A systems administrator receives the following alert from a file integrity monitoring tool:
The hash of the cmd.exe file has changed.
The systems administrator checks the OS logs and notices that no patches were applied in the last two months.
Which of the following most likely occurred?


A. The end user changed the file permissions.
B. A cryptographic collision was detected.
C. A snapshot of the file system was taken.
D. A rootkit was deployed.

An engineer is setting up a VDI environment for a factory location, and the business wants to deploy a low-cost
solution to enable users on the shop floor to log in to the VDI environment directly. Which of the following
should the engineer select to meet these requirements?


A. Laptops
B. Containers
C. Thin clients
D. Workstations

A systems administrator set up an automated process that checks for vulnerabilities across the entire
environment every morning. Which of the following activities is the systems administrator conducting?


A. Scanning
B. Alerting
C. Reporting
D. Archiving

A security analyst is investigating a malware incident at a company. The malware is accessing a command-
and-control website at www.comptia.com. All outbound Internet traffic is logged to a syslog server and stored
in /logfiles/messages. Which of the following commands would be best for the analyst to use on the syslog
server to search for recent traffic to the command-and-control website?


A. head -500 www.comptia.com | grep /logfiles/messages
B. cat /logfiles/messages | tail -500 www.comptia.com
C. tail -500 /logfiles/messages | grep www.comptia.com
D. grep -500 /logfiles/messages | cat www.comptia.com

An audit identified PII being utilized in the development environment of a critical application. The Chief Privacy
Officer (CPO) is adamant that this data must be removed; however, the developers are concerned that without
real data they cannot perform functionality tests and search for specific data. Which of the following should a
security professional implement to best satisfy both the CPO's and the development team's requirements?


A. Data purge
B. Data encryption
C. Data masking
D. Data tokenization

A company's end users are reporting that they are unable to reach external websites. After reviewing the
performance data for the DNS severs, the analyst discovers that the CPU, disk, and memory usage are
minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of
DNS queries sent to this server. Which of the following best describes what the security analyst is seeing?


A. Concurrent session usage
B. Secure DNS cryptographic downgrade
C. On-path resource consumption
D. Reflected denial of service

An organization is having difficulty correlating events from its individual AV, EDR, DLP, SWG, WAF, MDM,
HIPS, and CASB systems. Which of the following is the best way to improve the situation?


A. Remove expensive systems that generate few alerts.
B. Modify the systems to alert only on critical issues.
C. Utilize a SIEM to centralize logs and dashboards.
D. Implement a new syslog/NetFlow appliance.

A software development manager wants to ensure the authenticity of the code created by the company. Which
of the following options is the most appropriate?


A. Testing input validation on the user input fields
B. Performing code signing on company-developed software
C. Performing static code analysis on the software
D. Ensuring secure cookies are used

To reduce costs and overhead, an organization wants to move from an on-premises email solution to a cloud-
based email solution. At this time, no other services will be moving. Which of the following cloud models would
best meet the needs of the organization?


A. MaaS
B. IaaS
C. SaaS
D. PaaS

A user's login credentials were recently compromised. During the investigation, the security analyst determined
the user input credentials into a pop-up window when prompted to confirm the username and password.
However, the trusted website does not use a pop-up for entering user credentials. Which of the following
attacks occurred?


A. Cross-site scripting
B. SQL injection
C. DNS poisoning
D. Certificate forgery