Sec+ 401-500 || with Complete Solution.
QUESTION 401
Which of the following utilize a subset of real data and are MOST likely to be used to assess the
features and functions of a system and how it interacts or performs from an end user's
perspective against defined test cases? (Select TWO).
A. Production
B. Test
C. Research and development
D. PoC
E. UAT
F. SDLC correct answers Answer: BE
QUESTION 402
The spread of misinformation surrounding the outbreak of a novel virus on election day led to
eligible voters choosing not to take the risk of going to the polls. This is an example of:
A. prepending.
B. an influence campaign
C. a watering-hole attack
D. intimidation
E. information elicitation correct answers Answer: B
QUESTION 403
A security engineer is installing a WAF to protect the company's website from malicious web
requests over SSL. Which of the following is needed to meet the objective?
A. A reverse proxy
,B. A decryption certificate
C. A split-tunnel VPN
D. Load-balanced servers correct answers Answer: B
QUESTION 404
An enterprise needs to keep cryptographic keys in a safe manner.
Which of the following network appliances can achieve this goal?
A. HSM
B. CASB
C. TPM
D. DLP correct answers Answer: A
QUESTION 405
Ann, a forensic analyst, needs to prove that the data she originally acquired has remained
unchanged while in her custody. Which of the following should Ann use?
A. Chain of custody
B. Checksums
C. Non-repudiation
D. Legal hold correct answers Answer: B
QUESTION 407
An organization recently acquired an ISO 27001 certification.
Which of the following would MOST likely be considered a benefit of this certification?
A. It allows for the sharing of digital forensics data across organizations
,B. It provides insurance in case of a data breach
C. It provides complimentary training and certification resources to IT security staff.
D. It certifies the organization can work with foreign entities that require a security clearance
E. It assures customers that the organization meets security standards correct answers Answer: E
QUESTION 408
Which of the following is the MOST secure but LEAST expensive data destruction method for
data that is stored on hard drives?
A. Pulverizing
B. Shredding
C. Incinerating
D. Degaussing correct answers Answer: D
QUESTION 409
A security analyst is investigating multiple hosts that are communicating to external IP addresses
during the hours of 2:00 am - 4:00 am. The malware has evaded detection by traditional antivirus
software. Which of the following types of malware is MOST likely infecting the hosts?
A. A RAT
B. Ransomware
C. Polymorphic
D. A worm correct answers Answer: C
QUESTION 410
A company is required to continue using legacy software to support a critical service.
Which of the following BEST explains a risk of this practice?
, A. Default system configuration
B. Unsecure protocols
C. Lack of vendor support
D. Weak encryption correct answers Answer: C
QUESTION 411
A security researcher has alerted an organization that its sensitive user data was found for sale on
a website.
Which of the following should the organization use to inform the affected parties?
A. An incident response plan
B. A communications plan
C. A business continuity plan
D. A disaster recovery plan correct answers Answer: A
QUESTION 412
A company wants to modify its current backup strategy to minimize the number of backups that
would need to be restored in case of data loss. Which of the following would be the BEST
backup strategy to implement?
A. Incremental backups followed by differential backups
B. Full backups followed by incremental backups
C. Delta backups followed by differential backups
D. Incremental backups followed by delta backups
E. Full backups followed by differential backups correct answers Answer: E
QUESTION 413
QUESTION 401
Which of the following utilize a subset of real data and are MOST likely to be used to assess the
features and functions of a system and how it interacts or performs from an end user's
perspective against defined test cases? (Select TWO).
A. Production
B. Test
C. Research and development
D. PoC
E. UAT
F. SDLC correct answers Answer: BE
QUESTION 402
The spread of misinformation surrounding the outbreak of a novel virus on election day led to
eligible voters choosing not to take the risk of going to the polls. This is an example of:
A. prepending.
B. an influence campaign
C. a watering-hole attack
D. intimidation
E. information elicitation correct answers Answer: B
QUESTION 403
A security engineer is installing a WAF to protect the company's website from malicious web
requests over SSL. Which of the following is needed to meet the objective?
A. A reverse proxy
,B. A decryption certificate
C. A split-tunnel VPN
D. Load-balanced servers correct answers Answer: B
QUESTION 404
An enterprise needs to keep cryptographic keys in a safe manner.
Which of the following network appliances can achieve this goal?
A. HSM
B. CASB
C. TPM
D. DLP correct answers Answer: A
QUESTION 405
Ann, a forensic analyst, needs to prove that the data she originally acquired has remained
unchanged while in her custody. Which of the following should Ann use?
A. Chain of custody
B. Checksums
C. Non-repudiation
D. Legal hold correct answers Answer: B
QUESTION 407
An organization recently acquired an ISO 27001 certification.
Which of the following would MOST likely be considered a benefit of this certification?
A. It allows for the sharing of digital forensics data across organizations
,B. It provides insurance in case of a data breach
C. It provides complimentary training and certification resources to IT security staff.
D. It certifies the organization can work with foreign entities that require a security clearance
E. It assures customers that the organization meets security standards correct answers Answer: E
QUESTION 408
Which of the following is the MOST secure but LEAST expensive data destruction method for
data that is stored on hard drives?
A. Pulverizing
B. Shredding
C. Incinerating
D. Degaussing correct answers Answer: D
QUESTION 409
A security analyst is investigating multiple hosts that are communicating to external IP addresses
during the hours of 2:00 am - 4:00 am. The malware has evaded detection by traditional antivirus
software. Which of the following types of malware is MOST likely infecting the hosts?
A. A RAT
B. Ransomware
C. Polymorphic
D. A worm correct answers Answer: C
QUESTION 410
A company is required to continue using legacy software to support a critical service.
Which of the following BEST explains a risk of this practice?
, A. Default system configuration
B. Unsecure protocols
C. Lack of vendor support
D. Weak encryption correct answers Answer: C
QUESTION 411
A security researcher has alerted an organization that its sensitive user data was found for sale on
a website.
Which of the following should the organization use to inform the affected parties?
A. An incident response plan
B. A communications plan
C. A business continuity plan
D. A disaster recovery plan correct answers Answer: A
QUESTION 412
A company wants to modify its current backup strategy to minimize the number of backups that
would need to be restored in case of data loss. Which of the following would be the BEST
backup strategy to implement?
A. Incremental backups followed by differential backups
B. Full backups followed by incremental backups
C. Delta backups followed by differential backups
D. Incremental backups followed by delta backups
E. Full backups followed by differential backups correct answers Answer: E
QUESTION 413
