Several attempts have been made to pick the door lock of a secure facility. As a result, the security engineer has been assigned to implement a stronger preventative access control. Which of the following would BEST complete the engineer's assignment?

Replacing the traditional key with an RFID key

Installing and monitoring a camera facing the door

Setting motion-sensing lights to illuminate the door on activity

Surrounding the property with fencing and gates

An administrator needs to protect user passwords and has been advised to hash the passwords. Which of the following BEST describes what the administrator is being advised to do?

Perform a mathematical operation on the passwords that will convert them into unique strings.

Add extra data to the passwords so their length is increased, making them harder to brute force.

Store all passwords in the system in a rainbow table that has a centralized location.

Enforce the use of one-time passwords that are changed for every login session.

Which of the following is a reason to publish files' hashes?

To validate the integrity of the files

To verify if the software was digitally signed

To use the hash as a software activation key

To use the hash as a decryption passphrase

The Chief Compliance Officer from a bank has approved a background check policy for all new hires. Which of the following is the policy MOST likely protecting against?

Hiring an employee who has been convicted of theft to adhere to industry compliance

Preventing any current employees' siblings from working at the bank to prevent nepotism

Filtering applicants who have added false information to resumes so they appear better qualified

Ensuring no new hires have worked at other banks that may be trying to steal customer information

A technician was dispatched to complete repairs on a server in a data center. While locating the server, the technician entered a restricted area without authorization. Which of the following security controls would BEST prevent this in the future?

Implement access control vestibules.

Use appropriate signage to mark all areas.

Utilize cameras monitored by guards.

Enforce escorts to monitor all visitors.

A security analyst is concerned about critical vulnerabilities that have been detected on some applications running inside containers. Which of the following is theBEST remediation strategy?

Update the base container Image and redeploy the environment.

Include the containers in the regular patching schedule for servers.

Patch each running container individually and test the application.

Update the host in which the containers are running.

Which of the following will increase cryptographic security?

Algorithms that require less computing power

Which of the following statements BEST describes zero-day exploits?

A zero-day exploit is initially undetectable, and no patch for it exists.

When a zero-day exploit is discovered, the system cannot be protected by any means.

Zero-day exploits have their own scoring category in CVSS.

Discovering zero-day exploits is always performed via bug bounty programs.

Which of the following is the BEST example of a cost-effective physical control to enforce a USB removable media restriction policy?

Putting security/antitamper tape over USB ports, logging the port numbers, and regularly inspecting the ports

Implementing a GPO that will restrict access to authorized USB removable media and regularly verifying that it is enforced

Placing systems into locked, key-controlled containers with no access to the USB ports

Installing an endpoint agent to detect connectivity of USB and removable media

A company suspects that some corporate accounts were compromised. The number of suspicious logins from locations not recognized by the users is increasing.Employees who travel need their accounts protected without the risk of blocking legitimate login requests that may be made over new sign-in properties. Which of the following security controls can be implemented?

Enforce MFA when an account request reaches a risk threshold.

Implement geofencing to only allow access from headquarters.

Enforce time-based login requests that align with business hours.

Shift the access control scheme to a discretionary access control.

An organization wants to participate in threat intelligence information sharing with peer groups. Which of the following would MOST likely meet the organization's requirement?

Subscribe to threat intelligence feeds.

Which of the following is the MOST effective control against zero-day vulnerabilities?

Multiple vulnerability scanners

An organization has hired a red team to simulate attacks on its security posture. Which of the following will the blue team do after detecting an IoC?

Activate runbooks for incident response.

Reimage the impacted workstations.

Conduct forensics on the compromised system.

Conduct passive reconnaissance to gather information.

Sec+ ExamTopics Adaptive Quiz 1

Authored by Brock McKinley

Computers

Professional Development

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

418 questions

Show all answers

MULTIPLE CHOICE QUESTION

20 sec • 1 pt

A user is attempting to navigate to a website from inside the company network using a desktop. When the user types in the URL, https://www.site.com, the user is presented with a certificate mismatch warning from the browser. The user does not receive a warning when visiting http://www.anothersite.com. Which of the following describes this attack?

On-path

Domain hijacking

DNS poisoning

Evil twin

MULTIPLE CHOICE QUESTION

20 sec • 1 pt

Which of the following tools is effective in preventing a user from accessing unauthorized removable media?

USB data blocker

Faraday cage

Proximity reader

Cable lock

MULTIPLE CHOICE QUESTION

20 sec • 1 pt

A Chief Security Officer is looking for a solution that can provide increased scalability and flexibility for back-end infrastructure, allowing it to be updated and modified without disruption to services. The security architect would like the solution selected to reduce the back-end server resources and has highlighted that session persistence is not important for the applications running on the back-end servers. Which of the following would BEST meet the requirements?

Reverse proxy

Automated patch management

Snapshots

NIC teaming

MULTIPLE CHOICE QUESTION

20 sec • 1 pt

Which of the following describes a social engineering technique that seeks to exploit a person's sense of urgency?

A phishing email stating a cash settlement has been awarded but will expire soon

A smishing message stating a package is scheduled for pickup

A vishing call that requests a donation be made to a local charity

A SPIM notification claiming to be undercover law enforcement investigating a cybercrime

MULTIPLE CHOICE QUESTION

20 sec • 1 pt

A security analyst is reviewing application logs to determine the source of a breach and locates the following log: https://www.comptia.com/login.php?id='%20or%20'1'1='1Which of the following has been observed?

DLL Injection

API attack

SQLi

XSS

MULTIPLE CHOICE QUESTION

20 sec • 1 pt

An audit identified PII being utilized in the development environment of a critical application. The Chief Privacy Officer (CPO) is adamant that this data must be removed; however, the developers are concerned that without real data they cannot perform functionality tests and search for specific data. Which of the following should a security professional implement to BEST satisfy both the CPO's and the development team's requirements?

Data anonymization

Data encryption

Data masking

Data tokenization

MULTIPLE CHOICE QUESTION

20 sec • 1 pt

A company is implementing a DLP solution on the file server. The file server has PII, financial information, and health information stored on it. Depending on what type of data that is hosted on the file server, the company wants different DLP rules assigned to the data. Which of the following should the company do to help accomplish this goal?

Classify the data.

Mask the data.

Assign the application owner.

Perform a risk analysis.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Popular Resources on Wayground

8 questions

Spartan Way - Classroom Responsible

Quiz

•

9th - 12th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

14 questions

Boundaries & Healthy Relationships

Lesson

•

6th - 8th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

3 questions

Integrity and Your Health

Lesson

•

6th - 8th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

9 questions

FOREST Perception

Lesson

•

20 questions

Main Idea and Details

Quiz

•

5th Grade

Discover more resources for Computers

15 questions

LOTE_SPN2 5WEEK3 Day 2 Itinerary

Quiz

•

Professional Development

6 questions

Copy of G5_U6_L5_22-23

Lesson

•

KG - Professional Dev...

10 questions

March Quiz

Quiz

•

Professional Development

5 questions

Copy of G5_U6_L8_22-23

Lesson

•

KG - Professional Dev...

10 questions

suffixes FUL OR LESS

Quiz

•

Professional Development

Sec+ ExamTopics Adaptive Quiz 1

Which of the following tools is effective in preventing a user from accessing unauthorized removable media?

Which of the following describes a social engineering technique that seeks to exploit a person's sense of urgency?

A security analyst is reviewing application logs to determine the source of a breach and locates the following log: https://www.comptia.com/login.php?id='%20or%20'1'1='1Which of the following has been observed?

A company wants to simplify the certificate management process. The company has a single domain with several dozen subdomains, all of which are publicly accessible on the internet. Which of the following BEST describes the type of certificate the company should implement?

Access all questions and much more by creating a free account

Popular Resources on Wayground

Discover more resources for Computers