Uploaded by rkomze

Comptia Security+ from Quizlet- word

advertisement
Home
Your library
Expert solutions
Study sets, textbooks, questions
Profile Picture
Upgrade: free 7-day trial
Security+ SY0-601 Certification Practice Exam
Study
Other
Computer Skills
Security+ SY0-601 Certification Practice Exam
9 studiers today
Leave the first rating
Flashcards
Learn
Test
Match
Which of the following is an important aspect of evidence-gathering?
Back up all log files and audit trails.
Purge transaction logs.
Restore damaged data from backup media.
Monitor user access to compromised systems.
Back up all log files and audit trails.
1 / 89
Profile Picture
Created by
Paladin_Rhyne
Terms in this set (89)
Original
Which of the following is an important aspect of evidence-gathering?
Back up all log files and audit trails.
Purge transaction logs.
Restore damaged data from backup media.
Monitor user access to compromised systems.
Back up all log files and audit trails.
Which of the following items would be implemented at the Network layer of the security model?
Wireless networks
Network plans
Firewalls using ACLs
Penetration testing
Penetration testing
Prepare to Document means establishing the process you will use to document your network.
Which of the following makes this documentation more useful?
Identify the choke points on the network.
Automate administration as much as possible.
Identify who is responsible for each device.
Have a printed hard copy kept in a secure location.
Have a printed hard copy kept in a secure location.
You assign access permissions so that users can only access the resources required to accomplish their
specific work tasks. Which security principle are you complying with?
Cross-training
Job rotation
Need to know
Principle of least privilege
Principle of least privilege
A recreation of historical events is made possible through which of the following?
Incident reports
Audits
Audit trails
Penetration testing
Audit trails
An attacker uses an exploit to push a modified hosts file to client systems. This hosts file redirects traffic
from legitimate tax preparation sites to malicious sites to gather personal and financial information.
Which kind of exploit has been used in this scenario?
Man-in-the-middle
Reconnaissance
DNS poisoning
Domain name kiting
DNS poisoning
When you inform an employee that he or she is being terminated, which of the following is the most
important activity?
Disable his or her network access
Allow him or her to collect their personal items
Allow him or her to complete their current work projects
Give him or her two weeks' notice
Disable his or her network access
Which protocol does HTTPS use to offer greater security in web transactions?
Kerberos
IPsec
SSL
Telnet
SSL
How often should change-control management be implemented?
Any time a production system is altered.
At regular intervals throughout the year.
Only when changes are made that affect senior management.
Only when a production system is altered greatly.
Any time a production system is altered.
A user copies files from her desktop computer to a USB flash device and puts the device into her pocket.
Which of the following security risks is most pressing?
Non-repudiation
Confidentiality
Availability
Integrity
Confidentiality
Which ISO publication lays out guidelines for selecting and implementing security controls?
31000
27002
27701
27001
27002
You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note
with your password written on it. Which of the following types of non-technical password attacks have
you enabled?
Social engineering
Dumpster diving
Shoulder surfing
Password guessing
Dumpster diving
Which of the following functions does a single quote (') perform in an SQL injection?
Indicates that everything after the single quote is a comment
Indicates that the comment has ended and data is being entered
Indicates that code is ending and a comment is being entered
Indicates that data has ended and a command is beginning
Indicates that data has ended and a command is beginning
You have detected and identified a security event. What's the first step you should complete?
Isolation
Segmentation
Playbook
Containment
Containment
Which access control model is based on assigning attributes to objects and using Boolean logic to grant
access based on the attributes of the subject?
Mandatory Access Control (MAC)
Role-Based Access Control (RBAC)
Attribute-Based Access Control (ABAC)
Rule-Based Access Control
Attribute-Based Access Control (ABAC)
Which of the following types of auditing verifies that systems are utilized appropriately and in
accordance with written organizational policies?
Financial audit
PoLP
Internal audit
Usage audit
Usage audit
Which EAP implementation is MOST secure?
EAP-MD5
LEAP
EAP-FAST
EAP-TLS
EAP-TLS
Extensible Authentication Protocol - Transport Layer Security
Which type of reconnaissance is dumpster diving?
Active
Passive
Packet sniffing
OSINT
Passive
no active modification/querying is involved
You have been hired as part of the team that manages an organization's network defense.
Which security team are you working on?
Red
White
Blue
Purple
Blue
What is the average number of times that a specific risk is likely to be realized in a single year?
Estimated maximum downtime
Annualized rate of occurrence
Exposure factor
Annualized loss expectancy
Annualized rate of occurrence
Your LDAP directory-services solution uses simple authentication. What should you always do when
using simple authentication?
Use IPsec and certificates
Use SSL
Use Kerberos
Add SASL and use TLS
Use SSL
A wireless access point configured to use Wired Equivalent Privacy (WEP) is an example of which kind of
vulnerability?
Unpatched software
Default settings
Zero-day exploit
Weak security configurations
Weak security configurations
You manage an Active Directory domain. All users in the domain have a standard set of internet options
configured by a GPO linked to the domain, but you want users in the Administrators OU to have a
different set of internet options.
What should you do?
Create a GPO computer policy for the Administrators OU.
Create a GPO user policy for the Administrators OU.
Create a Local Group Policy on the computers used by members of the Administrators OU.
Create a GPO user policy for the domain.
Create a GPO user policy for the Administrators OU.
What is the most obvious means of providing non-repudiation in a cryptography system?
Digital signatures
Shared secret keys
Public keys
Hashing values
Digital signatures
SSL (Secure Sockets Layer) operates at which layer of the OSI model?
Session
Application
Transport
Presentation
Session
What is the purpose of audit trails?
To detect security-violating events.
To restore systems to normal operations.
To correct system problems.
To prevent security breaches.
To detect security-violating events.
Most equipment is cooled by bringing cold air in the front and ducting the heat out of the back. What is
the term for where the heat is sent in this type of scenario?
Hot aisle
Cold aisle
Front aisle
Back aisle
Hot aisle
Which of the following happens by default when you create a new ACL on a router?
All traffic is blocked.
All traffic is permitted.
The ACL is ignored until applied.
ACLs are not created on a router.
All traffic is blocked.
Which of the following terms is used to describe an event in which a person who should be allowed
access is denied access to a system?
False negative
Error rate
False positive
False acceptance
False negative
Which of the following drive configurations is fault tolerant?
Disk striping
RAID 5
Expanded volume set
RAID 0
RAID 5
Which of the following terms describes the actual time required to successfully recover operations in the
event of an incident?
Recovery point objective (RPO)
Mean time to repair (MTTR)
Recovery time objective (RTO)
Maximum tolerable downtime (MTD)
Recovery time objective (RTO)
!= or <> refers to Not Equal in which scripting language?
Bash
PuTTY
Python
PowerShell
Python
You want to identify traffic that is generated and sent through a network by a specific application
running on a device.
Which tool should you use?
Certifier
Protocol analyzer
Multimeter
Toner probe
TDR
Protocol analyzer
You want to identify all devices on a network along with a list of open ports on those devices. You want
the results displayed in a graphical diagram. Which tool should you use?
OVAL
Network mapper
Port scanner
Ping scanner
Network mapper
After a security event that involves a breach of physical security, what is the term used for the new
measures, incident review, and repairs meant to stop a future incident from occurring?
Detection
Recovery
Prevention
Data breach
Recovery
A relatively new employee in the data entry cubical farm was assigned a user account similar to the
other data entry employees' accounts. However, audit logs have shown that this user account has been
used to change ACLs on several confidential files and has accessed data in restricted areas.
This situation indicates which of the following has occurred?
Physical security
Social engineering
External attack
Privilege escalation
Privilege escalation
Which of the following is the BEST example of the principle of least privilege?
Lenny has been given access to files that he does not need for his job.
Wanda has been given access to the files that she needs for her job.
Jill has been given access to all of the files on one server.
Mary has been given access to all of the file servers.
Wanda has been given access to the files that she needs for her job.
In which phase of an attack does the attacker gather information about the target?
Reconnaissance
Exploit the system
Breach the system
Escalating privileges
Reconnaissance
When you dispose of a computer or sell used hardware, it is crucial that none of the data on the hard
disks can be recovered.
Which of the following actions can you take to ensure that no data is recoverable?
Damage the hard disks so badly that all data remanence is gone.
Encrypt all data on the hard disks.
Reformat all the hard disks in the computer.
Delete all files from all the hard disks in the computer.
Damage the hard disks so badly that all data remanence is gone.
As a security analyst, you are looking for a platform to compile all your security data generated by
different endpoints. Which tool would you use?
MAM
SOAR
GDPR
MDM
SOAR
a platform to compile security data generated by different security endpoints
Which of the following password attacks uses preconfigured matrices of hashed dictionary words?
Rainbow table attack
Hybrid attack
Dictionary attack
Brute-force attack
Rainbow table attack
Users in the sales department perform many of their daily tasks, such as emailing and creating sales
presentations, on their personal tablets.
The chief information officer worries that one of these users might also use their tablet to steal sensitive
information from the organization's network. Your job is to implement a solution that prevents insiders
from accessing sensitive information stored on the organization's network from their personal devices
while still giving them access to the internet.
Which of the following should you implement?
A guest wireless network that is isolated from your organization's production network
A mobile device management (MDM) infrastructure
A Network Access Control (NAC) solution
An Acceptable Use Policy (AUP)
A guest wireless network that is isolated from your organization's production network
What does the netstat -a command show?
All connected hosts
All listening sockets
All listening and non-listening sockets
All network users
All listening and non-listening sockets
Which of the following is a network virtualization solution provided by Microsoft?
VirtualBox
Hyper-V
VMware
Citrix
Hyper-V
Change control should be used to oversee and manage changes over which aspect of an organization?
IT hardware and software
Physical environment
Personnel and policies
Every aspect
Every aspect
If an SMTP server is not properly and securely configured, it can be hijacked and used maliciously as an
SMTP relay agent. Which activity could result if this happens?
Salami attack
Spamming
Virus hoax
Data diddling
Spamming
Which of the following BEST describes zero-trust security?
Only devices that pass authentication are trusted.
Only devices that pass authorization are trusted.
Only devices that pass both authentication and authorization are trusted.
All devices are trusted.
Only devices that pass both authentication and authorization are trusted.
Your organization is having a third party come in and perform an audit on the financial records. You want
to ensure that the auditor has access to the data they need while keeping the customers' data secure. To
accomplish this goal, you plan to implement a mask that replaces the client names and account numbers
with fictional data.
Which masking method are you implementing?
Dynamic
Encryption
Static
Tokenization
Dynamic
Which of the following can be classified as a stream cipher?
Blowfish
AES
Twofish
RC4
RC4
Which security mechanism uses a unique list that meets the following specifications:
The list is embedded directly in the object itself.
The list defines which subjects have access to certain objects.
The list specifies the level or type of access allowed to certain objects.
Conditional access
Hashing
User ACL
Mandatory access control
User ACL
You are part of a committee that is meeting to define how Network Access Control (NAC) should be
implemented in the organization. Which step in the NAC process is this?
Define
Plan
Review
Apply
Plan
The government and military use the following information classification system:UnclassifiedSensitive
But UnclassifiedConfidentialSecretTop SecretDrag each classification on the left to the appropriate
description on the right.
Drag
UnclassifiedSensitive But Unclassified
Confidential
SecretTop Secret
Drop
The lowest level of classified information used by the military. Release of this information could cause
damage to military efforts.
If this information is released, it poses grave consequences to national security.
This information can be accessed by the public and poses no security threat.
If this information is disclosed, it could cause some harm, but not a national disaster
If this information is disclosed, it could cause severe and permanent damage to military actions.
The lowest level of classified information used by the military. Release of this information could cause
damage to military efforts.
Confidential
If this information is released, it poses grave consequences to national security.
Top Secret
This information can be accessed by the public and poses no security threat.
Unclassified
If this information is disclosed, it could cause some harm, but not a national disaster.
Sensitive But Unclassified
If this information is disclosed, it could cause severe and permanent damage to military actions.
Secret
Some users report that frequent system crashes have started happening on their workstations. Upon
further investigation, you notice that these users all have the same application installed that has been
recently updated. Where would you go to conduct a root cause analysis?
Security log
Network log
Application log
Firewall log
Application log
Which of the following is a common social engineering attack?
Using a sniffer to capture network traffic
Distributing false information about an organization's financial status
Distributing hoax virus-information emails
Logging on with stolen credentials
Distributing hoax virus-information emails
Which of the following is a disadvantage of software defined networking (SDN)?
SDN creates centralized management.
SDN standards are still being developed.
SDN facilitates communication between hardware from different vendors.
SDN gathers network information and statistics.
SDN standards are still being developed.
Which of the following sends unsolicited business cards and messages to a Bluetooth device?
Slamming
Bluejacking
Bluebugging
Bluesnarfing
Bluejacking
You have physically added a wireless access point to your network and installed a wireless networking
card in two laptops that run Windows. Neither laptop can find the network. You have come to the
conclusion that you must manually configure the access point (AP).
Which of the following values uniquely identifies the network AP?
SSID
Channel
WEP
PS
SSID
You are running a packet sniffer on your workstation so you can identify the types of traffic on your
network. You expect to see all the traffic on the network, but the packet sniffer only seems to be
capturing frames that are addressed to the network interface on your workstation.
Which of the following must you configure in order to see all of the network traffic?
Configure the network interface to use promiscuous mode.
Configure the network interface to use port mirroring mode.
Configure the network interface to enable logging.
Configure the network interface to use protocol analysis mode.
Configure the network interface to use promiscuous mode.
Which of the following best describes shoulder surfing?
Guessing someone's password because it is so common or simple.
Someone nearby watching you enter your password on your computer and recording it.
Giving someone you trust your username and account password.
Finding someone's password in the trash can and using it to access their account.
Someone nearby watching you enter your password on your computer and recording it.
A type of malware that prevents the system from being used until the victim pays the attacker money is
known as what?
Fileless virus
Remote Access Trojan (RAT)
Ransomware
Denial-of-service attack (DoS attack)
Ransomware
Which of the following cloud storage access services acts as a gatekeeper, extending an organization's
security policies into the cloud storage infrastructure?
A web service application programming interface
A cloud storage gateway
A cloud-access security broker
A co-located cloud computer service
A cloud-access security broker
Which of the following are often identified as the three main goals of security? (Select three.)
Assets
Confidentiality
Availability
Policies
Integrity
Employees
Non-repudiation
Confidentiality
Availability
Integrity
Which of the following lets you make phone calls over a packet-switched network?
VoIP
SCADA
FPGA
RTOS
VoIP
In which phase of the Microsoft Intune application life cycle would you assign an app to users and/or
devices you manage and monitor them on the Azure portal?
Configure
Protect
Deploy
Add
Deploy
An attacker is attempting to crack a system's password by matching the password hash to a hash in a
large table of hashes he or she has.
Which type of attack is the attacker using?
Brute force
Rainbow
RIPEMD
Cracking
Rainbow
Which of the following can make passwords useless on a router?
Using the MD5 hashing algorithm to encrypt the password
Not controlling physical access to the router
Storing the router configuration file in a secure location
Using SSH to remotely connect to a router
Not controlling physical access to the router
What is the primary security feature that can be designed into a network's infrastructure to protect and
support availability?
Redundancy
Switches instead of hubs
Periodic backups
Fiber optic cables
Redundancy
Which of the following is an example of privilege escalation?
Separation of duties
Privilege creep
Mandatory vacations
Principle of least privilege
Privilege creep
Which of the following is an example of protocol-based network virtualization?
VFA
VMM
vSwitch
VLAN
VLAN
Which of the following are characteristics of a circuit-level gateway? (Select two.)
Stateless
Filters based on sessions
Filters IP address and port
Stateful
Filters based on URL
Stateful
Filters based on sessions
You want to know which protocols are being used on your network. You'd like to monitor network traffic
and sort traffic by protocol.
Which tool should you use?
Port scanner
Packet sniffer
IPS
Throughput tester
IDS
Packet sniffer
Which of the following are backed up during an incremental backup?
Only files that have changed since the last full backup.
Only files that have changed since the last full or differential backup.
Only files that have changed since the last full or incremental backup.
Only files that are new since the last full or incremental backup.
Only files that have changed since the last full or incremental backup.
Which of the following standards relates to the use of credit cards?
PCI DSS
PoLP
Financial audit
SOX
PCI DSS
A collection of zombie computers have been set up to collect personal information. Which type of
malware do the zombie computers represent?
Trojan horse
Logic bomb
Spyware
Botnet
Botnet
What is the most important element related to evidence in addition to the evidence itself?
Photographs of the crime scene
Chain of custody document
Completeness
Witness testimony
Chain of custody document
Which of the following tools allows the user to set security rules for an instance of an application that
interacts with one organization and different security rules for an instance of the application when
interacting with another organization?
Integration
Replication
Instance awareness
Encryption
Instance awareness
Which of the following describes a configuration baseline?
A collection of security settings that can be automatically applied to a device
A list of common security settings that a group or all devices share
The minimum services required for a server to function
A set of performance statistics that identifies normal operating performance
A list of common security settings that a group or all devices share
You are using a password attack that tests every possible keystroke for each single key in a password until
the correct one is found. Which of the following technical password attacks are you using?
Password sniffing
Pass-the-hash attack
Brute force attack
Keylogger
Brute force attack
You have been asked to implement a RAID 5 solution for your network. What is the minimum number of
hard disks that can be used to configure RAID 5?
2
3
4
5
6
3
What is the name of the service included with the Windows Server operating system that manages a
centralized database containing user account and security information?
...
You want to protect data on hard drives for users with laptops. You want the drive to be encrypted, and
you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the
system should not boot if a change is detected in any of the boot files.
What should you do?
Have each user encrypt user files with EFS.
Implement BitLocker without a TPM.
Have each user encrypt the entire volume with EFS.
Implement BitLocker with a TPM.
Implement BitLocker without a TPM.
What is the primary function of the IKE Protocol used with IPsec?
Create a security association between communicating partners.
Encrypt packet contents.
Ensure dynamic key rotation and select initialization vectors (IVs).
Provide both authentication and encryption.
Provide authentication services.
Create a security association between communicating partners.
Which of the following functions are performed by proxies? (Select two.)
Cache web pages
Give users the ability to participate in real-time, text-based internet discussions
Filter unwanted emails
Block employees from accessing certain websites
Store client files
Cache web pages
Block employees from accessing certain websites
Which type of firewall protects against packets coming from certain IP addresses?
Application layer
Packet-filtering
Stateful
Circuit-level
Packet-filtering
Which of the following is considered a major problem with instant messaging applications?
Loss of productivity
Transfer of text and files
Real-time communication
Freely available for use
Loss of productivity
You need to check network connectivity from your computer to a remote computer.
Which of the following tools would be the BEST option to use?
nmap
ping
route
tracert
ping
Which of the following is a privilege or action that can be taken on a system?
User rights
SACL
Permissions
DACL
User rights
You are adding switches to your network to support additional VLANs. Unfortunately, the new switches
are from a different vendor than the current switches.
Which standard do you need to ensure that the switches are supported?
802.11
802.1Q
802.1x
802.3
802.1Q
In your role as a security analyst, you ran a vulnerability scan, and several vulnerabilities were reported.
Upon further inspection, none of the vulnerabilities actually existed.
Which type of result is this?
False negative
True positive
True negative
False positive
False positive
Home
Your library
Expert solutions
Study sets, textbooks, questions
Profile Picture
Upgrade: free 7-day trial
2022 CompTIA SECURITY+ SY0-601 BEST EXAM STUDY by Brian MacFarlane
Study
2022 CompTIA SECURITY+ SY0-601 BEST EXAM STUDY by Brian MacFarlane
194 studiers today
4.4 (121 reviews)
Flashcards
Learn
Test
Match
A
A security administrator suspects an employee has been emailing proprietary information to a
competitor. Company policy requires the administrator to capture an exact copy of the employee's hard
disk.
Which of the following should the administrator use?
A. dd
B. chmod
C. dnsenum
D. logger
1 / 174
Profile Picture
Created by
WieldyStone2
Updated on 2022-03-17 from Examtopics.com
Textbook solutions for this set
CompTIA Security+ Guide to Network Security Fundamentals 6th Edition by Mark Ciampa
CompTIA Security+ Guide to Network Security Fundamentals
6th Edition•ISBN: 9781337514774
Mark Ciampa
CompTIA Security+ Certification Study Guide (Exam SY0-501) 3rd Edition by Glen Clarke
CompTIA Security+ Certification Study Guide (Exam SY0-501)
3rd Edition•ISBN: 9781260026054
Glen Clarke
Search for a textbook or question
Terms in this set (174)
Original
A
A security administrator suspects an employee has been emailing proprietary information to a
competitor. Company policy requires the administrator to capture an exact copy of the employee's hard
disk.
Which of the following should the administrator use?
A. dd
B. chmod
C. dnsenum
D. logger
THIS IS THE ORDER AS FOLLOWS:
ssh-keygen -t rsa
ssh-copy-id -i ~/.ssh/id_rsa.pub user@server
chmod 644 ~/.ssh/id_rsa
ssh root@server
DRAG AND DROP SIMULATION (SEE IMAGE)
Firewall 1:DNS Rule "" ANY --> ANY --> DNS --> PERMIT
HTTPS Outbound "" 10.0.0.1/24 --> ANY --> HTTPS --> PERMIT
Management "" ANY --> ANY --> SSH --> PERMIT
HTTPS Inbound "" ANY --> ANY --> HTTPS --> PERMIT
HTTP Inbound "" ANY --> ANY --> HTTP --> DENY
Firewall 2: No changes should be made to this firewall
Firewall 3:DNS Rule "" ANY --> ANY --> DNS --> PERMIT
HTTPS Outbound "" 192.168.0.1/24 --> ANY --> HTTPS --> PERMIT
Management "" ANY --> ANY --> SSH --> PERMIT
HTTPS Inbound "" ANY --> ANY --> HTTPS --> PERMIT
HTTP Inbound "" ANY --> ANY --> HTTP --> DENY
DROP DOWN SIMULATION (SEE IMAGE)
See IMAGE
DRAG AND DROP SIMULATION (SEE ANSWERS IN IMAGE)
DF
Which of the following will MOST likely adversely impact the operations of unpatched traditional
programmable-logic controllers, running a back-end LAMP server and OT systems with humanmanagement interfaces that are accessible over the Internet via a web interface? (Choose two.)
A. Cross-site scripting
B. Data exfiltration
C. Poor system logging
D. Weak encryption
E. SQL injection
F. Server-side request forgery
A
A company recently transitioned to a strictly BYOD culture due to the cost of replacing lost or damaged
corporate-owned mobile devices.
Which of the following technologies would be BEST to balance the BYOD culture while also protecting
the company's data?
A. Containerization
B. Geofencing
C. Full-disk encryption
D. Remote wipe
D
A Chief Security Office's (CSO's) key priorities are to improve preparation, response, and recovery
practices to minimize system downtime and enhance organizational resilience to ransomware attacks.
Which of the following would BEST meet the CSO's objectives?
A. Use email-filtering software and centralized account management, patch high-risk systems, and
restrict administration privileges on fileshares.
B. Purchase cyber insurance from a reputable provider to reduce expenses during an incident.
C. Invest in end-user awareness training to change the long-term culture and behavior of staff and
executives, reducing the organization's susceptibility to phishing attacks.
D. Implement application whitelisting and centralized event-log management, and perform regular
testing and validation of full backups.
AC
A network engineer has been asked to investigate why several wireless barcode scanners and wireless
computers in a warehouse have intermittent connectivity to the shipping server. The barcode scanners
and computers are all on forklift trucks and move around the warehouse during their regular use.
Which of the following should the engineer do to determine the issue? (Choose two.)
A. Perform a site survey
B. Deploy an FTK Imager
C. Create a heat map
D. Scan for rogue access points
E. Upgrade the security protocols
F. Install a captive portal
C
Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data
processors?
A. SSAE SOC 2
B. PCI DSS
C. GDPR
D. ISO 31000
C
Phishing and spear-phishing attacks have been occurring more frequently against a company's staff.
Which of the following would MOST likely help mitigate this issue?
A. DNSSEC and DMARC
B. DNS query logging
C. Exact mail exchanger records in the DNS
D. The addition of DNS conditional forwarders
EF
On which of the following is the live acquisition of data for forensic analysis MOST dependent? (Choose
two.)
A. Data accessibility
B. Legal hold
C. Cryptographic or hash algorithm
D. Data retention legislation
E. Value and volatility of data
F. Right-to-audit clauses
B
Which of the following incident response steps involves actions to protect critical systems while
maintaining business operations?
A. Investigation
B. Containment
C. Recovery
D. Lessons learned
B
A security auditor is reviewing vulnerability scan data provided by an internal security team.
Which of the following BEST indicates that valid credentials were used?
A. The scan results show open ports, protocols, and services exposed on the target host
B. The scan enumerated software versions of installed programs
C. The scan produced a list of vulnerabilities on the target host
D. The scan identified expired SSL certificates
B
Which of the following BEST explains the difference between a data owner and a data custodian?
A. The data owner is responsible for adhering to the rules for using the data, while the data custodian is
responsible for determining the corporate governance regarding the data
B. The data owner is responsible for determining how the data may be used, while the data custodian is
responsible for implementing the protection to the data
C. The data owner is responsible for controlling the data, while the data custodian is responsible for
maintaining the chain of custody when handling the data
D. The data owner grants the technical permissions for data access, while the data custodian maintains
the database access controls to the data
D
A network engineer needs to build a solution that will allow guests at the company's headquarters to
access the Internet via WiFi. This solution should not allow access to the internal corporate network, but
it should require guests to sign off on the acceptable use policy before accessing the Internet.
Which of the following should the engineer employ to meet these requirements?
A. Implement open PSK on the APs
B. Deploy a WAF
C. Configure WIPS on the APs
D. Install a captive portal
D
Based on the analyst's findings, which of the following attacks is being executed?
A. Credential harvesting
B. Keylogger
C. Brute-force
D. Spraying
C
Which of the following cloud models provides clients with servers, storage, and networks but nothing
else?
A. SaaS
B. PaaS
C. IaaS
D. DaaS
AB
A network administrator needs to build out a new datacenter, with a focus on resiliency and uptime.
Which of the following would BEST meet this objective?(Choose two.)
A. Dual power supply
B. Off-site backups
C. Automatic OS upgrades
D. NIC teaming
E. Scheduled penetration testing
F. Network-attached storage
C
Which of the following network attacks is the researcher MOST likely experiencing?
A. MAC cloning
B. Evil twin
C. Man-in-the-middle
D. ARP poisoning
BD
An organization is developing an authentication service for use at the entry and exit ports of country
borders. The service will use data feeds obtained from passport systems, passenger manifests, and highdefinition video feeds from CCTV systems that are located at the ports.
The service will incorporate machine-learning techniques to eliminate biometric enrollment processes
while still allowing authorities to identify passengers with increasing accuracy over time. The more
frequently passengers travel, the more accurately the service will identify them.
Which of the following biometrics will MOST likely be used, without the need for enrollment? (Choose
two.)
A. Voice
B. Gait
C. Vein
D. Facial
E. Retina
F. Fingerprint
D
An organization needs to implement more stringent controls over administrator/root credentials and
service accounts. Requirements for the project include:
✑ Check-in/checkout of credentials
✑ The ability to use but not know the password
✑ Automated password changes
✑ Logging of access to credentials
Which of the following solutions would meet the requirements?
A. OAuth 2.0
B. Secure Enclave
C. A privileged access management system
D. An OpenID Connect authentication system
A
Several employees return to work the day after attending an industry trade show. That same day, the
security manager notices several malware alerts coming from each of the employee's workstations. The
security manager investigates but finds no signs of an attack on the perimeter firewall or the NIDS.
Which of the following is MOST likely causing the malware alerts?
A. A worm that has propagated itself across the intranet, which was initiated by presentation media
B. A fileless virus that is contained on a vCard that is attempting to execute an attack
C. A Trojan that has passed through and executed malicious code on the hosts
D. A USB flash drive that is trying to run malicious code but is being blocked by the host firewall
A
After reading a security bulletin, a network security manager is concerned that a malicious actor may
have breached the network using the same software flaw.The exploit code is publicly available and has
been reported as being used against other industries in the same vertical.
Which of the following should the network security manager consult FIRST to determine a priority list for
forensic review?
A. The vulnerability scan output
B. The IDS logs
C. The full packet capture data
D. The SIEM alerts
D
A financial organization has adopted a new secure, encrypted document-sharing application to help with
its customer loan process. Some important PII needs to be shared across this new platform, but it is
getting blocked by the DLP systems.
Which of the following actions will BEST allow the PII to be shared with the secure application without
compromising the organization's security posture?
A. Configure the DLP policies to allow all PII
B. Configure the firewall to allow all ports that are used by this application
C. Configure the antivirus software to allow the application
D. Configure the DLP policies to whitelist this application with the specific PII
E. Configure the application to encrypt the PII
C
An auditor is performing an assessment of a security appliance with an embedded OS that was
vulnerable during the last two assessments.
Which of the following BEST explains the appliance's vulnerable state?
A. The system was configured with weak default security settings.
B. The device uses weak encryption ciphers.
C. The vendor has not supplied a patch for the appliance.
D. The appliance requires administrative credentials for the assessment.
C
A company's bank has reported that multiple corporate credit cards have been stolen over the past
several weeks. The bank has provided the names of the affected cardholders to the company's forensics
team to assist in the cyber-incident investigation.An incident responder learns the following information:
✑ The timeline of stolen card numbers corresponds closely with affected users making Internet-based
purchases from diverse websites via enterprise desktopPCs.
✑ All purchase connections were encrypted, and the company uses an SSL inspection proxy for the
inspection of encrypted traffic of the hardwired network. Purchases made with corporate cards over the
corporate guest WiFi network, where no SSL inspection occurs, were unaffected.
Which of the following is the MOST likely root cause?
A. HTTPS sessions are being downgraded to insecure cipher suites
B. The SSL inspection proxy is feeding events to a compromised SIEM
C. The payment providers are insecurely processing credit card charges
D. The adversary has not yet established a presence on the guest WiFi network
BE
A pharmaceutical sales representative logs on to a laptop and connects to the public WiFi to check
emails and update reports.
Which of the following would be BEST to prevent other devices on the network from directly accessing
the laptop? (Choose two.)
A. Trusted Platform Module
B. A host-based firewall
C. A DLP solution
D. Full disk encryption
E. A VPN
F. Antivirus software
C
A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA
to be non-disruptive and user friendly.
Which of the following technologies should the IT manager use when implementing MFA?
A. One-time passwords
B. Email tokens
C. Push notifications
D. Hardware authentication
B
The CSIRT is reviewing the lessons learned from a recent incident. A worm was able to spread
unhindered throughout the network and infect a large number of computers and servers.
Which of the following recommendations would be BEST to mitigate the impacts of a similar incident in
the future?
A. Install a NIDS device at the boundary.
B. Segment the network with firewalls.
C. Update all antivirus signatures daily.
D. Implement application blacklisting.
A
A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company
information on user devices.
Which of the following solutions would BEST support the policy?
A. Mobile device management
B. Full-device encryption
C. Remote wipe
D. Biometrics
B
A development team employs a practice of bringing all the code changes from multiple team members
into the same development project through automation. A tool is utilized to validate the code and track
source code through version control.
Which of the following BEST describes this process?
A. Continuous delivery
B. Continuous integration
C. Continuous validation
D. Continuous monitoring
D
A cybersecurity administrator needs to add disk redundancy for a critical server. The solution must have
a two-drive failure for better fault tolerance.
Which of the following RAID levels should the administrator select?
A. 0
B. 1
C. 5
D. 6
A
Which of the following BEST explains the reason why a server administrator would place a document
named password.txt on the desktop of an administrator account on a server?
A. The document is a honeyfile and is meant to attract the attention of a cyberintruder.
B. The document is a backup file if the system needs to be recovered.
C. The document is a standard file that the OS needs to verify the login credentials.
D. The document is a keylogger that stores all keystrokes should the account be compromised.
B
A small company that does not have security staff wants to improve its security posture.
Which of the following would BEST assist the company?
A. MSSP
B. SOAR
C. IaaS
D. PaaS
C
An organization's help desk is flooded with phone calls from users stating they can no longer access
certain websites. The help desk escalates the issue to the security team, as these websites were
accessible the previous day. The security analysts run the following command: ipconfig /flushdns, but the
issue persists. Finally, an analyst changes the DNS server for an impacted machine, and the issue goes
away.
Which of the following attacks MOST likely occurred on the original DNS server?
A. DNS cache poisoning
B. Domain hijacking
C. Distributed denial-of-service
D. DNS tunneling
C
A cybersecurity manager has scheduled biannual meetings with the IT team and department leaders to
discuss how they would respond to hypothetical cyberattacks. During these meetings, the manager
presents a scenario and injects additional information throughout the session to replicate what might
occur in a dynamic cybersecurity event involving the company, its facilities, its data, and its staff.
Which of the following describes what the manager is doing?
A. Developing an incident response plan
B. Building a disaster recovery plan
C. Conducting a tabletop exercise
D. Running a simulation exercise
C
A RAT that was used to compromise an organization's banking credentials was found on a user's
computer. The RAT evaded antivirus detection. It was installed by a user who has local administrator
rights to the system as part of a remote management tool set.
Which of the following recommendations would BEST prevent this from reoccurring?
A. Create a new acceptable use policy.
B. Segment the network into trusted and untrusted zones.
C. Enforce application whitelisting.
D. Implement DLP at the network boundary.
B
A security analyst is reviewing a new website that will soon be made publicly available. The analyst sees
the following in the URL: http://dev-site.comptia.org/home/show.php?sessionID=77276554&loc=us.
The analyst then sends an internal user a link to the new website for testing purposes, and when the
user clicks the link, the analyst is able to browse the website with the following URL: http://devsite.comptia.org/home/show.php?sessionID=98988475&loc=us
Which of the following application attacks is being tested?
A. Pass-the-hash
B. Session replay
C. Object deference
D. Cross-site request forgery
C
A network administrator has been asked to install an IDS to improve the security posture of an
organization.
Which of the following control types is an IDS?
A. Corrective
B. Physical
C. Detective
D. Administrative
C
Which of the following should be put in place when negotiating with a new vendor about the timeliness
of the response to a significant outage or incident?
A. MOU
B. MTTR
C. SLA
D. NDA
C
A startup company is using multiple SaaS and IaaS platforms to stand up a corporate infrastructure and
build out a customer-facing web application.
Which of the following solutions would be BEST to provide security, manageability, and visibility into the
platforms?
A. SIEM
B. DLP
C. CASB
D. SWG
C
A root cause analysis reveals that a web application outage was caused by one of the company's
developers uploading a newer version of the third-party libraries that were shared among several
applications.
Which of the following implementations would be BEST to prevent the issue from reoccurring?
A. CASB
B. SWG
C. Containerization
D. Automated failover
A
A security administrator suspects there may be unnecessary services running on a server.
Which of the following tools will the administrator MOST likely use to confirm the suspicions?
A. Nmap
B. Wireshark
C. Autopsy
D. DNSEnum
D
A company has drafted an insider-threat policy that prohibits the use of external storage devices.
Which of the following would BEST protect the company from data exfiltration via removable media?
A. Monitoring large data transfer transactions in the firewall logs
B. Developing mandatory training to educate employees about the removable media policy
C. Implementing a group policy to block user access to system files
D. Blocking removable-media devices and write capabilities using a host-based security tool
D
A network administrator has been alerted that web pages are experiencing long load times. After
determining it is not a routing or DNS issue, the administrator logs in to the router, runs a command, and
receives the following output:
(SEE IMAGE)
Which of the following is the router experiencing?
A. DDoS attack
B. Memory leak
C. Buffer overflow
D. Resource exhaustion
C
A company provides mobile devices to its users to permit access to email and enterprise applications.
The company recently started allowing users to select from several different vendors and device models.
When configuring the MDM, which of the following is a key security implication of this heterogeneous
device approach?
A. The most common set of MDM configurations will become the effective set of enterprise mobile
security controls.
B. All devices will need to support SCEP-based enrollment; therefore, the heterogeneity of the chosen
architecture may unnecessarily expose private keys to adversaries.
C. Certain devices are inherently less secure than others, so compensatory controls will be needed to
address the delta between device vendors.
D. MDMs typically will not support heterogeneous deployment environments, so multiple MDMs will
need to be installed and configured.
A
An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against
loss or data theft.
Which of the following would be theMOST acceptable?
A. SED (Self-Encrypting Drive)
B. HSM (Hardware Security Module)
C. DLP (Data Loss Prevention software)
D. TPM (Trusted Platform Module)
C
A security analyst receives a SIEM alert that someone logged in to the appadmin test account, which is
only used for the early detection of attacks. The security analyst then reviews the following application
log:
(SEE IMAGE)
Which of the following can the security analyst conclude?
A. A replay attack is being conducted against the application.
B. An injection attack is being conducted against a user authentication system.
C. A service account password may have been changed, resulting in continuous failed logins within the
application.
D. A credentialed vulnerability scanner attack is testing several CVEs against the application.
D
In which of the following situations would it be BEST to use a detective control type for mitigation?
A. A company implemented a network load balancer to ensure 99.999% availability of its web
application.
B. A company designed a backup solution to increase the chances of restoring services in case of a
natural disaster.
C. A company purchased an application-level firewall to isolate traffic between the accounting
department and the information technology department.
D. A company purchased an IPS system, but after reviewing the requirements, the appliance was
supposed to monitor, not block, any traffic.
E. A company purchased liability insurance for flood protection on all capital assets.
D
The IT department's on-site developer has been with the team for many years. Each time an application
is released, the security team is able to identify multiple vulnerabilities.
Which of the following would BEST help the team ensure the application is ready to be released to
production?
A. Limit the use of third-party libraries.
B. Prevent data exposure queries.
C. Obfuscate the source code.
D. Submit the application to QA before releasing it.
A - OAuth is for 3rd parties, whereas SAML uses SSO to federate users across an organization's inner
functions.
A cybersecurity analyst needs to implement secure authentication to third-party websites without users'
passwords.
Which of the following would be the BEST way to achieve this objective?
A. OAuth
B. SSO
C. SAML
D. PAP
B
An analyst needs to identify the applications a user was running and the files that were open before the
user's computer was shut off by holding down the power button.
Which of the following would MOST likely contain that information?
A. NGFW
B. Pagefile
C. NetFlow
D. RAM
A
A remote user recently took a two-week vacation abroad and brought along a corporate-owned laptop.
Upon returning to work, the user has been unable to connect the laptop to the VPN.
Which of the following is the MOST likely reason for the user's inability to connect the laptop to the
VPN?
A. Due to foreign travel, the user's laptop was isolated from the network.
B. The user's laptop was quarantined because it missed the latest path update.
C. The VPN client was blacklisted.
D. The user's account was put on a legal hold.
A
In which of the following common use cases would steganography be employed?
A. Obfuscation
B. Integrity
C. Non-repudiation
D. Blockchain
C
To secure an application after a large data breach, an e-commerce site will be resetting all users'
credentials.
Which of the following will BEST ensure the site's users are not compromised after the reset?
A. A password reuse policy
B. Account lockout after three failed attempts
C. Encrypted credentials in transit
D. A geofencing policy based on login history
A
In which of the following risk management strategies would cybersecurity insurance be used?
A. Transference
B. Avoidance
C. Acceptance
D. Mitigation
D
An organization has implemented a policy requiring the use of conductive metal lockboxes for personal
electronic devices outside of a secure research lab.
Which of the following did the organization determine to be the GREATEST risk to intellectual property
when creating this policy?
A. The theft of portable electronic devices
B. Geotagging in the metadata of images
C. Bluesnarfing of mobile devices
D. Data exfiltration over a mobile hotspot
C
A security analyst is using a recently released security advisory to review historical logs, looking for the
specific activity that was outlined in the advisory.
Which of the following is the analyst doing?
A. A packet capture
B. A user behavior analysis
C. Threat hunting
D. Credentialed vulnerability scanning
D
Which of the following would MOST likely support the integrity of a voting machine?
A. Asymmetric encryption
B. Blockchain
C. Transport Layer Security
D. Perfect forward secrecy
B
A Chief Information Security Officer (CISO) needs to create a policy set that meets international
standards for data privacy and sharing.
Which of the following should the CISO read and understand before writing the policies?
A. PCI DSS
B. GDPR
C. NIST
D. ISO 31000
B
The IT department at a university is concerned about professors placing servers on the university
network in an attempt to bypass security controls.
Which of the following BEST represents this type of threat?
A. A script kiddie
B. Shadow IT
C. Hacktivism
D. White-hat
B
A commercial cyber-threat intelligence organization observes IoCs across a variety of unrelated
customers.
Prior to releasing specific threat intelligence to other paid subscribers, the organization is MOST likely
obligated by contracts to:
A. perform attribution to specific APTs and nation-state actors.
B. anonymize any PII that is observed within the IoC data.
C. add metadata to track the utilization of threat intelligence reports.
D. assist companies with impact assessments based on the observed data.
A
While checking logs, a security engineer notices a number of end users suddenly downloading files with
the .tar.gz extension. Closer examination of the files reveals they are PE32 files. The end users state they
did not initiate any of the downloads. Further investigation reveals the end users all clicked on an
external email containing an infected MHT file with an href link a week prior.
Which of the following is MOST likely occurring?
A. A RAT was installed and is transferring additional exploit tools.
B. The workstations are beaconing to a command-and-control server.
C. A logic bomb was executed and is responsible for the data transfers.
D. A fireless virus is spreading in the local network environment.
C
An organization is developing a plan in the event of a complete loss of critical systems and data.
Which of the following plans is the organization MOST likely developing?
A. Incident response
B. Communications
C. Disaster recovery
D. Data retention
C
Which of the following is the purpose of a risk register?
A. To define the level or risk using probability and likelihood
B. To register the risk with the required regulatory agencies
C. To identify the risk, the risk owner, and the risk measures
D. To formally log the type of risk mitigation strategy the organization is using
AD
A university with remote campuses, which all use different service providers, loses Internet connectivity
across all locations. After a few minutes, Internet and VoIP services are restored, only to go offline again
at random intervals, typically within four minutes of services being restored. Outages continue
throughout the day, impacting all inbound and outbound connections and services. Services that are
limited to the local LAN or WiFi network are not impacted, but all WAN and VoIP services are
affected.Later that day, the edge-router manufacturer releases a CVE outlining the ability of an attacker
to exploit the SIP protocol handling on devices, leading to resource exhaustion and system reloads.
Which of the following BEST describe this type of attack? (Choose two.)
A. DoS
B. SSL stripping
C. Memory leak
D. Race condition
E. Shimming
F. Refactoring
A
A company recently set up an e-commerce portal to sell its product online. The company wants to start
accepting credit cards for payment, which requires compliance with a security standard.
Which of the following standards must the company comply with before accepting credit cards on its ecommerce platform?
A. PCI DSS
B. ISO 22301
C. ISO 27001
D. NIST CSF
B
Which of the following BEST describes a security exploit for which a vendor patch is not readily
available?
A. Integer overflow
B. Zero-day
C. End of life
D. Race condition
B
The Chief Financial Officer (CFO) of an insurance company received an email from Ann, the company's
Chief Executive Officer (CEO), requesting a transfer of$10,000 to an account. The email states Ann is on
vacation and has lost her purse, containing cash and credit cards.
Which of the following social-engineering techniques is the attacker using?
A. Phishing
B. Whaling
C. Typo squatting
D. Pharming
B
An organization wants to implement a third factor to an existing multifactor authentication. The
organization already uses a smart card and password.
Which of the following would meet the organization's needs for a third factor?
A. Date of birth
B. Fingerprints
C. PIN
D. TPM
C
An employee has been charged with fraud and is suspected of using corporate assets.
As authorities collect evidence, and to preserve the admissibility of the evidence, which of the following
forensic techniques should be used?
A. Order of volatility
B. Data recovery
C. Chain of custody
D. Non-repudiation
B
A company wants to deploy PKI on its Internet-facing website. The applications that are currently
deployed are:
✑ www.company.com (main website)
✑ contactus.company.com (for locating a nearby location)
✑ quotes.company.com (for requesting a price quote)
The company wants to purchase one SSL certificate that will work for all the existing applications and any
future applications that follow the same naming conventions, such as store.company.com.
Which of the following certificate types would BEST meet the requirements?
A. SAN
B. Wildcard
C. Extended validation
D. Self-signed
B
A Chief Security Officer (CSO) is concerned about the amount of PII that is stored locally on each
salesperson's laptop. The sales department has a higher-than- average rate of lost equipment.
Which of the following recommendations would BEST address the CSO's concern?
A. Deploy an MDM solution.
B. Implement managed FDE.
C. Replace all hard drives with SEDs.
D. Install DLP agents on each laptop.
B
A user contacts the help desk to report the following:✑ Two days ago, a pop-up browser window
prompted the user for a name and password after connecting to the corporate wireless SSID. This had
never happened before, but the user entered the information as requested.✑ The user was able to
access the Internet but had trouble accessing the department share until the next day.✑ The user is now
getting notifications from the bank about unauthorized transactions.
Which of the following attack vectors was MOST likely used in this scenario?
A. Rogue access point
B. Evil twin
C. DNS poisoning
D. ARP poisoning
A
A host was infected with malware. During the incident response, Joe, a user, reported that he did not
receive any emails with links, but he had been browsing theInternet all day.
Which of the following would MOST likely show where the malware originated?
A. The DNS logs
B. The web server logs
C. The SIP traffic logs
D. The SNMP logs
A
A recently discovered zero-day exploit utilizes an unknown vulnerability in the SMB network protocol to
rapidly infect computers. Once infected, computers are encrypted and held for ransom.
Which of the following would BEST prevent this attack from reoccurring?
A. Configure the perimeter firewall to deny inbound external connections to SMB ports.
B. Ensure endpoint detection and response systems are alerting on suspicious SMB connections.
C. Deny unauthenticated users access to shared network folders.
D. Verify computers are set to install monthly operating system, updates automatically.
C
Joe, an employee, receives an email stating he won the lottery. The email includes a link that requests a
name, mobile phone number, address, and date of birth be provided to confirm Joe's identity before
sending him the prize.
Which of the following BEST describes this type of email?
A. Spear phishing
B. Whaling
C. Phishing
D. Vishing
A
Which of the following refers to applications and systems that are used within an organization without
consent or approval?
A. Shadow IT
B. OSINT
C. Dark web
D. Insider threats
A
A manufacturer creates designs for very high security products that are required to be protected and
controlled by the government regulations. These designs are not accessible by corporate networks or the
Internet.
Which of the following is the BEST solution to protect these designs?
A. An air gap
B. A Faraday cage
C. A shielded cable
D. A demilitarized zone
D
A company processes highly sensitive data and senior management wants to protect the sensitive data
by utilizing classification labels.
Which of the following access control schemes would be BEST for the company to implement?
A. Discretionary
B. Rule-based
C. Role-based
D. Mandatory
C
Which of the following policies would help an organization identify and mitigate potential single points
of failure in the company's IT/security operations?
A. Least privilege
B. Awareness training
C. Separation of duties
D. Mandatory vacation
A
Which of the following would be the BEST method for creating a detailed diagram of wireless access
points and hotspots?
A. Footprinting
B. White-box testing
C. A drone/UAV
D. Pivoting
AB
A user enters a password to log in to a workstation and is then prompted to enter an authentication
code.
Which of the following MFA factors or attributes are being utilized in the authentication process?
(Choose two.)
A. Something you know
B. Something you have
C. Somewhere you are
D. Someone you know
E. Something you are
F. Something you can do
A
When selecting a technical solution for identity management, an architect chooses to go from an inhouse solution to a third-party SaaS provider.
Which of the following risk management strategies is this an example of?
A. Transference
B. Avoidance
C. Acceptance
D. Mitigation
D
A website developer is working on a new e-commerce website and has asked an information security
expert for the most appropriate way to store credit card numbers to create an easy reordering process.
Which of the following methods would BEST accomplish this goal?
A. Salting the magnetic strip information
B. Encrypting the credit card information in transit
C. Hashing the credit card numbers upon entry
D. Tokenizing the credit cards in the database
C
A company recently experienced a data breach and the source was determined to be an executive who
was charging a phone in a public area.
Which of the following would MOST likely have prevented this breach?
A. A firewall
B. A device pin
C. A USB data blocker
D. Biometrics
C
An analyst visits an Internet forum looking for information about a tool. The analyst finds a thread that
appears to contain relevant information. One of the posts says the following:
(SEE IMAGE)
Which of the following BEST describes the attack that was attempted against the forum readers?
A. SQLi attack
B. DLL attack
C. XSS attack
D. API attack
C
A network administrator would like to configure a site-to-site VPN utilizing IPsec. The administrator
wants the tunnel to be established with data integrity, encryption, authentication, and anti-replay
functions.
Which of the following should the administrator use when configuring the VPN?
A. AH (Authentication Header)
B. EDR (Endpoint Detection and Response)
C. ESP (Encapsulating Security Payload)
D. DNSSEC (Domain Naming System Security Extensions)
BE
Users have been issued smart cards that provide physical access to a building. The cards also contain
tokens that can be used to access information systems.Users can log in to any thin client located
throughout the building and see the same desktop each time.
Which of the following technologies are being utilized to provide these capabilities? (Choose two.)
A. COPE
B. VDI
C. GPS
D. TOTP
E. RFID
F. BYOD
D
The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve security in
the environment and protect patient data, particularly at shared terminals. The Chief Risk Officer (CRO)
is concerned that training and guidance have not been provided to frontline staff, and a risk analysis has
not been performed.
Which of the following is the MOST likely cause of the CRO's concerns?
A. SSO would simplify username and password management, making it easier for hackers to guess
accounts.
B. SSO would reduce password fatigue, but staff would still need to remember more complex passwords.
C. SSO would reduce the password complexity for frontline staff.
D. SSO would reduce the resilience and availability of systems if the identity provider goes offline.
B
A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of
power surge of power surge or other fault situation. The switch was installed on a wired network in a
hospital and is monitored by the facilities department via a cloud application. The security administrator
isolated the switch on a separate VLAN and set up a patching routine.
Which of the following steps should also be taken to harden the smart switch?
A. Set up an air gap for the switch.
B. Change the default password for the switch.
C. Place the switch in a Faraday cage.
D. Install a cable lock on the switch.
D
A cybersecurity administrator has a reduced team and needs to operate an on-premises network and
security infrastructure efficiently. To help with the situation, the administrator decides to hire a service
provider.
Which of the following should the administrator use?
A. SDP
B. AAA
C. IaaS
D. MSSP (Managed Security Services Provider)
E. Microservices
D
A security assessment determines DES and 3DES are still being used on recently deployed production
servers.
Which of the following did the assessment identify?
A. Unsecure protocols
B. Default settings
C. Open permissions
D. Weak encryption
A
Which of the following types of controls is a turnstile?
A. Physical
B. Detective
C. Corrective
D. Technical
A
Which of the following describes the BEST approach for deploying application patches?
A. Apply the patches to systems in a testing environment, then to systems in a staging environment, and
finally to production systems.
B. Test the patches in a staging environment, develop against them in the development environment,
and then apply them to the production systems.
C. Test the patches in a test environment, apply them to the production systems, and then apply them to
a staging environment.
D. Apply the patches to the production systems, apply them in a staging environment, and then test all of
them in a testing environment.
E
A security analyst is investigating an incident that was first reported as an issue connecting to network
shares and the Internet. While reviewing logs and tool output, the analyst sees the following:
(SEE IMAGE)
Which of the following attacks has occurred?
A. IP conflict
B. Pass-the-hash
C. MAC flooding
D. Directory traversal
E. ARP poisoning
D
After entering a username and password, an administrator must draw a gesture on a touch screen.
Which of the following demonstrates what the administrator is providing?
A. Multifactor authentication
B. Something you can do
C. Biometrics
D. Two-factor authentication
D
An organization suffered an outage, and a critical system took 90 minutes to come back online. Though
there was no data loss during the outage, the expectation was that the critical system would be available
again within 60 minutes.
Which of the following is the 60-minute expectation an example of?
A. MTBF
B. RPO
C. MTTR
D. RTO
C
Joe, a user at a company, clicked an email links that led to a website that infected his workstation. Joe
was connected to the network, and the virus spread to the network shares. The protective measures
failed to stop this virus, and it has continued to evade detection.
Which of the following should a security administrator implement to protect the environment from this
malware?
A. Install a definition-based antivirus.
B. Implement an IDS/IPS
C. Implement a heuristic behavior-detection solution.
D. Implement CASB to protect the network shares.
C
An organization is concerned that its hosted web servers are not running the most updated version of
the software.
Which of the following would work BEST to help identify potential vulnerabilities?
A. hping3 -S comptia.org -p 80
B. nc -l -v comptia.org -p 80
C. nmap comptia.org -p 80 -sV
D. nslookup -port=80 comptia.org
D
A retail executive recently accepted a job with a major competitor. The following week, a security analyst
reviews the security logs and identifies successful logon attempts to access the departed executive's
accounts.
Which of the following security practices would have addressed the issue?
A. A non-disclosure agreement
B. Least privilege
C. An acceptable use policy
D. Offboarding
A
A security analyst is performing a forensic investigation involving compromised account credentials.
Using the Event Viewer, the analyst was able to detect the following message: "Special privileges
assigned to new logon." Several of these messages did not have a valid logon associated with the user
before these privileges were assigned.
Which of the following attacks is MOST likely being detected?
A. Pass-the-hash attack
B. Buffer overflow
C. Cross-site scripting
D. Session replay
B
A systems administrator needs to implement an access control scheme that will allow an object's access
policy to be determined by its owner.
Which of the following access control schemes BEST fits the requirements?
A. Role-based access control
B. Discretionary access control
C. Mandatory access control
D. Attribute-based access control
B
A cybersecurity analyst reviews the log files from a web server and sees a series of files that indicate a
directory-traversal attack has occurred. Which of the following is the analyst MOST likely seeing?
A. http://sample.url.com/script Please-Visit-Our-Phishing-Site script
B. http://sample.url.com/someotherpageonsite/../../../etc/shadow
C. http://sample.url.com/select-from-database-where-password-null
D. http://redirect.sameple.url.sampleurl.com/malicious-dns-redirect
D
A company has limited storage space available and an online presence that cannot be down for more
than four hours.
Which of the following backup methodologies should the company implement to allow for the FASTEST
database restore time in the event of a failure, while being mindful of the limited available storage
space?
A. Implement full tape backups every Sunday at 8:00 p.m. and perform nightly tape rotations.
B. Implement differential backups every Sunday at 8:00 p.m. and nightly incremental backups at 8:00
p.m.
C. Implement nightly full backups every Sunday at 8:00 p.m.
D. Implement full backups every Sunday at 8:00 p.m. and nightly differential backups at 8:00 p.m.
C
An organization has a growing workforce that is mostly driven by additions to the sales department. Each
newly hired salesperson relies on a mobile device to conduct business. The Chief Information Officer
(CIO) is wondering if the organization may need to scale down just as quickly as it scaled up. The CIO is
also concerned about the organization's security and customer privacy.
Which of the following would be BEST to address the CIO's concerns?
A. Disallow new hires from using mobile devices for six months.
B. Select four devices for the sales department to use in a CYOD model.
C. Implement BYOD for the sales department while leveraging the MDM.
D. Deploy mobile devices using the COPE methodology.
C
A malicious actor recently penetrated a company's network and moved laterally to the datacenter. Upon
investigation, a forensics firm wants to know what was in the memory on the compromised server.
Which of the following files should be given to the forensics firm?
A. Security
B. Application
C. Dump
D. Syslog
A
A public relations team will be taking a group of guests on a tour through the facility of a large ecommerce company. The day before the tour, the company sends out an email to employees to ensure
all whiteboards are cleaned and all desks are cleared.
The company is MOST likely trying to protect against:
A. loss of proprietary information.
B. damage to the company's reputation.
C. social engineering.
D. credential exposure.
D
The manager who is responsible for a data set has asked a security engineer to apply encryption to the
data on a hard disk. The security engineer is an example of a:
A. data controller.
B. data owner.
C. data custodian.
D. data processor.
A
A network engineer is troubleshooting wireless network connectivity issues that were reported by users.
The issues are occurring only in the section of the building that is closest to the parking lot. Users are
intermittently experiencing slow speeds when accessing websites and are unable to connect to network
drives. The issues appear to increase when laptop users return to their desks after using their devices in
other areas of the building. There have also been reports of users being required to enter their
credentials on web pages in order to gain access to them.
Which of the following is the MOST likely cause of this issue?
A. An external access point is engaging in an evil-twin attack.
B. The signal on the WAP needs to be increased in that section of the building.
C. The certificates have expired on the devices and need to be reinstalled.
D. The users in that section of the building are on a VLAN that is being blocked by the firewall.
D
A security administrator needs to create a RAID configuration that is focused on high read speeds and
fault tolerance. It is unlikely that multiple drives will fail simultaneously.
Which of the following RAID configurations should the administrator use?
A. RAID 0
B. RAID 1
C. RAID 5
D. RAID 10
B
A company's Chief Information Officer (CIO) is meeting with the Chief Information Security Officer (CISO)
to plan some activities to enhance the skill levels of the company's developers.
Which of the following would be MOST suitable for training the developers?
A. A capture-the-flag competition
B. A phishing simulation
C. Physical security training
D. Basic awareness training
B
A security analyst needs to generate a server certificate to be used for 802.1X and secure RDP
connections. The analyst is unsure what is required to perform the task and solicits help from a senior
colleague.
Which of the following is the FIRST step the senior colleague will most likely tell the analyst to perform to
accomplish this task?
A. Create an OCSP (Online Certificate Status Protocol)
B. Generate a CSR. (Certificate Signing Request)
C. Create a CRL. (Certificate Revocation List)
D. Generate a .pfx file.
C
Under GDPR, which of the following is MOST responsible for the protection of privacy and website user
rights?
A. The data protection officer
B. The data processor
C. The data owner
D. The data controller
A
A small business just recovered from a ransomware attack against its file servers by purchasing the
decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator
wants to ensure it does not happen again.
Which of the following should the IT administrator do FIRST after recovery?
A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a
frequent basis.
B. Restrict administrative privileges and patch all systems and applications.
C. Rebuild all workstations and install new antivirus software.
D. Implement application whitelisting and perform user application hardening.
D
A global pandemic is forcing a private organization to close some business units and reduce staffing at
others.
Which of the following would be BEST to help the organization's executives determine their next course
of action?
A. An incident response plan
B. A communications plan
C. A disaster recovery plan
D. A business continuity plan
B
Which of the following describes the ability of code to target a hypervisor from inside a guest OS?
A. Fog computing
B. VM escape
C. Software-defined networking
D. Image forgery
E. Container breakout
A
After a ransomware attack, a forensics company needs to review a cryptocurrency transaction between
the victim and the attacker.
Which of the following will the company MOST likely review to trace this transaction?
A. The public ledger (record keeping system)
B. The NetFlow data
C. A checksum
D. The event log
D
During an incident response, a security analyst observes the following log entry on the web server:
(SEE IMAGE)
Which of the following BEST describes the type of attack the analyst is experiencing?
A. SQL injection
B. Cross-site scripting
C. Pass-the-hash
D. Directory traversal
C
Which of the following ISO standards is certified for privacy?
A. ISO 9001
B. ISO 27002
C. ISO 27701
D. ISO 31000
C
A document that appears to be malicious has been discovered in an email that was sent to a company's
Chief Financial Officer (CFO).
Which of the following would be BEST to allow a security analyst to gather information and confirm it is a
malicious document without executing any code it may contain?
A. Open the document on an air-gapped network.
B. View the document's metadata for origin clues.
C. Search for matching file hashes on malware websites.
D. Detonate the document in an analysis sandbox.
B
A security analyst is running a vulnerability scan to check for missing patches during a suspected security
incident.
During which of the following phases of the response process is this activity MOST likely occurring?
A. Containment
B. Identification
C. Recovery
D. Preparation
A
Which of the following is a team of people dedicated to testing the effectiveness of organizational
security programs by emulating the techniques of potential attackers?
A. Red team
B. White team
C. Blue team
D. Purple team
B
A security analyst discovers that a company's username and password database was posted on an
Internet forum. The usernames and passwords are stored in plain text.
Which of the following would mitigate the damage done by this type of data exfiltration in the future?
A. Create DLP controls that prevent documents from leaving the network.
B. Implement salting and hashing.
C. Configure the web content filter to block access to the forum.
D. Increase password complexity requirements.
AC
Which of the following are requirements that must be configured for PCI DSS compliance? (Choose two.)
A. Testing security systems and processes regularly
B. Installing and maintaining a web proxy to protect cardholder data
C. Assigning a unique ID to each person with computer access
D. Encrypting transmission of cardholder data across private networks
E. Benchmarking security awareness training for contractors
F. Using vendor-supplied default passwords for system passwords
C
A security analyst needs to be proactive in understanding the types of attacks that could potentially
target the company's executives.
Which of the following intelligence sources should the security analyst review?
A. Vulnerability feeds
B. Trusted automated exchange of indicator information
C. Structured threat information expression (STIX)
D. Industry information-sharing and collaboration groups
D
A security audit has revealed that a process control terminal is vulnerable to malicious users installing
and executing software on the system. The terminal is beyond end-of-life support and cannot be
upgraded, so it is placed on a protected network segment.
Which of the following would be MOST effective to implement to further mitigate the reported
vulnerability?
A. DNS sinkholing
B. DLP rules on the terminal
C. An IP blacklist
D. Application whitelisting
B
A user recently entered a username and password into a recruiting application website that had been
forged to look like the legitimate site. Upon investigation, a security analyst identifies the following:✑
The legitimate website's IP address is 10.1.1.20 and eRecruit.local resolves to this IP.✑ The forged
website's IP address appears to be 10.2.12.99, based on NetFlow records.✑ All three of the
organization's DNS servers show the website correctly resolves to the legitimate IP.✑ DNS query logs
show one of the three DNS servers returned a result of 10.2.12.99 (cached) at the approximate time of
the suspected compromise.
Which of the following MOST likely occurred?
A. A reverse proxy was used to redirect network traffic.
B. An SSL strip MITM attack was performed.
C. An attacker temporarily poisoned a name server.
D. An ARP poisoning attack was successfully executed.
D
An organization has hired a security analyst to perform a penetration test. The analyst captures 1Gb
worth of inbound network traffic to the server and transfers the pcap back to the machine for analysis.
Which of the following tools should the analyst use to further review the pcap file?
A. Nmap
B. cURL
C. Netcat
D. Wireshark
B
A company uses wireless for all laptops and keeps a very detailed record of its assets, along with a
comprehensive list of devices that are authorized to be on the wireless network. The Chief Information
Officer (CIO) is concerned about a script kiddie potentially using an unauthorized device to brute force
the wireless PSK and obtain access to the internal network.
Which of the following should the company implement to BEST prevent this from occurring?
A. A BPDU guard
B. WPA-EAP
C. IP filtering
D. A WIDS
D
A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because
the score allows the organization to better:
A. validate the vulnerability exists in the organization's network through penetration testing.
B. research the appropriate mitigation techniques in a vulnerability database.
C. find the software patches that are required to mitigate a vulnerability.
D. prioritize remediation of vulnerabilities based on the possible impact.
D
A security engineer is reviewing log files after a third party discovered usernames and passwords for the
organization's accounts. The engineer sees there was a change in the IP address for a vendor website
one week earlier. This change lasted eight hours.
Which of the following attacks was MOST likely used?
A. Man-in-the-middle
B. Spear phishing
C. Evil twin
D. DNS poisoning
E
A company recently moved sensitive videos between on-premises, company-owned websites. The
company then learned the videos had been uploaded and shared to the Internet.
Which of the following would MOST likely allow the company to find the cause?
A. Checksums
B. Watermarks
C. Order of volatility
D. A log analysis
E. A right-to-audit clause
A
A large industrial system's smart generator monitors the system status and sends alerts to third-party
maintenance personnel when critical failures occur. While reviewing the network logs, the company's
security manager notices the generator's IP is sending packets to an internal file server's IP.
Which of the following mitigations would be BEST for the security manager to implement while
maintaining alerting capabilities?
A. Segmentation
B. Firewall whitelisting
C. Containment
D. Isolation
B
Which of the following allows for functional test data to be used in new systems for testing and training
purposes to protect the real data?
A. Data encryption
B. Data masking
C. Data deduplication
D. Data minimization
A
A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries.
The consultant will be using a service account to scan systems with administrative privileges on a weekly
basis, but there is a concern that hackers could gain access to the account and pivot throughout the
global network.
Which of the following would be BEST to help mitigate this concern?
A. Create different accounts for each region, each configured with push MFA notifications.
B. Create one global administrator account and enforce Kerberos authentication.
C. Create different accounts for each region, limit their logon times, and alert on risky logins.
D. Create a guest account for each region, remember the last ten passwords, and block password reuse.
B
A software developer needs to perform code-execution testing, black-box testing, and non-functional
testing on a new product before its general release.
Which of the following BEST describes the tasks the developer is conducting?
A. Verification
B. Validation
C. Normalization
D. Staging
D
A security analyst is configuring a large number of new company-issued laptops. The analyst received the
following requirements:
✑ The devices will be used internationally by staff who travel extensively.
✑ Occasional personal use is acceptable due to the travel requirements.
✑ Users must be able to install and configure sanctioned programs and productivity suites.
✑ The devices must be encrypted.
✑ The devices must be capable of operating in low-bandwidth environments.
Which of the following would provide the GREATEST benefit to the security posture of the devices?
A. Configuring an always-on VPN
B. Implementing application whitelisting
C. Requiring web traffic to pass through the on-premises content filter
D. Setting the antivirus DAT update schedule to weekly
B
An organization has decided to host its web application and database in the cloud.
Which of the following BEST describes the security concerns for this decision?
A. Access to the organization's servers could be exposed to other cloud-provider clients.
B. The cloud vendor is a new attack vector within the supply chain.
C. Outsourcing the code development adds risk to the cloud provider.
D. Vendor support will cease when the hosting platforms reach EOL.
Hide Solution Discussion 2
C
An organization that is located in a flood zone is MOST likely to document the concerns associated with
the restoration of IT operations in a:
A. business continuity plan.
B. communications plan.
C. disaster recovery plan.
D. continuity of operations plan.
D
A user received an SMS on a mobile phone that asked for bank details.
Which of the following social-engineering techniques was used in this case?
A. SPIM
B. Vishing
C. Spear phishing
D. Smishing
A
Company engineers regularly participate in a public Internet forum with other engineers throughout the
industry.
Which of the following tactics would an attacker MOST likely use in this scenario?
A. Watering-hole attack
B. Credential harvesting
C. Hybrid warfare
D. Pharming
CE
Which of the following will provide the BEST physical security countermeasures to stop intruders?
(Choose two.)
A. Alarms
B. Signage
C. Lighting
D. Mantraps
E. Fencing
F. Sensors
D
A security analyst is looking for a solution to help communicate to the leadership team the severity levels
of the organization's vulnerabilities.
Which of the following would BEST meet this need?
A. CVE
B. SIEM
C. SOAR
D. CVSS
D
A security incident may have occurred on the desktop PC of an organization's Chief Executive Officer
(CEO). A duplicate copy of the CEO's hard drive must be stored securely to ensure appropriate forensic
processes and the chain of custody are followed.
Which of the following should be performed to accomplish this task?
A. Install a new hard drive in the CEO's PC, and then remove the old hard drive and place it in a tamperevident bag.
B. Connect a write blocker to the hard drive. Then, leveraging a forensic workstation, utilize the dd
command in a live Linux environment to create a duplicate copy.
C. Remove the CEO's hard drive from the PC, connect to the forensic workstation, and copy all the
contents onto a remote file share while the CEO watches.
D. Refrain from completing a forensic analysis of the CEO's hard drive until after the incident is
confirmed; duplicating the hard drive at this stage could destroy evidence.
AE
The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to
work from home anytime during business hours, including during a pandemic or crisis. However, the CEO
is concerned that some staff members may take advantage of the flexibility and work from high-risk
countries while on holiday or outsource work to a third-party organization in another country. The Chief
Information Officer (CIO) believes the company can implement some basic controls to mitigate the
majority of the risk.
Which of the following would be BEST to mitigate the CEO's concerns? (Choose two.)
A. Geolocation
B. Time-of-day restrictions
C. Certificates
D. Tokens
E. Geotagging
F. Role-based access controls
F
In the middle of a cyberattack, a security engineer removes the infected devices from the network and
locks down all compromised accounts. In which of the following incident response phases is the security
engineer currently operating?
A. Identification
B. Preparation
C. Lessons learned
D. Eradication
E. Recovery
F. Containment
A
The SOC is reviewing processes and procedures after a recent incident. The review indicates it took more
than 30 minutes to determine that quarantining an infected host was the best course of action. This
allowed the malware to spread to additional hosts before it was contained.
Which of the following would be BEST to improve the incident response process?
A. Updating the playbooks with better decision points
B. Dividing the network into trusted and untrusted zones
C. Providing additional end-user training on acceptable use
D. Implementing manual quarantining of infected hosts
C
A security analyst is reviewing the following attack log output:
(SEE IMAGE)
Which of the following types of attacks does this MOST likely represent?
A. Rainbow table
B. Brute-force
C. Password-spraying
D. Dictionary
C
A network administrator is setting up wireless access points in all the conference rooms and wants to
authenticate devices using PKI.
Which of the following should the administrator configure?
A. A captive portal
B. PSK
C. 802.1X
D. WPS
See more
Students also viewed
Security+ Cert Exam Objectives SYO-601
786 terms
Profile Picture
jeffrey_baker
Security+ (SY0-601) Acronym List
358 terms
Profile Picture
arthur_lukyanovskiy
CompTIA Security+ SY0-601 Practice Questions.
150 terms
Profile Picture
JT_Collett
Security + 601: Ports
35 terms
Profile Picture
ATaylorII
Recent flashcard sets
Midterm study guide
86 terms
Profile Picture
addison1040
Constituição de 1988
7 terms
Profile Picture
laracristina_melo
NHẬN BIẾT GIỐNG DANH TỪ TIẾNG ĐỨC,.
8 terms
Profile Picture
GoToDeutschland112
Module 4 Blueprint
2 terms
Profile Picture
lindsaypellerite
Sets found in the same folder
CompTIA Security+ (SY0-601)
200 terms
Profile Picture
examsdigest
Teacher
Security+ (SY0-601) Acronym List
358 terms
Profile Picture
arthur_lukyanovskiy
Security+ Cert Exam Objectives SYO-601
786 terms
Profile Picture
jeffrey_baker
Security+ SY0-601
85 terms
Profile Picture
Brantly_Bemis8
Other sets by this creator
DoD Marking Classified Information (2023)
20 terms
Profile Picture
WieldyStone2
CYSA+ CS0-002 Study Set 10/2022
483 terms
Profile Picture
WieldyStone2
2022 NEW 8/22 AUGUST CCSP EXAM STUDY 480 Udem…
37 terms
Profile Picture
WieldyStone2
2022 BEST Security+ SY0-601 EXAM STUDY
276 terms
Images
Profile Picture
WieldyStone2
Verified questions
Other
Why do you think some workplaces have adopted more casual dress codes?
Verified answer
Other
Of the different methods available for buying clothes, which do you think is most likely to lead to
overspending? Why?
Verified answer
Other
Should you wear your most formal outfit to a job interview? Why or why not?
Verified answer
Other
Does a classic style ever change? Explain.
Verified answer
1/5
About us
About Quizlet
How Quizlet works
Careers
Advertise with us
News
Get the app
For students
Flashcards
Learn
Solutions
Modern Learning Lab
For teachers
Live
Checkpoint
Blog
Be the Change
Resources
Help center
Honor code
Community guidelines
Privacy
Terms
Ad and Cookie Policy
Language
English (USA)
© 2023 Quizlet, Inc.
COPPA Safe Harbor Certification seal
Home
Your library
Expert solutions
Study sets, textbooks, questions
Profile Picture
Upgrade: free 7-day trial
Security+ 601 Practice Questions
Study
Security+ 601 Practice Questions
10 studiers today
Leave the first rating
Flashcards
Learn
Test
Match
An international company is expanding it services and is creating several new servers to store customer
data. Of the options listed below, which would likely contain an outline of roles/responsibilities for data
controllers/processors that the company should follow?
A.ISO 31000 International risk management best practices
B.GDPR The European Union’s regulation that states that personal data cannot be collected or processed
without the individual’s informed consent.
C.PCI DSS Outlines how credit card/bank info must be safely managed.
D.SSAE SOC2 An audit/test that reports on an organization’s controls relative to the CIA triad.
The question is somewhat vague, so we will want a generalized answer. The GDPR (General Data
Protection Regulation) is most likely to outline responsibilities for data controllers/processors/users.
B.GDPR The European Union’s regulation that states that personal data cannot be collected or processed
without the individual’s informed consent.
1 / 163
Profile Picture
Created by
Veljulisa
Textbook solutions for this set
CCNA Guide to Cisco Networking Fundamentals 4th Edition by Anthony V Chiarella, Kelly Cannon, Kelly
Caudle
CCNA Guide to Cisco Networking Fundamentals
4th Edition•ISBN: 9781285414348
Anthony V Chiarella, Kelly Cannon, Kelly Caudle
Physics for Scientists and Engineers: A Strategic Approach with Modern Physics 4th Edition by Randall D.
Knight
Physics for Scientists and Engineers: A Strategic Approach with Modern Physics
4th Edition•ISBN: 9780133942651 (5 more)
Randall D. Knight
3,508 solutions
Search for a textbook or question
Terms in this set (163)
Original
An international company is expanding it services and is creating several new servers to store customer
data. Of the options listed below, which would likely contain an outline of roles/responsibilities for data
controllers/processors that the company should follow?
A.ISO 31000 International risk management best practices
B.GDPR The European Union’s regulation that states that personal data cannot be collected or processed
without the individual’s informed consent.
C.PCI DSS Outlines how credit card/bank info must be safely managed.
D.SSAE SOC2 An audit/test that reports on an organization’s controls relative to the CIA triad.
The question is somewhat vague, so we will want a generalized answer. The GDPR (General Data
Protection Regulation) is most likely to outline responsibilities for data controllers/processors/users.
B.GDPR The European Union’s regulation that states that personal data cannot be collected or processed
without the individual’s informed consent.
What type of control would a sign, like the one above, be considered?
A.Detective
B.Compensating
C.Deterrent
D.Corrective
C.Deterrent
Before accepting credit cards on a new shopping website, what standard must a company follow?
A.PCI DSS
B.NIST CSF
C.ISO 22301
D.ISO 27001
A.PCI DSS
PCI DSS = Payment Card Industry Data Security Standard
NIST CSF = National Institute of Standards and Technology, Cyber Security Framework
ISO 22301 - security & resilience, business continuity management
ISO 27001 - information security rules and requirements (compliance/regulations)
Of the control type listed below, what would a mantrap (access control vestibule) or turnstile be
considered?
A.Physical
B.Detective
C.Corrective
D.Technical
A.Physical
Which ISO standard is specifically designed for certifying privacy?
A.31000
B.27002
C.27701
D.9001
C.27701
ISO standards 27001, 27002, 27701, 31000 are listed as exam objectives.
Additional supplementary ISO numbers can be found in this slide's notes.
- ISO 27001 Information Security Management Systems
Infosec rules and requirements used by many governing bodies to create compliance/regulations.
- ISO 27701 Privacy Information Management
An extension to 27001 that outlines rules and regulations specifically tied to privacy.
- ISO 27002 Information Security Best Practices
Guidelines and suggestions for how to start or improve infosec at an organization.
- ISO 31000 Risk Management Best Practices
Generic (non specific) suggestions for managing risk response within an organization
What is ISO 27001?
Information Security Management Systems
Infosec rules and requirements used by many governing bodies to create compliance/regulations.
What is ISO 27701?
Privacy Information Management
An extension to 27001 that outlines rules and regulations specifically tied to privacy.
What is ISO 27002?
Information Security Best Practices
Guidelines and suggestions for how to start or improve infosec at an organization.
What is ISO 31000?
Risk Management Best Practices
Generic (non specific) suggestions for managing risk response within an organization
A penetration tester revealed that an end of life server is using 3DES to encrypt its traffic. Unfortunately,
the server which is mission critical cannot be upgraded to AES, replaced, or removed. What type of
control could help reduce the risk created by this server considering the company must continue to use
it?
A.Corelating
B.Physical
C.Detective
D.Preventative
E.Compensation
E.Compensation
An employee installed a new service on the domain controller without consent or approval from the IT
department and change management. What specifically describes this type of threat?
A.OSINT
B.Insider threat
C.Shadow IT
D.Dark web
D.Dark web
Shadow IT (also known as fake IT, stealth IT, or rogue IT) refers to information technology (IT) systems
deployed by departments other than the central IT department, to work around the shortcomings of the
central information system.
Of the intelligence sources below, which should an security manager review that would allow them to
remain proactive in understanding the types of threats that face their company?
A.Vulnerability feeds
B.Trusted automated exchange of indicator information
C.Structured threat information expression
D.Industry information-sharing and collaboration groups
D.Industry information-sharing and collaboration groups
(A) Vulnerability feeds only show software/hardware vulnerabilities. Nothing about their human targets.
(B) TAXII is a protocol for transferring Cyber Threat Intelligence from a server to client(C) STIX Structured method of describing cyber security threats in a consistent matter. While it helps logically
organize information it isn't a source of sharing information.
(D) ISAC - Industry specific groups on sharing threat information (for example aviation or financial
businesses)
From the options below, what type of threat actor would be described as highly skilled and well
coordinated?
A.Shadow IT
B.A hacktivist
C.An advanced persistent threat
D.An insider threat
C.An advanced persistent threat
Due to a supply shortage over the summer not all of the company campus was upgraded with the new
and faster wireless access points. While the company is waiting for more to come in, a security analyst
has grown concerned that employees might bring in their own access points without permission. What
type of threat is the security analyst concerned about?
A.Hactivist
B.Shadow IT
C.White-hat
D.A script kiddie
E.APT
B.Shadow IT
A public announcement is made about a newly discovered, rapidly spreading virus. The security team
immediately updates and applies all its antivirus signatures. The security manager contacts the antivirus
vendor support team to ask why one of the systems was infected. The vendor support team explains that
the signature update is not available for this virus yet. Which of the following best describes the
situation?
A.Race condition
B.End of life
C.Zero day
D.Integer overflow
C.Zero day
How could you tell from the results of a vulnerability scan if the scanner had been provided valid
credentials relevant to the target it was scanning?
A.The scan identified expired SSL certificates
B.The scan produced a list of vulnerabilities on the target host
C.The scan enumerated software versions of installed programs
D.The scan results show open ports, protocols, and services exposed on the target host
C.The scan enumerated software versions of installed programs
A vulnerability scanner should NOT be able to see software versions of installed programs unless it has
valid credentials and can log into the device it is scanning.
A security expert is looking through logs for a specific IoC (Indicator of Compromise) that they read
about online. What are they doing?
A.A packet capture
B.A user behavior analysis
C.Threat hunting
D.Credentialed vulnerability scanning
C.Threat hunting
After a security assessment is concluded, what benefit does the CVSS score provide to a company on the
list of discovered vulnerabilities?
A.Validate the vulnerability exists in the organization's network through penetration testing.
B.Research the appropriate mitigation techniques in a vulnerability database.
C.Find the software patches that are required to mitigate a vulnerability.
D.Prioritize remediation of vulnerabilities based on the possible impact.
D.Prioritize remediation of vulnerabilities based on the possible impact.
Which of the following tools should be utilized to review a 1GB pcap?
A.Nmap
B.cURL
C.Netcat
D.Wireshark
D.Wireshark
Pcap = packet captureWireshark, a protocol analyzer, would be an ideal tool for this!
Which of the following pen-test teams would mimic the tactics used by hackers?
A.Red team
B.White team
C.Blue team
D.Purple team
A.Red team
Which of the following would best describe the severity of a company's vulnerabilities?
A.CVSS
B.SIEM
C.CVE
D.SOAR
A.CVSS
- The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics
of a vulnerability and produce a numerical score reflecting its severity.
- CVE is a list of entries—each containing an identification number, a description, and at least one public
reference—for publicly known cybersecurity vulnerabilities.
- SIEM (Security information and event management) is a service/software that gathers network and
application logs in real-time and analyzes them, giving security experts the ability to better monitor and
analyze attacks/threats.
- Sometimes running alongside the SIEM or built into it, SOAR (Security Orchestration, Automation, and
Response) was designed to automate and improve response time when a SIEM detects a threat/anomaly
on the network. Sometimes referred to as a Next Generation SIEM.
You are concerned with servers running outdated applications. Which command would work BEST to
help identify potential vulnerabilities?
A.hping3 -S comptia.org -p 80
B.nc -1 -v comptia.org -p 80
C.nmap comptia.org -p 80 -sV
D.nslookup -port=80 comptia.org
C.nmap comptia.org -p 80 -sV
Since no vulnerability scanners are listed (Nessus or OpenVAS for example) then NMAP is our next best
choice (As a scanning tool it has basic vulnerability scanning)
An investigation has revealed that the worm gained access to the company SQL server using well-known
credentials. It then spread throughout the network and managed to infect over a dozen systems before it
was contained. What is the best preventative measure the company could take to prevent this from
happening again?
A.Air gap the SQL server from the network
B.Block all remote access services on the network gateway
C.Establish routine backups for all company servers
D.Change the default application password
D.Change the default application password
"Well known credentials" indicates we have a common/predictable/default password on our hands.
We should change that password ASAP and then deploy IPS/antimalware tools.
Which one of the tools below could be used to find out if the corporate server is running unnecessary
services?
A.Nmap
B.DNSEnum
C.Wireshark
D.Autopsy
A.Nmap
- Nmap, short for network mapper, is capable of port scanning the network and determining what
services are running on any hosts that are detected.
- Wireshark is a protocol analyzer and packet sniffer that is used for gathering, sorting, and analyzing
traffic from a network.
- Autopsy is a tool for performing data forensics.
After reading the user manual for a specific brand of security camera, a hacker was able to log in and
disable the cameras on the company's campus. What describes the configuration that the hacker took
advantage of?
A.Open permissions
B.Default settings
C.Unsecure protocols
D.Weak encryption
B.Default settings
If the hacker figured out how to access (log in) and disable the cameras just from reading the manual, it
is likely that there is a default password on the camera that was never changed.
Sales employees regularly utilize the same fantasy football website as other sales associates working for
other companies. Which of the following attacks is the highest concern in this scenario?
A.Watering-hole attack
B.Credential harvesting
C.Hybrid warfare
D.Pharming
A.Watering-hole attack
An employee received a text message (SMS) on their phone that asked for them to confirm their social
security number and date of birth. Of the options below, what best describes what this employee has
experienced?
A.Smishing
B.SPIM
C.Vishing
D.Spear phishing
A.Smishing
- Smishing is text/instant message (SMS) phishing.
- SPIM is text/instant message spam.
- Vishing is VOIP (voice) phishing. It requires someone to call you.
- Spear phishing is a phishing attack that targets a specific individual or group.
An admin sees several employees all simultaneously downloading files with the .tar.gz extension. The
employees say they did not initiate any of the downloads. A closer examination of the files reveals they
are PE32 files. Another admin discovers all of the employees clicked on an external email containing an
infected MHT file with an href link at least two weeks prior. Which of the following is MOST likely
occurring?
A.A RAT was installed and is transferring additional exploit tools.
B.The workstations are beaconing to a command-and-control server.
C.A logic bomb was executed and is responsible for the data transfers.
D.A fileless virus is spreading in the local network environment.
C.A logic bomb was executed and is responsible for the data transfers.
The two week delay suggests logic bomb!
Emily has received a suspicious email that claims she won a multi-million dollar sweepstake. The email
instructs her to reply with her full name, birthdate, and home address so her identity can be validated
before she is given the prize. What best describes this type of social engineering attack?
A.Vishing
B.Phishing
C.Whaling
D.Spear phishing
B.Phishing
The company's Chief Financial Officer received an email from a branch office manager who claims to
have lost their company credit cards. They are requesting $12,000 be sent to a private bank account to
cover various business expenses. What type of social engineer attack does this best illustrate?
A.Pharming
B.Phishing
C.Typo squatting
D.Whaling
D.Whaling
Whaling: A form of spear phishing where the target is upper management.
After a ransomware attack, you need to review a cryptocurrency transaction made by the victim. Which
of the following you MOST likely review to trace this transaction?
A.The public ledger
B.The NetFlow data
C.A checksum
D.The event log
A.The public ledger
“Blockchain is a concept in which an expanding list of transactional records is secured using
cryptography.
The blockchain is recorded in a public ledger. This ledger does not exist as an individual file on a single
computer; rather, one of the most important characteristics of a blockchain is that it is decentralized. The
ledger is distributed across a peer-to-peer (P2P) network in order to mitigate the risks associated with
having a single point of failure or compromise. Blockchain users can therefore trust each other equally.”
Page 121
A penetration tester has found a domain controller using 3DES to encrypt authentication messages.
What problem has the penetration tester identified?
A.Unsecure protocols
B.Default settings
C.Open permissions
D.Weak encryption
D.Weak encryption
Which of the following would MOST likely support the integrity of a banking application?
A.Perfect forward secrecy
B.Transport Layer Security
C.Blockchain
D.Asymmetric encryption
C.Blockchain
(A) and (B) are designed to support confidentiality, while (C) BLOCKCHAIN is specifically used for integrity
management through encryption.
(D) can be used for integrity management, but not without the addition of hashing, which creates a
process known as signing.
More about blockchain:
A blockchain is a growing list of records, called blocks, that are linked using cryptography. Each block
contains a cryptographic hash of the previous block, a timestamp, and transaction data. By design, a
blockchain is resistant to modification of its data. This is because once recorded, the data in any given
block cannot be altered retroactively without alteration of all subsequent blocks
An employee typical uses SSH to connect and configure a remote server. Today they got this message:
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
WARNING: REMOTE HOST ID HAS CHANGED!
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
The fingerprint for the RSA key sent by the host is SHA:
1B8104A05A243CEE3776A81BDE2EC7DAA990D0A5. Host key verification failed. Please contact your
admin.
What network attack is the employee most likely experiencing?
A.Evil twin
B.ARP poisoning
C.Man-in-the-middle
D.MAC cloning
C.Man-in-the-middle
The remote device we are attempting to connect to does not have the proper SSH key. We are likely
talking to a Man-in-the-Middle (MitM) who is impersonating our intended destination.
A data breach was discovered after a company's usernames and password were posted to a hacker
website. Afterwards, an analyst discovered the company stored credentials in plain text. Which of the
following would help mitigate this type of breach in the future?
A.Create DLP controls that prevent documents from leaving the network.
B.Implement salting and hashing.
C.Configure the web content filter to block access to the forum.
D.Increase password complexity requirements.
B.Implement salting and hashing.
Of the options below, which one would typically utilize steganography?
A.Blockchain
B.Integrity
C.Non-repudiation
D.Obfuscation
D.Obfuscation
Steganography is a technique/art that involves obscuring or hiding a message in plain sight.
A company would like to get one SSL certificate that can cover both of their application servers,
ftp@example.com and www.example.com. Furthermore, this certificate should be able to cover any
future application servers that the company may add of a similar naming convention, such as
smtp.example.com. What type of SSL certificate would best fit their needs?
A.Self-signed
B.SAN
C.Wildcard
D.Extended validation
C.Wildcard
*.example.com
A wildcard certificate is capable of being used by, and protecting, several servers so long as the domain
and top level domain are matching.
A server certificate needs to be generated to be used for 802.1X. Which of the following is the FIRST step
that will most likely accomplish this task?
A.Create an OCSP.
B.Generate a CSR.
C.Create a CRL.
D.Generate a .pfx file.
B.Generate a CSR.
An admin wanted to better understand their company's security posture from a outsider's perspective.
Examine the information they gathered below. What is true based off of the admin's findings? (pick two)
A.They used Whois to produce this output
B.They used cURL to produce this output
C.They used Wireshark to produce this output.
D.The organization has adequate information in public registration.
E.The organization has too much information available in public registration.
F.The organization has to little information available in the public registration.
This is an output from a Whois search.
Contact information (phone number, email, address of registrant) should not be stored in the Whois as
per the GDPR.
A.They used Whois to produce this output
E.The organization has too much information available in public registration.
After entering a password a user is asked to enter an authentication code. What type of MFA factors are
being used in this scenario? (pick two)
A.Something you know
B.Something you have
C.Somewhere you are
D.Someone you know
E.Something you are
F.Something you can do
A.Something you know
B.Something you have
HD cameras located throughout the airport are going to be used to track passengers without requiring
them to enroll in a biometric system. Of the biometric options below, what would be suitable for this
advanced security tracking system? (pick two)
A.Voice
B.Vein
C.Facial
D.Gait
E.Fingerprint
F.Retina
Without enrollment, the only things the cameras could reasonably use would be facial recognition and
gait (how someone walks, or the distance between their steps).
C.Facial
D.Gait
An admin logs into the domain controller and finds the following information:
Based on the evidence gathered, what best describes this attack?
A.Brute-force
B.Spraying
C.Keylogger
D.Credential harvesting
It looks like a hacker is trying to gain access to one of the accounts listed below. Password spraying is a
safe assumption. See the notes for more explanation.
B.Spraying
PASSWORD SPRAYING:
Step 1: Acquire a list of usernames. This part can be difficult.
Step 2: Try common passwords with each of the user accounts. This part is very easy.
Step 3: Gain access, assuming you don't get caught!
Pg 159 in student guide.
The company wants to deploy MFA on desktops in the main office. They have specified that the MFA
solution must be non-disruptive and as user friendly as possible. Which of the options below would be
best considering these conditions?
A.One-time passwords
B.Email tokens
C.Push notifications
D.Hardware authentication
The most user friendly option would be hardware authentication. If the hardware provides
authentication on its own through a certificates or token, it will not require any extra steps for the end
user. All of the other options require a user to get a pin number and enter it in addition to a password.
D.Hardware authentication
The data center is currently protected by two factor authentication that includes a fingerprint scanner
and a pin number. What item could be added to this preexisting system to allow for three factor
authentication?
A.Date of birth
B.Password
C.TPM
D.Smart card
E.Iris scan
D.Smart card
We already have fingerprint (something you are) and pin number (something you know). We need to
find something from a different category, such as something you have!
What attack best describes the logs below:
A.Brute-force
B.Spraying
C.Dictionary
D.Rainbow table
B.Spraying
Given the following output on an Attacker's system:
Status : Cracked
Hash.Type : SHA-1
Hash.Target : e653c7526c3a40b47943710427dabaee71ec2267
Time.Started : Tuesday, April 21 1:45:12 2020
Progress : 26845159 / 450365879 (5.96%) hashes
Time.Stopped : Tuesday, April 21 1:47:53 2020
Password found : Str0ngP@ssword1!
Which of the following BEST describes the type of password attack the attacker is performing?
A.Dictionary
B.Pash-the-hash
C.Brute-force
D.Password spraying
A.Dictionary
A password that long broken in a few minutes? Must be a dictionary attack; brute force attacks could
take years to crack passwords of that length.
You enter a username and password and then must draw a gesture on a touch screen. Which of the
following answers best describes what you are doing?
A.Multifactor authentication
B.Something you can do
C.Biometrics
D.Two-factor authentication
Very bad question. All bad answers but, while a specific gesture is "Something you know" we have to
assume that isn't the answer because it isn't an option, and the same goes with this only being single
factor. If you argue that B applies to gesture lock, then if you combine the gesture with the username
and password, making it two factors of authentication. This feels like a logic puzzle more than a question,
but sometimes that's just what you get.
D.Two-factor authentication
You are configuring a vulnerability scanner for a multinational organization. You are required by contract
to scan systems on a weekly basis with admin privileges, but are concerned that hackers could gain
access to the account and pivot throughout the company's networks. Which of the following BEST
addresses this concern?
A.Create different accounts for each region, each configured with push MFA notifications.
B.Create one global administrator account and enforce Kerberos authentication.
C.Create different accounts for each region, limit their logon times, and alert on risky logins.
D.Create a guest account for each region, remember the last ten passwords, and block password reuse.
C.Create different accounts for each region, limit their logon times, and alert on risky logins.
An attacker used a keylogger to remotely monitor a user's input, thereby harvesting important
credentials. What would best mitigate or prevent this threat in the future?
A.Change default passwords
B.Update cryptographic protocols
C.Implement 2FA using push notifications
D.Force password resets for compromised accounts
E.Enforce complexity requirements through group policy
With 2FA (two factor authentication) the attacker can get our password (something you know) with a
keylogger, as described above, and will not be able to access the system without the pin number from
the push notification (something you have).
C.Implement 2FA using push notifications
Which of the access control mechanisms listed below uses classification labels?
A.Mandatory
B.Role-based
C.Rule-based
D.Discretionary
In the MAC (mandatory access control) model:
•Subjects (users/applications) are granted clearance tags/labels.
•Objects (files/folders/etc) are given classification tags/labels.
If you have, for example, secret clearance, you are permitted within the MAC model to see secret,
confidential, and any other classifications considered to be beneath secret. You cannot see any files with
classifications above your clearance level, such as top secret.
A.Mandatory
A professor recently left their position at university A to take a job at a rivaling college, university B. A
few months after the professor officially departed, a security analyst at university A noticed that the
former professor had logged into a department server and deleted several important file shares. Of the
security practices listed below, what should have been performed to prevent the important files from
being deleted?
A.Non-disclosure agreement
B.Offboarding
C.An acceptable use policy
D.Least privilege
B.Offboarding
The CEO would like employees to be able to work from home in the event of a disaster. However, they
are concerned that staff might attempt to work from high risk countries or outsource their work if given
the ability to work remotely. What controls could best mitigate the CEO's concerns? (pick two)
A.Geolocation
B.Time-of-day restrictions
C.Certificates
D.Tokens
E.Geotagging
F.Role-based access controls
A.Geolocation
B.Time-of-day restrictions
A company's Chief Information Officer (CIO) is meeting with the Chief Information Security Officer (CISO)
to plan some activities to enhance the skill levels of the company's developers. Which of the following
would be MOST suitable for training the developers?
A.A capture-the-flag competition
B.A phishing simulation
C.Physical security training
D.Basic awareness training
Capture the Flag (CTF) is usually used in ethical hacker training programs and gamified competitions.
Participants must complete a series of challenges within a virtualized computing environment to discover
a flag. The flag will represent either threat actor activity (for blue team exercises) or a vulnerability (for
red team exercises). None of the other options would enhance the “SKILL LEVELS” of the developers.
A.A capture-the-flag competition
Of the access control schemes below, which one allows an owner to determine an object's access
policies?
A.Role-based
B.Attribute-based
C.Mandatory
D.Discretionary
D.Discretionary
A company needs to detect single points of failure in their security systems. Which of the following
policies or concepts would assist them in this endeavor?
A.Mandatory vacation
B.Separation of duties
C.Awareness training
D.Least privilege
Separation of duties would allow at least one other individual to identify a flaw in a process, especially
when considering the risk from an insider threat. To resolve SPoFs with personnel, use job rotation.
B.Separation of duties
After many passwords where leaked to the dark web, an admin has decided everyone must change their
password at next login. What should the admin consider to minimize the likelihood that accounts are not
compromised again after the reset is issued?
A.A geofencing policy based on logon history
B.Encrypted credentials in transit
C.Account lockout after three failed attempts
D.A password reuse policy
If the passwords have been leaked, we don’t want anyone to REUSE the same password when they are
prompted to change them!
D.A password reuse policy
What could be used to allow for secure authentication to cloud services and third-party websites
without the need to send a password?
A.SSO
B.PAP
C.Oauth
D.SAML
PAP, typically used with point to point serial connections, sends your password as plaintext.
Oauth is typically used for sending authorizations from one web service / cloud server to another, but
doesn’t typically handle authentication.
SAML is an XML-based format used to exchange authentication information and thereby achieve identity
federations (SSO). It doesn’t actually send your password from one system to another in the process.
Instead it tokenizes credentials across multiple parties.
D.SAML
A manager has decided that outsiders and corporate partners visiting the company campus need to sign
a digital AUP before they will be allowed to access the isolated and complementary guest WiFi. What
would a technician utilize to facilitate the manager's decision?
A.Implement open PSK on the Aps
B.Install a captive portal
C.Deploy a WAF
D.Configure WIPS on the APs
A captive portal is a web page accessed with a web browser that is displayed to newly connected users
of a Wi-Fi or wired network before they are granted broader access to network resources.
B.Install a captive portal
Employee tablets and phones have been losing WiFi connectivity in specific places within the sale offices.
What should a network technician use to determine the source of the problem? (pick two)
A.Perform a site survey
B.Install a captive portal
C.Deploy a FTK imager
D.Upgrade the security protocols
E.Create a heat map
F.Scan for rogue access points
It sounds like we have a problem with interference or employees are walking out of range. Perform a site
survey to figure out where the access points are located, what the building is made of, and which
frequencies are in use. Then, create a heat map that details where the signal is strong versus where it is
the weakest. We may need to change antennas, adjust the signal strength, use a different
channel/frequency, or get a few more access points.
FTK = Forensics Tool Kit imager is used to quickly assess electronic evidence.
A.Perform a site survey
E.Create a heat map
After returning from an overseas trip with a company laptop, an employee is unable to establish a VPN
on the laptop in the home office. What is the most likely explanation for why they are unable to establish
a VPN connection?
A.Due to foreign travel, the user's laptop was isolated from the network.
B.The user's laptop was quarantined because it missed the latest patch update.
C.The VPN client was blacklisted.
D.The user's account was put on a legal hold.
It is very likely that there was a policy in place where the laptop must be scanned or checked back in
before it can resume using the VPN service. This type of policy is not unusual, and it may be described as
a host health check. (B) is also a possibility, but it seems less likely than (A).
A.Due to foreign travel, the user’s laptop was isolated from the network.
After connecting the laptop to the company's SSID, an employee was prompted to enter their username
and password into a popup web browser. This had never happened before, but they entered their
credentials anyways. Later that day they noticed they where unable to access any of the company
servers and unusual transactions where appearing on their credit card. What attack is most likely being
described in this scenario?
A.Rogue access point
B.Evil twin
C.DNS poisoning
D.ARP poisoning
B.Evil twin
An organization is worried that the SCADA network that controls the environmental systems could be
compromised if the staff's WiFi network was breached. What would be the best option to mitigate this
threat?
A.Install a smart meter of the staff WiFi.
B.Place the environmental systems in the same DHCP scope as the staff WiFi.
C.Implement Zigbee on the staff WiFi access points.
D.Segment the staff WiFi network from the environmental systems network.
We should isolate/separate/segment those networks!
D.Segment the staff WiFi network from the environmental systems network.
A technician needs to create a detailed diagram that shows where all of the company access points are
located in the office. What would be the best method for creating this diagram?
A.Footprinting
B.White-box testing
C.A drone/UAV
D.Pivoting
A site survey would be a great answer. Unfortunately, footprinting is the best that we have available to
us.
A.Footprinting
A company has maintained highly detailed records of all of their authorized network devices and is
planning to use WiFi for all laptops that need network access. What would alleviate the risk of a script
kiddie brute forcing a PSK on a wireless access point?
A.BPDU guard
B.WPA-EAP
C.IP filtering
D.A WIDS
If we have detailed records, lets limit which devices can even use the APs by filtering the IP addresses.
While a skilled hacker could easily get around this, a script kiddie probably couldn’t.
C.IP filtering
A webserver was recently overwhelmed by a sudden flood of SYN packets from multiple sources. Of the
options below, which best describes this attack?
A.Worm
B.Botnet
C.Virus
D.RAT
E.Logic bomb
To overwhelm a server with SYN packets we will need to utilize the combined bandwidth of a botnet. A
botnet is a collection of compromised computers that act together in unison to perform a DDoS
(Distributed Denial of Service). The individual computers are often called bots or zombies.
B.Botnet
An admin is deploying access points that will use PKI for authentication. What needs to be configured for
this to work?
A.Captive portal
B.WPS
C.802.1x
D.PSK
Using PKI to authenticate into the access point will require an AAA system (a RADIUS or TACACS server
must be on the network and configured properly).
This process is described in the standard 802.1x, and is also referred to as “enterprise authentication”.
C.802.1x
A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of
a power surge or other similar situations. The switch was installed on a wired network in a local office
and is monitored via a cloud application. The switch is already isolated on a separate VLAN and set up a
patching routine. Which of the following steps should also be taken to harden the smart switch?
A.Set up an air gap for the switch.
B.Change the default password for the switch.
C.Place the switch in a Faraday cage.
D.Install a cable lock on the switch.
Air gapping the device could cut it off from the cloud application, the question doesn’t mention wireless
so a faraday cage won’t help, and a cable lock will only help prevent against physical theft which doesn’t
appear to be our main concern. That leaves us with (B).
B.Change the default password for the switch.
A user is having problem accessing network shares. An admin investigates and finds the following on the
user's computer:
What attack has been performed on this computer?
A.Directory traversal
B.Pass-the-hash
C.Mac flood
D.ARP poisoning
E.IP conflict
F.DHCP starvation attack
Two different devices shouldn’t have the same MAC addresses. Since these are dynamically learned ARP
entries, it is reasonable to believe this was an ARP poisoning. Device .1 is probably the default gateway
and then device .11 is the MitM.
D.ARP poisoning
An admin is concerned that a threat actor may have breached the company network using a new and
publicly available exploit. What should be checked first that would best inform the admin as to the order
for future data forensics?
A.The vulnerability scan output
B.The SIEM alerts
C.The IDS logs
D.The full packet capture data
We may have been compromised! Lets check the vulnerability scanner and let that inform our future
decisions relating to data forensics. The vulnerability scanner should give us the best look into our
network’s security posture (level of vulnerability) and may also give us some clues (IoCs = indicators of
compromise).
A.The vulnerability scan output
Of the options below, when would it be the best time to use a detective control instead of a preventative
control?
A.A company implemented a network load balancer to ensure 99.999% availability of its web
application.
B.A company designed a backup solution to increase the chances of restoring services in case of a
natural disaster.
C.A company purchased an application-level firewall to isolate traffic between the accounting
department and the information technology department.
D.A company purchased an IPS system, but after reviewing the requirements, the appliance was
supposed to monitor, not block, any traffic.
All IPSs (intrusion prevention systems) can be set up to act as an IDSs (intrusion detection systems).
D.A company purchased an IPS system, but after reviewing the requirements, the appliance was
supposed to monitor, not block, any traffic.
Several credit cards numbers have been stolen and incident response has determined the following:
•All SSL encrypted traffic is sent through an inspection proxy at the edge of the company network
•Only the traffic going through the proxy was compromised
•Traffic that did not go through the proxy (the guest network) was not compromised
•The websites that employees used to make online purchases at where not the cause of the compromise
What is the most likely cause of this compromise considering the facts above?
A.HTTPS sessions are being downgraded to insecure cipher suites.
B.The SSL inspection proxy is feeding events to a compromised SIEM.
C.The payment providers are insecurely processing credit card charges.
D.The adversary has not yet established a presence on the guest WiFI network.
The only thing we know for sure is that the inspection proxy is integral to this issue. The only answer that
involves the proxy is (B). Process of elimination is crucial when troubleshooting any problem, incident, or
tricky test question!
B.The SSL inspection proxy is feeding events to a compromised SIEM.
A worm infected a computer, and then spread to the network's file shares. All preventative measures
failed to block or detect the worm and it has continued to evade detection. What could be used to
protect the network from this elusive malware?
A.Install a definition-based antivirus.
B.Implement an IDS/IPS.
C.Implement a heuristic behavior-detection solution.
D.Implement CASB to protect the network shares.
Either the worm is a zero-day and there is no signature or patch for it, or the worm is polymorphic and
thereby evading detection. Nevertheless, time for anomaly based (heuristics/behavior) solution.
C.Implement a heuristic behavior-detection solution.
An large industrial HVAC system is set up to alert the maintenance company whenever there is a
problem with the system. While performing a routine audit an engineer notices that the HVAC system is
sending IP packets to an internal file server's IP. While maintaining the alerting capabilities of the HVAC
system, what mitigation effort should the engineer employ?
A.Segmentation
B.Firewall whitelisting
C.Containment
D.Isolation
A firewall could be used to force the HVAC system to communicate ONLY to the maintenance company,
and not the internal file server.
Segmentation is not a bad answer, but without knowing how we do the segmentation, it is a risky choice.
Containment/isolation will cut the device off from the maintenance company and we need to maintain
the alerting capabilities.
B.Firewall whitelisting
Web server A is unreachable from the corporate branch office. Review the stateful firewall below. Which
of the options below would resolve the problem while ensuring the web traffic is secure?
A.Add a rule "permit source 172.30.2.1/24 to destination 172.30.1.0/24, HTTP"
B.Add a rule "permit source 172.30.3.0/24 to destination 172.30.2.1/24, HTTP"
C.Add a rule "permit source 172.30.1.0/24 to destination 172.30.2.1/24, HTTP"
D.Add a rule "permit source 172.30.2.1/24 to destination 172.30.1.0/24, HTTPS"
E.Add a rule "permit source 172.30.3.0/24 to destination 172.30.2.1/24, HTTPS"
F.Add a rule "permit source 172.30.1.0/24 to destination 172.30.2.1/24, HTTPS"
(A), (B), and (C) are all insecure. We want HTTPS. (D) Is the wrong direction. We want the branch office
set as the source and the web server as the destination. (E) Has the wrong source address. (F) is correct.
We do not need to make a rule for the web server to the office since a stateful firewall will allow return
traffic that matches the new rule.
F. Add a rule “permit source 172.30.1.0/24 to destination 172.30.2.1/24, HTTPS”
Of the control types listed below, what best fits the description of a NIDS?
A.Corrective
B.Physical
C.Administrative
D.Detective
NIDS = Network Intrusion Detection System
D.Detective
Which of the following is the most secure choice for MANAGING a Unix based network device?
A.SSH
B.DNS
C.SNMP
D.Telnet
E.HTTP
SSH provides an encrypted remote connection to another device via the command line. It is still
commonly used when managing UNIX systems and network based devices. It operates on port 22 TCP.
A.SSH
Countless websites have become unreachable for all the hosts on the network. A technician from the
helpdesk runs ipconfig /flushdns on all affected workstations but the problem persists. The issue is
elevated to a senior technician who changes the configured DNS server on the affected hosts and the
problem is resolved. What problem is the original DNS most likely server suffering from?
A.DNS cache poisoning
B.DNS tunneling
C.Domain hijacking
D.Distributed denial-of-service
A. If this was the case, flushing the DNS would have solved the problem.
B. This is when an attacker uses DNS as a covert channel to exfiltrate data from the network.
C. Since we are dealing with several websites, it is unlikely a hacker has compromised all of them.
Furthermore, most hijacks do not involve disabling the server.
D. Sounds like the DNS server that we where originally using is having problems. A DDoS could be
responsible.
D.Distributed denial-of-service
A computer on the company network was infected with malware and the user says they haven't used the
device for anything but browsing the internet. They did not download anything or open any emails on
the infected computer. Of the options below, what might help a technician find where the malware came
from?
A.The DNS logs
B.The web server logs
C.The SIP traffic logs
D.The SNMP logs
The DNS logs will reveal which websites the user went to.
A.The DNS logs
What will help protect a company from phishing and spear-phishing attacks?
A.DNSSEC and DMARC
B.DNS query logging
C.Exact mail exchanger records in the DNS
D.The addition of DNS conditional forwarders
https://dmarc.org/
DMARC is a way to make it easier for email senders and receivers to determine whether or not a given
message is legitimately from the sender, and what to do if it isn’t. This makes it easier to identify spam
and phishing messages, and keep them out of peoples’ inboxes.
A.DNSSEC and DMARC
What command would be used to create an SSH key pair using RSA?
A.ssh -keygen -t rsa
B.ssh -i ~/.ssh/id_rsa
C.Ssh -new rsa 2048
D.Ssh -n -rsa
“-T” allows you to change the TYPE of key that is created.
A.ssh -keygen -t rsa
A VPN connection needs to be configured from site A to site B while also providing the following:
·Integrity
·Encryption
·Authentication
·Anti-replay
Which of the following should be enabled when configuring the VPN to meet the objectives above?
A.ESP
B.DNSSEC
C.AH
D.EDR
ESP (Encapsulated Security Payload can provide all of the requirements above, while AH (Authentication
Header) provides all of them EXCEPT encryption.
EDR stands for Endpoint Detection and Response.
A.ESP
After several corporate usernames and credentials where posted on the dark web, a security engineer
began an investigation. They discovered that for eight hours, last week, the IP address for a vendor's
website was changed. Of the attacks below, which is the most likely considering the limited evidence?
A.Man-in-the-middle
B.Spear-phishing
C.Evil twin
D.DNS poisoning
D.DNS poisoning
A manager is using their company laptop to connect to a public access point and remotely access
company file shares. What would best be utilized in this situation to protect the laptop from other
devices on the public network? (Pick two)
A.Trusted Platform Module
B.A Host-based firewall
C.A DLP solution
D.Full disk encryption
E.A VPN
F.Antivirus software
A host-based firewall will stop unwanted traffic from entering the laptop, while a VPN would be ideal for
creating an encrypted connection to the corporate shares over public WiFi.
B.A Host-based firewall
E.A VPN
A security expert has identified the following:•www.example.com is officially hosted at 172.16.99.99.•Based off of Netflow records, there was a day where a single corporate DNS server resolved
www.example.com to 172.31.50.50.•At present all company DNS servers resolve www.example.com to 172.16.99.99. Of the options below, what most likely occurred?
A.A reverse proxy was used to redirect network traffic.
B.An SSL strip MITM attack was performed.
C.An attacker temporarily poisoned a name server.
D.An ARP poisoning attack was successfully executed.
C.An attacker temporarily poisoned a name server.
What command would be used to send a public SSH key to another host?
A.Copy-ssh ~/ssh/id_rsa/pub user@server
B.chmod 644 ~/.ssh/id_rsa
C.Ssh-copy-id -i ~/ssh/id_rsa_pub user@server
D.chmod 777 ~/.ssh/authroized_keys
Chmod alters permissions on a folder or file. 644 means the owner has read and write while everyone
else has read only. 777 means everyone can read, write, and execute.
C.Ssh-copy-id -i ~/ssh/id_rsa_pub user@server (This copies the public key to the remote server)
An admin performing a routine audit at the company revealed that a network appliance with an
embedded OS is potentially vulnerable to compromise. Looking back at the company records, the admin
notices that this same piece of hardware was identified as vulnerable during the last three audits. What
best explains the appliance's vulnerable state?
A.The appliance requires administrative credentials for the assessment.
B.The vendor has not supplied a patch for the appliance.
C.The device uses weak encryption ciphers.
D.The system was configured with weak default security settings.
The question should be interpreted as “why hasn’t anyone fixed this thing?”
Ether the company is negligent or there isn’t a patch for this particular system (answer B).
B.The vendor has not supplied a patch for the appliance.
While minimizing inconvenience for employees, what would protect a corporate laptop's HDD from
possible data theft?
A.HSM
B.TPM
C.SED
D.DLP
Since they specified HDD (hard-drive disk) a SED is a slightly better answer than a DLP.
HSM = Hardware Security Module, an addon device that is plugged into a computer to provide crypto
processing and manage/store digital encryption keys.
TPM = Trusted Platform Module, just like the HSM, but built into your motherboard. It can do everything
the HSM can do, but it can’t be removed. A thief will have to take the entire motherboard if they want
the keys!
SED = Self Encrypting Drive, a hard drive that encrypts itself. Faster encryption when compared with
software encryption options like Bitlocker.
DLP = Data Loss Prevention, used to protect data from theft, while in motion, at rest, or in use.
C.SED
A worm spread rapidly through a company's network infecting dozens of host machines before it was
detected. What would be the best approach to preventing this from happening again?
A.Segment the network with firewalls
B.Install a NIDS device at the boundary
C.Implement application blacklisting
D.Update all antivirus signatures daily
There is no mention of this worm being polymorphic so signature-based antimalware tools would be
very effective at stopping it, assuming they are updated regularly. We don’t know the topology of this
network or what port the worm used to spread, so it is hard to tell if segmentation with firewalls is even
possible or useful. (D) is the best answer, and (A) is the runner up.
D.Update all antivirus signatures daily
A company is concerned about custom/targeted malware being injected into their IT systems via USB
sticks or email. Of the options below, what is the company's best course of action to mitigate this specific
threat?
A.Configure signature-based antivirus to update every 30 minutes
B.Fuzzing new files for vulnerabilities if they are not digitally signed
C.Implement application execution in a sandbox for unknown software
D.Enforcing S/MIME for email and automatically encrypting USB drives upon insertion
(A)Signature based antivirus will not stop CUSTOM malware.(B) Fuzzing is used to test input validation
and will not help in this situation.
(C) A reasonable answer. Any unknown applications are immediately sent to an isolated sandbox.
(D) Encrypting the drives doesn’t stop the malware from attempting to access the system.
C.Implement application execution in a sandbox for unknown software
A document that appears to be malicious has been discovered in an email that was sent to a company's
Chief Financial Officer (CFO). Which of the following would be BEST to allow a security analyst to gather
and confirm it is a malicious document without executing any code it may contain?
A.Open the document on an air-gapped network.
B.View the document's metadata for origin clues.
C.Search for matching file hashes on malware websites.
D.Detonate the document in an analysis sandbox.
Detonation/execution of a file in a sandbox would give you the ability to analyze its behavior in a
controlled environment, making it a good answer.
Unfortunately the question specifically mentions not executing any code so C is much safer
C.Search for matching file hashes on malware websites.
You are responsible for emailing company employees their benefits and tax information. After sending
an email to a new employee you receive back the following email:
"Your email message was quarantined. Violation: PII. Please contact IT."
Which of the following most likely generated the email found above?
A.S/MIME
B.DLP
C.IMAP
D.HIDS
DLP (Data loss/leak prevention) software detects potential data breaches or data ex-filtration and
prevents them by monitoring, detecting and blocking sensitive data while in use, in motion, and at rest.
The contents of the email contained PII (personally identifiable information) and the DLP software put in
place by the IT department quarantined the email.
S/MIME is a protocol for singing and encrypting emails. IMAP is a protocol used for accessing and
managing emails stored on an email server. A HIDS is used to detect hackers attempting to access a host
system.
B.DLP
An organization needs their future internet service provider to commit to a specific timeframe in the
event of a significant service outage. What document would be used to enforce this with the service
provider?
A.MOU
B.MTTR
C.SLA
D.NDA
C.SLA
What control could be used to detect when a mobile device is about to leave the company premises?
A.Geotargeting
B.Geolocation
C.Geotagging
D.Geofencing
Geofencing refers to accepting or rejecting access requests based on location.
Geofencing can also be used to send alerts to a device when a user enters a specific area.
Geotagging refers recording the GPS location in the meta data of a file when it is created on a mobile
device.
D.Geofencing
Before entering a high security environment, all guests must put their phone in a metal lockbox, and
leave it outside of the lab. Which risk inspired the creation of this policy?
A.The theft of portable electronic devices
B.Geotagging in the metadata of images
C.Bluesnarfing of mobile devices
D.Data exfiltration over a mobile hotspot
Metal boxes? Sounds like a faraday cage. The company is worried about someone using a wireless
technology (like a hotspot) to exfiltrate data. The metal lockbox will block all wireless signals thereby
mitigating the risk.
D.Data exfiltration over a mobile hotspot
One of your employees wants to access sensitive data from a corporate-owned mobile device. Personal
data is not allowed on the device. Which of the following MDM configurations must be considered when
the engineer travels for business?
A.Screen locks
B.Application management
C.Geofencing
D.Containerization
Containerization protects portions of a device as well as how data can be transferred into and outside of
that container. This could also determine how an employee can write data to their phone, such as
personal data. P. 353
While geofencing is a tempting answer, it doesn’t address the overall concerns of personal data while an
employee uses the phone, only when they bring it outside of boundaries of the fence.
D.Containerization
A company has decided to adopt the CYOD (choose your own device) deployment model, where the
company allows the employee to choose from a range of cellular devices. Considering this deployment
model, what should the security team consider before the phones are deployed?
A.The most common set of MDM configurations will become the effective set of enterprise mobile
security controls.
B.All devices will need to support SCEP-based enrollment; therefore, the heterogeneity of the chosen
architecture may unnecessarily expose private keys to adversaries.
C.Certain devices are inherently less secure than others, so compensatory controls will be needed to
address the delta between device vendors.
D.MDMs typically will not support heterogeneous deployment environments, so multiple MDMs will
need to be installed and configured.
Different phones will have different security postures, features, and control mechanisms. Some may
require compensatory controls.
C.Certain devices are inherently less secure than others, so compensatory controls will be needed to
address the delta between device vendors.
Which would be best in balancing a newly adopted BYOD culture while also protecting company secrets?
A.Containerization
B.Geofencing
C.Full-disk encryption
D.Remote wipe
A.Containerization
A popular manufacturer of network hardware releases a CVE (Common Vulnerability & Exposure) that
outlines a weakness in the latest OS patch for their routers. This vulnerability allows attackers to perform
a resource exhaustion on the SIP protocol which causes the routers to restart. What type of attack is
being described? (pick two)
A.DoS
B.SSL stripping
C.Memory leak
D.Race condition
E.Shimming
F.Refactoring
Forcing devices to restart due to a resource exhaustion? While there are many ways to perform a
resource exhaustion, the best example of that is a memory leak.
A. Denial of Service, an attack that causes a system or service to be temporarily or permanently
unavailable.
B. An exploit that involves downgrading an SSL encrypted connect to a non-encrypted connection
C. An attack that causes a device to run out of memory (resource exhaustion), and typically leads to a
system crash (DOS) or other instability.
D. An undesirable situation that occurs when a device or system attempts to perform two operations at
the same time, but because of the nature of the device/system, the operations must be done in the
proper sequence to be done correctly. Can cause a DOS or other instability.
E. Creating or modifying a DLL, driver, or API to get an app to perform a malicious or unusual function.
F. An attack that utilizes a small library (shim) that transparently intercepts API calls and changes the
arguments passed, handles the operation itself, or redirects the operation elsewhere.
A.DoS
C.Memory leak
A designer is building a new database for the company. What could they implement to improve the
efficiency and accuracy of the future database?
A.Obfuscation
B.Normalization
C.Data masking
D.Tokenization
Normalization is a form of input validation. Any string that is input is stripped of illegal characters and
converted to the accepted character set before being entered into or processed by the database.
B.Normalization
A RAT was used to compromise a manager's computer and steal the password to the corporate bank
account. Data forensics revealed that the manager's account had permission to install and the RAT was
installed by clicking on an email attachment. What would prevent this from reoccurring to them or
someone else in the future?
A.Create a new acceptable use policy.
B.Segment the network into trusted and untrusted zones.
C.Enforce application whitelisting.
D.Implement DLP at the network boundary.
Application whitelisting can restrict untrusted or unknown applications from being installed.
C.Enforce application whitelisting.
A corporate partner has been assisting in the development of several SaaS products. The past three
projects they completed lacked input validation and contained several other vulnerabilities. What should
be done to find these weaknesses before the software is released?
A.Limit the use of third-party libraries.
B.Prevent data exposure queries.
C.Obfuscate the source code.
D.Submit the application to QA before releasing it.
(A), (B), and (C) will not detect vulnerabilities, while (D) submitting to Quality Assurance could, so long as
they are instructed to look for them.
D.Submit the application to QA before releasing it.
Before a new application can be sent to the production environment, a developer needs to perform the
following:
•code-execution testing
•black-box testing
•non-functional testing
What best describes the series of tasks the developer needs to perform?
A.Verification
B.Validation
C.Normalization
D.Staging
Non-functional testing is focused on the user experience and performance of the software.
All of these would be performed as part of staging, in a staging environment. Staging environments are
built to mimic the real production environment. We would also do fuzzing and stress testing in this
environment too.
D.Staging
Which is the BEST way to deploy software patches?
A.Apply the patches to systems in a testing environment, then to systems in a staging environment, and
finally to production systems.
B.Test the patches in a staging environment, develop against them in the development environment, and
then apply them to the productions systems.
C.Test the patches in a test environment, apply them to the production systems, and then apply them to
a staging environment.
D.Apply the patches to the production systems, apply them in a staging environment, and then test all of
them in a testing environment.
First you apply the patches for testing in the testing environment, then the staging environments, and
finally production.
Development -> Testing -> Staging -> Production
A.Apply the patches to systems in a testing environment, then to systems in a staging environment, and
finally to production systems.
During an investigation, the following is found in a web server's logs:
GET http://somesite.com/../../../../etc/shadow
Which attack is the above most likely seen above?
A.SQL injection
B.Cross-site scripting
C.Pass-the-hash
D.Directory traversal
D.Directory traversal
A security audit has revealed that a system is vulnerable to malicious users installing and running
applications on the system. The system is beyond end-of-life support, so it is placed on a protected
network segment until it can be upgraded. Which technology would most effectively protect the
vulnerable system?
A.DNS sinkhole
B.DLP rules on the terminal
C.An IP blacklist
D.Application whitelisting
D.Application whitelisting
Which of the following best represents a directory traversal?
A.http://website.com/products/../../..etc/shadow
B.http://website.com/robert');+drop+table+users;-http://redirect.wibsite.url.website.com/malicious-dns-redirect
A.http://website.com/products/../../..etc/shadow
Of the options below, which attack could potentially have the worst impact on an unpatched PLC
(programable logic controller) running a LAMP server that is accessible via HTTP? (pick two)
A.Cross-site scripting
B.Data exfiltration
C.Poor system logging
D.Weak encryption
E.SQL injection
F.Server-side request forgery
LAMP (Linux, Apache, MySQL, PHP/Perl/Python) is a very common example of a web service stack, after
its four original components: the Linux operating system, the Apache HTTP Server, the MySQL relational
database management system (RDBMS), and the PHP programming language.
Code being inserted into the webpage, or into the SQL application, will be the most impactful thing that
could happen to the device itself.
Everything else is an inconvenience or an issue relating to privacy, that wouldn’t significantly impact the
device, but could harm the business.
A.Cross-site scripting
E.SQL injection
An insider at an application development company embedded a backdoor in an application, allowing
them the ability to bypass standard account login mechanisms on any computer running this app. What
would be the best measure for the company to take to prevent this in the future?
A.Conduct code review
B.Implement application fuzzing
C.Implement 2FA using TOTP
D.Change the default application password
If an insider has inserted a backdoor into the application, we will need a mechanism that can detect that
type of malicious activity (answer A). Fuzzing is used to test input validation, so (B) is wrong. TOTP (time
based one time password, answer C) and changing the default password (answer D) wouldn’t help us
detect a backdoor either.
A.Conduct code review
Users are having trouble accessing the internet and file shares on remote servers. A technician observes
the following on the edge router:
CPU UTILIZATION
0% - last checked 5 minutes ago
5 minutes, average 10%
1 minute, average, 95%
1 second, average, 99%
What is the problem with the edge router?
A.DDoS attack
B.Memory leak
C.Buffer overflow
D.Resource exhaustion
The traffic volume seems to be spiking periodically. If the average utilization is in the high 90s, we run the
risk of a resource exhaustion. The router’s CPU simply can’t handle anymore traffic.
D.Resource exhaustion
Several team members are collaborating on the same project. They bring their code together with an
automation tool that also ensures that it is validated (tested) and tracked through version control. Of the
options below, what most accurately describes this process?
A.Continuous monitoring
B.Continuous validation
C.Continuous integration
D.Continuous delivery
Word “validate” is there to throw you off. Continuous validation has to do with compliance and design
goals. Continuous integration is more focused on multiple developers working in parallel.
a. Constant/automatic detection of security problems and service failures.
b. Automatic compliance testing and frequent checks to ensure it meets design goals.
c. Quickly applying changes, keep track of changes/versions, and constant testing.
d. Consistent testing of infrastructure that supports the app, such as network.
C.Continuous integration
An admin is viewing the company website and see the URL displayed below:
http://security123.com/home/forum.php?sessionID=7261143
The admin copies their URL and sends it a coworker. Then they browse the website through the
following URL:
http:// security123.com/home/forum.php?sessionID=9819813
Which of the following attacks is being tested?
A.Pass-the-hash
B.Cross-site request forgery
C.Session replay
D.Object deference
C.Session replay
A cloud storage server has been brought online that is intended to serve hospitals exclusively. Several
hospitals, all owned by different entities, have begun using this highly secured cloud server. What type of
cloud deployment model matches this type of server?
A.Public
B.Private
C.Community
D.Hybrid
A community cloud is shared by a group of similar organizations that all have similar needs. In this
example, it is a server built only to serve hospitals.
A.Community
A cloud administrator is configuring five compute instances under the same subnet in a VPC. Which of
the following must the administrator configure to meet this requirement?
A.One security group
B.Two security groups
C.Three security groups
D.Five security groups
While it is possible that each instance has its own security group, a single security group can manage
multiple instances. So the minimum requirement is only one group. P. 426
A.One security group
A company lacks the personnel and expertise to secure their new cloud platform. Of the options below,
which could best assist the company with their security needs?
A.MSSP
B.SOAR
C.IaaS
D.PaaS
MSSP = Managed Security Service Provider
A third party organization hired to manage another company’s security.
A.MSSP
An organization has a few severs with end-of-life software running on them. The OS is still receiving
updates, but the software isn't and it can't be migrated to any other system due to compatibility issues.
An admin has developed a resiliency plan that would allow the OS to be patched in a non-production
environment, while also effortlessly making backups of the systems should recovery be necessary. What
resiliency technique will best provide the services described above?
A.Redundancy
B.RAID 1+5
C.Virtual machines
D.Full backups
A long question that attempts to confuse you with excess information! They are trying to describe the
benefits of using virtual machines.
C.Virtual machines
You have been issued a smart card that provides physical access to a building as well as thin clients on
the network utilizing tokens. You see the same desktop each time you log in regardless of which thin
client is used. Which technologies are responsible for these capabilities? (Pick Two)
A.COPE
B.VDI
C.GPS
D.TOTP
E.RFID
F.BYOD
B.VDI
E.RFID
A contractor working for the company updated several applications and plugins on the cloud platform
causing a massive outage. Of the options below, what would best prevent this from happening again?
A.SWG
B.CASB
C.Automated failover
D.Containerization
SWG = Secure Web Gateway. Its an application firewall built to serve cloud applications. While these are
capable of inspecting traffic and filtering out scripting attacks, it is unlikely that the gateway would block
an application from receiving an update.
CASB = Cloud Access Security Broker. This is a proxy server that limits access and enforces access control
for the cloud, on a per user basis. Many CASB’s will include SWG functionality and a CASB could block an
application or plugin from receiving an update.
B.CASB
Of the cloud service models listed below, which would include storage, networking, and servers, but not
applications?
A.DaaS
B.SaaS
C.PaaS
D.IaaS
The primary three cloud SERVICE models:
DaaS = Desktop as a Service – its VDI but through the cloud
D.IaaS
An organization is overwhelmed with the responsibilities tied to safely securing their new online store.
They are looking for a service provider to assist them in this endeavor. What would be the best option in
this situation?
A.SDP
B.AAA
C.IaaS
D.MSSP
E.Microservices
D.MSSP
A company is worried about the complexities of managing hundreds of encryption keys in a multi-cloud
environment. Of the options below, what would grant them centralized control and management over
the keys, while also allowing the integration of preexisting keys?
A.Trusted Platform Module
B.IaaS
C.HSMaaS
D.PaaS
E.Key Management Service
Hardware Security Module as a Service. A cloud provider will manage your encryption keys!
C.HSMaaS
Which of the following describes the ability of code to target a hypervisor from inside a guest OS?
A.Fog computing
B.VM escape
C.Software-defined networking
D.Image forgery
E.Container breakout
B.VM escape
A company has developed their own SaaS product. They need a flexible and transparent management
tool that grants them the ability to control and monitor who uses their product. What could meet the
needs of this company for their new SaaS product?
A.SIEM
B.DLP
C.CASB
D.SWG
CASB (Cloud Access Security Broker) is a software/service that sits between the end user and the cloud
provider.
Flexible management, security, access control… a CASB should be able to handle all of their needs. A
SWG (software web gateway, basically a layer 7 firewall) is going to be more limited in its functions and
will not give them all the flexibility, granular controls, and transparency that they will ultimately require.
C.CASB
A hospital has a new encrypted document management application that allows remote doctors to
securely access patient hospital records. However, the PHI data is being blocked by the hospital's DLP
system. What would be the best way to resolve this issue without unnecessarily compromising the
systems security?
A.Configure the DLP policies to allow all PHI
B.Configure the DLP policies to whitelist this application with the specific PHI
C.Configure the firewall to allow all ports that are used by this application
D.Configure the antivirus software to allow the application.
E.Configure the application to encrypt the PHI
Our goal is to enable the use of the application with as little risk as possible. Whitelisting (allowing) the
PHI data will be required for this to work, and we want to limit the whitelisting to this new application
only.
B.Configure the DLP policies to whitelist this application with the specific PHI
Which is the most accurate?
A.The data owner is responsible for adhering to the rules for using the data, while the data custodian is
responsible for determining the corporate governance regarding the data.
B.The data owner is responsible for determining how the data may be used, while the data custodian is
responsible for implementing the protections to the data.
C.The data owner is responsible for controlling the data, while the data custodian is responsible for
maintaining the chain of custody.
D.The data owner grants the technical permissions for data access, while the data custodian maintains
the database access controls to the data.
The custodian described in (A) is actually the job description of the data steward.
Owner – Management role of data
Stewart – governance/ compliance
Custodian – access controls and security enforcement
Privacy Officer – PII and disclosure
B.The data owner is responsible for determining how the data may be used, while the data custodian is
responsible for implementing the protections to the data.
Without losing the ability to search or fully utilize the data, what is the best protection mechanism for
data stored on cloud-based services?
A.Data encryption
B.Data masking
C.Anonymization
D.Tokenization
Tokenization: A deidentification method where a unique token is substituted for real data. Unlike
masking, it is non-destructive. It is used as a substitute for encryption, because from a regulatory
perspective an encrypted field is the same value as the original data.
D.Tokenization
What would best protect a company from data theft via USB drives or other removable media?
A.Blocking removable-media devices and write capabilities using a host-based security tool
B.Implementing a group policy to block user access to system files
C.Monitor large data transfer transactions in the firewall logs
D.Develop mandatory training to educate employees about the removable media policy
To best protect the company we need a preventative control.
(A)Blocking USBs with a host based tool will achieve the desired results. Good answer!
(B)The majority of files we are protecting are not likely to be specifically “system files”.
(C)This is a detective control and furthermore not possible in most systems, if any.
(D)Training is nice, but a preventative technical control like (A) will be more reliable.
A.Blocking removable-media devices and write capabilities using a host-based security tool
Before a news team takes a tour of the new state-of-the-art office complex, a manager instructs
employees to clean all whiteboards and clear off all of their desks. What threat is the manager most
likely trying to mitigate?
A.Loss of proprietary information
B.Damage to the company's reputation
C.Social engineering
D.Credential exposure
A.Loss of proprietary information
An intelligence organization detects IoC (Indicators of Compromise) coming from several different
companies that use their services. Before the organization can release news of these threats, what are
they obligated to do?
A.Perform attribution to specific APTs and nation-state actors.
B.Anonymize any PII that is observed within the IoC data.
C.Add metadata to track the utilization of threat intelligence reports.
D.Assist companies with impact assessments based on the observed data.
The evidence they collected could be very sensitive and needs to be anonymized before any part of it
can be shared.
B.Anonymize any PII that is observed within the IoC data.
An admin needs to use functional data drawn from the production environment in a new virtual training
environment. What should be done to the data that is drawn from the production environment so that
security and anonymity is maintained when it is used by the training environment?
A.Data minimization
B.Data masking
C.Data deduplication
D.Data encryption
Data masking can mean that part or all of the contents of a field are redacted by substituting strings with
a new value. For example, all patients could have their age masked and the training system only sees
everyone as being 30 years old. Data masking is considered an irreversible deidentification technique,
while tokenization can be undone as needed.
B.Data masking
A company is building a new e-commerce website and has asked an specialist for the most appropriate
way to store credit card numbers to create an easy reordering process. Of the methods outlined below,
which would be best for achieving this goal?
A.Salting the magnetic strip information
B.Encrypting the credit card information in transit
C.Hashing the credit card numbers upon entry
D.Tokenizing the credit cards in the database
D.Tokenizing the credit cards in the database
Several managers have gathered to discuss hypothetical attacks and threats to the company. They
discuss how to respond to the threats based off of previous plans and explore how to handle a dynamic
security breach. What best describes what the managers are doing?
A.Running a simulation exercise
B.Conducting a tabletop exercise
C.Building a disaster recovery plan
D.Developing an incident response plan
A table top exercise involves reviewing the incident response plans so that future responses are faster
and smoother. Furthermore, it gives everyone an opportunity to suggest improvements or changes to
the plan.
B.Conducting a tabletop exercise
To protect business operations during an incident, a manager has asked you to update the execution
prevention rules to stop malware from spreading to critical systems. Which of the following incident
response steps are you being asked to perform?
A.Investigation
B.Lessons learned
C.Containment
D.Recovery
E.Eradication
Incident response process = PICERL
Prepare
Identify
Contain
Eradicate
Recover
Lessons-learned
C.Containment
A technician at the SOC (security operations center) is using a SIEM to aggregate and correlate alert
messages gathered from all across the network. What step of incident response are they most likely
involved in?
A.Eradication
B.Preparation
C.Identification
D.Recovery
Incident response process = PICERL
Prepare
Identify
Contain
Eradicate
Recover
Lessons-learned
C.Identification
Of the plans listed below, which one would help a company's executives determine how to proceed
during an ongoing disaster, such as a global pandemic?
A.An incident response plan
B.A communications plan
C.A disaster recovery plan
D.A business continuity plan
A recovery plan is about recovering after the disaster.
A continuity plan is about increasing resiliency and possibly what to do during a disaster.
D.A business continuity plan
In your growing company, each newly hired salesperson relies on a mobile device to conduct business.
You are wondering if the organization may need to scale down just as quickly as it scaled up. You're also
concerned about the organization's security and customer privacy. Which of the following would be BEST
to address your concerns?
A.Disallow new hires from using mobile devices for six months.
B.Select four devices for the sales department to use in a CYOD model.
C.Implement BYOD for the sales department while leveraging the MDM.
D.Deploy mobile devices using the COPE methodology.
C.Implement BYOD for the sales department while leveraging the MDM.
After an incident was identified, it took more than an hour to quarantine the affected system. This
allowed the malware to spread to additional hosts before it was contained. Which of the following would
be BEST to improve this process?
A.Updating the playbooks with better decisions points.
B.Dividing the network into trusted and untrusted zones.
C.Providing additional end-user training on acceptable use.
D.Implementing manual quarantining of infected hosts.
It sounds like the incident response playbook needs some revision.
A.Updating the playbooks with better decisions points.
During an ongoing attack an admin locks all of the compromised accounts and airgaps all infected hosts.
What step of the incident response process is being described?
A.Preparation
B.Eradication
C.Identification
D.Lessons Learned
E.Containment
F.Recovery
E.Containment
You have been tasked with performing data forensics and need to make an exact copy of a hard drive.
What command could you use to perform this task?
A.Dd
B.Chmod
C.Dnsenum
D.logger
CompTIA says, “on a Linux host you can use the dd command to make a copy of an input file (if=) to an
output file (of=) and apply optional conversions to the file data. In the following sda is the fixed drive: dd
if=/dev/sda of=/mnt/usbstick/backup.img”
Chmod alters permissions for file system objects while Dnsenum is for gathering (enumerating) dns
information. Logger is used to make entries in the system log. It provides a command interface to the
syslog module.
A.Dd
Which will most affect the collection of live forensics data? (Pick two)
A.Data accessibility
B.Right-to-audit clauses
C.Legal hold
D.Value and volatility of data
E.Data retention legislation
F.Cryptographic or hash algorithm
Since the rise of cloud providers, gaining access to the LIVE data has become increasingly difficult. (A)
Data accessibility. Can we get to the data we need to collect?
(D) Value and volatility. How important is the data, and how long will it last before it is erased? Some
types of data are inherently more volatile than others, meaning it needs to be collected quickly or it will
no longer be available
A.Data accessibility
D.Value and volatility of data
What forensics technique must be used to preserve the admissibility of evidence?
A.Order of volatility
B.Data recovery
C.Chain of custody
D.Non-repudiation
In criminal and civil law, the term “chain of custody” refers to the order in which items of evidence have
been handled during the investigation of a case. Proving that an item has been properly handled through
an unbroken chain of custody is required for it to be legally considered as evidence in court.
C.Chain of custody
Somebody managed to capture all of the password hashes from a web server on a company's network.
While performing an investigation, an analyst needs to gain access to the contents of RAM from the
compromised server. Which of the following file types is the analyst looking for?
A.Security
B.Application
C.Dump
D.Syslog
A system memory dump creates an image file that can be analyzed to identify the processes that are
running, the contents of temporary file systems, registry data, network connections, cryptographic keys,
and more. P.471
C.Dump
Mr. LaRusso, the owner of your company, may have had their PC affected by a security incident. A
duplicate copy of his hard drive must be stored securely to follow chain of custody and appropriate
forensic procedure. Which of the following steps should be performed in order to accomplish this goal?
A.Install a new hard drive in his PC, and then remove the old hard drive and place it in a tamper-evident
bag.
B.Connect a write blocker to the hard drive. Then, leveraging a forensic workstation, utilize the dd
command in a live Linux environment to create a duplicate copy.
C.Remove his hard drive from the PC, connect to the forensic workstation, and copy all the contents onto
a remote fileshare while Mr. LaRusso watches.
D.Refrain from completing a forensic analysis of his hard drive until after the incident is confirmed;
duplicating the hard drive at this stage could destroy evidence.
B.Connect a write blocker to the hard drive. Then, leveraging a forensic workstation, utilize the dd
command in a live Linux environment to create a duplicate copy.
After a meeting with an auditor, a manager is putting together a risk register. What best describes a risk
register?
A.To define the level or risk using probability and likelihood
B.To register the risk with the required regulatory agencies
C.To identify the risk, the risk owner, and the risk measures
D.To formally log the type of risk mitigation strategy the organization is using
A risk register will:
•Identify potential risks and their impact/likelihood
•Display the company’s mitigation plan for each risk
•Assign responsibility for the execution of those plans
•Track the status of each plan (complete, in-progress, not started, etc)
(A) isn’t wrong, but (C) is a more complete answer.
C.To identify the risk, the risk owner, and the risk measures
What type of plan would the company use in the event that they completely lost all of their critical
systems and data?
A.Data retention plan
B.Disaster recovery plan
C.Communications plan
D.Incident response plan
They lost everything?
That sounds like a disaster!
B.Disaster recovery plan
A cloud service provider (CSP) outlines in a contract that the customer has the ultimate responsibility of
ensuring the resources and services provided by the CSP are not used for illegal or fraudulent activity.
Which of the risk responses is the CSP demonstrating?
A.Risk avoidance
B.Risk acceptance
C.Risk transference
D.Risk mitigation
Transference: The cloud provider has transferred the risk, and thereby the responsibility for securing the
services, to the customer.
C.Risk transference
After a server failure, it took the cloud provider 120 minutes to bring the system back online. Meanwhile,
an affected company expected the server would be available again within 60 minutes. Of the answers
below, what best illustrates the company's expectation?
A.MTBF
B.RPO
C.MTTR
D.RTO
MTBF = Mean Time Between Failures
RPO = Recovery Point Objective (acceptable amount of data loss)MTTR = Mean Time To Recovery (real
world average time for recovery)
RTO = Recovery Time Objective (goal/expected time for recovery)
D.RTO
Which of the following would document concerns associated with the restoration of IT systems in the
event of a flood, earthquake, or hurricane?
A.Business continuity plan
B.Communications plan
C.Disaster recovery plan
D.Continuity of operations plan
C.Disaster recovery plan
Instead of relying on in-house application security, an organization has decided to outsource their
application security by adopting a SaaS from a CSP (cloud service provider). What type of risk
management has the company performed by implementing this change?
A.Acceptance
B.Transference
C.Avoidance
D.Mitigation
B.Transference
Your company wants to build another office that is expected to cost two million dollars. The town that
this new office will be built in has a history of terrible earthquakes, once every 50 years. The estimated
damage is 50% of the buildings cost. What is the SLE (Single Loss Expectancy)?
A.20,000
B.40,000
C.500,000
D.1,000,000
E.4,000,000
We are given the AV, EF, and ARO. We need to solve for SLE.
(AV) Asset Value - $ 2 million(EF) Exposure Factor - .5 (Half the value, %50)(SLE) Single Lost Expectancy $ 1 Million <-Answer(ARO) Annual Rate of Occurrence - .02 (1 every 50 years)(ALE) Annual Loss
Expectancy - $20,000
EQUATIONS AV x EF = SLE 2 Million * .5 = 1 Million SLE x ARO = ALE (this equation is not needed in this
question)
D.1,000,000
The SLA created with the cloud storage provider outlines the acceptable amount of data loss must be no
greater than one hour in the event of a disaster. What metric is being described in this agreement?
A.DRP
B.RPO
C.RTO
D.MTTR
Recovery Point Objective (RPO) is the acceptable amount of data loss. If the cloud provider was to lose
more than one hour worth of data for any reason, they would be subject to penalties as outlined in the
SLA (service level agreement).
B.RPO
See more
Students also viewed
2022 CompTIA SECURITY+ SY0-601 BEST EXAM STUD…
174 terms
Images
Profile Picture
WieldyStone2
Security+ Cert Exam Objectives SYO-601
786 terms
Profile Picture
jeffrey_baker
Security+ 601 Practice Questions
187 terms
Images
Profile Picture
DrewMyCC
Teacher
Security+ (SY0-601) Acronym List
358 terms
Profile Picture
arthur_lukyanovskiy
Sets found in the same folder
2022 CompTIA SECURITY+ SY0-601 BEST EXAM STUD…
174 terms
Images
Profile Picture
WieldyStone2
Security+ 601
845 terms
Profile Picture
ManInTh3Middl3
Security+ 601 Part 1
195 terms
Profile Picture
Michael_Wilson35
Teacher
Security + SYO 601 Exam Cram
95 terms
Profile Picture
Dlawso11
Other sets by this creator
Quiz 1
17 terms
Profile Picture
Veljulisa
Chapter 11: Secure Network Architecture and S…
37 terms
Profile Picture
Veljulisa
Chapter 10: Physical Security Requirements
30 terms
Profile Picture
Veljulisa
Chapter 9: Security Vulnerabilities, Threats,…
36 terms
Profile Picture
Veljulisa
1/3
About us
About Quizlet
How Quizlet works
Careers
Advertise with us
News
Get the app
For students
Flashcards
Learn
Solutions
Modern Learning Lab
For teachers
Live
Checkpoint
Blog
Be the Change
Resources
Help center
Honor code
Community guidelines
Privacy
Terms
Ad and Cookie Policy
Language
English (USA)
© 2023 Quizlet, Inc.
COPPA Safe Harbor Certification seal
Home
Your library
Expert solutions
Study sets, textbooks, questions
Profile Picture
Upgrade: free 7-day trial
Security + Test Questions
Study
Security + Test Questions
17 studiers recently
5.0 (1 review)
Flashcards
Learn
Test
Match
A user is attempting to navigate to a website from inside the company network using a desktop. When
the user types in the URL, https://www.site.com, the user is presented with a certificate mismatch
warning from the browser. The user does not receive a warning when visiting
http://www.anothersite.com. Which of the following describes this attack?
A. On-path
B. Domain hijacking
C. DNS poisoning
D. Evil twin
C. DNS poisoning
1 / 20
Profile Picture
Created by
stazzonew
Terms in this set (20)
Original
A user is attempting to navigate to a website from inside the company network using a desktop. When
the user types in the URL, https://www.site.com, the user is presented with a certificate mismatch
warning from the browser. The user does not receive a warning when visiting
http://www.anothersite.com. Which of the following describes this attack?
A. On-path
B. Domain hijacking
C. DNS poisoning
D. Evil twin
C. DNS poisoning
Which of the following tools is effective in preventing a user from accessing unauthorized removable
media?
A. USB data blocker
B. Faraday cage
C. Proximity reader
D. Cable lock
A. USB data blocker
A Chief Security Officer is looking for a solution that can provide increased scalability and flexibility for
back-end infrastructure, allowing it to be updated and modified without disruption to services. The
security architect would like the solution selected to reduce the back-end server resources and has
highlighted that session persistence is not important for the applications running on the back-end
servers. Which of the following would BEST meet the requirements?
A. Reverse proxy
B. Automated patch management
C. Snapshots
D. NIC teaming
A. Reverse proxy
Which of the following describes a social engineering technique that seeks to exploit a person's sense of
urgency?
A. A phishing email stating a cash settlement has been awarded but will expire soon
B. A smishing message stating a package is scheduled for pickup
C. A vishing call that requests a donation be made to a local charity
D. A SPIM notification claiming to be undercover law enforcement investigating a cybercrime
A. A phishing email stating a cash settlement has been awarded but will expire soon
A security analyst is reviewing application logs to determine the source of a breach and locates the
following log: https://www.comptia.com/login.php?id='%20or%20'1'1='1Which of the following has
been observed?
A. DLL Injection
B. API attack
C. SQLi
D. XSS
C. SQLi
An audit identified PII being utilized in the development environment of a critical application. The Chief
Privacy Officer (CPO) is adamant that this data must be removed; however, the developers are
concerned that without real data they cannot perform functionality tests and search for specific data.
Which of the following should a security professional implement to BEST satisfy both the CPO's and the
development team's requirements?
A. Data anonymization
B. Data encryption
C. Data masking
D. Data tokenization
A. Data anonymization
A company is implementing a DLP solution on the file server. The file server has PII, financial information,
and health information stored on it. Depending on what type of data that is hosted on the file server, the
company wants different DLP rules assigned to the data. Which of the following should the company do
to help accomplish this goal?
A. Classify the data.
B. Mask the data.
C. Assign the application owner.
D. Perform a risk analysis.
A. Classify the data.
A forensics investigator is examining a number of unauthorized payments that were reported on the
company's website. Some unusual log entries show users received an email for an unwanted mailing list
and clicked on a link to attempt to unsubscribe. One of the users reported the email to the phishing
team, and the forwarded email revealed the link to be:<a
href="https://www.company.com/payto.do?routing=00001111&acct=22223334&amount=250">Click
here to unsubscribe</a>Which of the following will the forensics investigator MOST likely determine has
occurred?
A. SQL injection
B. Broken authentication
C. XSS
D. XSRF
D. XSRF
A report delivered to the Chief Information Security Officer (CISO) shows that some user credentials
could be exfiltrated. The report also indicates that users tend to choose the same credentials on different
systems and applications. Which of the following policies should the CISO use to prevent someone from
using the exfiltrated credentials?
A. MFA
B. Lockout
C. Time-based logins
D. Password history
A. MFA
A company wants to simplify the certificate management process. The company has a single domain
with several dozen subdomains, all of which are publicly accessible on the internet. Which of the
following BEST describes the type of certificate the company should implement?
A. Subject alternative name
B. Wildcard
C. Self-signed
D. Domain validation
B. Wildcard
Which of the following is an effective tool to stop or prevent the exfiltration of data from a network?
A. DLP
B. NIDS
C. TPM
D. FDE
A. DLP
Several attempts have been made to pick the door lock of a secure facility. As a result, the security
engineer has been assigned to implement a stronger preventative access control. Which of the following
would BEST complete the engineer's assignment?
A. Replacing the traditional key with an RFID key
B. Installing and monitoring a camera facing the door
C. Setting motion-sensing lights to illuminate the door on activity
D. Surrounding the property with fencing and gates
A. Replacing the traditional key with an RFID key
Which of the following can be used by a monitoring tool to compare values and detect password leaks
without providing the actual credentials?
A. Hashing
B. Tokenization
C. Masking
D. Encryption
A. Hashing
A security engineer is building a file transfer solution to send files to a business partner. The users would
like to drop off the files in a specific directory and have the server send the file to the business partner.
The connection to the business partner is over the internet and needs to be secure. Which of the
following can be used?
A. S/MIME
B. LDAPS
C. SSH
D. SRTP
C. SSH
An administrator needs to protect user passwords and has been advised to hash the passwords. Which
of the following BEST describes what the administrator is being advised to do?
A. Perform a mathematical operation on the passwords that will convert them into unique strings.
B. Add extra data to the passwords so their length is increased, making them harder to brute force.
C. Store all passwords in the system in a rainbow table that has a centralized location.
D. Enforce the use of one-time passwords that are changed for every login session.
A. Perform a mathematical operation on the passwords that will convert them into unique strings.
Which of the following would be indicative of a hidden audio file found inside of a piece of source code?
A. Steganography
B. Homomorphic encryption
C. Cipher suite
D. Blockchain
A. Steganography
A user enters a username and a password at the login screen for a web portal. A few seconds later the
following message appears on the screen:Please use a combination of numbers, special characters, and
letters in the password field.Which of the following concepts does this message describe?
A. Password complexity
B. Password reuse
C. Password history
D. Password age
A. Password complexity
A company recently experienced an inside attack using a corporate machine that resulted in data
compromise. Analysis indicated an unauthorized change to the software circumvented technological
protection measures. The analyst was tasked with determining the best method to ensure the integrity
of the systems remains intact and local and remote boot attestation can take place. Which of the
following would provide the BEST solution?
A. HIPS
B. FIM
C. TPM
D. DLP
C. TPM
Which of the following is a reason to publish files' hashes?
A. To validate the integrity of the files
B. To verify if the software was digitally signed
C. To use the hash as a software activation key
D. To use the hash as a decryption passphrase
A. To validate the integrity of the files
A security manager has tasked the security operations center with locating all web servers that respond
to an unsecure protocol. Which of the following commands could an analyst run to find the requested
servers?
A. nslookup 10.10.10.0
B. nmap -p 80 10.10.10.0/24
C. pathping 10.10.10.0 -p 80
D. ne -l -p 80
B. nmap -p 80 10.10.10.0/24
Students also viewed
Customer Service 1 - Customer Service Foundat…
40 terms
Profile Picture
flyingtim1
Security+ 501 PassCompTIA
50 terms
Profile Picture
ydapaa
Security + 501 Chapter 4 Identity and Access…
86 terms
Profile Picture
kevin_stephenson5
Jason Dion All quiz questions
26 terms
Profile Picture
Gttennesen
Sets found in the same folder
Sec+ ITE
2 terms
Profile Picture
Kai_Gathers9
Teacher
Security + Set 6
72 terms
Profile Picture
kym9rrp6qv
Teacher
Verified questions
French
Interviewez votre partenaire.
Tu es rest
ˊ
e
ˊ
(e) chez toi samedi matin? Tu es rest
ˊ
e
ˊ
(e) au lit jusqu’
ˋ
a
ˋ
quelle heure? Tu as pris un café? O
ˋ
u
ˋ
est-ce que tu as pris ton petit d
ˊ
e
ˊ
jeuner?
Verified answer
Spanish
A 537 años de su nacimiento, Juan Diego, natural de estas A tuertas, sigue siendo tema de controversia
en el mundo eclesiástico por su historia con la Virgen de Guadalupe; se ha puesto en duda desde la
veracidad de su clarividencia hasta su propio 5 nacaiento. Sin embargo, numerosos estudios
comprueban que Juan Diego no es un personaje Acticio; sino que realmente cxisció
y ha pasado a la historia religiosa como uno de los personajes más aFortunados. Su virtud se reconoce a
tal grado que su Santidad Juan Pablo II le otorgó la condición de santo en el año 2002. 10 El lugar más
probable de su nacimiento fue Cuautitlán. barrio de Tlayacac, en el año 1474; de origen chichimeca,
nuestro personaje se dedicó seguramente a la agricultura, aunque es factible que tambien trabajara en
la alfareria, ia cesteria o similares. Asimismo, es posible que fuera sujeto 15 de la emigración provocada
por un nuevo reparto de tierras conquistadas por los tenochcas alrededor de
1516
,
1516,y que esto, lo llevara a mudarse obligatoria o voluntariamente a Tulpetlac, cerca de Ecatepec,
donde se hallaria al iniciarse la Conquista. 20 Se supone que hacia 1524 Juan Diego fue bautizado, junto
20 con su esposa y dio, y que reabieron, respectivamente, los nombres cristianos Juan Diego, Maria Lucia
y Juan Bernardino. Juan Diego enviudó en 1529, dos años antes de que se le aparecuera la Señora
Inmaculada
y sus vecinos le llamaban "E Peregrino", pues gustaba de caminar a solas, e ir de su lugar 25 de
residencia a Tlatelolco para recibir la catequización y escuchar misa. Una vez pasada la maravillosa
experiencia de platicar con la Señora del Cielo, de ver la imagen estampada en su cilma y construida la
ermita, se dedicó a cuidarla y seguramente a platicar con Ella, asi como a referir el acontecimiento a todo
aquel que quisiera escucharlo
y, en especial, a seguir viviendo santamente. Juan Diego murió en 1548, a los 74 años, "pobre en méritos
humanos, rico en viriud y fama", en su aposento "muy chiquito". de adobe, que tenía junto a la ermita,
como consta
=
= en las Informaciones de 1666. Otra información que confirma la existencia y vida de Juan Diego
proviene de un medallón... La inscripción con letra de oro en campo azul dice asi: "En este lugar se
apareció Nuestra Señora de Guadalupe a un indio Hamado Juan Diego, que está enterrado en esta
iglesia". Desde el punto de vista histórico y de acuerdo con el ingeniero Joel Romero, don Ignacio Manuel
Altamirano trató magistralmente a Juan Diego, cuando le dijo que "el dia que no hubiera Guadalupe ni
Juan Diego, no habría nacionalidad mexicana". Y, agrega el ingeniero Romero, en una entrevista
publicada en Ixtus (1996). "Juan Diego es un modelo de paz interior que todos necesitamos en este
convulso mundo, y su principal hazaña es que estando condenado a la oscuridad. refulge con luz propia a
pesar de la luz guadalupana".
¿Cómo se llama la parada de metro más cercana a la Basílica?
(A) Talismán
(B) Basilica
(C) General Villada
(D) Ricarte
.
Verified answer
English
For each of the following sentences, cross out any word that has an error in capitalization and correctly
write the word above it.
Example 1. We subscribe to the Reader’s
digest
digest
(Digest) and
the
the
(The) Saturday
evening
post
evening post
(Evening Post)
Read "first snow in alsace" by Richard Wilbur.
Verified answer
French
Answer these questions in French. Write complete sentences.
Pourquoi est-ce que Sandrine pense qu'Amina a de la chance?
Verified answer
1/3
About us
About Quizlet
How Quizlet works
Careers
Advertise with us
News
Get the app
For students
Flashcards
Learn
Solutions
Modern Learning Lab
For teachers
Live
Checkpoint
Blog
Be the Change
Resources
Help center
Honor code
Community guidelines
Privacy
Terms
Ad and Cookie Policy
Language
English (USA)
© 2023 Quizlet, Inc.
COPPA Safe Harbor Certification seal
Terms in this set (12)
Original
Start your Preparation for CompTIA SY0-601 and become CompTIA Security+ certified with
www.edusum.com. Here you get online practice tests prepared and approved by CompTIA certified
experts based on their own certification exam experience. Here, you also get the detailed and regularly
updated syllabus for CompTIA SY0-601.
CompTIA SY0-601 practice tests provided by the www.edusum.com is just one of the promising
techniques of preparation for the SY0-601 exam. This CompTIA Security+ practice tests are composed by
a team of experienced professionals. Upgraded Security Plus practice questions will give you the useful
experience of learning for the CompTIA SY0-601 exam. You can gain the CompTIA Security+ certification
on the first go with the help of the SY0-601 practice questions.
If you are planning to prepare for SY0-601 exam, but not sure how hard the exam is and you want to try
out a sample test, you can take our SY0-601 practice test. To help you assess your readiness, we've
developed a set of CompTIA SY0-601 sample questions and assembled them into a free online test exam.
Getting that CompTIA SY0-601 certification is a great first step and these practice tests can help you
toward a better score. Millions of aspirants have become certified with our practice tests. Give your
preparation a new edge with www.edusum.com practice tests.
Effective and dynamic self-preparation is very important for your success in your CompTIA Security+
certification exam. You therefore need to explore all options of preparation that are available to you.
After studying all the resource materials, you still need to go through different practice tests to evaluate
your knowledge base and skill set.
01. Which of the following disaster recovery sites would require the MOST time to get operations back
online?
a) Colocation
b) Cold
c) Hot
d) Warm
b) Cold
02. A Chief Financial Officer (CFO) has been receiving email messages that have suspicious links
embedded from unrecognized senders.
The emails ask the recipient for identity verification. The IT department has not received reports of this
happening to anyone else.
Which of the following is the MOST likely explanation for this behavior?
a) The CFO is the target of a whaling attack.
b) The CFO is the target of identity fraud.
c) The CFO is receiving spam that got past the mail filters.
d) The CFO is experiencing an impersonation attack.
a) The CFO is the target of a whaling attack.
03. Why do vendors provide MD5 values for their software patches?
a) To provide the necessary key for patch activation
b) To allow the downloader to verify the authenticity of the site providing the patch
c) To ensure that auto-updates are enabled for subsequent patch releases
d) To allow the recipient to verify the integrity of the patch prior to installation
d) To allow the recipient to verify the integrity of the patch prior to installation
04. The IT department receives a call one morning about users being unable to access files on the
network shared drives. An IT technician investigates and determines the files became encrypted at 12:00
a.m.
While the files are being recovered from backups, one of the IT supervisors realizes the day is the
birthday of a technician who was fired two months prior.
Which of the following describes what MOST likely occurred?
a) The fired technician placed a logic bomb.
b) The fired technician installed a rootkit on all the affected users' computers.
c) The fired technician installed ransomware on the file server.
d) The fired technician left a network worm on an old work computer.
a) The fired technician placed a logic bomb.
05. You have been asked to provide a virtualized environment. Which of the following makes it possible
for many instances of an operating system to be run on the same machine?
a) API
b) Virtual machine
c) Hypervisor
d) Container
c) Hypervisor
To get preparation tips for CompTIA SY0-601 Exam:
Click Here:
https://sy0-601preparationguide.tumblr.com/
06. Which of the following would be the BEST method to prevent the physical theft of staff laptops at an
open-plan bank location with a high volume of customers each day?
a) Guards at the door
b) Cable locks
c) Visitor logs
d) Cameras
b) Cable locks
07. What is the term given to a framework or model outlining the phases of attack to help security
personnel defend their systems and respond to attacks?
a) Command and control
b) Intrusion kill chain
c) Cyber-incident response
d) CIRT
b) Intrusion kill chain
08. A security manager needed to protect a high-security datacenter, so the manager installed an access
control vestibule that can detect an employee's heartbeat, weight, and badge. Which of the following
did the security manager implement?
a) A physical control
b) A corrective control
c) A compensating control
d) A managerial control
a) A physical control
09. Joe, an employee, knows he is going to be fired in three days. Which of the following
characterizations describes the employee?
a) An insider threat
b) A competitor
c) A hacktivist
d) A state actor
a) An insider threat
10. An organization has a policy in place that states the person who approves firewall controls/changes
cannot be the one implementing the changes.
Which of the following describes this policy?
a) Change management
b) Job rotation
c) Separation of duties
d) Least privilege
c) Separation of duties
Terms in this set (100)
Original
A user is attempting to navigate to a website from inside the company network using a desktop. When
the user types in the URL, https://www.site.com, the user is presented with a certificate mismatch
warning from the browser. The user does not receive a warning when visiting
http://www.anothersite.com. Which of the following describes this attack?
A. On-path
B. Domain hijacking
C. DNS poisoning
D. Evil twin
B. Domain hijacking
Which of the following tools is effective in preventing a user from accessing unauthorized removable
media?
A. USB data blocker
B. Faraday cage
C. Proximity reader
D. Cable lock
A. USB data blocker
A Chief Security Officer is looking for a solution that can provide increased scalability and flexibility for
back-end infrastructure, allowing it to be updated and modified without disruption to services. The
security architect would like the solution selected to reduce the back-end server resources and has
highlighted that session persistence is not important for the applications running on the back-end
servers. Which of the following would BEST meet the requirements?
A. Reverse proxy
B. Automated patch management
C. Snapshots
D. NIC teaming
C. Snapshots
Which of the following describes a social engineering technique that seeks to exploit a person's sense of
urgency?
A. A phishing email stating a cash settlement has been awarded but will expire soon
B. A smishing message stating a package is scheduled for pickup
C. A vishing call that requests a donation be made to a local charity
D. A SPIM notification claiming to be undercover law enforcement investigating a cybercrime
C. A vishing call that requests a donation be made to a local charity
A security analyst is reviewing application logs to determine the source of a breach and locates the
following log: https://www.comptia.com/login.php?id='%20or%20'1'1='1Which of the following has
been observed?
A. DLL Injection
B. API attack
C. SQLi
D. XSS
C. SQLi
An audit identified PII being utilized in the development environment of a critical application. The Chief
Privacy Officer (CPO) is adamant that this data must be removed; however, the developers are
concerned that without real data they cannot perform functionality tests and search for specific data.
Which of the following should a security professional implement to BEST satisfy both the CPO's and the
development team's requirements?
A. Data anonymization
B. Data encryption
C. Data masking
D. Data tokenization
A. Data anonymization
A company is implementing a DLP solution on the file server. The file server has PII, financial information,
and health information stored on it. Depending on what type of data that is hosted on the file server, the
company wants different DLP rules assigned to the data. Which of the following should the company do
to help accomplish this goal?
A. Classify the data.
B. Mask the data.
C. Assign the application owner.
D. Perform a risk analysis.
A. Classify the data.
A forensics investigator is examining a number of unauthorized payments that were reported on the
company's website. Some unusual log entries show users received an email for an unwanted mailing list
and clicked on a link to attempt to unsubscribe. One of the users reported the email to the phishing
team, and the forwarded email revealed the link to be:<a
href="https://www.company.com/payto.do?routing=00001111&acct=22223334&amount=250">Click
here to unsubscribe</a>Which of the following will the forensics investigator MOST likely determine has
occurred?
A. SQL injection
B. Broken authentication
C. XSS
D. XSRF
B. Broken authentication
A report delivered to the Chief Information Security Officer (CISO) shows that some user credentials
could be exfiltrated. The report also indicates that users tend to choose the same credentials on different
systems and applications. Which of the following policies should the CISO use to prevent someone from
using the exfiltrated credentials?
A. MFA
B. Lockout
C. Time-based logins
D. Password history
A. MFA
A company wants to simplify the certificate management process. The company has a single domain
with several dozen subdomains, all of which are publicly accessible on the internet. Which of the
following BEST describes the type of certificate the company should implement?
A. Subject alternative name
B. Wildcard
C. Self-signed
D. Domain validation
B. Wildcard
Which of the following is an effective tool to stop or prevent the exfiltration of data from a network?
A. DLP
B. NIDS
C. TPM
D. FDE
A. DLP
Several attempts have been made to pick the door lock of a secure facility. As a result, the security
engineer has been assigned to implement a stronger preventative access control. Which of the following
would BEST complete the engineer's assignment?
A. Replacing the traditional key with an RFID key
B. Installing and monitoring a camera facing the door
C. Setting motion-sensing lights to illuminate the door on activity
D. Surrounding the property with fencing and gates
A. Replacing the traditional key with an RFID key
Which of the following can be used by a monitoring tool to compare values and detect password leaks
without providing the actual credentials?
A. Hashing
B. Tokenization
C. Masking
D. Encryption
A. Hashing
A security engineer is building a file transfer solution to send files to a business partner. The users would
like to drop off the files in a specific directory and have the server send the file to the business partner.
The connection to the business partner is over the internet and needs to be secure. Which of the
following can be used?
A. S/MIME
B. LDAPS
C. SSH
D. SRTP
C. SSH
An administrator needs to protect user passwords and has been advised to hash the passwords. Which
of the following BEST describes what the administrator is being advised to do?
A. Perform a mathematical operation on the passwords that will convert them into unique strings.
B. Add extra data to the passwords so their length is increased, making them harder to brute force.
C. Store all passwords in the system in a rainbow table that has a centralized location.
D. Enforce the use of one-time passwords that are changed for every login session.
A. Perform a mathematical operation on the passwords that will convert them into unique strings
Which of the following would be indicative of a hidden audio file found inside of a piece of source code?
A. Steganography
B. Homomorphic encryption
C. Cipher suite
D. Blockchain
A. Steganography
A user enters a username and a password at the login screen for a web portal. A few seconds later the
following message appears on the screen:Please use a combination of numbers, special characters, and
letters in the password field.Which of the following concepts does this message describe?
A. Password complexity
B. Password reuse
C. Password history
D. Password age
A. Password complexity
A company recently experienced an inside attack using a corporate machine that resulted in data
compromise. Analysis indicated an unauthorized change to the software circumvented technological
protection measures. The analyst was tasked with determining the best method to ensure the integrity
of the systems remains intact and local and remote boot attestation can take place. Which of the
following would provide the BEST solution?
A. HIPS
B. FIM
C. TPM
D. DLP
C. TPM
Which of the following is a reason to publish files' hashes?
A. To validate the integrity of the files
B. To verify if the software was digitally signed
C. To use the hash as a software activation key
D. To use the hash as a decryption passphrase
A. To validate the integrity of the files
A security manager has tasked the security operations center with locating all web servers that respond
to an unsecure protocol. Which of the following commands could an analyst run to find the requested
servers?
A. nslookup 10.10.10.0
B. nmap -p 80 10.10.10.0/24
C. pathping 10.10.10.0 -p 80
D. ne -l -p 80
B. nmap -p 80 10.10.10.0/24
Which biometric error would allow an unauthorized user to access a system?
A. False acceptance
B. False entrance
C. False rejection
D. False denial
A. False acceptance
A company is auditing the manner in which its European customers' personal information is handled.
Which of the following should the company consult?
A. GDPR
B. ISO
C. NIST
D. PCI DSS
A. GDPR
Which of the following are common VoIP-associated vulnerabilities? (Choose two.)
A. SPIM
B. Vishing
C. Hopping
D. Phishing
E. Credential harvesting
F. Tailgating
A. SPIM B. Vishing
An organization is planning to open other data centers to sustain operations in the event of a natural
disaster. Which of the following considerations would BEST support the organization's resiliency?
A. Geographic dispersal
B. Generator power
C. Fire suppression
D. Facility automation
A. Geographic dispersal
Which of the following describes the exploitation of an interactive process to gain access to restricted
areas?
A. Persistence
B. Buffer overflow
C. Privilege escalation
D. Pharming
C. Privilege escalation
A security engineer is deploying a new wireless network for a company. The company shares office space
with multiple tenants. Which of the following should the engineer configure on the wireless network to
ensure that confidential data is not exposed to unauthorized users?
A. EAP
B. TLS
C. HTTPS
D. AES
D. AES
The Chief Compliance Officer from a bank has approved a background check policy for all new hires.
Which of the following is the policy MOST likely protecting against?
A. Preventing any current employees' siblings from working at the bank to prevent nepotism
B. Hiring an employee who has been convicted of theft to adhere to industry compliance
C. Filtering applicants who have added false information to resumes so they appear better qualified
D. Ensuring no new hires have worked at other banks that may be trying to steal customer information
C. Filtering applicants who have added false information to resumes so they appear better qualified
An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security
policy, all web-server ports except 443 should be disabled.Which of the following can be used to
accomplish this task?
A. Application allow list
B. SWG
C. Host-based firewall
D. VPN
B. SWG
A technician was dispatched to complete repairs on a server in a data center. While locating the server,
the technician entered a restricted area without authorization. Which of the following security controls
would BEST prevent this in the future?
A. Use appropriate signage to mark all areas.
B. Utilize cameras monitored by guards.
C. Implement access control vestibules.
D. Enforce escorts to monitor all visitors.
B. Utilize cameras monitored by guards.
Which of the following would BEST provide a systems administrator with the ability to more efficiently
identify systems and manage permissions and policies based on location, role, and service level?
A. Standard naming conventions
B. Domain services
C. Baseline configurations
D. Diagrams
B. Domain services
Which of the following would detect intrusions at the perimeter of an airport?
A. Signage
B. Fencing
C. Motion sensors
D. Lighting
E. Bollards
E. Bollards
A security analyst is concerned about critical vulnerabilities that have been detected on some
applications running inside containers. Which of the following is theBEST remediation strategy?
A. Update the base container Image and redeploy the environment.
B. Include the containers in the regular patching schedule for servers.
C. Patch each running container individually and test the application.
D. Update the host in which the containers are running.
B. Include the containers in the regular patching schedule for servers.
An organization has decided to purchase an insurance policy because a risk assessment determined that
the cost to remediate the risk is greater than the five- year cost of the insurance policy. The organization
is enabling risk:
A. avoidance.
B. acceptance.
C. mitigation.
D. transference
D. transference
A security analyst receives an alert from the company's SIEM that anomalous activity is coming from a
local source IP address of 192.168.34.26. The ChiefInformation Security Officer asks the analyst to block
the originating source. Several days later, another employee opens an internal ticket stating that
vulnerability scans are no longer being performed properly. The IP address the employee provides is
192.168.34.26. Which of the following describes this type of alert?
A. True negative
B. True positive
C. False positive
D. False negative
C. False positive
A security analyst wants to reference a standard to develop a risk management program. Which of the
following is the BEST source for the analyst to use?
A. SSAE SOC 2
B. ISO 31000
C. NIST CSF
D. GDPR
C. NIST CSF
The Chief Information Security Officer (CISO) requested a report on potential areas of improvement
following a security incident. Which of the following incident response processes is the CISO requesting?
A. Lessons learned
B. Preparation
C. Detection
D. Containment
E. Root cause analysis
A. Lessons learned
A company is providing security awareness training regarding the importance of not forwarding social
media messages from unverified sources. Which of the following risks would this training help to
prevent?
A. Hoaxes
B. SPIMs
C. Identity fraud
D. Credential harvesting
A. Hoaxes
A security analyst is receiving numerous alerts reporting that the response time of an internet-facing
application has been degraded. However, the internal network performance was not degraded. Which of
the following MOST likely explains this behavior?
A. DNS poisoning
B. MAC flooding
C. DDoS attack
D. ARP poisoning
C. DDoS attack
Which of the following will increase cryptographic security?
A. High data entropy
B. Algorithms that require less computing power
C. Longer key longevity
D. Hashing
A. High data entropy
Which of the following statements BEST describes zero-day exploits?
A. When a zero-day exploit is discovered, the system cannot be protected by any means.
B. Zero-day exploits have their own scoring category in CVSS.
C. A zero-day exploit is initially undetectable, and no patch for it exists.
D. Discovering zero-day exploits is always performed via bug bounty programs.
C. A zero-day exploit is initially undetectable, and no patch for it exists.
A company wants to restrict emailing of PHI documents. The company is implementing a DLP solution. In
order to restrict PHI documents, which of the following should be performed FIRST?
A. Retention
B. Governance
C. Classification
D. Change management
C. Classification
A security analyst is investigating some users who are being redirected to a fake website that resembles
www.comptia.org. The following output was found on the naming server of the organization:Which of
the following attacks has taken place?
NAME TYPE DATA
www A 192.168.1.10
server1 A 10.10.1O.1O
server2 A 10.10.10.11
file A 10.10.10.12
A. Domain reputation
B. Domain hijacking
C. Disassociation
D. DNS poisoning
B. Domain hijacking
Which of the following describes the continuous delivery software development methodology?
A. Waterfall
B. Spiral
C. V-shaped
D. Agile
D. Agile
Which of the following is the BEST example of a cost-effective physical control to enforce a USB
removable media restriction policy?
A. Putting security/antitamper tape over USB ports, logging the port numbers, and regularly inspecting
the ports
B. Implementing a GPO that will restrict access to authorized USB removable media and regularly
verifying that it is enforced
C. Placing systems into locked, key-controlled containers with no access to the USB ports
D. Installing an endpoint agent to detect connectivity of USB and removable media
B. Implementing a GPO that will restrict access to authorized USB removable media and regularly
verifying that it is enforced
A company suspects that some corporate accounts were compromised. The number of suspicious logins
from locations not recognized by the users is increasing.Employees who travel need their accounts
protected without the risk of blocking legitimate login requests that may be made over new sign-in
properties. Which of the following security controls can be implemented?
A. Enforce MFA when an account request reaches a risk threshold.
B. Implement geofencing to only allow access from headquarters.
C. Enforce time-based login requests that align with business hours.
D. Shift the access control scheme to a discretionary access control.
A. Enforce MFA when an account request reaches a risk threshold.
An organization wants to participate in threat intelligence information sharing with peer groups. Which
of the following would MOST likely meet the organization's requirement?
A. Perform OSINT investigations.
B. Subscribe to threat intelligence feeds.
C. Submit RFCs.
D. Implement a TAXII server.
D. Implement a TAXII server.
Which of the following is the MOST effective control against zero-day vulnerabilities?
A. Network segmentation
B. Patch management
C. Intrusion prevention system
D. Multiple vulnerability scanners
C. Intrusion prevention system
Which of the following is the GREATEST security concern when outsourcing code development to thirdparty contractors for an internet-facing application?
A. Intellectual property theft
B. Elevated privileges
C. Unknown backdoor
D. Quality assurance
C. Unknown backdoor
An organization has hired a red team to simulate attacks on its security posture. Which of the following
will the blue team do after detecting an IoC?
A. Reimage the impacted workstations.
B. Activate runbooks for incident response.
C. Conduct forensics on the compromised system.
D. Conduct passive reconnaissance to gather information.
C. Conduct forensics on the compromised system.
An amusement park is implementing a biometric system that validates customers' fingerprints to ensure
they are not sharing tickets. The park's owner values customers above all and would prefer customers'
convenience over security. For this reason, which of the following features should the security team
prioritizeFIRST?
A. Low FAR
B. Low efficacy
C. Low FRR
D. Low CER
C. Low FRR
Which of the following organizations sets frameworks and controls for optimal security configuration on
systems?
A. ISO
B. GDPR
C. PCI DSS
D. NIST
D. NIST
An organization discovered files with proprietary financial data have been deleted. The files have been
recovered from backup, but every time the Chief FinancialOfficer logs in to the file server, the same files
are deleted again. No other users are experiencing this issue. Which of the following types of malware is
MOST likely causing this behavior?
A. Logic bomb
B. Cryptomalware
C. Spyware
D. Remote access Trojan
A. Logic bomb
A security analyst has identified malware spreading through the corporate network and has activated the
CSIRT. Which of the following should the analyst doNEXT?
A. Review how the malware was introduced to the network.
B. Attempt to quarantine all infected hosts to limit further spread.
C. Create help desk tickets to get infected systems reimaged.
D. Update all endpoint antivirus solutions with the latest updates.
B. Attempt to quarantine all infected hosts to limit further spread.
During an incident response, an analyst applied rules to all inbound traffic on the border firewall and
implemented ACLs on each critical server. Following an investigation, the company realizes it is still
vulnerable because outbound traffic is not restricted, and the adversary is able to maintain a presence in
the network.In which of the following stages of the Cyber Kill Chain is the adversary currently operating?
A. Reconnaissance
B. Command and control
C. Actions on objective
D. Exploitation
C. Actions on objective
A recent security breach exploited software vulnerabilities in the firewall and within the network
management solution. Which of the following will MOST likely be used to identify when the breach
occurred through each device?
A. SIEM correlation dashboards
B. Firewall syslog event logs
C. Network management solution login audit logs
D. Bandwidth monitors and interface sensors
A. SIEM correlation dashboards
Which of the following is the FIRST environment in which proper, secure coding should be practiced?
A. Stage
B. Development
C. Production
D. Test
A. Stage
A cloud service provider has created an environment where customers can connect existing local
networks to the cloud for additional computing resources and block internal HR applications from
reaching the cloud. Which of the following cloud models is being used?
A. Public
B. Community
C. Hybrid
D. Private
C. Hybrid
An organization has developed an application that needs a patch to fix a critical vulnerability. In which of
the following environments should the patch be deployed LAST?
A. Test
B. Staging
C. Development
D. Production
C. Development
An organization is building backup server rooms in geographically diverse locations. The Chief
Information Security Officer implemented a requirement on the project that states the new hardware
cannot be susceptible to the same vulnerabilities in the existing server room. Which of the following
should the systems engineer consider?
A. Purchasing hardware from different vendors
B. Migrating workloads to public cloud infrastructure
C. Implementing a robust patch management solution
D. Designing new detective security controls
B. Migrating workloads to public cloud infrastructure
A security analyst is working on a project to implement a solution that monitors network
communications and provides alerts when abnormal behavior is detected.Which of the following is the
security analyst MOST likely implementing?
A. Vulnerability scans
B. User behavior analysis
C. Security orchestration, automation, and response
D. Threat hunting
B. User behavior analysis
Data exfiltration analysis indicates that an attacker managed to download system configuration notes
from a web server. The web-server logs have been deleted, but analysts have determined that the
system configuration notes were stored in the database administrator's folder on the web server. Which
of the following attacks explains what occurred? (Choose two.)
A. Pass-the-hash
B. Directory traversal
C. SQL injection
D. Privilege escalation
E. Cross-site scripting
F. Request forgery
B. Directory traversal D. Privilege escalation
A junior security analyst is conducting an analysis after passwords were changed on multiple accounts
without users' interaction. The SIEM have multiple login entries with the following text: suspicious event
- user: scheduledtasks successfully authenticate on AD on abnormal time suspicious event - user:
scheduledtasks failed to execute c:\weekly_checkups\amazing-3rdparty-domain-assessment.py
suspicious event - user: scheduledtasks failed to execute c:\weekly_checkups\secureyourAD-3rdpartycompliance.sh suspicious event - user: scheduledtasks successfully executed
c:\weekly_checkups\amazing-3rdparty-domain-assessment.pyWhich of the following is the MOST likely
attack conducted on the environment?
A. Malicious script
B. Privilege escalation
C. Domain hijacking
D. DNS poisoning
A. Malicious script
A customer service representative reported an unusual text message that was sent to the help desk. The
message contained an unrecognized invoice number with a large balance due and a link to click for more
details. Which of the following BEST describes this technique?
A. Vishing
B. Whaling
C. Phishing
D. Smishing
D. Smishing
Which of the following actions would be recommended to improve an incident response process?
A. Train the team to identify the difference between events and incidents.
B. Modify access so the IT team has full access to the compromised assets.
C. Contact the authorities if a cybercrime is suspected.
D. Restrict communication surrounding the response to the IT team.
A. Train the team to identify the difference between events and incidents.
A cybersecurity administrator needs to implement a Layer 7 security control on a network and block
potential attacks. Which of the following can block an attack at Layer 7? (Choose two.)
A. HIDS
B. NIPS
C. HSM
D. WAF
E. NAC
F. NIDS
B. NIPS D. WAF
A business operations manager is concerned that a PC that is critical to business operations will have a
costly hardware failure soon. The manager is looking for options to continue business operations without
incurring large costs. Which of the following would mitigate the manager's concerns?
A. Implement a full system upgrade.
B. Perform a physical-to-virtual migration.
C. Install uninterruptible power supplies.
D. Purchase cybersecurity insurance.
B. Perform a physical-to-virtual migration.
An organization has activated an incident response plan due to a malware outbreak on its network. The
organization has brought in a forensics team that has identified an internet-facing Windows server as the
likely point of initial compromise. The malware family that was detected is known to be distributed by
manually logging on to servers and running the malicious code. Which of the following actions would be
BEST to prevent reinfection from the infection vector?
A. Prevent connections over TFTP from the internal network.
B. Create a firewall rule that blocks a 22 from the internet to the server.
C. Disable file sharing over port 445 to the server.
D. Block port 3389 inbound from untrusted networks.
C. Disable file sharing over port 445 to the server.
Which of the following uses SAML for authentication?
A. TOTP
B. Federation
C. Kerberos
D. HOTP
B. Federation
The SOC for a large MSSP is meeting to discuss the lessons learned from a recent incident that took
much too long to resolve. This type of incident has become more common in recent weeks and is
consuming large amounts of the analysts' time due to manual tasks being performed. Which of the
following solutions should the SOC consider to BEST improve its response time?
A. Configure a NIDS appliance using a Switched Port Analyzer.
B. Collect OSINT and catalog the artifacts in a central repository.
C. Implement a SOAR with customizable playbooks.
D. Install a SIEM with community-driven threat intelligence.
C. Implement a SOAR with customizable playbooks.
Business partners are working on a security mechanism to validate transactions securely. The
requirement is for one company to be responsible for deploying a trusted solution that will register and
issue artifacts used to sign, encrypt, and decrypt transaction files. Which of the following is the BEST
solution to adopt?
A. PKI
B. Blockchain
C. SAML
D. OAuth
A. PKI
A security analyst has been asked by the Chief Information Security Officer to:✑ develop a secure
method of providing centralized management of infrastructure✑ reduce the need to constantly replace
aging end user machines✑ provide a consistent user desktop experienceWhich of the following BEST
meets these requirements?
A. BYOD
B. Mobile device management
C. VDI
D. Containerization
C. VDI
Which of the following terms describes a broad range of information that is sensitive to a specific
organization?
A. Public
B. Top secret
C. Proprietary
D. Open-source
C. Proprietary
A Chief Security Officer (CSO) is concerned that cloud-based services are not adequately protected from
advanced threats and malware. The CSO believes there is a high risk that a data breach could occur in
the near future due to the lack of detective and preventive controls. Which of the following should be
implemented to BEST address the CSO's concerns? (Choose two.)
A. A WAF
B. A CASB
C. An NG-SWG
D. Segmentation
E. Encryption
F. Containerization
C. An NG-SWG D. Segmentation
An organization is planning to roll out a new mobile device policy and issue each employee a new laptop.
These laptops would access the users' corporate operating system remotely and allow them to use the
laptops for purposes outside of their job roles. Which of the following deployment models is being
utilized?
A. MDM and application management
B. BYOD and containers
C. COPE and VDI
D. CYOD and VMs
B. BYOD and containers
Certain users are reporting their accounts are being used to send unauthorized emails and conduct
suspicious activities. After further investigation, a security analyst notices the following:✑ All users share
workstations throughout the day.✑ Endpoint protection was disabled on several workstations
throughout the network.✑ Travel times on logins from the affected users are impossible.✑ Sensitive
data is being uploaded to external sites. All user account passwords were forced to be reset and the
issue continued. Which of the following attacks is being used to compromise the user accounts?
A. Brute-force
B. Keylogger
C. Dictionary
D. Rainbow
B. Keylogger
A security forensics analyst is examining a virtual server. The analyst wants to preserve the present state
of the virtual server, including memory contents. Which of the following backup types should be used?
A. Snapshot
B. Differential
C. Cloud
D. Full
E. Incremental
A. Snapshot
After returning from a conference, a user's laptop has been operating slower than normal and
overheating, and the fans have been running constantly. During the diagnosis process, an unknown piece
of hardware is found connected to the laptop's motherboard. Which of the following attack vectors was
exploited to install the hardware?
A. Removable media
B. Spear phishing
C. Supply chain
D. Direct access
A. Removable media
After a recent security breach, a security analyst reports that several administrative usernames and
passwords are being sent via cleartext across the network to access network devices over port 23. Which
of the following should be implemented so all credentials sent over the network are encrypted when
remotely accessing and configuring network devices?
A. SSH
B. SNMPv3
C. SFTP
D. Telnet
E. FTP
A. SSH
Which of the following provides a calculated value for known vulnerabilities so organizations can
prioritize mitigation steps?
A. CVSS
B. SIEM
C. SOAR
D. CVE
A. CVSS
Several universities are participating in a collaborative research project and need to share compute and
storage resources. Which of the following cloud deployment strategies would BEST meet this need?
A. Community
B. Private
C. Public
D. Hybrid
A. Community
A forensic analyst needs to prove that data has not been tampered with since it was collected. Which of
the following methods will the analyst MOST likely use?
A. Look for tampering on the evidence collection bag.
B. Encrypt the collected data using asymmetric encryption.
C. Ensure proper procedures for chain of custody are being followed.
D. Calculate the checksum using a hashing algorithm.
D. Calculate the checksum using a hashing algorithm.
Multiple business accounts were compromised a few days after a public website had its credentials
database leaked on the Internet. No business emails were identified in the breach, but the security team
thinks that the list of passwords exposed was later used to compromise business accounts. Which of the
following would mitigate the issue?
A. Complexity requirements
B. Password history
C. Acceptable use policy
D. Shared accounts
B. Password history
A security analyst wants to fingerprint a web server. Which of the following tools will the security analyst
MOST likely use to accomplish this task?
A. nmap -pl-65535 192.168.0.10
B. dig 192.168.0.10
C. curl --head http://192.168.0.10
D. ping 192.168.0.10
C. curl --head http://192.168.0.10
A penetration tester was able to compromise an internal server and is now trying to pivot the current
session in a network lateral movement. Which of the following tools, if available on the server, will
provide the MOST useful information for the next assessment step?
A. Autopsy
B. Cuckoo
C. Memdump
D. Nmap
A. Autopsy
Field workers in an organization are issued mobile phones on a daily basis. All the work is performed
within one city, and the mobile phones are not used for any purpose other than work. The organization
does not want these phones used for personal purposes. The organization would like to issue the phones
to workers as permanent devices so the phones do not need to be reissued every day. Given the
conditions described, which of the following technologies would BEST meet these requirements?
A. Geofencing
B. Mobile device management
C. Containerization
D. Remote wiping
B. Mobile device management
Which of the following control types is focused primarily on reducing risk before an incident occurs?
A. Preventive
B. Deterrent
C. Corrective
D. Detective
A. Preventive
A systems administrator reports degraded performance on a virtual server. The administrator increases
the virtual memory allocation, which improves conditions, but performance degrades again after a few
days. The administrator runs an analysis tool and sees the following output:==3214== timeAttend.exe
analyzed==3214== ERROR SUMMARY:==3214== malloc/free: in use at exit: 4608 bytes in 18
blocks.==3214== checked 82116 bytes==3214== definitely lost: 4608 bytes in 18 blocks.The
administrator terminates the timeAttend.exe, observes system performance over the next few days, and
notices that the system performance does not degrade. Which of the following issues is MOST likely
occurring?
A. DLL injection
B. API attack
C. Buffer overflow
D. Memory leak
D. Memory leak
An administrator is experiencing issues when trying to upload a support file to a vendor. A pop-up
message reveals that a payment card number was found in the file, and the file upload was blocked.
Which of the following controls is most likely causing this issue and should be checked FIRST?
A. DLP
B. Firewall rule
C. Content filter
D. MDM
E. Application allow list
A. DLP
Which of the following risk management strategies would an organization use to maintain a legacy
system with known risks for operational purposes?
A. Acceptance
B. Transference
C. Avoidance
D. Mitigation
A. Acceptance
Which of the following is the BEST action to foster a consistent and auditable incident response process?
A. Incent new hires to constantly update the document with external knowledge.
B. Publish the document in a central repository that is easily accessible to the organization.
C. Restrict eligibility to comment on the process to subject matter experts of each IT silo.
D. Rotate CIRT members to foster a shared responsibility model in the organization.
D. Rotate CIRT members to foster a shared responsibility model in the organization.
During a recent penetration test, the tester discovers large amounts of data were exfiltrated over the
course of 12 months via the internet. The penetration tester stops the test to inform the client of the
findings. Which of the following should be the client's NEXT step to mitigate the issue?
A. Conduct a full vulnerability scan to identify possible vulnerabilities.
B. Perform containment on the critical servers and resources.
C. Review the firewall and identify the source of the active connection.
D. Disconnect the entire infrastructure from the internet.
B. Perform containment on the critical servers and resources.
A security analyst is designing the appropriate controls to limit unauthorized access to a physical site.
The analyst has a directive to utilize the lowest possible budget. Which of the following would BEST meet
the requirements?
A. Preventive controls
B. Compensating controls
C. Deterrent controls
D. Detective controls
D. Detective controls
A company is looking to migrate some servers to the cloud to minimize its technology footprint. The
company has 100 databases that are on premises. Which of the following solutions will require the
LEAST management and support from the company?
A. SaaS
B. IaaS
C. PaaS
D. SDN
A. SaaS
Which of the following employee roles is responsible for protecting an organization's collected personal
information?
A. CTO
B. DPO
C. CEO
D. DBA
B. DPO
Against the recommendation of the IT security analyst, a company set all user passwords on a server as
`P@55w0rD`. Upon review of the /etc/passwd file, an attacker found the following:
alice:a8df3b6c4fd75f0617431fd248f35191df8d237f
bob:2d250c5b2976b03d757f324ebd59340df96aa05e
chris:ea981ec3285421d014108089f3f3f997ce0f4150Which of the following BEST explains why the
encrypted passwords do not match?
A. Perfect forward secrecy
B. Key stretching
C. Salting
D. Hashing
C. Salting
After gaining access to a dual-homed (i.e., wired and wireless) multifunction device by exploiting a
vulnerability in the device's firmware, a penetration tester then gains shell access on another networked
asset. This technique is an example of:
A. privilege escalation.
B. footprinting.
C. persistence.
D. pivoting.
D. pivoting.
Which of the following should be monitored by threat intelligence researchers who search for leaked
credentials?
A. Common Weakness Enumeration
B. OSINT
C. Dark web
D. Vulnerability databases
C. Dark web
A security analyst needs to be able to search and correlate logs from multiple sources in a single tool.
Which of the following would BEST allow a security analyst to have this ability?
A. SOAR
B. SIEM
C. Log collectors
D. Network-attached storage
B. SIEM
A security analyst is investigating suspicious traffic on the web server located at IP address 10.10.1.1. A
search of the WAF logs reveals the following output:Which of the following is MOST likely occurring?
SOURCE IP DESTINATION IP REQUESTED URL ACTION TAKEN
172.16.1.3 10.10.1.1 /web/cgi-bin/contact?
A. XSS attack
B. SQLi attack
C. Replay attack
D. XSRF attack
B. SQLi attack
Which of the following components can be used to consolidate and forward inbound internet traffic to
multiple cloud environments though a single firewall?
A. Transit gateway
B. Cloud hot site
C. Edge computing
D. DNS sinkhole
A. Transit gateway
Home
Your library
Expert solutions
Study sets, textbooks, questions
Profile Picture
Upgrade: free 7-day trial
Security+ SY0-601 Certification Practice Exam
Study
Other
Computer Skills
Security+ SY0-601 Certification Practice Exam
9 studiers today
Leave the first rating
Flashcards
Learn
Test
Match
Which of the following is an important aspect of evidence-gathering?
Back up all log files and audit trails.
Purge transaction logs.
Restore damaged data from backup media.
Monitor user access to compromised systems.
Back up all log files and audit trails.
1 / 89
Profile Picture
Created by
Paladin_Rhyne
Terms in this set (89)
Original
Which of the following is an important aspect of evidence-gathering?
Back up all log files and audit trails.
Purge transaction logs.
Restore damaged data from backup media.
Monitor user access to compromised systems.
Back up all log files and audit trails.
Which of the following items would be implemented at the Network layer of the security model?
Wireless networks
Network plans
Firewalls using ACLs
Penetration testing
Penetration testing
Prepare to Document means establishing the process you will use to document your network.
Which of the following makes this documentation more useful?
Identify the choke points on the network.
Automate administration as much as possible.
Identify who is responsible for each device.
Have a printed hard copy kept in a secure location.
Have a printed hard copy kept in a secure location.
You assign access permissions so that users can only access the resources required to accomplish their
specific work tasks. Which security principle are you complying with?
Cross-training
Job rotation
Need to know
Principle of least privilege
Principle of least privilege
A recreation of historical events is made possible through which of the following?
Incident reports
Audits
Audit trails
Penetration testing
Audit trails
An attacker uses an exploit to push a modified hosts file to client systems. This hosts file redirects traffic
from legitimate tax preparation sites to malicious sites to gather personal and financial information.
Which kind of exploit has been used in this scenario?
Man-in-the-middle
Reconnaissance
DNS poisoning
Domain name kiting
DNS poisoning
When you inform an employee that he or she is being terminated, which of the following is the most
important activity?
Disable his or her network access
Allow him or her to collect their personal items
Allow him or her to complete their current work projects
Give him or her two weeks' notice
Disable his or her network access
Which protocol does HTTPS use to offer greater security in web transactions?
Kerberos
IPsec
SSL
Telnet
SSL
How often should change-control management be implemented?
Any time a production system is altered.
At regular intervals throughout the year.
Only when changes are made that affect senior management.
Only when a production system is altered greatly.
Any time a production system is altered.
A user copies files from her desktop computer to a USB flash device and puts the device into her pocket.
Which of the following security risks is most pressing?
Non-repudiation
Confidentiality
Availability
Integrity
Confidentiality
Which ISO publication lays out guidelines for selecting and implementing security controls?
31000
27002
27701
27001
27002
You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note
with your password written on it. Which of the following types of non-technical password attacks have
you enabled?
Social engineering
Dumpster diving
Shoulder surfing
Password guessing
Dumpster diving
Which of the following functions does a single quote (') perform in an SQL injection?
Indicates that everything after the single quote is a comment
Indicates that the comment has ended and data is being entered
Indicates that code is ending and a comment is being entered
Indicates that data has ended and a command is beginning
Indicates that data has ended and a command is beginning
You have detected and identified a security event. What's the first step you should complete?
Isolation
Segmentation
Playbook
Containment
Containment
Which access control model is based on assigning attributes to objects and using Boolean logic to grant
access based on the attributes of the subject?
Mandatory Access Control (MAC)
Role-Based Access Control (RBAC)
Attribute-Based Access Control (ABAC)
Rule-Based Access Control
Attribute-Based Access Control (ABAC)
Which of the following types of auditing verifies that systems are utilized appropriately and in
accordance with written organizational policies?
Financial audit
PoLP
Internal audit
Usage audit
Usage audit
Which EAP implementation is MOST secure?
EAP-MD5
LEAP
EAP-FAST
EAP-TLS
EAP-TLS
Extensible Authentication Protocol - Transport Layer Security
Which type of reconnaissance is dumpster diving?
Active
Passive
Packet sniffing
OSINT
Passive
no active modification/querying is involved
You have been hired as part of the team that manages an organization's network defense.
Which security team are you working on?
Red
White
Blue
Purple
Blue
What is the average number of times that a specific risk is likely to be realized in a single year?
Estimated maximum downtime
Annualized rate of occurrence
Exposure factor
Annualized loss expectancy
Annualized rate of occurrence
Your LDAP directory-services solution uses simple authentication. What should you always do when
using simple authentication?
Use IPsec and certificates
Use SSL
Use Kerberos
Add SASL and use TLS
Use SSL
A wireless access point configured to use Wired Equivalent Privacy (WEP) is an example of which kind of
vulnerability?
Unpatched software
Default settings
Zero-day exploit
Weak security configurations
Weak security configurations
You manage an Active Directory domain. All users in the domain have a standard set of internet options
configured by a GPO linked to the domain, but you want users in the Administrators OU to have a
different set of internet options.
What should you do?
Create a GPO computer policy for the Administrators OU.
Create a GPO user policy for the Administrators OU.
Create a Local Group Policy on the computers used by members of the Administrators OU.
Create a GPO user policy for the domain.
Create a GPO user policy for the Administrators OU.
What is the most obvious means of providing non-repudiation in a cryptography system?
Digital signatures
Shared secret keys
Public keys
Hashing values
Digital signatures
SSL (Secure Sockets Layer) operates at which layer of the OSI model?
Session
Application
Transport
Presentation
Session
What is the purpose of audit trails?
To detect security-violating events.
To restore systems to normal operations.
To correct system problems.
To prevent security breaches.
To detect security-violating events.
Most equipment is cooled by bringing cold air in the front and ducting the heat out of the back. What is
the term for where the heat is sent in this type of scenario?
Hot aisle
Cold aisle
Front aisle
Back aisle
Hot aisle
Which of the following happens by default when you create a new ACL on a router?
All traffic is blocked.
All traffic is permitted.
The ACL is ignored until applied.
ACLs are not created on a router.
All traffic is blocked.
Which of the following terms is used to describe an event in which a person who should be allowed
access is denied access to a system?
False negative
Error rate
False positive
False acceptance
False negative
Which of the following drive configurations is fault tolerant?
Disk striping
RAID 5
Expanded volume set
RAID 0
RAID 5
Which of the following terms describes the actual time required to successfully recover operations in the
event of an incident?
Recovery point objective (RPO)
Mean time to repair (MTTR)
Recovery time objective (RTO)
Maximum tolerable downtime (MTD)
Recovery time objective (RTO)
!= or <> refers to Not Equal in which scripting language?
Bash
PuTTY
Python
PowerShell
Python
You want to identify traffic that is generated and sent through a network by a specific application
running on a device.
Which tool should you use?
Certifier
Protocol analyzer
Multimeter
Toner probe
TDR
Protocol analyzer
You want to identify all devices on a network along with a list of open ports on those devices. You want
the results displayed in a graphical diagram. Which tool should you use?
OVAL
Network mapper
Port scanner
Ping scanner
Network mapper
After a security event that involves a breach of physical security, what is the term used for the new
measures, incident review, and repairs meant to stop a future incident from occurring?
Detection
Recovery
Prevention
Data breach
Recovery
A relatively new employee in the data entry cubical farm was assigned a user account similar to the
other data entry employees' accounts. However, audit logs have shown that this user account has been
used to change ACLs on several confidential files and has accessed data in restricted areas.
This situation indicates which of the following has occurred?
Physical security
Social engineering
External attack
Privilege escalation
Privilege escalation
Which of the following is the BEST example of the principle of least privilege?
Lenny has been given access to files that he does not need for his job.
Wanda has been given access to the files that she needs for her job.
Jill has been given access to all of the files on one server.
Mary has been given access to all of the file servers.
Wanda has been given access to the files that she needs for her job.
In which phase of an attack does the attacker gather information about the target?
Reconnaissance
Exploit the system
Breach the system
Escalating privileges
Reconnaissance
When you dispose of a computer or sell used hardware, it is crucial that none of the data on the hard
disks can be recovered.
Which of the following actions can you take to ensure that no data is recoverable?
Damage the hard disks so badly that all data remanence is gone.
Encrypt all data on the hard disks.
Reformat all the hard disks in the computer.
Delete all files from all the hard disks in the computer.
Damage the hard disks so badly that all data remanence is gone.
As a security analyst, you are looking for a platform to compile all your security data generated by
different endpoints. Which tool would you use?
MAM
SOAR
GDPR
MDM
SOAR
a platform to compile security data generated by different security endpoints
Which of the following password attacks uses preconfigured matrices of hashed dictionary words?
Rainbow table attack
Hybrid attack
Dictionary attack
Brute-force attack
Rainbow table attack
Users in the sales department perform many of their daily tasks, such as emailing and creating sales
presentations, on their personal tablets.
The chief information officer worries that one of these users might also use their tablet to steal sensitive
information from the organization's network. Your job is to implement a solution that prevents insiders
from accessing sensitive information stored on the organization's network from their personal devices
while still giving them access to the internet.
Which of the following should you implement?
A guest wireless network that is isolated from your organization's production network
A mobile device management (MDM) infrastructure
A Network Access Control (NAC) solution
An Acceptable Use Policy (AUP)
A guest wireless network that is isolated from your organization's production network
What does the netstat -a command show?
All connected hosts
All listening sockets
All listening and non-listening sockets
All network users
All listening and non-listening sockets
Which of the following is a network virtualization solution provided by Microsoft?
VirtualBox
Hyper-V
VMware
Citrix
Hyper-V
Change control should be used to oversee and manage changes over which aspect of an organization?
IT hardware and software
Physical environment
Personnel and policies
Every aspect
Every aspect
If an SMTP server is not properly and securely configured, it can be hijacked and used maliciously as an
SMTP relay agent. Which activity could result if this happens?
Salami attack
Spamming
Virus hoax
Data diddling
Spamming
Which of the following BEST describes zero-trust security?
Only devices that pass authentication are trusted.
Only devices that pass authorization are trusted.
Only devices that pass both authentication and authorization are trusted.
All devices are trusted.
Only devices that pass both authentication and authorization are trusted.
Your organization is having a third party come in and perform an audit on the financial records. You want
to ensure that the auditor has access to the data they need while keeping the customers' data secure. To
accomplish this goal, you plan to implement a mask that replaces the client names and account numbers
with fictional data.
Which masking method are you implementing?
Dynamic
Encryption
Static
Tokenization
Dynamic
Which of the following can be classified as a stream cipher?
Blowfish
AES
Twofish
RC4
RC4
Which security mechanism uses a unique list that meets the following specifications:
The list is embedded directly in the object itself.
The list defines which subjects have access to certain objects.
The list specifies the level or type of access allowed to certain objects.
Conditional access
Hashing
User ACL
Mandatory access control
User ACL
You are part of a committee that is meeting to define how Network Access Control (NAC) should be
implemented in the organization. Which step in the NAC process is this?
Define
Plan
Review
Apply
Plan
The government and military use the following information classification system:UnclassifiedSensitive
But UnclassifiedConfidentialSecretTop SecretDrag each classification on the left to the appropriate
description on the right.
Drag
UnclassifiedSensitive But Unclassified
Confidential
SecretTop Secret
Drop
The lowest level of classified information used by the military. Release of this information could cause
damage to military efforts.
If this information is released, it poses grave consequences to national security.
This information can be accessed by the public and poses no security threat.
If this information is disclosed, it could cause some harm, but not a national disaster
If this information is disclosed, it could cause severe and permanent damage to military actions.
The lowest level of classified information used by the military. Release of this information could cause
damage to military efforts.
Confidential
If this information is released, it poses grave consequences to national security.
Top Secret
This information can be accessed by the public and poses no security threat.
Unclassified
If this information is disclosed, it could cause some harm, but not a national disaster.
Sensitive But Unclassified
If this information is disclosed, it could cause severe and permanent damage to military actions.
Secret
Some users report that frequent system crashes have started happening on their workstations. Upon
further investigation, you notice that these users all have the same application installed that has been
recently updated. Where would you go to conduct a root cause analysis?
Security log
Network log
Application log
Firewall log
Application log
Which of the following is a common social engineering attack?
Using a sniffer to capture network traffic
Distributing false information about an organization's financial status
Distributing hoax virus-information emails
Logging on with stolen credentials
Distributing hoax virus-information emails
Which of the following is a disadvantage of software defined networking (SDN)?
SDN creates centralized management.
SDN standards are still being developed.
SDN facilitates communication between hardware from different vendors.
SDN gathers network information and statistics.
SDN standards are still being developed.
Which of the following sends unsolicited business cards and messages to a Bluetooth device?
Slamming
Bluejacking
Bluebugging
Bluesnarfing
Bluejacking
You have physically added a wireless access point to your network and installed a wireless networking
card in two laptops that run Windows. Neither laptop can find the network. You have come to the
conclusion that you must manually configure the access point (AP).
Which of the following values uniquely identifies the network AP?
SSID
Channel
WEP
PS
SSID
You are running a packet sniffer on your workstation so you can identify the types of traffic on your
network. You expect to see all the traffic on the network, but the packet sniffer only seems to be
capturing frames that are addressed to the network interface on your workstation.
Which of the following must you configure in order to see all of the network traffic?
Configure the network interface to use promiscuous mode.
Configure the network interface to use port mirroring mode.
Configure the network interface to enable logging.
Configure the network interface to use protocol analysis mode.
Configure the network interface to use promiscuous mode.
Which of the following best describes shoulder surfing?
Guessing someone's password because it is so common or simple.
Someone nearby watching you enter your password on your computer and recording it.
Giving someone you trust your username and account password.
Finding someone's password in the trash can and using it to access their account.
Someone nearby watching you enter your password on your computer and recording it.
A type of malware that prevents the system from being used until the victim pays the attacker money is
known as what?
Fileless virus
Remote Access Trojan (RAT)
Ransomware
Denial-of-service attack (DoS attack)
Ransomware
Which of the following cloud storage access services acts as a gatekeeper, extending an organization's
security policies into the cloud storage infrastructure?
A web service application programming interface
A cloud storage gateway
A cloud-access security broker
A co-located cloud computer service
A cloud-access security broker
Which of the following are often identified as the three main goals of security? (Select three.)
Assets
Confidentiality
Availability
Policies
Integrity
Employees
Non-repudiation
Confidentiality
Availability
Integrity
Which of the following lets you make phone calls over a packet-switched network?
VoIP
SCADA
FPGA
RTOS
VoIP
In which phase of the Microsoft Intune application life cycle would you assign an app to users and/or
devices you manage and monitor them on the Azure portal?
Configure
Protect
Deploy
Add
Deploy
An attacker is attempting to crack a system's password by matching the password hash to a hash in a
large table of hashes he or she has.
Which type of attack is the attacker using?
Brute force
Rainbow
RIPEMD
Cracking
Rainbow
Which of the following can make passwords useless on a router?
Using the MD5 hashing algorithm to encrypt the password
Not controlling physical access to the router
Storing the router configuration file in a secure location
Using SSH to remotely connect to a router
Not controlling physical access to the router
What is the primary security feature that can be designed into a network's infrastructure to protect and
support availability?
Redundancy
Switches instead of hubs
Periodic backups
Fiber optic cables
Redundancy
Which of the following is an example of privilege escalation?
Separation of duties
Privilege creep
Mandatory vacations
Principle of least privilege
Privilege creep
Which of the following is an example of protocol-based network virtualization?
VFA
VMM
vSwitch
VLAN
VLAN
Which of the following are characteristics of a circuit-level gateway? (Select two.)
Stateless
Filters based on sessions
Filters IP address and port
Stateful
Filters based on URL
Stateful
Filters based on sessions
You want to know which protocols are being used on your network. You'd like to monitor network traffic
and sort traffic by protocol.
Which tool should you use?
Port scanner
Packet sniffer
IPS
Throughput tester
IDS
Packet sniffer
Which of the following are backed up during an incremental backup?
Only files that have changed since the last full backup.
Only files that have changed since the last full or differential backup.
Only files that have changed since the last full or incremental backup.
Only files that are new since the last full or incremental backup.
Only files that have changed since the last full or incremental backup.
Which of the following standards relates to the use of credit cards?
PCI DSS
PoLP
Financial audit
SOX
PCI DSS
A collection of zombie computers have been set up to collect personal information. Which type of
malware do the zombie computers represent?
Trojan horse
Logic bomb
Spyware
Botnet
Botnet
What is the most important element related to evidence in addition to the evidence itself?
Photographs of the crime scene
Chain of custody document
Completeness
Witness testimony
Chain of custody document
Which of the following tools allows the user to set security rules for an instance of an application that
interacts with one organization and different security rules for an instance of the application when
interacting with another organization?
Integration
Replication
Instance awareness
Encryption
Instance awareness
Which of the following describes a configuration baseline?
A collection of security settings that can be automatically applied to a device
A list of common security settings that a group or all devices share
The minimum services required for a server to function
A set of performance statistics that identifies normal operating performance
A list of common security settings that a group or all devices share
You are using a password attack that tests every possible keystroke for each single key in a password until
the correct one is found. Which of the following technical password attacks are you using?
Password sniffing
Pass-the-hash attack
Brute force attack
Keylogger
Brute force attack
You have been asked to implement a RAID 5 solution for your network. What is the minimum number of
hard disks that can be used to configure RAID 5?
2
3
4
5
6
3
What is the name of the service included with the Windows Server operating system that manages a
centralized database containing user account and security information?
...
You want to protect data on hard drives for users with laptops. You want the drive to be encrypted, and
you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the
system should not boot if a change is detected in any of the boot files.
What should you do?
Have each user encrypt user files with EFS.
Implement BitLocker without a TPM.
Have each user encrypt the entire volume with EFS.
Implement BitLocker with a TPM.
Implement BitLocker without a TPM.
What is the primary function of the IKE Protocol used with IPsec?
Create a security association between communicating partners.
Encrypt packet contents.
Ensure dynamic key rotation and select initialization vectors (IVs).
Provide both authentication and encryption.
Provide authentication services.
Create a security association between communicating partners.
Which of the following functions are performed by proxies? (Select two.)
Cache web pages
Give users the ability to participate in real-time, text-based internet discussions
Filter unwanted emails
Block employees from accessing certain websites
Store client files
Cache web pages
Block employees from accessing certain websites
Which type of firewall protects against packets coming from certain IP addresses?
Application layer
Packet-filtering
Stateful
Circuit-level
Packet-filtering
Which of the following is considered a major problem with instant messaging applications?
Loss of productivity
Transfer of text and files
Real-time communication
Freely available for use
Loss of productivity
You need to check network connectivity from your computer to a remote computer.
Which of the following tools would be the BEST option to use?
nmap
ping
route
tracert
ping
Which of the following is a privilege or action that can be taken on a system?
User rights
SACL
Permissions
DACL
User rights
You are adding switches to your network to support additional VLANs. Unfortunately, the new switches
are from a different vendor than the current switches.
Which standard do you need to ensure that the switches are supported?
802.11
802.1Q
802.1x
802.3
802.1Q
In your role as a security analyst, you ran a vulnerability scan, and several vulnerabilities were reported.
Upon further inspection, none of the vulnerabilities actually existed.
Which type of result is this?
False negative
True positive
True negative
False positive
False positive
Students also viewed
Security+ Cert Exam Objectives SYO-601
786 terms
Profile Picture
jeffrey_baker
CompTIA Security+ SY0-601 Practice Questions.
150 terms
Profile Picture
JT_Collett
2022 CompTIA SECURITY+ SY0-601 BEST EXAM STUD…
174 terms
Images
Profile Picture
WieldyStone2
12.4 Active Directory
12 terms
Profile Picture
cicilylafleur
Recent flashcard sets
Financial Accounting Ratios
22 terms
Profile Picture
Michael_Martirano5
Vocabulary 1
10 terms
Profile Picture
sens02
french vocaqbbbb
149 terms
Profile Picture
Claire_Jackson17
English, Examens, Wordlist
44 terms
Profile Picture
massimoleleux
Sets found in the same folder
Security+ SY0-601: Cloud Security Design & Im…
61 terms
Profile Picture
Todd_Libet
Security+ SY0-601: Endpoint Security Design &…
51 terms
Profile Picture
Todd_Libet
Security+
1,027 terms
Profile Picture
melliz2015
Security+ SY0-601: Network Security Design &…
150 terms
Profile Picture
Todd_Libet
Other sets by this creator
Network+ Domain 5
33 terms
Profile Picture
Paladin_Rhyne
Network+ Domain 4
45 terms
Profile Picture
Paladin_Rhyne
Network+ Domain 3
15 terms
Profile Picture
Paladin_Rhyne
Network+ Domain 1
174 terms
Profile Picture
Paladin_Rhyne
Verified questions
Other
Give two reasons why clothing tends to be more expensive at a boutique than at a mass merchandise
discounter.
Verified answer
Other
Describe three methods businesses use to deal with theft.
Verified answer
Other
How are family values useful when making clothing decisions?
Verified answer
Other
For what natural fibers are lyocell and acrylic sometimes substituted? Why?
Verified answer
1/5
About us
About Quizlet
How Quizlet works
Careers
Advertise with us
News
Get the app
For students
Flashcards
Learn
Solutions
Modern Learning Lab
For teachers
Live
Checkpoint
Blog
Be the Change
Resources
Help center
Honor code
Community guidelines
Privacy
Terms
Ad and Cookie Policy
Language
English (USA)
© 2023 Quizlet, Inc.
COPPA Safe Harbor Certification seal
Terms in this set (30)
Original
An administrator needs to protect user passwords and has been advised to hash the passwords. Which
of the following BEST describes what the administrator is being advised to do?
Perform a mathematical operation on the passwords that will convert them into unique strings
An audit Identified Pll being utilized In the development environment of a critical application. The Chief
Privacy Officer (CPO) Is adamant that this data must be removed; however, the developers are
concerned that without real data they cannot perform functionality tests and search for specific data.
Which of the following should a security professional implement to BEST satisfy both the CPO's and the
development team's requirements?
Data anonymization
Which of the following are common VoIP-associated vulnerabilities? (Select TWO).
SPIM and vishing
The SOC for a large MSSP is meeting to discuss the lessons learned from a recent incident that took
much too long to resolve This type of incident has become more common in recent weeks and is
consuming large amounts of the analysts' time due to manual tasks being performed Which of the
following solutions should the SOC consider to BEST improve its response time?
Implement a SOAR with customizable playbooks
During a security incident investigation, an analyst consults the company's SIEM and sees an event
concerning high traffic to a known, malicious command-and-control server. The analyst would like to
determine the number of company workstations that may be impacted by this issue. Which of the
following can provide the information?
DNS logs
After reluming from a conference, a user's laptop has been operating slower than normal and
overheating and the fans have been running constantly During the diagnosis process, an unknown piece
of hardware is found connected to the laptop's motherboard Which of the following attack vectors was
exploited to install the hardware?
Direct access
A company is receiving emails with links to phishing sites that look very similar to the company's own
website address and content. Which of the following is the BEST way for the company to mitigate this
attack?
Generate a list of domains similar to the company's own and implement a DNS sinkhole for each.
Which of the following terms describes a broad range of information that is sensitive to a specific
organization?
Proprietary
A company wants to improve end users experiences when they tog in to a trusted partner website The
company does not want the users to be issued separate credentials for the partner website Which of the
following should be implemented to allow users to authenticate using their own credentials to log in to
the trusted partner's website?
Federation
A new company wants to avoid channel interference when building a WLAN. The company needs to
know the radio frequency behavior, identify dead zones, and determine the best place for access points.
Which of the following should be done FIRST?
Configure heat maps.
Which of the following is the GREATEST security concern when outsourcing code development to thirdparty contractors for an internet-facing application?
Unknown backdoor
A security engineer was assigned to implement a solution to prevent attackers from gaining access by
pretending to be authorized users. Which of the following technologies meets the requirement?
MFA
After gaining access to a dual-homed (i.e.. wired and wireless) multifunction device by exploiting a
vulnerability in the device's firmware, a penetration tester then gains shell access on another networked
asset This technique is an example of:
privilege escalation
Field workers in an organization are issued mobile phones on a daily basis All the work is performed
within one city and the mobile phones are not used for any purpose other than work The organization
does not want these phones used for personal purposes. The organization would like to issue the phones
to workers as permanent devices so the pnones do not need to be reissued every day. Given the
conditions described, which of the following technologies would BEST meet these requirements'
Mobile device management
An organization has developed an application that needs a patch to fix a critical vulnerability In which of
the following environments should the patch be deployed LAST?
Production
A technician enables full disk encryption on a laptop that will be taken on a business tnp. Which of the
following does this process BEST protect?
Data at rest
During a trial, a judge determined evidence gathered from a hard drive was not admissible. Which of the
following BEST explains this reasoning?
The forensic investigator forgot to run a checksum on the disk image after creation
A company wants to restrict emailing of PHI documents. The company is implementing a DLP solution In
order to restrict PHI documents which of the following should be performed FIRST?
Classification
A security incident has been resolved Which of the following BEST describes the importance of the final
phase of the incident response plan?
AAR/Lessons learnt will improve the plan for the next incident
A company labeled some documents with the public sensitivity classification This means the documents
can be accessed by:
employees of other companies and the press
An organization is migrating several SaaS applications that support SSO. The security manager wants to
ensure the migration is completed securely. Which of the following should the organization consider
before implementation? (Select TWO).
The identity federation protocol and The encryption method
Server administrators want to configure a cloud solution so that computing memory and processor
usage is maximized most efficiently across a number or virtual servers. They also need to avoid potential
denial-of-service situations caused by availability. Which of the following should administrators configure
to maximize system availability while efficiently utilizing available computing power?
Dynamic resource allocation
A security analyst has identified malware spreading through the corporate network and has activated the
CSIRT Which of the following should the analyst do NEXT?
Attempt to quarantine all infected hosts to limit further spread
While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst
is alerted to a subsequent token reuse moments later on a different service using the same single signon method. Which of the following would BEST detect a malicious actor?
Utilizing SIEM correlation engines
A help desk technician receives a phone call from someone claiming to be a part of the organization's
cybersecurity modem response team The caller asks the technician to verify the network's internal
firewall IP address Which of the following is the technician's BEST course of action?
Write down the phone number of the caller if possible, the name of the person requesting the
information hang up. and notify the organization's cybersecurity officer
A security manager has tasked the security operations center with locating all web servers that respond
to an unsecure protocol. Which of the following commands could an analyst run to find requested
servers?
nmap -p 80 10.10.10.0/24
A cloud service provider has created an environment where customers can connect existing local
networks to the cloud for additional computing resources and block internal HR applications from
reaching the cloud. Which of the following cloud models is being used?
Hybrid
A report delivered to the Chief Information Security Officer (CISO) shows that some user credentials
could be exfiltrated. The report also indicates that users tend to choose the same credentials on different
systems and applications. Which of the following policies should the CISO use to prevent someone from
using the exfiltrated credentials?
MFA
Which of the following describes the exploitation of an interactive process to gain access to restricted
areas?
Privilege escalation
The Chief Information Secunty Officer (CISO) requested a report on potential areas of improvement
following a security incident. Which of the following incident response processes is the CISO requesting?
Lessons learned
Terms in this set (11)
Original
which of the following will most likely adversely impact the operations of unpatched trad programmable
logic controllers running a back end LAMP server and OT systems with human management interfaces
that are accessible over the internet via web interface
weak encryption and server-side request forgery
a company recently transitioned to a strictly BYOD culture due to the cost of replacing lost or damaged
corporate-owned device. Which of the following technologies would be best to balance the BYOD culture
while also protecting the company's data
full disk encryption
A chief security office's key priorities are to improve preparation and recovery practices to minimize
system downtime and enhance organizational resilience to ransomware attacks. Which of the following
would best meet the CSO's objectives
Implement application whitelisting and centralized event-log management and perform regular testing
and validation of full backups
A network engineer has been asked to investigate why several wireless barcode scanners and wireless
computers in a warehouse have intermittent connectivity to the shipping server. the barcode scanners
and computers are all on forklift trucks and move around the warehouse during their use. which of the
following should the engineer do to determine the issue
perform a site survey and create a heat map
a security admin suspects an employee has been emailing proprietary information to the competitor.
company policy requires the admin to capture an exact copy of the employee's hard disk. which of the
following should the admin use
DD
Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data
processors?
GDPR
Phishing and spear phishing attacks have been occurring more frequently against a company's staff.
which of the following would most likely help mitigate this issue
exact mail exchanger records in the DNS
which of the following is the live acquisition of data for forensic analysis most dependent
Value and volatility of data
right to audit clauses
Which of the following incident response steps involves actions to protect critical systems while
maintaining business operations
Containment
A security auditor is reviewing vulnerability scan data provided by an internal security team. which of the
following indicates that valid credentials were used?
The scan enumerated software version of installed programs
which of the following Best explains the difference between a data owner and a data custodian?
The data owner is responsible for determining how the data may be used while the data custodian is
responsible for implementing the protection to the data
Related documents
Download