CompTIA Certmaster CE Security+
Domain 4.0 Security Operations
Assessment with Complete Solutions
A global corporation has faced numerous cyber threats and is now prioritizing the
security of its servers. The corporation's IT security expert recommends a strategy to
improve server security. Which of the following options is likely to be the MOST
effective? - ANSWER-D. Implement a secure baseline, consistently apply updates and
patches, and adhere to hardening guidelines.
A software engineer is reviewing the various capabilities of automation and scripting.
What capability does the use of security groups allow for in automation and scripting? -
ANSWER-A. It assists in reducing the possibility of unauthorized access or excessive
permissions.
As a company matures, its attack surface also grows. Additionally, the company
becomes an increasingly desirable target for a malicious actor to compromise its
systems. A company must monitor all software usage, secure applications, third-party
software, libraries, and dependencies. Which of the following would contribute to
protecting the business's operations? (Select the three best options.) - ANSWER-A.
Package monitoring
B. Software Bill of Materials
C. Software composition analysis
A forensic analyst at an international law enforcement agency investigates a
sophisticated cyber-espionage case. The analyst must uncover the timeline of
document interactions, detect concealed or system-protected files, interpret categories
of digital events, and trace digital breadcrumbs left behind during media uploads on
social platforms. What combination of data sources would provide the MOST
comprehensive information for this multifaceted investigation? - ANSWER-C. File
metadata with extended attributes and network transaction logs
The IT team of a medium-sized business is planning to enhance network security. They
want to enforce minimum security controls and configurations across all network
devices, including firewalls, routers, and switches. What should they establish to
achieve this objective? - ANSWER-A. Network security baselines
An organization needs to implement web filtering to bolster its security. The goal is to
ensure consistent policy enforcement for both in-office and remote workers. Which of
, the following web filtering methods BEST meets this requirement? - ANSWER-B.
Deploying agent-based web filtering
In a multinational corporation, employees across various departments regularly access
many cloud-based applications to fulfill their tasks efficiently. The company's security
team is grappling with managing user credentials securely and efficiently across these
diverse platforms. They are actively looking to improve user authentication and
streamline access to these applications while ensuring robust security measures are in
place. In this scenario, what technology should the company implement to enable
Single Sign-On (SSO) capabilities and ensure secure authentication across its diverse
cloud-based applications? - ANSWER-B. SAML
A cybersecurity responder monitors a hacker's activities covertly to prepare a
containment and eradication plan. This technique involves gaining an informational
advantage over an adversary by observing them without their knowledge, allowing for
strategic planning and response. What threat-hunting technique is being employed? -
ANSWER-B. Maneuvering
What action of the incident response process limits the scope and magnitude of the
incident? - ANSWER-C. Containment
An information security manager is fine-tuning a Security Information and Event
Management (SIEM) system in a company that has recently reported a series of
unauthorized account access attempts. The manager wants to ensure prompt detection
of similar incidents for immediate investigation. Which approach should the manager
consider to optimize the system's alerting capability? - ANSWER-C. Configuring the
SIEM system to alert when multiple login failures for the same account occur within a
specified time period
A healthcare organization is preparing to decommission several servers containing
sensitive patient information. The organization wants to ensure that it securely disposes
of the data on these servers and properly documents this process. What should the
organization primarily focus on to ensure secure data disposal and regulation
compliance? - ANSWER-D. Obtain a certificate of destruction or sanitization from a
third-party provider.
A chief security officer (CSO) is overseeing the deployment of a Security Information
and Event Management (SIEM) system in a large organization with a mix of computer
systems and network appliances. The CSO has concerns about the system resources
that the data collection process on the individual computer systems utilizes. Which
method should the CSO consider to minimize the resource usage on these systems
while ensuring effective data collection for the SIEM system? - ANSWER-C.
Implementing an agentless collection method on the computer systems
An organization reviews recent audit results of monitoring solutions used to protect the
company's infrastructure and learns that detection tools are reporting a high volume of
Domain 4.0 Security Operations
Assessment with Complete Solutions
A global corporation has faced numerous cyber threats and is now prioritizing the
security of its servers. The corporation's IT security expert recommends a strategy to
improve server security. Which of the following options is likely to be the MOST
effective? - ANSWER-D. Implement a secure baseline, consistently apply updates and
patches, and adhere to hardening guidelines.
A software engineer is reviewing the various capabilities of automation and scripting.
What capability does the use of security groups allow for in automation and scripting? -
ANSWER-A. It assists in reducing the possibility of unauthorized access or excessive
permissions.
As a company matures, its attack surface also grows. Additionally, the company
becomes an increasingly desirable target for a malicious actor to compromise its
systems. A company must monitor all software usage, secure applications, third-party
software, libraries, and dependencies. Which of the following would contribute to
protecting the business's operations? (Select the three best options.) - ANSWER-A.
Package monitoring
B. Software Bill of Materials
C. Software composition analysis
A forensic analyst at an international law enforcement agency investigates a
sophisticated cyber-espionage case. The analyst must uncover the timeline of
document interactions, detect concealed or system-protected files, interpret categories
of digital events, and trace digital breadcrumbs left behind during media uploads on
social platforms. What combination of data sources would provide the MOST
comprehensive information for this multifaceted investigation? - ANSWER-C. File
metadata with extended attributes and network transaction logs
The IT team of a medium-sized business is planning to enhance network security. They
want to enforce minimum security controls and configurations across all network
devices, including firewalls, routers, and switches. What should they establish to
achieve this objective? - ANSWER-A. Network security baselines
An organization needs to implement web filtering to bolster its security. The goal is to
ensure consistent policy enforcement for both in-office and remote workers. Which of
, the following web filtering methods BEST meets this requirement? - ANSWER-B.
Deploying agent-based web filtering
In a multinational corporation, employees across various departments regularly access
many cloud-based applications to fulfill their tasks efficiently. The company's security
team is grappling with managing user credentials securely and efficiently across these
diverse platforms. They are actively looking to improve user authentication and
streamline access to these applications while ensuring robust security measures are in
place. In this scenario, what technology should the company implement to enable
Single Sign-On (SSO) capabilities and ensure secure authentication across its diverse
cloud-based applications? - ANSWER-B. SAML
A cybersecurity responder monitors a hacker's activities covertly to prepare a
containment and eradication plan. This technique involves gaining an informational
advantage over an adversary by observing them without their knowledge, allowing for
strategic planning and response. What threat-hunting technique is being employed? -
ANSWER-B. Maneuvering
What action of the incident response process limits the scope and magnitude of the
incident? - ANSWER-C. Containment
An information security manager is fine-tuning a Security Information and Event
Management (SIEM) system in a company that has recently reported a series of
unauthorized account access attempts. The manager wants to ensure prompt detection
of similar incidents for immediate investigation. Which approach should the manager
consider to optimize the system's alerting capability? - ANSWER-C. Configuring the
SIEM system to alert when multiple login failures for the same account occur within a
specified time period
A healthcare organization is preparing to decommission several servers containing
sensitive patient information. The organization wants to ensure that it securely disposes
of the data on these servers and properly documents this process. What should the
organization primarily focus on to ensure secure data disposal and regulation
compliance? - ANSWER-D. Obtain a certificate of destruction or sanitization from a
third-party provider.
A chief security officer (CSO) is overseeing the deployment of a Security Information
and Event Management (SIEM) system in a large organization with a mix of computer
systems and network appliances. The CSO has concerns about the system resources
that the data collection process on the individual computer systems utilizes. Which
method should the CSO consider to minimize the resource usage on these systems
while ensuring effective data collection for the SIEM system? - ANSWER-C.
Implementing an agentless collection method on the computer systems
An organization reviews recent audit results of monitoring solutions used to protect the
company's infrastructure and learns that detection tools are reporting a high volume of
