×

Quiz Session - Attempts With Random Questions

CompTIA Security+ (SY0-601) Exam Questions

Page 7 of 50

121.

A company is making considerations for the infrastructure of their web application. They want to include a clause in the SLA with their cloud provider that guarantees that if there is a problem with the load balancer, they will fix it within 1 hour. 

What type of factor are they looking to implement in this situation?

  • Risk transference

  • Scalability

  • Ease of deployment

  • Inability to patch

Correct answer: Risk transference

Risk transference is used to shift responsibility of a risk to a third party. This can be done through such means as contracts or insurance.

Scalability is a factor addressed with dynamically increasing resources as needed. Ease of deployment is a factor addressed with IaC or machine templates. An inability to patch refers to preventing a CSP from applying patches because the client wants to handle that.

122.

An organization has decided to install a fence to help prevent unauthorized individuals from entering the organization's premises. What category of control is this an example of?

  • Physical

  • Operational

  • Technical

  • Managerial

Correct answer: Physical

A fence is an example of a physical security control. Other examples of physical controls include locks and security guards.

Operational controls include log monitoring and vulnerability management. Technical controls include firewalls and access control lists. Managerial controls include risk assessments and change management procedures.

123.

A user received an email indicating that they had a virus and needed to download the attached report. The attachment was actually a malicious file that gave the attacker direct access to the user's workstation. 

What did the hacker likely use to bypass normal authentication methods to gain access to the system?

  • Backdoor

  • Privilege escalation

  • Brute force attack

  • SQL injection

Correct answer: Backdoor

Backdoors are usually set after a hacker has been able to gain access to a system. They are kept for future access to ensure that the hacker can get in without alerting the administrator. Backdoors used to be legitimate ways for developers to access software quickly during debugging, but they are discouraged now to avoid the chance of attackers using them.

Privilege escalation involves running commands as an administrator. A brute force attack is an attack that tries every possible combination to break a password. An SQL injection sends malicious SQL statements to a web application that accepts user input.

124.

LastPass and 1Password are examples of which of the following?

  • Password manager

  • Password key

  • TPM

  • HSM

Correct answer: Password manager

A password manager, or password vault, such as LastPass or 1Password, is an encrypted vault of a user's passwords that is unlocked with a master password.

A password key is a password, i.e., a secret that is used to access an app, website, or computer. A Trusted Platform Module (TPM) is an embedded chip on a computer that can securely store encryption keys, credentials, and other sensitive cryptographic data. A hardware security module (HSM) performs the same function as a TPM but typically isn't built into the system; it might be a card, an external device, or a cloud-based service.

125.

An administrator starts a web server application while logged in as the root user of a system. A vulnerability in the web server software is then exploited by a remote attacker, who is now able to run commands as the root user on the system. 

What type of attack is being executed?

  • Privilege escalation

  • XSS

  • CSRF

  • Directory traversal

Correct answer: Privilege escalation

In a privilege escalation attack, an attacker leverages their access to elevate their privileges from the context of the web server application to the root user. This means the attacker gains control over the system with the highest level of administrative privileges.

XSS involves an attacker inserting malicious code in a web server that executes in a user's browser. CSRF involves an attacker tricking a user into performing an action on a site they have logged into. A directory traversal involves a web server allowing users to browse the server's filesystem.

126.

How should embedded systems be secured?

  • By applying most of the same principles as when securing traditional computers

  • By removing their ability to connect to the internet

  • By ensuring they run consumer operating systems such as Windows 10 or macOS

  • By requiring all stored and transferred data to be encrypted

Correct answer: By applying most of the same principles as when securing traditional computers

Securing embedded systems requires most of the same principles as securing traditional computers. It may take more effort to keep them up-to-date with patches and physically secured from theft.

Embedded systems may often be devices that need to connect to the internet. Embedded systems often use customized operating systems. Encryption may be too processor-intensive for embedded systems that need to operate efficiently.

127.

Which of the following is an acquisition tool that can be used when conducting digital forensics?

  • FTK Imager

  • Task Manager

  • Event Viewer

  • Top

Correct answer: FTK Imager

Acquisition tools focus on creating exact, bit-by-bit copies of devices. FTK Imager is used to acquire drive images for analysis in FTK or Autopsy. 

Task Manager is a Windows utility used to provide information about running applications and processes. Event Viewer is used to view and analyze system events. Top is a command-line utility in Linux for information about processes and resource usage.

128.

Which of the following classifications covers data vital to an organization's operations, such as customer lists or encryption keys?

  • Critical

  • Confidential

  • Sensitive

  • Proprietary

Correct answer: Critical

Data can have various classifications that affect its security requirements. Some common classifications include:

  • Public: Public data is freely accessible and requires availability (and potentially integrity) protection but not confidentiality. Information on a corporate website is an example of public data.
  • Private: Private data is intended for internal use only. This may include sensitive business data or customers' personal information.
  • Sensitive: Sensitive data is private data that should be protected against unauthorized exposure to external parties.
  • Confidential: Confidential data is data that can cause significant harm to the organization if it is exposed to an unauthorized party.
  • Critical: Critical data is vital to the organization's ability to perform its core mission or operations. Customer lists are an example of critical data.
  • Proprietary: Proprietary data is data that is private to an organization that provides it with a competitive advantage. Trade secrets like the Coca-Cola secret recipe are an example of proprietary data.

129.

Users are complaining that there are too many login credentials to remember, so they are using simpler passwords to help remember them all. The chief operations officer wants to remove the complexity in the authentication process to ease the burden on the users. 

What can be used to centralize authentication so users only need to enter credentials once for multiple systems?

  • SSO

  • MFA

  • EAP

  • CHAP

Correct answer: SSO

Single sign-on (SSO) systems allow a user to enter a username and password in one location to get access to multiple systems. This limits the need for the user to remember separate passwords for different systems, making it much more convenient.

Multi-factor authentication (MFA) requires authenticating with two or more different types of factors. The Extensible Authentication Protocol (EAP) is an authentication framework on wireless networks. The Challenge Handshake Authentication Protocol (CHAP) is an authentication protocol.

130.

Why is ownership important in the change management process?

  • To ensure that someone is responsible for the project being carried out effectively

  • To verify that the planned project will meet the business goals of the organization

  • To analyze all the impacts that a change will have on other systems

  • To carry out operations to restore a system to its previous state in case there is an issue with the change

Correct answer: To ensure that someone is responsible for the project being carried out effectively

Giving ownership to an individual for a change ensures that someone will take responsibility for it. The individual in charge is typically a CISO.

Verifying that the planned project will meet the business goals of the organization is accomplished in the approval process. Analyzing all the impacts that a change will have on other systems is done during the impact analysis. Carrying out operations to restore a system to its previous state in case there is an issue with the change is the role of a backout plan.

131.

What type of key is known to any party that wants to send a recipient an encrypted message?

  • Public

  • Private

  • Symmetric

  • Derivation

Correct answer: Public

The public key is used by any third party to encrypt a message and send it to a recipient. The recipient uses their private key to decrypt the message. This structure is exceedingly useful in private communications, as the public key is used to encrypt information so that only the user with the private key has the ability to decrypt it.

A private key is known only to the owner of that key. Symmetric keys are only shared between trusted parties. Derivation keys are derived from other keys.

132.

A user receives an email from a social media site indicating that they need to reset their password for security and to follow the link provided. The user clicks on the link, follows the prompts, and hits send. However, instead of the user's request command, the website sends its own command. It sends:

http://socialmediasite.com/edit?action=set&key=newemail&value=hacked4ransom.com

After clicking the link, the user is alerted that their account password has been changed, and they are now locked out.

Which of the following BEST describes this scenario?

  • XSRF

  • XSS

  • SQL injection attack

  • On-path

Correct answer: XSRF

A cross-site request forgery (XSRF) attack is where an attacker manipulates a user into performing an action without their knowledge. This can involve specifically crafted web pages that redirect users as they perform another action, such as playing a video game or resetting a password. All the while, carefully tailored commands can be used to exploit a victim's interest in clicking or following links.

Cross-site scripting (XSS) occurs when an attacker injects malicious code into a website that executes in a user's browser. A SQL injection attack occurs when a user injects malicious SQL code into a web application that connects to a database. An on-path attack occurs when an attacker intercepts and modifies communications between two systems.

133.

Which of the following principles of effectiveness takes the LONGEST to use in a social engineering attack?

  • Trust

  • Authority

  • Consensus

  • Urgency

Correct answer: Trust

The seven principles, or reasons, for the effectiveness of social engineering are:

  • Authority: People are likely to follow the instructions of the boss or other authority figures.
  • Intimidation: People are likely to do something if they fear the consequences of not doing so.
  • Consensus: People are more likely to do something if they think everyone else is (bandwagon effect).
  • Scarcity: People are more likely to do something if the attacker offers something that they want and that seems difficult to obtain.
  • Familiarity: People are more likely to help people that they like or that they think are like them.
  • Trust: People are more likely to help someone whom they trust and have a rapport with.
  • Urgency: People are more likely to do something without thinking about it if the request seems urgent.

134.

In which of the following exercises might participants be required to restore from backups or have systems turned off to emulate outages?

  • Simulation

  • Walkthrough

  • Tabletop

  • Documentation review

Correct answer: Simulation

The effectiveness of an incident response plan can be tested in a few different ways, including:

  • Simulation: A simulation is the most realistic, complex, and expensive form of testing incident response plans and strategies. In this type of exercise, participants actually perform their roles, and certain systems may be brought offline to simulate outages, etc.
  • Documentation Review: This simple exercise involves relevant stakeholders (IRT, managers, etc.) reading through IRT plans to ensure that they are accurate, up-to-date, and logical. Periodic documentation reviews are commonly required for regulatory compliance.
  • Tabletop: In a tabletop exercise, a group engages in a discussion in which they are presented with a scenario and talk through how they would respond based on relevant plans and procedures.
  • Walkthrough: A walkthrough builds on a tabletop exercise by having participants go through the motions of performing their duties. This may occur in a conference room or on-site, but team members don't do anything that could negatively impact operations.

135.

An administrator is analyzing an X.509 certificate. They want to know the authority that assigned the certificate. Which attribute will give them this information?

  • Issuer

  • Subject alternative names

  • Serial number

  • Common name

Correct answer: Issuer

The issuer attribute shows the certificate authority that created the certificate. 

Subject alternative names show additional items protected by the certificate. The serial number differentiates certificates from others. The common name is the name associated with the public key.

136.

Recently, Acme Inc. has experienced significant growth and has hired new employees. Management wants to provide education to all the new employees so they understand the organizational security policies. 

What can they use for this purpose?

  • Onboarding

  • Offboarding

  • Mandatory vacations

  • Separation of duties

Correct answer: Onboarding

When new employees are brought into an organization, onboarding is used to add them to the identity and access management system. It incorporates training, formal meetings, lectures, and handbooks.

Offboarding is used when an employee is leaving. Mandatory vacations are used to ensure that multiple users can perform a job function and also to reduce the chances of fraud. Separation of duties is used when an important job requires multiple users to complete.

137.

A group of penetration testers was provided with a spreadsheet containing network information but no map. They were also given some details about the applications that are in use, but there is no information about the operating systems that have been deployed. 

Which of the following testing strategies is being employed in this scenario?

  • Partially known environment

  • Known environment

  • Unknown environment

  • Fully known environment

Correct answer: Partially known environment

While known environment testing would have all the information and unknown environment testing would have none, partially known environment testing is somewhere in between, with various pieces of information but not the whole picture. This leaves pen testers to fill in the gaps, and usually, they are encouraged to document their findings so that subsequent tests and audits can be performed more easily, and they can gradually move toward known environment testing.

138.

Continuity-of-operations planning is an extremely critical element of business impact planning and covers the restoration of mission-critical functions within the organization. Primarily, a recovery site is an alternative location where operations can take place and which serves as a failover in the event of a catastrophe at the main site. 

Of the following types of redundant sites, which is a nearly complete duplicate of the main site and costs the most to maintain?

  • Hot site

  • Warm site

  • Cold site

  • Gray site

Correct answer: Hot site

A hot site is a near-duplicate of an organization's original site. It can be up and running within minutes should an outage occur. Computers and phones are up and ready, and a simulated server room is installed.

A warm site has infrastructure in place, but not the data. A cold site has space, power, and network connectivity but lacks systems and data. Gray sites are not a part of resiliency planning.

139.

Which of the following techniques helps to protect against rainbow table attacks?

  • Salting

  • Steganography

  • Tokenization

  • Hashing

Correct answer: Salting

Salting involves adding a random, unique, public value to a password before hashing it for storage. This protects against rainbow table attacks and makes it harder for an attacker to identify accounts with weak or reused passwords.

Steganography involves hiding messages in other media, such as images. Tokenization involves protecting sensitive data by replacing it with placeholder data. Hashing involves a one-way function of turning a message of any length into a fixed-length value.

140.

A web development company has identified a security incident with some of their staging servers. What should their next step be before containing it?

  • Analysis

  • Preparation

  • Recovery

  • Lessons learned

Correct answer: Analysis

After identifying a security incident, it is important to analyze it so that its effects can be known.

The seven steps in the incident response process for the Security+ exam are:

  1. Preparation: Before an incident occurs, the organization should prepare by creating an incident response team (IRT) and defining the processes and procedures that they will follow when managing an incident. Also, the rest of the organization should be trained on their security responsibilities and how to respond if an incident occurs.
  2. Identification: At some point, a user may notice that a potential incident has occurred and alert the incident response team. A first responder will validate that an incident has occurred and either handle or escalate it.
  3. Analysis: An identified incident should be analyzed to see what its impact could be.
  4. Containment: After verifying the issue, the first responder should isolate it to manage the scope and impact of the incident. This might include disconnecting infected systems from the network to prevent the spread of a virus.
  5. Eradication: When the incident is contained, the incident response team will investigate it and develop and implement a remediation strategy. For example, the IRT might wipe a computer, use an endpoint security solution to remove a virus, update firewall rules, or take similar actions.
  6. Recovery: After the incident is over, the IRT can restore the system to a normal operation based on predefined procedures. For example, a verified-clean computer can be reconnected to the network.
  7. Lessons learned: After the recovery is complete, the IRT should perform a retrospective to determine what did and didn't go well. This might help with identifying inefficient IR processes or the root cause of the incident that can be corrected to prevent future, similar incidents from occurring.
×