- (Exam Topic 3)
A security engineer is building a file transfer solution to send files to a business partner. The users would like to drop off the files in a specific directory and have the server send the file to the business partner. The connection to the business partner is over the internet and needs to be secure. Which of the following can be used?

1. A. SMIME
2. B. LDAPS
3. C. SSH
4. D. SRTP

Correct Answer: C
SSH stands for Secure Shell, which is a protocol that can be used to securely transfer files over the internet. SSH uses encryption and authentication to protect the data in transit and ensure the identity of the sender and receiver. SSH can also support compression, tunneling, and port forwarding. SSH can be used to send files to a business partner by using a command-line tool such as scp or sftp, or by using a graphical user interface (GUI) tool such as FileZilla or WinSCP. SSH can also be used to remotely access and manage servers or devices over the internet. References:
https://www.globalscape.com/solutions/secure-file-transfer
https://www.jscape.com/blog/how-to-securely-transfer-large-files-over-the-internet

- (Exam Topic 3)
A security analyst is currently addressing an active cyber incident. The analyst has been able to identify affected devices that are running a malicious application with a unique hash. Which of the following is the
next step according to the incident response process?

1. A. Recovery
2. B. Lessons learned
3. C. Containment
4. D. Preparation

Correct Answer: C
Containment is the next step according to the incident response process after identifying affected devices that are running a malicious application with a unique hash. Containment involves isolating the compromised devices or systems from the rest of the network to prevent the spread of the attack and limit its impact. Containment can be done by disconnecting the devices from the network, blocking network traffic to or from them, or applying firewall rules or access control lists. Containment is a critical step in incident response because it helps to preserve evidence for further analysis and remediation, and reduces the risk of data loss or exfiltration
https://www.fortinet.com/resources/cyberglossary/incident-response https://www.ibm.com/topics/incident-response

- (Exam Topic 1)
Which of the following describes a maintenance metric that measures the average time required to troubleshoot and restore failed equipment?

1. A. RTO
2. B. MTBF
3. C. MTTR
4. D. RPO

Correct Answer: C
Mean Time To Repair (MTTR) is a maintenance metric that measures the average time required to troubleshoot and restore failed equipment. References: CompTIA Security+ Certification Exam Objectives 4.6 Explain the importance of secure coding practices. Study Guide: Chapter 7, page 323.

- (Exam Topic 2)
Which of the following processes would most likely help an organization that has conducted an incident response exercise to improve performance and identify challenges?

1. A. Lessons learned
2. B. Identification
3. C. Simulation
4. D. Containment

Correct Answer: A
Lessons learned is a process that would most likely help an organization that has conducted an incident response exercise to improve performance and identify challenges. Lessons learned is a process that involves reviewing and evaluating the incident response exercise to identify what went well, what went wrong, and what can be improved. Lessons learned can help an organization enhance its incident response capabilities, address any gaps or weaknesses, and update its incident response plan accordingly.
References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901

- (Exam Topic 2)
A Chief Information Security Officer (CISO) is evaluating the dangers involved in deploying a new ERP system for the company. The CISO categorizes the system, selects the controls that apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system. Which of the following is the CISO using to evaluate the environment for this new ERP system?

1. A. The Diamond Model of Intrusion Analysis
2. B. CIS Critical Security Controls
3. C. NIST Risk Management Framework
4. D. ISO 27002

Correct Answer: C
The NIST Risk Management Framework (RMF) is a process for evaluating the security of a system and implementing controls to reduce potential risks associated with it. The RMF process involves categorizing the system, selecting the controls that apply to the system, implementing the controls, and then assessing the success of the controls before authorizing the system. For more information on the NIST Risk Management Framework and other security processes, refer to the CompTIA Security+ SY0-601 Official Text Book and Resources.