COMPTIA CERT MASTER CE
SECURITY+DOMAIN 5.0/
COMPTIA SECURITY+ CE
A cyber team is evaluating areas where the organization is at risk of becoming
non-compliant with cybersecurity standards. One key area of concern is the legal
and financial consequences that the organization might face in the event of a data
breach or loss. Which of the following are the primary ramifications the
organization would face if noncompliance leads to data loss? - ANSWER-C.
Liability for damages caused by data loss
A technician prepares a presentation to the board of directors on the variances
between compliance reporting and monitoring after the board receives word that
the company did poorly on its last assessment. What are the tenets of compliance
reporting? (Select the two best options.) - ANSWER-A. It aims to assess and
disclose an organization's compliance status.
B. It promotes accountability, transparency, and effective compliance
management.
The IT department at a governmental agency is actively responsible for ensuring
the security of the agency's sensitive information and physical assets. Recently,
concerns have arisen about unauthorized access to certain restricted areas within
the building. To address this issue, the IT team is implementing access control
measures to enhance physical security. The main objective is to restrict entry to
authorized personnel only and prevent unauthorized individuals from gaining
access to sensitive areas. What access control measures could the IT department
implement in the office building to enhance physical security and prevent
unauthorized access to restricted areas? - ANSWER-A. Biometric authentication
system using fingerprint scanning
In a technology company, the IT department is in the process of selecting a new
cloud service provider to meet its expanding data storage needs. The team has
identified four potential vendors offering various features, pricing models, and
service level agreements (SLAs). As part of their due diligence, the IT team has
thoroughly reviewed the SLAs of each vendor to ensure they align with the
,company's requirements. The IT department wants to ensure they choose a vendor
with the most appropriate SLA to maintain critical business operations. Which
factors are essential for the IT department to consider when evaluating the SLAs of
potential cloud service vendors? (Select the two best options.) - ANSWER-A. The
vendor's data security measures and protocols
B. The uptime guarantees and the downtime penalties specified in the SLA
In a cybersecurity firm, the IT department is preparing for a penetration testing
engagement to assess the organization's security posture. The team has decided to
conduct an external penetration test on the company's public-facing web
applications and networks. The primary goal is to identify vulnerabilities and
potential entry points for attackers. To ensure a smooth testing process and avoid
misunderstandings, the IT team has collaborated with the company's management
and relevant stakeholders to establish the assessment's rules of engagement (ROE).
What is the purpose of establishing ROE in a penetration testing engagement? -
ANSWER-A. To define the scope of the assessment, testing methods, and
timeframe for conducting the test
A cybersecurity team is investigating a complex cyber threat landscape for a large
financial institution. The team is aware of some potential threats due to previous
encounters and security measures in place, but the evolving nature of the landscape
presents new threats and challenges. What type of cyber environment is the team
dealing with? - ANSWER-D. Partially known environment
A company is considering expanding into new markets. While the leadership
understands there are potential risks, they believe the potential rewards are worth
taking on greater risks than usual. What is a strategic assessment of what level of
residual risk is tolerable and is considered broad in scope? - ANSWER-B. Risk
appetite
A medium-sized organization is undergoing an audit for its information security
practices. As a security analyst, the auditor seeks to assess the organization's use of
an Acceptable Use Policy (AUP). What crucial aspect of the AUP should the
auditor focus on to ensure the organization meets the standards set for information
security? - ANSWER-A. The AUP includes clear consequences for
noncompliance.
, A company's risk management team has been analyzing a potential risk to its
operations. They have identified the probability of the risk event occurring, and
they wish to express this probability on a yearly basis. What is the company trying
to calculate? - ANSWER-D. Annualized Rate of Occurrence (ARO)
A recent attack on an organizational employee desktop, involving an international
threat actor, prompts the security team to set up recurring penetration testing
exercises. The HR and IT team are asked to participate in the exercise as the team
that operates on response and recovery controls while the security team plays the
role of the intruder. What team does the HR and IT team represent in this scenario?
- ANSWER-B. Blue Team
A cybersecurity team is preparing to conduct a comprehensive security assessment.
The team has access to system documentation, network diagrams, and source code,
and has permission to interview IT staff. What type of testing environment is the
team operating within? - ANSWER-A. Known environment
A tech start-up company is considering deploying a new email system. The start-up
is currently identifying risks associated with the potential downtime of the new
system and considering the costs for each event. What metric should the company
utilize during this process? - ANSWER-B. Single Loss Expectancy
The IT department of a local governmental agency is in the process of finalizing a
contract with a third-party vendor to provide cloud services. The agency is highly
concerned about data security and wants to ensure it can assess the vendor's
security practices. The IT team decides to include a right-to-audit clause in the
contract to ensure periodic audits of the vendor's security measures. Additionally,
the agency wants an independent assessment of the vendor's security controls to
ensure unbiased evaluation. Which of the following accurately concludes the
primary purpose of including a right-to-audit clause and seeking independent
assessments in the contract with the cloud service vendor? - ANSWER-D. To
ensure the agency can periodically assess the vendor's security practices
Companies often update their website links to redirect users to new web pages that
may feature a unique promotion or to transition to a new web experience. How
would an attacker take advantage of these common operations to lead users to fake
SECURITY+DOMAIN 5.0/
COMPTIA SECURITY+ CE
A cyber team is evaluating areas where the organization is at risk of becoming
non-compliant with cybersecurity standards. One key area of concern is the legal
and financial consequences that the organization might face in the event of a data
breach or loss. Which of the following are the primary ramifications the
organization would face if noncompliance leads to data loss? - ANSWER-C.
Liability for damages caused by data loss
A technician prepares a presentation to the board of directors on the variances
between compliance reporting and monitoring after the board receives word that
the company did poorly on its last assessment. What are the tenets of compliance
reporting? (Select the two best options.) - ANSWER-A. It aims to assess and
disclose an organization's compliance status.
B. It promotes accountability, transparency, and effective compliance
management.
The IT department at a governmental agency is actively responsible for ensuring
the security of the agency's sensitive information and physical assets. Recently,
concerns have arisen about unauthorized access to certain restricted areas within
the building. To address this issue, the IT team is implementing access control
measures to enhance physical security. The main objective is to restrict entry to
authorized personnel only and prevent unauthorized individuals from gaining
access to sensitive areas. What access control measures could the IT department
implement in the office building to enhance physical security and prevent
unauthorized access to restricted areas? - ANSWER-A. Biometric authentication
system using fingerprint scanning
In a technology company, the IT department is in the process of selecting a new
cloud service provider to meet its expanding data storage needs. The team has
identified four potential vendors offering various features, pricing models, and
service level agreements (SLAs). As part of their due diligence, the IT team has
thoroughly reviewed the SLAs of each vendor to ensure they align with the
,company's requirements. The IT department wants to ensure they choose a vendor
with the most appropriate SLA to maintain critical business operations. Which
factors are essential for the IT department to consider when evaluating the SLAs of
potential cloud service vendors? (Select the two best options.) - ANSWER-A. The
vendor's data security measures and protocols
B. The uptime guarantees and the downtime penalties specified in the SLA
In a cybersecurity firm, the IT department is preparing for a penetration testing
engagement to assess the organization's security posture. The team has decided to
conduct an external penetration test on the company's public-facing web
applications and networks. The primary goal is to identify vulnerabilities and
potential entry points for attackers. To ensure a smooth testing process and avoid
misunderstandings, the IT team has collaborated with the company's management
and relevant stakeholders to establish the assessment's rules of engagement (ROE).
What is the purpose of establishing ROE in a penetration testing engagement? -
ANSWER-A. To define the scope of the assessment, testing methods, and
timeframe for conducting the test
A cybersecurity team is investigating a complex cyber threat landscape for a large
financial institution. The team is aware of some potential threats due to previous
encounters and security measures in place, but the evolving nature of the landscape
presents new threats and challenges. What type of cyber environment is the team
dealing with? - ANSWER-D. Partially known environment
A company is considering expanding into new markets. While the leadership
understands there are potential risks, they believe the potential rewards are worth
taking on greater risks than usual. What is a strategic assessment of what level of
residual risk is tolerable and is considered broad in scope? - ANSWER-B. Risk
appetite
A medium-sized organization is undergoing an audit for its information security
practices. As a security analyst, the auditor seeks to assess the organization's use of
an Acceptable Use Policy (AUP). What crucial aspect of the AUP should the
auditor focus on to ensure the organization meets the standards set for information
security? - ANSWER-A. The AUP includes clear consequences for
noncompliance.
, A company's risk management team has been analyzing a potential risk to its
operations. They have identified the probability of the risk event occurring, and
they wish to express this probability on a yearly basis. What is the company trying
to calculate? - ANSWER-D. Annualized Rate of Occurrence (ARO)
A recent attack on an organizational employee desktop, involving an international
threat actor, prompts the security team to set up recurring penetration testing
exercises. The HR and IT team are asked to participate in the exercise as the team
that operates on response and recovery controls while the security team plays the
role of the intruder. What team does the HR and IT team represent in this scenario?
- ANSWER-B. Blue Team
A cybersecurity team is preparing to conduct a comprehensive security assessment.
The team has access to system documentation, network diagrams, and source code,
and has permission to interview IT staff. What type of testing environment is the
team operating within? - ANSWER-A. Known environment
A tech start-up company is considering deploying a new email system. The start-up
is currently identifying risks associated with the potential downtime of the new
system and considering the costs for each event. What metric should the company
utilize during this process? - ANSWER-B. Single Loss Expectancy
The IT department of a local governmental agency is in the process of finalizing a
contract with a third-party vendor to provide cloud services. The agency is highly
concerned about data security and wants to ensure it can assess the vendor's
security practices. The IT team decides to include a right-to-audit clause in the
contract to ensure periodic audits of the vendor's security measures. Additionally,
the agency wants an independent assessment of the vendor's security controls to
ensure unbiased evaluation. Which of the following accurately concludes the
primary purpose of including a right-to-audit clause and seeking independent
assessments in the contract with the cloud service vendor? - ANSWER-D. To
ensure the agency can periodically assess the vendor's security practices
Companies often update their website links to redirect users to new web pages that
may feature a unique promotion or to transition to a new web experience. How
would an attacker take advantage of these common operations to lead users to fake
