Sec+ 401-500 EXAM WITH ANSWERS |\ |\ |\ |\
QUESTION 401 |\
Which of the following utilize a subset of real data and are MOST
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
likely to be used to assess the features and functions of a system
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
and how it interacts or performs from an end user's perspective
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
against defined test cases? (Select TWO).
|\ |\ |\ |\ |\
A. Production
|\ |\
B. Test |\
C. Research and development
|\ |\ |\ |\
D. PoC |\
E. UAT|\ |\
F. SDLC - CORRECT ANSWERS ✔✔BE
|\ |\ |\ |\ |\
QUESTION 402 |\
The spread of misinformation surrounding the outbreak of a novel
|\ |\ |\ |\ |\ |\ |\ |\ |\
virus on election day led to eligible voters choosing not to take
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
the risk of going to the polls. This is an example of:
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
A. prepending.
|\
B. an influence campaign
|\ |\ |\ |\
C. a watering-hole attack
|\ |\ |\ |\
D. intimidation
|\
E. information elicitation - CORRECT ANSWERS ✔✔B
|\ |\ |\ |\ |\ |\
,QUESTION 403 |\
A security engineer is installing a WAF to protect the company's
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
website from malicious web requests over SSL. Which of the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
following is needed to meet the objective? |\ |\ |\ |\ |\ |\
A. A reverse proxy
|\ |\ |\
B. A decryption certificate
|\ |\ |\ |\
C. A split-tunnel VPN
|\ |\ |\
D. Load-balanced servers - CORRECT ANSWERS ✔✔B
|\ |\ |\ |\ |\ |\
QUESTION 404 |\
An enterprise needs to keep cryptographic keys in a safe manner.
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
|\
Which of the following network appliances can achieve this goal?
|\ |\ |\ |\ |\ |\ |\ |\ |\
A. HSM |\ |\
B. CASB |\ |\
C. TPM |\ |\
D. DLP - CORRECT ANSWERS ✔✔A
|\ |\ |\ |\ |\
QUESTION 405 |\
Ann, a forensic analyst, needs to prove that the data she
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
originally acquired has remained unchanged while in her custody.
|\ |\ |\ |\ |\ |\ |\ |\
Which of the following should Ann use?
|\ |\ |\ |\ |\ |\ |\
,A. Chain of custody
|\ |\ |\ |\
B. Checksums
|\
C. Non-repudiation
|\ |\
D. Legal hold - CORRECT ANSWERS ✔✔B
|\ |\ |\ |\ |\ |\
QUESTION 407 |\
An organization recently acquired an ISO 27001 certification.
|\ |\ |\ |\ |\ |\ |\ |\
Which of the following would MOST likely be considered a benefit
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
of this certification?
|\ |\
A. It allows for the sharing of digital forensics data across
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
organizations |\
B. It provides insurance in case of a data breach
|\ |\ |\ |\ |\ |\ |\ |\ |\
C. It provides complimentary training and certification resources
|\ |\ |\ |\ |\ |\ |\ |\
to IT security staff.
|\ |\ |\
D. It certifies the organization can work with foreign entities that
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
require a security clearance
|\ |\ |\ |\
E. It assures customers that the organization meets security
|\ |\ |\ |\ |\ |\ |\ |\ |\
standards - CORRECT ANSWERS ✔✔E |\ |\ |\ |\
QUESTION 408 |\
Which of the following is the MOST secure but LEAST expensive
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
data destruction method for data that is stored on hard drives?
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
A. Pulverizing
|\ |\
B. Shredding
|\ |\
, C. Incinerating
|\ |\
D. Degaussing - CORRECT ANSWERS ✔✔D
|\ |\ |\ |\ |\
QUESTION 409 |\
A security analyst is investigating multiple hosts that are
|\ |\ |\ |\ |\ |\ |\ |\ |\
communicating to external IP addresses during the hours of 2:00 |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
am - 4:00 am. The malware has evaded detection by traditional
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
antivirus software. Which of the following types of malware is
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
MOST likely infecting the hosts?
|\ |\ |\ |\
A. A RAT
|\ |\
B. Ransomware
|\ |\
C. Polymorphic
|\ |\
D. A worm - CORRECT ANSWERS ✔✔C
|\ |\ |\ |\ |\ |\
QUESTION 410 |\
A company is required to continue using legacy software to
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
support a critical service. |\ |\ |\ |\
Which of the following BEST explains a risk of this practice?
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
A. Default system configuration
|\ |\ |\ |\
B. Unsecure protocols
|\ |\
C. Lack of vendor support
|\ |\ |\ |\ |\
D. Weak encryption - CORRECT ANSWERS ✔✔C
|\ |\ |\ |\ |\ |\
QUESTION 411 |\
QUESTION 401 |\
Which of the following utilize a subset of real data and are MOST
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
likely to be used to assess the features and functions of a system
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
and how it interacts or performs from an end user's perspective
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
against defined test cases? (Select TWO).
|\ |\ |\ |\ |\
A. Production
|\ |\
B. Test |\
C. Research and development
|\ |\ |\ |\
D. PoC |\
E. UAT|\ |\
F. SDLC - CORRECT ANSWERS ✔✔BE
|\ |\ |\ |\ |\
QUESTION 402 |\
The spread of misinformation surrounding the outbreak of a novel
|\ |\ |\ |\ |\ |\ |\ |\ |\
virus on election day led to eligible voters choosing not to take
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
the risk of going to the polls. This is an example of:
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
A. prepending.
|\
B. an influence campaign
|\ |\ |\ |\
C. a watering-hole attack
|\ |\ |\ |\
D. intimidation
|\
E. information elicitation - CORRECT ANSWERS ✔✔B
|\ |\ |\ |\ |\ |\
,QUESTION 403 |\
A security engineer is installing a WAF to protect the company's
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
website from malicious web requests over SSL. Which of the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
following is needed to meet the objective? |\ |\ |\ |\ |\ |\
A. A reverse proxy
|\ |\ |\
B. A decryption certificate
|\ |\ |\ |\
C. A split-tunnel VPN
|\ |\ |\
D. Load-balanced servers - CORRECT ANSWERS ✔✔B
|\ |\ |\ |\ |\ |\
QUESTION 404 |\
An enterprise needs to keep cryptographic keys in a safe manner.
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
|\
Which of the following network appliances can achieve this goal?
|\ |\ |\ |\ |\ |\ |\ |\ |\
A. HSM |\ |\
B. CASB |\ |\
C. TPM |\ |\
D. DLP - CORRECT ANSWERS ✔✔A
|\ |\ |\ |\ |\
QUESTION 405 |\
Ann, a forensic analyst, needs to prove that the data she
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
originally acquired has remained unchanged while in her custody.
|\ |\ |\ |\ |\ |\ |\ |\
Which of the following should Ann use?
|\ |\ |\ |\ |\ |\ |\
,A. Chain of custody
|\ |\ |\ |\
B. Checksums
|\
C. Non-repudiation
|\ |\
D. Legal hold - CORRECT ANSWERS ✔✔B
|\ |\ |\ |\ |\ |\
QUESTION 407 |\
An organization recently acquired an ISO 27001 certification.
|\ |\ |\ |\ |\ |\ |\ |\
Which of the following would MOST likely be considered a benefit
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
of this certification?
|\ |\
A. It allows for the sharing of digital forensics data across
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
organizations |\
B. It provides insurance in case of a data breach
|\ |\ |\ |\ |\ |\ |\ |\ |\
C. It provides complimentary training and certification resources
|\ |\ |\ |\ |\ |\ |\ |\
to IT security staff.
|\ |\ |\
D. It certifies the organization can work with foreign entities that
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
require a security clearance
|\ |\ |\ |\
E. It assures customers that the organization meets security
|\ |\ |\ |\ |\ |\ |\ |\ |\
standards - CORRECT ANSWERS ✔✔E |\ |\ |\ |\
QUESTION 408 |\
Which of the following is the MOST secure but LEAST expensive
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
data destruction method for data that is stored on hard drives?
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
A. Pulverizing
|\ |\
B. Shredding
|\ |\
, C. Incinerating
|\ |\
D. Degaussing - CORRECT ANSWERS ✔✔D
|\ |\ |\ |\ |\
QUESTION 409 |\
A security analyst is investigating multiple hosts that are
|\ |\ |\ |\ |\ |\ |\ |\ |\
communicating to external IP addresses during the hours of 2:00 |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
am - 4:00 am. The malware has evaded detection by traditional
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
antivirus software. Which of the following types of malware is
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
MOST likely infecting the hosts?
|\ |\ |\ |\
A. A RAT
|\ |\
B. Ransomware
|\ |\
C. Polymorphic
|\ |\
D. A worm - CORRECT ANSWERS ✔✔C
|\ |\ |\ |\ |\ |\
QUESTION 410 |\
A company is required to continue using legacy software to
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
support a critical service. |\ |\ |\ |\
Which of the following BEST explains a risk of this practice?
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
A. Default system configuration
|\ |\ |\ |\
B. Unsecure protocols
|\ |\
C. Lack of vendor support
|\ |\ |\ |\ |\
D. Weak encryption - CORRECT ANSWERS ✔✔C
|\ |\ |\ |\ |\ |\
QUESTION 411 |\
