CompTIA Certmaster CE Security+ Domain
5.0|Question with Correct Answers
The IT department at a governmental agency is actively responsible for ensuring the security of
the agency's sensitive information and physical assets. Recently, concerns have arisen about
unauthorized access to certain restricted areas within the building. To address this issue, the IT
team is implementing access control measures to enhance physical security. The main objective
is to restrict entry to authorized personnel only and prevent unauthorized individuals from
gaining access to sensitive areas. What access control measures could the IT department
implement in the office building to enhance physical security and prevent unauthorized access
to restricted areas? - ✔️✔️A. Biometric authentication system using fingerprint scanning
The IT department at a multinational organization is evaluating potential risks associated with
implementing a new network infrastructure. This includes identifying potential vulnerabilities,
estimating potential downtime, and assessing the financial impact of potential cyberattacks.
Which type of risk assessment BEST suits the organization's requirements? - ✔️✔️B. Quantitative
risk assessment
A software application contains sensitive transmittal information, and an end-user takes it out
on a laptop in the field. The end user must understand how to protect and dispose of the data.
Which one of the following should help the end user prepare for this? - ✔️✔️C. User Training
A. General purpose guide (incorrect)
A company's risk management team has identified a particular risk that carries a significant
financial cost. The team has also determined the frequency at which this risk event is likely to
occur over a year. Based on these criteria, what is the company trying to calculate? - ✔️✔️A.
Single Loss Expectancy (SLE) (incorrect)
Which team performs the offensive role in a penetration exercise? - ✔️✔️B. Red team
, A company is evaluating the potential outcomes of a certain risk event. It estimates that if the
event occurs, it could lead to a financial loss measured in dollars. Which of the following
outcomes can the company conclude in this scenario? - ✔️✔️D. Impact
A cyber team holds a conference to discuss newly designed requirements for compliance
reporting and monitoring after experiencing a recent breach of sensitive information. What are
the characteristics of compliance monitoring? (Select the two best options.) - ✔️✔️C. It conducts
thorough investigations and assessments of third parties.
D. It uses automation to improve accuracy and streamline observation activities.
A technology company implements a backup strategy to mitigate data loss in case of a system
crash. The strategy focuses on defining the maximum acceptable age of data that the
organization can tolerate losing if the system crashes. Which principle should the company
apply to meet their needs? - ✔️✔️C. RPO
A. RTO (incorrect)
B. SLE (incorrect)
An organization's IT security team has noticed increased suspicious email activity targeting its
employees. The IT team plans to create different campaigns to address this issue as part of its
response strategy. What should be the team's initial focus to enhance awareness and
protection against these email threats? - ✔️✔️B. Launching a phishing awareness campaign
In a tech company, the IT department is selecting a new vendor to upgrade its network
infrastructure. To ensure a smooth and well-defined procurement process, the IT team creates
a detailed work order (WO) or statement of work (SOW). After a rigorous selection process, the
company chooses the vendor that best aligns with its needs. What is the purpose of the WO or
SOW in the vendor selection process for the technology company? - ✔️✔️C. To define specific
requirements and project deliverables expected from the vendor
A company has noticed increasing attacks on its employees via phishing emails and
impersonation calls. These attacks have led to unauthorized access to sensitive data and a loss
5.0|Question with Correct Answers
The IT department at a governmental agency is actively responsible for ensuring the security of
the agency's sensitive information and physical assets. Recently, concerns have arisen about
unauthorized access to certain restricted areas within the building. To address this issue, the IT
team is implementing access control measures to enhance physical security. The main objective
is to restrict entry to authorized personnel only and prevent unauthorized individuals from
gaining access to sensitive areas. What access control measures could the IT department
implement in the office building to enhance physical security and prevent unauthorized access
to restricted areas? - ✔️✔️A. Biometric authentication system using fingerprint scanning
The IT department at a multinational organization is evaluating potential risks associated with
implementing a new network infrastructure. This includes identifying potential vulnerabilities,
estimating potential downtime, and assessing the financial impact of potential cyberattacks.
Which type of risk assessment BEST suits the organization's requirements? - ✔️✔️B. Quantitative
risk assessment
A software application contains sensitive transmittal information, and an end-user takes it out
on a laptop in the field. The end user must understand how to protect and dispose of the data.
Which one of the following should help the end user prepare for this? - ✔️✔️C. User Training
A. General purpose guide (incorrect)
A company's risk management team has identified a particular risk that carries a significant
financial cost. The team has also determined the frequency at which this risk event is likely to
occur over a year. Based on these criteria, what is the company trying to calculate? - ✔️✔️A.
Single Loss Expectancy (SLE) (incorrect)
Which team performs the offensive role in a penetration exercise? - ✔️✔️B. Red team
, A company is evaluating the potential outcomes of a certain risk event. It estimates that if the
event occurs, it could lead to a financial loss measured in dollars. Which of the following
outcomes can the company conclude in this scenario? - ✔️✔️D. Impact
A cyber team holds a conference to discuss newly designed requirements for compliance
reporting and monitoring after experiencing a recent breach of sensitive information. What are
the characteristics of compliance monitoring? (Select the two best options.) - ✔️✔️C. It conducts
thorough investigations and assessments of third parties.
D. It uses automation to improve accuracy and streamline observation activities.
A technology company implements a backup strategy to mitigate data loss in case of a system
crash. The strategy focuses on defining the maximum acceptable age of data that the
organization can tolerate losing if the system crashes. Which principle should the company
apply to meet their needs? - ✔️✔️C. RPO
A. RTO (incorrect)
B. SLE (incorrect)
An organization's IT security team has noticed increased suspicious email activity targeting its
employees. The IT team plans to create different campaigns to address this issue as part of its
response strategy. What should be the team's initial focus to enhance awareness and
protection against these email threats? - ✔️✔️B. Launching a phishing awareness campaign
In a tech company, the IT department is selecting a new vendor to upgrade its network
infrastructure. To ensure a smooth and well-defined procurement process, the IT team creates
a detailed work order (WO) or statement of work (SOW). After a rigorous selection process, the
company chooses the vendor that best aligns with its needs. What is the purpose of the WO or
SOW in the vendor selection process for the technology company? - ✔️✔️C. To define specific
requirements and project deliverables expected from the vendor
A company has noticed increasing attacks on its employees via phishing emails and
impersonation calls. These attacks have led to unauthorized access to sensitive data and a loss
