CompTIA Certmaster CE Security+ Domain 1.0
General Security Concepts Assessment Questions
With 100% Correct Answers
In a cybersecurity operation where downtime is critical to its mission, a cybersecurity
analyst incorporates allowlists and denylists restrictions. The objective is to guarantee
high availability (HA) and safeguard against potential security threats. How would a
cybersecurity analyst utilize these lists in this scenario? (Select the two best options.) -
✔✔ - A. Allowlists can specify approved software, hardware, and change types that are
essential for the operation's functioning.
D. Denylists can block unauthorized software, hardware, and change types that pose
high risk to the operation's availability and security.
How can a cybersecurity analyst effectively utilize version control to maintain a historical
record of changes and ensure security in the organization's IT systems and
applications? - ✔✔ - C. Use version control to track changes in network diagrams and
configuration files.
A malicious actor initiates an attack on a software organization, believing it to have
successfully acquired sensitive data. Unbeknownst to the attacker, the organization has
deceived the attacker by intentionally providing fake sensitive information and has now
captured the attacker's tactics and tools. What deception technology did the
organization deploy to capture the attacker's techniques and tools? - ✔✔ - D. Honeyfile
, A cyber technician reduces a computer's attack surface by installing a cryptoprocessor
that a plug-in peripheral component interconnect express (PCIe) adaptor card can
remove. What type of cryptoprocessor can support this requirement? - ✔✔ - B.
Hardware Security Module (HSM)
A corporation's IT department is integrating a new framework that permits, ascertains,
and applies various resources in accordance with established company policies. Which
principle should the department incorporate? - ✔✔ - A. Policy-driven access control
The organization is implementing a significant software upgrade that necessitates
application restarts. How can the cybersecurity analyst ensure a smooth transition
without causing extended downtime? - ✔✔ - B. Schedule the upgrade during
nonworking hours to reduce the impact on users.
A security analyst wants to ensure that the privileges granted to an individual align with
the role within the organization. What is the primary tool that the analyst should
implement? - ✔✔ - (C. Authenticating systems incorrect)
A user in a company wants a new USB flash drive. Rather than requesting one through
the proper channel, the user obtains one from one of the company's storage closets.
Upon approaching the closet door, the user notices a warning sign indicating cameras
are in use. What is the control objective of the observed sign? - ✔✔ - C. Deterrent
General Security Concepts Assessment Questions
With 100% Correct Answers
In a cybersecurity operation where downtime is critical to its mission, a cybersecurity
analyst incorporates allowlists and denylists restrictions. The objective is to guarantee
high availability (HA) and safeguard against potential security threats. How would a
cybersecurity analyst utilize these lists in this scenario? (Select the two best options.) -
✔✔ - A. Allowlists can specify approved software, hardware, and change types that are
essential for the operation's functioning.
D. Denylists can block unauthorized software, hardware, and change types that pose
high risk to the operation's availability and security.
How can a cybersecurity analyst effectively utilize version control to maintain a historical
record of changes and ensure security in the organization's IT systems and
applications? - ✔✔ - C. Use version control to track changes in network diagrams and
configuration files.
A malicious actor initiates an attack on a software organization, believing it to have
successfully acquired sensitive data. Unbeknownst to the attacker, the organization has
deceived the attacker by intentionally providing fake sensitive information and has now
captured the attacker's tactics and tools. What deception technology did the
organization deploy to capture the attacker's techniques and tools? - ✔✔ - D. Honeyfile
, A cyber technician reduces a computer's attack surface by installing a cryptoprocessor
that a plug-in peripheral component interconnect express (PCIe) adaptor card can
remove. What type of cryptoprocessor can support this requirement? - ✔✔ - B.
Hardware Security Module (HSM)
A corporation's IT department is integrating a new framework that permits, ascertains,
and applies various resources in accordance with established company policies. Which
principle should the department incorporate? - ✔✔ - A. Policy-driven access control
The organization is implementing a significant software upgrade that necessitates
application restarts. How can the cybersecurity analyst ensure a smooth transition
without causing extended downtime? - ✔✔ - B. Schedule the upgrade during
nonworking hours to reduce the impact on users.
A security analyst wants to ensure that the privileges granted to an individual align with
the role within the organization. What is the primary tool that the analyst should
implement? - ✔✔ - (C. Authenticating systems incorrect)
A user in a company wants a new USB flash drive. Rather than requesting one through
the proper channel, the user obtains one from one of the company's storage closets.
Upon approaching the closet door, the user notices a warning sign indicating cameras
are in use. What is the control objective of the observed sign? - ✔✔ - C. Deterrent
