CompTIA Security+ Question M-10

An organization has implemented a policy requiring the use of conductive metal lockboxes for personal electronic devices outside of a secure research lab. Which of the following did the organization determine to be the GREATEST risk to intellectual property when creating this policy?

A. The theft of portable electronic devices
B. Geotagging in the metadata of images
C. Bluesnarfing of mobile devices
D. Data exfiltration over a mobile hotspot

Answer: D

CompTIA Security+ Question M-9

A commercial cyber-threat intelligence organization observes Indicators of Compromise (IOCs) across a variety of unrelated customers. Prior to releasing specific threat intelligence to other paid subscribers, the organization is MOST likely obligated by contracts to:

A. perform attribution to specific APTs and nation-state actors.
B. anonymize any Personally Identifiable Information (PII) that is observed within the IoC data.
C. add metadata to track the utilization of threat intelligence reports.
D. assist companies with impact assessments based on the observed data.

Answer: B

CompTIA Security+ Question M-8

An organization is developing a plan in the event of a complete loss of critical systems and data. Which of the following plans is the organization MOST likely to develop?

A. Incident response
B. Communications
C. Disaster recovery
D. Data retention

Answer: C

CompTIA Security+ Question M-7

An organization wants to implement a third factor to an existing multifactor authentication. The organization already uses a smart card and password. Which of the
following would meet the organization’s needs for a third factor?

A. Date of birth
B. Fingerprints
C. PIN
D. trusted platform module (TPM)

Answer: B

CompTIA Security+ Question M-5

A Chief Security Officer (CSO) is concerned about the amount of PII that is stored locally on each salesperson’s laptop. The sales department has a higher-than-average
rate of the lost equipment. Which of the following recommendations would BEST address the CSO’s concern?

A. Deploy a Best Mobile Device Management (MDM) solution.
B. Implement managed Full-disk encryption (FDE)
C. Replace all hard drives with self-encrypting drives (SED).
D. Install Data loss prevention (DLP) agents on each laptop.

Answer: B

CompTIA Security+ Question M-4

Which of the following refers to applications and systems that are used within an organization without consent or approval?

A. Shadow IT
B. OSINT
C. Dark web
D. Insider threats

Answer: A

CompTIA Security+ Question M-3

A manufacturer creates designs for very high security products that are required to be protected and controlled by the government regulations. These designs are
not accessible by corporate networks or the Internet. Which of the following is the BEST solution to protect these designs?

A. An air gap
B. A Faraday cage
C. A shielded cable
D. A demilitarized zone

Answer: A

CompTIA Security+ Question M-2

A company processes highly sensitive data and senior management wants to protect the sensitive data by utilizing classification labels. Which of the following
access control schemes would be BEST for the company to implement?

A. Discretionary
B. Rule-based
C. Role-based
D. Mandatory

Answer: D

CompTIA Security+ Question M-1

Which of the following policies would help an organization identify and mitigate potential single points of failure in the company’s IT/security operations?

A. Least privilege
B. Awareness training
C. Separation of duties
D. Mandatory vacation

Answer: C