×

Quiz Session - Attempts With Random Questions

CompTIA Security+ (SY0-601) Exam Questions

Page 9 of 50

161.

Recent growth has pushed Smith Consulting to expand rather quickly, and they are adding quite a few new campuses and networking devices. They want a centralized management technology to be able to keep track of important information and statistics. 

What protocol can they use to monitor network-attached devices?

  • SNMP

  • FTP

  • SMTP

  • DNS

Correct answer: SNMP

Simple Network Management Protocol (SNMP) is a TCP/IP protocol that aids in monitoring network-attached devices and computers. It's incorporated as part of a network management system. 

FTP is used to transfer files. SMTP is used to send email. DNS is used to translate domain names to IP addresses.

162.

Which of the following is calculated as AV * EF?

  • SLE

  • ARO

  • ALE

  • SRO

Correct answer: SLE

Single loss expectancy (SLE) measures the anticipated cost of a single instance of an incident. It is calculated as the product of the asset value (AV) and the exposure factor (EF), which measures the percentage of loss.

The annualized rate of occurrence (ARO) measures the anticipated frequency of an event occurring each year. This can be derived from various sources such as historical trends, insurance data, or statistical analysis. Annualized loss expectancy (ALE) measures the anticipated cost of an event each year. It is calculated as the product of the SLE and ARO. SRO is a fabricated term.

163.

The chief executive officer at Smith Bank, a new financial startup, has hired you as a security consultant. Looking through surveillance video, you notice that sometimes, people pass through security points by closely following the person in front of them. 

What type of security control should be put in place to address this?

  • Access control vestibule

  • Bollards

  • Sensors: infrared

  • Sensors: pressure

Correct answer: Access control vestibule

Access control vestibules are used to ensure that only one person at a time can pass through a control point. They are typically a small room with two doors.

Bollards are pillars or obstacles used to prevent vehicular access. Infrared sensors are used to detect heat radiation. Pressure sensors are used to detect movement by changes in pressure.

164.

An attacker has obtained access to the user database of a popular online financial planning tool. What tool can they use to attempt to break weak passwords?

  • John the Ripper

  • Nessus

  • Splunk

  • 1Password

Correct answer: John the Ripper

John the Ripper is a common password-cracking tool. A password cracker uses comparative analysis to break passwords; it systematically guesses until it cracks the password. Strong passwords and lockout policies help defend against password crackers.

Nesses is a vulnerability scanner. Splunk is an SIEM tool. 1Password is a password manager.

165.

A company has set up a Wi-Fi router for guest access in the company's lobby without making any configuration adjustments to it. Later, the company discovers that the device has had its DNS settings changed to route users to malicious websites. 

What hardening technique could have prevented this situation?

  • Default password changes

  • Disabling ports

  • Disabling protocols

  • Removal of unnecessary software

Correct answer: Default password changes

Devices with default passwords are already known to attackers. Default administrator passwords should be changed on devices.

Disabling ports and protocols is done with devices such as servers, hosts, and switches. Removing unnecessary software is associated with desktops and servers.

166.

An administrator is evaluating the current configuration of an IIS server within their environment. They are working through validating the permitted connections and have opened up the Windows firewall to check the rules. 

What type of firewall are they checking?

  • Host-based

  • NGFW

  • WAF

  • Network-based

Correct answer: Host-based

A firewall that's incorporated into an operating system or software package is considered a host-based firewall. It operates at the application level of the OSI model. It provides robust rules and capabilities to Windows administrators in order to secure a server or workstation while prohibiting malicious connections.

A next-generation firewall (NGFW) includes functionality such as IPS, application-layer filtering, and deep packet inspection. A web application firewall (WAF) specifically protects web applications. A network-based firewall is a dedicated network device for filtering traffic.

167.

As well as cross-training employees, an organization is interested in having them cycle through job assignments to review the processes of the various jobs, provide feedback, and recognize any errors or potential for fraud. 

What type of access cycles users through various assignments?

  • Job rotation

  • Separation of duties

  • Least privilege

  • Clean desk space

Correct answer: Job rotation

Job rotation is one of the most expensive options for access control because you need multiple people to perform the same task. However, it increases user insight into overall operations, reduces employee boredom, and enhances employee skill levels.

Separation of duties involves having important tasks be performed by two or more individuals. Least privilege is the principle that users should have only the minimum privileges to perform their duties. A clean desk space policy ensures that sensitive information is not being left unattended at a user's workspace.

168.

Which indicator of attack often occurs when an attacker brute-forces login attempts?

  • Account lockout

  • Resource consumption

  • Missing logs

  • Blocked content

Correct answer: Account lockout

Brute-force login attempts or incorrect password tries can result in an account lockout. Authentication systems should be configured to lock out accounts after a certain amount of failed attempts.

Resource consumption can occur when log files fill up, bandwidth is consumed, or cryptojacking occurs. Missing logs occur after a system has been exploited. Blocked content can occur if an attacker is attempting to access the content.

169.

During an incident response, the team leaves the infected system in place but uses firewalls to limit the traffic the system can send and receive. What type of technique are they using?

  • Containment

  • Isolation

  • Segmentation

  • Root cause analysis

Correct answer: Containment

Containment refers to preventing further malicious acts from a compromised system. It tries to leave the system in place and running without interfering with the functionality of the system until further decisions about handling the incident are made.

Isolation refers to disconnecting critical systems from the rest of the network or to a special environment to reduce the risk that they will be infected during a cyberattack. Segmentation is usually done before an incident occurs, or it may occur after to protect systems during an active incident. Root cause analysis seeks to identify the cause of an incident and occurs after an incident has been mitigated.

170.

The process of embedding secret messages has a rather long history. One method is to provide a seemingly normal communication that actually has secret information hidden within. 

What is the term given to the science of writing hidden messages?

  • Steganography

  • Salting

  • Encryption

  • Key stretching

Correct answer: Steganography

Steganography is the science of hiding a secret message within an ordinary message, and the extraction of it at its destination. Steganography goes a step further than cryptography by hiding an encrypted message so that no one suspects it exists. Ideally, anyone scanning the data will fail to know it contains encrypted data.

Salting involves adding data to a password to make it stronger. Cryptography uses ciphertext, which does not look like normal communication. Key stretching is a technique to make keys harder to attack with brute force.

171.

A computer manufacturer needs to select a supplier of memory modules. To do so, they are currently evaluating some vendors' financial stability, business reputation, quality, and compliance with regulations. 

What process are they engaged in?

  • Due diligence

  • Supply chain analysis

  • Right-to-audit clause

  • Conflict of interest

Correct answer: Due diligence

Due diligence involves vetting potential vendors or business partners. This is to ensure that they meet requirements.

A supply chain analysis is used to assess supply chain risks after the initial selection process. A right-to-audit clause is signed with a vendor to allow for a customer to conduct audits on the vendor at a later time. Conflicts of interest arise when the vendor has a competing interest.

172.

An online retailer has recently terminated an employee who had access to the private key that encrypts their web traffic and ensures end users of the site's authenticity. Where should the digital certificate be added so that it cannot be used improperly by the previous employee?

  • CRL

  • Firewall

  • TPM

  • Secure enclave

Correct answer: CRL

A certificate revocation list (CRL) is a list of certificates that are no longer trusted. If a certificate is lost or stolen, then it should be added here so that it is no longer trusted.

A firewall is used to block or allow traffic. A trusted platform module (TPM) is a secure environment for cryptographic operations. A secure enclave is a protected and isolated area on a device that provides a trusted environment.

173.

An administrator is forming their BCP and trying to determine how much of the system should be restored in case of failure. What BEST describes what they are attempting to define?

  • RPO

  • RTO

  • MTTR

  • MTBF

Correct answer: RPO

The recovery point objective (RPO) is the maximum amount of data that can be lost in case of a failure. Some companies might require all data to be restored up to the point of failure, while others may allow for up to 24 hours of lost data.

The recovery time objective (RTO) is the time it should take to restore a service. The mean time to repair (MTTR) is the average time it takes to repair a system. The mean time between failures (MTBF) is the average time a system operates until a failure.

174.

The rise of online videoconferencing in recent years has made which of the following protocols more important than before?

  • SRTP

  • SFTP

  • SSH

  • HTTPS

Correct answer: SRTP

The Secure Real-time Transport Protocol (SRTP) is an extension to RTP that carries voice over IP traffic (VOIP) and video conferencing. Both the insecure and secure versions default to UDP port 5004.

The Secure Shell (SSH) protocol is an encrypted, authenticated replacement for Telnet that operates on TCP port 22. The insecure File Transfer Protocol (FTP) can be replaced either by File Transfer Protocol Secure (FTPS), which encrypts it using SSL/TLS and runs on port 990, or the SSH File Transfer Protocol (SFTP), which is an equivalent protocol that runs over SSH on port 22. The Hypertext Transfer Protocol Secure (HTTPS) uses SSL/TLS to encrypt web traffic. It uses port 443.

175.

Which of the following is a passive device?

  • IDS

  • IPS

  • Firewall

  • UTM

Correct answer: IDS

An intrusion detection system (IDS) passively collects and analyzes traffic for malicious behavior without actively stopping it.

Firewalls, IPSs, and UTMs are active devices that proactively protect a network.

176.

A company wants to test how well it is prepared for a disaster by performing exercises at a backup site. What type of resilience training are they doing?

  • Failover

  • Tabletop

  • Parallel processing

  • Snapshot

Correct answer: Failover

In a failover test, a company tests its resiliency by seeing how its systems react when failing over to an alternate site. This has the potential to disrupt normal operations, but gives the most assurance that the failover site is working as intended.

In a tabletop exercise, a group engages in a discussion in which they are presented with a scenario and talk through how they would respond based on relevant plans and procedures. In parallel processing, a system's load is distributed across multiple sites. A snapshot is a copy of a virtual machine at a given moment in time.

177.

An older business is deploying credit card processing and a new web store front end. They are investigating the security requirements for the potential web application development. 

Which of the following algorithms is asymmetrical and often used in e-commerce because it works well with credit card security and TLS/SSL?

  • RSA

  • AES

  • DES

  • 3DES

Correct answer: RSA

RSA is widely used to protect data such as email and other data transmitted over the internet. It is an asymmetric encryption method that uses both a public key and a private key matched pair and is widely used in protocols such as SSL, WEP, and RDP. It's known for its simplicity. The RSA algorithm and its developers, Ron Rivest, Adi Shamir, and Leonard Adleman, laid the groundwork for modern asymmetrical encryption methods.

AES, DES, and 3DES are symmetric cryptography standards.

178.

What is the process of a qualified third party verifying an organization's compliance to standards and regulations called?

  • Attestation

  • Self-assessment

  • Active reconnaissance

  • Due diligence

Correct answer: Attestation

Attestation involves a qualified third party ensuring that an organization meets standards and regulations. It allows for organizations to trust each other because they have been vetted.

A self-assessment is an internal audit. Active reconnaissance is an activity in penetration testing. Due diligence is the process of verifying a third party before doing business with them.

179.

An attacker is examining a company they will potentially attack. They are looking at the company's social media and website in order to create a profile of the CEO. They were able to derive the CEO's email address, as well as potential subordinates. 

Of the following, which did the attacker use in this attack?

  • Open-source intelligence

  • IoCs

  • Vulnerability scan

  • ISAC

Correct answer: Open-source intelligence

The attacker obtained their data from open-source intelligence, which includes such things as public-facing websites, social media, and more. This intelligence gives an attacker information to begin various attacks, such as phishing attempts, as they seek to gain further access to their victim's resources.

Indicators of compromise (IoCs) are pieces of evidence that point to a security incident. A vulnerability scan actively probes a network for vulnerabilities. An information sharing and analysis center (ISAC) is a threat intelligence community.

180.

Sleaze LLC was sued for fraud and is being investigated by the Securities and Exchange Commission (SEC). Sleaze LLC has been ordered to maintain both digital and paper documents for the past three years related to this case. 

Which of the following has occurred in this scenario?

  • An application of a legal hold

  • An assertion of the chain of custody

  • An acquisition of volatile data

  • A reporting of file integrity

Correct answer: An application of a legal hold

When a court demands that evidence be maintained and documented, this is defined as a legal hold. Upon threat of serious penalty, the organization must maintain the evidence for as long as the court defines, no matter the cost. This requires data retention policies and, while it may appear simple, it can be rather complex depending on the accountability of and requirements set forth by the data custodian.

A chain of custody is used to keep a record of evidence. Volatile data is captured during a forensics analysis. File integrity is ensured through hashing.

×