CompTIA CertMaster CE for Security+ -
Domain 4.0 Security Operations
Assessment Questions & Answers
An organization needs to implement web filtering to bolster its security. The goal is to
ensure consistent policy enforcement for both in-office and remote workers. Which of
the following web filtering methods BEST meets this requirement?
A. Utilizing a centralized proxy server
B. Deploying agent-based web filtering
C. Implementing manual URL blocking
D. Relying solely on reputation-based filtering - ANSWER B. Deploying agent-based
web filtering
A software technician delivers a presentation on the capabilities associated with
centralizing web filtering. When exploring techniques tied to centralized proxy service
employment to protect traffic, what classifies websites into various groupings, such as
social networking, webmail, or gambling sites?
A. Content categorization
B. URL scanning
C. Block rules
D. Reputation-based filtering - ANSWER A. Content categorization
A digital forensic analyst at a healthcare company investigates a case involving a recent
data breach. In evaluating the available data sources to assist in the investigation, what
application protocol and event-logging format enables different appliances and software
applications to transmit logs or event records to a central server?
A. Dashboard
B. Endpoint log
C. Application Log
D. Syslog - ANSWER D. Syslog
A tech company is in the process of decommissioning a fleet of old servers. It wants to
ensure that sensitive data stored on these servers is fully eliminated and is not
accessible in the event of unauthorized attempts. What primary process should the
company implement before disposing or repurposing these servers?
A. Moving the servers to a secure storage location
,B. Deleting all the files on the servers
C. Sanitizing the servers
D. Selling the servers immediately - ANSWER C. Sanitizing the servers
During the process of merging two companies, the integrated security team is tasked
with consolidating their approaches to managing cybersecurity incidents. Which
comprehensive document should be developed to outline the overall strategy and
procedures for incident response, encompassing preparation, identification,
containment, eradication, recovery, communication protocols, and contacts and
resources for responders?
A. Playbook
B. Communication plan
C. Incident response plan
D. Incident response lifecycle - ANSWER C. Incident response plan
A forensic analyst at an international law enforcement agency investigates a
sophisticated cyber-espionage case. The analyst must uncover the timeline of
document interactions, detect concealed or system-protected files, interpret categories
of digital events, and trace digital breadcrumbs left behind during media uploads on
social platforms. What combination of data sources would provide the MOST
comprehensive information for this multifaceted investigation?
A. File metadata and event logs
B. Network transaction logs and gateway security logs
C. File metadata with extended attributes and network transaction logs
D. Event logs and gateway security logs - ANSWER C. File metadata with extended
attributes and network transaction logs
An organization has implemented a Bring Your Own Device (BYOD) policy, allowing
employees to use their personal mobile devices for work-related tasks. Aware of the
varying legal ramifications and privacy concerns across different jurisdictions related to
controlling personal devices, the organization seeks to enhance the security of these
devices within the constraints of these legal and privacy issues. Considering this
context, which of the following measures would be the MOST effective way to navigate
these complexities while striving to secure employees' mobile devices under the BYOD
policy?
A. Restricting all access to company resources from mobile devices
, B. Providing employees with company-owned mobile devices
C. Using MDM solutions to centrally control employees' mobile devices
D. Enforcing complex passwords for all employee mobile devices - ANSWER C. Using
MDM solutions to centrally control employees' mobile devices
A new system administrator has been spending the morning manually entering new
vulnerability signatures based on Common Vulnerabilities and Exposures (CVE) data
and using the Common Vulnerability Scoring System (CVSS) for remediation guidance.
To enhance efficiency and ensure the vulnerability scanner remains up-to-date with
minimal manual effort, what actions should the administrator have taken instead?
(Select the three best options.)
A. Automatically update the vulnerability scanner's database via a vulnerability feed
B. Integrate the scanner with the Security Content Automation Protocol (SCAP)
C. Subscribe to a general IT news feed for updates on emerging technology trends
D. Adjust the environmental variables within the vulnerability management system -
ANSWER A, B, & D
After finding some of the company's confidential data on the internet, a software team is
drafting a policy on vulnerability response and remediation. What remediation practice
refers to measures put in place to mitigate the risk of a vulnerability when the team
cannot directly eliminate it?
A. Insurance
B. Patching
C. Compensating controls
D. Segmentation - ANSWER C. Compensating controls
The IT security team at a large company is implementing more robust authentication
measures to safeguard sensitive data and systems. The team is exploring multifactor
authentication (MFA) options to bolster security. The company deals with highly
confidential information and requires a robust solution. The team has narrowed the
choices and is evaluating which aligns BEST with their security needs. Which multi-
factor authentication method utilizes unique physical characteristics of individuals to
verify their identity?
A. Smart cards
B. SMS-based one-time passwords
C. Biometrics
D. Passwords and PINs - ANSWER C. Biometrics
Domain 4.0 Security Operations
Assessment Questions & Answers
An organization needs to implement web filtering to bolster its security. The goal is to
ensure consistent policy enforcement for both in-office and remote workers. Which of
the following web filtering methods BEST meets this requirement?
A. Utilizing a centralized proxy server
B. Deploying agent-based web filtering
C. Implementing manual URL blocking
D. Relying solely on reputation-based filtering - ANSWER B. Deploying agent-based
web filtering
A software technician delivers a presentation on the capabilities associated with
centralizing web filtering. When exploring techniques tied to centralized proxy service
employment to protect traffic, what classifies websites into various groupings, such as
social networking, webmail, or gambling sites?
A. Content categorization
B. URL scanning
C. Block rules
D. Reputation-based filtering - ANSWER A. Content categorization
A digital forensic analyst at a healthcare company investigates a case involving a recent
data breach. In evaluating the available data sources to assist in the investigation, what
application protocol and event-logging format enables different appliances and software
applications to transmit logs or event records to a central server?
A. Dashboard
B. Endpoint log
C. Application Log
D. Syslog - ANSWER D. Syslog
A tech company is in the process of decommissioning a fleet of old servers. It wants to
ensure that sensitive data stored on these servers is fully eliminated and is not
accessible in the event of unauthorized attempts. What primary process should the
company implement before disposing or repurposing these servers?
A. Moving the servers to a secure storage location
,B. Deleting all the files on the servers
C. Sanitizing the servers
D. Selling the servers immediately - ANSWER C. Sanitizing the servers
During the process of merging two companies, the integrated security team is tasked
with consolidating their approaches to managing cybersecurity incidents. Which
comprehensive document should be developed to outline the overall strategy and
procedures for incident response, encompassing preparation, identification,
containment, eradication, recovery, communication protocols, and contacts and
resources for responders?
A. Playbook
B. Communication plan
C. Incident response plan
D. Incident response lifecycle - ANSWER C. Incident response plan
A forensic analyst at an international law enforcement agency investigates a
sophisticated cyber-espionage case. The analyst must uncover the timeline of
document interactions, detect concealed or system-protected files, interpret categories
of digital events, and trace digital breadcrumbs left behind during media uploads on
social platforms. What combination of data sources would provide the MOST
comprehensive information for this multifaceted investigation?
A. File metadata and event logs
B. Network transaction logs and gateway security logs
C. File metadata with extended attributes and network transaction logs
D. Event logs and gateway security logs - ANSWER C. File metadata with extended
attributes and network transaction logs
An organization has implemented a Bring Your Own Device (BYOD) policy, allowing
employees to use their personal mobile devices for work-related tasks. Aware of the
varying legal ramifications and privacy concerns across different jurisdictions related to
controlling personal devices, the organization seeks to enhance the security of these
devices within the constraints of these legal and privacy issues. Considering this
context, which of the following measures would be the MOST effective way to navigate
these complexities while striving to secure employees' mobile devices under the BYOD
policy?
A. Restricting all access to company resources from mobile devices
, B. Providing employees with company-owned mobile devices
C. Using MDM solutions to centrally control employees' mobile devices
D. Enforcing complex passwords for all employee mobile devices - ANSWER C. Using
MDM solutions to centrally control employees' mobile devices
A new system administrator has been spending the morning manually entering new
vulnerability signatures based on Common Vulnerabilities and Exposures (CVE) data
and using the Common Vulnerability Scoring System (CVSS) for remediation guidance.
To enhance efficiency and ensure the vulnerability scanner remains up-to-date with
minimal manual effort, what actions should the administrator have taken instead?
(Select the three best options.)
A. Automatically update the vulnerability scanner's database via a vulnerability feed
B. Integrate the scanner with the Security Content Automation Protocol (SCAP)
C. Subscribe to a general IT news feed for updates on emerging technology trends
D. Adjust the environmental variables within the vulnerability management system -
ANSWER A, B, & D
After finding some of the company's confidential data on the internet, a software team is
drafting a policy on vulnerability response and remediation. What remediation practice
refers to measures put in place to mitigate the risk of a vulnerability when the team
cannot directly eliminate it?
A. Insurance
B. Patching
C. Compensating controls
D. Segmentation - ANSWER C. Compensating controls
The IT security team at a large company is implementing more robust authentication
measures to safeguard sensitive data and systems. The team is exploring multifactor
authentication (MFA) options to bolster security. The company deals with highly
confidential information and requires a robust solution. The team has narrowed the
choices and is evaluating which aligns BEST with their security needs. Which multi-
factor authentication method utilizes unique physical characteristics of individuals to
verify their identity?
A. Smart cards
B. SMS-based one-time passwords
C. Biometrics
D. Passwords and PINs - ANSWER C. Biometrics
