Page 1 of 89
SECURITY EXAM QUESTIONS LATEST EXAM
SOLVED QUESTIONS & ANSWERS VERIFIED 100%
GRADED A+
Which of the following best describes configuring devices to log to an off-site
location for possible future reference?
A. Log aggregation
B. DLP
C. Archiving
D. SCAP
A
A systems administrator is creating a script that would save time and prevent
human error when performing account creation for a large number of end
users. Which of the following would be a good use case for this task?
A. Off-the-shelf software
B. Orchestration
C. Baseline
D. Policy enforcement
: B Explanation: Orchestration is the process of automating multiple tasks across
different systems and applications.
A security analyst is reviewing the following logs: Which of the following
attacks is most likely occurring?
A. Password spraying
B. Account forgery
C. Pass-t he-hash
D. Brute-force
A
While troubleshooting a firewall configuration, a technician determines that a
"deny any" policy should be added to the bottom of the ACL. The technician
updates the policy, but the new policy causes several company servers to
become unreachable. Which of the following actions would prevent this issue?
A. Documenting the new policy in a change request and submitting the
request to change management
, Page 2 of 89
B. Testing the policy in a non-production environment before enabling the
policy in the production network
C. Disabling any intrusion prevention signatures on the 'deny any* policy prior
to enabling the new policy
D. Including an 'allow any1 policy above the 'deny any* policy
B Explanation: A firewall policy is a set of rules that defines what traffic is allowed or
denied on a network.
An organization is required to maintain financial data records for three years
and customer data for five years. Which of the following data management
policies should the organization implement?
A. Retention
B. Destruction
C. Inventory
D. Certification
A
Which of the following describes the reason root cause analysis should be
conducted as part of incident response?
A. To gather loCs for the investigation
B. To discover which systems have been affected
C. To eradicate any trace of malware on the network
D. To prevent future incidents of the same nature
D Explanation: Root cause analysis is a process of identifying and resolving the
underlying factors that led to an incident
A cybersecurity incident response team at a large company receives
notification that malware is present on several corporate desktops No known
Indicators of compromise have been found on the network. Which of the
following should the team do first to secure the environment?
A. Contain the Impacted hosts
B. Add the malware to the application blocklist.
C. Segment the core database server. D. Implement firewall rules to block
outbound beaconing
A
A cyber operations team informs a security analyst about a new tactic
malicious actors are using to compromise networks. SIEM alerts have not yet
been configured. Which of the following best describes what the security
analyst should do to identify this behavior?
A. [Digital forensics
B. E-discovery
, Page 3 of 89
C. Incident response
D. Threat hunting
D Explanation: Threat hunting is the process of proactively searching for signs of
malicious activity or compromise in a network, rather than waiting for alerts or
indicators of compromise (IOCs) to appear.
While investigating a recent security breach an analyst finds that an attacker
gained access by SQL infection through a company website. Which of the
following should the analyst recommend to the website developers to prevent
this from reoccurring?
A. Secure cookies
B. Input sanitization
C. Code signing
D. Blocklist
B Explanation: Input sanitization is a critical security measure to prevent SQL
injection attacks, which occur when an attacker exploits vulnerabilities in a website's
input fields to execute malicious SQL code
A business needs a recovery site but does not require immediate failover. The
business also wants to reduce the workload required to recover from an
outage. Which of the following recovery sites is the best option?
A. Hot
B. Cold
C. Warm
D. Geographically dispersed
C Explanation: A warm site is the best option for a business that does not require
immediate failover but wants to reduce the workload required for recovery.
A software development manager wants to ensure the authenticity of the code
created by the company. Which of the following options is the most
appropriate?
A. Testing input validation on the user input fields
B. Performing code signing on company-developed software
C. Performing static code analysis on the software
D. Ensuring secure cookies are use
B Explanation: Code signing is a technique that uses cryptography to verify the
authenticity and integrity of the code created by the company
A new employee logs in to the email system for the first time and notices a
message from human resources about onboarding. The employee hovers over
a few of the links within the email and discovers that the links do not
correspond to links associated with the company. Which of the following
attack vectors is most likely being used?
A. Business email
, Page 4 of 89
B. Social engineering
C. Unsecured network
D. Default credentials
B
A systems administrator is changing the password policy within an enterprise
environment and wants this update implemented on all systems as quickly as
possible. Which of the following operating system security measures will the
administrator most likely use?
A. Deploying PowerShell scripts
B. Pushing GPO update
C. Enabling PAP
D. Updating EDR profiles
B Explanation: A group policy object (GPO) is a mechanism for applying
configuration settings to computers and users in an Active Directory domain.
Which of the following is classified as high availability in a cloud
environment?
A. Access broker
B. Cloud HSM
C. WAF
D. Load balancer
D Explanation: In a cloud environment, high availability is typically ensured through
the use of a load balancer
In order to strengthen a password and prevent a hacker from cracking it, a
random string of 36 characters was added to the password. Which of the
following best describes this technique?
A. Key stretching
B. Tokenization
C. Data masking
D. Salting
D
An organization wants to ensure the integrity of compiled binaries in the
production environment. Which of the following security measures would best
support this objective?
A. Input validation
B. Code signing
C. SQL injection
D. Static analysis
B
To ensure the integrity of compiled binaries in the production environment, the best
security measure is code signing.
SECURITY EXAM QUESTIONS LATEST EXAM
SOLVED QUESTIONS & ANSWERS VERIFIED 100%
GRADED A+
Which of the following best describes configuring devices to log to an off-site
location for possible future reference?
A. Log aggregation
B. DLP
C. Archiving
D. SCAP
A
A systems administrator is creating a script that would save time and prevent
human error when performing account creation for a large number of end
users. Which of the following would be a good use case for this task?
A. Off-the-shelf software
B. Orchestration
C. Baseline
D. Policy enforcement
: B Explanation: Orchestration is the process of automating multiple tasks across
different systems and applications.
A security analyst is reviewing the following logs: Which of the following
attacks is most likely occurring?
A. Password spraying
B. Account forgery
C. Pass-t he-hash
D. Brute-force
A
While troubleshooting a firewall configuration, a technician determines that a
"deny any" policy should be added to the bottom of the ACL. The technician
updates the policy, but the new policy causes several company servers to
become unreachable. Which of the following actions would prevent this issue?
A. Documenting the new policy in a change request and submitting the
request to change management
, Page 2 of 89
B. Testing the policy in a non-production environment before enabling the
policy in the production network
C. Disabling any intrusion prevention signatures on the 'deny any* policy prior
to enabling the new policy
D. Including an 'allow any1 policy above the 'deny any* policy
B Explanation: A firewall policy is a set of rules that defines what traffic is allowed or
denied on a network.
An organization is required to maintain financial data records for three years
and customer data for five years. Which of the following data management
policies should the organization implement?
A. Retention
B. Destruction
C. Inventory
D. Certification
A
Which of the following describes the reason root cause analysis should be
conducted as part of incident response?
A. To gather loCs for the investigation
B. To discover which systems have been affected
C. To eradicate any trace of malware on the network
D. To prevent future incidents of the same nature
D Explanation: Root cause analysis is a process of identifying and resolving the
underlying factors that led to an incident
A cybersecurity incident response team at a large company receives
notification that malware is present on several corporate desktops No known
Indicators of compromise have been found on the network. Which of the
following should the team do first to secure the environment?
A. Contain the Impacted hosts
B. Add the malware to the application blocklist.
C. Segment the core database server. D. Implement firewall rules to block
outbound beaconing
A
A cyber operations team informs a security analyst about a new tactic
malicious actors are using to compromise networks. SIEM alerts have not yet
been configured. Which of the following best describes what the security
analyst should do to identify this behavior?
A. [Digital forensics
B. E-discovery
, Page 3 of 89
C. Incident response
D. Threat hunting
D Explanation: Threat hunting is the process of proactively searching for signs of
malicious activity or compromise in a network, rather than waiting for alerts or
indicators of compromise (IOCs) to appear.
While investigating a recent security breach an analyst finds that an attacker
gained access by SQL infection through a company website. Which of the
following should the analyst recommend to the website developers to prevent
this from reoccurring?
A. Secure cookies
B. Input sanitization
C. Code signing
D. Blocklist
B Explanation: Input sanitization is a critical security measure to prevent SQL
injection attacks, which occur when an attacker exploits vulnerabilities in a website's
input fields to execute malicious SQL code
A business needs a recovery site but does not require immediate failover. The
business also wants to reduce the workload required to recover from an
outage. Which of the following recovery sites is the best option?
A. Hot
B. Cold
C. Warm
D. Geographically dispersed
C Explanation: A warm site is the best option for a business that does not require
immediate failover but wants to reduce the workload required for recovery.
A software development manager wants to ensure the authenticity of the code
created by the company. Which of the following options is the most
appropriate?
A. Testing input validation on the user input fields
B. Performing code signing on company-developed software
C. Performing static code analysis on the software
D. Ensuring secure cookies are use
B Explanation: Code signing is a technique that uses cryptography to verify the
authenticity and integrity of the code created by the company
A new employee logs in to the email system for the first time and notices a
message from human resources about onboarding. The employee hovers over
a few of the links within the email and discovers that the links do not
correspond to links associated with the company. Which of the following
attack vectors is most likely being used?
A. Business email
, Page 4 of 89
B. Social engineering
C. Unsecured network
D. Default credentials
B
A systems administrator is changing the password policy within an enterprise
environment and wants this update implemented on all systems as quickly as
possible. Which of the following operating system security measures will the
administrator most likely use?
A. Deploying PowerShell scripts
B. Pushing GPO update
C. Enabling PAP
D. Updating EDR profiles
B Explanation: A group policy object (GPO) is a mechanism for applying
configuration settings to computers and users in an Active Directory domain.
Which of the following is classified as high availability in a cloud
environment?
A. Access broker
B. Cloud HSM
C. WAF
D. Load balancer
D Explanation: In a cloud environment, high availability is typically ensured through
the use of a load balancer
In order to strengthen a password and prevent a hacker from cracking it, a
random string of 36 characters was added to the password. Which of the
following best describes this technique?
A. Key stretching
B. Tokenization
C. Data masking
D. Salting
D
An organization wants to ensure the integrity of compiled binaries in the
production environment. Which of the following security measures would best
support this objective?
A. Input validation
B. Code signing
C. SQL injection
D. Static analysis
B
To ensure the integrity of compiled binaries in the production environment, the best
security measure is code signing.
