CompTIA Certmaster CE Security+
Domain 4.0 Security Operations
Assessment 100% Accurate
A global corporation has faced numerous cyber threats and is now prioritizing the
security of its servers. The corporation's IT security expert recommends a strategy to
improve server security. Which of the following options is likely to be the MOST
effective? - ANSWER D. Implement a secure baseline, consistently apply updates and
patches, and adhere to hardening guidelines.
A software engineer is reviewing the various capabilities of automation and scripting.
What capability does the use of security groups allow for in automation and scripting? -
ANSWER A. It assists in reducing the possibility of unauthorized access or excessive
permissions.
As a company matures, its attack surface also grows. Additionally, the company
becomes an increasingly desirable target for a malicious actor to compromise its
systems. A company must monitor all software usage, secure applications, third-party
software, libraries, and dependencies. Which of the following would contribute to
protecting the business's operations? (Select the three best options.) - ANSWER A.
Package monitoring
B. Software Bill of Materials
C. Software composition analysis
A forensic analyst at an international law enforcement agency investigates a
sophisticated cyber-espionage case. The analyst must uncover the timeline of
document interactions, detect concealed or system-protected files, interpret categories
of digital events, and trace digital breadcrumbs left behind during media uploads on
social platforms. What combination of data sources would provide the MOST
comprehensive information for this multifaceted investigation? - ANSWER C. File
metadata with extended attributes and network transaction logs
The IT team of a medium-sized business is planning to enhance network security. They
want to enforce minimum security controls and configurations across all network
devices, including firewalls, routers, and switches. What should they establish to
achieve this objective? - ANSWER A. Network security baselines
An organization needs to implement web filtering to bolster its security. The goal is to
ensure consistent policy enforcement for both in-office and remote workers. Which of
the following web filtering methods BEST meets this requirement? - ANSWER B.
Deploying agent-based web filtering
, In a multinational corporation, employees across various departments regularly access
many cloud-based applications to fulfill their tasks efficiently. The company's security
team is grappling with managing user credentials securely and efficiently across these
diverse platforms. They are actively looking to improve user authentication and
streamline access to these applications while ensuring robust security measures are in
place. In this scenario, what technology should the company implement to enable
Single Sign-On (SSO) capabilities and ensure secure authentication across its diverse
cloud-based applications? - ANSWER B. SAML
A cybersecurity responder monitors a hacker's activities covertly to prepare a
containment and eradication plan. This technique involves gaining an informational
advantage over an adversary by observing them without their knowledge, allowing for
strategic planning and response. What threat-hunting technique is being employed? -
ANSWER B. Maneuvering
What action of the incident response process limits the scope and magnitude of the
incident? - ANSWER C. Containment
An information security manager is fine-tuning a Security Information and Event
Management (SIEM) system in a company that has recently reported a series of
unauthorized account access attempts. The manager wants to ensure prompt detection
of similar incidents for immediate investigation. Which approach should the manager
consider to optimize the system's alerting capability? - ANSWER C. Configuring the
SIEM system to alert when multiple login failures for the same account occur within a
specified time period
An organization reviews recent audit results of monitoring solutions used to protect the
company's infrastructure and learns that detection tools are reporting a high volume of
false positives. Which alert tuning techniques can reduce the volume of false positives
by either direct influence or through referral processes? (Select the three best options.)
- ANSWER B. Refining detection rules and muting alert levels
C. Redirecting sudden alert "floods" to a dedicated group
D. Redirecting infrastructure-related alerts to a dedicated group
An organization is enhancing its security measures to combat email-based threats after
being targeted in a whaling attack. Regarding email security, what uses tenets from
authentication methods and encryption features to define rules for handling messages,
such as moving messages to quarantine or spam, rejecting them entirely, or tagging
them? - ANSWER A. DMARC
An organization wants to enhance its cybersecurity by implementing web filtering. The
company needs a solution that provides granular control over web traffic, ensures policy
enforcement even when employees are off the corporate network, and can log and
Domain 4.0 Security Operations
Assessment 100% Accurate
A global corporation has faced numerous cyber threats and is now prioritizing the
security of its servers. The corporation's IT security expert recommends a strategy to
improve server security. Which of the following options is likely to be the MOST
effective? - ANSWER D. Implement a secure baseline, consistently apply updates and
patches, and adhere to hardening guidelines.
A software engineer is reviewing the various capabilities of automation and scripting.
What capability does the use of security groups allow for in automation and scripting? -
ANSWER A. It assists in reducing the possibility of unauthorized access or excessive
permissions.
As a company matures, its attack surface also grows. Additionally, the company
becomes an increasingly desirable target for a malicious actor to compromise its
systems. A company must monitor all software usage, secure applications, third-party
software, libraries, and dependencies. Which of the following would contribute to
protecting the business's operations? (Select the three best options.) - ANSWER A.
Package monitoring
B. Software Bill of Materials
C. Software composition analysis
A forensic analyst at an international law enforcement agency investigates a
sophisticated cyber-espionage case. The analyst must uncover the timeline of
document interactions, detect concealed or system-protected files, interpret categories
of digital events, and trace digital breadcrumbs left behind during media uploads on
social platforms. What combination of data sources would provide the MOST
comprehensive information for this multifaceted investigation? - ANSWER C. File
metadata with extended attributes and network transaction logs
The IT team of a medium-sized business is planning to enhance network security. They
want to enforce minimum security controls and configurations across all network
devices, including firewalls, routers, and switches. What should they establish to
achieve this objective? - ANSWER A. Network security baselines
An organization needs to implement web filtering to bolster its security. The goal is to
ensure consistent policy enforcement for both in-office and remote workers. Which of
the following web filtering methods BEST meets this requirement? - ANSWER B.
Deploying agent-based web filtering
, In a multinational corporation, employees across various departments regularly access
many cloud-based applications to fulfill their tasks efficiently. The company's security
team is grappling with managing user credentials securely and efficiently across these
diverse platforms. They are actively looking to improve user authentication and
streamline access to these applications while ensuring robust security measures are in
place. In this scenario, what technology should the company implement to enable
Single Sign-On (SSO) capabilities and ensure secure authentication across its diverse
cloud-based applications? - ANSWER B. SAML
A cybersecurity responder monitors a hacker's activities covertly to prepare a
containment and eradication plan. This technique involves gaining an informational
advantage over an adversary by observing them without their knowledge, allowing for
strategic planning and response. What threat-hunting technique is being employed? -
ANSWER B. Maneuvering
What action of the incident response process limits the scope and magnitude of the
incident? - ANSWER C. Containment
An information security manager is fine-tuning a Security Information and Event
Management (SIEM) system in a company that has recently reported a series of
unauthorized account access attempts. The manager wants to ensure prompt detection
of similar incidents for immediate investigation. Which approach should the manager
consider to optimize the system's alerting capability? - ANSWER C. Configuring the
SIEM system to alert when multiple login failures for the same account occur within a
specified time period
An organization reviews recent audit results of monitoring solutions used to protect the
company's infrastructure and learns that detection tools are reporting a high volume of
false positives. Which alert tuning techniques can reduce the volume of false positives
by either direct influence or through referral processes? (Select the three best options.)
- ANSWER B. Refining detection rules and muting alert levels
C. Redirecting sudden alert "floods" to a dedicated group
D. Redirecting infrastructure-related alerts to a dedicated group
An organization is enhancing its security measures to combat email-based threats after
being targeted in a whaling attack. Regarding email security, what uses tenets from
authentication methods and encryption features to define rules for handling messages,
such as moving messages to quarantine or spam, rejecting them entirely, or tagging
them? - ANSWER A. DMARC
An organization wants to enhance its cybersecurity by implementing web filtering. The
company needs a solution that provides granular control over web traffic, ensures policy
enforcement even when employees are off the corporate network, and can log and
