Comptia Security+ Exam Practice 8

Which cryptographic attacks attempt to produce the same hash value from a brute force attack using two inputs? (Choose two.)

A security analyst is investigating a phishing email that contains a malicious document directed to the company’s CEO. Which of the following should the  analyst perform to understand the threat and retrieve possible IoCs?

Which of the following are common VoIP-associated vulnerabilities? (Choose two.)

You need to remove data from a storage media that is used to store confidential information. Which method is NOT recommended?

A company is moving its retail website to a public cloud provider. The company wants to tokenize audit card data but not allow the cloud provider to see the stored credit card information. Which of the following would BEST meet these objectives?

A security engineer is deploying a new wireless network for a company. The company shares office space with multiple tenants. Which of the following should the engineer configure on the wireless network to ensure that confidential data is not exposed to unauthorized users?

You are currently comparing stream ciphers and block ciphers. You have decided to use only block ciphers and hash algorithms on your organization’s network. Which cryptographic algorithm is a stream cipher?

Which of the following environments would MOST likely be used to assess the execution of component parts of a system at both the hardware and software levels and to measure performance characteristics?

An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled.
Which of the following can be used to accomplish this task?

Match the symmetric cypher mode with its description:

An organization wants to integrate its incident response processes into a workflow with automated decision points and actions based on predefined playbooks. Which of the following should the organization implement?

Which of the following uses SAML for authentication?

Which of the following reflects an organization’s attentiveness to risk issues?

A security administrator is working on a solution to protect passwords stored in a database against rainbow table attacks Which of the following should the administrator consider?

A penetration tester was able to compromise an internal server and is now trying to pivot the current session in a network lateral movement. Which of the following tools, if available on the server, will provide the MOST useful information for the next assessment step?

Which of the following tools or activities is primarily used for automating security compliance checks and vulnerability assessments across an organization’s IT infrastructure?

A Chief Information Security Officer (CISO) is evaluating the dangers involved in deploying a new ERP system for the company. The CISO categorizes the system, selects the controls that apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system. Which of the following is the CISO using to evaluate the environment for this new ERP system?

During a recent penetration test, the tester discovers large amounts of data were exfiltrated over the course of 12 months via the internet. The penetration tester stops the test to inform the client of the findings. Which of the following should be the client’s NEXT step to mitigate the issue?

Before executing a vulnerability scan, you are evaluating all of the relevant considerations. Which of the following considerations is the MOST important?

Which of the following uses six initial steps that provide basic control over system security by including hardware and software inventory, vulnerability management, and continuous monitoring to minimize risk in all network environments?

Digital signatures use asymmetric encryption. This means the message is encrypted with:

A network analyst at a small company identifies a Trojan on a server after observing unusual data exfiltration activities. To effectively deal with this Trojan, which TWO of the following actions should the analyst prioritize? (SELECT TWO)

The technology department at a large global company is expanding its Wi-Fi network infrastructure at the headquarters building. Which of the following should be closely coordinated between the technology, cybersecurity, and physical security departments?

The Chief Information Security Officer wants to prevent exfiltration of sensitive information from employee cell phones when using public USB power charging stations. Which of the following would be the BEST solution to implement?

During a routine audit, a security administrator at Info Secure discovers that several user accounts have not been de-provisioned despite the users having left the organization months ago. To mitigate this risk and improve the account management process, which TWO of the following actions should the administrator prioritize? (SELECT TWO)

A security analyst reviews a company’s authentication logs and notices multiple authentication failures. The authentication failures are from different usernames that share the same source IP address. Which of the password attacks is MOST likely happening?

As part of a security compliance assessment, an auditor performs automated vulnerability scans. In addition, which of the following should the auditor do to complete the assessment?