A company has drafted an insider-threat policy that prohibits the use of external storage devices. Which of the following would BEST protect the company from data exfiltration via removable media?

Blocking removable-media devices and write capabilities using a host-based security tool

Monitoring large data transfer transactions in the firewall logs

Developing mandatory training to educate employees about the removable media policy

Implementing a group policy to block user access to system files

To secure an application after a large data breach, an e-commerce site will be resetting all users' credentials. Which of the following will BEST ensure the site's users are not compromised after the reset?

Encrypted credentials in transit

Account lockout after three failed attempts

A geofencing policy based on login history

An organization has implemented a policy requiring the use of conductive metal lockboxes for personal electronic devices outside of a secure research lab. Which of the following did the organization determine to be the GREATEST risk to intellectual property when creating this Policy ?

Data exfiltration over a mobile hotspot

The theft of portable electronic devices

Geotagging in the metadata of images

A security analyst is using a recently released security advisory to review historical logs, looking for the specific activity that was outlined in the advisory. Which of the following is the analyst doing?

Credentialed vulnerability scanning

A commercial cyber-threat intelligence organization observes loCs across a variety of unrelated customers. Prior to releasing specific threat intelligence to other paid subscribers, the organization is MOST likely obligated by contracts to:

anonymize any PII that is observed within the loC data.

perform attribution to specific APTs and nation-state actors.

add metadata to track the utilization of threat intelligence reports.

assist companies with impact assessments based on the observed data.

While checking logs, a security engineer notices a number of end users suddenly downloading files with the tar.g extension. Closer examination of the files reveals they are PE32 files. The end users state they did not initiate any of the downloads. Further investigation reveals the end users all clicked on an external email containing an infected MHT file with an href link a week prior. Which of the following is MOST likely occurring?

A RAT was installed and is transferring additional exploit tools.

The workstations are beaconing to a command-and-control server.

A logic bomb was executed and is responsible for the data transfers.

A fireless virus is spreading in the local network environment.

Which of the following is the purpose of a risk register?

To identify the risk, the risk owner, and the risk measures

To define the level or risk using probability and likelihood

To register the risk with the required regulatory agencies

To formally log the type of risk mitigation strategy the organization is using

A Chief Security Officer (CSO) is concerned about the amount of PlI that is stored locally on each salesperson's laptop. The sales department has a higher-than-average rate of lost equipment. Which of the following recommendations would BEST address the SO's concern?

Replace all hard drives with SEDs.

Install DLP agents on each laptop.

A recently discovered zero-day exploit utilizes an unknown vulnerability in the SMB network protocol to rapidly infect computers. Once infected, computers are encrypted and held for ransom. Which of the following would BEST prevent this attack from reoccurring?

Configure the perimeter firewall to deny inbound external connections to SMB ports.

Ensure endpoint detection and response systems are alerting on suspicious SMB connections.

Deny unauthenticated users access to shared network folders.

Verify computers are set to install monthly operating system, updates automatically.

A Chief Security Office's (CSO's) key priorities are to improve preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks. Which of the following would BEST meet the CSO's objectives?

Implement application whitelisting and centralized event log management, and perform regular testing and validation of full backups.

Use email-filtering software and centralized account management, patch high-risk systems, and restrict administration privileges on fileshares.

Purchase cyber insurance from a reputable provider to reduce expenses during an incident.

Invest in end-user awareness training to change the long-term culture and behavior of staff and executives, reducing the organization's susceptibility to phishing attacks.

Phishing and spear-phishing attacks have been occurring more frequently against a company's staff. Which of the following would MOST likely help mitigate this issue?

Exact mail exchanger records in the DNS

The addition of DNS conditional forwarders

On which of the following is the live acquisition of data for forensic analysis MOST dependent? (Choose two.)

Cryptographic or hash algorithm

A security auditor is reviewing vulnerability scan data provided by an internal security team. Which of the following BEST indicates that valid credentials were used?

The scan enumerated software versions of installed programs

The scan results show open ports, protocols, and services exposed on the target host

The scan produced a list of vulnerabilities on the target host

The scan identified expired SSL certificates

Bns6

Authored by jaret valdez

Mathematics

University

Used 2+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

102 questions

Show all answers

MULTIPLE SELECT QUESTION

45 sec • 1 pt

An organization is developing an authentication service for use at the entry and exit ports of country borders. The service will use data feeds obtained from passport systems, passenger manifests, and high- definition video feeds from CCTV systems that are located at the ports. The service will incorporate machine-learning techniques to eliminate biometric enrollment processes while still allowing authorities to identify passengers with increasing accuracy over time. The more frequently passengers travel, the more accurately the service will identify them.
Which of the following biometrics will MOST likely be used, without the need for enrollment?

Voice

Gait

Vein

Facial

Retina

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A small company that does not have security staff wants to improve its security posture. Which of the following would BEST assist the company?

MSSP

SOAR

laaS

PaaS

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An organization's help desk is flooded with phone calls from users stating they can no longer access certain websites. The help desk escalates the issue to the security team, as these websites were accessible the previous day. The security analysts run the following command: ipconfig /flushdns, but the issue persists. Finally, an analyst changes the DNS server for an impacted machine, and the issue goes away. Which of the following attacks MOST likely occurred on the original DNS server?

DNS cache poisoning

Domain hijacking

Distributed denial-of-service

DNS tunneling

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A cybersecurity manager has scheduled biannual meetings with the IT team and department leaders to discuss how they would respond to hypothetical cyberattacks. During these meetings, the manager presents a scenario and injects additional information throughout the session to replicate what might occur in a dynamic cybersecurity event involving the company, its facilities, its data, and its staff. Which of the following describes what the manager is doing?

Developing an incident response plan

Building a disaster recovery plan

Conducting a tabletop exercise

Running a simulation exercise

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A RAT that was used to compromise an organization's banking credentials was found on a user's computer. The RAT evaded antivirus detection. It was installed by a user who has local administrator rights to the system as part of a remote management tool set. Which of the following recommendations would BEST prevent this from reoccurring?

Create a new acceptable use policy.

Segment the network into trusted and untrusted zones.

Enforce application whitelisting.

Implement DLP at the network boundary.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A security analyst is reviewing a new website that will soon be made publicly available. The analyst sees the following in the URL:
http://dev-site.comptia.org/home/show.php?sessionID=77276554&loc=us
The analyst then sends an internal user a link to the new website for testing purposes, and when the user clicks the link, the analyst is able to browse the website with the following URL:
http://dev-site.comptia.org/home/show.php?sessionID=98988475&loc=us
Which of the following application attacks is being tested?

Pass-the-hash

Session replay

Object deference

Cross-site request forgery

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A network administrator has been asked to install an IDS to improve the security posture of an organization. Which of the following control types is an IDS?

Corrective

Physical

Detective

Administrative

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

100 questions

Transformar 2021 2

Quiz

•

University

100 questions

Evaluación General 1

Quiz

•

University

100 questions

BSP 1201_LONG QUIZ IN GEd 102: MATHEMATICS IN THE MODERN WORLD

Quiz

•

University

100 questions

Competency Based Questions

Quiz

•

10th Grade - University

99 questions

SIMULADOR ESPE NUMERICO

Quiz

•

University

100 questions

Midterm Lecture Exam

Quiz

•

University

100 questions

ôn tiếng 3

Quiz

•

University

100 questions

PAKET 100 SOAL CPNS

Quiz

•

University - Professi...

Popular Resources on Wayground

10 questions

5.P.1.3 Distance/Time Graphs

Quiz

•

5th Grade

10 questions

Fire Drill

Quiz

•

2nd - 5th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

15 questions

Hargrett House Quiz: Community & Service

Quiz

•

5th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Mathematics

20 questions

Quadrilaterals

Quiz

•

KG - University

20 questions

Theoretical and Experimental Probability

Quiz

•

KG - University

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

20 questions

Circle Vocab

Quiz

•

KG - University

40 questions

8th Grade Math Review

Quiz

•

8th Grade - University

Bns6

A small company that does not have security staff wants to improve its security posture. Which of the following would BEST assist the company?

A network administrator has been asked to install an IDS to improve the security posture of an organization. Which of the following control types is an IDS?

Which of the following should be put in place when negotiating with a new vendor about the timeliness of the response to a significant outage or incident?

A startup company is using multiple SaaS and laaS platforms to stand up a corporate infrastructure and build out a customer-facing web application. Which of the following solutions would be BEST to provide security, manageability, and visibility into the platforms?

A root cause analysis reveals that a web application outage was caused by one of the company's developers uploading a newer version of the third-party libraries that were shared among several applications. Which of the following implementations would be BEST to prevent the issue from reoccurring?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Mathematics