Exam 5: CompTIA Cloud Essentials+

A) Development of a hypothesis as part of threat hunting
B) Log correlation, monitoring, and automated reporting through a SIEM platform
C) Continuous compliance monitoring using SCAP dashboards
D) Quarterly vulnerability scanning using credentialed scans

A) Parameterized queries
B) Session management
C) Input validation
D) Output encoding
E) Data protection
F) Authentication

A) email server that automatically deletes attached executables.
B) IDS to match the malware sample.
C) proxy to block all connections to . proxy to block all connections to .
D) firewall to block connection attempts to dynamic DNS hosts.

A) Injection attack
B) Memory corruption
C) Denial of service
D) Array attack

A) placed in an isolated network segment, authenticated on the IT side, and forwarded into the ICS network.
B) placed on the ICS network with a static firewall rule that allows IT network resources to authenticate.
C) bridged between the IT and operational technology networks to allow authenticated access.
D) placed on the IT side of the network, authenticated, and tunneled into the ICS environment.

A) Deploy a WAF in front of the application.
B) Implement a software repository management tool.
C) Install a HIPS on the server.
D) Instruct the developers to use input validation in the code.

A) ping -t 10.79.95.173.rdns.datacenters.com
B) telnet 10.79.95.173 443
C) ftpd 10.79.95.173.rdns.datacenters.com 443
D) tracert 10.79.95.173

A) Risk exception
B) Risk avoidance
C) Risk tolerance
D) Risk acceptance

A) Human resources
B) Public relations
C) Marketing
D) Internal network operations center

A) Data custodian
B) Data owner
C) Data processor
D) Senior management

A) Add TXT @ "v=spf1 mx include:_spf.comptia.org ?all" to the DNS record. Add TXT @ "v=spf1 mx include:_spf.comptia.org ?all" to the DNS record.
B) Add TXT @ "v=spf1 mx include:_spf.comptia.org ?all" to the email server. to the email server.
C) Add TXT @ "v=spf1 mx include:_spf.comptia.org +all" to the domain controller. TXT @ "v=spf1 mx include:_spf.comptia.org +all" to the domain controller.
D) Add TXT @ "v=spf1 mx include:_spf.comptia.org +all" to the web server. to the web server.

A) Continuous integration and deployment
B) Automation and orchestration
C) Static and dynamic analysis
D) Information sharing and analysis

A) ICMP is being blocked by a firewall.
B) The routing tables for ping and hping3 were different. The routing tables for ping and hping3 were different.
C) The original ping command needed root permission to execute. The original command needed root permission to execute.
D) hping3 is returning a false positive. is returning a false positive.

A) Sanitization policy
B) Data sovereignty
C) Encryption policy
D) Retention standards

A) Executing vendor compliance assessments against the organization's security controls
B) Executing NDAs prior to sharing critical data with third parties
C) Soliciting third-party audit reports on an annual basis
D) Maintaining and reviewing the organizational risk assessment on a quarterly basis
E) Completing a business impact assessment for all critical service providers
F) Utilizing DLP capabilities at both the endpoint and perimeter levels

A) PC1
B) PC2
C) Server1
D) Server2
E) Firewall

A) Use Burp Suite to capture packets to the SCADA device's IP.
B) Use tcpdump to capture packets from the SCADA device IP.
C) Use Wireshark to capture packets between SCADA devices and the management system.
D) Use Nmap to capture packets from the management system to the SCADA devices.

A) Ensure both power supplies on the SAN are serviced by separate circuits, so that if one circuit goes down, the other remains powered.
B) Install additional batteries in the SAN power supplies with enough capacity to keep the system powered on during maintenance operations.
C) Ensure power configuration is covered in the datacenter change management policy and have the SAN administrator review this policy.
D) Install a third power supply in the SAN so loss of any power intuit does not result in the SAN completely powering off.

A) An IPS signature modification for the specific IP addresses
B) An IDS signature modification for the specific IP addresses
C) A firewall rule that will block port 80 traffic
D) A firewall rule that will block traffic from the specific IP addresses

A) The clients' authentication tokens were impersonated and replayed.
B) The clients' usernames and passwords were transmitted in cleartext.
C) An XSS scripting attack was carried out on the server.
D) A SQL injection attack was carried out on the server.

A) Switch to using a pre-approved, secure, third-party communication system.
B) Keep the entire company informed to ensure transparency and integrity during the incident.
C) Restrict customer communication until the severity of the breach is confirmed.
D) Limit communications to pre-authorized parties to ensure response efforts remain confidential.

A) Limit the permissions to prevent other employees from accessing data owned by the business unit.
B) Segment the servers and systems used by the business unit from the rest of the network.
C) Deploy patches to all servers and workstations across the entire organization.
D) Implement full-disk encryption on the laptops used by employees of the payment-processing team.

A) Unauthorized, unintentional, benign
B) Unauthorized, intentional, malicious
C) Authorized, intentional, malicious
D) Authorized, unintentional, benign

A) Deidentification
B) Encoding
C) Encryption
D) Watermarking

A) an 802.11ac wireless bridge to create an air gap.
B) a managed switch to segment the lab into a separate VLAN.
C) a firewall to isolate the lab network from all other networks.
D) an unmanaged switch to segment the environments from one another.

A) The To address is invalid.
B) The email originated from the www.spamfilter.org URL.
C) The IP address and the remote server name are the same.
D) The IP address was blacklisted.
E) The From address is invalid.

A) Patch the required hosts with the correct updates and hot fixes, and rescan them for vulnerabilities.
B) Remove the servers reported to have high and medium vulnerabilities.
C) Tag the computers with critical findings as a business risk acceptance.
D) Manually patch the computers on the network, as recommended on the CVE website.
E) Harden the hosts on the network, as recommended by the NIST framework.
F) Resolve the monthly job issues and test them before applying them to the production network.

A) Walk through
B) Full interruption
C) Simulation
D) Parallel

A) Decompile each binary to derive the source code.
B) Perform a factory reset on the affected mobile device.
C) Compute SHA-256 hashes for each binary.
D) Encrypt the binaries using an authenticated AES-256 mode of operation.
E) Inspect the permissions manifests within each application.

A) Compatibility mode
B) Secure boot mode
C) Native mode
D) Fast boot mode

A) relevant training data.
B) a threat feed API.
C) a multicore, multiprocessor system.
D) anomalous traffic signatures.

A) DLP
B) Encryption
C) Test data
D) NDA

A) Audit access permissions for all employees to ensure least privilege.
B) Force a password reset for the impacted employees and revoke any tokens.
C) Configure SSO to prevent passwords from going outside the local network.
D) Set up privileged access management to ensure auditing is enabled.

A) Apply the required patches to remediate the vulnerability.
B) Escalate the incident to senior management for guidance.
C) Disable all privileged user accounts on the network.
D) Temporarily block the attacking IP address.

A) Agile
B) Waterfall
C) SDLC
D) Dynamic code analysis

A) The use of infrastructure-as-code capabilities leads to an increased attack surface.
B) Patching the underlying application server becomes the responsibility of the client.
C) The application is unable to use encryption at the database level.
D) Insecure application programming interfaces can lead to data compromise.

A) Enforce unique session IDs for the application.
B) Deploy a WAF in front of the web application.
C) Check for and enforce the proper domain for the redirect.
D) Use a parameterized query to check the credentials.
E) Implement email filtering with anti-phishing protection.

A) DST 138.10.2.5.
B) DST 138.10.25.5.
C) DST 172.10.3.5.
D) DST 172.10.45.5.
E) DST 175.35.20.5.

A) Implement a honeypot.
B) Air gap sensitive systems.
C) Increase the network segmentation.
D) Implement a cloud-based architecture.

A) This is an encrypted GET HTTP request
B) A packet is being used to bypass the WAF
C) This is an encrypted packet
D) This is an encoded WAF bypass

A) It automatically performs remedial configuration changes to enterprise security services
B) It enables standard checklist and vulnerability analysis expressions for automation
C) It establishes a continuous integration environment for software development operations
D) It provides validation of suspected system vulnerabilities through workflow orchestration

A) Use a UEFI boot password
B) Implement a self-encrypted disk
C) Configure filesystem encryption
D) Enable Secure Boot using TPM

A) v=spf1 a mx redirect:mail.marketing.com ?all
B) v=spf1 a mx include:mail.marketing.com -all
C) v=spf1 a mx +all
D) v=spf1 a mx include:mail.marketing.com ~all

A) 192.168.1.1
B) 192.168.1.10
C) 192.168.1.12
D) 192.168.1.193

A) is implemented differently on individual systems
B) is implemented at the enterprise and system levels
C) has operational and technical components
D) authenticates using passwords and hardware tokens

A) TPM
B) eFuse
C) FPGA
D) HSM
E) UEFI

A) Create three separate cloud accounts for each environment. Configure account peering and security rules to allow access to and from each environment.
B) Create one cloud account with one VPC for all environments. Purchase a virtual firewall and create granular security rules.
C) Create one cloud account and three separate VPCs for each environment. Create security rules to allow access to and from each environment.
D) Create three separate cloud accounts for each environment and a single core account for network services. Route all traffic through the core account.

A) Baseline configuration assessment
B) Uncredentialed scan
C) Network ping sweep
D) External penetration test

A) Directory traversal exploit
B) Cross-site scripting
C) SQL injection
D) Cross-site request forgery

A) nmap -sA -O -noping
B) nmap -sT -O -P0
C) nmap -sS -O -P0
D) nmap -sQ -O -P0

A) Establish a hosted SSO.
B) Implement a CASB.
C) Virtualize the server.
D) Air gap the server.

A) Reverse engineering
B) Application log collectors
C) Workflow orchestration
D) API integration
E) Scripting

A) Root-cause analysis
B) Active response
C) Advanced antivirus
D) Information-sharing community
E) Threat hunting

A) $75,000
B) $300,000
C) $1.425 million
D) $1.5 million

A) Purpose limitation
B) Sovereignty
C) Data minimization
D) Retention

A) Requirements analysis and collection planning
B) Containment and eradication
C) Recovery and post-incident review
D) Indicator enrichment and research pivoting

A) Monday's logs
B) Tuesday's logs
C) Wednesday's logs
D) Thursday's logs

A) Patching logs
B) Threat feed
C) Backup logs
D) Change requests
E) Data classification matrix

A) sha256sum ~/Desktop/file.pdf
B) file ~/Desktop/file.pdf
C) strings ~/Desktop/file.pdf | grep "D) cat < ~/Desktop/file.pdf | grep -i .exe

A) Tokenization of sensitive data
B) Establishment of data classifications
C) Reporting on data retention and purging activities
D) Formal identification of data ownership
E) Execution of NDAs

A) BadReputationIp - - [2019-04-12 10:43Z] "GET /etc/passwd" 403 1023
B) BadReputationIp - - [2019-04-12 10:43Z] "GET /index.html?src=../.ssh/id_rsa" 401 17044
C) BadReputationIp - - [2019-04-12 10:43Z] "GET /a.php?src=/etc/passwd" 403 11056
D) BadReputationIp - - [2019-04-12 10:43Z] "GET /a.php?src=../../.ssh/id_rsa" 200 15036
E) BadReputationIp - - [2019-04-12 10:43Z] "GET /favicon.ico?src=../usr/share/icons" 200 19064

A) Data encoding
B) Data masking
C) Data loss prevention
D) Data classification

A) Begin blocking all IP addresses within that subnet
B) Determine the attack vector and total attack surface
C) Begin a kill chain analysis to determine the impact
D) Conduct threat research on the IP addresses

A) Organizational policies
B) Vendor requirements and contracts
C) Service-level agreements
D) Legal requirements

A) firewall behind the VPN server
B) VPN server parallel to the firewall
C) VPN server behind the firewall
D) VPN on the firewall

A) strace /proc/1301
B) rpm -V openssh-server
C) /bin/ls -l /proc/1301/exe
D) kill -9 1301

A) Create an IPS rule to block these domains and trigger an alert within the SIEM tool when these domains are requested.
B) Add the domains to a DNS sinkhole and create an alert in the SIEM tool when the domains are queried
C) Look up the IP addresses for these domains and search firewall logs for any traffic being sent to those IPs over port 443
D) Query DNS logs with a SIEM tool for any hosts requesting the malicious domains and create alerts based on this information

A) Port 21
B) Port 22
C) Port 23
D) Port 80

A) Server-side request forgery
B) Cross-site scripting
C) SQL injection
D) Command injection
E) Cross-site request forgery
F) Directory traversal

A) Enable MAC filtering on the wireless router and suggest a stronger encryption for the wireless network
B) Change the SSID, strengthen the passcode, and implement MAC filtering on the wireless router
C) Enable MAC filtering on the wireless router and create a whitelist that allows devices on the network
D) Conduct a wireless survey to determine if the wireless strength needs to be reduced

A) Capture lessons learned and improve incident response processes
B) Develop a process for containment and continue improvement efforts
C) Identify new technologies and strategies to remediate
D) Identify a new management strategy

A) Probability
B) Adversary capability
C) Attack vector
D) Impact
E) Classification
F) Indicators of compromise

A) prescriptive
B) risk-based
C) preventive
D) corrective

A) Change the security model to force the users to access the database as themselves
B) Parameterize queries to prevent unauthorized SQL queries against the database
C) Configure database security logging using syslog or a SIEM
D) Enforce unique session IDs so users do not get a reused session ID

A) Conduct a risk assessment based on the controls defined in the newly revised policies
B) Require all employees to attend updated security awareness training and sign an acknowledgement
C) Post the policies on the organization's intranet and provide copies of any revised policies to all active vendors
D) Distribute revised copies of policies to employees and obtain a signed acknowledgement from them

A) Directory traversal
B) SQL injection
C) Buffer overflow
D) Cross-site scripting

A) IP whitelisting
B) Certificate-based authentication
C) Virtual private network
D) Web application firewall

A) It enables the team to prioritize the focus areas and tactics within the company's environment
B) It provides criticality analyses for key enterprise servers and services
C) It allows analysts to receive routine updates on newly discovered software vulnerabilities
D) It supports rapid response and recovery during and following an incident

A) federated authentication
B) role-based access control
C) manual account reviews
D) multifactor authentication