×

Quiz Session - Attempts With Random Questions

CompTIA Security+ (SY0-701) Exam Questions

Page 10 of 50

181.

A company wants to test how well it is prepared for a disaster by performing exercises at a backup site. What type of resilience training are they doing?

  • Failover

  • Tabletop

  • Parallel processing

  • Snapshot

Correct answer: Failover

In a failover test, a company tests its resiliency by seeing how its systems react when failing over to an alternate site. This has the potential to disrupt normal operations, but gives the most assurance that the failover site is working as intended.

In a tabletop exercise, a group engages in a discussion in which they are presented with a scenario and talk through how they would respond based on relevant plans and procedures. In parallel processing, a system's load is distributed across multiple sites. A snapshot is a copy of a virtual machine at a given moment in time.

182.

A penetration tester is currently using OSINT to gather intelligence about a target. What type of reconnaissance are they engaged in?

  • Passive

  • Active

  • Offensive

  • Defensive

Correct answer: Passive

Passive reconnaissance gathers information without actively engaging a target. This can include gathering open-source intelligence (OSINT) such as DNS information and web searches.

Active reconnaissance engages the target through scanning. Offensive penetration testing refers to testing in a simulated attack. Defensive penetration testing refers to focusing on an organization's ability to defend against attacks.

183.

Which term describes the situation when an intrusion prevention system fails by not detecting malicious traffic?

  • False negative

  • False positive

  • True negative

  • True positive

Correct answer: False negative

When the IPS does not have an attack signature in its database or misses an attack and allows traffic to pass, it's considered to be inaccurate, or a false negative. False negatives are dangerous for the network. IPSs should always be updated and patched to help them detect the latest malicious traffic.

A false positive is when an incident is flagged, but it is not a real threat. A true negative is when the system correctly identifies traffic as non-malicious. A true positive is when an incident is correctly identified.

184.

Which of the following classifications covers data vital to an organization's operations, such as customer lists or encryption keys?

  • Critical

  • Confidential

  • Sensitive

  • Proprietary

Correct answer: Critical

Data can have various classifications that affect its security requirements. Some common classifications include:

  • Public: Public data is freely accessible and requires availability (and potentially integrity) protection but not confidentiality. Information on a corporate website is an example of public data.
  • Private: Private data is intended for internal use only. This may include sensitive business data or customers' personal information.
  • Sensitive: Sensitive data is private data that should be protected against unauthorized exposure to external parties.
  • Confidential: Confidential data is data that can cause significant harm to the organization if it is exposed to an unauthorized party.
  • Critical: Critical data is vital to the organization's ability to perform its core mission or operations. Customer lists are an example of critical data.
  • Proprietary: Proprietary data is data that is private to an organization that provides it with a competitive advantage. Trade secrets like the Coca-Cola secret recipe are an example of proprietary data.

185.

For regulatory reasons, a company needs to limit access to a portion of its website to only visitors located in the European Union. What method of restricting access to data should they use in this situation?

  • Geographic restrictions

  • Encryption

  • Obfuscation

  • Segmentation

Correct answer: Geographic restrictions

Restricting access by geography is one way to approach complying with regional regulations. This may not be fully ideal if users use a VPN to bypass this restriction.

Encryption, obfuscation, and segmentation do not use geographic location as a factor.

186.

An organization wants to perform a penetration test that simulates how an internal threat from a network administrator could attack the network. Which type of penetration test should they use?

  • Known environment

  • Unknown environment

  • Partially known environment

  • Mostly known environment

Correct answer: Known environment

In a known environment test, the tester is granted full access to the target environment and documentation. This eliminates the need for the attacker to perform reconnaissance and is more efficient than an unknown environment test.

In an unknown environment test, the tester has no knowledge of the target environment. This simulates an attack by an outside attacker who needs to do their own research. In a partially known environment test, the attacker has limited information and access to the target environment. This simulates an attack by the average user. Mostly known environment is a fabricated term.

187.

A user receives a phishing email claiming that a transaction has been made on one of their online accounts. Which of the following principles of effectiveness is MOST likely being used?

  • Urgency

  • Consensus

  • Familiarity

  • Scarcity

Correct answer: Urgency

The seven principles or reasons for the effectiveness of social engineering are:

  • Authority: People are likely to follow the instructions of the boss or other authority figures.
  • Intimidation: People are likely to do something if they fear the consequences of not doing so.
  • Consensus: People are more likely to do something if they think everyone else is (bandwagon effect).
  • Scarcity: People are more likely to do something if the attacker offers something that they want and that seems difficult to obtain.
  • Familiarity: People are more likely to help people that they like or that they think are like them.
  • Trust: People are more likely to help someone whom they trust and have a rapport with.
  • Urgency: People are more likely to do something without thinking about it if the request seems urgent.

This is an example of an attack using urgency because the user feels that they need to fix the issue right away before they are billed for the transaction.

188.

An administrator is evaluating the necessary metrics for recovery and restoration of their server environment. They determine they want to minimize the amount of data loss that could occur due to a disaster rather than focus on how quickly their servers can be restored. 

Which metric is the administrator focusing on?

  • RPO

  • RTO

  • MTTR

  • MTTB

Correct answer: RPO

The recovery point objective (RPO) is the acceptable latency period of data, or the maximum tolerable time that data can remain inaccessible after a disaster. For example, if a server only receives updated data weekly, and they can tolerate some data loss, the recovery point objective would be one week.

The recovery time objective (RTO) is the amount of time that is acceptable before services are restored. The mean time to repair (MTTR) is the average time it takes to repair a failed component. The mean time between failures (MTBF) is the average time between a system's failure and its next failure.

189.

An administrator wants to view log files of traffic that was blocked because it was automatically determined to be malicious. What type of log files should they look through?

  • IPS

  • Network

  • Application

  • DNS

Correct answer: IPS

An intrusion protection system (IPS) generates log files that show its activity. An administrator can view these later to get an idea of the type of malicious traffic that it detects.

Network logs record the flow of all types of traffic along a network. Application logs record events from individual applications. DNS logs record events related to domain name resolution.

190.

A financial analyst is working on a laptop issued to them by their company. What account type should they be using?

  • User

  • Administrator

  • Service

  • Guest

Correct answer: User

A computer can have a few different types of accounts. A user account is an unprivileged account assigned to general users of the system. Even more privileged users should use a user account for non-privileged tasks.

Administrator/root accounts have full control over the system and should be used sparingly only by administrators who need this level of control. Service accounts are used by software and processes on a system that shouldn't be run under user accounts. Guest accounts have minimal access and privileges on a system and are intended for temporary access.

191.

The owner of a small business is interested in enabling workers to work from home over the internet. They are concerned about the security of the data being transferred over the internet and want to ensure it is protected from eavesdropping. 

Which type of connection can they use that tunnels data through an encrypted connection so that users can securely access company resources?

  • VPN

  • Load balancer

  • Proxy server

  • Jump server

Correct answer: VPN

A virtual private network (VPN) secures sessions through an encrypted tunnel. They can be used for wired connections across the internet or for Wi-Fi access points. The VPN extends a private network over an unsecured network, such as the internet, and provides an ability for users to send and receive data over these unsecured mediums. The connection appears to the user's computer as if it were a local network, and resources are accessed in the same way, with the VPN acting as a bridge.

A load balancer distributes traffic amongst participating nodes. A proxy server forwards requests. A jump server is a secured server that provides access to other servers.

192.

An attacker is eavesdropping on communications between a server and a host. The attacker is able to obtain the authentication credentials from within the communications string and store them. Later on, the attacker will use those stored credentials to impersonate the host machine and gain access. 

This is an example of which of the following?

  • Replay attack

  • Privilege escalation

  • Forgery

  • Directory traversal

Correct answer: Replay attack

A replay attack is where an attacker manages to "replay" or resend data that was already part of a communication session. In vulnerable protocols and technologies, authentication packets may be reusable and thus provide an attacker with access if they were to capture them and replay the communications later. Proper mitigation methods would be labeling packets with time stamps and applying sequence numbers.

A privilege escalation occurs when an attacker exploits a weakness to gain higher user privileges on a system. Forgery attacks exploit trust relationships. Directory traversal allows an attacker to view files and directories they should not have access to.

193.

Which type of hardening technique is typically done with a router?

  • Disabling remote access except through SSH

  • Enabling support for VLANs

  • Uninstalling unnecessary services

  • Turn off logging

Correct answer: Disabling remote access except through SSH

Typical hardening techniques for routers include changing default credentials, enabling firewalls, keeping firmware up-to-date, and only using SSH to access remotely. SSH encrypts communications over a network.

VLANs are configured on switches. Uninstalling unnecessary services is used to harden servers and workstations. Logging should be enabled on a router.

194.

Smith Industries has several sister companies under its umbrella and wants to get a domain name that reflects that. They are reviewing several different forms. They require one that has different URLs for each company but shows that they are owned by Smith Industries. 

Which of the following would they use?

  • Subject alternative name

  • Wildcard certificate

  • Self-signed certificate

  • Common name

Correct answer: Subject alternative name

A subject alternative name (SAN) is used when an organization has several websites/URLs that need to be identified as being owned by the same organization. This is used in cases like Google, where they have domains such as *google.com, *.android.com, *.cloud.google.com, etc.

A wildcard domain is good for subdomains of a domain. A self-signed certificate is used internally or for testing. A common name describes the certificate owner.

195.

Which type of physical control can offer both detection and response capabilities?

  • Security guards

  • Lighting

  • Fencing

  • Bollards

Correct answer: Security guards

Security guards are able to both identify security issues and respond to them, as well. They can be stationed in one area, kept in a central monitoring station, or roam the building.

Lighting is used to make an area more visible and feel safer. Fencing is used at a perimeter to deter attacks. Bollards are used to prevent vehicles from entering an area.

196.

Which consequence of non-compliance can directly revoke a company's right to provide services in an industry?

  • Loss of license

  • Reputational damage

  • Fines

  • Contractual impacts

Correct answer: Loss of license

Many industries require licenses in order to operate legally. If the license is revoked due to non-compliance, it can completely halt a company's core business.

Reputational damage is a non-tangible effect of non-compliance. Fines can be a financial setback but do not mean that operations must be stopped. Contractual impacts can result in expensive legal battles.

197.

Outages have been occurring with recent applications of various patches to the servers. The administrators are growing frustrated with the restoration work required after a failed patch and want to ensure that this does not continue. 

Which of the following methods should they implement?

  • Testing the patches in a sandboxed environment

  • Applying the patches to a small subset of production servers

  • Applying the patches one server at a time

  • Taking system images before the patches and restoring them immediately upon issue

Correct answer: Testing the patches in a sandboxed environment

The ideal solution would be to test the patches in a sandboxed environment, having a test server that takes the patch and is then evaluated for whether it has been impacted in the event that a patch is bad. There have been cases in which Microsoft updates have taken down Windows server installations, which required extensive restoration. Situations like that can be averted simply by testing the patches in a development sandbox before applying them to the whole organization.

198.

In which of the following exercises might participants be required to restore from backups or have systems turned off to emulate outages?

  • Simulation

  • Walkthrough

  • Tabletop

  • Documentation review

Correct answer: Simulation

The effectiveness of an incident response plan can be tested in a few different ways, including:

  • Simulation: A simulation is the most realistic, complex, and expensive form of testing incident response plans and strategies. In this type of exercise, participants actually perform their roles, and certain systems may be brought offline to simulate outages, etc.
  • Documentation Review: This simple exercise involves relevant stakeholders (IRT, managers, etc.) reading through IRT plans to ensure that they are accurate, up-to-date, and logical. Periodic documentation reviews are commonly required for regulatory compliance.
  • Tabletop: In a tabletop exercise, a group engages in a discussion in which they are presented with a scenario and talk through how they would respond based on relevant plans and procedures.
  • Walkthrough: A walkthrough builds on a tabletop exercise by having participants go through the motions of performing their duties. This may occur in a conference room or on-site, but team members don't do anything that could negatively impact operations.

199.

Which of the following access control models involves organizing users into groups based on their duties?

  • RBAC

  • ABAC

  • MAC

  • DAC

Correct answer: RBAC

Role-based access control assigns privileges based on a user's position in an organization. This is ideal in organizations where employees have clearly defined roles.

Attribute-based access control (ABAC) manages access by assigning attributes to entities and defining rules using these attributes to manage access. Mandatory access control (MAC) is when every resource is given a classification label, and every entity is assigned a certain clearance level. This is the form of access control used by the government and military (e.g., Classified, Secret, and Top Secret). Discretionary access control (DAC) is when the owner of a particular resource configures access controls for it. This is the default access control model for most operating systems.

200.

A grocery store contracts with a third party to develop their mobile application. Each time they want to add a new feature to the app, they want to send over a formal document that outlines the individual tasks to be performed, along with timelines. 

What type of document should they use for this?

  • SOW

  • MOU

  • SLA

  • BPA

Correct answer: SOW

A statement of work (SOW) is a document that outlines how a particular task should be completed. It can include the deadline, deliverables, and payment information.

A memorandum of understanding (MOU) is a document that shows the intent of two organizations to work together. A service level agreement (SLA) is a document that outlines how a vendor provides its services. A business partnership agreement (BPA) describes the roles and responsibilities of each partner, as well as how they divide profits.

×