CompTIA SecurityX v1.0

Page:    1 / 8   
Exam contains 115 questions
Expand All

Company A acquired Company B and needs to determine how the acquisition will impact the attack surface of the organization as a whole. Which of the following is the best way to achieve this goal? (Choose two.)

  • A. Implementing DLP controls preventing sensitive data from leaving Company B's network
  • B. Documenting third-party connections used by Company B
  • C. Reviewing the privacy policies currently adopted by Company B
  • D. Requiring data sensitivity labeling for all files shared with Company B
  • E. Forcing a password reset requiring more stringent passwords for users on Company B's network
  • F. Performing an architectural review of Company B's network


Answer : BF

A security engineer wants to reduce the attack surface of a public-facing containerized application. Which of the following will best reduce the application's privilege escalation attack surface?

  • A. Implementing the following commands in the Dockerfile:
    RUN echo user:x:1000:1000:user:/home/user:/dev/null > /etc/passwd
  • B. Installing an EDR on the container's host, with reporting configured to log to a centralized SIEM, and implementing the following alerting rule:
    IF PROCESS_USER==root ALERT_TYPE==critical
  • C. Designing a multicontainer solution, with one set of containers that runs the main application, and another set of containers that performs automatic remediation by replacing compromised containers or disabling compromised accounts
  • D. Running the container in an isolated network and placing a load balancer in a public-facing network. Adding the following ACL to the load balancer:
    PERMIT HTTPS from 0.0.0.0.0/0 port 443


Answer : A

A company that uses containers to run its applications is required to identify vulnerabilities on every container image in a private repository. The security team needs to be able to quickly evaluate whether to respond to a given vulnerability. Which of the following will allow the security team to achieve the objective with the least effort?

  • A. SAST scan reports
  • B. Centralized SBoM
  • C. CIS benchmark compliance reports
  • D. Credentialed vulnerability scan


Answer : B

A company currently uses manual processes to regularly address incidents occurring outside of working hours. Hiring or implementing a SOC is not an option because of budget limitations. Which of the following solutions would most likely decrease the current risk?

  • A. Improve logging capabilities, integrating those logs with the existing SIEM and creating better security dashboards.
  • B. Implement a NIPS integrated with the firewall, raising new rules to block any malicious access attempts coming from the external perimeter.
  • C. Evaluate and implement new endpoint security tools, helping to prevent attack attempts.
  • D. Design proper runbooks and implement security orchestration and automation with integrated security tools.


Answer : D

A security architect is implementing more restrictive policies to improve secure coding practices. Which of the following solutions are the best ways to improve the security coding practices? (Choose two.)

  • A. Hire a third-party company to perform regular software tests, including quality and unity tests.
  • B. Deliver regular training for the software developers based on best practices.
  • C. Perform regular vulnerability assessments on production software, defining tight SLAs for treatment.
  • D. Define security gates and tests along the CI/CD flow with strict exception rules.
  • E. Perform regular code reviews and implement pair programming methodology.
  • F. Implement a SAST tool along the pipeline for every new commit.


Answer : BF

A Chief Information Security Officer assigns a team to create malicious communications for a social engineering campaign. The purpose of this campaign is to determine the number of employees who might be susceptible to social engineering attacks. The following is a summary report from a previous campaign:

Which of the following training modules would reduce click rates in the future?

  • A. Phishing
  • B. Whaling
  • C. Smishing
  • D. Tailgating


Answer : A

A security architect is onboarding a new EDR agent on servers that traditionally do not have internet access. In order for the agent to receive updates and report back to the management console, some changes must be made. Which of the following should the architect do to best accomplish this requirement? (Choose two.)

  • A. Create a firewall rule to only allow traffic from the subnet to the internet via a proxy.
  • B. Configure a proxy policy that blocks all traffic on port 443.
  • C. Configure a proxy policy that allows only fully qualified domain names needed to communicate to a portal.
  • D. Create a firewall rule to only allow traffic from the subnet to the internet via port 443.
  • E. Create a firewall rule to only allow traffic from the subnet to the internet to fully qualified names that are not identified as malicious by the firewall vendor.
  • F. Configure a proxy policy that blocks only lists of known-bad, fully qualified domain names.


Answer : AC

While investigating an email server that crashed, an analyst reviews the following log files:

Which of the following is most likely the root cause?

  • A. The administrator's account credentials were intercepted and reused.
  • B. The backup process did not complete and caused cascading failure.
  • C. A hardware failure in the storage array caused the mailboxes to be inaccessible.
  • D. A user with low privileges was able to escalate and erase all mailboxes.


Answer : C

Incident responders determine that a company email server was the first compromised machine in an attack. The server was infected by malware. The following are abbreviated headers from three emails that the incident responders could not confidently determine to be safe:

Which of the following is the most likely reason the malware was delivered?

  • A. An attachment scan could not be completed.
  • B. The DMARC security check failed.
  • C. Repeated emails were sent from the same address.
  • D. The SPF check failed.


Answer : B

An engineer wants to automate several tasks by running commands daily on a UNIX server. The engineer only has built-in default tools available. Which of the following should the engineer use to best assist with this endeavor? (Choose two.)

  • A. Python
  • B. Cron
  • C. Ansible
  • D. PowerShell
  • E. Bash
  • F. Task Scheduler


Answer : BE

After an organization met with its ISAC, the organization decided to test the resiliency of its security controls against a small number of advanced threat actors. Which of the following will enable the security administrator to accomplish this task?

  • A. Adversary emulation
  • B. Reliability factors
  • C. Deployment of a honeypot
  • D. Internal reconnaissance


Answer : A

A small number but steady series of attempts to breach the network has been occurring over a long period of time. During an investigation, a SOC analyst finds that traffic is exiting the network to known malicious hosts and is originating from a rogue network device. Which of the following attack vectors is most likely being used to breach the network?

  • A. Supply chain
  • B. Buffer overflow
  • C. Social engineering
  • D. Ransomware


Answer : A

A security analyst detects a possible RAT infection on a computer in the internal network. After reviewing the details of the alert, the analyst identifies the initial vector of the attack was an email that was forwarded to multiple recipients in the same organizational unit. Which of the following should the analyst do first to minimize this type of threat in the future?

  • A. Move from an anti-malware software to an EDR solution.
  • B. Perform a penetration test to detect technology gaps on the anti-spam solution.
  • C. Configure an IPS solution in the internal network to mitigate infections.
  • D. Implement a security awareness program in the organization.


Answer : D

An organization that performs real-time financial processing is implementing a new backup solution. Given the following business requirements:
• The backup solution must reduce the risk for potential backup compromise.
• The backup solution must be resilient to a ransomware attack.
• The time to restore from backups is less important than the backup data integrity.
• Multiple copies of production data must be maintained.
Which of the following backup strategies best meets these requirements?

  • A. Creating a secondary, immutable storage array and updating it with live data on a continuous basis
  • B. Utilizing two connected storage arrays and ensuring the arrays constantly sync
  • C. Enabling remote journaling on the databases to ensure real-time transactions are mirrored
  • D. Setting up antitampering on the databases to ensure data cannot be changed unintentionally


Answer : A

A security operations analyst is reviewing network traffic baselines for nightly database backups. Given the following information:

Which of the following should the security analyst do next?

  • A. Consult with a network engineer to determine the impact of bandwidth usage.
  • B. Quarantine PRDDB01 and then alert the database engineers.
  • C. Refer to the incident response playbook for the proper response.
  • D. Review all the network logs for further data exfiltration.


Answer : D

Page:    1 / 8   
Exam contains 115 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy