Joe, a penetration tester, used a professional directory to identify a network administrator and ID administrator for a client's company. Joe then emailed the network administrator, identifying himself as the ID administrator, and asked for a current password as part of a security exercise.
Which of the following techniques were used in this scenario?

• A.Network and host scanning
• B.Enumeration and OS fingerprinting
• C.Social media profiling and phishing
• D.Email harvesting and host scanning

Comment: *

Name: *

Email: *

Verification: *

During an incident, a cybersecurity analyst found several entries in the web server logs that are related to an IP with a bad reputation. Which of the following would cause the analyst to further review the incident?

• A.BadReputationIp - - [2019-04-12 10:43Z] "GET /etc/passwd" 403 1023
• B.BadReputationIp - - [2019-04-12 10:43Z] "GET /a.php?src=/etc/passwd" 403 11056
• C.BadReputationIp - - [2019-04-12 10:43Z] "GET /favicon.ico?src=../usr/share/ icons" 200 19064
• D.BadReputationIp - - [2019-04-12 10:43Z] "GET /a.php?src=../../.ssh/id_rsa" 200 15036
• E.BadReputationIp - - [2019-04-12 10:43Z] "GET /index.html?src=../.ssh/id_rsa" 401 17044

Comment: *

Name: *

Email: *

Verification: *

A human resources employee sends out a mass email to all employees that contains their personnel records. A security analyst is called in to address the concern of the human resources director on how to prevent this from happening in the future.
Which of the following would be the BEST solution to recommend to the director?

• A.Enforce encryption on all emails sent within the company. Create a PII program and policy on how to handle data. Train all human resources employees.
• B.Train all employees. Encrypt data sent on the company network. Bring in privacy personnel to present a plan on how PII should be handled.
• C.Install specific equipment to create a human resources policy that protects PII data. Train company employees on how to handle PII data. Outsource all PII to another company. Send the human resources director to training for PII handling.
• D.Install a data loss prevention system, and train human resources employees on its use.
  Provide PII training to all employees at the company. Encrypt PII information.

Comment: *

Name: *

Email: *

Verification: *

A security technician is testing a solution that will prevent outside entities from spoofing the company's email domain, which is comptia.org. The testing is successful, and the security technician is prepared to fully implement the solution.
Which of the following actions should the technician take to accomplish this task?

• A.Add TXT @ "v=spf1 mx include:_spf.comptia.org −all" to the DNS record.
• B.Add TXT @ "v=spf1 mx include:_spf.comptia.org −all" to the email server.
• C.Add TXT @ "v=spf1 mx include:_spf.comptia.org +all" to the domain controller.
• D.Add TXT @ "v=spf1 mx include:_spf.comptia.org +all" to the web server.

Comment: *

Name: *

Email: *

Verification: *

A security analyst is adding input to the incident response communication plan.
A company officer has suggested that if a data breach occurs, only affected parties should be notified to keep an incident from becoming a media headline.
Which of the following should the analyst recommend to the company officer?

• A.The first responder should contact law enforcement upon confirmation of a security incident in order for a forensics team to preserve chain of custody.
• B.Guidance from laws and regulations should be considered when deciding who must be notified in order to avoid fines and judgements from non-compliance.
• C.The HR department should have information security personnel who are involved in the investigation of the incident sign non-disclosure agreements so the company cannot be held liable for customer data that might be viewed during an investigation.
• D.An externally hosted website should be prepared in advance to ensure that when an incident occurs victims have timely access to notifications from a non-compromised recourse.

Comment: *

Name: *

Email: *

Verification: *