COMPTIA CERTMASTER CE
SECURITY + DOMAIN 1.0
GENERAL SECURITY CONCEPTS
ASSESSMENT EXAM LATEST
UPDATE.
, 1. In a cybersecurity operation where downtime is critical to its mission, a cybersecurity analyst incorporates
allowlists and denylists restrictions. The objective is to guarantee high availability (HA) and safeguard against
potential security threats. How would a cybersecurity analyst utilize these lists in this scenario? (Select the two best
options.) ✓✓ CORRECT ANSWER A. Allowlists can specify approved software, hardware, and change types that are essential for the operation's
functioning.
D. Denylists can block unauthorized software, hardware, and change types that pose high risk to the operation's
availability and security.
2. How can a cybersecurity analyst effectively utilize version control to main-tain a historical record of
changes and ensure security in the organization's IT systems and applications? ✓✓ CORRECT ANSWER C. Use version
control to track changes in network diagrams and configuration files.
3. A malicious actor initiates an attack on a software organization, believing it to have successfully acquired
sensitive data. Unbeknownst to the attacker, the organization has deceived the attacker by intentionally
providing fake sensi-tive information and has now captured the attacker's tactics and tools. What deception
technology did the organization deploy to capture the attacker's techniques and tools? ✓✓ CORRECT ANSWER
D. Honeyfile
4. A cyber technician reduces a computer's attack surface by installing a cryp-
toprocessor that a plug-in peripheral component interconnect express (PCIe) adaptor card can remove. What type
of cryptoprocessor can support this requirement? ✓✓ CORRECT ANSWER B. Hardware Security Module (HSM)
5. A corporation's IT department is integrating a new framework that permits,
ascertains, and applies various resources in accordance with established com-pany policies. Which principle should the
department incorporate? ✓✓ CORRECT ANSWER A. Policy-driven access control
6. The organization is implementing a significant software upgrade that ne-cessitates application restarts.
How can the cybersecurity analyst ensure a smooth transition without causing extended downtime? ✓✓
CORRECT ANSWER B. Schedule the upgrade during nonworking hours to reduce the impact on users.
SECURITY + DOMAIN 1.0
GENERAL SECURITY CONCEPTS
ASSESSMENT EXAM LATEST
UPDATE.
, 1. In a cybersecurity operation where downtime is critical to its mission, a cybersecurity analyst incorporates
allowlists and denylists restrictions. The objective is to guarantee high availability (HA) and safeguard against
potential security threats. How would a cybersecurity analyst utilize these lists in this scenario? (Select the two best
options.) ✓✓ CORRECT ANSWER A. Allowlists can specify approved software, hardware, and change types that are essential for the operation's
functioning.
D. Denylists can block unauthorized software, hardware, and change types that pose high risk to the operation's
availability and security.
2. How can a cybersecurity analyst effectively utilize version control to main-tain a historical record of
changes and ensure security in the organization's IT systems and applications? ✓✓ CORRECT ANSWER C. Use version
control to track changes in network diagrams and configuration files.
3. A malicious actor initiates an attack on a software organization, believing it to have successfully acquired
sensitive data. Unbeknownst to the attacker, the organization has deceived the attacker by intentionally
providing fake sensi-tive information and has now captured the attacker's tactics and tools. What deception
technology did the organization deploy to capture the attacker's techniques and tools? ✓✓ CORRECT ANSWER
D. Honeyfile
4. A cyber technician reduces a computer's attack surface by installing a cryp-
toprocessor that a plug-in peripheral component interconnect express (PCIe) adaptor card can remove. What type
of cryptoprocessor can support this requirement? ✓✓ CORRECT ANSWER B. Hardware Security Module (HSM)
5. A corporation's IT department is integrating a new framework that permits,
ascertains, and applies various resources in accordance with established com-pany policies. Which principle should the
department incorporate? ✓✓ CORRECT ANSWER A. Policy-driven access control
6. The organization is implementing a significant software upgrade that ne-cessitates application restarts.
How can the cybersecurity analyst ensure a smooth transition without causing extended downtime? ✓✓
CORRECT ANSWER B. Schedule the upgrade during nonworking hours to reduce the impact on users.
