CompTIA Security+ Practice Test of the Day 260217

Question 1

A security administrator at a mid-sized company notices that several users are accessing high-risk websites that are known to host phishing kits and malware. The organization already has a next-generation firewall in place, but leadership wants more granular control over web usage, including blocking categories such as gambling and newly registered domains. The company also wants centralized reporting of user browsing activity for compliance audits. Which of the following should the administrator implement to BEST meet these requirements?

A. Agent-based web filtering solution B. Network access control (NAC) with posture assessment C. DNS filtering with reputation-based blocking D. SELinux policy enforcement

Question 2

Your organization recently experienced an incident in which attackers modified critical system files on a Linux-based financial reporting server. The compromise was not detected until several days later during a manual audit. Leadership now requires real-time alerts if critical system binaries or configuration files are altered. Which of the following should be implemented to BEST detect this activity in the future?

A. Data loss prevention (DLP) B. File integrity monitoring (FIM) C. Intrusion prevention system (IPS) D. Network segmentation

Question 3

An analyst in a SOC observes multiple failed login attempts against privileged service accounts across several domain controllers. The attempts originate from different geographic regions within minutes, suggesting credential spraying. The organization wants to restrict privileged account usage to reduce risk exposure and ensure administrative access is only granted temporarily when needed. Which of the following would BEST address this requirement?

A. Implement just-in-time (JIT) permissions within a privileged access management (PAM) solution B. Configure discretionary access control (DAC) on domain controllers C. Enforce password complexity requirements D. Deploy an intrusion detection system (IDS) with updated signatures

Question 4

A company is migrating several internal applications to a hybrid cloud environment. Users currently authenticate separately to multiple SaaS platforms, resulting in password fatigue and increased help desk tickets for password resets. The security team wants to improve user experience while maintaining centralized identity management and secure token-based authentication across services. Which of the following should be implemented?

A. Lightweight Directory Access Protocol (LDAP) authentication only B. Single sign-on (SSO) using SAML federation C. Local account authentication for each SaaS application D. Port-based firewall rules restricting SaaS access

Question 5

Your company recently detected several phishing emails that appeared to originate from the organization’s own domain. External recipients reported receiving fraudulent invoice messages that passed basic spam filtering checks. The security team confirms that attackers are spoofing the company’s domain in the “From” field of emails. Which of the following should be implemented to BEST prevent external email domain spoofing?

A. Configure Sender Policy Framework (SPF), DKIM, and enforce DMARC policy B. Deploy endpoint detection and response (EDR) agents on user workstations C. Implement a web application firewall (WAF) D. Configure network address translation (NAT) rules on the perimeter firewall

Question 6

A security administrator at a mid-sized company wants to ensure that only authorized and compliant devices can connect to the internal corporate network. Recently, an unmanaged personal laptop connected to an open switch port and accessed internal resources without restriction. Management requires a solution that validates device health and authentication before granting network access. Which of the following should be implemented?

A. Port mirroring on access switches B. Network Access Control (NAC) using 802.1X authentication C. DNS filtering with reputation analysis D. Host-based firewall rules on endpoints

Question 7

An organization has deployed a signature-based intrusion detection system (IDS) at the perimeter. However, recent attacks involving zero-day exploits were not detected. Leadership wants to improve detection capabilities by identifying anomalous behavior patterns and correlating events across endpoints, servers, and network devices. Which of the following should be implemented to BEST meet this requirement?

A. Extended detection and response (XDR) B. Static firewall access control lists (ACLs) C. Time-of-day access restrictions D. Full-disk encryption (FDE)

Question 8

A security administrator at a healthcare organization must ensure that sensitive patient data is not transmitted outside the corporate network via email, cloud storage uploads, or USB transfers. The organization must also generate alerts and block transmissions when policy violations occur. Which of the following should be implemented to BEST satisfy these requirements?

A. Security information and event management (SIEM) B. Data loss prevention (DLP) C. Intrusion prevention system (IPS) D. Reverse proxy with TLS inspection

Question 9

A security administrator at a mid-sized company discovers that several internal servers are communicating with suspicious external IP addresses over uncommon ports. Although a perimeter firewall is in place, the current configuration broadly allows outbound traffic from internal subnets. Leadership wants to reduce the attack surface and prevent unauthorized outbound communications while maintaining required business services. Which of the following actions should the administrator take to BEST enhance security?

A. Implement restrictive egress firewall rules using explicit port and protocol allow lists B. Deploy a screened subnet (DMZ) for internal user workstations C. Enable full-disk encryption (FDE) on all internal servers D. Configure Simple Network Management Protocol (SNMP) traps

Question 10

An organization has experienced several incidents where compromised endpoints executed malicious processes that were not detected by traditional antivirus software. The security team wants enhanced visibility into endpoint behavior, including process creation, registry changes, and lateral movement attempts. Additionally, automated containment capabilities are required to isolate infected hosts from the network. Which of the following should be implemented to BEST meet these requirements?

A. Host-based intrusion detection system (HIDS) B. Endpoint detection and response (EDR) C. Centralized syslog server D. Web application firewall (WAF)

CompTIA Security+ Practice Test of the Day 260217

ByThe Test Master

Related Post

CompTIA Security+ Practice Test of the Day 260410

CompTIA Security+ Practice Test of the Day 260409

CompTIA Security+ Practice Test of the Day 260408

You missed

CEH v13 Domain 7.1 Practice Test 002

CEH v13 Domain 6.1 Practice Test 002

CEH v13 Domain 5.3 Practice Test 002

CEH v13 Domain 5.2 Practice Test 002