- (Exam Topic 2)
A company recently completed the transition from data centers to the cloud. Which of the following solutions will best enable the company to detect security threats in applications that run in isolated environments within the cloud environment?

1. A. Security groups
2. B. Container security
3. C. Virtual networks
4. D. Segmentation

Correct Answer: B
Container security is a solution that can enable the company to detect security threats in applications that run in isolated environments within the cloud environment. Containers are units of software that package code and dependencies together, allowing applications to run quickly and reliably across different computing environments. Container security involves securing the container images, the container runtime, and the container orchestration platforms. Container security can help prevent unauthorized access, data breaches, malware infections, or denial-of-service attacks on the applications running in containers. References: 1
CompTIA Security+ Certification Exam Objectives, page 9, Domain 2.0: Architecture and Design, Objective 2.3 : Summarize secure application development, deployment, and automation concepts 2
CompTIA Security+ Certification Exam Objectives, page 10, Domain 2.0: Architecture and Design, Objective 2.4: Explain the importance of embedded and specialized systems security 3
https://www.comptia.org/blog/what-is-container-security

- (Exam Topic 4)
Historically, a company has had issues with users plugging in personally owned removable media devices into corporate computers. As a result, the threat of malware incidents is almost constant. Which of the following would best help prevent the malware from being installed on the computers?

1. A. AUP
2. B. NGFW
3. C. DLP
4. D. EDR

Correct Answer: D
EDR stands for Endpoint Detection and Response, which is a technology that monitors, detects, and responds to cyber threats on endpoint devices, such as laptops, desktops, servers, or mobile devices. EDR collects and analyzes data from endpoints to identify suspicious or malicious activities, such as malware installation, file modification, registry changes, network connections, or user actions. EDR also provides tools and capabilities to respond to threats, such as isolating infected devices, blocking malicious processes, removing malware, or restoring files.
Historically, a company has had issues with users plugging in personally owned removable media devices into corporate computers. As a result, the threat of malware incidents is almost constant. EDR would best help prevent the malware from being installed on the computers by detecting the insertion of removable media devices and scanning them for any malicious code or files. EDR would also alert the security team of any potential infection and enable them to take immediate action to contain and remediate the threat.

- (Exam Topic 1)
Which of the following BEST describes data streams that are compiled through artificial intelligence that provides insight on current cyberintrusions, phishing, and other malicious cyberactivity?

1. A. Intelligence fusion
2. B. Review reports
3. C. Log reviews
4. D. Threat feeds

Correct Answer: A
Intelligence fusion is a process that involves aggregating and analyzing data from multiple sources, including artificial intelligence, to provide insight on current cyberintrusions, phishing, and other malicious cyberactivity.
References: CompTIA Security+ Study Guide, Exam SY0-601, 4th Edition, Glossary, p. 767.

- (Exam Topic 2)
A security analyst reviews web server logs and notices the following line: 104.35. 45.53 [22/May/2020:07 : 00:58 +0100] "GET . UNION ALL SELECT
user login, user _ pass, user email from wp users—— HTTP/I.I" 200 1072
http://www.example.com/wordpress/wp—admin/
Which of the following vulnerabilities is the attacker trying to exploit?

1. A. SSRF
2. B. CSRF
3. C. xss
4. D. SQLi

Correct Answer: D
SQLi stands for SQL injection, which is a type of web security vulnerability that allows an attacker to execute malicious SQL statements on a database server. SQLi can result in data theft, data corruption, denial of service, or remote code execution.
The attacker in the web server log is trying to exploit a SQLi vulnerability by sending a malicious GET request that contains a UNION ALL SELECT statement. This statement is used to combine the results of two or more SELECT queries into a single result set. The attacker is attempting to retrieve user login, user pass, and user email from the wp users table, which is a WordPress database table that stores user information. The attacker may use this information to compromise the WordPress site or the users’ accounts.

- (Exam Topic 4)
Which of the following is an example of risk avoidance?

1. A. Installing security updates directly in production to expedite vulnerability fixes
2. B. Buying insurance to prepare for financial loss associated with exploits
3. C. Not installing new software to prevent compatibility errors
4. D. Not taking preventive measures to stop the theft of equipment

Correct Answer: C
Risk avoidance is the strategy of eliminating or minimizing exposure to risk by not engaging in an activity or process that may result in a negative outcome. Not installing new software to prevent compatibility errors is an example of risk avoidance, as it avoids the possibility of introducing new vulnerabilities or disrupting existing functionality.