CompTIA CertMaster CE for Security+ -
Domain 4.0 Security Operations
Assessment Exam 100% Correct!!
An organization needs to implement web filtering to bolster its security. The goal is to
ensure consistent policy enforcement for both in-office and remote workers. Which of
the following web filtering methods BEST meets this requirement?
A. Utilizing a centralized proxy server
B. Deploying agent-based web filtering
C. Implementing manual URL blocking
D. Relying solely on reputation-based filtering - ANSWERSB. Deploying agent-based
web filtering
A software technician delivers a presentation on the capabilities associated with
centralizing web filtering. When exploring techniques tied to centralized proxy service
employment to protect traffic, what classifies websites into various groupings, such as
social networking, webmail, or gambling sites?
A. Content categorization
B. URL scanning
C. Block rules
D. Reputation-based filtering - ANSWERSA. Content categorization
A digital forensic analyst at a healthcare company investigates a case involving a recent
data breach. In evaluating the available data sources to assist in the investigation, what
application protocol and event-logging format enables different appliances and software
applications to transmit logs or event records to a central server?
A. Dashboard
B. Endpoint log
C. Application Log
D. Syslog - ANSWERSD. Syslog
A tech company is in the process of decommissioning a fleet of old servers. It wants to
ensure that sensitive data stored on these servers is fully eliminated and is not
accessible in the event of unauthorized attempts. What primary process should the
company implement before disposing or repurposing these servers?
,A. Moving the servers to a secure storage location
B. Deleting all the files on the servers
C. Sanitizing the servers
D. Selling the servers immediately - ANSWERSC. Sanitizing the servers
During the process of merging two companies, the integrated security team is tasked
with consolidating their approaches to managing cybersecurity incidents. Which
comprehensive document should be developed to outline the overall strategy and
procedures for incident response, encompassing preparation, identification,
containment, eradication, recovery, communication protocols, and contacts and
resources for responders?
A. Playbook
B. Communication plan
C. Incident response plan
D. Incident response lifecycle - ANSWERSC. Incident response plan
A forensic analyst at an international law enforcement agency investigates a
sophisticated cyber-espionage case. The analyst must uncover the timeline of
document interactions, detect concealed or system-protected files, interpret categories
of digital events, and trace digital breadcrumbs left behind during media uploads on
social platforms. What combination of data sources would provide the MOST
comprehensive information for this multifaceted investigation?
A. File metadata and event logs
B. Network transaction logs and gateway security logs
C. File metadata with extended attributes and network transaction logs
D. Event logs and gateway security logs - ANSWERSC. File metadata with extended
attributes and network transaction logs
An organization has implemented a Bring Your Own Device (BYOD) policy, allowing
employees to use their personal mobile devices for work-related tasks. Aware of the
varying legal ramifications and privacy concerns across different jurisdictions related to
controlling personal devices, the organization seeks to enhance the security of these
devices within the constraints of these legal and privacy issues. Considering this
context, which of the following measures would be the MOST effective way to navigate
these complexities while striving to secure employees' mobile devices under the BYOD
policy?
, A. Restricting all access to company resources from mobile devices
B. Providing employees with company-owned mobile devices
C. Using MDM solutions to centrally control employees' mobile devices
D. Enforcing complex passwords for all employee mobile devices - ANSWERSC. Using
MDM solutions to centrally control employees' mobile devices
A large multinational company uses a cloud-based document storage system. The
system provides access to documents by considering a combination of factors: the
user's department, geographic location, the document's sensitivity level, and the current
date and time. For example, only the finance department of a specific region can access
its financial reports, and they can do so only during business hours. Which access
control model does the company MOST likely use to manage this complex access
control?
A. Discretionary access control
B. Rule-based access controls
C. Attribute-based access control
D. Role-based access control - ANSWERSC. Attribute-based access control
What type of log file is application-managed rather than through an operating system
and may use Event Viewer or syslog to write event data in a standard format?
A. Endpoint logs
B. Application logs
C. OS-specific security logs
D. Firewall logs - ANSWERSB. Application logs
As a company matures, its attack surface also grows. Additionally, the company
becomes an increasingly desirable target for a malicious actor to compromise its
systems. A company must monitor all software usage, secure applications, third-party
software, libraries, and dependencies. Which of the following would contribute to
protecting the business's operations? (Select the three best options.)
A. Package monitoring
B. Software Bill of Materials
C. Software composition analysis
D. Credentialed scan - ANSWERSA, B, & C
A technician is modifying controls to increase security on messaging services. Which of
the following options check to define rules for handling messages, such as moving
messages to quarantine or spam, rejecting them outright, or tagging the message?
A. DKIM
Domain 4.0 Security Operations
Assessment Exam 100% Correct!!
An organization needs to implement web filtering to bolster its security. The goal is to
ensure consistent policy enforcement for both in-office and remote workers. Which of
the following web filtering methods BEST meets this requirement?
A. Utilizing a centralized proxy server
B. Deploying agent-based web filtering
C. Implementing manual URL blocking
D. Relying solely on reputation-based filtering - ANSWERSB. Deploying agent-based
web filtering
A software technician delivers a presentation on the capabilities associated with
centralizing web filtering. When exploring techniques tied to centralized proxy service
employment to protect traffic, what classifies websites into various groupings, such as
social networking, webmail, or gambling sites?
A. Content categorization
B. URL scanning
C. Block rules
D. Reputation-based filtering - ANSWERSA. Content categorization
A digital forensic analyst at a healthcare company investigates a case involving a recent
data breach. In evaluating the available data sources to assist in the investigation, what
application protocol and event-logging format enables different appliances and software
applications to transmit logs or event records to a central server?
A. Dashboard
B. Endpoint log
C. Application Log
D. Syslog - ANSWERSD. Syslog
A tech company is in the process of decommissioning a fleet of old servers. It wants to
ensure that sensitive data stored on these servers is fully eliminated and is not
accessible in the event of unauthorized attempts. What primary process should the
company implement before disposing or repurposing these servers?
,A. Moving the servers to a secure storage location
B. Deleting all the files on the servers
C. Sanitizing the servers
D. Selling the servers immediately - ANSWERSC. Sanitizing the servers
During the process of merging two companies, the integrated security team is tasked
with consolidating their approaches to managing cybersecurity incidents. Which
comprehensive document should be developed to outline the overall strategy and
procedures for incident response, encompassing preparation, identification,
containment, eradication, recovery, communication protocols, and contacts and
resources for responders?
A. Playbook
B. Communication plan
C. Incident response plan
D. Incident response lifecycle - ANSWERSC. Incident response plan
A forensic analyst at an international law enforcement agency investigates a
sophisticated cyber-espionage case. The analyst must uncover the timeline of
document interactions, detect concealed or system-protected files, interpret categories
of digital events, and trace digital breadcrumbs left behind during media uploads on
social platforms. What combination of data sources would provide the MOST
comprehensive information for this multifaceted investigation?
A. File metadata and event logs
B. Network transaction logs and gateway security logs
C. File metadata with extended attributes and network transaction logs
D. Event logs and gateway security logs - ANSWERSC. File metadata with extended
attributes and network transaction logs
An organization has implemented a Bring Your Own Device (BYOD) policy, allowing
employees to use their personal mobile devices for work-related tasks. Aware of the
varying legal ramifications and privacy concerns across different jurisdictions related to
controlling personal devices, the organization seeks to enhance the security of these
devices within the constraints of these legal and privacy issues. Considering this
context, which of the following measures would be the MOST effective way to navigate
these complexities while striving to secure employees' mobile devices under the BYOD
policy?
, A. Restricting all access to company resources from mobile devices
B. Providing employees with company-owned mobile devices
C. Using MDM solutions to centrally control employees' mobile devices
D. Enforcing complex passwords for all employee mobile devices - ANSWERSC. Using
MDM solutions to centrally control employees' mobile devices
A large multinational company uses a cloud-based document storage system. The
system provides access to documents by considering a combination of factors: the
user's department, geographic location, the document's sensitivity level, and the current
date and time. For example, only the finance department of a specific region can access
its financial reports, and they can do so only during business hours. Which access
control model does the company MOST likely use to manage this complex access
control?
A. Discretionary access control
B. Rule-based access controls
C. Attribute-based access control
D. Role-based access control - ANSWERSC. Attribute-based access control
What type of log file is application-managed rather than through an operating system
and may use Event Viewer or syslog to write event data in a standard format?
A. Endpoint logs
B. Application logs
C. OS-specific security logs
D. Firewall logs - ANSWERSB. Application logs
As a company matures, its attack surface also grows. Additionally, the company
becomes an increasingly desirable target for a malicious actor to compromise its
systems. A company must monitor all software usage, secure applications, third-party
software, libraries, and dependencies. Which of the following would contribute to
protecting the business's operations? (Select the three best options.)
A. Package monitoring
B. Software Bill of Materials
C. Software composition analysis
D. Credentialed scan - ANSWERSA, B, & C
A technician is modifying controls to increase security on messaging services. Which of
the following options check to define rules for handling messages, such as moving
messages to quarantine or spam, rejecting them outright, or tagging the message?
A. DKIM
