小
店
E (43%)
66
4%
1 year ago
Selected Answer: E
Crossover Error Rate (CER)—the point at which FRR and FAR meet. The lower the CER, the more efficient and reliable the technology.
Errors are reduced over time by tuning the system. This is typically accomplished by adjusting the sensitivity of the system until CER is reached.
upvoted 45 times
PraygeForPass 8 months, 1 week ago
The reason I like FAR (False acceptance rate) is because the company is more focused on making sure unauthorized users will be denied access.
They aren't too worried about FRR (False rejection rate) as these users will already have access, so they don't need to focus on comparing both
FAR and FRR using CER. That is why I pick D.
upvoted 16 times
Danalyst 1 year ago
Probably right, I chose D. FAR but the question is worded strangely, 'what should they compare against?'' CER would be more useful.
upvoted 6 times
Halaa 1 year ago
I agree with you .
As the sensitivity of a biometric system increases, FRRs will rise and FARs will drop.
upvoted 2 times
ffsilveira10 5 months, 1 week ago
But with low CER you are not certain that you have the lowest FAR.. In this case they are concerned about FAR, so I would go with option D.
upvoted 3 times
comeragh
Highly Voted
1 year ago
Selected Answer: D
"with the highest likelihood that an unauthorized user will be denied access" - I would think this is D (False Acceptance Rate).
upvoted 28 times
Gino_Slim 11 months ago
店
铺
I hope you didn't select this on the exam...
upvoted 5 times
;
学
店
铺
;
学
习
习
DriftandLuna 1 month,
小 3 weeks ago
小
店
店unauthorised entry is not
why not? It's the correct answer.
Read it carefully, the question is not about overall accuracy, it is about ensuring
6
66
6
permitted.
upvoted 2 times
Mperor 10 months, 2 weeks ago
lo. you funny
upvoted 4 times
zzzfox 1 year ago
False Acceptance Rate means the likelihood that an unauthorized used will be accessed(Acceptance)..
upvoted 4 times
NICKJONRIPPER 10 months ago
make this rate close to 0 to achieve the goal.
upvoted 3 times
Jacob_Kramer1995
Most Recent
淘宝店铺:https://shop63989109.taobao.com/
3 weeks, 2 days ago
Which of the following should the organization use to """"""""compare"""""""" biometric solutions. = CER
upvoted 1 times
rline63 3 weeks, 3 days ago
Selected Answer: D
CER is the best way to minimize errors in these systems. With this in mind, you can skew the errors in one direction if it is beneficial. In a high
security system, it would be better for a legitimate request to be denied than a malicious request to be accepted. This is why it is better in the
context of this question to focus on minimizing the false acceptance rate.
upvoted 2 times
sarah2023 1 month ago
Selected Answer: D
D. FAR as the accent is on preventing unauthorised access rather than overall accuracy. From the question I don't get the sense of them caring if
someone would falsely get denied access if it's for the sake of making sure the person is legitimate.
upvoted 1 times
店
店
铺
铺
;
;
ja1092m 1 month学
ago习
学
习
小
小
id go with D, CER is also known as the Equal Error Rate (EER). The Crossover Error Rate describes the overall accuracy of a biometric system,
because they asked what would be used to compare biometrics
upvoted 1 times
店
店
66
66
LetsDiscuss23 1 month, 1 week ago
Selected Answer: D
It is D
upvoted 1 times
predsednik 1 month, 2 weeks ago
Selected Answer: D
FAR (False Acceptance Rate)
The False Acceptance Rate (FAR) measures the probability that an unauthorized user is incorrectly granted access. A lower FAR indicates a system
that is less likely to accept unauthorized users, which aligns with the organization's goal of denying access to unauthorized users. Therefore, FAR is
the most relevant metric for this specific objective.
upvoted 1 times
DriftandLuna 1 month, 3 weeks ago
They are not asking about the accuracy of the system, they are asking which of these options will most likely reject an unauthorised user.
FAR is the false acceptance rate, that is all the question is concerned about, not overall accuracy.
Therefore the answer is D
upvoted 1 times
Nikamy 1 month, 3 weeks ago
Selected Answer: D
I choose D
upvoted 1 times
ApplebeesWaiter1122 1 month, 4 weeks ago
Selected Answer: D
FAR measures the probability that the biometric system incorrectly accepts the identity of an unauthorized user as a legitimate one. A lower FAR
indicates that the system is less likely to allow unauthorized access.
upvoted 2 times
Protract8593 2 months ago
Selected Answer: D
店
铺
The correct answer is D, not E.
;
店
铺
;
学
学 likelihood that an unauthorized user
The question asks which
metric should the organization use to compare biometric solutions with the highest
习
习 as it represents the likelihood of
will be denied access. In this
小context, the organization should focus on reducing the False Acceptance Rate (FAR),
小
店
店
an unauthorized user being incorrectly
granted access (false positive).
66
66
The Crossover Error Rate (CER) is used to find the point where FAR and False Rejection Rate (FRR) are equal. While CER is helpful in comparing
biometric systems overall, it does not directly address the organization's specific goal of maximizing the likelihood that unauthorized users will
be denied access. Therefore, D. FAR (False Acceptance Rate) is the best choice for this scenario.
upvoted 1 times
LiteralGod 2 months ago
Selected Answer: E
Crossover Error Rate
upvoted 1 times
Haykinz 2 months, 1 week ago
Selected Answer: E
It’s CER since they’re ‘comparing’ biometric solutions. FRR vs FAR
upvoted 2 times
淘宝店铺:https://shop63989109.taobao.com/
frejus 2 months, 2 weeks ago
Selected Answer: E
E is the best answer for me according to this part from the book "Crossover Error Rate (CER)—the point at which FRR and FAR meet. The lower the
CER, the more efficient and reliable the technology.
Errors are reduced over time by tuning the system. This is typically accomplished by
adjusting the sensitivity of the system until CER is reached."
upvoted 1 times
Taitoo 2 months, 2 weeks ago
Selected Answer: D
The False Acceptance Rate (FAR) is a measure that indicates the probability of an unauthorized user being incorrectly granted access by the
biometric system. the organization should use option D: FAR (False Acceptance Rate).
upvoted 1 times
Essi 4 months ago
店
店
铺
铺
;
;
The organization should
学 use D. FAR (False Acceptance Rate) to compare biometric solutions.
学
习
习
小 wanting to ensure the highest likelihood that an unauthorized user will be denied
小access, the FAR is the most
In the context of an organization
店
店
relevant metric. This is because the
FAR measures the probability that a biometric system will incorrectly grant access to6an unauthorized user. A
6
6 to prevent unauthorized access.
6
system with a lower FAR is more likely
Selected Answer: D
The other options like FRR, Difficulty of use, Cost, and CER are important considerations as well, but they do not directly address the concern of
denying access to unauthorized users. FRR pertains to denying access to authorized users, difficulty of use impacts user experience, cost is a
budgetary concern, and CER is usually related to character recognition systems rather than biometric authentication.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #134
A company recently experienced a signi cant data loss when proprietary information was leaked to a competitor. The company took special
precautions by using proper labels; however, email lter logs do not have any record of the incident. An investigation con rmed the corporate
network was not breached, but documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage.
Which of the following is the BEST remediation for this data leak?
A. User training
B. CASB
C. MDM
D. DLP
店
店
铺
铺
;
;
学
学
习
习
小
Correct Answer: A
店
66
Community vote distribution
D (62%)
stoneface
小
店
66
A (22%)
Highly Voted
Other
1 year ago
Selected Answer: D
This would be handled perfectly by a DLP agent installed on those COBE devices.
upvoted 27 times
sujon_london 1 month, 2 weeks ago
DLP is valid choice, what on earth where cloud involved in this particular situation why we should go over CASB than DLP.
CASB is well-suited answer in this particular situation. As inside threat persisted A user trading would not work be adequate/effective.
upvoted 1 times
Warza
Highly Voted
1 year ago
Selected Answer: A
The first sentence legitimately tells you that they labeled the data properly for DLP and that the email system has no logs of DLP incidents. The
user downloaded it themselves and shared it manually through a cloud provider. This can be remedied with user training.
upvoted 18 times
zzzfox 1 year ago
Disagree, "passed to the competitor" indicate this person could be insider threat, user training wouldn't help at all.
upvoted 24 times
sujon_london 1 month, 2 weeks ago
It could be even hacker hacked COPE tablet and downloaded then passed to competitor. Here bit gray area not clear wording
upvoted 1 times
RonWonkers 1 year ago
zzzfox has a good point
upvoted 1 times
Sezz 8 months, 3 weeks ago
店
铺
店
铺
User Training does not make sense here. Trained user could also send this kind of sensitive or important infos or files by mistake. Cos of this
we have DLP.
upvoted 1 times
;
;
学
学
习
小
店
习
小
店
6
6 mean they're already used in a DLP solution. Top-secret documents were a thing6well
6 before the advent of
Just because they labeled it doesn't
Orean 10 months, 2 weeks ago
the Digital Age and were labeled accordingly.
User-training seems implausible because the user seems to be doing this deliberately by sharing it with competitors, meaning they're probably
incorrigible in that regard.
upvoted 6 times
deeden 1 year ago
Yeah... not sure how effective DLP is on personally enabled devices, especially when users have access to Yahoo or Gmail.
upvoted 1 times
andrizo 11 months, 2 weeks ago
its a cope device
upvoted 2 times
mainskrillz
Most Recent
6 days, 13 hours ago
淘宝店铺:https://shop63989109.taobao.com/
ANSWER IS CASB, DLP WAS NOT IN THE OPTIONS FOR ME
upvoted 3 times
RogerW 2 weeks, 6 days ago
I believe it is DLP and not CASB. DLP is installed on the COPE. CASB is placed between the cloud and COPE. Since the user uploaded the file to
cloud storage for a competitor, one has to assume that it is not the company's cloud storage. CASB would only be valid if the competitor had
access to the same cloud. I think not.
upvoted 2 times
TOMSLICK 3 weeks, 4 days ago
DLP is the BEST for data leaks.
upvoted 1 times
gho5tface 1 month ago
店
Key sentence.
铺
; downloaded from an employee's COPE tablet"
"but documents were
学
习
upvoted 1 times
小
店
gho5tface 1 month ago
66
店
铺
;
学
习
小
店
66
D. DLP
upvoted 1 times
Yaakb 1 month, 2 weeks ago
D. First of all, I agree with those who are saying the employee passed this info or data on purpose. So it wasn't that the employee didn't know
what he was doing. So user training wouldn't be a good option in this scenario.
upvoted 1 times
ApplebeesWaiter1122 1 month, 3 weeks ago
Selected Answer: B
the BEST remediation for the data leak described in the scenario would be to implement a CASB (Cloud Access Security Broker) solution. CASB can
provide visibility and control over cloud services and applications, including the ability to enforce security policies, detect and prevent data
exfiltration, and monitor user activities in cloud environments.
By implementing CASB, the company can gain better control over data stored in cloud services and prevent unauthorized access and data leakage,
such as what occurred when proprietary information was leaked to a competitor via cloud storage. CASB can help address the security and data
protection challenges associated with using cloud services and reduce the risk of future data breaches.
upvoted 3 times
Protract8593 2 months ago
Selected Answer: D
If the data was indeed labeled and the leak still occurred, it would suggest that a Data Loss Prevention (DLP) solution might already be in place,
but it did not effectively prevent the data leak.
Given that the data was downloaded from an employee's COPE tablet and passed to the competitor via cloud storage, it's possible that the
existing DLP solution was not configured to detect or block such data transfers. In this case, the most appropriate remediation would be to
reevaluate and enhance the current DLP configuration to include monitoring and blocking data transfers to unauthorized cloud storage services.
In summary, the correct answer would be:
D. DLP (Data Loss Prevention)
By improving the DLP configuration to better detect and prevent unauthorized data transfers, the organization can reduce the risk of future data
leaks and enhance the protection of its proprietary information.
upvoted 1 times
店
铺
店
铺
;
; need to prevent both scenarios so it's
A well-trained user学
accidentally passing on sensitive info? Same result as a hacker doing it deliberately. You
学
DLP.
习
习
小
小
upvoted 1 times
店
店
66
66
Dan_26 4 months ago
Kaps443 4 months, 3 weeks ago
Selected Answer: D
The BEST remediation for this data leak is to implement a Data Loss Prevention (DLP) solution. A DLP solution can help prevent sensitive data from
being copied, downloaded, or transmitted to unauthorized destinations. It can also detect and alert on suspicious activities related to data access
and exfiltration. User training, Cloud Access Security Broker (CASB), and Mobile Device Management (MDM) are all important security measures,
but they cannot prevent data leakage as effectively as a DLP solution.
upvoted 2 times
MorganB 4 months, 4 weeks ago
MorganB 0 minutes ago Awaiting moderator approval
Pass my exam 27, April 23. This question was on my tested worded differently but the answer is the same.
upvoted 2 times
mosher21 5 months ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: B
This exact question was on somewhere else and all options were same except DLP. It had EDR instead of DLP. So considering this, neither DLP nor
EDR are correct. User training is definitely not correct since this is clearly an insider threat. So what we got are CASB and MDM. I go with CASB
because it provides visibility over who accesses cloud and what they are doing etc.
upvoted 1 times
Yawannawanka 5 months ago
D. DLP (Data Loss Prevention).
Data Loss Prevention (DLP) is the best remediation for this data leak, as it is designed to identify, monitor, and protect sensitive data in use, in
transit, and at rest. In this scenario, the data leak occurred when the proprietary information was downloaded from an employee's COPE tablet and
passed to the competitor via cloud storage. DLP can help prevent data loss by monitoring and controlling how data is being used, identifying
sensitive data and its location, and setting policies to prevent data exfiltration.
Option A, user training, is important but not sufficient to prevent data loss. Even with proper training, employees may still inadvertently or
intentionally leak sensitive information. Option B, CASB (Cloud Access Security Broker), can provide visibility and control over cloud services to
detect and prevent data leaks, but it may not be sufficient in this scenario where the data was downloaded from a COPE tablet. Option C, MDM
(Mobile Device Management), can help manage and secure mobile devices in the enterprise, but it may not prevent data leaks if the data is
accessed through cloud storage.
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
Dutch012 5 months ago
66
Can the company force DLP on (CO Personal Enabled) Devices?
I don't know the answer but I will go with C.
upvoted 2 times
sujon_london 1 month, 2 weeks ago
Yes company can force DLP on COPE devices
upvoted 1 times
Bl1024 5 months, 1 week ago
Selected Answer: C
COPE Tablet means it can be installed with MDM to make it impossible to make improper use of information.
upvoted 1 times
Confuzed 5 months, 2 weeks ago
Selected Answer: C
I think MDM and DLP are equally good here. While DLP is probably the right answer, I think MDM may be better (depending on how it is
implemented). MDM can force an always on VPN, so the user couldn't send the file out to the cloud. It can restrict the storage of files, or at least
place them in secure storage on the device. It can restrict what apps can be used within the corporate partition of the device, preventing access to
unapproved cloud storage. Without MDM, you can't enforce DLP on the tablet at all.
For these reasons, I think MDM is the right answer, even if DLP is what CompTIA wants.
upvoted 4 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #135
An attacker was eavesdropping on a user who was shopping online. The attacker was able to spoof the IP address associated with the shopping
site. Later, the user received an email regarding the credit card statement with unusual purchases. Which of the following attacks took place?
A. On-path attack
B. Protocol poisoning
C. Domain hijacking
D. Bluejacking
店
店
铺
Correct Answer: A
铺
;
;
学
Community vote distribution
习
学
习
小
店
A (85%)
Josh_Feng
Highly Voted
66
小
店
C (15%)
66
1 year ago
Selected Answer: A
On path attack is often known as man in the middle.
upvoted 13 times
banditring 1 year ago
I was getting confused as to what an on path attack is
upvoted 4 times
NerdAlert 6 months, 1 week ago
just think - the attacker is on the same path as the victim and their destination, just in the middle between them
upvoted 3 times
Kraken84
1 month, 2 weeks ago
Most Recent
" eavesdropping " LISTENING IN..... MITM.....
upvoted 1 times
ApplebeesWaiter1122 1 month, 3 weeks ago
Selected Answer: A
In an on-path attack, also known as a Man-in-the-Middle (MITM) attack, the attacker intercepts and relays communication between two parties,
making them believe they are communicating directly with each other. The attacker can eavesdrop on the communication and even modify the
data transmitted between the parties.
In this scenario, the attacker was eavesdropping on the user's online shopping session, and by spoofing the IP address associated with the
shopping site, they could intercept the user's communication with the site. The attacker then modified the data, resulting in the user receiving an
email regarding unusual purchases on their credit card statement, which the attacker may have initiated.
upvoted 1 times
Protract8593 2 months ago
Selected Answer: A
Based on the information provided, the attack that took place is a:
A. On-path attack
店
店
铺
铺
;
;
In an on-path attack (also known as a man-in-the-middle attack), the attacker intercepts and relays communication between two parties. In this
scenario, the attacker eavesdropped on the user's communication with the shopping site and spoofed the IP address to trick the user into thinking
they were communicating with the legitimate site while in reality, the attacker was in the middle of the communication.
学
学
习
小
店
习
小
店
6
66to the unusual credit
As a result, the attacker was able to6obtain the user's credit card information and conduct unauthorized purchases, leading
card statement.
upvoted 1 times
Protract8593 2 months ago
The other options are not applicable to the given scenario:
B. Protocol poisoning: This term is not commonly used, and it is not specifically related to the attack described in the scenario.
C. Domain hijacking: Domain hijacking typically involves unauthorized changes to a domain's registration settings, which is not mentioned in
the scenario.
D. Bluejacking: Bluejacking refers to the practice of sending unsolicited messages or data over Bluetooth to a user's mobile device. It is
unrelated to the eavesdropping and IP spoofing described in the scenario.
Therefore, the correct answer is:
淘宝店铺:https://shop63989109.taobao.com/
A. On-path attack
upvoted 1 times
MasterControlProgram 5 months, 3 weeks ago
Selected Answer: A
A. On-path attack. The attacker was able to intercept and manipulate the communication between the user and the shopping site by spoofing the
IP address, leading to the interception of the user's credit card information.
upvoted 1 times
Omi0204 6 months, 2 weeks ago
Answer is B.
DNS Highjacking and DNS spoofing/poisoning are the type of On-path attack. Now read this:DNS spoofing/cache poisoning: This is an attack where forged DNS data is introduced into a DNS resolver’s cache, resulting in the resolver
returning an incorrect IP address for a domain. Instead of going to the correct website, traffic can be diverted to a malicious machine or anywhere
else the attacker desires; often this will be a replica of the original site used for malicious purposes such as distributing malware or collecting
login information.
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
In this question, IP spoofed and traffic diverted to the spoofed IP where attacker already craeted a replica copy of actual website. When use
entered his/her credit card details, it was collected by attacker and then later on used user create card with collected information to make the
purchase and then user received email with credit card statement.
upvoted 3 times
66
66
medulan 7 months, 2 weeks ago
Selected Answer: A
If victim paid for example for shopping 50$ and it went to some other account then yes hijacking but there was many payments made for
different stuff what suggests someone had his card details hence on-path attack
upvoted 1 times
Boubou480 8 months, 2 weeks ago
Selected Answer: C
C. Domain hijacking
Domain hijacking refers to the unauthorized acquisition of control over a domain name. In this case, the attacker was able to spoof the IP address
associated with the shopping site, which means they were able to redirect traffic intended for the legitimate website to a different website under
their control. This allowed the attacker to eavesdrop on the user while they were shopping online and potentially steal their credit card
information.
An on-path attack is an attack in which the attacker has control over a network along the path between the sender and the receiver. Protocol
poisoning is a type of attack in which an attacker modifies a protocol message in an attempt to disrupt or subvert normal communication.
Bluejacking is a type of attack in which an attacker sends unsolicited messages to Bluetooth-enabled devices. None of these attacks are directly
related to the scenario described in the question.
upvoted 4 times
rodwave 10 months, 2 weeks ago
Selected Answer: A
Answer: On-path attack
An On-path attack(Man in the Middle) occurs when an attacker place themselves between two devices (often a web browser and a web server) and
intercept or modify communications between the two.
In this question, the attacker was eavesdropping on the connection which means they placed themselves between the user and the shopping site
and intercepted the communication.
The attacker had likely captured credit card information or account information from the site to be able to make the purchases.
upvoted 2 times
店
店
铺
;
学
铺
;
学
习
Are you guys forgetting
with
小in the question it states "The attacker was able to spoof the IP address associated习
小the shopping site"
店
店
upvoted 2 times
66
66
Bogardinc 8 months ago
princajen 6 months, 2 weeks ago
No, spoofing an IP address and hijacking a domain are two different types of attacks. In a domain hijacking attack, the attacker gains control
of a domain name and redirects users to a different site that appears to be the legitimate one. In the scenario you described, the attacker
spoofed the IP address of the shopping site, which means they sent packets to the user's computer with a false source IP address, making it
appear as if the packets were coming from the shopping site. This allowed the attacker to intercept and view the user's traffic, including
their credit card information, without the user's knowledge. This is an example of an on-path attack or a man-in-the-middle attack.
upvoted 4 times
alayeluwa 11 months, 2 weeks ago
Selected Answer: A
Man in the middle.
upvoted 1 times
ostralo 11 months, 2 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: A
A,
FYI,
Domain hijacking is the act of changing the registration of a domain name without the permission of the original owner, or by abuse of privileges
on domain hosting and domain registrar systems.
upvoted 1 times
comeragh 1 year ago
Selected Answer: A
"Eavesdroppping" - On-Path
upvoted 2 times
KetReeb 1 year ago
A: On-path (MTM) - attacker was eavesdropping on the communications, spoofed the IP of the shopping site that the victim thought was legit, a
purchase was attempted, credit info intercepted.
upvoted 4 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #136
A company is considering transitioning to the cloud. The company employs individuals from various locations around the world. The company
does not want to increase its on premises infrastructure blueprint and only wants to pay for additional compute power required. Which of the
following solutions would BEST meet the needs of the company?
A. Private cloud
B. Hybrid environment
C. Managed security service provider
D. Hot backup site
店
店
铺
铺
;
;
学
Correct Answer: B
学
习
Community vote distribution
小
店
Highly Voted
店
66
B (79%)
RonWonkers
习
小
66
A (21%)
1 year ago
Selected Answer: B
The company does not want to increase its on premises infrastructure blueprint, it's B.
upvoted 12 times
Confuzed
Highly Voted
5 months, 2 weeks ago
Selected Answer: B
The important thing to notice is that B is "hybrid ENVIRONMENT" not "hybrid CLOUD". A hybrid environment is a mix of private network and
cloud, while a hybrid cloud is a mix of private cloud and public cloud.
This company wants to provide services in the cloud, but maintain their existing on prem environment... that's a hybrid environment.
upvoted 5 times
ApplebeesWaiter1122
Most Recent
1 month, 3 weeks ago
Selected Answer: B
A hybrid environment combines the use of on-premises infrastructure with cloud-based services. In this scenario, the company can maintain its
existing on-premises infrastructure blueprint and utilize additional compute power in the cloud as needed. This approach allows the company to
scale resources dynamically, paying for the compute power required, without the need to invest in additional on-premises infrastructure.
upvoted 1 times
Protract8593 2 months ago
Selected Answer: B
A hybrid environment allows the company to take advantage of both on-premises infrastructure and cloud services. It provides the flexibility to
use the cloud for additional compute power when needed, without the need to increase the on-premises infrastructure footprint. The company
can scale up or down based on demand, and only pay for the additional resources required during peak times, optimizing costs.
upvoted 1 times
SHAKERRAB93 5 months ago
B.
Hybrid
Reason: Company employees from different regions, they need to be able to access enviornmant- public access
But the company needs to be able to privately utilize the environment and maintain security- Private ….
Idk thinking outloud lmk
upvoted 1 times
店
店
铺
铺
;
学
习
z3phyr 5 months, 3 weeks小
ago
店
66their on-prem infrastructure with the cloud.
It's Hybrid. They need to integrate
;
学
习
小
店
66
upvoted 3 times
MasterControlProgram 5 months, 3 weeks ago
Selected Answer: A
A. Private cloud
upvoted 2 times
monzie 5 months, 4 weeks ago
Selected Answer: A
A. Private cloud
A private cloud can provide the company with the ability to dynamically provision and deprovision compute resources based on the current needs
of the organization. With a private cloud, the company can avoid the expense of additional on-premises infrastructure while still maintaining full
淘宝店铺:https://shop63989109.taobao.com/
control over the security and management of its data
and applications. Additionally, a private cloud can be accessed by authorized personnel from
anywhere in the world, making it ideal for a globally distributed workforce.
upvoted 3 times
examrobo 5 months, 3 weeks ago
Do you always pick a different answer?
upvoted 1 times
medulan 7 months, 2 weeks ago
This cloud is only going to be used by one company hence should be Private. It would be Hybrid if they wanted to expand operate in Public web
upvoted 1 times
Ranaer 7 months ago
According to Messer:
Hybrid cloud is - – Combination of internal cloud resources with external
店
店
铺
;
铺
;
This means that B. Hybrid environment fits perfectly for the question.
upvoted 1 times
学
学
习
习
小
小
店
店
T_dawg 6 months, 2 weeks ago
66
66
Well either Messer or you are wrong. Hybrid is public and private cloud, not cloud and on-premise.
upvoted 1 times
sirpsionics 2 months ago
It's hybrid. Not sure why you or anyone else would say otherwise.
https://cloud.google.com/learn/what-is-hybrid-cloud
upvoted 1 times
Boubou480 8 months, 2 weeks ago
B. Hybrid environment
A hybrid environment is a cloud computing model that combines on-premises infrastructure with a cloud infrastructure. This type of solution
would allow the company to retain control over some of its infrastructure while also taking advantage of the flexibility and scalability of the cloud.
This would allow the company to pay for additional compute power as needed and avoid the need to increase its on-premises infrastructure.
A private cloud is a cloud infrastructure that is operated solely for a single organization. It is not suitable for a company with employees located
around the world because it does not provide the flexibility and scalability of a public cloud. A managed security service provider is a third-party
that provides security services to an organization. It is not directly related to the company's need to transition to the cloud. A hot backup site is a
backup site that is always active and ready to take over in the event of a disaster. It is not related to the company's need to transition to the cloud.
upvoted 2 times
MathDayMan 10 months, 3 weeks ago
B it's B.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #137
After multiple on premises security solutions were migrated to the cloud, the incident response time increased. The analysts are spending a long
time trying to trace information on different cloud consoles and correlating data in different formats. Which of the following can be used to
optimize the incident response time?
A. CASB
B. VPC
C. SWG
D. CMS
店
店
铺
铺
;
;
学
Correct Answer: C
学
习
小
店
Community vote distribution
Highly Voted
店
66
A (82%)
stoneface
习
小
66
D (18%)
1 year ago
Selected Answer: A
CASB, better may to keep track accross multiple cloud based security solutions > Open to discussion
upvoted 22 times
zzzfox 1 year ago
Agree, consider CASB can be deployed on-premised as well as cloud
upvoted 1 times
Kandy357
Highly Voted
8 months, 2 weeks ago
Selected Answer: A
Answer should be CASB.
As per CompTIA Sec+ objectives, CMS is a content management system, not a cloud.
CMP term is used for Cloud Management Platforms.
upvoted 12 times
shover 8 months, 1 week ago
Thanks , i was just about to say that when i went to look up the Acronym in the objectives.
upvoted 1 times
ApplebeesWaiter1122
Most Recent
1 month, 3 weeks ago
Selected Answer: A
CASB stands for Cloud Access Security Broker, which is a security solution that helps organizations secure data and applications in cloud
environments. CASBs act as intermediaries between cloud service users and cloud service providers, providing visibility, control, and security
features to monitor and protect data as it moves between the organization's network and cloud services.
In the given scenario, the incident response time increased after migrating security solutions to the cloud because analysts are dealing with
different cloud consoles and data in various formats. Implementing a CASB can help optimize incident response time by providing a centralized
platform to monitor and manage security events across multiple cloud services. CASBs can aggregate logs and events from various cloud
platforms, standardize data formats, and provide a single pane of glass for security analysts to investigate and respond to incidents more
efficiently.
upvoted 1 times
店
店
铺
铺
;
;
Protract8593 2 months ago
学
Selected Answer: A
学
习
习
小
店
小
店
A Cloud Access Security Broker (CASB) is a security solution specifically designed to provide visibility, control, and data security across multiple
cloud services. It acts as an intermediary between an organization's on-premises infrastructure and cloud providers, offering centralized visibility
and management of cloud-related security incidents and data.
66
66
By using a CASB, security analysts can have a single point of access to monitor and manage security events and data across different cloud
consoles. It helps to correlate data in a consistent format, simplifying the incident response process and reducing response times.
upvoted 1 times
Dutch012 4 months, 2 weeks ago
Amm, so CASB acts like a SIEM solution but for cloud, Okay good to know.
upvoted 3 times
Yawannawanka 5 months ago
A Cloud Access Security Broker (CASB) can be used to optimize the incident response time after multiple on premises security solutions are
migrated to the cloud. CASBs provide centralized visibility and control over cloud applications and data, allowing analysts to quickly correlate data
in a single console and take immediate action to mitigate incidents. Therefore, option A is the correct answer.
淘宝店铺:https://shop63989109.taobao.com/
VPC (Virtual Private Cloud) is a cloud networking construct
that allows a company to create an isolated private network in the cloud, but it does
not optimize the incident response time. SWG (Secure Web Gateway) is a cloud-based security solution that provides protection against webbased threats, but it does not directly address the issue of incident response time. CMS (Content Management System) is a software application
that allows for the creation, modification, and publishing of digital content, but it is not a security solution and does not address incident
response.
upvoted 2 times
user82 5 months ago
Why do people keep typing “ago”
upvoted 1 times
Confuzed 5 months, 2 weeks ago
Selected Answer: A
I think the answer is CASB, for perhaps a different reason than others. It states that several security systems were moved from on prem to the
cloud. It's likely that CASB could REPLACE those systems, providing a single pane of glass for responding to incidents.
店
店
铺
铺
No other solution is going to consolidate and simplify information from their legacy on prem solutions that they moved to the cloud.
upvoted 1 times
;
;
学
学
习 2 weeks ago
jhfdkjshfkjdsho 7 months,
小
店
Selected Answer: A
66
习
小
店
66
https://www.microsoft.com/en-us/security/business/security-101/what-is-a-cloud-access-security-broker-casb
upvoted 1 times
mlonz 7 months, 4 weeks ago
A cloud access security broker (CASB) is a software tool or service deployed between an organizations network and the cloud provider. It provides
security by monitoring traffic and enforcing security policies.
A next generation secure web gateway (SWG) provide proxy service for traffic from clients to Internet sites, such as filtering URLs and scanning for
malware.
upvoted 2 times
Sandon 8 months ago
Selected Answer: D
ChatGPT says the answer is D. Configuration management system
upvoted 1 times
ThreeKings 5 months, 2 weeks ago
ChatGPT got the answer right (Option A) as of 09Apr23. The point? As a sole or primary source, ChatGPT is not a recommended resouce,
however, it is getting better and it serves as another resource that provides good information most of the time. This community provides
some of the best information for consideration and ChatGPT is great at expanding what the community recommends.
upvoted 1 times
ExamLSMotor 8 months ago
ChatGPT wrong bro
upvoted 6 times
Sandon 7 months, 4 weeks ago
Yes it is
upvoted 1 times
shover 8 months, 1 week ago
As per the Comptia SYO-601 Acronym list : CMS: Content management system, not cloud management system. I'm sure Cloud management
system is a real thing but according to the Sec+ exam objectives CMS is something totally different.
upvoted 3 times
店
铺
Boubou480 8 months, 2 weeks ago
;
Selected Answer: D
D. CMS
学
店
铺
;
学
习
习
小
店
66
小
店
66
A Cloud Management System (CMS) is a tool that helps to manage and monitor cloud resources. It can be used to optimize incident response
time by providing a centralized platform for viewing and analyzing data from multiple cloud consoles. This can help analysts to more quickly trace
information and correlate data, as they do not have to switch between different consoles and deal with data in different formats.
A Cloud Access Security Broker (CASB) is a security solution that sits between an organization's on-premises infrastructure and the cloud and helps
to secure data in the cloud. A Virtual Private Cloud (VPC) is a virtual network that is dedicated to an organization and isolated from other virtual
networks in the cloud. A Secure Web Gateway (SWG) is a security solution that is used to protect an organization's users from internet-based
threats. None of these solutions are directly related to optimizing incident response time in the way that a CMS is.
upvoted 5 times
mike47 9 months, 1 week ago
Selected Answer: A
CASB vs SWG
CASB is the more optimal solution for multiple on premises security solutions
CASB services are explicitly designed to fit the needs of large enterprises
淘宝店铺:https://shop63989109.taobao.com/
You can access link and read about it:
https://www.gend.co/blog/casb-or-swg-which-is-best-option-for-your-enterprise
upvoted 1 times
FMMIR 9 months, 2 weeks ago
Selected Answer: D
To optimize the incident response time, the company could implement a Cloud Management System (CMS). A CMS is a tool that allows an
organization to manage and monitor all of its cloud-based resources and services from a single, centralized platform. This would enable the
analysts to quickly access and correlate data from different cloud consoles and formats, reducing the time and effort required to respond to
security incidents. Other solutions such as a Cloud Access Security Broker (CASB) or a Secure Web Gateway (SWG) could also help to improve
security in the cloud, but a CMS would be the most effective solution for optimizing incident response time in this scenario. A Virtual Private
Cloud (VPC) would not be relevant in this context
upvoted 3 times
FMMIR 9 months, 2 weeks ago
The difference between a Cloud Access Security Broker (CASB) and a Cloud Management System (CMS) is that a CASB is a security solution that
sits between an organization's on-premises infrastructure and its cloud-based resources and services, while a CMS is a tool that allows an
organization to manage and monitor all of its cloud-based resources and services from a single, centralized platform. A CASB can help to
improve security by enforcing policies and controls on access to cloud-based resources, but it does not directly affect incident response time.
A CMS, on the other hand, can help to optimize incident response time by enabling analysts to quickly access and correlate data from different
cloud consoles and formats. Both solutions can be useful in optimizing security in the cloud, but they have different functions and capabilities.
upvoted 4 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
66
Halaa 1 year ago
Selected Answer: A
https://www.instreamcorp.com/wp-content/uploads/2018/11/What-is-CASB.jpg
upvoted 2 times
Halaa 1 year ago
(Image)
upvoted 1 times
Halaa 1 year ago
CASB provides critical security tool that help control , monitoring, compliance management , data security and threat protection that will
optimize incident response time.
upvoted 2 times
Yuyuyakuza 1 year ago
C. SWG deploy swg as part of a SASE solution. could based service to insepct traffic and enforce policies without diverting traffic. esentially unlike
CASB which hurts network performance and employee productivity.
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #138
Which of the following control types would be BEST to use in an accounting department to reduce losses from fraudulent transactions?
A. Recovery
B. Deterrent
C. Corrective
D. Detective
Correct Answer: D
店
店
铺
Community vote distribution
;
D (52%)学
习
铺
;
B (25%)
小
学
习
C (23%)
小
店
店
okay123
66
66
1 year ago
Highly Voted
Detective controls – look for both fraudulent and unintentionally improper transactions after the fact. Examples of detective controls include
reconciliations, variance analyses, physical inventories, audits, and continuous monitoring through data analytics.
upvoted 22 times
andrizo
Highly Voted
11 months, 2 weeks ago
Selected Answer: D
Just to break the gridlock.
A - If the bank refunds the transactions
B - If it's an insider threat
C - Rectify skimmed transactions
D- Definitely kibosh insider threats, and most likely to be implemented whether external or internal
upvoted 10 times
sarah2023
Most Recent
1 month ago
Selected Answer: C
C. Corrective because the question is about reducing the loss, not reducing the likelihood of the fraud happening. My understanding is that we
talk about a post attack control.
As per the CompTIA official guide: Corrective—the control acts to eliminate or reduce the impact of an intrusion event. A corrective control is
used after an attack.
upvoted 1 times
ApplebeesWaiter1122 1 month, 3 weeks ago
Selected Answer: B
Deterrent controls are designed to discourage potential attackers or fraudsters from attempting to commit fraudulent activities. In the context of
the accounting department, implementing deterrent controls would make it more challenging or risky for individuals to engage in fraudulent
transactions, thus reducing the likelihood of such activities occurring in the first place. Examples of deterrent controls could include strict access
controls, separation of duties, and clear policies and procedures regarding financial transactions.
upvoted 1 times
Protract8593 2 months ago
Selected Answer: D
Detective controls are designed to identify and detect incidents or fraudulent activities that have already taken place. In the context of an
accounting department, detective controls could include the implementation of monitoring systems, audit trails, and log analysis to identify
suspicious transactions and activities that may indicate fraudulent behavior.
店
店
铺
铺
;
;
学
学
习
习
Detective controls are essential for incident response and help in uncovering fraudulent transactions after they have happened, which allows for
timely investigation and remediation to reduce losses and prevent similar incidents in the future.
upvoted 1 times
小
店
66
小
店
66
fouserd 4 months, 2 weeks ago
Selected Answer: D
To reduce losses from fraudulent transactions in an accounting department, the BEST control type to use would be D. Detective. Detective controls
are designed to identify and detect fraudulent activities or errors that have already occurred. These controls can include activities such as
reconciliations, audits, and reviews of transactions. By implementing detective controls, the accounting department can quickly identify and
investigate any fraudulent transactions, thereby reducing losses.
upvoted 1 times
aw23 4 months, 2 weeks ago
chatgpt said deterent
upvoted 2 times
Abdul2107 5 months ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: D
D. Detective, based on ChatGPT:
The best control type to use in an accounting department to reduce losses from fraudulent transactions is Detective.
Detective controls are designed to identify and detect fraud after it has occurred. These controls can include things like monitoring bank accounts
for unusual activity, conducting regular audits, and reviewing financial statements for discrepancies. By identifying fraudulent activity as soon as
possible, corrective action can be taken to minimize losses.
While other control types such as deterrent or corrective controls can also be useful in preventing fraud, they may not be as effective in detecting
fraud that has already occurred. Recovery controls, on the other hand, are designed to recover lost assets after a fraud has occurred, which can be
helpful but not as effective as detecting the fraud beforehand.
upvoted 2 times
mosher21 5 months ago
Selected Answer: C
店
店
铺
铺
Corrective controls are implemented after detective controls to rectify the problem and (ideally) prevent it from happening again
upvoted 2 times
;
;
学
学
习
习
小
小
店
店
Corrective controls are designed6to identify and correct issues that have already occurred. They are used to reduce the impact
66 of an event and to
6
prevent its recurrence. In this case, implementing corrective controls in an accounting department would be the best approach to reduce losses
Yawannawanka 5 months ago
from fraudulent transactions. This could include measures such as implementing separation of duties, performing regular audits, and
implementing financial reporting controls.
upvoted 1 times
SOCK1 5 months, 1 week ago
Selected Answer: B
Deterrent Before it happens, Detective after it happened.
upvoted 2 times
LePecador 2 months, 1 week ago
But the fraudulent transactions are already made, right ? That's why I choose D) Detective
upvoted 1 times
milktea810182 5 months, 2 weeks ago
Selected Answer: B
B is the answer.
upvoted 2 times
stonefacegroupie 5 months, 2 weeks ago
On a previous question, detective was only a method used after an incident. If you can only detect then you can only see that you are losing
money. Deterrent seems to be a better option given that if it will do its intended purpose it will deter people from committing fraudulence.
upvoted 1 times
MasterControlProgram 5 months, 3 weeks ago
Selected Answer: B
B. Deterrent controls are designed to discourage potential attackers or perpetrators from carrying out an attack or fraudulent activity. In the
context of an accounting department, deterrent controls might include policies and procedures that establish clear guidelines for financial
transactions, as well as oversight and accountability mechanisms to monitor for suspicious activity. By implementing strong deterrent controls,
organizations can discourage fraudulent behavior before it occurs, reducing the risk of losses due to fraudulent transactions.
upvoted 3 times
monzie 5 months, 4 weeks ago
Selected Answer: B
店
B. Deterrent.
店
铺
铺
;
;
学
学
Deterrent controls are implemented to discourage an individual from attempting an unauthorized action. In this case, a deterrent control would
discourage an employee from committing fraudulent transactions, and would include measures such as mandatory training on ethics, penalties for
fraudulent behavior, and strong internal controls to prevent and detect fraudulent activities.
upvoted 1 times
习
习
小
店
66
小
店
66
princajen 6 months, 2 weeks ago
Selected Answer: B
B. Deterrent
Deterrent controls discourage or discourage fraudulent activities by implementing measures such as mandatory vacations, separation of duties,
and regular auditing. By making it difficult or risky to engage in fraudulent activities, the likelihood of such activities occurring is reduced. In
contrast, recovery controls help the organization recover from a loss after a fraudulent activity has occurred, corrective controls fix or correct the
root cause of the problem, and detective controls help detect fraudulent activities after they have occurred.
upvoted 4 times
Nishkurup 6 months, 3 weeks ago
B. Deterrent controls would be the best to use in an accounting department to reduce losses from fraudulent transactions, according to CompTIA.
Deterrent controls are designed to prevent fraudulent transactions from occurring in the first place by discouraging individuals from attempting
to commit fraud. Examples of deterrent controls include segregation of duties, mandatory vacations, and background checks. By implementing
淘宝店铺:https://shop63989109.taobao.com/
deterrent controls, the accounting department can
reduce the likelihood of fraudulent transactions occurring and minimize the associated losses.
Recovery controls (A) are designed to recover from losses after they have occurred, whereas corrective controls (C) are designed to correct the
underlying cause of a problem. Detective controls (D) are designed to detect fraudulent transactions after they have occurred, but they do not
prevent them from happening.
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #139
A company is receiving emails with links to phishing sites that look very similar to the company's own website address and content. Which of
the following is the
BEST way for the company to mitigate this attack?
A. Create a honeynet to trap attackers who access the VPN with credentials obtained by phishing.
B. Generate a list of domains similar to the company's own and implement a DNS sinkhole for each.
C. Disable POP and IMAP on all Internet-facing email servers and implement SMTPS.
D. Use an automated tool to ood the phishing websites with fake usernames and passwords.
店
铺
Correct Answer: B
店
铺
;
;
学
学
习
Community vote distribution
习
小
小
店
店
66
66
B (100%)
Josh_Feng
Highly Voted
1 year ago
Selected Answer: B
DNS sinkhole prevents users from entering the site if they have a sinkhole for the domain name. So making a list of fake websites domain name
and making a sinkhole will prevent access to these website if a user tried to search for it on accident.
upvoted 12 times
ApplebeesWaiter1122
Most Recent
1 month, 3 weeks ago
Selected Answer: B
The best way for the company to mitigate the phishing attack described is by generating a list of domains that are similar to the company's own
domain and implementing a DNS sinkhole for each of these domains. A DNS sinkhole is a technique used to redirect malicious traffic to a
controlled environment or block access to malicious domains.
By implementing a DNS sinkhole for similar-looking domains, the company can prevent users from accessing phishing sites that may impersonate
the company's website. When users click on links in the phishing emails, their DNS requests for those domains will be redirected to a safe
location, preventing them from reaching the actual phishing sites. This approach helps protect users from falling victim to the phishing attack and
helps in mitigating the risk of credential theft and other malicious activities associated with phishing.
upvoted 2 times
Protract8593 2 months ago
Selected Answer: B
By generating a list of domains that are similar to the company's own and implementing a DNS sinkhole for each of these domains, the company
can prevent users from accessing phishing sites that look similar to their legitimate website. A DNS sinkhole involves redirecting traffic from the
malicious domains to a non-existent or controlled server, effectively blocking users from accessing the phishing sites.
This approach is an effective way to mitigate the phishing attack and protect users from falling victim to the fraudulent websites. It helps in
preventing data loss and protecting the company's reputation from being exploited by attackers.
upvoted 1 times
MorganB 4 months, 4 weeks ago
MorganB 0 minutes ago Awaiting moderator approval
Pass my exam 27, April 23. This question was on my tested worded differently but the answer is the same.
upvoted 4 times
店
铺
Dutch012 5 months
; ago
学correct, I would go with D.
If all the answers are
习
小
upvoted 1 times
店
6
rline63 3 weeks, 3 days ago 6
店
铺
;
学
习
小
店
66
I'm pretty sure D is illegal. Probably would work but takes a lot of resources, can be mitigated if the target uses proper protection, and like I
said is ethically and legally questionable.
upvoted 1 times
MasterControlProgram 5 months, 3 weeks ago
Selected Answer: B
B. Generate a list of domains similar to the company's own and implement a DNS sinkhole for each would be the best way for the company to
mitigate this attack. By generating a list of domains similar to the company's own and implementing a DNS sinkhole for each, the company can
prevent users from accessing the phishing sites. A DNS sinkhole is a technique used to block access to malicious websites by redirecting requests
for those sites to a non-existent IP address or a local web server that displays a warning message. This can help to prevent users from inadvertently
accessing phishing sites that look similar to the company's own website.
upvoted 1 times
FMMIR 9 months, 2 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: B
The best way for the company to mitigate this attack would be to implement a DNS sinkhole for domains similar to the company's own. A DNS
sinkhole is a security measure that redirects traffic from known malicious or fraudulent websites to a safe location. By generating a list of domains
similar to the company's own and setting up a DNS sinkhole for each, the company can prevent employees from accidentally accessing phishing
websites that mimic the company's own domain. Other solutions such as disabling POP and IMAP on email servers, implementing SMTPS, or using
an automated tool to flood phishing websites with fake credentials may also be effective, but a DNS sinkhole would be the most direct and
effective way to prevent employees from accessing the phishing sites. Creating a honeynet would not be relevant in this scenario.
upvoted 2 times
RonWonkers 1 year ago
Selected Answer: B
I agree with B
upvoted 3 times
stoneface 1 year ago
店
店
This is a very confusing question -> Im inclining with D, other options will not directly try to reduce the danger associated with the fake sites
upvoted 1 times
铺
铺
;
;
学
学
习
习
[Removed] 8 months ago
小 the fckers
revenge of the sith, lets DDOS
店
66
upvoted 4 times
小
店
66
stoneface 1 year ago
After consideration Im choosing B -> I think the question implies that Typosqueatting is also on the table. So setting an internal DNS sinkhole
that redirects all similar addresses (including the ones being used on the phishing campaign) to nothing will help mitigate this attack
upvoted 3 times
andrizo 11 months, 2 weeks ago
but boy, wouldnt it be cool to DOS phishing sites
upvoted 4 times
zzzfox 1 year ago
not sure flooding fake websites if is even a legal thing to do...
upvoted 7 times
Gino_Slim 11 months ago
That was a very humorous answer choice to me
upvoted 3 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #140
A SOC operator is receiving continuous alerts from multiple Linux systems indicating that unsuccessful SSH attempts to a functional user ID
have been attempted on each one of them in a short period of time. Which of the following BEST explains this behavior?
A. Rainbow table attack
B. Password spraying
C. Logic bomb
D. Malware bot
店
店
铺
Correct Answer: A
铺
;
;
学
Community vote distribution
习
学
习
小
店
B (90%)
stoneface
Highly Voted
66
10%
小
店
66
1 year ago
SSH cannot take hash values as an input, so rainbow attack out of the table.
Im left with password spraying. ...
upvoted 29 times
[Removed] 7 months, 4 weeks ago
With rainbow attack, you don't attack with password hashes! First, you use the table to crack the password for a target user offline and then use
it to attack live systems. Password spraying uses one or few passwords against a list of usernames.
upvoted 6 times
comeragh
Highly Voted
1 year ago
Selected Answer: B
I believe this is password spraying - "multiple Linux systems to a functional user ID"
upvoted 7 times
Jacob_Kramer1995 3 weeks, 6 days ago
Out of all the answers's password spraying the best, however, I don't like the wording. a functional user (singular) could indicate bruteforce or
directory knowing it's a (singular user login creds)
upvoted 2 times
Yaakb
Most Recent
1 month, 2 weeks ago
B, because, password spraying targets multiple accounts on a system, which fits perfectly in this scenario.
upvoted 2 times
ApplebeesWaiter1122 1 month, 3 weeks ago
Selected Answer: B
Password spraying is a type of brute-force attack where the attacker attempts to gain unauthorized access to multiple accounts by trying a small
number of commonly used passwords against many usernames. In this scenario, the continuous alerts from multiple Linux systems indicating
unsuccessful SSH attempts to a functional user ID suggest that an attacker is trying different passwords against the same user ID on each system,
which aligns with the behavior of a password spraying attack. The attacker is not attempting to guess different usernames but is trying a limited
set of passwords against the same user ID on multiple systems.
upvoted 4 times
店
店
铺
铺
Protract8593;
2 months ago
;
学
学
Selected Answer: B
习
习
小
Password spraying is a type of brute-force attack where an attacker tries a few common passwords against many小
In this scenario, the
店 systems indicating unsuccessful SSH attempts to a functional user ID suggestaccounts.
店
continuous alerts from multiple Linux
that
an
66
66 attacker is trying a
limited set of passwords across various
accounts in the hope of gaining unauthorized access. This is a common attack vector
used to avoid
detection from traditional brute-force protection mechanisms.
upvoted 1 times
Protract8593 2 months ago
Password spraying can occur to a single account. Password spraying is a type of brute-force attack where attackers attempt to gain
unauthorized access to multiple accounts by trying a few commonly used passwords against many usernames. Instead of attempting to guess
passwords for a single account (which would be a regular brute-force attack), password spraying involves trying a small set of passwords
against a large number of accounts.
In the given scenario, the question states that unsuccessful SSH attempts have been made to a functional user ID on multiple Linux systems in a
short period of time. This aligns with the behavior of password spraying, as the attackers are attempting to use a small set of passwords against
multiple accounts (the functional user ID) on different systems.
Given this understanding, Option B (Password spraying) would be the most likely correct answer for the question, as it matches the scenario
described.
淘宝店铺:https://shop63989109.taobao.com/
upvoted 1 times
excelchips11 1 week, 1 day ago
For Password Spraying, it is done on multiple accounts NOT just one. Here, we have ONLY ONE functional user ID, several password and
several systems are informed. Though, B is the closest answer but not the answer as SSH
upvoted 1 times
macrocarpa 4 months ago
Selected Answer: B
I think this is yet another poorly worded question meant to trip people up. First guess would be Rainbow Table Attack. But since it's over SSH it
has to be password spraying. The question doesn't indicate more than one username being used which is what we've come to understand as
password spraying. But password spraying is still a form of a brute-force attack which would have to be the answer imo.
upvoted 1 times
DanielBruse 3 months ago
店
店
Yes it’s a little tricky question but they say “multiple Linux systems to a funcional user ID” so they are trying more than one account
upvoted 2 times
铺
铺
;
;
学
学
习
习
strong1 4 months, 3 weeks ago
小 common
password spraying tries the most
店
66Known as a “low-and-slow”
passwords against many accounts.
小
店
66
attack, it attempts to bypass the password lockout by trying one
common password against many targets and then circling back to try
the next common password after a period of time.
upvoted 1 times
MorganB 4 months, 4 weeks ago
MorganB 0 minutes ago Awaiting moderator approval
Pass my exam 27, April 23. This question was on my tested worded differently but the answer is the same.
upvoted 2 times
TejasTony 5 months, 3 weeks ago
where do these "correct" answers come from? Some of them are so far out there and ridiculous.
upvoted 1 times
Nishkurup 6 months, 3 weeks ago
Selected Answer: B
B. Password spraying is the BEST explanation for this behavior. Password spraying is a type of brute force attack where attackers try a small number
of commonly used passwords against a large number of user accounts. In this scenario, the attackers are attempting to guess the password for a
functional user ID on multiple Linux systems. The unsuccessful SSH attempts are generated by automated tools used by attackers attempting to
gain unauthorized access to the systems.
Rainbow table attacks (A) are a type of pre-computed password attack that attempt to crack password hashes. Logic bombs (C) are malicious code
designed to execute a set of instructions when certain conditions are met. Malware bots (D) are a type of malware that allows an attacker to take
control of a compromised system and use it to carry out malicious activities. None of these attacks specifically match the behavior described in
the scenario.
upvoted 2 times
CJohnson219 7 months, 2 weeks ago
How is this password spraying? it clearly says "to a functional user ID" that is a single user. password spraying is across multiple users
upvoted 1 times
NerdAlert 6 months, 1 week ago
the wording on this question is dumb and ambiguous
upvoted 2 times
店
Ertrexs 7 months, 2 weeks ago
铺 multiple Linux systems"
"alerts from;
upvoted 3 times 学
习
小
店 ago
ronniehaang 7 months, 3 weeks
66
Selected Answer: B
店
铺
;
学
习
小
店
66
B. Password spraying.
Password spraying is a type of brute-force attack that targets multiple user accounts with a few commonly used passwords. This technique is used
to avoid triggering account lockouts, which are a common security measure to prevent brute-force attacks. The attacker tries a small number of
passwords against many accounts, with the hope of finding one that works. By targeting a large number of systems and trying a limited number of
passwords, the attacker can avoid detection and quickly gain access to one or more systems.
upvoted 1 times
OnA_Mule 7 months, 3 weeks ago
The question says "a functional user ID" suggesting it's a single account. So spraying does not apply
upvoted 1 times
FMMIR 9 months, 2 weeks ago
Selected Answer: B
淘宝店铺:https://shop63989109.taobao.com/
The behavior described in the scenario is likely the
result of a password spraying attack. Password spraying is a technique used by attackers to
compromise accounts by trying a small number of commonly used passwords against a large number of user accounts. This allows the attacker to
avoid triggering account lockout policies, which are designed to prevent brute-force attacks by locking an account after a certain number of failed
login attempts. In this case, the attacker is likely using password spraying to try to gain access to the Linux systems via SSH using a functional user
ID. A rainbow table attack, a logic bomb, or a malware bot could potentially cause similar symptoms, but the description of the behavior in the
scenario is most consistent with a password spraying attack.
upvoted 2 times
OnA_Mule 7 months, 3 weeks ago
Spraying would apply if it were multiple user accounts, but the question seems to indicate it is 1 user ID. So it's not spraying.
upvoted 1 times
Mahougbe 11 months ago
Selected Answer: B
A Password Spraying Attack is a type of brute force attack where a malicious actor attempts the same password on many accounts before moving
on to another one and repeating the process.
upvoted 4 times
店
店
铺
铺
;
;
学weeks ago
ostralo 11 months, 2 习
小
Selected Answer: A
店
学
习
小
店
66
66
I will go for the Rainbow table - because the perpetrator could guess a password using the leaked hash from the system prior to the attack to
crack an account.
Password spray attack - using the same password to crack many different accounts.
upvoted 3 times
Jakalan7 1 year ago
Selected Answer: B
Clearly B, password spraying.
upvoted 2 times
tibetbey 1 year ago
Selected Answer: B
Password Spraying is a variant of what is known as a brute force attack. In a traditional brute force attack, the perpetrator attempts to gain
unauthorized access to a single account by guessing the password "repeatedly" in a very short period of time.
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #141
A tax organization is working on a solution to validate the online submission of documents. The solution should be carried on a portable USB
device that should be inserted on any computer that is transmitting a transaction securely. Which of the following is the BEST certi cate for
these requirements?
A. User certi cate
B. Self-signed certi cate
C. Computer certi cate
D. Root certi cate
店
店
铺
铺
;
;
学
Correct Answer: B
学
习
66
A (70%)
Highly Voted
小
店
Community vote distribution
EubertT
习
小
店
C (24%)
66
7%
9 months, 2 weeks ago
I'm going to give details of what is the use of each one, because I'm tired that are not giving the right answer:
User Certificate: User certificates specify which resources a given user can have access to. They are sometimes used on devices that several users
share. When different users log in, their profile and certificate are automatically loaded, granting them access to their required information.
Self-signed certificate: A self-signed certificate is one that is not signed by a CA at all – neither private nor public. In this case, the certificate is
signed with its own private key, instead of requesting it from a public or a private CA (Certificate Authority).
Root Certificate: Root certificates are the cornerstone of authentication and security in software and on the Internet. They're issued by a certified
authority (CA) and, essentially, verify that the software/website owner is who they say they are.
So for this verification I'm completely 100% sure is A: User certificate
upvoted 12 times
RevolutionaryAct 1 month, 2 weeks ago
User certificates are bound to 1 user, and this solution is supposed to be for any computer uploading/transmitting, which means it has more
than one user and thus cannot be a user certificate. Self-signed it is.
upvoted 1 times
shitgod 9 months ago
You didn't mention anything about a computer certificate.
upvoted 4 times
LeonardSnart 4 months ago
"Machine/computer A company may want to encrypt the communication between computers on the network. For example, a company may
want to encrypt communication between its servers. In order to do this, each computer needs a machine certificate, also known as a
computer certificate, applied to it."
-Comptia Security+ Certification Fourth Edition SY0-601 by Glen Clarke & Dan Lachance
"Machine/Computer. Certificates issued to a device or a computer are commonly called machine certificates or computer certificates. The
certificate is typically used to identify the computer within a domain."
-Security+ Get Certified Get Ahead SY0-601 by Darril Gibson
店
店
铺
铺
"Machine/Computer. Assigning a certificate to individual computers isn’t too common, but there are places where this is used. Very highsecurity, enterprise-level 802.11 wireless networks using EAP-TTLS security can assign a machine certificate to every system."
-Mike Meyers' Security+ Cert Guide Third Edition SY0-601
upvoted 2 times
;
;
学
学
习
习
小
店
deeden
Highly Voted
66
1 year ago
小
店
66
Selected Answer: A
I though option A make sense - if acquired from a publicly trusted CA. Found this link below from IdenTrust about IRS Secure Data Transfer...
https://www.identrust.com/partners/department-treasury-irs-secure-data-transfer
upvoted 8 times
Confuzed 5 months, 2 weeks ago
That is a user certificate (the requestor must provide their personal ID to obtain one).
upvoted 1 times
Tmans713
Most Recent
3 weeks, 6 days ago
Selected Answer: A
I answered A. The question mentions that the solution is on "a portable USB" meaning a user would need to insert it into whichever PC they're
transmitting transactions from. Not necessarily contained to one computer as some have stated.
淘宝店铺:https://shop63989109.taobao.com/
upvoted 2 times
HCM1985 3 weeks, 3 days ago
At first I was thinking Computer certificates, but "portable" really is the key word here. So either a User certificate or a self signed could work.
I'd go with a User's.
upvoted 1 times
RevolutionaryAct 1 month, 2 weeks ago
User certificates are bound to 1 user, and this solution is supposed to be for any computer uploading/transmitting, which means it has more than
one user and thus cannot be a user certificate.
Ditto user certificates: "Computer Certificate Templates are intended to be bound to a single computer entity to provide identity and/ or
encryption services for that computer"
https://www.sciencedirect.com/topics/computer-science/computer-certificate
店
Root certificate wouldn't apply as it comes from a certified authority (CA).
铺
店
铺
;
Self-signed is referring
various
学 to the USB being added to the computers which are currently uploading with;
学 users/computers, so this is a separate
习
习
thing from both.
小
小
upvoted 1 times
店
店
66
66
ApplebeesWaiter1122 1 month, 3 weeks ago
Selected Answer: A
A user certificate, also known as a client certificate, is the best certificate type for the given requirements. User certificates are used to identify and
authenticate individual users or clients, and they can be stored on a portable USB device. When a user wants to perform a secure transaction, they
can insert the USB device into any computer, and the certificate stored on the device will be used to establish a secure connection and validate
the user's identity. This allows for secure online submission of documents while maintaining portability and ease of use for the users.
upvoted 2 times
Protract8593 2 months ago
Selected Answer: A
Given the context of the tax organization trying to validate online submissions, the BEST certificate for their requirements would indeed be an A.
User certificate.
A user certificate is issued to an individual user and is used to authenticate and verify the identity of the user during online transactions. It is
typically associated with an individual and allows them to securely sign and encrypt data, which aligns with the tax organization's goal of
validating online submission of documents by users.
The other options (B. Self-signed certificate, C. Computer certificate, and D. Root certificate) are not as suitable for this scenario. Self-signed
certificates may not provide the necessary level of trust in a public environment, computer certificates are issued to devices rather than individual
users, and root certificates are used to establish trust in a certificate chain but are not directly associated with user authentication.
Therefore, the correct answer is A. User certificate, as it aligns with the tax organization's goal of validating online submissions by users.
upvoted 3 times
Protract8593 2 months ago
I changed my mind. C makes the most sense here (ChatGPT's explanation):
In the scenario described, where the tax organization is working on a solution to validate the online submission of documents and the solution
is carried on a portable USB device that should be inserted on any computer that is transmitting a transaction securely, a computer certificate
would be the most appropriate choice.
A computer certificate is used to authenticate and identify a specific computer system. It allows the computer to establish secure connections
and transactions. By using a computer certificate on the portable USB device, the tax organization can ensure that any computer using the
device for online transactions is validated and secure.
upvoted 2 times
店
铺
Protract8593 2 months ago
;
店
铺
;
Option C (Computer certificate) is the best choice because the question mentions that the solution should be carried on a portable USB
device and inserted on any computer that is transmitting a transaction securely. This implies that the solution needs to be installed and
utilized on different computers, and the certificate used should be associated with the computer (device) itself rather than a specific user.
学
学
习
小
店
习
小
店
6
66 the identity of the
6 of digital certificate that is issued to a computer or device. It is used to authenticate
A computer certificate is a type
computer and establish a secure connection between the device and the server. In this context, the tax organization wants a solution that
can be carried on a portable USB device and used on different computers to securely transmit transactions. Therefore, using a computer
certificate on the USB device ensures that each computer the device is plugged into can be securely authenticated and trusted for
transmitting transactions.
upvoted 1 times
Protract8593 2 months ago
While user certificates are used to authenticate individual users, they are typically associated with user-specific actions, such as user
authentication to access specific resources or services. In this scenario, a computer certificate is more appropriate because the focus is
on securing the transactions on the computer level, not user-level authentication.
upvoted 1 times
muhaimin 4 months, 3 weeks ago
A user certificate could also be a valid option depending on the specific requirements and use case of the tax organization's solution. A user
certificate is issued to an individual user and is used to verify the identity of the user.
淘宝店铺:https://shop63989109.taobao.com/
If the tax organization requires the USB device to be used by a specific individual or group of individuals, then a user certificate would be
appropriate. The user certificate would be stored on the USB device and would be used to verify the identity of the user when they insert the
device into a computer to transmit a transaction securely.
However, if the tax organization requires the USB device to be used by any computer to securely transmit transactions, then a computer certificate
would be more appropriate. The computer certificate would be stored on the USB device and would be used to verify the identity of the device
transmitting the transaction.
upvoted 1 times
ortizj118 5 months ago
User Certificate is correct
upvoted 1 times
Yawannawanka 5 months ago
Based on the requirements provided, the best certificate to use would be a user certificate. A user certificate is issued to a specific user and can be
stored on a portable USB device. It can be used for authentication purposes when the user is transmitting a transaction securely from any
computer. In contrast, a computer certificate is issued to a specific computer, while a root certificate is used to establish trust with a particular
certificate authority (CA). A self-signed certificate is a certificate that is signed by the entity whose identity it certifies. However, it may not be the
best option for this scenario as it may not be recognized by other systems.
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
DylanB2868 5 months ago
店
66
66
Selected Answer: C
The USB authenticates the Computer not the User.
upvoted 1 times
Handsomeware 5 months, 1 week ago
Selected Answer: C
Chatgpt :
Based on the given requirements, the BEST certificate for this scenario would be a Computer certificate.
A Computer certificate is issued to a computer or device and is used to authenticate the identity of the computer or device in a network
environment. This certificate is typically used to provide secure communication between a client computer and a server.
In this scenario, the portable USB device needs to be inserted into any computer that is transmitting a transaction securely. By having a Computer
certificate, the USB device can authenticate itself and the computer it is being inserted into, providing a secure and reliable way to validate online
document submissions.
User certificates are used to authenticate individual users, self-signed certificates are not recommended for production use, and Root certificates
are used to sign other certificates and are typically used in a public key infrastructure (PKI) environment.
upvoted 2 times
Herb30 5 months, 2 weeks ago
https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/creating-certificates-for-usb-storage-devices
upvoted 1 times
fouserd 5 months, 2 weeks ago
Selected Answer: C
A computer certificate, also known as a machine certificate, is issued to a computer or device to authenticate it in a network environment1.
Computer certificates can be installed on a portable USB device and used to securely authenticate and encrypt transactions when inserted into any
computer
upvoted 1 times
ganymede 5 months, 2 weeks ago
Selected Answer: A
店
A. User certificate
铺
; you would need a user certificate to digitally sign the documents.
To validate a document
学
习
upvoted 1 times
小
店
monzie 5 months, 4 weeks ago 6
6
店
铺
;
学
习
小
店
66
Selected Answer: C
The BEST certificate for these requirements would be a computer certificate. A computer certificate, also known as a machine certificate, is issued
to a computer or device and verifies the identity of the device when it connects to a network or communicates with other devices. In this case, the
portable USB device needs to be validated when it is inserted into any computer for transmitting a transaction securely, which can be achieved by
using a computer certificate.
upvoted 2 times
cutemantoes 6 months ago
Correct me if im wrong, but i thought you cant use Root certificates on a network-connected machine. I thought it was only offline to create
intermediary certificates... right? Im not sure. It says to validate 'online' submissions. That would have to be network connected right? So in this
case, wouldn't it be stupid to use a root certificate on it regardless of how its being transferred or used? I'd probably go with A if not D in this
Case.
upvoted 1 times
Omi0204 6 months, 2 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
A: User Certificate
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #142
A routine audit of medical billing claims revealed that several claims were submitted without the subscriber's knowledge. A review of the audit
logs for the medical billing company's system indicated a company employee downloaded customer records and adjusted the direct deposit
information to a personal bank account.
Which of the following does this action describe?
A. Insider threat
B. Social engineering
C. Third-party risk
店
店
铺
D. Data breach
铺
;
;
学
学
习
习
小
Correct Answer: A
小
店
店
66
Community vote distribution
66
A (100%)
i_bird
1 year ago
Highly Voted
Selected Answer: A
going to jail..lol
upvoted 14 times
joelitof 11 months, 4 weeks ago
xD rip that person
upvoted 2 times
ApplebeesWaiter1122
Most Recent
1 month, 3 weeks ago
Selected Answer: A
The action described in the scenario involves an employee of the medical billing company who abused their authorized access to the system to
download customer records and manipulate direct deposit information for fraudulent purposes. This behavior is considered an insider threat
because it involves a trusted individual within the organization using their access privileges to perform unauthorized and malicious actions. Insider
threats are a significant concern for organizations as they can pose a serious risk to data security and privacy.
upvoted 1 times
Protract8593 2 months ago
Selected Answer: A
In this scenario, the employee of the medical billing company downloaded customer records and manipulated direct deposit information for
personal gain. This type of action represents an insider threat, which refers to potential risks posed to an organization by its own employees,
contractors, or other trusted individuals who have access to sensitive information and systems.
The insider threat is a significant concern for organizations, and it's essential to implement proper security measures and monitoring to detect and
prevent such malicious activities.
upvoted 1 times
Omi0204 6 months, 1 week ago
Question is asking about Action so it is Data Breach.
店
店
Answer D is correct.
upvoted 1 times
铺
铺
;
;
学
习
NerdAlert 5 months, 4 weeks ago
小
店
it says what does this action DESCRIBE? It describes an insider threat
upvoted 1 times
66
学
习
小
店
66
P_man 5 months, 4 weeks ago
are you deliberately trying to cause people to fail this exam? While a data breach did occur, it was accomplished by an EMPLOYEE, so Insider
Threat is the correct answer here.
upvoted 2 times
RonWonkers 1 year ago
Selected Answer: A
It is A, company employee = insider threat
upvoted 4 times
comeragh 1 year ago
Selected Answer: A
A - Insider Threat
淘宝店铺:https://shop63989109.taobao.com/
upvoted 4 times
tibetbey 1 year ago
Selected Answer: A
Insider threat is the potential for an insider to use their authorized access or understanding of an organization to harm that organization
upvoted 3 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #143
A recent audit cited a risk involving numerous low-criticality vulnerabilities created by a web application using a third-party library. The
development staff state there are still customers using the application even though it is end of life and it would be a substantial burden to
update the application for compatibility with more secure libraries. Which of the following would be the MOST prudent course of action?
A. Accept the risk if there is a clear road map for timely decommission.
B. Deny the risk due to the end-of-life status of the application.
C. Use containerization to segment the application from other applications to eliminate the risk.
D. Outsource the application to a third-party developer group.
店
铺
铺
;
;
学
Correct Answer: C
学
习
Community vote distribution
习
小
小
店
66
A (54%)
[Removed]
店
Highly Voted
店
66
C (46%)
1 year ago
Selected Answer: C
I think C is correct. You shouldn't have to take any risk at all if you can containerize the application. The goal of containerization is to isolate an
application to prevent malware, intruders, system resources or other applications from interacting with the application – and any of its sensitive
information — secured by the container.
upvoted 38 times
scarceanimal 7 months, 2 weeks ago
Prudent: acting with or showing care and thought for the future.
in this case C is not much of a prudent course of action, A specifies a "clear road for timely decommission" hence it being a better choice.
Along with it being low risk it's a clear A.
upvoted 5 times
scarceanimal 7 months, 2 weeks ago
i think this video will help
https://www.youtube.com/watch?v=dQw4w9WgXcQ
upvoted 33 times
T4IT 7 months ago
you made my day with this video, now I feel confident about passing the test.
upvoted 7 times
zits88 1 month, 1 week ago
Bravo. Thank you for sharing this insightful video.
upvoted 2 times
Abdul2107 5 months ago
C is clear for future for "more security risks"
upvoted 1 times
[Removed] 1 year ago
Resource:https://www.proofpoint.com/sites/default/files/pp-containerization-and-app-reputation.pdf
upvoted 2 times
店
店
铺
;
Voted 1 year ago
stoneface Highly学
习
小
Selected Answer: A
店
66there is a clear road map for timely decommission ->
IMO they should Accept the risk if
铺
;
学
习
小
店
66
upvoted 19 times
slenderjim 5 months ago
You right bby
upvoted 3 times
deeden 1 year ago
I agree with A. The web app will have the same threat vector 3rd-party library even after containerization, and is rated as low risk vulnerability.
upvoted 6 times
rline63
Most Recent
3 weeks, 2 days ago
Selected Answer: A
While C is an effective strategy to minimize the risk of this application, elimination is not a risk management strategy. C would result in a risk still,
just a smaller one. Mitigation however is a risk management strategy.
upvoted 1 times
淘宝店铺:https://shop63989109.taobao.com/
sujon_london 1 month, 2 weeks ago
Selected Answer: A
Using containerization can help mitigate risks, but it might not fully eliminate the risk of vulnerabilities. Containerization involves isolating
applications and their dependencies within containers, which can add an extra layer of security and isolation. However, it won’t eliminate
vulnerabilities within the application code or the third-party library itself.
Containerization can limit the potential impact of vulnerabilities by containing them within the isolated environment. This can be particularly
useful if the application interacts with other systems. However, it’s important to note that security updates and patches for the application and the
third-party library would still be required to address the vulnerabilities at their source.
So, while containerization can be a valuable step to reduce risks, it’s unlikely to fully eliminate all risks associated with the low-criticality
vulnerabilities.
In this case A should be chosen prudently
upvoted 1 times
店
店
铺
铺
4vv 1 month, 2;
weeks ago
;
学
学
These questions constantly
习 have you thinking if you're overthinking it or if youre underthinking it.
习
小
小
upvoted 2 times
店
店
6
66
Abdul2107 1 month, 3 weeks ago 6
Selected Answer: A
A. Is correct.
Keyword as mentioned by @scarceanimal, is “prudent” which means for “future”
upvoted 1 times
ApplebeesWaiter1122 1 month, 3 weeks ago
Selected Answer: A
While addressing the vulnerabilities and updating the third-party library would be the ideal solution, the development staff has stated that
updating the application would be a substantial burden. In such cases, it may not be immediately feasible to fix all vulnerabilities. However, if
there is a clear road map and plan in place to decommission the application in the near future, the organization can accept the risk for the time
being while minimizing exposure.
It is important to have a risk management plan in place, which includes monitoring the vulnerabilities and having a decommissioning plan in order
to address the risks in the long term. Organizations should also implement compensating controls and security measures to reduce the impact of
the vulnerabilities until the application can be decommissioned.
upvoted 1 times
Nikamy 1 month, 3 weeks ago
Selected Answer: C
C because of the prudent appraoch
upvoted 2 times
Protract8593 2 months ago
Selected Answer: A
Accepting the risk means acknowledging the vulnerabilities and deciding not to take further action to address them immediately. However, having
a clear plan for decommissioning the application in a timely manner demonstrates that the organization is actively working to eliminate the risk in
the long run.
While there are low-criticality vulnerabilities in the web application due to the use of a third-party library, the development staff states that
updating the application for compatibility with more secure libraries would be a substantial burden, and the application is already end-of-life. In
this situation, accepting the risk with a clear plan to decommission the application in a timely manner would be the most prudent course of
action. This decision acknowledges the risk while also taking steps to address it by eventually phasing out the application and minimizing the
security exposure in the long term.
upvoted 1 times
店
店
铺
铺
Aie_7 2 months,
;1 week ago
;
学
学
Selected Answer: A
习
小web application are low-criticality, and the application is end-of-life. This means习that
小the application is no longer
The risks associated with the
店
店
being actively developed or maintained,
and
there
is
a
risk
that
the
third-party
library
could
become
obsolete
or
insecure.
66
66
However, the development staff has stated that there are still customers using the application, and it would be a substantial burden to update the
application for compatibility with more secure libraries.
In this case, the most prudent course of action is to accept the risk if there is a clear road map for timely decommissioning. This means that the
organization should have a plan to sunset the application and migrate its users to a more secure platform
upvoted 1 times
jb844 3 months, 1 week ago
Selected Answer: A
because of literal meaning of "Most Prudent" only, C is good choice
BUT, "Eliminate Risk" is not attainable, there is some risk always even if insignificant or low...
upvoted 3 times
Essi 4 months ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: A
A. Accept the risk if there is a clear road map for timely decommission.
Here's why:
Given that the application is end-of-life and there are still customers using it, it is important to maintain functionality until it can be properly
decommissioned. The risks posed by low-criticality vulnerabilities may be acceptable if a solid plan for decommissioning the application is in
place.
Containerization (option C) can provide some level of isolation but it doesn't eliminate the vulnerabilities within the application itself.
Denying the risk (option B) doesn't actually mitigate it. The vulnerabilities remain whether they are denied or not.
Outsourcing to a third-party developer group (option D) may be unnecessary and costly, especially for an application that is reaching its end of li
upvoted 1 times
店
店
Xabovion 4 months, 1 week ago
铺
Selected Answer: A;
铺
;
学
学the risk. I think the key is the low level
Answer C states that the
risk will be eliminated, which is not correct. It will isolate the app, but not remove
习
习
vulns. You can accept them
小as risk, if there is a decomission plan. I would go with A.
小
店
店
upvoted 1 times
66
66
Kaps443 4 months, 3 weeks ago
Selected Answer: A
A. Accept the risk if there is a clear road map for timely decommission.
This option acknowledges the risk posed by the vulnerable third-party library but also recognizes the practical limitations in updating the
application. By having a clear plan for decommissioning the application, the risk can be accepted temporarily while still working towards a
resolution in the long term. This approach balances the need for security with the practical realities of maintaining legacy systems. Option B is not
a practical solution as it ignores the risks and vulnerabilities in the current system. Option C may help to contain the risks of the vulnerable
application but does not address the root cause of the vulnerabilities. Option D is not a suitable solution as outsourcing the application to a thirdparty group does not necessarily eliminate the risks posed by the vulnerable library.
upvoted 1 times
Abdul2107 5 months ago
Selected Answer: C
I think C is the answer, because A is conditions, there's "If" in the solution, so in case there was no clear road map, what should do?
upvoted 2 times
Yawannawanka 5 months ago
Option A - Accept the risk if there is a clear roadmap for timely decommission - would be the MOST prudent course of action. The risk has been
identified, and the development staff has already stated that updating the application with more secure libraries would be a substantial burden.
Therefore, it would be acceptable to accept the risk and plan for timely decommission of the application. It is important to have a clear roadmap
with deadlines and timelines to ensure that the decommission is carried out in a timely manner. Option C - Use containerization to segment the
application from other applications to eliminate the risk - could also be a valid option, but it would require additional resources and expertise to
implement. The other two options, B - Deny the risk due to the end-of-life status of the application, and D - Outsource the application to a thirdparty developer group, are not practical solutions as they do not address the identified risk.
upvoted 1 times
staoic 5 months, 1 week ago
Selected Answer: C
Answer C because it will "eliminate the risk" instead of taking a risk even if it's a very low risk. Eliminate the risk is better than taking a risk. Don't
you agree?
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #144
A security analyst is evaluating solutions to deploy an additional layer of protection for a web application. The goal is to allow only encrypted
communications without relying on network devices. Which of the following can be implemented?
A. HTTP security header
B. DNSSEC implementation
C. SRTP
D. S/MIME
店
店
铺
Correct Answer: A
铺
;
;
学
Community vote distribution
习
学
习
小
A (92%)
店
66
stoneface
Highly Voted
小
店
8%
66
1 year ago
Selected Answer: A
When enabled on the server, HTTP Strict Transport Security (HSTS), part of HTTP Security header, enforces the use of encrypted HTTPS
connections instead of plain-text HTTP communication.
upvoted 28 times
comeragh
Highly Voted
1 year ago
Selected Answer: A
I would agree with A on this one
S/MIME - relates to email
SRTP - relates to VOIP
upvoted 6 times
hrncgl
Most Recent
2 weeks, 3 days ago
The original recommendation of A. HTTP security header (specifically HTTP Strict Transport Security or HSTS) is the most common and effective
method for enforcing encrypted communications for web applications. HSTS is specifically designed to ensure that web browsers use secure
HTTPS connections for all interactions with a web application, thereby enforcing encryption.
If the goal is to secure a web application and enforce encryption for all communications, HSTS is the appropriate solution. SRTP, on the other
hand, is typically associated with securing real-time communication protocols like VoIP and is not designed for securing web applications.
upvoted 1 times
ApplebeesWaiter1122 1 month, 3 weeks ago
Selected Answer: A
To allow only encrypted communications for a web application without relying on network devices, a security analyst can implement HTTP
security headers. These headers are added to the web application's HTTP response and provide instructions to the client's web browser on how to
interact with the web application securely.
One specific HTTP security header that can be implemented for this purpose is the "Strict-Transport-Security" (HSTS) header. When the web server
sends the HSTS header to the client's browser, it instructs the browser to only access the web application over HTTPS (encrypted HTTP) for a
specified period. This helps prevent any insecure connections and ensures that all communication between the client and the web application is
encrypted.
upvoted 2 times
店
铺
Protract8593 2 months ago
;
学
店
铺
;
学
习
习 web application. One of the
HTTP security headers are小
a set of HTTP response headers that a web server can use to enhance the security of a 小
店 Transport Security (HSTS) header, which allows a website to specify that it should店
security headers is the HTTP Strict
a
66 By implementing the HSTS header, the web application can enforce encryptedonly
66be accessed over
secure, encrypted connection (HTTPS).
communications
and
Selected Answer: A
prevent insecure connections. This additional layer of protection helps ensure that communications between the client and the server are
encrypted, without relying solely on network devices for security.
upvoted 1 times
Yawannawanka 5 months ago
HTTP security headers can be used to enforce secure communication between a web application and the client's web browser, ensuring that only
encrypted traffic is allowed. Therefore, the correct answer is A. HTTP security header. DNSSEC implementation is used to secure the DNS
infrastructure and does not provide additional protection for a web application. SRTP is used to secure real-time communication such as VoIP, and
S/MIME is used to encrypt email messages.
upvoted 3 times
ThreeKings 5 months, 2 weeks ago
Selected Answer: A
The questions asks to deploy an additional layer of protection for a WEB APPLICATION (emphasis added); this points to HTTP with security header.
The question also uses the term ENCRYPTED COMMUNICATIONS (emphases added),which might point to SRTP IF the nature of the
淘宝店铺:https://shop63989109.taobao.com/
communicaiton involves voice, video &/or mulitmedia.
Because the question does not include voice/video/multimedia verbiage and because the
question more explictily includes a (browser based) web applicaiton, HTTP with security header is a better fit.
upvoted 2 times
fouserd 5 months, 3 weeks ago
Selected Answer: A
initially i went with A but after asking Bing Chat this is what she said:
The solution that can be implemented to allow only encrypted communications without relying on network devices is SRTP1. SRTP stands for
Secure Real-time Transport Protocol and is used to provide confidentiality, message authentication, and replay protection to RTP (Real-time
Transport Protocol) traffic1.
upvoted 1 times
elcan_22 5 months, 3 weeks ago
Selected Answer: C
店
店
The correct answer is C. SRTP (Secure Real-time Transport Protocol) is a cryptographic protocol designed to provide secure communication for
voice and video traffic over the Internet, typically used in VoIP (Voice over IP) applications. By implementing SRTP, the web application can ensure
that all communications are encrypted end-to-end, without relying on network devices to enforce security.
铺
铺
;
;
学
学
习
习
小
小 DNSSEC (Domain Name
HTTP security headers can enhance the security of web applications, but they do not provide end-to-end encryption.
店
店 encryption for web
System Security Extensions) is a protocol
66 that provides integrity and authentication to DNS data, but it does not provide
66
application communications. S/MIME (Secure/Multipurpose Internet Mail Extensions) is a protocol used for securing email communications, but it
is not typically used for web application security.
upvoted 2 times
HCM1985 3 weeks, 3 days ago
But SRTP would only be appliable for web applications that use some sort of WebRTC, no?
upvoted 1 times
monzie 5 months, 4 weeks ago
Selected Answer: C
The solution that can be implemented to allow only encrypted communications without relying on network devices for a web application is
option C, SRTP (Secure Real-Time Transport Protocol). SRTP is a security extension of the RTP (Real-Time Transport Protocol) used for multimedia
communications, such as voice and video. It provides confidentiality, integrity, and replay protection for the RTP traffic. This will ensure that the
web application only uses encrypted communications, even if the network devices are not enforcing encryption.
upvoted 1 times
konanna 6 months, 1 week ago
Selected Answer: C
C. SRTP (Secure Real-time Transport Protocol) can be implemented to allow only encrypted communications without relying on network devices.
SRTP is a protocol designed to provide encryption, message authentication, and integrity for real-time multimedia communication, such as voice
and video over IP networks. By implementing SRTP, the web application can ensure that all communications are encrypted, even if they traverse
untrusted networks or devices.
HTTP security headers, DNSSEC implementation, and S/MIME are all useful security measures, but they do not directly address the goal of allowing
only encrypted communications without relying on network devices. HTTP security headers are used to improve web application security by
providing additional protections against various types of attacks, such as XSS and CSRF. DNSSEC is used to ensure the authenticity and integrity of
DNS information, preventing DNS spoofing attacks. S/MIME is used to provide encryption and digital signatures for email communications.
upvoted 1 times
konanna 6 months, 1 week ago
Its A never trust chatgpt
upvoted 5 times
uveal 6 months, 3 weeks ago
店
店
SRTP IS The solution that can be implemented to allow only encrypted communications without relying on network devices .
HTTP security header, is used to enhance the security of web applications, but it doesn't provide end-to-end encryption.
upvoted 1 times
铺
铺
;
学
习
ronniehaang 7 months, 3小
weeks
店 ago
66
Selected Answer: A
;
学
习
小
店
66
A. HTTP security header - An HTTP security header can be added to the web application to enforce the use of encryption for all communication.
This header can specify the use of Transport Layer Security (TLS) or Secure Sockets Layer (SSL) protocols to ensure that all data transmitted
between the web server and client is encrypted. The header can also configure various security-related options such as disabling caching,
preventing cross-site scripting (XSS) attacks, and mitigating cross-site request forgery (CSRF) attacks.
HTTP security headers include:
Strict-Transport-Security (HSTS)
X-XSS-Protection
X-Content-Type-Options
X-Frame-Options
Content-Security-Policy
Note: HTTP security headers are not a replacement for encryption but rather a way to enforce encryption.
upvoted 4 times
淘宝店铺:https://shop63989109.taobao.com/
rhocale 9 months, 1 week ago
i thought HTTP isn't secure
upvoted 1 times
scarceanimal 7 months, 2 weeks ago
*HTTP security header*
upvoted 1 times
deeden 1 year ago
Selected Answer: A
https://www.youtube.com/watch?v=064yDG7Rz80
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #145
A company labeled some documents with the public sensitivity classi cation. This means the documents can be accessed by:
A. employees of other companies and the press.
B. all members of the department that created the documents.
C. only the company's employees and those listed in the document.
D. only the individuals listed in the documents.
Correct Answer: C
店
店
铺
Community vote distribution
;
学
习
铺
;
学
习
A (98%)
小
小
店
stoneface
店
66
Highly Voted
66
1 year ago
Selected Answer: A
Public (unclassified)—there are no restrictions on viewing the data. Public information presents no risk to an organization if it is disclosed but
does present a risk if it is modified or not available.
upvoted 33 times
stonefaces_kitten 10 months, 1 week ago
Thank you (:
upvoted 10 times
Boubou480
Highly Voted
8 months, 2 weeks ago
Selected Answer: A
A company labeled some documents with the public sensitivity classification means that the documents can be accessed by employees of other
companies and the press. The public sensitivity classification indicates that the documents are intended for public access and can be shared with a
wide audience, including employees of other companies and members of the media. This classification is often used for documents that contain
information that is not sensitive or confidential and that can be shared freely with the public. In contrast, documents with other sensitivity
classifications, such as "confidential" or "private," may have more restricted access and may only be shared with a limited group of individuals,
such as employees of the company or those listed in the document.
upvoted 6 times
P_man 5 months, 4 weeks ago
This clarification helps. Thank you. I was reading it as C, but I think A is correct now.
upvoted 1 times
Abbey2
Most Recent
2 weeks ago
Wondering how 98% of the people voted the wrong answer!
upvoted 1 times
grumpy_farmer 3 weeks, 5 days ago
Access vs distribution they weren't distributed but are able to be accessed.. they are stupid on semantics
upvoted 1 times
RevolutionaryAct 1 month, 2 weeks ago
I think the real question is where are these documents located?
If they are on internal servers not public facing then C, otherwise the answer is A
upvoted 1 times
店
铺
;
学
习
ApplebeesWaiter1122 1 month, 3 weeks ago
小
Selected Answer: A
店
66
店
铺
;
学
习
小
店
Public: Information that is intended for unrestricted public access and does not contain sensitive or confidential data.
upvoted 2 times
66
Protract8593 2 months ago
Selected Answer: A
Documents labeled with the "public" sensitivity classification are accessible to anyone, including employees of other companies and the press.
This classification means there are no restrictions on viewing the data, and it is considered public information.
upvoted 1 times
fouserd 4 months, 3 weeks ago
Selected Answer: A
I think the key word for this one is "Public" Sensitivity Classification.
upvoted 1 times
MasterControlProgram 5 months, 3 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: A
The public sensitivity classification means that the documents can be accessed by anyone, including individuals outside of the company.
Therefore, the correct answer is:
A. employees of other companies and the press.
upvoted 1 times
assfedass nished 5 months, 4 weeks ago
Selected Answer: C
I think the correct answer is C, as I read the question and the provided answers, it made me think of U/FOUO designation, or Unclassified/For
Official Use Only. This designation indicates that the document with those markings are unclassified, but not appropriate for public release. I am
biased, since that is primarily my background.
upvoted 1 times
Ahmed_aldouky 6 months, 4 weeks ago
店
铺
店
铺
If a company has labeled some documents with the public classification, it means that the documents can be accessed by anyone who has access
to the documents, including employees of other companies and the press.
;
;
学
学
习
Option A, employees of other
小 companies and the press, is the correct answer. The public classification means习that小the documents are not
店 be shared with anyone who needs to access them.
店
confidential or sensitive and can
66
66
Option B, all members of the department that created the documents, is incorrect because the public classification does not limit access to a
specific department or group of individuals.
Option C, only the company's employees and those listed in the document, is incorrect because the public classification means that the
documents are not restricted to the company's employees or any specific individuals.
Option D, only the individuals listed in the documents, is incorrect because the public classification means that the documents can be accessed by
anyone who has access to them, not just the individuals listed in the documents.
upvoted 1 times
Deeppain90 8 months, 1 week ago
owww I get it now its "company labeled some documents with the public sensitivity classification" so DOCUMENTS in company even if they are
unclassified are not for shere, from answer C is the one (sorry for my gramar)
upvoted 5 times
Deeppain90 8 months, 1 week ago
Selected Answer: A
WHY C is the chosen answer 0o
upvoted 1 times
Nome02 9 months, 4 weeks ago
A is the correct answer. The Public Sensitivity is Public.
upvoted 1 times
Gino_Slim 11 months ago
Selected Answer: A
I aint going to lie...I read this all the way wrong. I was thinking that it was referring to NOT allowing the public to see it. But...BUT it is classified as
"Public" information.
upvoted 4 times
aslakhaege 1 year ago
Selected Answer: A
A is correct
upvoted 1 times
店
店
铺
铺
k9_462 1 year ago
;
Selected Answer: A
;
学
学
习
小
should be A. public is the least sensitive data class
upvoted 3 times
店
66
习
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #146
Which of the following is the MOST relevant security check to be performed before embedding third-party libraries in developed code?
A. Check to see if the third party has resources to create dedicated development and staging environments.
B. Verify the number of companies that downloaded the third-party code and the number of contributions on the code repository.
C. Assess existing vulnerabilities affecting the third-party code and the remediation e ciency of the libraries' developers.
D. Read multiple penetration-testing reports for environments running software that reused the library.
Correct Answer: C
店
店
铺
Community vote distribution
;
学
习
铺
;
学
习
C (100%)
小
小
店
comeragh
店
66
Highly Voted
66
1 year ago
Selected Answer: C
I would go with C also on this one. It seems to make the most sense.
upvoted 5 times
Protract8593
2 months ago
Most Recent
Selected Answer: C
Before embedding third-party libraries in developed code, it is crucial to assess the existing vulnerabilities in the third-party code and evaluate
the responsiveness and efficiency of the library developers in addressing these vulnerabilities. This check helps to ensure that the third-party
libraries are secure and do not introduce unnecessary risks into the developed code.
The other options may provide valuable information about the third-party libraries, but assessing existing vulnerabilities and the responsiveness of
the library developers is the most relevant security check in this context.
upvoted 1 times
SabITSec 10 months ago
b is the possible answer too
upvoted 1 times
Imanism 11 months, 1 week ago
Selected Answer: C
What to be done to best prevent issues in third-party code?
Establish a baseline and process for every third-party software that is introduced into the organisation, including performing a risk assessment to
establish the risk associated with implementing a certain piece of code.
upvoted 4 times
RonWonkers 1 year ago
Selected Answer: C
My guess is C
upvoted 3 times
varun0 1 year ago
店
店
Selected Answer: C
C is correct 铺
;
upvoted 3 times
铺
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #147
A help desk technician receives an email from the Chief Information O cer (CIO) asking for documents. The technician knows the CIO is on
vacation for a few weeks. Which of the following should the technician do to validate the authenticity of the email?
A. Check the metadata in the email header of the received path in reverse order to follow the email's path.
B. Hover the mouse over the CIO's email address to verify the email address.
C. Look at the metadata in the email header and verify the ג€From:ג€ line matches the CIO's email address.
D. Forward the email to the CIO and ask if the CIO sent the email requesting the documents.
店
店
铺
Correct Answer: A
铺
;
;
学
Community vote distribution
习
习
小
店
D (41%)
stoneface
学
A (39%)
66
Highly Voted
C (15%)
小
店
6%
66
1 year ago
Selected Answer: A
https://www.cmu.edu/iso/news/2020/email-spoofing.html
upvoted 12 times
vandybear 10 months, 3 weeks ago
The URL you provided states, "Please note that email headers can be spoofed and are not always reliable. " Wouldn't that make answer A
unreliable?
upvoted 5 times
Sandon 8 months ago
Yes, yes it would
upvoted 3 times
ostralo 11 months, 2 weeks ago
I concur
return path verification is a must.
upvoted 2 times
Ertrexs 7 months, 2 weeks ago
what are you talking about ostralo
upvoted 3 times
J0EL
Most Recent
2 days, 15 hours ago
Selected Answer: D
According to DeepAi
D. Forward the email to the CIO and ask if the CIO sent the email requesting the documents. This is the best practice to validate the authenticity of
the email from the CIO. Since the technician knows that the CIO is on vacation, it is possible that the email could be fake or malicious. Forwarding
the email to the CIO and asking for confirmation will ensure that the email is legitimate. Checking the metadata in the email header and verifying
the email address may not be sufficient as email spoofing is a common tactic used to impersonate someone else's email address. Hovering the
mouse cursor over the email address is also not a reliable method of validation. Checking the metadata in the email header in reverse order may
be useful, but it may not be necessary in this case.
upvoted 1 times
店
店
铺
;
学
铺
;
学
习
习 and being like "this you?" seems
I don't know why so many小
people think its D. Forwarding a possibly malicious email to anyone much less the CIO小
店is on vacation for a few weeks. He likely wouldn't reply quickly and if he did it would店
crazy especially since it says he
be with "why would you
6
66
forward this to me?"
6
revolt54 3 weeks, 3 days ago
upvoted 3 times
Kurt43 2 days, 9 hours ago
A CIO that asks why he is asked to verify a request for security purposes could go on his vacation and never come back. He must be fired ASAP.
upvoted 1 times
bzona 1 month ago
Selected Answer: A
Answer is A. The only way to verify the authenticity of the sender is to verify the return path. This is email checking 101...
upvoted 2 times
Kurt43 2 days, 9 hours ago
A, would have been correct if it was a SOC analyst. But he's a helpdesk
upvoted 1 times
thisguyfucks 1 month, 1 week ago
淘宝店铺:https://shop63989109.taobao.com/
Upon comprehensive review of Network+ and Security+ email security curriculum:
Forwarding potential phishing attempts risks exposing recipients unnecessarily.
Tracing email routes through backward header inspection proves technically challenging and not a supported verification method.
Header validation of key identity fields like "From:" against organizational records remains their endorsed initial precaution.
However, with this CIO absent for an extended period, no option achieves verification singularly.
The most secure approach meeting their goal of authentication without enabling compromise aligning with documented techniques is:
C. Look at the metadata in the email header and verify the "From." line matches the CIO's email address. Then contact another trustworthy affiliate
to corroborate any request.
upvoted 2 times
店
铺
thisguyfucks 1 month, 1 week ago
;
店
铺
;
学
学
习 of Network+ and Security+ email security curriculum:
Upon comprehensive review
小
店
66 risks exposing recipients unnecessarily.
Forwarding potential phishing attempts
Selected Answer: C
习
小
店
66
Tracing email routes through backward header inspection proves technically challenging and not a supported verification method.
Header validation of key identity fields like "From:" against organizational records remains their endorsed initial precaution.
However, with this CIO absent for an extended period, no option achieves verification singularly.
The most secure approach meeting their goal of authentication without enabling compromise aligning with documented techniques is:
C. Look at the metadata in the email header and verify the "From." line matches the CIO's email address. Then contact another trustworthy affiliate
to corroborate any request.
upvoted 1 times
thisguyfucks 1 month, 1 week ago
Upon comprehensive review of Network+ and Security+ email security curriculum:
Forwarding potential phishing attempts risks exposing recipients unnecessarily.
Tracing email routes through backward header inspection proves technically challenging and not a supported verification method.
Header validation of key identity fields like "From:" against organizational records remains their endorsed initial precaution.
However, with this CIO absent for an extended period, no option achieves verification singularly.
The most secure approach meeting their goal of authentication without enabling compromise aligning with documented techniques is:
C. Look at the metadata in the email header and verify the "From." line matches the CIO's email address. Then contact another trustworthy affiliate
to corroborate any request.
upvoted 1 times
RevolutionaryAct 1 month, 2 weeks ago
Selected Answer: C
A. Check the metadata in the email header of the received path in reverse order to follow the email's path. - can be spoofed
B. Hover the mouse over the CIO's email address to verify the email address. - not enough
店
店
C. Look at the metadata in the email header and verify the ג€From:ג€ line matches the CIO's email address. - this one covers both
铺
铺
;
;
D. Forward the email to the CIO and ask if the CIO sent the email requesting the documents. - no because it'd be spreading phishing/malware at
worst or annoy the CIO at best
upvoted 2 times
学
学
习
习
小
店
66
DriftandLuna 1 month, 3 weeks ago
小
店
66
Selected Answer: D
I;m going for D here. As per the link Stoneface provided "Please note that email headers can be spoofed and are not always reliable."
You are not replying to the email if you choose D, you are forwarding it to the email address you know belongs to the CIO.
Having the person who is supposed to have sent you the mail confirm they actually did send it leaves no doubt and is therefor the BEST way to
check the request is legitimate.
upvoted 2 times
Nikamy 1 month, 3 weeks ago
Selected Answer: D
I choose D
upvoted 2 times
Protract8593 2 months ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: D
D makes the most sense here since help desk technicians usually don't have a lot of control over this stuff and have to escalate issues to higher
level IT people.
Me: Isn't this true? "help desk technicians usually don't have a lot of control over this stuff and have to escalate issues to higher level IT people."
ChatGPT: You are correct. Help desk technicians may not have direct access to view the email header metadata or the authority to perform indepth email analysis. In a real-world scenario, when a help desk technician receives an email that appears suspicious, it is advisable for them to
escalate the issue to higher-level IT personnel or the organization's security team. These more specialized personnel can then conduct a thorough
examination of the email header metadata and other relevant information to determine the legitimacy of the email...
upvoted 3 times
Protract8593 2 months ago
...In the context of the CompTIA Security+ SY0-601 exam, the questions often present ideal scenarios where the technician has access to certain
information or actions. However, in real-world situations, the roles and access levels of help desk technicians may vary, and they may need to
rely on higher-level IT personnel or security experts to handle potential security incidents. The main takeaway from the question is the
importance of validating the authenticity of an email, and in a real-world setting, help desk technicians should escalate such matters to
appropriate personnel for further investigation.
店
店
铺
铺
;
;
学
学
习
习
Me: So, keeping that mind, wouldn't it be D?
小
小
店
店
66
ChatGPT:
66
Yes, in a real-world scenario where help desk technicians typically don't have access to detailed email header metadata or advanced analysis
tools, the best course of action for the technician would be to escalate the issue to higher-level IT personnel or the organization's security
team. Therefore, in the context of the CompTIA Security+ SY0-601 exam, the most appropriate answer would indeed be option D: "Forward
the email to the CIO and ask if the CIO sent the email requesting the documents."
upvoted 1 times
Protract8593 2 months ago
By forwarding the suspicious email to the CIO and seeking confirmation from them directly, the technician can verify the authenticity of the
request and ensure that it is not a phishing attempt or fraudulent activity. It's essential to verify such requests before taking any action to
prevent potential security incidents.
upvoted 1 times
utrone 3 months, 3 weeks ago
Selected Answer: D
D has a key word "Forward". It may indicate to another working email address not the one to reply.
upvoted 2 times
Essi 4 months ago
Selected Answer: A
The metadata in the email header can provide significant information about the email's origin and path. By checking this information in reverse
order, the technician can verify whether the email actually originated from the CIO's email account or from a potentially malicious source.
upvoted 1 times
Yawannawanka 5 months ago
Yes, that's correct. Checking the metadata in the email header of the received path in reverse order to follow the email's path can help validate the
authenticity of an email, as it can show if the email has been forwarded or spoofed. The other options are not as effective in validating the
authenticity of the email.
upvoted 1 times
ThreeKings 5 months, 2 weeks ago
Selected Answer: D
A, B and C are variations of each other. In different ways they say "Check the email header information". But A, B and C do not account for the
threat of Spoofing. D provides the best assurance for security and certainty of verifying the legitimacy of the email.
upvoted 3 times
店
店
铺
;
fouserd 5 months, 2 weeks ago
学
习
铺
;
学
习
小
小
The technician should look at店
the metadata in the email header and verify the “From:” line matches the CIO’s email address.
店 This will help to
66
ensure that the email is authentic6and
that
it
was
sent
by
the
CIO.
6
Selected Answer: C
upvoted 1 times
MasterControlProgram 5 months, 3 weeks ago
Selected Answer: D
D. Forward the email to the CIO and ask if the CIO sent the email requesting the documents. This is the best option to validate the authenticity of
the email. The help desk technician can confirm with the CIO whether they indeed sent the email requesting documents. It is always good practice
to verify any suspicious emails or requests, especially when they involve sensitive information or actions. Checking the metadata in the email
header or hovering over the email address may provide some additional information, but they can also be spoofed or manipulated. Therefore, it
is not a reliable method of verification.
upvoted 1 times
ffsilveira10 5 months, 1 week ago
Man you are gonna email the attacker, not CIO... CIO is on vacation and not seeing the email
upvoted 2 times
gunnyhwyusmc 4 months, 2 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Forwarding the email to the CIO is not replying to the email. If you forward, then there is no need to worry :)
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #148
A company needs to validate its updated incident response plan using a real-world scenario that will test decision points and relevant incident
response actions without interrupting daily operations. Which of the following would BEST meet the company's requirements?
A. Red-team exercise
B. Capture-the- ag exercise
C. Tabletop exercise
D. Phishing exercise
店
店
铺
Correct Answer: C
铺
;
;
学
Community vote distribution
习
习
小
店
C (65%)
TR3Y
学
66
D (20%)
小
店
A (15%)
66
1 year ago
Highly Voted
A Cyber Security tabletop exercise is a discussion-based event (not real). If they are looking for "real world" solution to validate their IRP then the
best option would be a "Red Team" as they can simulate a real-world event testing your organizations IRP. let me know If I am missing something.
upvoted 10 times
03allen 11 months, 1 week ago
"without interrupting daily operation" would be the reason.
upvoted 11 times
Protract8593
2 months ago
Most Recent
Selected Answer: C
A tabletop exercise is a type of scenario-based simulation that allows organizations to validate their incident response plan without executing the
plan in a real-world environment. It involves a discussion-based approach, where key stakeholders come together in a controlled environment to
walk through a hypothetical incident and discuss their responses, decision points, and actions. This exercise allows the organization to identify
areas of improvement, test communication and coordination, and assess the effectiveness of their incident response procedures without
disrupting regular operations.
upvoted 1 times
LiteralGod 2 months ago
Selected Answer: A
Guys a Tabletop exercise would still interrupt daily operations, whereas a red team would usually be subbed to a third party.
upvoted 1 times
Kurt43 2 days, 8 hours ago
agreed. pulling resources from their desk to do tabletop interrupts their regular office functions.
upvoted 1 times
LeonardSnart 4 months ago
Selected Answer: C
key point- test decision points and relevant incident response actions without interrupting daily operations
"A tabletop exercise (also called a desktop exercise) is discussion-based. A coordinator gathers participants in a classroom or conference room
and leads them through one or more hypothetical scenarios such as a cyberattack or a natural disaster. As the coordinator introduces each stage of
the scenario, the participants identify how they would respond
based on an organization’s plan. This generates discussion about team members’ roles and responsibilities and the decision-making process
during an incident."
-Security+ Get Certified Get Ahead SY0-601 by Darril Gibson
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
fouserd 5 months, 1 week ago
Selected Answer: C
A tabletop exercise would BEST meet the company’s requirements as it is designed to simulate an incident in a low-risk environment, such as a
conference room, where participants discuss and walk through the response plan and identify gaps and opportunities for improvement1. This type
of exercise tests decision points and relevant incident response actions without interrupting daily operations
upvoted 1 times
assfedass nished 5 months, 3 weeks ago
Selected Answer: C
It's table top. The other activities, even a phishing exercise, interrupts daily activities. For the phishing activity, you receive a non-work related
email, that interrupts your daily activities.
upvoted 1 times
MasterControlProgram 5 months, 3 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: C
A tabletop exercise would BEST meet the company's requirements as it is designed to simulate an incident in a low-risk environment, such as a
conference room, where participants discuss and walk through the response plan and identify gaps and opportunities for improvement. It would
allow decision points to be tested, relevant incident response actions to be evaluated, and facilitate discussion of response and recovery
procedures without interrupting daily operations. Red-team exercises, capture-the-flag exercises, and phishing exercises are all designed to
simulate real-world attacks and test specific security controls, and may not be suitable for validating an incident response plan.
upvoted 1 times
gladtam 6 months ago
The tabletop exercise is a verbally-simulated scenario that mimics a real cybersecurity incident which could have a damaging impact on your
business continuity.
upvoted 2 times
mvckenzi 6 months, 3 weeks ago
Selected Answer: A
店
We're testing decision points and incident response actions. The answer is A.
铺
店
铺
;
;
It's definitely not capture
学 the flag.
学
习away from daily ops.
习
It's not TTXs. Those take
小
小 and we're testing out our
Phishing exercises isn't wrong, but red-table exercises would be the most correct fit since the network is being attacked
店
店
current incident response.
66
66
upvoted 1 times
MSCerti cations 8 months ago
Selected Answer: D
I'll go with phishing
upvoted 1 times
nicekoda 8 months, 3 weeks ago
Answer is Red team exercise. The actions are real world and intended to simulate the operational approach of a ransomware-style attack without
overwriting sensitive files.
upvoted 1 times
alwaysrollin247 9 months, 1 week ago
Selected Answer: A
Red Team exercises differ from penetration testing in that they don’t focus on a single application or system, but instead set out to exploit
multiple systems and potential avenues of attack. The gloves are off, and “Think like an attacker” is the rule of play. Usually, Red Teams are part of
your internal security team, though sometimes they can be from external or dedicated agencies. While thinking like an attacker, a Red Team group
acts as (and provides security feedback from the perspective of) a malicious threat or challenger. It’s up to the business’s dedicated security team –
the Blue Team – to provide a suitable response in detecting, combating, and weakening their opposition. Prior to the Red Team exercise, it’s usual
that the Blue Team won’t know the plan or what is coming. This is in order to make the exercise as realistic as possible.
https://www.imperva.com/blog/what-are-red-team-exercises-and-why-are-they-important/
upvoted 1 times
KingTre 9 months, 2 weeks ago
Selected Answer: D
Although table top is a the most voted answer , "without interruping daily operations" leads me to think D would be correct.
Tabletops involve physical participants to sit down and talk through incidents. This would take time and people away from daily operations.
A phishing tactic could be done by 1 security officer and sent out as a daily email. Correct me if I'm wrong.
upvoted 3 times
ja1092m 1 month ago
That's not what they mean by "daily operations" that's why you're getting confused. Daily operation is referring to technical work imo
upvoted 1 times
店
店
铺
铺
;
;
学
习
assfedass nished 5 months, 3 weeks ago
小
Your phishing email would disrupt the daily activities of anyone who receives that email.
upvoted 1 times
店
66
RonWonkers 1 year ago
Selected Answer: C
C is correct
upvoted 3 times
serginljr 1 year ago
Selected Answer: C
C is the correct answer
upvoted 4 times
学
习
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #149
Security analysts are conducting an investigation of an attack that occurred inside the organization's network. An attacker was able to collect
network tra c between workstations throughout the network. The analysts review the following logs:
The Layer 2 address table has hundreds of entries similar to the ones above. Which of the following attacks has MOST likely occurred?
店
店
铺
;
A. SQL injection
铺
;
学
学
习
习
小
小
店
B. DNS spoo ng
店
66
C. MAC ooding
66
D. ARP poisoning
Correct Answer: C
Community vote distribution
C (100%)
rodwave
10 months, 2 weeks ago
Highly Voted
Selected Answer: C
Answer: MAC flooding
The question mentions that the table is on Layer 2 which is the Data link layer. The data-link layer is where switches operates on to move traffic.
Switches will use MAC addresses to find the physical address of the device. This is because the Layer 2 address(MAC Address) will be unique on
the local network.
MAC flooding is a cyber attack that overflows the MAC Table (Layer 2 Table) of switches by sending out invalid MAC addresses.
When a MAC Address table is full, the switch is no longer able to save new addresses, so it will enter into fail-open mode and begin broadcasting
data (like a hub) to all ports. This will allow an attacker to get data packets intended for another computer and be able to steal sensitive
information.
upvoted 18 times
Protract8593
2 months ago
Most Recent
Selected Answer: C
In MAC flooding (also known as MAC address table overflow attack), an attacker sends a large number of frames to a network switch with fake
source MAC addresses, causing the switch's MAC address table to become full. When the MAC address table is full, the switch will operate in "failopen" mode and start broadcasting traffic to all ports instead of sending it only to the appropriate port, effectively turning it into a hub-like
behavior. This allows the attacker to capture network traffic from multiple workstations on the network, as mentioned in the scenario.
upvoted 1 times
Yawannawanka 5 months ago
店
店
Based on the provided information, the attack that MOST likely occurred is MAC flooding, as the Layer 2 address table has hundreds of entries that
are overwhelming the switch's ability to forward frames efficiently. This is a common technique used in denial-of-service (DoS) attacks, where the
attacker floods the switch's MAC address table with fake addresses, causing it to slow down or stop forwarding frames altogether. SQL injection
and DNS spoofing are application layer attacks, while ARP poisoning involves modifying ARP tables to redirect network traffic.
upvoted 1 times
铺
铺
;
;
学
学
习
习
小
店
fouserd 5 months, 2 weeks ago
66
小
店
66
Selected Answer: C
The attack that has most likely occurred is MAC flooding. MAC flooding is a type of network attack that involves sending a large number of frames
with different source MAC addresses to a switch. This causes the switch to flood its address table and forward all traffic to all ports, allowing an
attacker to collect network traffic between workstations throughout the network.
upvoted 1 times
deeden 1 year ago
Selected Answer: C
I agree with MAC flooding. Here's a good read about it and how to prevent.
https://www.omnisecu.com/ccna-security/what-is-mac-flooding-attack-how-to-prevent-mac-flooding-attack.php
upvoted 3 times
RonWonkers 1 year ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: C
Hundreds of entries, I would assume its flooding
upvoted 4 times
_Tyler_ 1 year ago
Selected Answer: C
All the other answers involve an attack that changes data that is already present this question states that there are hundreds of entries indicating
flooding.
upvoted 4 times
ScottT 1 year ago
and Layer 2 ruling out SQL and DNS
upvoted 2 times
Yuyuyakuza 1 year ago
店
店
铺
铺
Mac Flooding "Layer 2.."
upvoted 1 times
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #150
A security policy states that common words should not be used as passwords. A security auditor was able to perform a dictionary attack
against corporate credentials. Which of the following controls was being violated?
A. Password complexity
B. Password history
C. Password reuse
D. Password length
店
店
铺
Correct Answer: A
铺
;
;
学
Community vote distribution
习
学
习
小
A (91%)
店
66
rodwave
Highly Voted
4%
小
店
66
10 months, 2 weeks ago
Selected Answer: A
Answer: Password complexity
Password complexity is a measure of how difficult a password is to guess in relation to any number of guessing or cracking methods. For the
security auditor to be able to successfully perform a dictionary attack, that means that the credentials were too predictable and was likely a
common password.
upvoted 9 times
Protract8593
Most Recent
2 months ago
Selected Answer: A
The security policy states that common words should not be used as passwords, which implies that the passwords should have certain complexity
requirements to avoid using easily guessable passwords. A dictionary attack is an attempt to crack passwords by systematically trying words from a
dictionary, and it can be successful when passwords lack complexity. By enforcing password complexity requirements, organizations aim to
prevent attackers from using simple and common words as passwords.
upvoted 1 times
tutita 5 months, 3 weeks ago
Selected Answer: A
we need more easy questions like this
upvoted 3 times
user82 5 months ago
I wish 6% of voters agreed. This question still has people picking D
upvoted 1 times
xxxdolorxxx 8 months ago
Selected Answer: A
A makes the most amount of sense to me.
upvoted 1 times
NICKJONRIPPER 10 months ago
店
店
铺
铺
passwords in common
dictionary, we can find
; dictionary is not necessarily not complex. In the well-known "/usr/share/wordlists/rockyou.txt"
;
学
学
passwords like "arisDAN13032008",
"arires_super13@hotmail.cpom"... So it`s about reuse, not about complexity.
习
习
upvoted 1 times
小
小
店
店
6
66
Sandon 9 months, 2 weeks ago6
Selected Answer: C
That ain't it
upvoted 4 times
Gino_Slim 11 months ago
Selected Answer: A
Not even sure how that one person got D. The answer is A all the way. Complexity refers to how the password needs to be formatted.
upvoted 1 times
RonWonkers 1 year ago
Selected Answer: A
It is A
upvoted 2 times
Ay_ma 1 year ago
淘宝店铺:https://shop63989109.taobao.com/
Selected Answer: D
According to guidance offered by the National Institute of Standards and Technology (NIST), password length is more important than password
complexity. This actually makes a lot of sense as longer passphrases take longer to crack, and they are easier to remember than a string of
meaningless characters.
NIST has provided a number of additional recommendations for organizations to follow, some of which include:
- Passphrases should consist of 15 or more characters.
- Uppercase, lowercase, or special characters are not required.
- Only ask users to change their passwords if you believe your network has been compromised.
- Check all new passwords against a list of passwords that are frequently compromised.
- Avoid locking your users out of their accounts after a number of unsuccessful login attempts, as hackers will often try to flood networks by
purposely trying incorrect passwords in order to lock users out of their accounts.
- Don’t allow password “hints.”
www.lepide.com
店
店
I'm inclined to go for option D
upvoted 1 times
铺
铺
;
;
学ago
user82 5 months 习
学
习
小 Complex passwords > password length
No WAY it’s D. Come on man.
店
66
upvoted 1 times
小
店
66
rhocale 9 months, 1 week ago
this would make sense except the fact that its a dictionary account and length of words wont stop a dictionary account its still a basic word
upvoted 2 times
RonWonkers 1 year ago
This might be true but it does not answer the question.
The question is: Which of the following controls was being violated?
When using a standard word you violate complexity control.
upvoted 6 times
comeragh 1 year ago
Selected Answer: A
Agree with A here
upvoted 4 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #151
A SOC operator is analyzing a log le that contains the following entries:
Which of the following explains these log entries?
A. SQL injection and improper input-handling attempts
店
B. Cross-site铺
scripting
; and resource exhaustion attempts
学
习 directory traversal attempts
C. Command injection and
小
店
D. Error handling and privilege escalation
66 attempts
店
铺
;
学
习
小
店
66
Correct Answer: C
Community vote distribution
C (100%)
stoneface
Highly Voted
1 year ago
Selected Answer: C
C. Command injection and directory traversal attempts
upvoted 15 times
ScottT 1 year ago
https://www.professormesser.com/security-plus/sy0-401/directory-traversal-and-command-injection-2/
upvoted 10 times
VendorPTS 11 months, 4 weeks ago
Thank you. This was super helpful.
upvoted 3 times
rodwave
10 months, 2 weeks ago
Highly Voted
Selected Answer: C
Answer: Command injection and directory traversal attempts
Directory traversal is when an attacker uses the software on a web server to access data in a directory other than the server's root directory. If the
attempt is successful, the threat actor can view restricted files or execute commands on the server.
Command injection is an attack that involves executing commands on a host. Typically, the threat actor injects the commands by exploiting an
application vulnerability, such as insufficient input validation.
The attacker is attempting to traverse the directory of the host and execute the cat command which could be used to print the contents of a file.
upvoted 7 times
店
Protract8593
2 months ago
Most Recent
铺
Selected Answer: C
;
店
铺
;
学
学
The log entries show attempts to perform command injection and directory traversal attacks. In a command injection attack, the attacker tries to
execute arbitrary commands on the target system by injecting malicious input into the application. In this case, the GET requests in the log entries
include sequences like "../../../../../../etc/passwd" and "../../../../../../etc/shadow," which are attempts to traverse directories and access sensitive files
on the system.
习
习
小
店
66
小
店
66
Directory traversal attacks are an attempt to access files and directories that are outside of the web application's intended directory structure. By
using "../" sequences, the attacker tries to navigate to parent directories and access files that should not be publicly accessible.
upvoted 1 times
Yawannawanka 5 months ago
The log entries suggest command injection and directory traversal attempts. The attacker is attempting to execute commands on the web server
by entering special characters, such as semicolons and forward slashes, in the input fields. They are also trying to access directories outside of the
web root by using "../" in the URI. Therefore, the correct answer is C.
upvoted 1 times
J_Ark1 10 months, 3 weeks ago
Selected Answer: C
When I saw 'Get' instantly I went for cmd injection and traversal attempts.
淘宝店铺:https://shop63989109.taobao.com/
upvoted 3 times
Jossie_C 10 months, 3 weeks ago
Selected Answer: C
The cat command traverses files in a directory.
upvoted 1 times
Sandon 8 months ago
Negative ghost rider. The cat command displays the contents of a file.
upvoted 3 times
Protract8593 2 months ago
Correct. cat = concatenate.
upvoted 1 times
店
店
RonWonkers 1 year ago
铺
铺
;
Selected Answer: C
;
学
学
习
Agree with C
upvoted 3 times
习
小
小
店
店
66
comeragh 1 year ago
66
Selected Answer: C
Agree with C for this one
upvoted 3 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #152
A security incident has been resolved. Which of the following BEST describes the importance of the nal phase of the incident response plan?
A. It examines and documents how well the team responded, discovers what caused the incident, and determines how the incident can be
avoided in the future.
B. It returns the affected systems back into production once systems have been fully patched, data restored, and vulnerabilities addressed.
C. It identi es the incident and the scope of the breach, how it affects the production environment, and the ingress point.
D. It contains the affected systems and disconnects them from the network, preventing further spread of the attack or breach.
店
店
铺
Correct Answer: A
铺
;
;
学
Community vote distribution
习
学
习
小A (100%)
店
66
rodwave
小
店
66
10 months, 2 weeks ago
Highly Voted
Selected Answer: A
Answer: It examines and documents how well the team responded, discovers what caused the incident, and determines how the incident can be
avoided in the future.
The final phase of the incident response is also called the lessons learned or remediation step.
=======================
Phases of the Incident Response Plan:
1. Preparation - Preparing for an attack and how to respond
2. Identification - Identifying the threat
3. Containment - Containing the threat
4. Eradication - Removing the threat
5. Recovery - Recovering affected systems
6. Lessons Learned - Evaluating the incident response, see where there can be improvements for a future incident.
upvoted 7 times
Protract8593
2 months ago
Most Recent
Selected Answer: A
The final phase of the incident response plan is crucial for evaluating the effectiveness of the response, identifying any weaknesses in the incident
handling process, understanding the root cause of the incident, and implementing measures to prevent similar incidents in the future. It involves
conducting a post-incident analysis and generating a comprehensive report with recommendations for improvement.
upvoted 1 times
Jossie_C 10 months, 3 weeks ago
Remediation AKA lessons learned
upvoted 1 times
deeden 1 year ago
Selected Answer: A
https://playbooks.flexibleir.com/incident-response-phases-best-practices/
upvoted 2 times
RonWonkers 1 year ago
店
店
铺
Selected Answer: A
;
I agree, the other steps were Identification, containment and recovery, It is A, lessons learned
upvoted 3 times
学
习
Danalyst 1 year ago
'Lessons Learned'
upvoted 2 times
小
店
66
铺
;
学
习
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #153
HOTSPOT Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.
INSTRUCTIONS Not all attacks and remediation actions will be used.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Hot Area:
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Correct Answer:
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
ce bo
Highly Voted
2 years, 6 months ago
Botnet->Enable DDoS protection
RAT->Disable remote access services
Worm-> Change default passwords
Keylogger->2FA using push
Backdoor->Code Review
upvoted 154 times
Protract8593 2 months ago
I agree with cefibo for all 5 scenarios. Contrary to what etwe04 said, ChatGPT said that change is not correct:
3. Worm -> Change Application password
小
店
66
✗ This choice is not accurate. Worms typically淘宝店铺:https://shop63989109.taobao.com/
exploit vulnerabilities to propagate through networks, and changing the application password
might not directly address the worm issue. Instead, changing default passwords for systems or services would be more relevant here.
upvoted 1 times
etwe04 2 years, 3 months ago
Everything is right just change Worm > Change Application password
upvoted 19 times
CapnFlint 1 year, 6 months ago
Ditto on the keylogger problem. Since all it says is that a keylogger is being used and not how it got there or what type it is, the best answer is
implement 2FA since that will mitigate any keylogger /cred harvesting attack by ensuring that the stolen credentials alone wont be enough to
compromise an account.
upvoted 4 times
John_Ferguson 2 weeks, 3 days ago
It specifies it is hardware
upvoted 1 times
店
店
铺
铺
;
;
学
学
EricShon 6 months,
习1 week ago
习
小
小
The only change I would make would be keylogger > patch vulnerable systems.
店
店
66
66
In the case of an attack that is self-propagating and compromises a SQL database using well-known credentials as it moves through the
network, changing the default system or application password may not be the most effective preventative or remediation action since the
attacker has already gained access to the network using well-known credentials.
Instead, the BEST preventative or remediation action would be to patch vulnerable systems and disable vulnerable services to prevent further
exploitation by the attacker. Additionally, implementing a host-based IPS (Intrusion Prevention System) could help detect and block any further
malicious activity on the compromised system. Finally, it is important to conduct a thorough review of the network and systems to identify any
other vulnerabilities that could be exploited by the attacker.
upvoted 2 times
hanoi92
1 year, 11 months ago
Highly Voted
I think result
1. Web server ======> Botnet ===> Enable DDoS protection
2. User => RAT =====> Implement a host-base IPS
3. Database server ======> Worm ===> Change the default application password
4. Executive =====> Keylogger > Implement 2FA using push notification
5. Application =======> Backdoor > Conduct a code review
upvoted 26 times
hieptran 5 months, 3 weeks ago
Agree on the 2. -> HIPS
While disabling remote access services can be effective in preventing RAT attacks, it may not be practical or feasible in all situations,
particularly in cases where remote access is necessary for legitimate business purposes.
On the other hand, a host-based IPS provides real-time monitoring and protection against RAT attacks, as well as other types of threats. It can
also be configured to provide alerts or take automatic actions when an attack is detected, which can help to minimize the damage caused by
the attack. Therefore, I would recommend implementing a host-based IPS as the best preventative or remediation action against RATs.
upvoted 3 times
LeonardSnart
Most Recent
1 week, 2 days ago
Took my exam 9/11/23 and this PBQ was on the exam, I went with hanoi92's answers and got an 814 on the test.
upvoted 1 times
mahaaaa 1 week, 3 days ago
I pass my exam on first try today with 784 marks. I got total of 78 questions and 3 of them were PBQ. This question was also in the exam. My
answer was
Botnet->Enable DDoS protection
RAT->Disable remote access services
Worm-> Change default passwords
Keylogger->2FA using push
Backdoor->Code Review
I prepare myself only by studying all 693 questions with comments from exam topic. About 70 percent questions in the exam were from here. If
you understand the concept behind all these questions then it is easy to pass the exam. You have to be very quick to finish all the questions in 90
minutes. Without this resource it was not possible for me to pass this exam. I want to Thank You all of those who participated in the comments
and give their expert opinion. Wishing good luck to all who are preparing for the exam.
upvoted 2 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
agats 4 weeks, 1 day ago
This site is the best! took my exam a few weeks ago and passed. This question was there, along with the other simulations on this site.. Study them
well
upvoted 4 times
ImpactTek 1 month ago
the exact question was on my exam 8/11/23! I chose worm over virus
upvoted 4 times
LO353 4 days, 5 hours ago
淘宝店铺:https://shop63989109.taobao.com/
same 18/9/23
upvoted 1 times
Nikamy 1 month, 3 weeks ago
All good.
Just, Worm -> Change App Default Pass.
Why RAT and Stop Remote instead of HIPS? Because the RAT is already on the system and the HIPS might think the RAT is a good aplication. So
the good answer is RAT + Disable Remote Access Serives.
upvoted 2 times
ccnaexam28 1 month, 4 weeks ago
this was on my exam. i've gone with cefibo except worm is application pw.
Took the exam 27/7/2023, I scored 840 and got 82 questions in total(with 3 PBQs). (not quite sure what questions I got right or wrong, there were
tons that have 50/50 percentage in this site)
店
店
铺
90%+ is from this
site and I have no contributor access though I think it's also just luck on what set铺
you'll
get from their questions' pool. good
;
;
luck!
学
学
习
习
upvoted 4 times
小
小
店
店
66
Nikamy 1 month, 3 weeks ago66
Hi, wait what?
upvoted 2 times
MorganB 4 months, 4 weeks ago
MorganB 0 minutes ago Awaiting moderator approval
Pass my exam 27, April 23. This question was not on my exam.
upvoted 2 times
Neither_you_nor_me 5 months, 2 weeks ago
Refer this as well - https://www.examtopics.com/discussions/comptia/view/40100-exam-sy0-601-topic-1-question-2-discussion/
upvoted 4 times
ejtaly611 7 months ago
Worms
Unlike Trojans that require user interaction, worms spread themselves.
Viruses
Computer viruses are malicious programs that self-copy and self-replicate. Viruses require one or more infection mechanisms that they use to
spread themselves
comptia security study guide. page 51
upvoted 1 times
StillLearning 7 months, 3 weeks ago
Hi All, on Friday I did the exam and passed thankfully. The first PBQ was how to generate an open SSH key in Linux. It also included the chmod
commands for 777 and chmod 666 I think I know it the first number was a 6.
PBQ 153 and 154 were the 2nd and 3rd questions. One thing I will say know your stuff use this site as a reference as Comptia is changing the
questions. I would also recommend Professor Messer who does a great job of explaining everything: https://www.professormesser.com/securityplus/sy0-601/sy0-601-video/sy0-601-comptia-security-plus-course/ you can also find this on YouTube. Best of luck to everyone and thanks for
your help and feedback this is always a great source.
upvoted 23 times
nul8212 9 months, 1 week ago
3.- Worm, Chage the default application password
upvoted 1 times
VendorPTS 11 months, 4 weeks ago
店
店
Syn packets from multiple sources => WebServer => Botnet => Enable DDoS protection
Establishes a connection, allows remote commands => User => RAT => Implement host-based IPS (Trojans and RATs - CompTIA Security+ SY0501 - 1.1 - Professor Messer IT Certification Training Courses)
Self-Propagating => Database Server => Worm => Change Default App Passwords
Hardware to remote monitor user input/credentials => Executive => KeyLogger => 2FA
Embeds hidden access, internally developed app => Application => Backdoor => Conduct Code Review
upvoted 3 times
铺
铺
;
;
学
学
习
习
小
店
66
andrizo 11 months, 1 week ago
not liking ips vs disabling
upvoted 1 times
VendorPTS 11 months, 4 weeks ago
The hyperlink to RATs got lost in the post above. This was helpful to me.
https://www.professormesser.com/security-plus/sy0-501/trojans-and-rats/
upvoted 1 times
tony9622 12 months ago
How does 2FA push notifications prevent key logging?
upvoted 2 times
小
店
66
andrizo 11 months, 1 week ago
淘宝店铺:https://shop63989109.taobao.com/
possibly because even if they have your login, they cannot bypass a secondary authentication method with just a keylogger
upvoted 5 times
ffsilveira10 5 months, 1 week ago
I was wondering the same... Because a keylogger is normally installed on the system, so doens't need to login to any system to capture users's
input. I would go in this case in the option "patch your systems"...
upvoted 1 times
irfana 1 year, 2 months ago
Just took SY0-601 Exam today and pass !!
**This question was on the test**
upvoted 11 times
CLAW_ 1 year, 2 months ago
店
Passed last week Thursday with 800. This was the third question on the test. I went with Botnet->Enable DDoS protection
RAT->Disable remote access services
Worm-> Change default passwords
Keylogger->2FA using push
Backdoor->Code Review
upvoted 16 times
铺
;
店
铺
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #154
During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters,
numbers, and letters, and two special characters. Once the password is created, the company will grant the employee access to other companyowned websites based on the intranet pro le. Which of the following access management concepts is the company most likely using to
safeguard intranet accounts and grant access to multiple sites based on a user's intranet account? (Choose two.)
A. Federation
B. Identity proo ng
C. Password complexity
店
店
铺
铺
D. Default password changes
;
;
学
E. Password manager
学
习
习
小
小
店
F. Open authentication
店
66
66
Correct Answer: AC
Community vote distribution
AC (100%)
kopeba3998 2 weeks, 4 days ago
Selected Answer: AC
The password must include ten characters, numbers, and letters, and two special characters -> It is A
grant the employee access to other company-owned websites -> It is C
A and C
upvoted 2 times
discord42069 2 weeks, 5 days ago
im taking my exam today will let yall know if I pass
upvoted 3 times
zackgr 2 weeks, 3 days ago
Good luck. how did it go?
upvoted 2 times
sujon_london 3 weeks, 2 days ago
Selected Answer: AC
combining password complexity and federation, the company can enhance the security of intranet accounts and streamline access to multiple
sites, providing a more efficient and secure user experience.
upvoted 3 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #155
SIMULATION An attack has occurred against a company.
INSTRUCTIONS You have been tasked to do the following:
✑ Identify the type of attack that is occurring on the network by clicking on the attacker's tablet and reviewing the output.
✑ Identify which compensating controls a developer should implement on the assets, in order to reduce the effectiveness of future attacks by
dragging them to the correct server.
All objects will be used, but not all placeholders may be lled. Objects may only be used once.
店
铺
店
铺
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Correct Answer:
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
stoneface
Highly Voted
66
1 year ago
I think this is correct.
Application Source Code -> Code Review
店
铺
;
CRM Server - > Record Level access Control
学
习
小
店
铺
;
学
习
小
Web Server -> WAF and URL Filtering - I initially went with Input Validation instead of URL filtering, but URL filtering works by comparing all web
traffic against URL filters, which are typically contained in a database of sites that users are permitted to access or denied from accessing.
店
66
店
66
Database ->Input validation
upvoted 47 times
Nikamy 1 month, 3 weeks ago
Cookies are only on the client-side. Never in a database so it's not sql.
Your answers are perfect.
upvoted 2 times
deeden 1 year ago
Agreed. The answer is correct. The response page doesn't seem to be consistent with any of the possible output using the other attacks. Found
this link from way back SY0-401 blog.
https://blogs.getcertifiedgetahead.com/cookie-attacks-security/
upvoted 5 times
淘宝店铺:https://shop63989109.taobao.com/
stoneface 1 year ago
For the attack I think this is a SQLi attack
upvoted 11 times
Protract8593 1 month, 4 weeks ago
I think it's an XSS attack. ChatGPT said the following:
Based on the provided information, the attack shown in the simulation is Cross-Site Scripting (XSS). In this attack, the attacker injects
malicious scripts into the web page viewed by other users, typically by exploiting a vulnerability in the web application. The response
shows that the attacker has injected a script into the web page that collects user login details (usernames, cookie IDs, and login times) and
sends them to the attacker-controlled server.
I believe your compensating controls are correct, though. Also, is it just me or is the answer provided for this question correct? It selected
the same compensating controls as you and it selected an XSS attack as the attack type.
upvoted 3 times
店
铺
Knowledge33 10 months, 3 weeks ago
;
店
铺
;
It's not mentioned in the question that the database is using SQL. It could be Oracle or anything else. It means SQLi is not correct. The
unique possibility is XSS attack
upvoted 3 times
学
学
习
习
小
小
店
店
66 1 week ago
Lionel_TheITGuy 8 months,
66
Oracle dbs use a sql structure though.
upvoted 7 times
KetReeb 1 year ago
Why not Session Hijacking? The output shows that the table used multiple accounts and the session cookies associated with the account
IDs.
upvoted 2 times
stoneface 1 year ago
Very true - > After digging aroung (again) this could be a Session Hijacking attack, and also a XSS attack - https://owasp.org/wwwcommunity/attacks/Session_hijacking_attack
But a session hijacking attack or a XSS would not reveal session ids for multiple users, besides there are additional fields on the response
(name, login_time), this is information that will tipically be stored on a database.
I still believe this is a SQLi attack ... I listen to you.
upvoted 11 times
anonimouse2 1 year ago
It is a XSS attack. Check diagram here: https://www.imperva.com/learn/application-security/cross-site-scripting-xss-attacks/
upvoted 14 times
hieptran 5 months, 2 weeks ago
No, believe in Stoneface guys lol.
For my own logic, this is definitely a SQL injection attack.
The information from the question - which is not enough but pretty sure that no XSS attack can show ID, session and login time
for MULTIPLE USER. This must be the backend using a SQL database to store those information. And how do we exploit the
database to show us data, with xss? lol no.
Read OWASP top 10 again.
upvoted 3 times
inkedia3
Highly Voted
12 months ago
Wrote the exams yesterday and passed. Please pay attention to these PBQs. they were all on the exams. Funny I wasnt paying must attention to
them till about three hours before my exams. Anyway I passed with 785 score... I will say give these questions 90% of your attention and look for
the 10% from other sources...
upvoted 23 times
店
店
铺
above
;
Most Recent
学
铺
1 month, 1 week ago
习
https://blogs.getcertifiedgetahead.com/cookie-attacks-security/
小
店 statement, and typically includes a phrase such as or 1=1.
A SQL injection attack uses a SQL
66 XML markup data, with XML tags within the < and > symbols.
An XML injection attack would include
;
学
习
小
A session hijacking attack uses a cookie to take over a session. However, it’s more than just the text within a cookie.
upvoted 2 times
DriftandLuna 1 month, 3 weeks ago
is the 1st window the attacker tablet?
upvoted 1 times
MorganB 4 months, 4 weeks ago
MorganB 0 minutes ago Awaiting moderator approval
Pass my exam 27, April 23. This question was not on my exam but replaced with another simulation question.
upvoted 3 times
MS2023 4 months, 1 week ago
Do u remember which other PBQ u got pls ?
店
66
淘宝店铺:https://shop63989109.taobao.com/
upvoted 1 times
Attila777 4 months, 3 weeks ago
Do you remember what type of pbq did you have?
upvoted 1 times
mosher21 5 months ago
Why would a web server need a URL filter?
upvoted 2 times
EduardosSS 6 months ago
i'm a bit confused... but in the end i think i'll go for sql injection, if anyone could clarify i'd be grateful!
upvoted 2 times
BYU 6 months, 2 weeks ago
店
店
I took my exam yesterday (3/8/2023) and this question was there. 3/4 of PBQs were from here and 80% of MC too. This study community helped
me a lot--Thank you!!
upvoted 12 times
铺
铺
;
;
学
学
习
习
Marito1414 6 months,小
1 week
店 ago
66select? SQLI or XSS
Do you remember what did you
小
店
66
upvoted 4 times
Sleezyglizzy 6 months, 2 weeks ago
Passed my exam today this is def on the exam word from word! Most of the questions on here was on there too! Good luck everyone!
upvoted 5 times
Marito1414 6 months, 1 week ago
Do you remember what did you select? SQLI or XSS
upvoted 3 times
Securitypampam 7 months, 1 week ago
I had my exam today, this was one of the performance questions pay attention to it
upvoted 3 times
nobnarb 10 months, 1 week ago
The Answer is cross-site scripting, this is from Darryl Gibson's website.
Q. A penetration tester has successfully exploited a vulnerability against your organization giving him access to the following data:
User, password, login-date, cookie-id
Homer, canipass, 2016-09-01 11:12, 286755fad04869ca523320acce0dc6a4
Bart, passican, 2016-09-01 11:15, 8edd7261c353c87a113269cd37635c68
Marge, icanpass, 2016-09-01 11:19, 26887fbd90ac0340e29ad62470270401
What type of attack does this represent?
A. SQL injection
B. XML injection
C. XSS
D. Session hijacking
Answer: C. Cross-site scripting (XSS) is the best choice of the available answers. You can see that the penetration tester is looking at cookies
because the header includes ‘cookie-id’ and successful cross-site scripting (XSS) attacks allow attackers to capture user information such as
cookies.
upvoted 18 times
店
铺
; months, 3 weeks ago
DJCODING 6 学
习 hijacking bro isn;t?
Correct option is session
小
店
upvoted 1 times
66
店
铺
;
学
习
小
店
66
J_Ark1 10 months, 2 weeks ago
Definately Cross site Scripting because the end user is being attacked, The main difference between a SQL and XSS injection attack is that SQL
injection attacks are used to steal information from databases whereas XSS attacks are used to redirect users to websites where attackers can steal
data from them. SQL injection is data-base focused whereas XSS is geared towards attacking end users. so definately XSS since end user is
affected.
upvoted 6 times
J_Ark1 10 months, 2 weeks ago
notice the http header
upvoted 1 times
apata123 10 months, 3 weeks ago
This appeared in my exam today, I choose Session hijacking to be the attack… I passed my exam
upvoted 5 times
淘宝店铺:https://shop63989109.taobao.com/
banditring 1 year ago
Question #156
Topic 1
what is a CRM server?
upvoted 2 times
SIMULATION Jakalan7 1 year ago
A systems
administrator
needsCRM
to install
a new
wireless network
for authenticated
guest
access.companies
The wireless
network
should about
support
802.1X
Google
is your friend.
stands
for customer
relationship
management,
it's where
store
information
their
customers, so it's
a database.
using the
most secure encryption and protocol available.
upvoted 4 times
INSTRUCTIONS
redsidemanc2
1 year ago
I think
SQLI juststeps:
because its saying input validation. you put input validation on database to prevent 1=1 ETC
Perform
theits
following
4 times
4. Conupvoted
gure the
RADIUS server.
5.Con
gure the 1WiFi
enginne
yearcontroller.
ago
6. Precon
the client
for an incoming
The guest
ADascredentials
are: control - SQL Injection
In thisgure
scenario
we recommend
inputguest.
validation
for DB
compensating
店
店
upvoted 1 times
铺
铺
;
;
学
学
习
习
Application Source Code 小
-> Code Review
小
店
CRM Server
- > Record
Level 店
access Control
Password:
guestpass
6
66
Web Server -> WAF and URL Filtering
6
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
User:
- 1 year ago
guest01
mark9999
Database ->Input validation
All the same as stoneface put. I think he might be correct with SQL injection as well as the output shows all the users data which is exactly what
you get when using OR 1=1, or apostrophe's in the WHERE clause to cause it to evaluate to TRUE. The session IDs are just part of the column
output, bit of a red herring.
upvoted 9 times
chaddaddy 2 days, 13 hours ago
wrong, if you're quote it. make sure its word for word
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
Correct Answer: Con gure the settings as shown below:
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
66
Con gure the settings as shown below:
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
DUCKDOG
Highly Voted
66
1 year ago
Wifi Controller
SSID: CORPGUEST
SHARED KEY: Secret
AAA server IP: 192.168.1.20
PSK: Blank
Authentication type: WPA2-EAP-PEAP-MSCHAPv2
Controller IP: 192.168.1.10
Radius Server
Shared Key: Secret
Client IP: 192.168.1.10
Authentication Type: Active Directory
Server IP: 192.168.1.20
店
铺
;
Wireless Client
学
习
SSID: CORPGUEST
Username: guest01
Userpassword: guestpass
PSK: Blank
Authentication type: WPA2-Enterprise
upvoted 61 times
小
店
66
h3r0 7 months, 2 weeks ago
how we we leave the PSK to blank? is it in the choices?
it's not in the pull-down choices as mentioned by serjinljr...
WiFi Controller:
Authentication type drop down:
OPEN
WPA-EAP-PEAP-MSCHAPv2
WPA-PSK
WPA2-EAP-PEAP-MSCHAPv2
WPA2-PSK
WEP
店
铺
;
学
习
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Radius Server:
Authentication type drop down:
LOCAL
Active Directory
MSSQL
Wireless Client
Authentication type drop down:
OPEN
WPA-PSK
WEP
WPA2-PSK
WPA2-Enterprise
WPA-Enterprise
upvoted 7 times
店
铺
Protract8593 1 month, 3 weeks ago
;
店
铺
;
P.S. The PSK field seems to be a text field, not a drop-down menu. You should be able to leave it blank.
学
学
习
The drop-down menu
Active Directory for the
小here is the authentication type, which is WPA2-EAP-PEAP-MSCHAPv2 for the WiFi习Controller,
小
店
店
RADIUS Server, and WPA2-Enterprise
for the Wireless Client.
66
66
upvoted 1 times
Juraj22 9 months, 4 weeks ago
Absolutly right from network admin. And this is answr for everybody. if you are using Wifi and Radius, you cant use WPA2-PSK...WPA2-PSK is
for password sharing, for authentication via radius and ActiveDirectory, you have to use EAP-PEAP-MSCHAPv2 :) And i am 100% sure. So this
solution is really OK. And last thing, end user(client), has to know only username and password for client, nothing more....In other words(there is
authentication server- radius and authenticator(Wireless controller), they have to know secret key, but client only username and pass)
upvoted 15 times
andrizo 11 months, 1 week ago
would you mind explaining the auth type=eap-peap; wpa2 enterprise? i think i know why a pre shared key would not be used here.
upvoted 1 times
Juraj22 9 months, 3 weeks ago
yes, in this scenario, You have a 3 type of devices called Authentication server(radius or tacacs), authenticator(AP controller, or switches or AP
in standalone mode and so on) and last one is client. And everything is about that, if client want to join to network, he must contact
authenticator(switch- via ethernet cable or AP - wireless) and in this contact is username and password. Authenticator(swich or in this
scenario AP controller) takes this credentials and sends it to Radius, radus then check this user an his password and if everything is ok, then
he send accept message to authenticator and authenticator to client and client can have full access to network. If not, he will be rejected.
This is only in general, there is more steps, bud idea is that everything is going via EAP :) not WPA2-PSK
upvoted 10 times
ostralo
Highly Voted
11 months, 2 weeks ago
Wifi Controller
SSID - CORPGUEST
Shared key - SECRET (from Radius server)
AAA server IP - 192.168.1.20
PSK - N/A?
Authentication type - WPA2-EAP-PEAP-MSCHAPv2
Radius Server
Shared Key - SECRET
Client IP - 192.168.1.10(Controller IP)
Authentication type - Active Directory(the guest account was created in AD)
Server IP - 192.168.1.20
Wireless Client
SSID - CORPGUEST
Username - guest01
User password - guestpass
PSK - N/A?
Authentication type - WPA2-Enterprise
upvoted 15 times
店
铺
;
学
习
小
店
66
Kaps443
Most Recent
店
铺
;
学
习
小
店
66
4 months, 2 weeks ago
This question was on my exam
upvoted 10 times
MorganB 4 months, 4 weeks ago
MorganB 0 minutes ago Awaiting moderator approval
Pass my exam 27, April 23. This question was on my tested worded differently but the correct answer is DUCKDOG answer listed below.
upvoted 4 times
NerdAlert 5 months, 3 weeks ago
definitely saw this on the exam
upvoted 4 times
apata123 10 months, 3 weeks ago
淘宝店铺:https://shop63989109.taobao.com/
This came in my exam, please take this Pbqs serious…
upvoted 7 times
CloudGrogu 11 months, 4 weeks ago
What are the pulldown options for this question?
upvoted 1 times
serginljr 11 months, 3 weeks ago
WiFi Controller:
Authentication type drop down:
OPEN
WPA-EAP-PEAP-MSCHAPv2
WPA-PSK
WPA2-EAP-PEAP-MSCHAPv2
WPA2-PSK
WEP
店
铺
Radius Server:
; drop down:
Authentication type
学
习
LOCAL
小
Active Directory
店
MSSQL
66
店
铺
;
学
习
小
店
66
Wireless Client
Authentication type drop down:
OPEN
WPA-PSK
WEP
WPA2-PSK
WPA2-Enterprise
WPA-Enterprise
upvoted 8 times
andrizo 11 months, 1 week ago
were just picking the strongest auth type then?
upvoted 4 times
deeden 1 year ago
Suggestions were quite confusing due to drop down options not being shown here (i.e. Authentication type). Also, I can't find any reference of
PSK being asked on any of the references I found on the net.
Sample link below.
https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_with_WPA2-Enterprise
upvoted 2 times
comeragh 1 year ago
Wifi Contoller
AAA Server IP: 192.168.1.20
PSK: Johnknows@123 (if you need to enter something)
Authentication Type: WPA2-PSK
Radius Server
Client IP: 192.168.1.10
Authentication Type: Active Directory
Wireless Client:
SSID: CORPGUEST
Username: guest01
Password: guestpass
PSK: Johnknows@123 (if you need to enter something)
Authentication Type: WPA2-Enterprise
upvoted 5 times
店
铺
;
学
习
Phasmid 1 year ago
店
铺
;
学
习
小
店
小
店
I'm still trying to learn all of this stuff. Could you by any chance give me a clue as to how you knew what IP addresses to fill in?
upvoted 2 times
66
66
_Tyler_ 1 year ago
The given info gives most of the answers away for example the AAA server IP you would input the only other IP given in the question so this
would be the IP of your Radius Server and vice versa.
upvoted 5 times
淘宝店铺:https://shop63989109.taobao.com/
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #157
HOTSPOT An incident has occurred in the production environment.
INSTRUCTIONS Analyze the command outputs and identify the type of compromise.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Hot Area:
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Correct Answer:
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
店
铺
铺
;
学
习
66
stoneface Highly Voted 小
1 year
店 ago
66
Logic Bomb and Backdoor
;
学
习
小
店
66
First compromise relies on a cronjob that will be executed each five minutes
Second compromise is opening port 31337 , https://www.eicar.org/download/eicar.com.txt is a file to test AV products, instead of using real
malware, which could cause real damage, this test file allows people to test anti-virus software without having to use a real computer virus
upvoted 44 times
Protract8593 1 month, 4 weeks ago
You are 100% correct. ChatGPT said the following:
Compromise type 1: Logic bomb
In the first command output, we can see a script written in Bash. The script checks for a user named "john" in the /etc/password file using the
grep command. If the user is not found (when $user is empty), the script executes the command to drop the database "production." This script
is set to run every 5 minutes as per the crontab entry.
This behavior matches the characteristics of a logic bomb. A logic bomb is a piece of code intentionally inserted into a program or script to
淘宝店铺:https://shop63989109.taobao.com/
execute a malicious action when a specific condition
is met, such as a particular date or event. In this case, the condition is the absence of the
user "john," and the malicious action is the deletion of the "production" database...
upvoted 1 times
Protract8593 1 month, 4 weeks ago
...Compromise type 2: Backdoor
In the second command output, we see another script written in Bash. The script prompts the user to enter their full name and then listens
on port 31337 for incoming connections using the netcat (nc) command. This creates a backdoor into the system, allowing unauthorized
access.
The script also downloads a file from the specified URL using the wget command, but this is not directly related to the compromise type.
The significant factor here is the creation of a backdoor through which an attacker can gain unauthorized access to the system.
Hence, compromise type 2 is a Backdoor. A backdoor is a hidden entry point or method in software or system that allows unauthorized
access or bypasses security mechanisms, providing an attacker with a way to access the system undetected.
upvoted 2 times
店
店
铺
铺
;
学
gnv 1 month, 2 weeks ago
习
did you upload images and chatgpt recognized it?.
upvoted 1 times
小
店
66
;
学
习
小
店
rhocale 9 months, 1 week ago
66
this is incorrect the NC gives it away for the second one NC the rat is always listening
upvoted 1 times
hieptran 5 months, 3 weeks ago
wrong, netcat listener often use for reverse shell. And a reverse shell could be used for both RAT or backdoor.
Since this is just a simple script and KISS -> backdoor
upvoted 2 times
stonefaces_kitten 10 months ago
Thank you for this! I agree
upvoted 2 times
scarceanimal 7 months, 2 weeks ago
stoneface is a discord moderator?!
upvoted 7 times
andrizo 11 months, 1 week ago
1st thought for the 1st one was sql, but maybe not
upvoted 1 times
[Removed]
Highly Voted
11 months, 1 week ago
To make it easy for you guys:
if = logic bomb (since logic bomb execute once a condition is met)
nc = rat
upvoted 15 times
Samxi92 11 months, 1 week ago
"Netcat can also establish connections with remote machines. To configure Netcat as a
backdoor, you first set up a listener on the victim system (IP: 10.1.0.1) set to pipe traffic
from a program, such as the command interpreter, to its handler:
nc -l -p 666 -e cmd.exe"
Comptia Guide
upvoted 9 times
店
店
铺
铺
[Removed]
; 11 months ago
;
学to lie, I am debating whether it is either a backdoor or a rat since both are so similar
学
I'm not going
because both give you access to a
习
习
remote system.
小
小
店
店
upvoted 3 times
66
66
NICKJONRIPPER 10 months ago
"file.sh" is RAT, "backdoor.sh" is backdoor
upvoted 3 times
Sandon 8 months ago
That is incorrect
upvoted 4 times
J_Ark1 10 months, 2 weeks ago
such a comand is not present in the example so hence makes it a R.A.T
upvoted 1 times
rline63
Most Recent
6 days, 10 hours ago
淘宝店铺:https://shop63989109.taobao.com/
I initially thought the second one was rat. I saw someone
mentioning that the second isn't really a trojan because it's not a program masquerading
as something else that is installed without knowing of the malicious intent. I'm not certain but I think the second is backdoor.
upvoted 1 times
llUntameDll 2 months, 3 weeks ago
1. is Logic Bomb
2. is a backdoor (Because the script did not take control of the remote computer but rather initiated a download only. Probably in preparation for
RAT execution)
upvoted 6 times
cvette 3 months, 3 weeks ago
from chatgpt:
In the command output, we can see the use of the nc command with the options -1 -p 31337 -e /bin/bash. This command opens a connection to
a remote server (www.eicar.org), downloads a file (eicar.com.txt), and executes it using the /bin/bash shell. This behavior is typical of a RAT, where
an attacker gains unauthorized remote access to a target system and can execute commands or perform malicious activities.
店
店
铺
铺 access, data theft, or further exploitation.
The RAT allows;
the attacker to control the infected system remotely, potentially leading to unauthorized
;
学
学
upvoted 2 times
习
习
小
小
Kaps443 4 months, 3 weeks ago
店
店
6
66
Logic Bomb and Backdoor
6
The first one is Logic Bomb because of if conditions.
The second one is Backdoor because at the end it says virus downloaded. RAT is a trojan and there is a difference between a virus and a trojan.
And backdoor is created with Viruses or rootkits. So the virus is mentioned here it means its should be a backdoor.
upvoted 4 times
MorganB 4 months, 4 weeks ago
MorganB 0 minutes ago Awaiting moderator approval
Pass my exam 27, April 23. This question was on my test and the answer I picked was Logic Bomb and Backdoor.
upvoted 8 times
NerdAlert 5 months, 3 weeks ago
it was on the test
upvoted 7 times
princajen 5 months, 4 weeks ago
This appears to be a Logic Bomb, which is a type of cyber attack that involves planting malicious code in a program or script that lies dormant
until triggered by a specific event or condition. In this case, the condition is the absence of a user named "john" in the /etc/password file. Once
the condition is met, the logic bomb executes and drops the "production" database. The code is scheduled to run every hour through the crontab,
making it a recurring threat.
The given script seems to be a backdoor as it creates a listening port on the system which allows remote access to the shell through netcat. The
downloaded virus file might contain malicious code that can be executed on the system.
upvoted 1 times
princajen 5 months, 4 weeks ago
The script shown in the command output is not a RAT (Remote Access Trojan) attack, but rather a script that downloads a virus file from a
remote server and prints a message to the user indicating that the virus file has been downloaded. The script listens for incoming connections
on port 31337 and spawns a shell (/bin/bash) for each connection, which could potentially allow an attacker to gain remote access to the
system, but that does not necessarily make it a RAT attack. A RAT typically refers to a specific type of malware that provides a remote attacker
with complete control over an infected system.
upvoted 1 times
stewieameh 6 months, 2 weeks ago
google.com/search?q=nc+-l+-p+313337+-e+%2Fbin%2Fbash%2F&oq=nc+-l+-p+313337+e+%2Fbin%2Fbash%2F&aqs=chrome..69i57.47060j0j15&sourceid=chrome&ie=UTF-8
you might find the link helpful
upvoted 1 times
店
铺
;
店
学
习
小
DJCODING 6 months, 3 weeks ago
店
please explainme which ones are6correct confused reading all these comments !
6
upvoted 3 times
铺
;
学
习
小
店
66
hsdj 7 months, 1 week ago
I looked around the internet and found that 31337 port is associated with trojans and BackOrifice (which is a backdoor hack tool). logic bomb +
backdoor are my options.
upvoted 3 times
rline63 3 weeks, 2 days ago
Good find but 31337 is also associated with a whole suite of trojans. This is a tough question.
upvoted 1 times
Lyeen 9 months, 2 weeks ago
Logic Bomb and Rat
upvoted 4 times
淘宝店铺:https://shop63989109.taobao.com/
pgonza 9 months, 2 weeks ago
1 is Logic Bomb. Whenever some condition must be true for the execution, its a logic bomb.
2 is a backdoor. Netcat can be used to establish backdoor connections to any TCP/UDP port as shown in the command. It is not a RAT because a
trojan has to be a fully function software but with malicious intent. The user has to deliberately install it.
upvoted 4 times
dr_fog 9 months, 4 weeks ago
Logic Bomb and Rat
upvoted 1 times
ahmedhablas 10 months, 2 weeks ago
I think the second one is RAT.
The term “RAT” (Remote Access Tool) can be considered a synonym to “backdoor”, but it usually signifies a full bundle including a client
application meant for installation on the target system, and a server component that allows administration and control of the individual 'bots' or
compromised systems.
upvoted 1 times
店
店
铺
铺
;
;
lift 10 months, 2 weeks ago
学
学
习
习
the first one answer says rootkit BUT isn't it logic bomb?
upvoted 6 times
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
店
66
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #158
After a recent security incident, a security analyst discovered that unnecessary ports were open on a rewall policy for a web server. Which of
the following rewall polices would be MOST secure for a web server?
A.
B.
店
店
铺
铺
;
;
学
学
习
习
小
小
店
店
66
C.
66
D.
Correct Answer: D
stoneface
Highly Voted
1 year ago
D)
Any -> Any -> TCP 80 Allow
Any -> Any -> TCP 443 Allow
Any -> Any -> ANY Deny
Although allowing 80 is not secure, it is the best answer of all
upvoted 39 times
Protract8593 1 month, 4 weeks ago
Option C allows any insecure port, which is not the best configuration for securing a web server.
The correct answer is option D:
[Source Destination Port Action]
Any Any TCP 80 Allow
Any Any TCP 443 Allow
Any Any Any Deny
店
铺
Explanation:
;
店
铺
;
学
学ports for web communication and are
Option D: This policy allows access only to TCP ports 80 (HTTP) and 443 (HTTPS), which are the standard
习
习
considered secure. All 小
other traffic is denied, providing a more secure configuration for a web server.
小
店
店
6
66ports (80 and 443) while
Option D is the most secure firewall
6 policy for a web server because it restricts access to only the necessary and secure
denying all other traffic that could potentially be insecure or unnecessary for web server operations.
upvoted 1 times
banditring 1 year ago
why? if C is saying Deny for port 80?
upvoted 2 times
rline63 3 weeks, 2 days ago
I'm pretty sure the main concern of port 80 is sending sensitive info over cleartext. If you have a server that just contains public info such as
game walkthroughs or something, you might not care if any of that info is sent over cleartext and intercepted. By contrast, having an
insecure protocol such as telnet running will cause issues regardless of what the purpose of your web server is.
upvoted 1 times
NICKJONRIPPER 10 months ago
only deny one 80 insecure port, but allow all other insecure ports, like 23,8080,etc
淘宝店铺:https://shop63989109.taobao.com/
upvoted 2 times
Smeevil 1 year ago
Cause C allows any other traffic in the last line
upvoted 5 times
chael88
Highly Voted
11 months, 3 weeks ago
This one was not in my exam but one very similar. It asked to allow web server, sftp, DHCP but specifically block FTP. The answer was the one with
port 21 blocked.
upvoted 12 times
DriftandLuna
1 month, 3 weeks ago
Most Recent
A, B & C all allow anything to anywhere using any port. Whilst D is not ideal it is the best option
upvoted 1 times
店
店
Tariktarek2016 5 months ago
铺
D is right
upvoted 1 times
铺
;
;
学
学
习
习
scarceanimal 7 months, 小
2 weeks
店 ago
66
D)
小
店
66
implicit deny automatically makes it most secure of the rest imo.
upvoted 4 times
SecurityArt 10 months, 2 weeks ago
It's D
Last line is
Any --> Any --> Any --> Deny
upvoted 3 times
Iphy23 11 months ago
The most correct answer is D
upvoted 2 times
inkedia3 12 months ago
Wrote the exams yesterday and passed. Please pay attention to these PBQs. they were all on the exams. Funny I wasnt paying must attention to
them till about three hours before my exams. Anyway I passed with 785 score... I will say give these questions 90% of your attention and look for
the 10% from other sources...
upvoted 5 times
comeragh 1 year ago
D - I agree with D being the correct answer here
upvoted 1 times
店
店
铺
铺
;
;
学
学
习
习
小
店
66
小
店
66
淘宝店铺:https://shop63989109.taobao.com/
Topic 1
Question #159
A large bank with two geographically dispersed data centers is concerned about major power disruptions at both locations. Every day each
location experiences very brief outages that last for a few seconds. However, during the summer a high risk of intentional brownouts that last up
to an hour exists, particularly at one of the locations near an industrial smelter. Which of the following is the BEST solution to reduce the risk of
data loss?
A. Dual supply
B. Generator
C. UPS
D. POU
店
店
铺
铺
;
;
学
E. Daily backups
学
习
习
小
小
店
店
66
Correct Answer: B
66
Community vote distribution
C (71%)
apata123
Highly Voted
B (26%)
10 months, 3 weeks ago
If ups is not in the option, the answer here is Generator…..I passed my exam and this question appeared but ups wasn’t in the option so I went with
Generator….
upvoted 47 times
Abdul2107 1 month, 2 weeks ago
Q603 is the one you're talking, and yes the answer for Q603 is Generator
https://www.examtopics.com/discussions/comptia/view/115803-exam-sy0-601-topic-1-question-603-discussion/
upvoted 1 times
stoneface
Highly Voted
1 year ago
Selected Answer: C
UPS is the answer, dont get confused by the smelter thing
upvoted 28 times
Thanks_stoneface 7 months, 3 weeks ago
Thanks stoneface
upvoted 6 times
scarceanimal 7 months, 2 weeks ago
>.>!! what!
upvoted 3 times
varun0 1 year ago
Agreed also generator takes time to get up and going.
upvoted 2 times
Grognak 5 months, 1 week ago
店
店
they don't. I worked for a newspaper that had one. there was a switch on the front that tripped when it lost power and it started the
generator. the cut over was almost instantaneous.
upvoted 3 times
铺
铺
;
学
习
minx98
Most Recent
Selected Answer: B
4小
days, 10 hours ago
店
66
;
学
习
小
店
66
the answer is B generator. UPS is not laid for major power distributions
upvoted 1 times
minx98 4 days, 10 hours ago
the answer is B generator. UPS is not laid for major power distributions
upvoted 1 times
odnewl 2 weeks, 5 days ago
Selected Answer: B
I think the key word is "concerned about MAJOR power disruptions at both locations". A up would be fine for the outages that last a few seconds,
but a generator is needed for major ones imo.
upvoted 2 times
odnewl 2 weeks, 4 days ago
I had this exact question on the exam. UPS was淘宝店铺:https://shop63989109.taobao.com/
not an answer, and I answered generator. I passed with an 823. 2 of 3 simulation question were
online. 78 total questions.
upvoted 3 times
gton12 1 month ago
Recently took the test, and ups was not an option.
upvoted 3 times
Protract8593 1 month, 4 weeks ago
Selected Answer: C
A UPS provides backup power to critical systems like data centers during power disruptions, such as brief outages and intentional brownouts.
While generators ca
