An organization is repairing the damage after an incident. Which of the following controls is being
implemented?


A. Detective
B. Preventive
C. Corrective
D. Compensating

An IT manager is estimating the mobile device budget for the upcoming year. Over the last five years, the
number of devices that were replaced due to loss, damage, or theft steadily increased by 10%. Which of the
following would BEST describe the estimated number of devices to be replaced next year?


A. ALE
B. ARO
C. RPO
D. SLE

A company wants to build a new website to sell products online. The website will host a storefront application
that will allow visitors to add products to a shopping cart and pay for the products using a credit card. Which of
the following protocols would be the MOST secure to implement?


A. SSL
B. SFTP
C. SNMP
D. TLS

A news article states hackers have been selling access to IoT camera feeds. Which of the following is the
MOST likely reason for this issue?


A. Outdated software
B. Weak credentials
C. Lack of encryption
D. Backdoors

An organization is concerned that its hosted web servers are not running the most updated version of the
software. Which of the following would work BEST to help identify potential vulnerabilities?


A. hping3 -S comptia.org -p 80
B. nc -l -v comptia.org -p 80
C. nmap comptia.org -p 80 -sV
D. nslookup port=80 comptia.org

When implementing automation with IoT devices, which of the following should be considered FIRST to keep
the network secure?


A. Z-Wave compatibility
B. Network range
C. Zigbee configuration
D. Communication protocols

A security administrator is analyzing the corporate wireless network. The network only has two access points
running on channels 1 and 11. While using airodump-ng, the administrator notices other access points are
running with the same corporate ESSID on all available channels and with the same BSSID of one of the
legitimate access points. Which of the following attacks is happening on the corporate network?


A. On-path
B. Evil twin
C. Jamming
D. Rogue access point
E. Disassociation

Which of the following in the incident response process is the BEST approach to improve the speed of the
identification phase?


A. Activate verbose logging in all critical assets.
B. Tune monitoring in order to reduce false positive rates.
C. Redirect all events to multiple syslog servers.
D. Increase the number of sensors present on the environment.

An analyst receives multiple alerts for beaconing activity for a host on the network. After analyzing the activity,
the analyst observes the following activity:
A user enters comptia.org into a web browser.
The website that appears is not the comptia.org site.
The website is a malicious site from the attacker.
Users in a different office are not having this issue.
Which of the following types of attacks was observed?


A. On-path attack
B. DNS poisoning
C. Locator (URL) redirection
D. Domain hijacking

Which of the following environments utilizes dummy data and is MOST likely to be installed locally on a system
that allows code to be assessed directly and modified easily with each build?


A. Production
B. Test
C. Staging
D. Development