- All Exams Instant Download
Which of the following access control schemes would be BEST for the company to implement?
A company processes highly sensitive data and senior management wants to protect the sensitive data by utilizing classification labels. Which of the following access control schemes would be BEST for the company to implement?A . DiscretionaryB . Rule-basedC . Role-basedD . MandatoryView AnswerAnswer: D
Which of the following standards must the company comply with before accepting credit cards on its e-commerce platform?
A company recently set up an e-commerce portal to sell its product online. The company wants to start accepting credit cards for payment, which requires compliance with a security standard. Which of the following standards must the company comply with before accepting credit cards on its e-commerce platform?A . PCI...
Which of the following describes what the manager is doing?
A cybersecurity manager has scheduled biannual meetings with the IT team and department leaders to discuss how they would respond to hypothetical cyberattacks. During these meetings, the manager presents a scenario and injects additional information throughout the session to replicate what might occur in a dynamic cybersecurity event involving the...
Which of the following would BEST prevent this attack from reoccurring?
A recently discovered zero-day exploit utilizes an unknown vulnerability in the SMB network protocol to rapidly infect computers. Once infected, computers are encrypted and held for ransom. Which of the following would BEST prevent this attack from reoccurring?A . Configure the perimeter firewall to deny inbound external connections to SMB...
Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data processors?
Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data processors?A . SSAE SOC 2B . PCI DSSC . GDPRD . ISO 31000View AnswerAnswer: C
Which of the following policies would help an organization identify and mitigate potential single points of failure in the company’s IT/security operations?
Which of the following policies would help an organization identify and mitigate potential single points of failure in the company’s IT/security operations?A . Least privilegeB . Awareness trainingC . Separation of dutiesD . Mandatory vacationView AnswerAnswer: C
As authorities collect evidence, and to preserve the admissibility of the evidence, which of the following forensic techniques should be used?
An employee has been charged with fraud and is suspected of using corporate assets. As authorities collect evidence, and to preserve the admissibility of the evidence, which of the following forensic techniques should be used?A . Order of volatilityB . Data recoveryC . Chain of custodyD . Non-repudiationView AnswerAnswer: C
http://dev-site.comptia.org/home/show.php?
A security analyst is reviewing a new website that will soon be made publicly available. The analyst sees the following in the URL: http://dev-site.comptia.org/home/show.php?sessionID=77276554&loc=us The analyst then sends an internal user a link to the new website for testing purposes, and when the user clicks the link, the analyst is...
Which of the following can the security analyst conclude?
A security analyst receives a SIEM alert that someone logged in to the appadmin test account, which is only used for the early detection of attacks. The security analyst then reviews the following application log: Which of the following can the security analyst conclude?A . A replay attack is being...
Which of the following is the MOST likely root cause?
A company’s bank has reported that multiple corporate credit cards have been stolen over the past several weeks. The bank has provided the names of the affected cardholders to the company’s forensics team to assist in the cyber-incident investigation. An incident responder learns the following information: - The timeline of...
