×

Quiz Session - Attempts With Random Questions

CompTIA Security+ (SY0-601) Exam Questions

Page 6 of 50

101.

A global company has a customer information database that needs to be available at all times. If the main database server fails, they need a secondary server that will take over with all the same data as the main server. 

What type of backup architecture should they use in this situation?

  • Replication

  • Journaling

  • Snapshot

  • Incremental

Correct answer: Replication

Replication involves having a clone of data that can be used at a moment's notice. This is needed for failover situations.

Journaling backs up each transaction, but the transactions need to be applied before the backup can be used. A snapshot is a copy of a virtual machine at a given point in time. Incremental backups are part of a daily backup strategy that only backs up files that have changed.

102.

Which of the following malicious activities is a type of physical attack?

  • RFID cloning

  • Bloatware

  • Directory traversal

  • Collision

Correct answer: RFID cloning

The Security+ examination notes RFID cloning as a type of physical attack that involves cloning an RFID tag, which can be used to gain access or tamper with inventory. Protecting against RFID cloning can include installing video cameras to notice unusual activity or using encrypted RFID technologies.

Bloatware is software that is preinstalled on devices that is difficult to remove. Directory traversal is a weakness in web servers that exposes the file system. A collision is a cryptographic attack that can occur when two different inputs create the same hash.

103.

According to the hardware manufacturer, a system is expected to experience failures with a component every two years. Which of the following does this measure?

  • MTBF

  • MTTR

  • RTO

  • RPO

Correct answer: MTBF

Mean time between failures (MTBF) is the average time between failures of a system or component.

The mean time to repair (MTTR) is the average time it takes to repair a failed component. The recovery time objective (RTO) is the amount of time that is acceptable before services are restored. The recovery point objective (RPO) is the acceptable latency period of data, or the maximum tolerable time that data can remain inaccessible after a disaster.

104.

A web search company is being accused of engaging in anti-competitive behavior by a regulatory organization. Prior to filing a lawsuit, the regulatory organization wants to inform the company that they should not destroy any data or records. 

What should they send to the company to notify them of this?

  • Legal hold

  • Chain of custody

  • NDA

  • BPA

Correct answer: Legal hold

A legal hold is a notice that an organization should preserve relevant documents and information prior to legal proceedings. Ignoring this notice can be perceived negatively in court.

A chain of custody is a document that tracks evidence for legal proceedings. A non-disclosure agreement (NDA) is a contract that restricts sharing confidential information. A business partners agreement (BPA) is an agreement outlining how two businesses will work together.

105.

As a part of effective security governance, a company must rapidly evolve to meet the changing challenges and opportunities in their business sector at a global level. For instance, textile manufacturers need to keep up-to-date with the latest fashions. 

Which aspect of corporate governance does this concern belong to?

  • Industry

  • Legal

  • Regulatory

  • Local

Correct answer: Industry

Companies need to stay aware of changes in their industry. Failure to adapt can make a company lose its competitiveness.

The legal aspect refers to being lawful in things such as contracts and intellectual property. The regulatory aspect refers to following governmental regulations and guidelines. The local aspect refers to meeting requirements for specific geographical areas.

106.

Which of the following steps can an organization take to protect management consoles for switches?

  • Placing management ports on an isolated VLAN

  • Disabling logging and real-time monitoring

  • Turning off TOTP for authentication

  • Implementing FDE

Correct answer: Placing management ports on an isolated VLAN

Segmenting management traffic by using an isolated VLAN can enhance security. Other ways to harden network devices include keeping firmware updated, enabling logging, applying ACLs, changing default settings, and using secure protocols.

Logging and real-time monitoring are useful for managing security on a network device. Time-based one-time passwords (TOTP) can improve authentication. Full-drive encryption (FDE) is used with storage devices.

107.

A company discovers a threat actor has had access to their research and development network. They trace the attacker's IP address to a building where a competing company works. 

What is the likely motivation for the attacker?

  • Espionage

  • Ethical

  • Revenge

  • Political beliefs

Correct answer: Espionage

Espionage can be a motive for threat actors. Competing businesses may attempt to spy on each other to gain an advantage over the other.

Ethical motivations are characteristic of cybersecurity professionals seeking to find vulnerabilities in order to fix them. Revenge is characteristic of ex-employees or others who hold a grudge. Political beliefs are characteristic of hacktivist attackers.

108.

An outside security auditor recently completed an in-depth security audit on your network. One of the issues she reported was related to passwords. She found the following passwords used on the network: Pa$$1, 1@R5, and X8tS8. 

What should be changed to avoid the problem shown with these passwords?

  • Password length

  • Password age

  • Password complexity

  • Password reuse

Correct answer: Password length

One way to make passwords more secure is to require them to be strong. A strong password is at least eight characters in length, doesn’t include words found in a dictionary or any part of a user’s name, and combines at least three of the four following character types:

  • Uppercase characters (26 letters A–Z)
  • Lowercase characters (26 letters a–z)
  • Numbers (10 numbers 0–9)
  • Special characters (32 printable characters, such as !, $, and *)

A complex password uses multiple character types, such as Sy0@. Password age ensures users do not continually reset passwords until they can reuse a previous one. Password reuse protects against a user reusing an old password.

109.

What do cloud service providers offer customers that fulfill the same role as a firewall?

  • Security groups

  • Tickets

  • VPC endpoints

  • Transit gateways

Correct answer: Security groups

Cloud service providers give customers access to security groups, which are used to create rules for network traffic. Properly configuring security groups is essential for securing cloud infrastructure.

Ticket creation is used to handle customer service requests. VPC endpoints are used to connect virtual private clouds within a provider's network. Transit gateways are used to connect a VPC with on-premises VLANs.

110.

An IS auditor has been asked to evaluate the security of a surveillance system. The system includes cameras with embedded interfaces that are accessible via a web interface. What are three common issues that the auditor should have in mind when assessing this system?

  • Default configurations, vulnerabilities, lack of patching

  • Human vulnerability, information leakage, insufficient training

  • Patch management, insufficient monitoring, Ethernet loops

  • Service downtime, false positives, multi-vector attacks

Correct answer: Default configurations, vulnerabilities, lack of patching

An embedded system is a computer system that has been built into another device. Default configurations, vulnerabilities, and lack of patching are common issues when working with embedded systems.

Human vulnerability, information leakage, and insufficient training are issues related to social engineering attacks. Patch management, insufficient monitoring, and Ethernet loops are issues related to switches. Service downtime, false positives, and multi-vector attacks are issues related to DDoS attacks.

111.

Which type of plan should an organization have to ensure that it can function even during a disaster?

  • BCP

  • DRP

  • AUP

  • BYOD

Correct answer: BCP

A business continuity plan (BCP) is used to ensure that an organization can continue operating even during a disaster.

A disaster recovery plan (DRP) is used to recover from an incident after it has happened. An acceptable use policy (AUP) is used to provide users with policies for how to properly use the organization's resources. A bring-your-own-device (BYOD) policy is used to determine how users can utilize their personal devices while working.

112.

Which protocol uses ephemeral keys to provide perfect forward secrecy for web communications?

  • TLS

  • S/MIME

  • PPTP

  • SPF

Correct answer: TLS

Transport Layer Security (TLS) is installed on web servers to provide encryption between the web server and the client computer. It is important to consider that any time SSL is mentioned, they are likely referencing TLS.

S/MIME is a standard for securing email messaging. PPTP is an outdated protocol for VPNs. SPF is used to designate authorized email servers for a domain.

113.

Which activity involves actively probing systems to discover vulnerabilities?

  • Scanning

  • Log aggregation

  • Reporting

  • Alerting

Correct answer: Scanning

Scanning refers to the active probing of systems on a network to discover vulnerabilities. A scanner will send requests to common ports on all addresses on a network and analyze the responses from systems.

Log aggregation refers to sending logs to a central location for analysis. Reporting refers to transforming information from monitoring into actionable intelligence. Alerting refers to sending notifications to administrators when anomalous activity is detected.

114.

A website checks your IP address as part of an MFA scheme. What factor is it using?

  • Somewhere you are

  • Something you know

  • Something you exhibit

  • Something you have

Correct answer: Somewhere you are

Multi-factor authentication (MFA) uses two or more different types of factors. Factors can include:

  • Something you know: Password, PIN, etc.
  • Something you have: Smartphone, security token, etc.
  • Something you are: Fingerprint, facial, voice recognition, etc.
  • Somewhere you are: Geolocation, IP address
  • Something you can do: Connecting dots on a picture, etc.
  • Something you exhibit: Gait, behavior, etc.
  • Someone you know: Password reset based on trusted party, etc.

If an MFA scheme is checking an IP address, it is likely trying to determine where you are, since IP addresses are linked to location.

115.

A SysOps manager is looking to determine the measure of a system's reliability to present to the executives. The aim is to probe critical systems for this measure and predict potential outages before they occur. 

Which of the following figures would the manager use?

  • MTBF

  • MTTR

  • RTO

  • RPO

Correct answer: MTBF

The calculation of a system's reliability can be measured by calculating the mean time between failures (MTBF). Usually represented in hours, the MTBF identifies the average time between failures; systems that have a high MTBF are considered more reliable.

The mean time to repair (MTTR) is the average time it takes to repair a failed component. The recovery time objective (RTO) is the amount of time that is acceptable before services are restored. The recovery point objective (RPO) is the acceptable latency period of data, or the maximum tolerable time that data can remain inaccessible after a disaster.

116.

Which type of monitoring includes creating alerts for CPU usage and memory utilization?

  • Systems

  • Applications

  • Infrastructure

  • Building

Correct answer: Systems

Three types of computing resources that can be monitored include systems, applications, and infrastructure. Systems include endpoints like workstations and servers and involve monitoring metrics such as CPU, memory, disk, and network usage.

Application monitoring includes alerts for security, performance, and availability. Infrastructure monitoring includes alerts for network appliances, database servers, and cloud services. Building monitoring includes monitors for physical security.

117.

An attacker is using open-source intelligence to build a picture of the potential victim but is not using any tools to send information to the target and analyze responses. Which of the following BEST describes what they are doing?

  • Passive reconnaissance

  • Phishing

  • Self-assessment

  • Attestation

Correct answer: Passive reconnaissance 

Passive reconnaissance involves using open-source intelligence, such as social media, public websites, or news reports, to collect information about the targeted system, network, or organization. This method is not illegal as it does not actually engage a target, so attackers can use it without worry and can amass a stunning amount of information, depending on the security considerations of the organization.

Phishing is the activity of using social engineering to try to get a target to divulge sensitive information. Self-assessment is an internal audit. Attestation is the act of a third party verifying that something is true.

118.

A user at Smith Industries is browsing a web page when they receive a prompt indicating that their current antivirus is insufficient and they need to download the recommended program. Shortly after the user downloads the program, they receive warnings that the system is infected and more software needs to be installed to remove the infection. The user reports that the system is now very slow and unusable. 

Which of the following is MOST likely affecting the system?

  • Trojan

  • Worm

  • Logic bomb

  • Spyware

Correct answer: Trojan

Often disguised as a beneficial application or a useful website, Trojans seek to exploit this trust and have the user install the software. A common attack is called rogueware, where a fake antivirus application misleads users into thinking their systems are infected and they need to install the fake antivirus to remove it and purge the system. Of course, just the opposite happens when the user installs this malicious malware, and the Trojan will install more malware and potentially provide remote access for the attacker to the affected system.

A worm is self-propagating malware that spreads through a network. A logic bomb is malware that executes at a certain time after a certain action is taken. Spyware is malware that collects sensitive information from its target.

119.

An organization is relying on an IDS to help detect potentially malicious activity. The network administrator has become frustrated with the IDS because it makes several alerts every hour to non-existent threats, which has led the administrator to stop taking the IDS alerts seriously. 

What type of error is occurring with the IDS?

  • False positive

  • False negative

  • True positive

  • True negative

Correct answer: False positive

A false positive error occurs when a device reports an incident that does not exist. This can lead to a loss of trust in the device and can be remedied by adjusting alert thresholds.

A false negative occurs when a device does not detect an actual threat. A true positive occurs when a tool accurately alerts to a threat. A true negative occurs when a tool accurately determines that something was not a threat.

120.

An administrator wants to probe some systems on their network to determine if they have any security issues. They want to lower the number of false positives by checking the systems from the perspective of a logged-in user. 

What type of tool should they use to accomplish this?

  • Credentialed vulnerability scan

  • Non-credentialed vulnerability scan

  • Risk assessment

  • Dynamic analysis

Correct answer: Credentialed vulnerability scan

Vulnerability scans can be run using two methods. A credentialed vulnerability scan operates as if it had a user account, and can even be assigned administrator privileges in order to provide a deeper and more thorough scan.

A non-credentialed scan does not have any privileges and no immediate access to the elements it is scanning. A risk assessment evaluates all potential risks to an organization. Dynamic analysis is a method for testing applications.

×