A manufacturing company uses a third-party service provider for Tier 1 security support. One of the requirements is that the provider must only source talent from its own country due to geopolitical and national security interests. Which of the following can the manufacturing company implement to ensure the third-party service provider meets this requirement?

A. Implement a secure supply chain program with governance.
B. Implement blacklisting for IP addresses from outside the country
C. Implement strong authentication controls for all contractors.
D. Implement user behavior analytics for key staff members.

A routine vulnerability scan detected a known vulnerability in a critical enterprise web application. Which of the following would be the BEST next step?

A. Submit a change request to have the system patched.
B. Evaluate the risk and criticality to determine if further action is necessary.
C. Notify a manager of the breach and initiate emergency procedures.
D. Remove the application from production and inform the users.

An organization is experiencing security incidents in which a systems administrator is creating unauthorized user accounts. A security analyst has created a script to snapshot the system configuration each day. Following is one of the scripts:
cat /etc/passwd > daily_$(date +"%m_%d_%Y")
This script has been running successfully every day. Which of the following commands would provide the analyst with additional useful information relevant to the above script?

A. diff daily_11_03_2019 daily_11_04_2019
B. ps ef | grep admin > daily_process_$(date +%m_%d_%Y")
C. more /etc/passwd > daily_$(date +%m_%d_%Y_%H:%M:%S")
D. la lai /usr/sbin > daily_applications

A company has started planning the implementation of a vulnerability management procedure. However, its security maturity level is low. So there are some prerequisites to complete before risk calculation and prioritization.
Which of the following should be completed FIRST?

A. A business impact analysis
B. A system assessment
C. Communication of the risk factors
D. A risk identification process

A security analyst is reviewing the following server statistics:

Which of the following is MOST likely occurring?

A. Race condition
B. Privilege escalation
C. Resource exhaustion
D. VM escape

When investigating a report of a system compromise, a security analyst views the following /var/log/secure log file:

Which of the following can the analyst conclude from viewing the log file?

A. The comptia user knows the sudo password.
B. The comptia user executed the sudo su command.
C. The comptia user knows the root password.
D. The comptia user added himself or herself to the /etc/sudoers file.

An incident response team detected malicious software that could have gained access to credit card data. The incident response team was able to mitigate significant damage and implement corrective actions. By having incident response mechanisms in place, which of the following should be notified for lessons learned?

A. The human resources department
B. Customers
C. Company leadership
D. The legal team

An organization prohibits users from logging in to the administrator account. If a user requires elevated permissions, the user's account should be part of an administrator group, and the user should escalate permission only as needed and on a temporary basis. The organization has the following reporting priorities when reviewing system activity:
– Successful administrator login reporting priority high
– Failed administrator login reporting priority medium
– Failed temporary elevated permissions low
– Successful temporary elevated permissions non-reportable
A security analyst is reviewing server syslogs and sees the following:

Which of the following events is the HIGHEST reporting priority?

A. <100>2 2020-01-10T20:36:01.010Z financeserver sudo 201 32001 – BOM 'sudo vi users.txt' success
B. <100>2 2020-01-10T21:18:34.002Z adminserver sudo 201 32001 – BOM 'sudo more / etc/passwords' success
C. <100>2 2020-01-10T19:33:48.002Z webserver su 201 32001 – BOM 'su' success
D. <100>2 2020-01-10T21:53:11.002Z financeserver su 201 32001 – BOM 'su vi syslog.conf failed for joe

After receiving reports of high latency, a security analyst performs an Nmap scan and observes the following output:

Which of the following suggests the system that produced this output was compromised?

A. Secure shell is operating on a non-standard port.
B. There are no indicators of compromise on this system.
C. MySQL service is identified on a standard PostgreSQL port.
D. Standard HTTP is open on the system and should be closed.

While conducting a cloud assessment, a security analyst performs a Prowler scan, which generates the following within the report:

Based on the Prowler report, which of the following is the BEST recommendation?

A. Delete CloudDev access key 1.
B. Delete BusinessUsr access key 1.
C. Delete access key 1.
D. Delete access key 2.