[Apr 13, 2026] CompTIA CAS-004 Exam Dumps Files, Q173/591: An organization is considering a BYOD standard to support remote working. The first iteration of the

Join the discussion

Question 173/591

An organization is considering a BYOD standard to support remote working. The first iteration of the solution will utilize only approved collaboration applications and the ability to move corporate data between those applications. The security team has concerns about the following:
Unstructured data being exfiltrated after an employee leaves the organization Data being exfiltrated as a result of compromised credentials Sensitive information in emails being exfiltrated Which of the following solutions should the security team implement to mitigate the risk of data loss?

A. Mobile device management, remote wipe, and data loss detection

B. Conditional access, DoH, and full disk encryption

C. Mobile application management, MFA, and DRM

D. Certificates, DLP, and geofencing

Add Comments

Other Question (591q): Q1. The Chief Information Security Officer (CISO) of an organization is concerned with the tra...; Q2. SIMULATION An organization is planning for disaster recovery and continuity of operations....; Q3. An application server was recently upgraded to prefer TLS 1.3, and now users are unable to...; Q4. A developer wants to maintain integrity to each module of a program and ensure the code ca...; Q5. A security analyst is reviewing network connectivity on a Linux workstation and examining ...; Q6. A company's claims processed department has a mobile workforce that receives a large numbe...; Q7. In support of disaster recovery objectives, a third party agreed to provide 99.999% uptime...; Q8. A security administrator is opening connectivity on a firewall between Organization A and ...; Q9. A security analyst wants to keep track of alt outbound web connections from workstations. ...; Q10. A Chief Information Officer (CIO) wants to implement a cloud solution that will satisfy th...; Q11. A security administrator configured the account policies per security implementation guide...; Q12. An organization developed a containerized application. The organization wants to run the a...; Q13. Which of the following best describes a risk associated with using facial recognition to l...; Q14. Which of the following describes how a risk assessment is performed when an organization h...; Q15. An organization is rolling out a robust vulnerability management system to monitor SCADA d...; Q16. A security engineer is performing a threat modeling procedure against a machine learning s...; Q17. An organization is looking to establish more robust security measures by implementing PKI....; Q18. An organization found a significant vulnerability associated with a commonly used package ...; Q19. Which of the following is a security concern for DNP3?...; Q20. A company is deploying multiple VPNs to support supplier connections into its extranet app...; Q21. An organization mat provides a SaaS solution recently experienced an incident involving cu...; Q22. A network administrator receives a ticket regarding an error from a remote worker who is t...; Q23. A security administrator is trying to securely provide public access to specific data from...; Q24. A company has been the target of LDAP injections, as well as brute-force, whaling, and spe...; Q25. Which of the following are the primary purposes of digital signatures in verifying code in...; Q26. A customer reports being unable to connect to a website at www.test.com to consume service...; Q27. A product development team has submitted code snippets for review prior to release. INSTRU...; Q28. Drag and Drop Question An organization is planning for disaster recovery and continuity of...; Q29. A remote user reports the inability to authenticate to the VPN concentrator. During troubl...; Q30. While investigating a security event, an analyst finds evidence that a user opened an emai...; Q31. A company wants to configure its wireless network to require username and password authent...; Q32. A pharmaceutical company was recently compromised by ransomware. Given the following EDR o...; Q33. An auditor Is reviewing the logs from a web application to determine the source of an Inci...; Q34. A security analyst is designing a touch screen device so users can gain entry into a locke...; Q35. An analyst execute a vulnerability scan against an internet-facing DNS server and receives...; Q36. A security analyst is investigating a series of suspicious emails by employees to the secu...; Q37. A security analyst receives an alert from the SIEM regarding unusual activity on an author...; Q38. An organization is working to secure its development process to ensure developers cannot d...; Q39. After a server was compromised an incident responder looks at log files to determine the a...; Q40. After a server was compromised an incident responder looks at log files to determine the a...; Q41. A company undergoing digital transformation is reviewing the resiliency of a CSP and is co...; Q42. A small company recently developed prototype technology for a military program. The compan...; Q43. An analyst reviews the following output collected during the execution of a web applicatio...; Q44. An organization performed a risk assessment and discovered that less than 50% of its emplo...; Q45. An organization is considering a BYOD standard to support remote working. The first iterat...; Q46. A security architect updated the security policy to require a proper way to verify that pa...; Q47. A social media company wants to change encryption ciphers after identifying weaknesses in ...; Q48. A security analyst is performing a review of a web application. During testing as a standa...; Q49. A mobile device hardware manufacturer receives the following requirements from a company t...; Q50. The IT team suggests the company would save money by using self-signed certificates, but t...; Q51. A company's human resources department recently had its own shadow IT department spin up t...; Q52. An accounting team member received a voicemail message from someone who sounded like the C...; Q53. After a cybersecurity incident, a judge found that a company did not conduct a proper fore...; Q54. Which of the following is the reason why security engineers often cannot upgrade the secur...; Q55. An organization has deployed a cloud-based application that provides virtual event service...; Q56. A company requires a task to be carried by more than one person concurrently. This is an e...; Q57. A city government's IT director was notified by the city council that the following cybers...; Q58. A network administrator for a completely air-gapped and closed system has noticed that ano...; Q59. A cybersecurity engineer analyst a system for vulnerabilities. The tool created an OVAL. R...; Q60. A security architect recommends replacing the company's monolithic software application wi...; Q61. An organization is designing a network architecture that must meet the following requireme...; Q62. An organization is in frequent litigation and has a large number of legal holds. Which of ...; Q63. A penetration tester inputs the following command: (Exhibit) This command will allow the p...; Q64. A company's claims processed department has a mobile workforce that receives a large numbe...; Q65. Company A is merging with Company B. Company A is a small, local company. Company B has a ...; Q66. A security team is concerned with attacks that are taking advantage of return-oriented pro...; Q67. SIMULATION You are a security analyst tasked with interpreting an Nmap scan output from co...; Q68. A software development company needs to mitigate third-party risks to its software supply ...; Q69. In order to authenticate employees who, call in remotely, a company's help desk staff must...; Q70. Which of the following is the MOST important security objective when applying cryptography...; Q71. The results of an internal audit indicate several employees reused passwords that were pre...; Q72. A high-severity vulnerability was found on a web application and introduced to the enterpr...; Q73. In preparation for the holiday season, a company redesigned the system that manages retail...; Q74. As part of an organization's ongoing vulnerability assessment program, the Chief Informati...; Q75. (Exhibit) An organization is planning for disaster recovery and continuity of operations. ...; Q76. A company is deploying multiple VPNs to support supplier connections into its extranet app...; Q77. A security is assisting the marketing department with ensuring the security of the organiz...; Q78. A security analyst is assessing a new application written in Java. The security analyst mu...; Q79. A security administrator is concerned about employees connecting their personal devices to...; Q80. A financial services company wants to migrate its email services from on-premises servers ...; Q81. A security engineer needs to implement a solution to increase the security posture of user...; Q82. A security engineer is re-architecting a network environment that provides regional electr...; Q83. During a software assurance assessment, an engineer notices the source code contains multi...; Q84. A company suspects a web server may have been infiltrated by a rival corporation. The secu...; Q85. Which of the following describes how a risk assessment is performed when an organization h...; Q86. Which of the following most likely determines the level of controls that is required for s...; Q87. Which of the following is used to assess compliance with internal and external requirement...; Q88. An IT administrator is reviewing all the servers in an organization and notices that a ser...; Q89. An organization is designing a MAC scheme (or critical servers running GNU/Linux. The secu...; Q90. A security consultant has been asked to identify a simple, secure solution for a small bus...; Q91. (Exhibit); Q92. A health company has reached the physical and computing capabilities in its datacenter, bu...; Q93. A security analyst discovered that a database administrator's workstation was compromised ...; Q94. A security engineer needs to implement a solution to increase the security posture of user...; Q95. A user in the finance department uses a laptop to store a spreadsheet that contains confid...; Q96. Which of the following BEST describes a common use case for homomorphic encryption ?...; Q97. The primary advantage of an organization creating and maintaining a vendor risk registry i...; Q98. A security architect examines a section of code and discovers the following: (Exhibit) Whi...; Q99. A security architect recommends replacing the company's monolithic software application wi...; Q100. A software developer needs to add an authentication method to a web application. The follo...; Q101. An IDS was unable to detect malicious network traffic during a recent security incident, e...; Q102. A company that uses AD is migrating services from LDAP to secure LDAP. During the pilot ph...; Q103. (Exhibit) An organization is planning for disaster recovery and continuity of operations. ...; Q104. Which of the following are the MOST likely vectors for the unauthorized or unintentional i...; Q105. A security architect is designing a solution for a new customer who requires significant s...; Q106. An HVAC contractor requested network connectivity permission to remotely support/troublesh...; Q107. A security engineer needs to review the configurations of several devices on the network t...; Q108. The results of an internal audit indicate several employees reused passwords that were pre...; Q109. An analyst determined that the current process for manually handling phishing attacks with...; Q110. A security architect needs to implement a CASB solution for an organization with a highly ...; Q111. A network administrator receives a ticket regarding an error from a remote worker who is t...; Q112. In order to save money, a company has moved its data to the cloud with a low-cost provider...; Q113. A small business requires a low-cost approach to theft detection for the audio recordings ...; Q114. A security engineer needs to implement a cost-effective authentication scheme for a new we...; Q115. During a network defense engagement, a red team is able to edit the following registry key...; Q116. A security architect needs to implement a CASB solution for an organization with a highly ...; Q117. Which of the following describes how a risk assessment is performed when an organization h...; Q118. Which of the following communication protocols is used to create PANs with small, low-powe...; Q119. A DNS forward lookup zone named complia.org must: * Ensure the DNS is protected from on-pa...; Q120. A company has decided to purchase a license for software that is used to operate a mission...; Q121. A security analyst discovered that the company's WAF was not properly configured. The main...; Q122. A financial services company has proprietary trading algorithms, which were created and ar...; Q123. A systems administrator is in the process of hardening the host systems before connecting ...; Q124. A SOC analyst is reviewing malicious activity on an external, exposed web server. During t...; Q125. A Chief information Security Officer (CISO) is developing corrective-action plans based on...; Q126. A company is decommissioning old servers and hard drives that contain sensitive data. Whic...; Q127. A security analyst has been assigned incident response duties and must instigate the respo...; Q128. An organization developed a containerized application. The organization wants to run the a...; Q129. A security analyst discovered that a database administrator's workstation was compromised ...; Q130. A junior developer is informed about the impact of new malware on an Advanced RISC Machine...; Q131. The findings from a recent penetration test report indicate a systematic issue related to ...; Q132. Which of the following security features do email signatures provide? (Choose two.)...; Q133. A hospitality company experienced a data breach that included customer PII. The hacker use...; Q134. Given the following log snippet from a web server: (Exhibit) Which of the following BEST d...; Q135. A mobile administrator is reviewing the following mobile device DHCP logs to ensure the pr...; Q136. An organization handles sensitive information that must be displayed on call center techni...; Q137. Device event logs sources from MDM software as follows: (Exhibit) Which of the following s...; Q138. A developer is creating a new mobile application for a company. The application uses REST ...; Q139. Which of the following describes the system responsible for storing private encryption/dec...; Q140. A company that uses AD is migrating services from LDAP to secure LDAP. During the pilot ph...; Q141. A user from the sales department opened a suspicious file attachment. The sales department...; Q142. A security engineer is reviewing a record of events after a recent data breach incident th...; Q143. A security analyst needs to recommend a remediation to the following threat: (Exhibit) Whi...; Q144. A cloud security engineer is setting up a cloud-hosted WAF. The engineer needs to implemen...; Q145. A company is migrating from company-owned phones to a BYOD strategy for mobile devices. Th...; Q146. A company has integrated source code from a subcontractor into its security product. The s...; Q147. A mobile administrator is reviewing the following mobile device DHCP logs to ensure the pr...; Q148. An application engineer is using the Swagger framework to leverage REST APIs to authentica...; Q149. A security review of the architecture for an application migration was recently completed....; Q150. A security analyst discovered that the company's WAF was not properly configured. The main...; Q151. A security analyst is using data provided from a recent penetration test to calculate CVSS...; Q152. A security auditor needs to review the manner in which an entertainment device operates. T...; Q153. In a shared responsibility model for PaaS, which of the following is a customer's responsi...; Q154. A security engineer is performing a threat modeling procedure against a machine learning s...; Q155. An organization is prioritizing efforts to remediate or mitigate risks identified during t...; Q156. A company is implementing SSL inspection. During the next six months, multiple web applica...; Q157. A security engineer performed an assessment on a recently deployed web application. The en...; Q158. After a server was compromised an incident responder looks at log files to determine the a...; Q159. You have received a report that some users are unable to use their personal devices to aut...; Q160. A security architect is reviewing the following organizational specifications for a new ap...; Q161. A SOC analyst received an alert about a potential compromise and is reviewing the followin...; Q162. A company is preparing to deploy a global service. Which of the following must the company...; Q163. A company recently deployed a SIEM and began importing logs from a firewall, a file server...; Q164. A company uses a CSP to provide a front end for its new payment system offering. The new o...; Q165. A security engineer is implementing DLP. Which of the following should the security engine...; Q166. A software company is developing an application in which data must be encrypted with a cip...; Q167. An organization had been leveraging RC4 to protect the confidentiality of a continuous, hi...; Q168. A security team receives alerts regarding impossible travel and possible brute-force attac...; Q169. A security consultant is designing an infrastructure security solution for a client compan...; Q170. A security consultant is designing an infrastructure security solution for a client compan...; Q171. Company A is establishing a contractual with Company B. The terms of the agreement are for...; Q172. A small company recently developed prototype technology for a military program. The compan...; Q173. An organization is considering a BYOD standard to support remote working. The first iterat...; Q174. A company is moving most of its customer-facing production systems to the cloud-facing pro...; Q175. The Chief information Officer (CIO) of a large bank, which uses multiple third-party organ...; Q176. A manufacturing company's security engineer is concerned a remote actor may be able to acc...; Q177. A security architect updated the security policy to require a proper way to verify that pa...; Q178. SIMULATION A product development team has submitted code snippets for review prior to rele...; Q179. The findings from a recent penetration test report indicate a systematic issue related to ...; Q180. An organization is running its e-commerce site in the cloud. The capacity is sufficient to...; Q181. A security architect works for a manufacturing organization that has many different branch...; Q182. A cybersecurity analyst discovered a private key that could have been exposed. Which of th...; Q183. An organization recently experienced a ransomware attack. The security team leader is conc...; Q184. A financial services company wants to migrate its email services from on-premises servers ...; Q185. A large number of emails have been reported, and a security analyst is reviewing the follo...; Q186. A security engineer was auditing an organization's current software development practice a...; Q187. A security analyst discovered that the company's WAF was not properly configured. The main...; Q188. A security administrator configured the account policies per security implementation guide...; Q189. A company has decided to purchase a license for software that is used to operate a mission...; Q190. A security analyst reviews network logs and notices a large number of domain name queries ...; Q191. A security is assisting the marketing department with ensuring the security of the organiz...; Q192. An organization requires a contractual document that includes * An overview of what is cov...; Q193. A company is looking at sending historical backups containing customer PII to a cloud serv...; Q194. Which of the following provides the best solution for organizations that want to securely ...; Q195. A company recently experienced a security incident in which its domain controllers were th...; Q196. A security architect discovers the following page while testing a website for vulnerabilit...; Q197. After a lengthy exercise manually analyzing various types of logs related to a security br...; Q198. A security auditor needs to review the manner in which an entertainment device operates. T...; Q199. A penetration tester obtained root access on a Windows server and, according to the rules ...; Q200. A technician is reviewing the logs and notices a large number of files were transferred to...; Q201. A company hired a third party to develop software as part of its strategy to be quicker to...; Q202. An e-commerce company is running a web server on premises, and the resource utilization is...; Q203. A threat analyst notices the following URL while going through the HTTP logs. http://www.s...; Q204. A SaaS startup is maturing its DevSecOps program and wants to identify weaknesses earlier ...; Q205. A company is migrating from company-owned phones to a BYOD strategy for mobile devices. Th...; Q206. An administrator completed remediation for all the findings of a penetration test and noti...; Q207. A company's BIA indicates that any loss of more than one hour of data would be catastrophi...; Q208. A security engineer has been asked to close all non-secure connections from the corporate ...; Q209. A security analyst is reviewing the following output: (Exhibit) Which of the following wou...; Q210. A technician is reviewing the logs and notices a large number of files were transferred to...; Q211. An organization is looking to establish more robust security measures by implementing PKI....; Q212. Which of the following describes the system responsible for storing private encryption/dec...; Q213. A regional transportation and logistics company recently hired its first Chief Information...; Q214. A company is experiencing a large number of attempted network-based attacks against its on...; Q215. A Chief information Security Officer (CISO) is developing corrective-action plans based on...; Q216. A hospital has fallen behind with patching known vulnerabilities due to concerns that patc...; Q217. A compliance officer is responsible for selecting the right governance framework to protec...; Q218. A company is migrating from company-owned phones to a BYOD strategy for mobile devices. Th...; Q219. A security analyst is investigating a possible buffer overflow attack. The following outpu...; Q220. You are a security analyst tasked with interpreting an Nmap scan output from company's pri...; Q221. A senior security analyst is helping the development team improve the security of an appli...; Q222. A company undergoing digital transformation is reviewing the resiliency of a CSP and is co...; Q223. A company wants to implement a new website that will be accessible via browsers with no mo...; Q224. After a security incident, a network security engineer discovers that a portion of the com...; Q225. A security administrator has been tasked with hardening a domain controller against latera...; Q226. A software company is developing an application in which data must be encrypted with a cip...; Q227. A company is preparing to deploy a global service. Which of the following must the company...; Q228. A security engineer needs 10 implement a CASB to secure employee user web traffic. A Key r...; Q229. A security analyst discovered that the company's WAF was not properly configured. The main...; Q230. Users are claiming that a web server is not accessible. A security engineer logs for the s...; Q231. A company that uses AD is migrating services from LDAP to secure LDAP. During the pilot ph...; Q232. A company wants to improve the security of its web applications that are running on in-hou...; Q233. An engineering team has deployed a new VPN service that requires client certificates to be...; Q234. A systems administrator is in the process of hardening the host systems before connecting ...; Q235. A security engineer was auditing an organization's current software development practice a...; Q236. A systems administrator was given the following IOC to detect the presence of a malicious ...; Q237. An organization is preparing to migrate its production environment systems from an on-prem...; Q238. An architectural firm is working with its security team to ensure that any draft images th...; Q239. Company A is merging with Company B Company A is a small, local company Company B has a la...; Q240. SIMULATION You are a security analyst tasked with interpreting an Nmap scan output from co...; Q241. A cybersecurity analyst created the following tables to help determine the maximum budget ...; Q242. A network administrator receives a ticket regarding an error from a remote worker who is t...; Q243. As part of the customer registration process to access a new bank account, customers are r...; Q244. A company requires a task to be carried by more than one person concurrently. This is an e...; Q245. A developer needs to implement PKI in an autonomous vehicle's software in the most efficie...; Q246. An organization is rolling out a robust vulnerability management system to monitor SCADA d...; Q247. An loT device implements an encryption module built within its SoC where the asymmetric pr...; Q248. A security engineer is performing a vulnerability management scan on multihomed Linux syst...; Q249. PKI can be used to support security requirements in the change management process. Which o...; Q250. A security officer at an organization that makes and sells digital artwork must ensure the...; Q251. loCs were missed during a recent security incident due to the reliance on a signature-base...; Q252. To bring digital evidence in a court of law the evidence must be:...; Q253. Which of the following is the MOST important security objective when applying cryptography...; Q254. An organization handles sensitive information that must be displayed on call center techni...; Q255. A company wants to use a process to embed a sign of ownership covertly inside a proprietar...; Q256. A company has decided that only administrators are permitted to use PowerShell on their Wi...; Q257. A security analyst is reviewing the following output: (Exhibit) Which of the following wou...; Q258. A financial services company wants to migrate its email services from on-premises servers ...; Q259. The Chief Information Security Officer (CISO) has outlined a five-year plan for the compan...; Q260. A health company has reached the physical and computing capabilities in its datacenter, bu...; Q261. A company performs an annual attack surface analysis and identifies a large number of unex...; Q262. A security engineer notices the company website allows users following example: hitps://my...; Q263. A disaster recovery team learned of several mistakes that were made during the last disast...; Q264. A compliance officer is responsible for selecting the right governance framework to protec...; Q265. A security analyst is investigating a series of suspicious emails by employees to the secu...; Q266. Due to locality and budget constraints, an organization's satellite office has a lower ban...; Q267. A company wants to improve the security of its web applications that are running on in-hou...; Q268. A company in the financial sector receives a substantial number of customer transaction re...; Q269. An organization is establishing a new software assurance program to vet applications befor...; Q270. During a system penetration test, a security engineer successfully gained access to a shel...; Q271. A Chief information Security Officer (CISO) is developing corrective-action plans based on...; Q272. Which of the following indicates when a company might not be viable after a disaster?...; Q273. A systems administrator is preparing to run a vulnerability scan on a set of information s...; Q274. An organization is moving its intellectual property data from on premises to a CSP and wan...; Q275. An organization recently started processing, transmitting, and storing its customers' cred...; Q276. A penetration tester inputs the following command: (Exhibit) This command will allow the p...; Q277. You are an information security analyst tasked to provide feedback and remediation guidanc...; Q278. A company is rewriting a vulnerable application and adding the inprotect () system call in...; Q279. An organization needs to classify its systems and data in accordance with external require...; Q280. A security analyst observes the following while looking through network traffic in a compa...; Q281. When assessing the risk of integrating a third-party product into an organization’s IT en...; Q282. A developer implement the following code snippet. (Exhibit) Which of the following vulnera...; Q283. An organization is implementing a new identity and access management architecture with the...; Q284. A company recently deployed a SIEM and began importing logs from a firewall, a file server...; Q285. An application developer is including third-party background security fixes in an applicat...; Q286. A software developer must choose encryption algorithms to secure two parts of a mobile app...; Q287. A SaaS startup is maturing its DevSecOps program and wants to identify weaknesses earlier ...; Q288. A user in the finance department uses a laptop to store a spreadsheet that contains confid...; Q289. A security analyst is participating in a risk assessment and is helping to calculate the e...; Q290. A vulnerability scanner detected an obsolete version of an open-source file-sharing applic...; Q291. A company's Internet connection is commonly saturated during business hours, affecting Int...; Q292. Which of the following indicates when a company might not be viable after a disaster?...; Q293. A security analyst is investigating a possible buffer overflow attack. The following outpu...; Q294. A company Invested a total of $10 million lor a new storage solution Installed across live...; Q295. An organization is developing a disaster recovery plan that requires data to be backed up ...; Q296. Which of the following indicates when a company might not be viable after a disaster?...; Q297. An organization is designing a network architecture that must meet the following requireme...; Q298. An organization recently started processing, transmitting, and storing its customers' cred...; Q299. A developer wants to maintain integrity to each module of a program and ensure the code ca...; Q300. The Chief Security Officer (CSO) requested the security team implement technical controls ...; Q301. A user from the sales department opened a suspicious file attachment. The sales department...; Q302. An organization is looking to establish more robust security measures by implementing PKI....; Q303. A security review of the architecture for an application migration was recently completed....; Q304. A client is adding scope to a project. Which of the following processes should be used whe...; Q305. In preparation for the holiday season, a company redesigned the system that manages retail...; Q306. A security architect is designing a solution for a new customer who requires significant s...; Q307. A threat analyst notices the following URL while going through the HTTP logs. (Exhibit) Wh...; Q308. A commercial OSINT provider utilizes and reviews data from various sources of publicly ava...; Q309. A recent data breach revealed that a company has a number of files containing customer dat...; Q310. A company purchased Burp Suite licenses this year for each application security engineer. ...; Q311. A software development company needs to mitigate third-party risks to its software supply ...; Q312. An internal security audit determines that Telnet is currently being used within the envir...; Q313. An organization is referencing NIST best practices for BCP creation while reviewing curren...; Q314. A security analyst discovered that a database administrator's workstation was compromised ...; Q315. A forensic investigator would use the foremost command for:...; Q316. Which of the following may indicate a configuration item has reached end-of-life?...; Q317. Employees are receiving certificate errors when visiting secure internet websites. A help ...; Q318. A company Invested a total of $10 million lor a new storage solution Installed across live...; Q319. Due to internal resource constraints, the management team has asked the principal security...; Q320. An organization is designing a network architecture that must meet the following requireme...; Q321. A Chief information Security Officer (CISO) has launched to create a rebuts BCP/DR plan fo...; Q322. Leveraging cryptographic solutions to protect data that is in use ensures the data is encr...; Q323. A security auditor needs to review the manner in which an entertainment device operates. T...; Q324. A pharmaceutical company recently experienced a security breach within its customer-facing...; Q325. An organization that provides a SaaS solution recently experienced an incident involving c...; Q326. A Chief information Security Officer (CISO) is developing corrective-action plans based on...; Q327. An enterprise's Chief Technology Officer (CTO) and Chief Information Security Officer (CIS...; Q328. A security administrator has been provided with three separate certificates and is trying ...; Q329. Which of the following should an organization implement to prevent unauthorized API key sh...; Q330. Company A acquired Company B. During an initial assessment, the companies discover they ar...; Q331. A security engineer performed an assessment on a recently deployed web application. The en...; Q332. A significant weather event caused all systems to fail over to the disaster recovery site ...; Q333. Which of the following testing plans is used to discuss disaster recovery scenarios with r...; Q334. The results of an internal audit indicate several employees reused passwords that were pre...; Q335. A company is experiencing a large number of attempted network-based attacks against its on...; Q336. During a network defense engagement, a red team is able to edit the following registry key...; Q337. A security architect discovers the following while reviewing code for a company's website:...; Q338. A software house is developing a new application. The application has the following requir...; Q339. Joe an application security engineer is performing an audit of an environmental control ap...; Q340. A security architect is designing a solution for a new customer who requires significant s...; Q341. A large industrial system's smart generator monitors the system status and sends alerts to...; Q342. A company is on a deadline to roll out an entire CRM platform to all users at one time. Ho...; Q343. An internal user can send encrypted emails successfully to all recipients, except one. at ...; Q344. An engineering team has deployed a new VPN service that requires client certificates to be...; Q345. An organization is designing a MAC scheme (or critical servers running GNU/Linux. The secu...; Q346. A company's Chief Information Security Officer wants to prevent the company from being the...; Q347. The analyst should implement every solution one at a time in a virtual lab, running an att...; Q348. A Chief information Security Officer (CISO) is developing corrective-action plans based on...; Q349. A security analyst has been provided the following partial Snort IDS rule to review and ad...; Q350. An organization is planning for disaster recovery and continuity of operations. INSTRUCTIO...; Q351. A systems administrator is preparing to run avulnerability scanon a set of information sys...; Q352. A help desk technician just informed the security department that a user downloaded a susp...; Q353. An organization needs to disable TLS 1.0 on a retail website. Which of the following best ...; Q354. An organization has employed the services of an auditing firm to perform a gap assessment ...; Q355. A security consultant has been asked to identify a simple, secure solution for a small bus...; Q356. A security analyst identified a vulnerable and deprecated runtime engine that is supportin...; Q357. A security engineer would like to control configurations on mobile devices while fulfillin...; Q358. A security consultant is designing an infrastructure security solution for a client compan...; Q359. A company has decided to purchase a license for software that is used to operate a mission...; Q360. An organization is implementing a new identity and access management architecture with the...; Q361. A security analyst runs a vulnerability scan on a network administrator's workstation The ...; Q362. In support of disaster recovery objectives, a third party agreed to provide 99.999% uptime...; Q363. A product development team has submitted code snippets for review prior to release. INSTRU...; Q364. A company moved its on-premises services to the cloud. Although a recent audit verified th...; Q365. A customer reports being unable to connect to a website at www.test.com to consume service...; Q366. A local university that has a global footprint is undertaking a complete overhaul of its w...; Q367. A company is experiencing a large number of attempted network-based attacks against its on...; Q368. A cybersecurity engineer analyst a system for vulnerabilities. The tool created an OVAL. R...; Q369. A company recently deployed a SIEM and began importing logs from a firewall, a file server...; Q370. A penetration tester inputs the following command: (Exhibit) This command will allow the p...; Q371. A security architect is given the following requirements to secure a rapidly changing ente...; Q372. A security engineer performed an assessment on a recently deployed web application. The en...; Q373. A security analyst is concerned that a malicious piece of code was downloaded on a Linux s...; Q374. An enterprise is configuring an SSL client-based VPN for certificate authentication. The t...; Q375. A third-party organization has implemented a system that allows it to analyze customers' d...; Q376. A security engineer needs to recommend a solution that will meet the following requirement...; Q377. A security analyst has noticed a steady increase in the number of failed login attempts to...; Q378. A help desk technician is troubleshooting an issue with an employee's laptop that will not...; Q379. A cybersecurity analyst created the following tables to help determine the maximum budget ...; Q380. Which of the following security features do email signatures provide?...; Q381. An organization is preparing to migrate its production environment systems from an on-prem...; Q382. A security analyst is investigating a series of suspicious emails by employees to the secu...; Q383. A security analyst is reviewing SIEM events and is uncertain how to handle a particular ev...; Q384. A network architect is designing a new SD-WAN architecture to connect all local sites to a...; Q385. A business stores personal client data of individuals residing in the EU in order to proce...; Q386. An engineer wants to assess the OS security configurations on a company's servers. The eng...; Q387. Which of the following tools uses machine learning and advanced analytics to detect abnorm...; Q388. Company A is establishing a contractual with Company B. The terms of the agreement are for...; Q389. A security engineer has been asked to close all non-secure connections from the corporate ...; Q390. Which of the following testing plans is used to discuss disaster recovery scenarios with r...; Q391. A security auditor needs to review the manner in which an entertainment device operates. T...; Q392. A security analyst is evaluating all third-party software an organization uses. The analys...; Q393. A security analyst discovered that a database administrator's workstation was compromised ...; Q394. Company A is establishing a contractual with Company B. The terms of the agreement are for...; Q395. A significant weather event caused all systems to fail over to the disaster recovery site ...; Q396. An IPSec solution is being deployed. The configuration files for both the VPN concentrator...; Q397. A healthcare company wants to increase the value of the data it collects on its patients b...; Q398. A technician accidentally deleted the secret key that was corresponding to the public key ...; Q399. A security architect has designated that a server segment of an enterprise network will re...; Q400. An organization's finance system was recently attacked. A forensic analyst is reviewing th...; Q401. A security analyst at a global financial firm was reviewing the design of a cloud-based sy...; Q402. Joe an application security engineer is performing an audit of an environmental control ap...; Q403. A security consultant has been asked to identify a simple, secure solution for a small bus...; Q404. After a security incident, a network security engineer discovers that a portion of the com...; Q405. A local university that has a global footprint is undertaking a complete overhaul of its w...; Q406. Clients are reporting slowness when attempting to access a series of load-balanced APIs th...; Q407. The audit team was only provided the physical and logical addresses of the network without...; Q408. A security engineer has implemented an internal user access review tool so service teams c...; Q409. A company wants to protect its intellectual property from theft. The company has already a...; Q410. A security architect is given the following requirements to secure a rapidly changing ente...; Q411. Which of the following is the reason why security engineers often cannot upgrade the secur...; Q412. A satellite communications ISP frequently experiences outages and degraded modes of operat...; Q413. A company security engineer arrives at work to face the following scenario: 1) Website def...; Q414. In a cloud environment, the provider offers relief to an organization's teams by sharing i...; Q415. A company has decided that only administrators are permitted to use PowerShell on their Wi...; Q416. Which of the following is the MOST important security objective when applying cryptography...; Q417. An application security engineer is performing a vulnerability assessment against a new we...; Q418. Which of the following technologies allows CSPs to add encryption across multiple data sto...; Q419. A security architect is tasked with scoping a penetration test that will start next month....; Q420. After a security incident, a network security engineer discovers that a portion of the com...; Q421. A company publishes several APIs for customers and is required to use keys to segregate cu...; Q422. An organization wants to perform a scan of all its systems against best practice security ...; Q423. A security architect is improving a healthcare organization's security posture. Most of th...; Q424. During an adversarial simulation exercise, an external team was able to gain access to sen...; Q425. Signed applications reduce risks by:; Q426. A security engineer was auditing an organization's current software development practice a...; Q427. A security engineer has been informed by the firewall team that a specific Windows worksta...; Q428. An IoT device implements an encryption module built within its SoC, where the asymmetric p...; Q429. A security administrator needs to implement a security solution that will: - Limit the att...; Q430. Following a Log4j outbreak, several network appliances were not managed and remained undet...; Q431. A large number of emails have been reported, and a security analyst is reviewing the follo...; Q432. An employee in the accounting department created a potential security incident by emailing...; Q433. A security administrator has been tasked with hardening a domain controller against latera...; Q434. Due to locality and budget constraints, an organization's satellite office has a lower ban...; Q435. An organization requires a contractual document that includes * An overview of what is cov...; Q436. A company just released a new video card. Due to limited supply and nigh demand, attackers...; Q437. An organization wants to perform a scan of all its systems against best practice security ...; Q438. A company is migrating from company-owned phones to a BYOD strategy for mobile devices. Th...; Q439. A security analyst at a global financial firm was reviewing the design of a cloud-based sy...; Q440. A managed security provider (MSP) is engaging with a customer who was working through a co...; Q441. A security analyst notices a number of SIEM events that show the following activity: (Exhi...; Q442. During a recent security incident investigation, a security analyst mistakenly turned off ...; Q443. A web service provider has just taken on a very large contract that comes with requirement...; Q444. Ransomware encrypted the entire human resources fileshare for a large financial institutio...; Q445. A local university that has a global footprint is undertaking a complete overhaul of its w...; Q446. A security architect is reviewing the following proposed corporate firewall architecture a...; Q447. A security engineer notices the company website allows users following example: hitps://my...; Q448. A security consultant needs to set up wireless security for a small office that does not h...; Q449. A new web server must comply with new secure-by-design principles and PCI DSS. This includ...; Q450. A product development team has submitted code snippets for review prior to release. INSTRU...; Q451. A company's employees are not permitted to access company systems while traveling internat...; Q452. A security analyst is performing a vulnerability assessment on behalf of a client. The ana...; Q453. Company A is establishing a contractual with Company B. The terms of the agreement are for...; Q454. A company has received threat intelligence about bad routes being advertised. The company ...; Q455. A web application server is running a legacy operating system with an unpatched RCE (Remot...; Q456. Which of the following processes involves searching and collecting evidence during an inve...; Q457. A company's Chief Information Security Officer wants to prevent the company from being the...; Q458. A small company recently developed prototype technology for a military program. The compan...; Q459. A security researcher detonated some malware in a lab environment and identified the follo...; Q460. An organization's board of directors has asked the Chief Information Security Officer to b...; Q461. A security architect updated the security policy to require a proper way to verify that pa...; Q462. A company publishes several APIs for customers and is required to use keys to segregate cu...; Q463. Which of the following should be established when configuring a mobile device to protect u...; Q464. A disaster recovery team learned of several mistakes that were made during the last disast...; Q465. A recentDASTscan indicates an application has multiple issues withpath traversal. Which of...; Q466. The Chief information Officer (CIO) asks the system administrator to improve email securit...; Q467. A software development company is building a new mobile application for its social media p...; Q468. An administrator at a software development company would like to protect the integrity of ...; Q469. A company plans to build an entirely remote workforce that utilizes a cloud-based infrastr...; Q470. An analyst is working to address a potential compromise of a corporate endpoint and discov...; Q471. A security administrator wants to detect a potential forged sender claim in tt-e envelope ...; Q472. A company launched a new service and created a landing page within its website network for...; Q473. An organization is looking to establish more robust security measures by implementing PKI....; Q474. A company suspects a web server may have been infiltrated by a rival corporation. The secu...; Q475. A DevOps team wants to move production data into the QA environment for testing. This data...; Q476. During a network defense engagement, a red team is able to edit the following registry key...; Q477. A security engineer notices the company website allows users to select which country they ...; Q478. A Chief Information Officer is considering migrating all company data to the cloud to save...; Q479. A security administrator wants to detect a potential forged sender claim in tt-e envelope ...; Q480. A security analyst is configuring an IPSec tunnel to use the strongest encryption currentl...; Q481. Due to adverse events, a medium-sized corporation suffered a major operational disruption ...; Q482. A software development company is implementing a SaaS-based password vault for customers t...; Q483. An organization needs to classify its systems and data in accordance with external require...; Q484. All staff at a company have started working remotely due to a global pandemic. To transiti...; Q485. The Chief Information Security Officer is concerned about the possibility of employees dow...; Q486. Which of the following is a security concern for DNP3?...; Q487. A security analyst is reviewing a new IOC in which data is injected into an online process...; Q488. An accounting team member received a voicemail message from someone who sounded like the C...; Q489. A company's claims processed department has a mobile workforce that receives a large numbe...; Q490. A security analyst notices a number of SIEM events that show the following activity: (Exhi...; Q491. An incident response team completed recovery from offline backup for several workstations....; Q492. Given the following log snippet from a web server: (Exhibit) Which of the following BEST d...; Q493. A company has a website with a huge database. The company wants to ensure that a DR site c...; Q494. After a lengthy exercise manually analyzing various types of logs related to a security br...; Q495. A high-severity vulnerability was found on a web application and introduced to the enterpr...; Q496. A mobile device hardware manufacturer receives the following requirements from a company t...; Q497. A new corporate policy requires that all employees have access to corporate resources on p...; Q498. A security analyst notices a number of SIEM events that show the following activity: (Exhi...; Q499. An administrator at a software development company would like to protect the integrity of ...; Q500. A software developer was just informed by the security team that the company's product has...; Q501. Which of the following describes how a risk assessment is performed when an organization h...; Q502. A health company has reached the physical and computing capabilities in its datacenter, bu...; Q503. Clients are reporting slowness when attempting to access a series of load-balanced APIs th...; Q504. A small firm's newly created website has several design flaws. The developer created the w...; Q505. A product development team has submitted code snippets for review prior to release. INSTRU...; Q506. A company is outsourcing to an MSSP that performs managed detection and response services....; Q507. A review of the past year's attack patterns shows that attackers stopped reconnaissance af...; Q508. A systems engineer needs to develop a solution that uses digital certificates to allow aut...; Q509. A company with multiple locations has taken a cloud-only approach to its infrastructure Th...; Q510. An organization is deploying a new, online digital bank and needs to ensure availability a...; Q511. A pharmaceutical company was recently compromised by ransomware. Given the following EDR o...; Q512. The Chief Information Security Officer of a startup company has asked a security engineer ...; Q513. A Chief Information Officer (CIO) wants to implement a cloud solution that will satisfy th...; Q514. A security analyst notices a number of SIEM events that show the following activity: (Exhi...; Q515. A threat analyst notices the following URL while going through the HTTP logs. (Exhibit) Wh...; Q516. A networking team was asked to provide secure remote access to all company employees. The ...; Q517. The Chief Information Security Officer is concerned about the possibility of employees dow...; Q518. A home automation company just purchased and installed tools for its SOC to enable inciden...; Q519. A company recently migrated its critical web application to a cloud provider's environment...; Q520. An organization recently experienced a ransomware attack. The security team leader is conc...; Q521. A security engineer has been informed by the firewall team that a specific Windows worksta...; Q522. A cybersecurity analyst discovered a private key that could have been exposed. Which of th...; Q523. An organization wants to implement an access control system based on its data classificati...; Q524. The IT team suggests the company would save money by using self-signed certificates, but t...; Q525. A company reviews the regulatory requirements associated with a new product, and then comp...; Q526. A security officer is requiring all personnel working on a special project to obtain a sec...; Q527. A security engineer is reviewing metrics for a series of bug bounty reports. The engineer ...; Q528. A SOC analyst received an alert about a potential compromise and is reviewing the followin...; Q529. A company just released a new video card. Due to limited supply and high demand, attackers...; Q530. A threat hunting team receives a report about possible APT activity in the network. Which ...; Q531. During a phishing exercise, a few privileged users ranked high on the failure list. The en...; Q532. A security administrator has been provided with three separate certificates and is trying ...; Q533. After investigating virus outbreaks that have cost the company $1,000 per incident, the co...; Q534. A security architect is working with a new customer to find a vulnerability assessment sol...; Q535. A PKI engineer is defining certificate templates for an organization's CA and would like t...; Q536. A company enlists a trusted agent to implement a way to authenticate email senders positiv...; Q537. An organization is developing a disaster recovery plan that requires data to be backed up ...; Q538. An organization recently experienced a ransomware attack. The security team leader is conc...; Q539. An organization's existing infrastructure includes site-to-site VPNs between datacenters. ...; Q540. A threat analyst notices the following URL while going through the HTTP logs. (Exhibit) Wh...; Q541. A help desk analyst suddenly begins receiving numerous calls from remote employees who sta...; Q542. A customer reports being unable to connect to a website at www.test.com to consume service...; Q543. A global organization's Chief Information Security Officer (CISO) has been asked to analyz...; Q544. A technology company developed an in-house chat application that is used only by developer...; Q545. A security analyst is investigating a series of suspicious emails by employees to the secu...; Q546. A company is migrating its data center to the cloud. Some hosts had been previously isolat...; Q547. (Exhibit); Q548. A company plans to build an entirely remote workforce that utilizes a cloud-based infrastr...; Q549. A security analyst receives an alert from the SIEM regarding unusual activity on an author...; Q550. A security analyst notices a number of SIEM events that show the following activity: (Exhi...; Q551. A security analyst for a managed service provider wants to implement the most up-to-date a...; Q552. A security architect was asked to modify an existing internal network design to accommodat...; Q553. A recent data breach stemmed from unauthorized access to an employee's company account wit...; Q554. A Chief Information Security Officer (CISO) reviewed data from a cyber exercise that exami...; Q555. A security architect was asked to modify an existing internal network design to accommodat...; Q556. A company wants to implement a cloud-based security solution that will sinkhole malicious ...; Q557. Due to adverse events, a medium-sized corporation suffered a major operational disruption ...; Q558. A security analyst is participating in a risk assessment and is helping to calculate the e...; Q559. A new, online file hosting service is being offered. The service has the following securit...; Q560. An organization's finance system was recently attacked. A forensic analyst is reviewing th...; Q561. An organization's assessment of a third-party, non-critical vendor reveals that the vendor...; Q562. An organization performed a risk assessment and discovered that less than 50% of its emplo...; Q563. An organization's finance system was recently attacked. A forensic analyst is reviewing th...; Q564. A security researcher identified the following messages while testing a web application: (...; Q565. A developer needs to implement PKI in an autonomous vehicle's software in the most efficie...; Q566. Which of the following is the most effective approach to prevent the reoccurrence of unexp...; Q567. A company's software developers have indicated that the security team takes too long to pe...; Q568. A security analyst is reviewing the following output: (Exhibit) Which of the following wou...; Q569. A security architect was asked to modify an existing internal network design to accommodat...; Q570. A customer requires secure communication of subscribed web services at all times, but the ...; Q571. A security analyst notices a number of SIEM events that show the following activity: (Exhi...; Q572. In support of disaster recovery objectives, a third party agreed to provide 99.999% uptime...; Q573. An organization recently started processing, transmitting, and storing its customers' cred...; Q574. A company is moving most of its customer-facing production systems to the cloud-facing pro...; Q575. A junior developer is informed about the impact of new malware on an Advanced RISC Machine...; Q576. An organization performed a risk assessment and discovered that less than 50% of its emplo...; Q577. An organization is designing a MAC scheme (or critical servers running GNU/Linux. The secu...; Q578. A security engineer is reviewing a record of events after a recent data breach incident th...; Q579. Which of the following is the best reason to maintain visibility into vendor supply chains...; Q580. A security manager wants to transition the organization to a zero trust architecture. To m...; Q581. Law enforcement officials informed an organization that an investigation has begun. Which ...; Q582. Company A acquired Company B. During an audit, a security engineer found Company B's envir...; Q583. A company has integrated source code from a subcontractor into its security product. The s...; Q584. A security analyst is reviewing the following output from a vulnerability scan from an org...; Q585. A penetration tester obtained root access on a Windows server and, according to the rules ...; Q586. Which of the following technologies would benefit the most from the use of biometric reade...; Q587. A company uses a CSP to provide a front end for its new payment system offering. The new o...; Q588. A security team is creating tickets to track the progress of remediation. Which of the fol...; Q589. A development team needs terminal access to preproduction servers to verify settings and e...; Q590. Which of the following controls primarily detects abuse of privilege but does not prevent ...; Q591. A security administrator at a global organization wants to update password complexity rule...

Join the discussion

Question 173/591

Add Comments

Download PDF File