100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
OFFICIAL COMPTIA SECURITY EXAM Question and Answers Latest version 2024 A+ . $10.49   Add to cart

Exam (elaborations)

OFFICIAL COMPTIA SECURITY EXAM Question and Answers Latest version 2024 A+ .

 2 views  0 purchase
  • Course
  • OFFICIAL COMPTIA SECURITY
  • Institution
  • OFFICIAL COMPTIA SECURITY

OFFICIAL COMPTIA SECURITY EXAM Question and Answers Latest version 2024 A+ .

Preview 4 out of 56  pages

  • October 9, 2024
  • 56
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • OFFICIAL COMPTIA SECURITY
  • OFFICIAL COMPTIA SECURITY
avatar-seller
KGeorge
OFFICIAL COMPTIA SECURITY EXAM
Question and Answers Latest version
2024 A+
A large enterprise has moved all its data to the cloud behind strong authentication and
encryption. A sales director recently had a laptop stolen, and later enterprise data was
found to have been compromised from a local database. Which of the following was the
MOST likely cause?
A. Shadow IT
B. Credential stuffing
C. SQL injection
D. Man-in-the-browser
E. Bluejacking -Answer- A

An enterprise has hired an outside security firm to conduct penetration testing on its
network and applications. The firm has only been given the documentation available to
the customers of the applications.
Which of the following BEST represents the type of testing that will occur?
A. Bug bounty
B. Black-box
C. Gray-box
D. White-box -Answer- A

A security analyst sees the following log output while reviewing web logs:
[02/Feb2019:03:39:21 -0000] 23.35.212.99 12.59.34.88 - "GET
/uri/input.action?query=%f.. %2f.. %2f..%2fetc%2fpasswrd HTTP/1.0" 80 200 200

[02/Feb2019:03:39:85 -0000] 23.35.212.99 12.59.34.88 - "GET
/uri/input.action?query=/../../../etc/password HTTP/1.0" 80 200 200

Which of the following mitigation strategies would be BEST to prevent this attack from
being successful?
A. Secure cookies
B. Input validation
C. Code signing
D. Stored procedures -Answer- B

A technician needs to prevent data loss in a laboratory. The laboratory is not connected
to any external networks.
Which of the following methods would BEST prevent data? (Select TWO)
A. VPN
B. Drive encryption
C. Network firewall
D. File-level encryption
E. USB blocker
F. MFA -Answer- BE

,Company engineers regularly participate in a public Internet forum with other engineers
throughout the industry.
Which of the following tactics would an attacker MOST likely use in this scenario?
A. Watering-hole attack
B. Credential harvesting
C. Hybrid warfare
D. Pharming -Answer- A

An organization just experienced a major cyberattack modem. The attack was well
coordinated sophisticated and highly skilled.
Which of the following targeted the organization?
A. Shadow IT
B. An insider threat
C. A hacktivist
D. An advanced persistent threat -Answer- D

A company processes highly sensitive data and senior management wants to protect
the sensitive data by utilizing classification labels.
Which of the following access control schemes would be BEST for the company to
implement?
A. Discretionary
B. Rule-based
C. Role-based
D. Mandatory -Answer- D

An organization hired a consultant to assist with an active attack, and the consultant
was able to identify the compromised accounts and computers.
Which of the following is the consultant MOST likely to recommend to prepare for
eradication?
A. Quarantining the compromised accounts and computers, only providing them with
network access
B. Segmenting the compromised accounts and computers into a honeynet so as to not
alert the attackers.
C. Isolating the compromised accounts and computers, cutting off all network and
internet access.
D. Logging off and deleting the compromised accounts and computers to eliminate
attacker access. -Answer- B

A Chief Executive Officer's (CEO) personal information was stolen in a social
engineering attack.
Which of the following sources would reveal if the CEO's personal information is for
sale?
A. Automated information sharing
B. Open-source intelligence
C. The dark web

,D. Vulnerability databases -Answer- C

The following is an administrative control that would be MOST effective to reduce the
occurrence of malware execution?
A. Security awareness training
B. Frequency of NIDS updates
C. Change control procedures
D. EDR reporting cycle -Answer- A

An attacker is attempting to exploit users by creating a fake website with the URL users.
Which of the following social-engineering attacks does this describe?
A. Information elicitation
B. Typo squatting
C. Impersonation
D. Watering-hole attack -Answer- D

The manager who is responsible for a data set has asked a security engineer to apply
encryption to the data on a hard disk.
The security engineer is an example of a:
A. data controller.
B. data owner
C. data custodian.
D. data processor -Answer- D

A security administrator needs to create a RAIS configuration that is focused on high
read speeds and fault tolerance. It is unlikely that multiple drivers will fail
simultaneously.
Which of the following RAID configurations should the administration use?
A. RAID 0
B. RAID 1
C. RAID 5
D. RAID 10 -Answer- D

A company recently set up an e-commerce portal to sell its product online. The
company wants to start accepting credit cards for payment, which requires compliance
with a security standard.
Which of the following standards must the company comply with before accepting credit
cards on its e-commerce platform?
A. PCI DSS
B. ISO 22301
C. ISO 27001
D. NIST CSF -Answer- A

A security administrator checks the table of a network switch, which shows the following
output:
VLAN Physical address Type Port

, 1 001a:42ff:5113 Dynamic GE0/5
1 Ofaa:abcf:ddee Dynamic GE0/5
1 c6a9:6b16:758e Dynamic GE0/5
1 a3aa:b6a3:1212 Dynamic GE0/5
1 8025:2ad8:bfac Dynamic GEO/5
1 b839:f995:a00a Dynamic GEO/5

Which of the following is happening to this switch?
A. MAC Flooding
B. DNS poisoning
C. MAC cloning
D. ARP poisoning -Answer- A

Which of the following organizational policies are MOST likely to detect fraud that is
being conducted by existing employees? (Select TWO).
A. Offboarding
B. Mandatory vacation
C. Job rotation
D. Background checks
E. Separation of duties
F. Acceptable use -Answer- BC

Which of the following will MOST likely adversely impact the operations of unpatched
traditional programmable-logic controllers, running a back-end LAMP server and OT
(operational technology) systems with human-management interfaces that are
accessible over the Internet via a web interface? (Choose two.)
A. Cross-site scripting
B. Data exfiltration
C. Poor system logging
D. Weak encryption
E. SQL injection
F. Server-side request forgery -Answer- DF

A small business just recovered from a ransomware attack against its file servers by
purchasing the decryption keys from the attackers. The issue was triggered by a
phishing email and the IT administrator wants to ensure it does not happen again.
Which of the following should the IT administrator do FIRST after recovery?

in order to prevent future ransomware attack against a file server
A. Scan the NAS (network attached storage) for residual or dormant malware and take
new daily backups that are tested on a frequent basis
B. Restrict administrative privileges and patch ail systems and applications.
C. Rebuild all workstations and install new antivirus software
D. Implement application whitelisting and perform user application hardening -Answer-
A

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller KGeorge. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $10.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

77254 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$10.49
  • (0)
  Add to cart