A technician reviews an organization's incident management policy. The organization uses a third-party vendor with multiple tools to protect its assets. What service type is this?
Managed Detection and Response (MDR)involves outsourcing security monitoring to a third-party that uses multiple tools and analytics.
FromTravis Everett -- All-in-One Exam Guide:
''MDR providers handle threat detection and response using a combination of advanced tools, analytics, and expert personnel.''
An organization is experiencing an increased number of issues. A technician notices applications that are not installed by default. Users are reporting an increased number of system prompts for software licensing. Which of the following would the security team most likely do to remediate the root cause?
If unauthorized or non-standard applications are appearing on systems and users are receiving licensing prompts, it's likely users are installing software themselves. Removing users from the local administrators group will prevent them from installing software without approval and reduce the likelihood of introducing unapproved or malicious programs.
A . Deploying a PKI helps with secure communications but doesn't address user software installation rights.
C . Blocking suspicious websites is helpful but doesn't prevent local installations.
D . Stricter UAC may add prompts but can still be bypassed by admin users.
CompTIA A+ 220-1102 Objective 2.2: Compare and contrast access control methods and user privilege settings.
Study Guide Section: Principle of least privilege and managing local admin rights
===========================
A malicious actor uses multiple endpoints to target a single endpoint. Which of the following describes this threat?
Using many separate systems (endpoints) to attack one target is the defining characteristic of a Distributed Denial of Service (DDoS) attack. Mike Meyers' Lab Manual defines DDoS as: ''An attack on a computer or network device in which multiple computers send data and requests to the device in an attempt to overwhelm it so that it cannot perform normal operations.'' That description exactly matches the scenario: many endpoints are coordinated to flood one endpoint, preventing legitimate use.
This is different from an on-path (man-in-the-middle) attack, which intercepts traffic between two parties; SQL injection, which targets databases via malicious input; and brute-force attacks, which attempt repeated authentication guesses. The key clue is multiple endpoints working together, which implies distribution (often via botnets) and service disruption by volume. That is why the correct classification is Distributed Denial of Service (D).
After completing malware removal steps, what is the next step the technician should take?
End-user education is crucial after malware removal to prevent recurrence. Teaching safe browsing habits and security awareness completes the remediation cycle.
Mark Soper -- Mike Meyers' Lab Manualstates:
''Educating the user after malware remediation is part of the CompTIA malware response methodology. This includes training on phishing and safe practices.''
Which of the following security measures addresses the issue of information exfiltration?
The correct answer is A. DLP (Data Loss Prevention), because DLP solutions are specifically designed to detect, monitor, and prevent unauthorized transmission of sensitive data outside an organization. Information exfiltration occurs when confidential data is improperly transferred, leaked, or stolen, either intentionally or accidentally.
According to the Quentin Docter -- CompTIA A+ Complete Study Guide, DLP technologies enforce policies that restrict how data can be shared via email, cloud services, removable media, or network transfers. DLP systems can block, quarantine, or alert administrators when sensitive data patterns---such as credit card numbers or personal identifiers---are detected leaving the organization.
The Travis Everett & Andrew Hutz -- All-in-One Exam Guide explains that DLP focuses on data protection, not user authentication or device management. While IAM controls access to resources and MDM manages mobile devices, neither directly prevents data from being exfiltrated once access is granted.
The Mike Meyers / Mark Soper Lab Manual reinforces that SAML is an authentication framework and does not monitor data movement.
Because the question specifically addresses information exfiltration, the security control designed to prevent it is Data Loss Prevention, making A the correct answer.
Cynthia Young
2 days agoHarold Roberts
30 days agoEmma Young
1 month agoBetty Mitchell
1 month agoDaniel Sanchez
2 months agoSharon Baker
2 months agoJason Mitchell
2 months agoMaria Davis
2 months agoStephen Rivera
2 months agoCarol Thomas
2 months agoJennifer Wright
1 month agoCharlette
3 months agoJanella
3 months agoRaymon
3 months agoCammy
4 months agoMiles
4 months agoLilli
4 months agoKenneth
5 months agoBrent
5 months agoJerry
5 months agoMarsha
5 months agoDaren
5 months agoAlana
6 months agoHyman
6 months agoLorrie
6 months agoLisbeth
6 months agoDorthy
7 months agoThaddeus
7 months agoDella
7 months agoMargurite
7 months agoLaurene
8 months agoAlecia
8 months agoElin
8 months agoSilvana
8 months agoGarry
9 months agoFrancine
9 months agoMitsue
9 months agoJudy
9 months agoTheodora
9 months agoAnnmarie
10 months agoDorothea
10 months agoParis
12 months agoDevon
12 months agoIrma
1 year agoJerry
1 year agoRoy
1 year agoMa
1 year agoLeonor
1 year agoBenedict
1 year ago