CompTIA CySA+ (CS0-002) Exam Simulator #1

Question 1 of 100

1. Question

An organization is reviewing its data types and is trying to determine which type of data should be classified as Restricted. Which of the following data types should be classified as Restricted?

Employee names and job titles
Company policies and procedures
Customer email addresses
Intellectual property

Question 2 of 100

2. Question

A company wants to establish a data classification policy. Which of the following data types should be classified as Confidential?

Customer email addresses
Marketing brochures
Publicly available press releases
Financial statements that contain PII

Question 3 of 100

3. Question

An organization is developing a data retention policy for its customer database. Which of the following is the BEST approach for determining the retention period for this data?

Keep the data indefinitely
Determine the retention period based on the age of the data
Determine the retention period based on the type of data
Determine the retention period based on the data owner's preference

Question 4 of 100

4. Question

An organization is conducting a review of its data retention policy. Which of the following is the primary reason for establishing a retention policy?

To ensure that data is kept indefinitely
To determine which data should be destroyed and when
To store all data on high-capacity storage devices
To prevent unauthorized access to sensitive data

Question 5 of 100

5. Question

What is the purpose of establishing ownership of data in an organization?

To allocate budget resources for data storage
To determine who has access to the data
To assign legal responsibility for the data
To improve the performance of data systems

Question 6 of 100

6. Question

In a company, who is responsible for ensuring the ownership of data and the protection of sensitive information?

The IT department
The legal department
The HR department
The marketing department

Question 7 of 100

7. Question

A company has classified its data into three categories: public, confidential, and highly confidential. Which of the following is an appropriate non-technical control that can be implemented for the confidential data category?

Implementing two-factor authentication for all users who access confidential data
Storing confidential data on a server that is not connected to the internet
Allowing access to confidential data only to users who have a legitimate business need
Encrypting confidential data using a strong encryption algorithm

Question 8 of 100

8. Question

A company handles sensitive data related to its clients and has recently experienced data breaches. To address this issue, the company has decided to classify its data. What is the primary goal of data classification?

To ensure that only authorized personnel have access to sensitive data
To encrypt all sensitive data to protect it from theft
To maintain the confidentiality, integrity, and availability of sensitive data
To ensure that sensitive data is only accessed by authorized personnel in secure locations

Question 9 of 100

9. Question

A company has recently implemented a new security system that monitors employee internet activity to prevent data breaches. Some employees are concerned that this system may violate their privacy rights. What should the company do to address these concerns?

Inform employees that the security system is necessary to prevent data breaches and ignore their concerns
Explain to employees how the security system works and why it is necessary to protect sensitive data
Promise employees that their internet activity will not be monitored
Terminate employees who express concerns about the security system

Question 10 of 100

10. Question

A company is facing a security breach that could potentially compromise sensitive customer information. The incident response team has suggested implementing a security measure that involves collecting additional personal data from customers to identify potential fraudulent activity. However, the legal team is concerned about violating privacy laws. What should the company do in this situation?

Implement the security measure to prevent the breach, even if it means violating privacy laws
Consult with legal counsel to ensure the security measure is in compliance with privacy laws
Ignore the potential breach and focus on protecting customer privacy
Refuse to implement the security measure to protect customer privacy

Question 11 of 100

11. Question

A company has suffered a cyber attack and has identified that sensitive customer data has been breached. The company decides to contact law enforcement to assist with the investigation. Which of the following is a reason why involving law enforcement in the incident response process is important?

Law enforcement can provide technical support to restore the affected systems and data
Law enforcement can advise the company on the appropriate legal response and steps to take
Law enforcement can provide public relations support and mitigate damage to the company's reputation
Law enforcement can assist with internal communication and coordination of the response effort

Question 12 of 100

12. Question

During an incident response, a company is working to coordinate its response efforts across multiple internal teams and departments, as well as external entities. Which of the following is the most important reason for coordinating response efforts across internal and external entities?

To prevent the inadvertent release of information
To ensure consistent communication and response actions
To access additional expertise and resources
To comply with regulatory requirements

Question 13 of 100

13. Question

In the event of a security incident, a company decides to activate its incident response plan. The plan includes coordinating with external entities such as law enforcement and regulatory bodies. What is the primary reason for including external entities in the incident response plan?

To limit communication to trusted parties
To disclose based on regulatory/legislative requirements
To prevent the inadvertent release of information
To access additional expertise and resources

Question 14 of 100

14. Question

A company has suffered a data breach that has received significant media attention. The incident response team is coordinating with various entities to manage the situation. Which of the following is the primary reason for coordinating with the public relations (PR) department?

To ensure that the company's senior management is informed of the breach
To provide regular updates to the media and public about the incident
To conduct a post-incident review and identify lessons learned
To obtain legal advice on the potential liabilities arising from the breach

Question 15 of 100

15. Question

A security incident has occurred in an organization, and the incident response team needs to coordinate with human resources to investigate the incident. Which of the following is the most important reason for involving human resources in the incident response process?

To determine the root cause of the incident
To identify the individuals involved in the incident
To assess the impact of the incident on the organization's personnel
To provide technical expertise to contain the incident

Question 16 of 100

16. Question

An organization has experienced a security incident, and the incident response team needs to coordinate with the human resources department to investigate the incident. What is the primary reason for involving human resources in the incident response process?

To help contain the incident and prevent further damage
To ensure compliance with regulatory requirements
To determine the scope and extent of the incident
To provide guidance on legal and ethical issues

Question 17 of 100

17. Question

During a routine security audit, an organization discovers that an attacker gained unauthorized access to their network and exfiltrated sensitive data. The incident response team is notified and begins to investigate the incident. They identify that the attacker was able to exploit a vulnerability in a third-party software used by the organization. The incident response team determines that they need to involve legal counsel to evaluate potential liability and regulatory requirements. Which of the following is the primary reason for involving legal counsel in this incident response process?

To assist in the technical analysis of the incident
To determine the root cause of the incident
To evaluate potential liability and regulatory requirements
To coordinate with law enforcement agencies

Question 18 of 100

18. Question

A small business experiences a cyber attack and must notify its customers of a potential data breach. As part of the communication plan, which of the following is important to consider when drafting the notification?

Include technical details of the attack
Downplay the severity of the breach to avoid customer panic
Provide clear and concise instructions for customers to take action
Share the details of the company's insurance coverage

Question 19 of 100

19. Question

A company is hit by a ransomware attack, and the incident response team is activated. As part of the communication plan, the team needs to report to the company’s executives and board members. Which of the following should be included in the report?

Details of the company's security vulnerabilities
Timeline of the attack and incident response actions taken
Personal opinions on the cause of the attack
Names of individuals responsible for the attack

Question 20 of 100

20. Question

A company’s incident response team is handling a critical security breach. During the investigation, it is discovered that the attackers gained access to sensitive information, including employee personal information. What is the importance of using a secure method of communication during the incident response?

It helps to limit communication to trusted parties
It helps to prevent the inadvertent release of information
It ensures that communication is disclosed based on regulatory/legislative requirements
It ensures that sensitive information is not intercepted by unauthorized parties

Question 21 of 100

21. Question

A company is required to report any data breaches that involve sensitive customer information to regulatory authorities. What action should the incident response team take to ensure compliance with regulatory/legislative requirements as part of the communication plan?

Notify all customers about the incident immediately
Notify the regulatory authorities and affected customers within a specified timeframe
Share information about the incident with the media to maintain transparency
Consult with legal counsel before notifying anyone about the incident

Question 22 of 100

22. Question

A security incident has occurred in an organization, and the incident response team is working to resolve the issue. During the investigation, it is found that the incident is limited to a specific group of employees who had access to a particular system. What should be the FIRST step taken by the incident response team with respect to the communication plan in this scenario?

Notify all employees of the organization
Limit communication to only those employees who have access to the affected system
Disclose the incident to external parties such as customers and vendors
Wait for further information before disclosing the incident

Question 23 of 100

23. Question

In an organization, a security incident has occurred that involves a data breach that contains personally identifiable information (PII) of customers. The organization is subject to regulatory requirements that mandate the disclosure of such incidents. What should be the FIRST step taken by the incident response team with respect to the communication plan in this scenario?

Notify the media immediately to ensure transparency
Disclose the incident to all employees of the organization
Review the regulatory requirements for disclosure and determine who should be notified
Wait for confirmation before disclosing the incident

Question 24 of 100

24. Question

During an incident response process, why is it important to limit communication to trusted parties only?

To ensure that the incident response team has all the necessary resources
To prevent unauthorized access to sensitive information
To inform all employees about the current situation
To expedite the incident response process

Question 25 of 100

25. Question

In the event of a cyberattack, which of the following is the BEST communication plan to minimize the risk of further damage?

Immediately inform all employees in the company
Only inform the senior management
Limit communication to trusted parties only
Send out a company-wide email informing all employees to not access any company systems

Question 26 of 100

26. Question

You are a security analyst for a large retail company, and you have been tasked with analyzing the event logs for the company’s point-of-sale (POS) system. After reviewing the logs, you notice several failed login attempts and a sudden spike in sales at an unusual time. What type of attack may be occurring based on this data analysis?

Brute force attack
Denial of Service (DoS) attack
Social engineering attack
Phishing attack

Question 27 of 100

27. Question

A security analyst is reviewing a packet capture to investigate a potential malware infection. They notice that some of the traffic is using an unusual protocol that they do not recognize. Which of the following steps should the analyst take to investigate the protocol?

Check if the protocol is part of the normal network traffic
Search online for information about the protocol
Check if the protocol is related to a known vulnerability or exploit
All of the above

Question 28 of 100

28. Question

A security analyst is investigating a network incident where a large volume of network traffic is generated by a single IP address. The analyst needs to determine the type of traffic and the associated ports. Which of the following techniques will the analyst use to analyze the network traffic?

DNS analysis
URL analysis
Flow analysis
Packet analysis

Question 29 of 100

29. Question

A security analyst is investigating a network incident where an unknown device is communicating with an external IP address. The analyst needs to identify the source IP address, destination IP address, port number, and protocol. Which of the following techniques will the analyst use to analyze the network traffic?

DNS analysis
URL analysis
Flow analysis
Packet analysis

Question 30 of 100

30. Question

A security team is investigating an incident in which an employee’s workstation was compromised with malware. During analysis, the team discovers that the malware was downloaded from a particular domain name. Which of the following steps should the team take to help prevent future incidents?

Block the domain on the organization's firewall
Alert other employees to the incident and remind them of best security practices
Reimage the affected workstation and restore it from a known good backup
Monitor network traffic for connections to the malicious domain

Question 31 of 100

31. Question

A security analyst is tasked with monitoring the network traffic of an organization. During analysis, the analyst notices a large number of DNS requests being made to a suspicious URL. Which of the following actions should the analyst take FIRST to further investigate this activity?

Block the suspicious URL on the organization's firewall
Look up the WHOIS information for the suspicious URL
Perform a packet capture of the traffic to and from the suspicious URL
Reboot the affected endpoint to clear any potential malware

Question 32 of 100

32. Question

A security analyst is tasked with analyzing endpoint user behavior to identify any suspicious activity. Which of the following UEBA techniques would be MOST useful in this scenario?

Baseline profiling
Whitelisting
Blacklisting
Antivirus scanning

Question 33 of 100

33. Question

A company has noticed an unusual spike in outbound network traffic from a user’s endpoint. The IT security team suspects that the user’s computer may be compromised with a rootkit malware that has evaded traditional antivirus software. As part of the investigation, the team analyzes the system and application behavior to determine any exploit techniques used by the malware. Which of the following data points should they look for to identify exploit techniques?

Network connections initiated by the user
Changes to system files and directories
New services running on the endpoint
Memory usage patterns

Question 34 of 100

34. Question

A security analyst is analyzing endpoint data and notices a suspicious process attempting to execute a buffer overflow attack. The analyst suspects that the process may be trying to exploit a vulnerability in the system. Which of the following exploit techniques is the process MOST likely attempting to use?

SQL injection
Cross-site scripting
Format string attack
Return-oriented programming

Question 35 of 100

35. Question

A company has implemented a security monitoring solution that collects endpoint data from across the organization’s network. The system generates alerts for anomalous behavior that deviates from a baseline of known-good behavior. An alert is generated for a user who is attempting to access files outside their normal working hours. Which of the following actions should be taken in response to the alert?

Ignore the alert as the user may be working on a critical task outside of their normal working hours
Immediately block the user's access to the network and investigate the alert further
Review the user's activity and compare it to their baseline of known-good behavior to determine if the activity is truly anomalous
Contact the user and ask them to explain their activity to determine if it is legitimate

Question 36 of 100

36. Question

A security analyst is tasked with monitoring an organization’s endpoints for any suspicious activity. The analyst notices that a system is exhibiting unusual behavior, and upon further investigation, determines that it is the result of a newly installed software. Which of the following techniques can the analyst use to identify known-good behavior of the new software?

Conduct memory analysis to determine if the software is malicious
Run a vulnerability scanner to identify potential security flaws in the software
Perform behavioral analysis to determine what the software is designed to do
Use a sandbox environment to observe the software's behavior

Question 37 of 100

37. Question

A security analyst is analyzing a memory dump from an endpoint that was compromised in a recent cyber attack. The analyst suspects that the attacker may have loaded malicious code into memory. Which of the following memory analysis techniques would be the MOST appropriate to determine if this is the case?

Signature-based analysis
YARA rule-based analysis
Behavioral-based analysis
Static analysis

Question 38 of 100

38. Question

A security analyst has discovered a new type of malware on an endpoint. After performing some initial analysis, the analyst has decided to perform reverse engineering on the malware to gather additional information. Which of the following is a potential benefit of reverse engineering in this scenario?

Identifying the malware author's identity
Determining the malware's command and control server
Restoring files encrypted by the malware
Identifying the malware's installation directory

Question 39 of 100

39. Question

You are a security analyst for a financial institution and are analyzing log data to identify any trends or anomalies that could indicate a security breach. After analyzing the logs, you notice a sudden increase in outbound network traffic from a specific workstation. What type of analysis are you performing?

Predictive analysis
Trend analysis
Descriptive analysis
Diagnostic analysis

Question 40 of 100

40. Question

A security analyst is analyzing a log file and notices an unusual pattern of failed login attempts to an employee’s account. Upon further investigation, the analyst discovers that the employee’s credentials have been compromised. Which of the following BEST describes the analysis technique used in this scenario?

Signature-based detection
Behavioral analytics
Heuristics
Anomaly detection

Question 41 of 100

41. Question

A company is implementing a new SaaS application that will be used by all employees. The IT team is concerned about the potential security risks of employees using weak passwords or sharing their credentials with others. What is the BEST solution to mitigate these risks?

Implement single sign-on (SSO) authentication for the SaaS application
Enforce password complexity rules for the SaaS application
Implement a password manager for employees to securely store their passwords
Use two-factor authentication for the SaaS application

Question 42 of 100

42. Question

A company wants to implement stronger security measures to protect its sensitive data. The IT team has suggested implementing multifactor authentication (MFA) for all employees accessing company systems remotely. Which of the following is the BEST reason to implement MFA in this scenario?

MFA simplifies the login process for employees
MFA reduces the risk of unauthorized access
MFA increases the network speed and efficiency
MFA allows employees to use weak passwords

Question 43 of 100

43. Question

A company has adopted a container orchestration tool for its application infrastructure. The security team is concerned about the risk of unauthorized access to sensitive data stored in the containers. Which of the following security controls should be implemented to mitigate this risk?

Implement data encryption for containers
Configure strict role-based access control policies for container orchestration
Enforce regular password rotation for container images
Implement container network segmentation

Question 44 of 100

44. Question

A company is planning to migrate its existing applications to a containerized environment to improve scalability and deployment speed. Which of the following security controls should be implemented to mitigate the risk of container breakout attacks?

Implement network segmentation between containers
Configure strong access control policies for container images
Enforce regular container image scanning for vulnerabilities
Implement secure communication between containers

Question 45 of 100

45. Question

A company has recently adopted a serverless architecture for its applications. The company wants to ensure that it has visibility and control over its cloud resources. Which of the following tools can help achieve this goal?

Virtual private network (VPN)
Network intrusion detection system (NIDS)
Cloud access security broker (CASB)
Security information and event management (SIEM)

Question 46 of 100

46. Question

A company has decided to move its IT infrastructure to a virtual private cloud (VPC) to reduce costs and improve flexibility. As a security analyst, which of the following is the BEST control to implement to secure the VPC?

Configure network access control lists (ACLs) to restrict inbound and outbound traffic
Implement intrusion detection and prevention systems (IDPS) to monitor network traffic
Install antivirus software on all virtual machines (VMs) in the VPC
Require multi-factor authentication (MFA) for all users accessing the VPC

Question 47 of 100

47. Question

A company wants to implement a new network architecture that allows for greater agility and scalability, while also providing more robust security measures. The IT team has proposed a software-defined networking (SDN) solution. Which of the following is a security benefit of SDN?

Hardware-based firewalls can be more easily managed
Network traffic is better optimized for faster speeds
Security policies can be more easily enforced across the network
It is easier to detect and respond to security breaches

Question 48 of 100

48. Question

In order to secure its network, a company has decided to implement a jumpbox. Which of the following is a benefit of using a jumpbox for segmentation?

It reduces the attack surface by limiting direct access to sensitive resources
It provides an additional layer of encryption for data transmission
It ensures that all network traffic passes through a single point of entry
It improves network performance by distributing processing power across multiple servers

Question 49 of 100

49. Question

A company wants to ensure the security of its network infrastructure. The company has multiple offices, and each office is connected to the internet through a dedicated leased line. The company’s IT team wants to implement security controls to protect against unauthorized access, network attacks, and other threats. Which of the following is the BEST solution to implement for physical network security?

Implement firewalls at each office location
Implement intrusion detection and prevention systems at each office location
Implement physical access controls at each office location
Implement virtual private networks (VPNs) at each office location

Question 50 of 100

50. Question

A company has a large number of virtual machines running on a single physical server. They are concerned about security risks associated with having all of the virtual machines on the same network segment. Which of the following solutions would be the BEST to implement for this scenario?

VLANs
VPN
VPC
VRF

Question 51 of 100

51. Question

A company wants to improve the security of its cloud-based infrastructure. They currently have multiple departments that use the same cloud environment, and they want to make sure that each department can only access the resources that they are authorized to use. Which of the following solutions would be the BEST to implement for this scenario?

VLANs
VPC
VPN
VRF

Question 52 of 100

52. Question

A company wants to limit the impact of a security breach in the event that an attacker gains access to their network. Which of the following physical segmentation techniques would be the MOST appropriate?

Using VPNs to securely connect remote workers to the company network
Deploying a DMZ to separate external-facing servers from internal servers
Implementing VLANs to separate network traffic from different departments
Setting up an air gap between sensitive servers and the public network

Question 53 of 100

53. Question

In a large data center, a security administrator wants to reduce the risk of unauthorized access to sensitive data by implementing physical segmentation. Which of the following would be the most effective solution?

Deploying virtual firewalls to restrict traffic between different virtual machines
Using VLANs to logically separate network traffic from different departments
Separating servers that process sensitive data from other servers using different physical switches
Creating a separate administrative network to control access to management interfaces.

Question 54 of 100

54. Question

A small business is concerned about the risk of asset theft and wants to implement a security solution that can help identify stolen assets. Which security solution would be MOST effective for this purpose?

Encryption
Asset tagging
Access control
Intrusion detection

Question 55 of 100

55. Question

A company is considering moving its IT infrastructure to the cloud to improve flexibility and scalability. Which of the following security solutions should they consider to address the risks of cloud infrastructure management compared to on-premises?

Implementing a robust Identity and Access Management (IAM) solution
Regularly patching and updating software and firmware
Implementing a physical security perimeter around the cloud data center
Restricting all access to the cloud to trusted internal employees only

Question 56 of 100

56. Question

A security analyst has received an alert that a user account has been compromised and the attacker is attempting to escalate privileges on the network. What stage of the Kill chain is this activity associated with?

Reconnaissance
Weaponization
Delivery
Exploitation

Question 57 of 100

57. Question

A security analyst has identified an intrusion in the organization’s network. The analyst wants to understand the attacker’s tactics, techniques, and procedures (TTPs) to improve their defense strategy. Which attack framework should the analyst use to analyze the intrusion and identify the TTPs?

NIST Cybersecurity Framework
The Diamond Model of Intrusion Analysis
The Cyber Kill Chain
MITRE ATT&CK

Question 58 of 100

58. Question

In a recent security incident, your organization detected a suspicious process running on several endpoints. To determine if this is an actual threat, you decide to use MITRE ATT&CK to research potential attack techniques. Which MITRE ATT&CK tactic should you focus on to gain insight into how the threat actor might have gained a foothold in your environment?

Persistence
Discovery
Privilege escalation
Initial access

Question 59 of 100

59. Question

A government agency is looking to improve its threat intelligence capabilities. Which of the following would be the best way to leverage an information-sharing and analysis community (ISAC)?

Join a cross-industry ISAC to get a wide range of intelligence information
Create a new ISAC that is specifically tailored to the government agency's needs
Partner with a cybersecurity vendor to get access to their threat intelligence feeds
Hire additional personnel to conduct research and analysis on threats

Question 60 of 100

60. Question

A small financial services firm is considering joining an information-sharing and analysis organization (ISAO) for the first time. The CEO is hesitant because of concerns about sharing sensitive information with other organizations. Which of the following is a key benefit of ISAO membership that could address these concerns?

Access to real-time monitoring of the firm's network
Increased compliance with industry regulations
Anonymity when sharing threat data
Reduction in cyber insurance premiums

Question 61 of 100

61. Question

A healthcare organization is considering joining an information-sharing and analysis community (ISAC) for the healthcare industry. Which of the following is a potential benefit of participating in an ISAC?

Reduced regulatory requirements
Increased insurance premiums
Improved access to threat intelligence and best practices
Increased vulnerability to cyber attacks

Question 62 of 100

62. Question

A group of attackers has compromised the email accounts of several prominent politicians and released sensitive information to the public. The attackers claim to be motivated by a desire to expose corruption and promote transparency in government. Which type of threat actor is this an example of?

Cybercriminals
Nation-state actors
Hacktivists
Insiders

Question 63 of 100

63. Question

A government agency has identified a sophisticated cyber attack that is targeting a specific department. The attackers have used custom malware and techniques that are consistent with previous attacks attributed to a particular country. Which type of threat actor is this an example of?

Cybercriminals
Hacktivists
Nation-state actors
Insiders

Question 64 of 100

64. Question

A security team has discovered that an attacker has been infiltrating the network for several months, conducting reconnaissance, and exfiltrating sensitive data. Which type of threat is this an example of?

Insider threat
Zero-day threat
Advanced persistent threat
Known threat

Question 65 of 100

65. Question

A security team has identified a new vulnerability in a critical system that is being actively exploited by attackers. The vulnerability was previously unknown and there is no known patch or workaround. Which type of threat is this an example of?

Insider threat
Zero-day threat
Known threat
Advanced persistent threat

Question 66 of 100

66. Question

A security team is analyzing a new threat that has been discovered on the network. The team has identified that the threat is using a known exploit to gain access to the network. Which type of threat is this an example of?

Insider threat
Zero-day threat
Known threat
Advanced persistent threat

Question 67 of 100

67. Question

A security analyst is investigating a cyber attack on a company’s network. The analyst needs to gather intelligence about the indicators of compromise used in the attack. Which structured format for sharing information about indicators of compromise and malware behavior uses a simple XML schema and is compatible with other cybersecurity tools?

Structured Threat Information eXpression (STIX)
Open Source Intelligence (OSINT)
OpenIOC
Trusted Automated eXchange of Indicator Information (TAXII)

Question 68 of 100

68. Question

A security team is investigating a data breach that occurred on the company’s network. The team needs to gather intelligence about the malware that was used in the attack. Which threat intelligence source should the team use to obtain TAXII-formatted intelligence about the malware?

Security event logs
Malware analysis reports
Industry reports
Threat intelligence feeds

Question 69 of 100

69. Question

A security team is trying to share information about a new type of malware with other organizations in their industry. The team wants to use a standardized format to share the information. Which threat intelligence sharing format should the team use?

Security Content Automation Protocol (SCAP)
Structured Threat Information eXpression (STIX)
Trusted Automated eXchange of Indicator Information (TAXII)
OpenIOC

Question 70 of 100

70. Question

A security analyst is investigating a series of attacks that appear to be targeting the company’s financial systems. The analyst needs to gather intelligence about the threat actors and their capabilities. Which intelligence source should the analyst use to obtain information with a high confidence level?

Social media platforms
Industry reports
Law enforcement reports
Incident response reports

Question 71 of 100

71. Question

A security analyst is investigating a series of phishing attacks targeting the company’s employees. The analyst needs to gather intelligence about the tactics and the threat actors behind the attacks. Which intelligence source should the analyst use to obtain relevant information about the attacks?

Security event logs
Industry reports
Social media platforms
Phishing simulation reports

Question 72 of 100

72. Question

A security analyst is investigating a cyber attack that took place on the company’s network over the weekend. The analyst needs to gather intelligence about the attack and the threat actors behind it. Which intelligence source should the analyst use to obtain timely information about the attack?

Historical data
Incident response reports
News sources
Threat intelligence feeds

Question 73 of 100

73. Question

A security analyst is investigating a series of cyber attacks targeting the company’s email servers. The analyst needs to gather intelligence about the attack tactics and the threat actors behind the attacks. Which open-source intelligence (OSINT) source can the analyst use to obtain this information?

Security event logs
Employee access logs
Threat intelligence feeds
Dark web forums

Question 74 of 100

74. Question

A penetration tester is analyzing the output from a web server’s access logs and notices that there is a high volume of requests for a specific URL that does not exist. What could this indicate?

The web server is misconfigured
The web server is under a distributed denial-of-service (DDoS) attack
The web server is being probed for vulnerabilities
The web server is functioning normally

Question 75 of 100

75. Question

You are a penetration tester planning a project for a client. You need to select a framework for the project. Which of the following frameworks provides guidance for a comprehensive penetration testing process and is designed to be flexible and customizable to meet the needs of the tester and client?

Open Web Application Security Project (OWASP)
National Institute of Standards and Technology (NIST) Cybersecurity Framework
Penetration Testing Framework (PTF)
Penetration Testing Execution Standard (PTES)

Question 76 of 100

76. Question

You are a penetration tester hired to perform a penetration test on an organization’s network. You have identified the target assets and set the boundaries of the testing. However, as you progress through the testing, you notice that new assets and systems keep getting added, which results in a lack of focus on the original objectives. What is this called?

Non-disclosure agreement
Rules of engagement
Scope creep
Escalation path

Question 77 of 100

77. Question

A company is considering outsourcing some of its IT operations to a third-party provider. The provider has offered a master service agreement (MSA) for the company to review. Which of the following best describes the purpose of an MSA in this context?

To outline the specific services the provider will offer
To define the roles and responsibilities of both the company and the provider
To establish the price and payment terms for the services
To ensure that the provider will comply with all applicable laws and regulations

Question 78 of 100

78. Question

Which of the following types of disaster recovery sites enables a company to quickly resume normal business operations in the event of a disaster?

Warm Site
Hot Site
Cold Site
Normal Site

Question 79 of 100

79. Question

Your company has just suffered a natural disaster and you need to ensure that business operations can continue without interruption. Which of the following would you rely on to accomplish this task?

Single loss expectancy (SLE)
Annualized loss expectancy (ALE)
Annualized rate of occurrence (ARO)
Business continuity plan

Question 80 of 100

80. Question

Which of the following resources can help you identify web application vulnerabilities and ensure the security of your web application?

The National Institute of Standards and Technology (NIST)
The Open Web Application Security Project (OWASP)
The Common Vulnerability Scoring System (CVSS)
The Information Systems Security Association (ISSA)

Question 81 of 100

81. Question

You have been tasked with implementing a solution to detect and gather information on unauthorized access attempts on the company’s network. Which of the following techniques would you implement to meet this requirement in the most cost-effective manner?

Honeyfile
Honeypots
DNS Sinkholing
Honeynet

Question 82 of 100

82. Question

An organization has recently been the victim of a cyber attack where an attacker was able to compromise a software vendor’s update server and distribute malware through software updates. As the IT security administrator for the organization, you have been tasked with identifying the type of attack that occurred. Which of the following types of attacks BEST describes the scenario described above?

Skimming
Remote Access Trojan
Command and control
Supply-chain attack

Question 83 of 100

83. Question

Which of the following solutions enables your application to communicate with an external service by utilizing straightforward commands, thereby eliminating the need for complex processes to be developed in-house?

Thin Client
API
Microservice
Containers

Question 84 of 100

84. Question

A large retail company is looking to move its customer data to a cloud-based storage solution for better scalability and cost-effectiveness. They are concerned about the security of their customer data in the cloud. Which of the following solutions would be most appropriate for this company to ensure the security of its customer data in the cloud?

Cloud access security broker
Hashing
Hardware security modules
SSL/TLS inspection

Question 85 of 100

85. Question

Which of the following solutions would you implement to enhance the security of your company’s local area network (LAN) while ensuring that external-facing servers such as the web server, mail server, and FTP server remain accessible from the internet, while the rest of the internal LAN remains protected?

VLAN
VPN
DMZ
DNS

Question 86 of 100

86. Question

As a penetration tester, you have been hired to test the security of a company’s web application. Which of the following should be established before you begin the testing?

System architecture
Scope creep
Rules of engagement
Network topology

Question 87 of 100

87. Question

Which of the following cybersecurity testing exercise teams is known for its ability to perform both offensive and defensive tactics?

Red team
Blue team
White team
Purple team

Question 88 of 100

88. Question

What type of attack involves an individual utilizing a compromised user account to gain unauthorized access to elevated privileges on a network?

Cross-site scripting
Directory traversal
Privilege escalation
Buffer overflow

Question 89 of 100

89. Question

Which of the following injection attacks enables an attacker to disrupt the queries that an application conducts with its database?

DLL Injection
SQL injection
LDAP Injection
XML Injection

Question 90 of 100

90. Question

A company provides cloud-based storage solutions to its clients. The company wants to ensure that its clients receive the level of service they expect and are paying for. Which of the following agreements would be the MOST appropriate to establish the company’s commitment to its clients regarding the quality of service they receive?

Service level agreement (SLA)
End of life (EOL)
Memorandum of understanding (MOU)
Non-Disclosure Agreement (NDA)

Question 91 of 100

91. Question

In order to ensure comprehensive security monitoring and analysis of all network activities within your organization, you have been tasked with implementing a solution that centralizes the recording of events. Which of the following security measures would you implement to fulfill this requirement?

Next-generation firewall (NGFW)
Endpoint detection and response (EDR)
Anti-malware
Antivirus

Question 92 of 100

92. Question

In the context of vulnerability management, which of the following is an example of a true negative?

A vulnerability scanner flags a system as vulnerable, and upon further inspection, it is found that the system is indeed vulnerable
A vulnerability scanner flags a system as vulnerable, but after manual testing, it is found that the system is not actually vulnerable
A system is scanned and found to be secure, with no vulnerabilities detected
A system is scanned and returns an error, and the scanner reports that it was unable to determine the vulnerability status of the system

Question 93 of 100

93. Question

A vulnerability scanning tool has identified a potential vulnerability in a server that hosts a critical application. The IT team responsible for managing the server has conducted a thorough investigation and determined that the identified vulnerability does not exist on the server. Which of the following best describes this situation?

False positive
True positive
False negative
True negative

Question 94 of 100

94. Question

You are conducting a vulnerability scan of your organization’s network and come across a potential vulnerability in a web application that could lead to unauthorized access. You decide to investigate the issue further and perform a manual penetration test, which confirms the presence of the vulnerability. What type of result is this considered?

False positive
True positive
False negative
True negative

Question 95 of 100

95. Question

A security analyst is tasked with identifying vulnerabilities in a company’s network infrastructure. Which of the following activities involves mapping/enumeration to discover vulnerable systems?

Protocol analysis
Port scanning
Vulnerability scanning
Fuzz testing

Question 96 of 100

96. Question

Which of the following is a disadvantage of active scanning for vulnerability identification?

It generates false positives
It requires more bandwidth
It is not as thorough as passive scanning
It cannot detect zero-day vulnerabilities

Question 97 of 100

97. Question

In which of the following scenarios is passive scanning preferred over active scanning for vulnerability identification?

When you need to identify vulnerabilities on a large number of systems in a short time
When you need to find vulnerabilities that only appear when a system is under load
When you want to collect data on network traffic and system performance
When you need to test the effectiveness of a new security control

Question 98 of 100

98. Question

In a large organization, the security operations center (SOC) team is responsible for monitoring the network and detecting potential threats. A security analyst has identified a suspicious IP address that is attempting to connect to a database server. The analyst uses threat intelligence to further investigate this IP address and discovers that it has been linked to several successful attacks against financial institutions in the past. What is the next step the analyst SHOULD take to support the detection and monitoring function?

Alert the incident response team to perform a full investigation of the network
Implement network segmentation to prevent the suspicious IP address from accessing critical systems
Add the IP address to the organization's blacklist and block all traffic from it
Share the threat intelligence with the SOC team to enhance their monitoring capabilities

Question 99 of 100

99. Question

A company has implemented a vulnerability management program and is using threat intelligence to identify potential threats. Which of the following is an example of utilizing threat intelligence to support vulnerability management?

Sharing threat intelligence with industry partners
Performing penetration testing to identify vulnerabilities
Using threat intelligence to create attack scenarios
Analyzing malware for malicious code

Question 100 of 100

100. Question

Which of the following is an example of threat intelligence that can be used in incident response?

Employee performance reports
Firewall logs
Social media activity
Customer purchase history