New Questions 13

CORRECT TEXTAn administrator wants to install a patch to an application. Given the scenario, download, verify and install the patch in the most secure manner.

Instructions: The last install that is completed will be the final submission.

View Answer

New Questions 14

A company is trying to decide how to manage hosts in a branch location connected via a slow WAN link. The company desires to provide the same level of performance and functionality to the branch office as it provides to the main campus. The company uses Active Directory for its directory service and host configuration management. The branch location does not have a datacenter, and the physical security posture of the building is weak. Which of the following designs is MOST appropriate for this scenario?

A. Deploy a branch location Read-Only Domain Controller in the DMZ at the main campus with a two-way trust.

B. Deploy a corporate Read-Only Domain Controller to the branch location.

C. Deploy a corporate Domain Controller in the DMZ at the main campus.

D. Deploy a branch location Read-Only Domain Controller to the branch office location with a one-way trust.

E. Deploy a corporate Domain Controller to the branch location.

F. Deploy a branch location Domain Controller to the branch location with a one-way trust.

View Answer

New Questions 15

There have been some failures of the companyu2021s internal facing website. A security engineer has found the WAF to be the root cause of the failures. System logs show that the WAF has been unavailable for 14 hours over the past month, in four separate situations. One of these situations was a two hour scheduled maintenance time, aimed at improving the stability of the WAF. Using the MTTR based on the last monthu2021s performance figures, which of the following calculations is the percentage of uptime assuming there were 722 hours in the month?

A. 92.24 percent

B. 98.06 percent

C. 98.34 percent

D. 99.72 percent

View Answer

New Questions 16

A security administrator was recently hired in a start-up company to represent the interest of security and to assist the network team in improving security in the company. The programmers are not on good terms with the security team and do not want to be distracted with security issues while they are working on a major project. Which of the following is the BEST time to make them address security issues in the project?

A. In the middle of the project

B. At the end of the project

C. At the inception of the project

D. At the time they request

View Answer

New Questions 17

A human resources manager at a software development company has been tasked with recruiting personnel for a new cyber defense division in the company. This division will require personnel to have high technology skills and industry certifications. Which of the following is the BEST method for this manager to gain insight into this industry to execute the task?

A. Interview candidates, attend training, and hire a staffing company that specializes in technology jobs

B. Interview employees and managers to discover the industry hot topics and trends

C. Attend meetings with staff, internal training, and become certified in software management

D. Attend conferences, webinars, and training to remain current with the industry and job requirements

View Answer

New Questions 18

A security architect has been engaged during the implementation stage of the SDLC to review a new HR software installation for security gaps. With the project under a tight schedule to meet market commitments on project delivery, which of the following security activities should be prioritized by the security architect? (Select TWO).

A. Perform penetration testing over the HR solution to identify technical vulnerabilities

B. Perform a security risk assessment with recommended solutions to close off high-rated risks

C. Secure code review of the HR solution to identify security gaps that could be exploited

D. Perform access control testing to ensure that privileges have been configured correctly

E. Determine if the information security standards have been complied with by the project

View Answer

New Questions 19

Ann is testing the robustness of a marketing website through an intercepting proxy. She has intercepted the following HTTP request:

POST /login.aspx HTTP/1.1 Host: comptia.org

Content-type: text/html txtUsername=ann&txtPassword=ann&alreadyLoggedIn=false&submit=true

Which of the following should Ann perform to test whether the website is susceptible to a simple authentication bypass?

A. Remove all of the post data and change the request to /login.aspx from POST to GET

B. Attempt to brute force all usernames and passwords using a password cracker

C. Remove the txtPassword post data and change alreadyLoggedIn from false to true

D. Remove the txtUsername and txtPassword post data and toggle submit from true to false

View Answer

New Questions 20

A member of the software development team has requested advice from the security team to implement a new secure lab for testing malware. Which of the following is the NEXT step that the security team should take?

A. Purchase new hardware to keep the malware isolated.

B. Develop a policy to outline what will be required in the secure lab.

C. Construct a series of VMs to host the malware environment.

D. Create a proposal and present it to management for approval.

View Answer

New Questions 21

An investigator wants to collect the most volatile data first in an incident to preserve the data that runs the highest risk of being lost. After memory, which of the following BEST represents the remaining order of volatility that the investigator should follow?

A. File system information, swap files, network processes, system processes and raw disk blocks.

A. B. Raw disk blocks, network processes, system processes, swap files and file system information.

C. System processes, network processes, file system information, swap files and raw disk blocks.

D. Raw disk blocks, swap files, network processes, system processes, and file system information.

View Answer

New Questions 22

A penetration tester is assessing a mobile banking application. Man-in-the-middle attempts via a HTTP intercepting proxy are failing with SSL errors. Which of the following controls has likely been implemented by the developers?

A. SSL certificate revocation

B. SSL certificate pinning

C. Mobile device root-kit detection

D. Extended Validation certificates

View Answer