CompTIA Security+ Practice Exam 3

An IT manager is increasing the security capabilities of an organization after a data classification initiative determined that sensitive data could be exfiltrated from the environment. Which of the following solutions would mitigate the risk?

Which of the following is used to protect a computer from viruses, malware, and Trojans being installed and moving laterally across the network?

Client files can only be accessed by employees who need to know the information and have specified roles in the company. Which of the following best describes this security concept?

Which of the following describes the category of data that is most impacted when it is lost?

A new employee logs in to the email system for the first time and notices a message from human resources about onboarding. The employee hovers over a few of the links within the email and discovers that the links do not correspond to links associated with the company. Which of the following attack vectors is most likely being used?

Which of the following describes the understanding between a company and a client about what will be provided and the accepted time needed to provide the company with the resources?

A company that is located in an area prone to hurricanes is developing a disaster recovery plan and looking at site considerations that allow the company to immediately continue operations. Which of the following is the best type of site for this company?

Which of the following security controls is most likely being used when a critical legacy server is segmented into a private network?

Which of the following best describes the practice of researching laws and regulations related to information security operations within a specific industry?

Which of the following considerations is the most important for an organization to evaluate as it establishes and maintains a data privacy program?

A security analyst is investigating a workstation that is suspected of outbound communication to a command-and-control server. During the investigation, the analyst discovered that logs on the endpoint were deleted. Which of the following logs would the analyst most likely look at next?

An IT manager is putting together a documented plan describing how the organization will keep operating in the event of a global incident. Which of the following plans is the IT manager creating?

A business needs a recovery site but does not require immediate failover. The business also wants to reduce the workload required to recover from an outage. Which of the following recovery sites is the best option?

A security team is setting up a new environment for hosting the organization’s on-premises software application as a cloud-based service. Which of the following should the team ensure is in place in order for the organization to follow security best practices?

A manager receives an email that contains a link to receive a refund. After hovering over the link, the manager notices that the domain’s URL points to a suspicious link. Which of the following security practices helped the manager to identify the attack?

A company wants to verify that the software the company is deploying came from the vendor the company purchased the software from. Which of the following is the best way for the company to confirm this information?

A systems administrator notices that one of the systems critical for processing customer transactions is running an end-of-life operating system. Which of the following techniques would increase enterprise security?

The Chief Information Security Officer (CISO) at a large company would like to gain an understanding of how the company’s security policies compare to the requirements imposed by external regulators. Which of the following should the CISO use?

A systems administrator notices that the research and development department is not using the company VPN when accessing various company-related services and systems. Which of the following scenarios describes this activity?

The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?

Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?

Which of the following is classified as high availability in a cloud environment?

Which of the following security measures is required when using a cloud-based platform for IoT management?

Which of the following threat vectors is most commonly utilized by insider threat actors attempting data exfiltration?

Which of the following methods to secure credit card data is best to use when a requirement is to see only the last four numbers on a credit card?

The Chief Information Security Officer (CISO) has determined the company is non-compliant with local data privacy regulations. The CISO needs to justify the budget request for more resources. Which of the following should the CISO present to the board as the direct consequence of non-compliance?

Which of the following alert types is the most likely to be ignored over time?

A security analyst is investigating an application server and discovers that software on the server is behaving abnormally. The software normally runs batch jobs locally and does not generate traffic, but the process is now generating outbound traffic over random high ports. Which of the following vulnerabilities has likely been exploited in this software?

An important patch for a critical application has just been released, and a systems administrator is identifying all of the systems requiring the patch. Which of the following must be maintained in order to ensure that all systems requiring the patch are updated?

Which of the following should a security operations center use to improve its incident response procedure?

Which of the following describes an executive team that is meeting in a board room and testing the company’s incident response plan?

A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies. Which of the following is the most important consideration during development?

Which of the following agreement types defines the time frame in which a vendor needs to respond?

Which of the following is a feature of a next-generation SIEM system?

To improve the security at a data center, a security administrator implements a CCTV system and posts several signs about the possibility of being filmed. Which of the following best describe these types of controls? (Choose two.)

Which of the following examples would be best mitigated by input sanitization?

An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?

After conducting a vulnerability scan, a systems administrator notices that one of the identified vulnerabilities is not present on the systems that were scanned. Which of the following describes this example?

A recent penetration test identified that an attacker could flood the MAC address table of network switches. Which of the following would best mitigate this type of attack?

A user would like to install software and features that are not available with a smartphone’s default software. Which of the following would allow the user to install unauthorized software and enable new features?

Which of the following phases of an incident response involves generating reports?

Which of the following methods would most likely be used to identify legacy systems?

Employees located off-site must have access to company resources in order to complete their assigned tasks. These employees utilize a solution that allows remote access without interception concerns. Which of the following best describes this solution?

A company allows customers to upload PDF documents to its public e-commerce website. Which of the following would a security analyst most likely recommend?

A security analyst developed a script to automate a trivial and repeatable task. Which of the following best describes the benefits of ensuring other team members understand how the script works?

A company is decommissioning its physical servers and replacing them with an architecture that will reduce the number of individual operating systems. Which of the following strategies should the company use to achieve this security requirement?

An administrator needs to perform server hardening before deployment. Which of the following steps should the administrator take? (Choose two.)

A Chief Information Security Officer would like to conduct frequent, detailed reviews of systems and procedures to track compliance objectives. Which of the following will be the best method to achieve this objective?

Which of the following security concepts is accomplished with the installation of a RADIUS server?

After creating a contract for IT contractors, the human resources department changed several clauses. The contract has gone through three revisions. Which of the following processes should the human resources department follow to track revisions?

The executive management team is mandating the company develop a disaster recovery plan. The cost must be kept to a minimum, and the money to fund additional internet connections is not available. Which of the following would be the best option?

An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website. Which of the following should the administrator do?

Which of the following teams is best suited to determine whether a company has systems that can be exploited by a potential, identified vulnerability?

A company is reviewing options to enforce user logins after several account takeovers. The following conditions must be met as part of the solution:

• Allow employees to work remotely or from assigned offices around the world.
• Provide a seamless login experience.
• Limit the amount of equipment required.

Which of the following best meets these conditions?

Which of the following methods can be used to detect attackers who have successfully infiltrated a network? (Choose two.)

A company wants to ensure that the software it develops will not be tampered with after the final version is completed. Which of the following should the company most likely use?

An organization completed a project to deploy SSO across all business applications last year. Recently, the finance department selected a new cloud-based accounting software vendor. Which of the following should most likely be configured during the new software deployment?

A user, who is waiting for a flight at an airport, logs in to the airline website using the public Wi-Fi, ignores a security warning and purchases an upgraded seat. When the flight lands, the user finds unauthorized credit card charges. Which of the following attacks most likely occurred?

A network engineer deployed a redundant switch stack to increase system availability. However, the budget can only cover the cost of one ISP connection. Which of the following best describes the potential risk factor?

A network team segmented a critical, end-of-life server to a VLAN that can only be reached by specific devices but cannot be reached by the perimeter network. Which of the following best describe the controls the team implemented? (Choose two.)

A threat actor was able to use a username and password to log in to a stolen company mobile device. Which of the following provides the best solution to increase mobile data security on all employees’ company mobile devices?

Which of the following best describes the risk present after controls and mitigating factors have been applied?

A software development team asked a security administrator to recommend techniques that should be used to reduce the chances of the software being reverse engineered. Which of the following should the security administrator recommend?

Which of the following is a possible factor for MFA?

Easy-to-guess passwords led to an account compromise. The current password policy requires at least 12 alphanumeric characters, one uppercase character, one lowercase character, a password history of two passwords, a minimum password age of one day, and a maximum password age of 90 days. Which of the following would reduce the risk of this incident from happening again? (Choose two.)

A user downloaded software from an online forum. After the user installed the software, the security team observed external network traffic connecting to the user’s computer on an uncommon port. Which of the following is the most likely explanation of this unauthorized connection?

A utility company is designing a new platform that will host all the virtual machines used by business applications. The requirements include:

• A starting baseline of 50% memory utilization
• Storage scalability
• Single circuit failure resilience

Which of the following best meets all of these requirements?

Which of the following best describes a use case for a DNS sinkhole?

An incident analyst finds several image files on a hard disk. The image files may contain geolocation coordinates. Which of the following best describes the type of information the analyst is trying to extract from the image files?

Which of the following most likely describes why a security engineer would configure all outbound emails to use S/MIME digital signatures?

During a recent company safety stand-down, the cyber-awareness team gave a presentation on the importance of cyber hygiene. One topic the team covered was best practices for printing centers. Which of the following describes an attack method that relates to printing centers?

Which of the following considerations is the most important regarding cryptography used in an IoT device?

A coffee shop owner wants to restrict internet access to only paying customers by prompting them for a receipt number. Which of the following is the best method to use given this requirement?

While performing digital forensics, which of the following is considered the most volatile and should have the contents collected first?

A hosting provider needs to prove that its security controls have been in place over the last six months and have sufficiently protected customer data. Which of the following would provide the best proof that the hosting provider has met the requirements?

A city municipality lost its primary data center when a tornado hit the facility. Which of the following should the city staff use immediately after the disaster to handle essential public services?

Which of the following is considered a preventive control?

A systems administrator notices that a testing system is down. While investigating, the systems administrator finds that the servers are online and accessible from any device on the server network. The administrator reviews the following information from the monitoring system:

Which of the following is the most likely cause of the outage?

A security team has been alerted to a flood of incoming emails that have various subject lines and are addressed to multiple email inboxes. Each email contains a URL shortener link that is redirecting to a dead domain. Which of the following is the best step for the security team to take?

A security administrator is working to secure company data on corporate laptops in case the laptops are stolen. Which of the following solutions should the administrator consider?

A company needs to keep the fewest records possible, meet compliance needs, and ensure destruction of records that are no longer needed. Which of the following best describes the policy that meets these requirements?

Which of the following is a common source of unintentional corporate credential leakage in cloud environments?

Which of the following is the best reason an organization should enforce a data classification policy to help protect its most sensitive information?

An analyst is performing a vulnerability scan against the web servers exposed to the internet without a system account. Which of the following is most likely being performed?

A security administrator is hardening corporate systems and applying appropriate mitigations by consulting a real-world knowledge base for adversary behavior. Which of the following would be best for the administrator to reference?

An architect has a request to increase the speed of data transfer using JSON requests externally. Currently, the organization uses SFTP to transfer data files. Which of the following will most likely meet the requirements?

Which of the following addresses individual rights such as the right to be informed, the right of access, and the right to be forgotten?

An administrator is installing an LDAP browser tool in order to view objects in the corporate LDAP directory. Secure connections to the LDAP server are required. When the browser connects to the server, certificate errors are being displayed, and then the connection is terminated. Which of the following is the most likely solution?

Which of the following is the most important security concern when using legacy systems to provide production service?

A security investigation revealed that malicious software was installed on a server using a server administrator’s credentials. During the investigation, the server administrator explained that Telnet was regularly used to log in. Which of the following most likely occurred?