CompTIA Security+ SY0-701 Practice Tests 2024 PDF
Document Details
Uploaded by Deleted User
2024
Nikolaos Gorgotsias
Tags
Related
- CompTIA Security+ (SY0-701) Study Notes PDF
- CompTIA Security+ (SY0-701) Study Notes PDF
- David Seidl - CompTIA Security+ Practice Tests_ Exam SY0-701-Sybex (2024).pdf
- CompTIA Security+ SY0-701 Exam Questions PDF
- CompTIA Security+ Practice Tests 2024 PDF
- Professor Messer's CompTIA Security+ Practice Exams (SY0-701) PDF
Summary
This is a practice test book for the CompTIA Security+ SY0-701 exam, published in 2024. It includes questions and answers, designed to help individuals prepare for the certification exam. The book also includes an online practice subscription.
Full Transcript
1 by ExamsDigest® 2 CompTIA Security+ SY0-701 Practice Tests 2024® Published by: ExamsDigest LLC. and LabsDigest LLC. www.examsdigest.com - www.labsdigest.com Copyright © 2024 No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form, electroni...
1 by ExamsDigest® 2 CompTIA Security+ SY0-701 Practice Tests 2024® Published by: ExamsDigest LLC. and LabsDigest LLC. www.examsdigest.com - www.labsdigest.com Copyright © 2024 No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the Publisher. Trademarks: ExamsDigest, examsdigest.com and related trade dress are trademarks or registered trademarks of Examsdigest LLC. and may not be used without written permission. Amazon is a registered trademark of Amazon, Inc. All other trademarks are the property of their respective owners. ExamsDigest, LLC. is not associated with any product or vendor mentioned in this book. LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may find this material at https:// examsdigest.com 3 INTRODUCTION The CompTIA Security+ SY0-701 examination is a global certification that validates the baseline skills you need to perform core security functions and pursue an IT security career. About This Book CompTIA Security+ SY0-701 Practice Tests 2024 by ExamsDigest is designed to be a practical practice exam guide that will help you prepare for the CompTIA Security+ SY0-701 exam. This book has been designed to help you prepare for the style of questions you will receive on the CompTIA Security+ SY0-701 exam. It also helps you understand the topics you can expect to be tested on for each exam. In order to properly prepare for the CompTIA Security+ SY0-701, I recommend that you: ✓ Review a reference book: CompTIA Security+ SY0-701 by Examsdigest is designed to give you sample questions to help you prepare for the style of questions you will receive on the real certification exam. However, it is not a reference book that teaches the concepts in detail. That said, I recommend that you review a reference book before attacking these questions so that the theory is fresh in your mind. ✓ Get some practical, hands-on experience: After you review the theory, I highly recommend getting your hands on using tools such 4 us packet tracer or GNS3. Also use the command-line tools from your OS to get a better understanding about ping, tracert, netstat and more commands. The more hands-on experience you have, the easier the exams will be. ✓ Do practice test questions: After you review a reference book and perform some hands-on work, attack the questions in this book to get you “exam ready”! Also claim your free 1-month access on our platform to dive into to more questions, flashcards and much much more. Beyond The Book This book gives you plenty of CompTIA Security+ SY0-701 questions to work on, but maybe you want to track your progress as you tackle the questions, or maybe you’re having trouble with certain types of questions and wish they were all presented in one place where you could methodically make your way through them. You’re in luck. Your book purchase comes with a free one-month subscription to all practice questions online and more. You get on-the-go access any way you want it — from your computer, smartphone, or tablet. Track your progress and view personalized reports that show where you need to study the most. Study what, where, when, and how you want! What you’ll find online The online practice that comes free with this book offers you the same questions and answers that are available here and more. 5 The beauty of the online questions is that you can customize your online practice to focus on the topic areas that give you the most trouble. So if you need help with the domain Network Security, then select questions related to this topic online and start practicing. Whether you practice a few hundred problems in one sitting or a couple dozen, and whether you focus on a few types of problems or practice every type, the online program keeps track of the questions you get right and wrong so that you can monitor your progress and spend time studying exactly what you need. You can access these online tools by sending an email to the [email protected] to claim access on our platform. Once we confirm the purchase you can enjoy your free access. CompTIA Security+ SY0-701 Exam Details The online practice that comes free with this book offers you the same questions and answers that are available here and more. ✓ Format - Multiple choice, multiple answer and performance- based ✓ Type - Associate ✓ Delivery Method - Testing center or online proctored exam ✓ Time - 90 minutes to complete the exam ✓ Cost - $349 ✓ Language - Available in English, Japanese 6 Exam Content Content Outline The CompTIA Security+ certification exam will verify the successful candidate has the knowledge and skills required to: Assess the security posture of an enterprise environment and recommend and implement appropriate security solutions Monitor and secure hybrid environments, including cloud, mobile, and IoT Operate with an awareness of applicable laws and policies, including principles of governance, risk, and compliance Identify, analyze, and respond to security events and incidents The table below lists the domains measured by this examination and the extent to which they are represented: 1.0: General Security Concepts (12%) 2.0: Threats, Vulnerabilities, and Mitigations (22%) 3.0: Security Architecture (18%) 4.0: Security Operations (28%) 5.0: Security Program Management and Oversight (20%) 7 Table Of Content Chapter 1 General Security Concepts 11 Questions 1-110 11 Answers 1-110 51 Chapter 2 Threats, Vulnerabilities, and Mitigations 164 Questions 111-220 164 Answers 111-220 204 Chapter 3 Implementation 322 Questions 221-310 322 Answers 221-310 355 Chapter 4 Security Operations 447 Questions 311-460 447 Answers 311-460 504 Chapter 5 Security Program Management and Oversight 659 Questions 461-540 659 Answers 461-540 689 Exam Simulator #1 772 Questions 1-100 772 Answers 1-100 808 Exam Simulator #2 914 Questions 101-200 914 Answers 101-200 950 Exam Simulator #3 1053 Questions 201-300 1053 Answers 201-300 1090 Exam Simulator #4 1198 8 Questions 301-400 1198 Answers 301-400 1234 Exam Simulator #5 1334 Questions 401-500 1335 Answers 401-500 1371 Exam Simulator #6 1474 Questions 501-600 1474 Answers 501-600 1513 9 10 CHAPTER 1 GENERAL SECURITY CONCEPTS Questions 1-110 Question 1. A client disputes having signed a digital contract. The service provider needs to prove that the signature was indeed from the client and hasn’t been tampered with. Which of the following security concepts is the service provider relying on? (A) Authentication (B) Confidentiality (C) Non-repudiation (D) Access Control Question 2. Carlos, an IT consultant, advises a startup company on cybersecurity best practices. The company plans to launch several microsites under various subdomains. They want a solution that is cost-effective but also ensures that the sites are validated by a third-party. What type of certificate should Carlos recommend? (A) A separate self-signed certificate for each microsite (B) An individual third-party certificate for each subdomain (C) A third-party wildcard certificate (D) An EV certificate issued by an internal CA Question 3. A company wants to ensure that security incidents are detected and addressed as quickly as possible by on-duty 11 personnel. Which of the following operational security controls would be BEST to implement for this purpose? (A) Deploying a Network Intrusion Prevention System (NIPS) (B) Establishing a 24/7 Security Operations Center (SOC) (C) Creating a company-wide security policy (D) Implementing end-to-end data encryption Question 4. During a routine check, the IT department discovered that several employees had left their computers on and unattended during lunch break. Which operational security control can help mitigate the risk associated with this behavior? (A) Implementing biometric authentication (B) Enforcing a strict password policy (C) Deploying an automatic screen lock after inactivity (D) Implementing a secure coding practice Question 5. An art gallery wants to deploy a security solution to detect movement in an open courtyard that features several sculptures. This space has varying temperature conditions, which might cause false alarms in some motion detection technologies. Which type of sensor would be MOST appropriate to ensure consistent motion detection in such conditions? (A) Thermal imaging sensors (B) Pressure-sensitive mats (C) Ultrasonic detectors (D) Microwave motion detectors Question 6. A company’s primary security control for accessing secure server rooms is a biometric fingerprint scanner. 12 However, the scanner occasionally malfunctions in high humidity. The security team is considering an alternative solution to grant access when the primary method fails. Which of the following would be the MOST appropriate compensating control? (A) Implementing a security token-based authentication system (B) Employing security guards at the main entrance (C) Installing security cameras inside the server room (D) Conducting regular server room audits Question 7. A financial institution wants to ensure that customers are aware of the bank’s policies on information sharing and how their personal data is used. Which of the following security controls would BEST communicate this to customers? (A) Implementing end-to-end encryption for online transactions (B) Publishing a privacy policy on the bank's website (C) Conducting annual cybersecurity awareness training for employees (D) Using multi-factor authentication for online banking Question 8. A large financial organization wants to ensure that all employees understand the importance of cybersecurity and the role they play in safeguarding company assets. Which of the following managerial security controls will be MOST effective in achieving this? (A) Installing a firewall at the network perimeter (B) Regular security awareness training for employees 13 (C) Deploying an Intrusion Detection System (IDS) (D) Encrypting all company data Question 9. A company has faced multiple instances of unauthorized individuals gaining access to their office premises. Which of the following preventive security controls would be MOST effective in preventing unauthorized physical access? (A) Implementing a log monitoring solution for network traffic (B) Installing video surveillance cameras at all entry and exit points (C) Conducting regular security awareness training for employees (D) Implementing a multi-factor authentication system for network access. Question 10. TechVault, a company specializing in secure storage solutions, recently had an unauthorized intrusion where a burglar managed to bypass their motion sensors. In a bid to prevent future breaches, they are considering deploying a system that can detect weight changes in a restricted floor area to alert any unauthorized access. Which of the following would be BEST for this requirement? (A) Ultrasonic motion detectors (B) Pressure-sensitive floor mats (C) CCTV cameras with facial recognition (D) Glass break sensors Question 11. A system administrator is setting up an authentication system for a new web application. Which of the following security controls falls under the technical category 14 and ensures that users prove their identity before gaining access? (A) Implementing a security awareness training program (B) Conducting a background check for new employees (C) Using multi-factor authentication (D) Establishing a clean desk policy Question 12. An e-commerce company has experienced a Distributed Denial of Service (DDoS) attack, which caused its website to become inaccessible for several hours. To mitigate the impact of such attacks in the future, which of the following would be the BEST corrective control to implement? (A) Displaying a seal for third-party security certifications on the website (B) Establishing a Web Application Firewall (WAF) with DDoS protection (C) Conducting routine vulnerability assessments on the website (D) Implementing strong password policies for website administrators Question 13. GreenTech Industries has a manufacturing facility located in a relatively secluded area. Recent incidents of theft and trespassing have alarmed the management. Which of the following would MOST effectively deter unauthorized nighttime access to the perimeter of the facility? (A) Installing infrared sensors (B) Using bright perimeter lighting (C) Deploying additional security guards inside the facility (D) Increasing the height of the facility walls 15 Question 14. While conducting a routine security review, Jake, a security specialist, discovers an unexpected piece of data placed in the organization’s financial system. Upon asking, he learns that this piece of data is intentionally placed and monitored to see if any unauthorized user or system interacts with it. What is this deceptive piece of data known as? (A) Honeystring (B) Honeytoken (C) Canary token (D) Security marker Question 15. An organization is deploying new IoT devices in its smart office. To ensure that only authorized devices can connect to the corporate network, each device will be given a unique key pair. Which of the following best describes the system authentication approach the organization is using? (A) Shared secret authentication (B) Public key infrastructure (PKI) (C) Token-based authentication (D) Username and password authentication Question 16. In the new branch of BankSecure, the management has decided to install a security system at the main entrance that forces visitors to go through two separate authorization checks before entering the main premises. Which physical security measure should they consider? (A) Turnstiles (B) Security Guards (C) Access Control Vestibule (D) Keycard Readers 16 Question 17. The IT department wants to monitor network traffic in real time to detect any anomalies or malicious activities. Which of the following security controls can accomplish this? (A) Security policy documentation (B) Intrusion Detection System (IDS) (C) Employee code of conduct (D) Access Control Lists (ACL) Question 18. Jenna, a web administrator for a growing online retail business, is in the process of obtaining SSL certificates for the company’s domain. The company uses several subdomains for different services, such as shop.example.com, blog.example.com, and support.example.com. Instead of obtaining individual certificates for each subdomain, Jenna wants to use one certificate. What type of certificate should Jenna pursue? (A) Extended Validation Certificate (B) Wildcard Certificate (C) Certificate with Subject Alternative Names (SAN) (D) Code Signing Certificate Question 19. At a newly established museum, management wants to install sensors in the exhibit rooms to detect any unauthorized movement after hours. The rooms are often filled with a mix of air conditioning and external noise from the city. Which sensor would be BEST suited to detect movement in such conditions without being affected by the noise? (A) Acoustic sensors (B) Glass break detectors 17 (C) Ultrasonic sensors (D) Thermal imaging cameras Question 20. A company is setting up a secure communication channel between its headquarters and a remote branch office. To ensure that data transmitted over this channel originates from a legitimate system at the branch office, the company is considering using digital certificates. Which authentication method for systems is the company contemplating? (A) Kerberos authentication (B) Password-based authentication (C) Certificate-based authentication (D) Biometric-based authentication Question 21. A financial institution has experienced an uptick in unauthorized transactions. They want to implement a control that will allow them to identify suspicious transactions in real- time. Which of the following would be the BEST detective control for this scenario? (A) Implementing a multi-factor authentication system for all users (B) Establishing a Security Operations Center (SOC) to monitor network traffic (C) Installing an Intrusion Detection System (IDS) on their network (D) Restricting transaction capabilities to only a few trusted IP addresses. Question 22. TechHaus has recently experienced multiple security breaches where unauthorized personnel have managed to infiltrate their server rooms after hours. To enhance security 18 measures, the company decided to deploy a new system. Which of the following options would BEST detect human intruders based on their body heat even in complete darkness? (A) Installing CCTV cameras with LED lights (B) Using ultrasonic motion sensors (C) Deploying infrared (IR) sensors (D) Implementing RFID badge readers at the entrance Question 23. After detecting an unauthorized intrusion into their network, a financial institution wants to implement a control that will restore compromised systems to a known good state. Which of the following would be the MOST appropriate corrective control? (A) Implementing Intrusion Detection Systems (IDS) across the network (B) Frequently updating firewall rules (C) Restoring systems from verified backups (D) Enabling multi-factor authentication for users Question 24. After a recent security breach, Sarah, a cybersecurity analyst, is implementing additional measures to detect unauthorized activities. She decides to embed specific values in the database that serve no real purpose but are monitored for any unauthorized access or usage. These values are designed to raise alerts if they are ever accessed or used. What are these specific values commonly referred to as? (A) Security flags (B) Honeypots (C) Honeytokens (D) Audit trails 19 Question 25. Bob receives an email prompting him to verify his identity by clicking on a link. The link directs him to a webpage where he has to provide his username, password, and answer a personal security question. What type of authentication method is being employed here? (A) Biometric authentication (B) Token-based authentication (C) Two-factor authentication (D) Single sign-on Question 26. In an effort to minimize data breaches from malware, a company is deciding on a control to prevent malicious software from being executed on company devices. Which of the following would be the BEST preventive control? (A) Deploying a Network Intrusion Detection System (NIDS) (B) Regularly backing up critical data (C) Installing an antivirus software with real-time scanning (D) Performing a forensic analysis after a security incident Question 27. After undergoing a major infrastructure upgrade, GlobalMed Corp experienced several unanticipated security issues. In retrospect, the IT manager realized they skipped an essential step in their change management process which could have predicted and mitigated these issues. What step did they most likely overlook? (A) Procurement of new hardware (B) Training of IT staff on the new systems (C) Impact analysis (D) Integration with legacy systems 20 Question 28. MegaCorp recently introduced a new web application for its customers. Before its release, the software underwent rigorous testing in a controlled environment. When the application was deployed in production, several security vulnerabilities were reported. Which of the following reasons can explain the mismatch between the test results and actual vulnerabilities? (A) The testing environment was an exact replica of the production environment (B) Test results were not thoroughly reviewed (C) The software was not tested for zero-day vulnerabilities (D) Penetration testing was done post-production Question 29. An online banking website employs a system that automatically logs out users after 10 minutes of inactivity to ensure that if a user forgets to log out, no one else can alter the user’s banking details. Which principle of the CIA triad is the banking website MOST directly addressing? (A) Confidentiality (B) Availability (C) Authentication (D) Integrity Question 30. A company is located in an area prone to natural disasters such as earthquakes and floods. Which of the following physical security controls would be MOST effective in ensuring the safety of the company’s IT infrastructure? (A) Using biometric authentication for server access (B) Deploying a firewall to protect against cyber threats (C) Establishing a raised floor system in the data center (D) Conducting penetration testing on a regular basis 21 Question 31. TechBank has just opened a new branch in the city center. Due to its location, the management is concerned about potential vehicular attacks on the facility. Which of the following physical security measures can TechBank employ to specifically deter such attacks? (A) Surveillance Cameras (B) Bollards (C) Access Badges (D) Security Guards Question 32. During a security assessment, Maria, a security consultant, identifies a self-signed certificate being used on a client’s public-facing web server. What is the PRIMARY security concern related to this finding? (A) The web server might be vulnerable to Distributed Denial of Service (DDoS) attacks (B) The certificate could be expired (C) Users cannot validate the authenticity of the website easily (D) The web server might not support modern encryption algorithms Question 33. TechFin Bank is considering implementing a new software system for their transaction processing. Before rolling it out, the cybersecurity team insists on carrying out a specific type of analysis to understand how this change might affect the organization’s security posture. What is the team referring to? (A) Risk appetite assessment (B) Performance benchmarking (C) Impact analysis (D) Penetration testing 22 Question 34. To discourage potential cybercriminals from targeting their online storefront, an e-commerce company is considering various security measures. Which of the following would act MOST effectively as a deterrent control? (A) Displaying a seal for third-party security certifications on the website (B) Using a Web Application Firewall (WAF) (C) Conducting monthly vulnerability assessments (D) Storing customer data in encrypted databases Question 35. The security team of a multinational company deployed a network of honeypots globally, making it appear as an interconnected and realistic environment. They aim to study coordinated multi-stage attacks. This deceptive setup is known as: (A) Firewall Cluster (B) Virtual LAN (VLAN) (C) Distributed Denial of Service (DDoS) Prevention (D) Honeynet Question 36. ExamsDigest Corp, a technology company, recently conducted a security assessment to align with industry best practices. The company’s current security posture was compared to its desired future state, revealing discrepancies. Which of the following best describes the approach ExamsDigest Corp employed? (A) Vulnerability Assessment (B) Penetration Testing (C) Gap Analysis (D) Threat Modeling 23 Question 37. A pharmaceutical company is concerned about competitors accessing their formula for a new drug. Which pillar of the CIA triad is MOST directly addressed by their concern? (A) Availability (B) Confidentiality (C) Integrity (D) Non-repudiation Question 38. FinCorp, a financial institution, has recently adopted a new security framework. In this framework, every device and user inside the organization’s network is treated as if they were outside the perimeter, necessitating rigorous verification processes even for internal requests. Which security paradigm has FinCorp implemented? (A) Demilitarized Zone (DMZ) (B) Network Segmentation (C) Intrusion Detection System (IDS) (D) Zero Trust Question 39. GreenValley Mall, located in a busy urban area, has recently faced security concerns due to the proximity of its main entrance to a major road. Which physical security enhancement can the mall management implement to create a protective barrier between the road and the entrance, ensuring pedestrian safety and preventing unauthorized vehicular access? (A) Reinforced Walls (B) Metal Detectors (C) Bollards (D) Perimeter Fencing 24 Question 40. A tech company, InnovateTech, has recently faced multiple incidents of unauthorized personnel trying to access their R&D labs. They wish to monitor and record all activities near the entrance of this sensitive area. Which physical security measure would be most effective for this requirement? (A) RFID Badge Readers (B) Biometric Scanners (C) Video Surveillance Cameras (D) Mantrap Question 41. A cybersecurity analyst at XYZ Corp is looking to deploy a system that appears to be vulnerable and enticing to attackers. The main goal is to study the tactics, techniques, and procedures (TTPs) of potential adversaries, without them realizing that they’re interacting with a decoy. Which of the following would BEST meet this requirement? (A) Intrusion Detection System (IDS) (B) Firewall (C) Honeypot (D) VPN Concentrator Question 42. A multinational organization recently experienced a significant security breach. After investigating, it was determined that a change to the network infrastructure was made without undergoing the standard approval process. As a result, there was a misconfiguration which allowed unauthorized access. What security principle related to change management did the organization neglect? (A) Configuration baseline reviews (B) Least privilege enforcement 25 (C) Approval process adherence (D) Patch management Question 43. After a series of cyber-attacks on a company’s infrastructure, the IT team decided to deploy a solution that would seem like a legitimate part of their network but is intentionally isolated and monitored. They intend to detect and analyze malicious activities in this isolated environment. What technology are they most likely implementing? (A) Network segmentation (B) Honeypot (C) DMZ (Demilitarized Zone) (D) Sandboxing Question 44. Liam, the CTO of a medium-sized enterprise, noticed that several software applications were not updated regularly, leading to potential security vulnerabilities. Upon investigation, he realized that no specific team or individual was assigned as the owner of these applications. To enhance security, what should Liam emphasize? (A) Immediate decommissioning of all unowned applications (B) Assignment of clear ownership to all business applications (C) Conducting monthly vulnerability assessments on all applications (D) Outsourcing the management of these applications to third-party vendors Question 45. TechSoft Corp, a mid-sized software development firm, is relocating its main office to a new building. The 26 management is concerned about potential threats after hours, particularly due to the increasing reports of cyber-espionage. They are evaluating different security measures. Which option would provide an immediate physical presence and deterrence during non-business hours? (A) CCTV with motion detection (B) Retinal scan at all entrances (C) Security guard presence (D) Reinforced doors and windows Question 46. Alice, a system administrator for a startup, is preparing to deploy a new website for her company. To ensure secure communications between the users and the website, she plans to obtain a digital certificate for the site. Before doing so, which step must Alice first undertake to get a certificate from a Certificate Authority (CA)? (A) Generate a public-private key pair (B) Submit her passport copy to the CA (C) Download the latest CA root certificate (D) Encrypt the website with symmetric encryption Question 47. Julia, a security administrator, is concerned about potential unauthorized access to confidential project files stored on a company server. She decides to place a document within the project folders that seems enticing but is actually monitored for access. This strategy aims to detect if someone is accessing files without authorization. What is this document commonly known as? (A) Salt file (B) Honeyfile 27 (C) Log file (D) Backup file Question 48. After a recent incident of vandalism, a corporate building is considering implementing security controls that would dissuade potential perpetrators. Which of the following would serve BEST as a deterrent control? (A) Encrypting all stored data (B) Installing biometric access controls on all entrances (C) Implementing regular data backups (D) Placing visible security signage indicating 24/7 surveillance Question 49. Alice wants to access a restricted online portal. The portal asks her to enter a unique username and a secret passphrase only she should know. This process helps the system ensure that Alice is who she claims to be. What security concept is the portal employing? (A) Authorization (B) Accounting (C) Multifactor authentication (D) Authentication Question 50. Sophia, the cybersecurity lead at XYZ Corp, is in the process of drafting a new security policy. During the drafting process, she primarily consults with her security team. However, upon implementation, several departments pushed back due to the policy interfering with their operations. Which best describes the misstep Sophia made during the policy creation process? (A) Not using a standardized security framework 28 (B) Over-reliance on automated security solutions (C) Not including key stakeholders in the policy drafting process (D) Focusing too much on external threats rather than internal ones Question 51. BioGen Inc., a biotechnology company, has implemented a layered security approach. They are considering adding a human element to their security measures for their research labs. Which of the following would best provide the ability to evaluate and respond to various security situations with human judgment? (A) Installing biometric locks (B) Employing security guards (C) Implementing an access control vestibule (D) Deploying AI-driven security cameras Question 52. While analyzing server logs, Mike, an IT security analyst, noticed that an unfamiliar document was frequently accessed. Upon investigation, he realized that this document was deliberately placed by the security team and had no real data but was closely monitored. The purpose of this file is MOST likely: (A) To serve as a redundancy copy in case of data loss (B) To act as a decoy to attract and detect unauthorized access (C) To maintain a record of all user activities for auditing (D) To be encrypted and sent to clients as a sample Question 53. DataCenter Inc. is located in a region prone to protests and vandalism. They wish to enhance their perimeter 29 security to deter potential intruders and make it visibly clear that unauthorized access is restricted. Which of the following physical security measures would be the most effective first line of defense for the company? (A) Sliding Doors (B) Security Cameras (C) High-security Fencing (D) Proximity Card Readers Question 54. SecureTech Corp, a company dealing with sensitive client data, is redesigning its main office entrance to enhance security. They want to ensure that only one person gains access at a time, even if multiple people try to enter using a single authorized access badge. Which of the following would best serve this purpose? (A) CCTV Cameras (B) Mantrap (C) Biometric Scanners (D) Motion Detectors Question 55. While setting up a new internal web application, Laura, a system administrator, decides to use a digital certificate for SSL/TLS encryption. Due to budget constraints, she can’t procure a certificate from a commercial Certificate Authority (CA). Which of the following would be a viable option for Laura to secure the application? (A) Rely on plaintext HTTP for the application (B) Obtain a certificate from a free Certificate Authority (C) Generate a self-signed certificate (D) Use a shared certificate from another application 30 Question 56. A network administrator has received a new security patch for a mission-critical application. Which of the following is the BEST action to take before applying this patch in the live environment? (A) Apply the patch immediately to ensure system security (B) Notify all users about the upcoming downtime due to the patch (C) Test the patch in a separate testing environment (D) Take a backup of only the mission-critical application Question 57. After implementing a major security update to its database system, TechCo experienced unexpected downtime and system incompatibilities. The CISO wants to ensure that such incidents can be quickly addressed in the future. Which of the following should TechCo have had in place before deploying the update to mitigate the impact of these kinds of incidents? (A) A comprehensive list of all updates (B) An automated system recovery tool (C) A backout plan (D) A detailed user manual for the update Question 58. A financial institution processes thousands of credit card transactions daily. To ensure the security and integrity of these transactions, the security officer wants to employ a solution that will safely manage and store cryptographic keys. Which of the following would be the MOST suitable solution? (A) Trusted Platform Module (TPM) (B) Full Disk Encryption (FDE) 31 (C) Hardware Security Module (HSM) (D) Software Key Repository Question 59. During the setup of a secure communication channel, Alice and Bob need to agree upon a shared secret key without sending the key directly to each other, as they fear eavesdropping. Which protocol would best facilitate this requirement? (A) RSA (B) HMAC (C) Diffie-Hellman (D) AES Question 60. A company is developing a new video conferencing tool. They want to make sure that all video and audio data transmitted between participants are encrypted and protected from eavesdropping. Which type of encryption should the developers implement to achieve this? (A) Endpoint Encryption (B) Transport-layer Encryption (C) Volume-level Encryption (D) Database-level EncryptionAccess Control Question 61. After a significant cybersecurity incident, ABC Tech revamped its incident response procedures. However, the documentation was not updated to reflect these changes. During a subsequent minor incident, there was confusion regarding the steps to be followed. Which of the following is the MOST direct implication of not updating the incident response documentation? (A) The company may have to invest in new cybersecurity 32 tools (B) Stakeholders might lose trust in the company’s ability to handle incidents (C) Incident response might be inconsistent and less effective (D) ABC Tech may have to hire external consultants for incident response Question 62. A financial organization is considering implementing a system that allows all users to view all transactions, but once a transaction is recorded, it cannot be altered or deleted. They want this transparency to foster trust among their users. Which of the following would best meet this requirement? (A) Digital certificate (B) Open public ledger (C) Symmetric encryption (D) Secure file transfer protocol Question 63. A company is implementing a system to ensure that code released to production is both unaltered and approved by a specific team member. Which of the following cryptographic techniques should they implement? (A) Symmetric encryption of the code (B) Hashing the code with SHA-256 (C) Encrypting the code with the team member's public key (D) Digital signature by the team member Question 64. Your company has recently deployed an update to its CRM application. Post-update, users are experiencing connectivity issues. As a security administrator, which of the 33 following steps should you take FIRST to address the connectivity problem without causing data loss? (A) Restart the application immediately (B) Disconnect all users and then restart the application (C) Validate the update's integrity and then restart the application (D) Reinstall the previous version of the CRM application Question 65. TechDynamics, a growing tech startup, plans to scale its operations and serve a global clientele. Given that their client base operates in multiple time zones, when should TechDynamics schedule their system maintenance to ensure minimal disruption? (A) During the busiest hours for their headquarters' local time (B) Staggered based on the peak hours of their global clients (C) Only when a system breakdown occurs (D) Establish a consistent maintenance window during off- peak hours for the majority of their clientele Question 66. During an IT audit, a company’s encryption practices come under scrutiny. The IT auditor recommends increasing the encryption key length for certain applications to improve security. What is the PRIMARY reason to increase the encryption key length? (A) To speed up encryption and decryption processes (B) To ensure compatibility with older systems (C) To reduce the possibility of a brute force attack (D) To reduce the key management overhead 34 Question 67. Sarah is working on a project where she needs to validate the integrity and authenticity of assets over time, without a centralized authority. Which technology would be most appropriate for this use case? (A) Digital signature (B) Key escrow (C) Blockchain (D) Key management system Question 68. A graphic design company frequently works with large files such as videos and high-resolution images. These files are stored on a dedicated storage volume in their server. While they need to secure this data, they don’t want to encrypt individual files due to the volume of data and frequent access needs. Which encryption approach is most appropriate for this scenario? (A) File-level Encryption (B) Full-disk Encryption (C) Transport-layer Encryption (D) Volume-level Encryption Question 69. An e-commerce company stores millions of customer transaction records in their primary database. They have decided to enhance their security posture by applying encryption to protect sensitive data. However, they don’t want to encrypt the entire server storage, just the data within the database. Which encryption approach should the company adopt to meet their objective? (A) Full-disk Encryption (B) File-level Encryption 35 (C) Volume-level Encryption (D) Database-level Encryption Question 70. Your organization plans to upgrade its database system. To maintain security during this process, which of the following actions should be RESTRICTED until the upgrade is validated? (A) Monitoring the database for any anomalies (B) Allowing end-users to access the upgraded database (C) Making regular backups of the database (D) Reviewing the database system logs Question 71. A journalist wants to send a confidential message to her editor without raising suspicion. Instead of sending a coded or encrypted text, she embeds the message within a harmless-looking photograph. What method is she employing to keep the message concealed? (A) Digital signature (B) Tunneling (C) Steganography (D) Chaining Question 72. A security administrator needs to apply a configuration change to a critical service, requiring a service restart. Before initiating the restart, which of the following steps is MOST important to ensure continuous service availability? (A) Implement automatic service restart on failure (B) Announce the restart to all company employees (C) Schedule the restart during off-peak hours (D) Take a backup of the current service configuration 36 Question 73. A security analyst at DataCorp is tasked with preventing unauthorized external applications from connecting to their server. Which approach should the analyst primarily rely on to achieve this? (A) Implement an allow list for approved applications (B) Monitor server CPU usage (C) Regularly patch server software (D) Encrypt data at rest on the server Question 74. Alice needs to provide proof of the authenticity of a digital document she’s sending to Bob. Which of the following cryptographic elements should Alice use to accomplish this task and ensure Bob knows the document came from her? (A) Encrypt the document with Bob's private key (B) Encrypt the document with her public key (C) Sign the document with her private key (D) Sign the document with Bob's public key Question 75. Carla, a security analyst, receives an alert that one of the company’s server certificates may have been exposed in a recent data breach. What is the most immediate action Carla should take to ensure that the exposed certificate cannot be used maliciously? (A) Request a new certificate from the CA (B) Update the company firewall rules (C) Add the certificate to the Certificate revocation list (CRL) (D) Perform a vulnerability assessment on the server 37 Question 76. A database administrator is concerned about identical hashes being produced for users who select the same password. To mitigate this risk, what cryptographic technique should the administrator implement? (A) Digital signature (B) Salting (C) Key stretching (D) Symmetric encryption Question 77. An online retailer is considering various methods to protect its customers’ credit card information. Instead of storing the actual credit card numbers in their database, they opt for a solution that replaces the numbers with unrelated, random values. What is this method called? (A) Symmetric encryption (B) Digital watermarking (C) Hashing (D) Tokenization Question 78. During a scheduled maintenance window, a security administrator plans to apply a critical update to the company’s firewall. Which of the following actions is MOST crucial to ensure minimized downtime during this process? (A) Notifying the firewall vendor about the update (B) Disabling all firewall rules temporarily (C) Creating a rollback plan in case of update failure (D) Scheduling the update during peak business hours Question 79. A security administrator is considering a cryptographic solution for protecting data in transit between two servers located in the same data center. The primary goal is to 38 ensure speed and efficiency in encryption and decryption processes. Which type of encryption would best meet this requirement? (A) Asymmetric encryption using RSA (B) Symmetric encryption using AES (C) Hybrid encryption using a combination of RSA and AES (D) Asymmetric encryption using ECC Question 80. A software developer wants to store user passwords in a way that even if the database is compromised, attackers would not be able to retrieve the original passwords. What technique should the developer use to achieve this? (A) Symmetric encryption (B) Digital signing (C) Hashing (D) Steganography Question 81. A software development company is working on a mobile banking application. They want to ensure that sensitive operations like cryptographic processes and biometric data validation are isolated from the main operating system to prevent potential tampering. Which tool should they consider implementing to achieve this objective? (A) Hardware Security Module (HSM) (B) Key Management System (KMS) (C) Secure enclave (D) Trusted Platform Module (TPM) Question 82. A web server hosting the company’s e-commerce site is set for an OS upgrade. The upgrade is expected to last 30 39 minutes. What should be a primary consideration to minimize customer impact due to potential downtime? (A) Implementing a load balancer (B) Taking a backup of the e-commerce site (C) Posting a maintenance notice a week in advance (D) Upgrading the server's hardware Question 83. A project manager is working on a new product launch and has documents with sensitive financial projections on her local computer. She occasionally shares these documents with select board members via email. While she wants to keep the financial documents secure, she doesn’t want to encrypt all the data on her computer. Which encryption approach should she utilize? (A) Full-disk Encryption (B) Transport-layer Encryption (C) File-level Encryption (D) Partition Encryption Question 84. A security analyst is evaluating security enhancements for a series of laptops that will store highly confidential data. The analyst wants to ensure that stored data remains encrypted and the integrity of the boot process is maintained. Which of the following would BEST meet this requirement? (A) Installing antivirus software on each laptop (B) Enabling a software-based full-disk encryption (C) Implementing a BIOS password (D) Utilizing a Trusted Platform Module (TPM) 40 Question 85. A large e-commerce company is deploying a new online payment system. The Chief Information Security Officer (CISO) is concerned about the security of cryptographic keys and wants to ensure they are protected from potential theft or compromise. Which tool should the CISO implement to provide the HIGHEST level of security for these keys? (A) Password vault (B) Software-based key storage (C) Hardware Security Module (HSM) (D) Cloud-based encryption service Question 86. Sarah, a security analyst, is concerned about potential man-in-the-middle attacks on the company’s internal portal. To mitigate this risk, she recommends obtaining a digital certificate from a trusted entity. Which of the following is responsible for issuing such certificates? (A) Key distribution center (B) Certificate authority (CA) (C) Tokenization system (D) Security incident event manager Question 87. A financial institution is looking to adopt an encryption algorithm for its transactions that is considered to be very secure due to its longer key length, compared to older standards. Which encryption algorithm best fits this description? (A) DES (B) Blowfish (C) RSA (D) AES-256 41 Question 88. Alice receives an email from Bob with an attached document. She wants to verify both the authenticity of the sender and the integrity of the attached document. Which of the following should Bob have used before sending the email? (A) Encrypt the document with his private key (B) Hash the document (C) Encrypt the document with Alice's public key (D) Sign the document with his private key Question 89. During a critical financial quarter, GlobalFin Corp experienced unexpected outages during peak business hours due to system maintenance, impacting its operations significantly. To prevent such occurrences in the future, what should GlobalFin Corp implement regarding their maintenance activities? (A) Conduct maintenance activities randomly to avoid predictability (B) Implement maintenance activities during peak business hours (C) Establish designated maintenance windows (D) Reduce the frequency of maintenance activities Question 90. A financial institution wants to securely transfer transaction data between its main office and a branch office. The data should be encrypted while in transit to prevent any interception and unauthorized access. Which encryption solution is most suitable for securing the data during transport? (A) Database-level Encryption (B) Full-disk Encryption (C) Transport-layer Encryption (D) File-level Encryption 42 Question 91. After a recent software update, a company’s intranet portal has been inaccessible to a few employees. The IT team suspects it could be due to network filtering rules. What should the IT team review to confirm their suspicions? (A) The content filtering policies (B) The malware detection logs (C) The allow list/deny list configurations (D) The network bandwidth utilization graphs Question 92. A user wants to send a confidential email to their colleague and ensure that only the intended recipient can read it. The user also wants to provide assurance to the recipient that the email was indeed sent by them. Which encryption method should the user employ to accomplish this? (A) Use symmetric encryption with a shared key (B) Use asymmetric encryption and encrypt the email with the recipient's public key (C) Use asymmetric encryption, encrypt the email with the user's private key (D) Use asymmetric encryption, first sign the email with the user's private key, then encrypt it with the recipient's public key Question 93. A user, Amy, wants to securely send a confidential document to her colleague, Bob. Amy decides to encrypt the document to ensure its confidentiality. Which of the following should Amy use to encrypt the document, ensuring only Bob can decrypt it? (A) Amy's private key (B) Amy's public key (C) Bob's private key (D) Bob's public key 43 Question 94. A cybersecurity analyst is investigating a suspicious image file received via email. Upon closer examination, the analyst suspects that the image might be carrying hidden data because the file size is unusually large. Which technique might the sender have used to embed secret information within the image? (A) Symmetric encryption (B) Digital watermarking (C) Steganography (D) Hashing Question 95. A company is preparing to roll out a new infrastructure deployment for its internal network. They have a server that will store both highly confidential customer information and non-sensitive marketing material. The IT department wants to ensure that only the confidential data is encrypted, while the marketing data remains easily accessible. Which level of encryption would be most suitable for this scenario? (A) File-level Encryption (B) Full-disk Encryption (C) Partition Encryption (D) Transport-layer Encryption Question 96. Sarah, a cybersecurity analyst, receives a report that a company laptop was stolen from an employee’s car. The laptop contained sensitive financial data. Sarah checked the company’s security configurations and found that the laptop was equipped with full-disk encryption. How does this impact the potential data breach situation? (A) The data remains easily accessible, as only the boot 44 sector was encrypted (B) The data is protected, as the entire hard drive's contents are encrypted (C) The data is partially encrypted, with only the user directories protected (D) The data is vulnerable since full-disk encryption only applies when the laptop is connected to the company network Question 97. A university’s IT department provides access to its student records for training purposes to new hires. To protect student identities, they replace the real names and social security numbers with fictitious ones while maintaining the database’s original format. Which technique is the IT department utilizing? (A) Digital signing (B) Data masking (C) Steganography (D) Data deduplication Question 98. A company is looking for a cryptographic solution that provides an immutable and transparent record of all transactions in a distributed ledger system. Which of the following would BEST meet this requirement? (A) Symmetric key algorithm (B) Public key infrastructure (C) Blockchain (D) Digital watermark Question 99. An IT manager is considering solutions to protect data stored on the laptops provided to remote employees. The primary concern is to ensure that the entire content of the 45 laptop’s storage drive is unreadable if a laptop is lost or stolen. Which encryption level would best address this concern? (A) File-level Encryption (B) Transport-layer Encryption (C) Full-disk Encryption (D) Database-level Encryption Question 100. The finance department at a large firm still relies on a legacy application for their quarterly reporting. This application is known to have some security flaws, but due to its critical nature, it cannot be easily replaced. How can the firm BEST mitigate the risks associated with this application? (A) Train the finance team about the latest cybersecurity threats (B) Run the legacy application on the latest hardware to improve performance (C) Place the legacy application behind a web application firewall (WAF) (D) Frequently change the passwords of users who have access to the application Question 101. A multinational corporation is concerned about the possibility of losing access to encrypted data due to the loss or compromise of private keys. They’ve approached a third- party organization for a solution. Which of the following is a system that allows the third party to securely hold a copy of the corporation’s cryptographic keys to ensure data recoverability? (A) Public Key Repository (B) Key Generation Center (C) Key Escrow (D) Key Renewal Service 46 Question 102. A financial institution plans to provide access to its database for third-party developers to create new applications. However, they want to ensure that the developers do not see the actual data but instead work with a disguised version that retains the data’s original structure. What technique is the financial institution considering? (A) Tokenization (B) Data masking (C) Encryption (D) Digital watermarking Question 103. NexTech, a cloud-based software company, recently faced a security breach due to inconsistent practices among its system administrators. To avoid such inconsistencies in the future, what should NexTech emphasize in its operations? (A) Rely on system administrators to develop their personal methods (B) Mandate frequent system reboots (C) Implement Standard Operating Procedures (SOPs) for all technical operations (D) Conduct random security audits without notifying administrators Question 104. After a series of system enhancements, a financial organization decided to use a manual method of documenting changes in separate files rather than implementing a version control system. During an audit, the cybersecurity team struggled to determine which version of a critical system file was the most recent and accurate. What is the PRIMARY risk of not implementing version control for such documentation? 47 (A) Increased storage requirements for multiple files (B) Difficulty in collaborating between team members (C) Lack of traceability and difficulty in reverting to a known stable state (D) Greater need for training staff on manual documentation Question 105. During a security audit, it was found that an application was using plain hashes for storing passwords. The security team recommended a method that involves using the original password along with a salt and then rehashing it multiple times. What is this method known as? (A) Key clustering (B) Rainbow table prevention (C) Key rotation (D) Key stretching Question 106. During a routine update, a web server application requires a restart. What should the administrator do FIRST to ensure client connections aren’t abruptly terminated during the restart? (A) Redirect incoming traffic to a backup server (B) Increase the server's memory (C) Manually terminate all active client sessions (D) Check for available patches for the application Question 107. Carlos is responsible for managing IT services for a university. The university has numerous departments, each with its subdomain, like arts.university.com, science.university.com, and sports.university.com. Carlos wants a solution that ensures HTTPS security while being cost- effective. However, he’s wary of potential risks. What might be 48 a drawback of using a Wildcard Certificate for the university’s subdomains? (A) It can secure only one subdomain (B) If compromised, all subdomains are at risk (C) It only validates the domain ownership, not the organization's identity (D) It's the most expensive certificate available Question 108. Your organization is preparing to upgrade a database server that supports an e-commerce application. A review of the change management documentation has revealed that multiple applications rely on this particular database server for various functionalities. Which of the following steps should be taken FIRST to ensure a smooth upgrade process without disruptions? (A) Upgrade the database server immediately to benefit from new features (B) Perform a backup of the database server (C) Identify and test all applications that have dependencies on the database server (D) Inform users about potential downtime during the upgrade Question 109. After a recent data breach, a multinational corporation is evaluating its cryptographic practices. The Chief Security Officer (CSO) determines that the manual management of cryptographic keys has become too complex due to the scale of the operations. Which tool would BEST address the CSO’s concern while ensuring robust security practices? (A) Password Management System (B) Secure File Transfer Protocol (SFTP) 49 (C) Trusted Platform Module (TPM) (D) Key Management System (KMS) Question 110. During a quarterly review, the IT team at a logistics company decided to change the configuration of their load balancers to better distribute traffic among their servers. After the change, a series of technical issues emerged, affecting customer-facing applications. When troubleshooting the issue, it was discovered that the network diagrams had not been updated to reflect the new changes. What is the MAJOR consequence of not having updated diagrams in such a scenario? (A) The servers might need a hardware upgrade (B) The company might need to revert to the old load balancer configuration (C) It increases the time and complexity of troubleshooting (D) Customers might prefer other logistics companies 50 Answers 1-110 Question 1. A client disputes having signed a digital contract. The service provider needs to prove that the signature was indeed from the client and hasn’t been tampered with. Which of the following security concepts is the service provider relying on? (A) Authentication (B) Confidentiality (C) Non-repudiation (D) Access Control Explanation 1. Correct Answer: C. Non-repudiation. Non- repudiation ensures that a party in a dispute cannot deny the authenticity of their actions. In this scenario, it would provide evidence that the client did sign the contract and that it hasn’t been tampered with post-signature. Option A is incorrect. Authentication confirms the identity of a user or system. While it plays a part in ensuring that the right person is accessing the system, it doesn’t directly provide evidence about the actions post-authentication, like signing a contract. Option B is incorrect. Confidentiality ensures that information is only accessible to those with the appropriate permissions. It doesn’t provide evidence of an action being taken by a specific entity. 51 Option D is incorrect. Access Control determines who or what can view or use resources in a computing environment. It doesn’t ensure the validity of actions taken within the system. Question 2. Carlos, an IT consultant, advises a startup company on cybersecurity best practices. The company plans to launch several microsites under various subdomains. They want a solution that is cost-effective but also ensures that the sites are validated by a third-party. What type of certificate should Carlos recommend? (A) A separate self-signed certificate for each microsite (B) An individual third-party certificate for each subdomain (C) A third-party wildcard certificate (D) An EV certificate issued by an internal CA Explanation 2. Correct Answer: C. A third-party wildcard certificate. A third-party wildcard certificate allows an organization to secure multiple subdomains with a single certificate. It’s cost-effective as the company doesn’t need to purchase and manage separate certificates for each subdomain, and because it’s issued by a third-party Certificate Authority, it provides validation for external users. Option A is incorrect. Self-signed certificates won’t provide third-party validation, which could result in trust issues for external users. Option B is incorrect. While individual third-party certificates for each subdomain will provide third-party validation, this approach would not be as cost-effective as a wildcard certificate. 52 Option D is incorrect. An EV certificate provides high assurance, but one issued by an internal CA will not be inherently trusted by external users. Question 3. A company wants to ensure that security incidents are detected and addressed as quickly as possible by on-duty personnel. Which of the following operational security controls would be BEST to implement for this purpose? (A) Deploying a Network Intrusion Prevention System (NIPS) (B) Establishing a 24/7 Security Operations Center (SOC) (C) Creating a company-wide security policy (D) Implementing end-to-end data encryption Explanation 3. Correct Answer: B. Establishing a 24/7 Security Operations Center (SOC). A Security Operations Center (SOC) is an operational control that provides real-time monitoring, detection, and response to security incidents. With a 24/7 SOC, the company ensures that there is always personnel available to handle security incidents as they occur. Option A is incorrect. Deploying a Network Intrusion Prevention System (NIPS) is a technical control. While it can prevent unauthorized activities on the network, it does not ensure that there is personnel available around the clock to address incidents. Option C is incorrect. Creating a company-wide security policy is a managerial control. It sets the guidelines and 53 procedures for security but does not ensure continuous monitoring and immediate response to incidents. Option D is incorrect. Implementing end-to-end data encryption is a technical control that ensures data confidentiality. While it protects data, it does not ensure that incidents are detected and addressed by on-duty personnel in real-time. Question 4. During a routine check, the IT department discovered that several employees had left their computers on and unattended during lunch break. Which operational security control can help mitigate the risk associated with this behavior? (A) Implementing biometric authentication (B) Enforcing a strict password policy (C) Deploying an automatic screen lock after inactivity (D) Implementing a secure coding practice Explanation 4. Correct Answer: C. Deploying an automatic screen lock after inactivity. Deploying an automatic screen lock after a certain period of inactivity is an operational control. It ensures that unattended devices are protected from unauthorized access, thereby mitigating risks associated with employees leaving their computers on and unattended. Option A is incorrect. Implementing biometric authentication is a technical control. While it enhances security at the point of access, it doesn’t ensure that active sessions on unattended devices are secured against unauthorized access. 54 Option B is incorrect. Enforcing a strict password policy is a managerial control that dictates the creation and use of strong passwords. While it enhances access security, it doesn’t secure active sessions on unattended devices. Option D is incorrect. Implementing a secure coding practice is a technical and sometimes managerial control. It ensures software is written to prevent vulnerabilities but doesn’t directly address the risk of unattended computers. Question 5. An art gallery wants to deploy a security solution to detect movement in an open courtyard that features several sculptures. This space has varying temperature conditions, which might cause false alarms in some motion detection technologies. Which type of sensor would be MOST appropriate to ensure consistent motion detection in such conditions? (A) Thermal imaging sensors (B) Pressure-sensitive mats (C) Ultrasonic detectors (D) Microwave motion detectors Explanation 5. Correct Answer: D. Microwave motion detectors. Microwave motion detectors are suitable for open areas and are less affected by temperature changes. They emit microwave beams to create an invisible detection zone and can consistently detect motion when an object interrupts this zone, irrespective of the ambient temperature. Option A is incorrect. Thermal imaging sensors detect variations in heat. While they can be effective, the varying 55 temperature conditions in the courtyard may cause inconsistencies in detection. Option B is incorrect. Pressure-sensitive mats are designed to detect weight or pressure changes when stepped on. They would not be suitable for an open courtyard where movement needs to be detected across a larger area. Option C is incorrect. Ultrasonic detectors emit sound waves to detect motion. However, they might also be affected by external environmental factors and are not as suitable for open courtyards as microwave motion detectors. Question 6. A company’s primary security control for accessing secure server rooms is a biometric fingerprint scanner. However, the scanner occasionally malfunctions in high humidity. The security team is considering an alternative solution to grant access when the primary method fails. Which of the following would be the MOST appropriate compensating control? (A) Implementing a security token-based authentication system (B) Employing security guards at the main entrance (C) Installing security cameras inside the server room (D) Conducting regular server room audits Explanation 6. Correct Answer: A. Implementing a security token-based authentication system. A security token-based authentication system would act as an alternative method for verifying the identity of individuals when the primary control 56 (biometric fingerprint scanner) fails. This serves as a direct compensating control for access. Option B is incorrect. While security guards at the main entrance can provide an added layer of security, they aren’t a direct compensating control for a malfunctioning biometric system in a specific location like the server room. Option C is incorrect. While security cameras provide surveillance, they don’t act as an alternative method for granting or denying access to the server room. Option D is incorrect. Conducting regular server room audits is a detective control. It won’t provide real-time access or compensate for the malfunctioning fingerprint scanner. Question 7. A financial institution wants to ensure that customers are aware of the bank’s policies on information sharing and how their personal data is used. Which of the following security controls would BEST communicate this to customers? (A) Implementing end-to-end encryption for online transactions (B) Publishing a privacy policy on the bank's website (C) Conducting annual cybersecurity awareness training for employees (D) Using multi-factor authentication for online banking Explanation 7. Correct Answer: B. Publishing a privacy policy on the bank’s website. A privacy policy serves as a directive control as it informs customers about the bank’s 57 practices regarding the collection, use, and sharing of their personal data. By reading the policy, customers understand their rights and the bank’s responsibilities. Option A is incorrect. While end-to-end encryption ensures the confidentiality of online transactions, it doesn’t inform customers about the bank’s policies on information sharing or how their data is used. Option C is incorrect. Annual cybersecurity awareness training is aimed at employees, not customers. It wouldn’t directly communicate the bank’s information-sharing policies to its customers. Option D is incorrect. Using multi-factor authentication improves the security of online banking by requiring multiple forms of verification. However, it doesn’t communicate to customers how their personal data is used or the bank’s information-sharing policies. Question 8. A large financial organization wants to ensure that all employees understand the importance of cybersecurity and the role they play in safeguarding company assets. Which of the following managerial security controls will be MOST effective in achieving this? (A) Installing a firewall at the network perimeter (B) Regular security awareness training for employees (C) Deploying an Intrusion Detection System (IDS) (D) Encrypting all company data 58 Explanation 8. Correct Answer: B. Regular security awareness training for employees. Security awareness training is a managerial control aiming to educate employees about security risks and the necessary precautions they need to take. By regularly training employees, the organization ensures that all staff are aware of potential threats and their roles in cybersecurity. Option A is incorrect. Installing a firewall is a technical control focused on preventing unauthorized access to or from a private network. While it protects the network, it doesn’t directly educate employees about their roles in cybersecurity. Option C is incorrect. Deploying an Intrusion Detection System (IDS) is a technical control. It monitors network traffic for suspicious activities but does not directly focus on educating employees. Option D is incorrect. Encrypting company data is a technical control. While it ensures the confidentiality of data, it doesn’t address the employees’ knowledge or awareness regarding cybersecurity. Question 9. A company has faced multiple instances of unauthorized individuals gaining access to their office premises. Which of the following preventive security controls would be MOST effective in preventing unauthorized physical access? (A) Implementing a log monitoring solution for network traffic (B) Installing video surveillance cameras at all entry and exit points 59 (C) Conducting regular security awareness training for employees (D) Implementing a multi-factor authentication system for network access. Explanation 9. Correct Answer: B. Installing video surveillance cameras at all entry and exit points. Installing video surveillance cameras at all entry and exit points acts as a preventive control by deterring unauthorized individuals from attempting to gain access, given the increased risk of detection and recording. Option A is incorrect. Implementing a log monitoring solution is a detective control that provides insights into network activities but doesn’t prevent unauthorized physical access. Option C is incorrect. Conducting regular security awareness training is a preventive measure, but its main focus is on making employees aware of security risks and best practices, not directly preventing unauthorized physical access. Option D is incorrect. Implementing a multi-factor authentication system is a preventive control for unauthorized digital access but doesn’t address the prevention of unauthorized physical access. Question 10. TechVault, a company specializing in secure storage solutions, recently had an unauthorized intrusion where a burglar managed to bypass their motion sensors. In a bid to prevent future breaches, they are considering deploying a system that can detect weight changes in a restricted floor area 60 to alert any unauthorized access. Which of the following would be BEST for this requirement? (A) Ultrasonic motion detectors (B) Pressure-sensitive floor mats (C) CCTV cameras with facial recognition (D) Glass break sensors Explanation 10. Correct Answer: B. Pressure-sensitive floor mats. Pressure-sensitive floor mats are designed to detect weight changes or pressure when stepped on. This makes them an effective solution for monitoring restricted areas and alerting unauthorized access based on weight detection. Option A is incorrect. Ultrasonic motion detectors use sound waves to detect motion in an area but do not measure weight or pressure. Option C is incorrect. CCTV cameras with facial recognition provide visual surveillance and can identify individuals, but they don’t detect weight changes on the floor. Option D is incorrect. Glass break sensors detect the sound of breaking glass and are primarily used for windows and glass doors, not for detecting pressure or weight changes on a floor. Question 11. A system administrator is setting up an authentication system for a new web application. Which of the following security controls falls under the technical category and ensures that users prove their identity before gaining access? (A) Implementing a security awareness training program 61 (B) Conducting a background check for new employees (C) Using multi-factor authentication (D) Establishing a clean desk policy Explanation 11. Correct Answer: C. Using multi-factor authentication. Multi-factor authentication is a technical control that requires users to present two or more pieces of evidence (factors) before gaining access. It provides an additional layer of security to ensure that users are who they say they are. Option A is incorrect. Implementing a security awareness training program is an administrative control, as it involves educating employees on security best practices rather than using technical measures to enforce them. Option B is incorrect. Conducting a background check is an administrative control as it involves vetting potential employees before they’re hired. This process doesn’t directly enforce technical measures on systems or networks. Option D is incorrect. Establishing a clean desk policy is an administrative control. It sets a guideline for employees to keep their workspaces tidy and free of sensitive information, rather than enforcing technical measures. Question 12. An e-commerce company has experienced a Distributed Denial of Service (DDoS) attack, which caused its website to become inaccessible for several hours. To mitigate the impact of such attacks in the future, which of the following would be the BEST corrective control to implement? 62 (A) Displaying a seal for third-party security certifications on the website (B) Establishing a Web Application Firewall (WAF) with DDoS protection (C) Conducting routine vulnerability assessments on the website (D) Implementing strong password policies for website administrators Explanation 12. Correct Answer: B. Establishing a Web Application Firewall (WAF) with DDoS protection. A Web Application Firewall (WAF) with DDoS protection can identify and filter out malicious traffic associated with DDoS attacks. As a corrective control, it can help in mitigating the impact and restoring normal service during and after an attack. Option A is incorrect. Displaying a seal for third-party security certifications on the website acts as a deterrent by showing visitors and potential attackers that the site adheres to security standards. However, it does not mitigate or correct the effects of a DDoS attack. Option C is incorrect. Conducting routine vulnerability assessments is a detective control that helps in identifying weaknesses. While it’s essential for overall security, it doesn’t directly correct or mitigate the effects of a DDoS attack. Option D is incorrect. Implementing strong password policies for website administrators is a preventive control. It ensures that administrators’ accounts are secure, but it does not address or correct the issues caused by a DDoS attack. 63 Question 13. GreenTech Industries has a manufacturing facility located in a relatively secluded area. Recent incidents of theft and trespassing have alarmed the management. Which of the following would MOST effectively deter unauthorized nighttime access to the perimeter of the facility? (A) Installing infrared sensors (B) Using bright perimeter lighting (C) Deploying additional security guards inside the facility (D) Increasing the height of the facility walls Explanation 13. Correct Answer: B. Using bright perimeter lighting. Bright perimeter lighting acts as a strong deterrent for unauthorized individuals, as it reduces hiding spots, makes surveillance cameras more effective, and can make it easier for security personnel to spot potential threats. In secluded areas, proper lighting is particularly essential to illuminate dark spots and deter potential intruders. Option A is incorrect. While infrared sensors can detect movement, they do not act as a visible deterrent in the same way bright lighting does. Option C is incorrect. Deploying additional security guards inside the facility does not address the immediate concern of unauthorized nighttime access to the perimeter. Option D is incorrect. Increasing the height of the walls can act as a deterrent, but it doesn’t illuminate or expose potential intruders like bright lighting does. 64 Question 14. While conducting a routine security review, Jake, a security specialist, discovers an unexpected piece of data placed in the organization’s financial system. Upon asking, he learns that this piece of data is intentionally placed and monitored to see if any unauthorized user or system interacts with it. What is this deceptive piece of data known as? (A) Honeystring (B) Honeytoken (C) Canary token (D) Security marker Explanation 14. Correct Answer: B. Honeytoken. Honeytokens are strategically placed deceptive pieces of data that have no actual value or real-world use but are closely monitored. Their sole purpose is to detect unauthorized interactions, as any access or use of a honeytoken is likely malicious or unauthorized. Option A is incorrect. There isn’t a commonly recognized security term known as “Honeystring” in the context described. Option C is incorrect. Canary tokens are a specific type of honeytoken and can serve the same purpose. However, given the choices provided and the context of the question, “Honeytoken” is the most accurate answer. Option D is incorrect. A security marker, in a general sense, can be any mark or indicator used for security purposes, but it isn’t specifically a deceptive piece of data placed to detect unauthorized access. 65 Question 15. An organization is deploying new IoT devices in its smart office. To ensure that only authorized devices can connect to the corporate network, each device will be given a unique key pair. Which of the following best describes the system authentication approach the organization is using? (A) Shared secret authentication (B) Public key infrastructure (PKI) (C) Token-based authentication (D) Username and password authentication Explanation 15. Correct Answer: B. Public key infrastructure (PKI). Public key infrastructure (PKI) is a combination of hardware, software, policies, and standards that work together to provide a framework for secure communications. One of the primary features of PKI is the use of a pair of keys (public and private) to authenticate entities. In the scenario, each IoT device is given a unique key pair, indicating the use of PKI for system authentication. Option A is incorrect. Shared secret authentication typically involves two parties having a shared secret that they use to authenticate one another. The scenario mentions a unique key pair for each device, which doesn’t align with the concept of a shared secret. Option C is incorrect. Token-based authentication typically involves using a hardware or software token that generates a time-sensitive code. The scenario is describing the use of key pairs, not tokens. 66 Option D is incorrect. Username and password authentication is a method where entities provide a username and a secret password to verify their identity. The scenario does not mention the use of usernames or passwords. Question 16. In the new branch of BankSecure, the management has decided to install a security system at the main entrance that forces visitors to go through two separate authorization checks before entering the main premises. Which physical security measure should they consider? (A) Turnstiles (B) Security Guards (C) Access Control Vestibule (D) Keycard Readers Explanation 16. Correct Answer: C. Access Control Vestibule. An access control vestibule, often referred to as a mantrap, is a two-stage authentication system. It consists of two doors: a person enters the first door, undergoes an authorization check (like a badge reader or biometric scanner), and only after being approved can they proceed to the second door, where they undergo another authorization check before accessing the main premises. Option A is incorrect. Turnstiles control the flow of individuals into a location and can prevent tailgating to some extent, but they do not force a two-stage authorization check. Option B is incorrect. While security guards can perform authorization checks and control access, they alone do not 67 provide a two-stage authorization system like an access control vestibule. Option D is incorrect. Keycard readers are a form of access control that checks the credentials of individuals, but on their own, they don’t ensure two separate authorization checks. Question 17. The IT department wants to monitor network traffic in real time to detect any anomalies or malicious activities. Which of the following security controls can accomplish this? (A) Security policy documentation (B) Intrusion Detection System (IDS) (C) Employee code of conduct (D) Access Control Lists (ACL) Explanation 17. Correct Answer: B. Intrusion Detection System (IDS). An Intrusion Detection System (IDS) is a technical control that monitors network traffic in real-time and alerts administrators to any suspicious or malicious activities based on predefined rules or heuristics. Option A is incorrect. Security policy documentation is an administrative control. It provides guidelines and procedures for maintaining security but does not actively monitor network traffic. Option C is incorrect. Employee code of conduct is an administrative control. It provides guidelines on how employees should behave in a professional setting but does not actively monitor network traffic. 68 Option D is incorrect. Access Control Lists (ACL) are technical controls, but they are used to define permissions on who can access specific resources. They do not actively monitor network traffic in real-time for anomalies or malicious activities. Question 18. Jenna, a web administrator for a growing online retail business, is in the process of obtaining SSL certificates for the company’s domain. The company uses several subdomains for different services, such as shop.example.com, blog.example.com, and support.example.com. Instead of obtaining individual certificates for each subdomain, Jenna wants to use one certificate. What type of certificate should Jenna pursue? (A) Extended Validation Certificate (B) Wildcard Certificate (C) Certificate with Subject Alternative Names (SAN) (D) Code Signing Certificate Explanation 18. Correct Answer: B. Wildcard Certificate. A Wildcard Certificate is designed to secure a domain and its subdomains under the same top-level domain. For example, a wildcard certificate for *.example.com would secure shop.example.com, blog.example.com, and any other subdomain of example.com. Option A is incorrect. An Extended Validation Certificate provides the highest level of validation but does not necessarily cover multiple subdomains by default. 69 Option C is incorrect. While a Certificate with Subject Alternative Names (SAN) can secure multiple domains and subdomains, it is not specifically tailored for all subdomains under a single domain as the Wildcard Certificate is. Option D is incorrect. A Code Signing Certificate is used to sign software code, ensuring its integrity and authenticity, not for securing domains or subdomains. Question 19. At a newly established museum, management wants to install sensors in the exhibit rooms to detect any unauthorized movement after hours. The rooms are often filled with a mix of air conditioning and external noise from the city. Which sensor would be BEST suited to detect movement in such conditions without being affected by the noise? (A) Acoustic sensors (B) Glass break detectors (C) Ultrasonic sensors (D) Thermal imaging cameras Explanation 19. Correct Answer: C. Ultrasonic sensors. Ultrasonic sensors emit high-frequency sound waves to detect motion. These sound waves are beyond the range of human hearing and won’t be affected by ambient noise, making them ideal for environments with varying noise conditions. When motion is detected, as indicated by changes in the reflected waves, an alarm is triggered. Option A is incorrect. Acoustic sensors detect specific sounds. The external noise from the city might cause false alarms or interfere with their detection capabilities. 70 Option B is incorrect. Glass break detectors are designed to detect the sound or vibration of breaking glass. They aren’t designed primarily to detect movement. Option D is incorrect. Thermal imaging cameras detect heat signatures and would be more susceptible to variations in room temperature due to air conditioning, potentially leading to false detections. Question 20. A company is setting up a secure communication channel between its headquarters and a remote branch office. To ensure that data transmitted over this channel originates from a legitimate system at the branch office, the company is considering using digital certificates. Which authentication method for systems is the company contemplating? (A) Kerberos authentication (B) Password-based authentication (C) Certificate-based authentication (D) Biometric-based authentication Explanation 20. Correct Answer: C. Certificate-based authentication. Certificate-based authentication uses digital certificates to verify the identity of systems or individuals. In the given scenario, the company wants to verify that data transmitted over the communication channel originates from a legitimate system, making digital certificates an appropriate choice. Option A is incorrect. Kerberos authentication is a ticket-based authentication protocol primarily used to authenticate users in a 71 network, not specifically for system-to-system authentication using digital certificates. Option B is incorrect. Password-based authentication requires systems or users to provide a secret password to prove their identity. It doesn’t involve the use of digital certificates. Option D is incorrect. Biometric-based authentication involves using unique physical or behavioral attributes of a person for verification, such as fingerprints or facial patterns. It is not applicable to system-to-system authentication. Question 21. A financial institution has experienced an uptick in unauthorized transactions. They want to implement a control that will allow them to identify suspicious transactions in real- time. Which of the following would be the BEST detective control for this scenario? (A) Implementing a multi-factor authentication system for all users (B) Establishing a Security Operations Center (SOC) to monitor network traffic (C) Installing an Intrusion Detection System (IDS) on their network (D) Restricting transaction capabilities to only a few trusted IP addresses. Explanation 21. Correct Answer: C. Installing an Intrusion Detection System (IDS) on their network. An Intrusion Detection System (IDS) serves as a detective control by monitoring network traffic for suspicious activities and potential threats. In this context, it can be configured to detect patterns 72 related to unauthorized transactions, thereby allowing timely intervention. Option A is incorrect. Implementing a multi-factor authentication system is a preventive control that provides an additional layer of security by requiring two or more verification methods. While it reduces the risk of unauthorized access, it does not detect suspicious transactions. Option B is incorrect. Establishing a Security Operations Center (SOC) is a broad approach to handle security events, and while it can include detective controls, merely setting up a SOC does not provide specific real-time detection of unauthorized transactions. Option D is incorrect. Restricting transaction capabilities to only a few trusted IP addresses is a preventive control that limits the sources of potential transactions. While it can reduce the number of unauthorized transactions, it does not detect them. Question 22. TechHaus has recently experienced multiple security breaches where unauthorized personnel have managed to infiltrate their server rooms after hours. To enhance security measures, the company decided to deploy a new system. Which of the following options would BEST detect human intruders based on their body heat even in complete darkness? (A) Installing CCTV cameras with LED lights (B) Using ultrasonic motion sensors (C) Deploying infrared (IR) sensors (D) Implementing RFID badge readers at the entrance 73 Explanation 22. Correct Answer: C. Deploying infrared (IR) sensors. Infrared (IR) sensors detect infrared radiation, such as the heat emitted by the human body. This makes them particularly effective in detecting human intruders, even in complete darkness, based on the body heat they emit. Option A is incorrect. While CCTV cameras with LED lights can provide visual surveillance, they rely on light to produce images and may not detect intruders in complete darkness as efficiently as infrared sensors. Option B is incorrect. Ultrasonic motion sensors detect movement through sound waves, not body heat, making them less efficient in differentiating between a human intruder and other moving objects. Option D is incorrect. RFID badge readers control access at entry points but do not detect human intruders based on their body heat inside a facility. Question 23. After detecting an unauthorized intrusion into their network, a financial institution wants to implement a control that will restore compromised systems to a known good state. Which of the following would be the MOST appropriate corrective control? (A) Implementing Intrusion Detection Systems (IDS) across the network (B) Frequently updating firewall rules (C) Restoring systems from verified backups (D) Enabling multi-factor authentication for users 74 Explanation 23. Correct Answer: C. Deploying infrared (IR) sensors. Infrared (IR) sensors detect infrared radiation, such as the heat emitted by the human body. This makes them particularly effective in detecting human intruders, even in complete darkness, based on the body heat they emit. Option A is incorrect. While CCTV cameras with LED lights can provide visual surveillance, they rely on light to produce images and may not detect intruders in complete darkness as efficiently as infrared sensors. Option B is incorrect. Ultrasonic motion sensors detect movement through sound waves, not body heat, making them less efficient in differentiating between a human intruder and other moving objects. Option D is incorrect. RFID badge readers control access at entry points but do not detect human intruders based on their body heat inside a facility. Question 24. After a recent security breach, Sarah, a cybersecurity analyst, is implementing additional measures to detect unauthorized activities. She decides to embed specific values in the database that serve no real purpose but are monitored for any unauthorized access or usage. These values are designed to raise alerts if they are ever accessed or used. What are these specific values commonly referred to as? (A) Security flags (B) Honeypots (C) Honeytokens (D) Audit trails 75 Explanation 24. Correct Answer: C. Restoring systems from verified backups. Restoring systems from verified backups is a corrective control, as it can restore compromised systems to their last known good state. This action corrects the adverse effects of the intrusion and ensures that any malicious alterations are removed. Option A is incorrect. Implementing Intrusion Detection Systems (IDS) is a detective control. It monitors and detects malicious activities in the network but doesn’t correct the adverse impacts of an intrusion. Option B is incorrect. Frequently updating firewall rules is a preventive measure, aiming to block malicious traffic and prevent potential intrusions. While vital, it doesn’t correct the impacts of an already occurred breach. Option D is incorrect. Enabling multi-factor authentication is a preventive control, aiming to provide additional layers of verification. While it enhances security, it doesn’t correct the adverse impacts of an intrusion. Question 25. Bob receives an email prompting him to verify his identity by clicking on a link. The link directs him to a webpage where he has to provide his username, password, and answer a personal security question. What type of authentication method is being employed here? (A) Biometric authentication (B) Token-based authentication (C) Two-factor authentication (D) Single sign-on 76 Explanation 25. Correct Answer: C. Two-factor authentication. Two-factor authentication (2FA) is a security process in which users provide two different authentication factors to verify their identity. In this scenario, Bob is providing something he knows (username and password) and also answering a personal security question, which is another form of “something he knows.” Option A is incorrect. Biometric authentication involves using unique physical or behavioral attributes of a person for verification, such as fingerprints or facial patterns. The scenario doesn’t mention any biometric data. Option B is incorrect. Token-based authentication typically involves using a hardware or software token that generates a time-sensitive code. This was not