CompTIA CertMaster CE for Security+ - Domain 4.0 Security Operations Assessment with Correct Solutions
1 view 0 purchase
Course
CompTIA CertMaster CE for Security+ - Domain 4.0
Institution
CompTIA CertMaster CE For Security+ - Domain 4.0
CompTIA CertMaster CE for Security+ - Domain 4.0 Security Operations Assessment with Correct SolutionsCompTIA CertMaster CE for Security+ - Domain 4.0 Security Operations Assessment with Correct SolutionsvAn organization needs to implement web filtering to bolster its security. The goal is to ensur...
CompTIA CertMaster CE for Security+ -
Domain 4.0 Security Operations
Assessment with Correct Solutions
An organization needs to implement web filtering to bolster its security. The goal is to
ensure consistent policy enforcement for both in-office and remote workers. Which of
the following web filtering methods BEST meets this requirement?
A. Utilizing a centralized proxy server
B. Deploying agent-based web filtering
C. Implementing manual URL blocking
D. Relying solely on reputation-based filtering - ANSWER-B. Deploying agent-based
web filtering
A software technician delivers a presentation on the capabilities associated with
centralizing web filtering. When exploring techniques tied to centralized proxy service
employment to protect traffic, what classifies websites into various groupings, such as
social networking, webmail, or gambling sites?
A. Content categorization
B. URL scanning
C. Block rules
D. Reputation-based filtering - ANSWER-A. Content categorization
A digital forensic analyst at a healthcare company investigates a case involving a recent
data breach. In evaluating the available data sources to assist in the investigation, what
application protocol and event-logging format enables different appliances and software
applications to transmit logs or event records to a central server?
A. Dashboard
B. Endpoint log
C. Application Log
D. Syslog - ANSWER-D. Syslog
A tech company is in the process of decommissioning a fleet of old servers. It wants to
ensure that sensitive data stored on these servers is fully eliminated and is not
accessible in the event of unauthorized attempts. What primary process should the
company implement before disposing or repurposing these servers?
,A. Moving the servers to a secure storage location
B. Deleting all the files on the servers
C. Sanitizing the servers
D. Selling the servers immediately - ANSWER-C. Sanitizing the servers
During the process of merging two companies, the integrated security team is tasked
with consolidating their approaches to managing cybersecurity incidents. Which
comprehensive document should be developed to outline the overall strategy and
procedures for incident response, encompassing preparation, identification,
containment, eradication, recovery, communication protocols, and contacts and
resources for responders?
A. Playbook
B. Communication plan
C. Incident response plan
D. Incident response lifecycle - ANSWER-C. Incident response plan
A forensic analyst at an international law enforcement agency investigates a
sophisticated cyber-espionage case. The analyst must uncover the timeline of
document interactions, detect concealed or system-protected files, interpret categories
of digital events, and trace digital breadcrumbs left behind during media uploads on
social platforms. What combination of data sources would provide the MOST
comprehensive information for this multifaceted investigation?
A. File metadata and event logs
B. Network transaction logs and gateway security logs
C. File metadata with extended attributes and network transaction logs
D. Event logs and gateway security logs - ANSWER-C. File metadata with extended
attributes and network transaction logs
An organization has implemented a Bring Your Own Device (BYOD) policy, allowing
employees to use their personal mobile devices for work-related tasks. Aware of the
varying legal ramifications and privacy concerns across different jurisdictions related to
controlling personal devices, the organization seeks to enhance the security of these
devices within the constraints of these legal and privacy issues. Considering this
context, which of the following measures would be the MOST effective way to navigate
these complexities while striving to secure employees' mobile devices under the BYOD
policy?
A. Restricting all access to company resources from mobile devices
, B. Providing employees with company-owned mobile devices
C. Using MDM solutions to centrally control employees' mobile devices
D. Enforcing complex passwords for all employee mobile devices - ANSWER-C. Using
MDM solutions to centrally control employees' mobile devices
A large multinational company uses a cloud-based document storage system. The
system provides access to documents by considering a combination of factors: the
user's department, geographic location, the document's sensitivity level, and the current
date and time. For example, only the finance department of a specific region can access
its financial reports, and they can do so only during business hours. Which access
control model does the company MOST likely use to manage this complex access
control?
A. Discretionary access control
B. Rule-based access controls
C. Attribute-based access control
D. Role-based access control - ANSWER-C. Attribute-based access control
The IT security team at a large company is implementing more robust authentication
measures to safeguard sensitive data and systems. The team is exploring multifactor
authentication (MFA) options to bolster security. The company deals with highly
confidential information and requires a robust solution. The team has narrowed the
choices and is evaluating which aligns BEST with their security needs. Which multi-
factor authentication method utilizes unique physical characteristics of individuals to
verify their identity?
A. Smart cards
B. SMS-based one-time passwords
C. Biometrics
D. Passwords and PINs - ANSWER-C. Biometrics
A tech department evaluates the benefits of automation and scripting after recently
acquiring new funding. What capability within automation and scripting allows
developers to regularly merge their changes back to the main code branch and evaluate
each merge automatically to help detect and fix integration problems?
A. User provisioning
B. Guardrails
C. Continuous integration and testing
D. Resource provisioning - ANSWER-C. Continuous integration and testing
An information security manager is fine-tuning a Security Information and Event
Management (SIEM) system in a company that has recently reported a series of
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller NursingTutor1. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $14.99. You're not tied to anything after your purchase.
