×

Quiz Session - Attempts With Random Questions

CompTIA Security+ (SY0-701) Exam Questions

Page 4 of 50

61.

Which type of network attack can be identified by an IDS based on signatures?

  • Malicious code

  • On-path

  • DNS attacks

  • DDoS: reflected

Correct answer: Malicious code

Malicious code attacks such as worms, Trojans, and ransomware can be identified by an IDS because the attacks have unique signatures. These are distinct patterns, such as sequences of bytes in the code that an up-to-date IDS can detect.

On-path attacks involve an attacker intercepting and modifying data between two systems. A DNS attack affects the domain name system. A DDoS attack originates from external infected systems.

62.

A company has a BYOD mobile device deployment method. Some employees keep sensitive corporate information on their devices. Which feature of an MDM tool ensures that corporate data is kept separate from personal data on users' devices?

  • Content management

  • Intrusion detection systems

  • Application management

  • Remote wipe

Correct answer: Content management

Content management is a feature of mobile device management (MDM) tools that ensures that sensitive corporate data and personal data are separate when using a BYOD policy. The MDM controls access to sensitive data.

An intrusion detection system is used to detect suspicious activity. Application management is a feature of MDM that controls what applications can be run. Remote wipe is a feature of MDM that can delete information on the device if it is lost or stolen.

63.

An attacker is looking to capture and steal credit card information and banking details. They install malicious software that silently collects data and sends it to an attacker without the user's knowledge. 

This is an example of which of the following?

  • Spyware

  • Bloatware

  • Rootkit

  • Ransomware

Correct answer: Spyware

Spyware is similar to Trojan malware, but it's a specific type of application that collects data and sends it to an attacker. Trojans and spyware often work hand-in-hand to collect data, send it to an attacker, and then give the attacker access to the system for further use.

Bloatware is additional, unwanted software that comes along with other software. A rootkit is malware that can gain administrative access to a system. Ransomware is malware that encrypts a drive until the user pays a ransom.

64.

What is the primary purpose of an IDS?

  • Alerting

  • Quarantining

  • Reporting

  • Scanning

Correct answer: Alerting

Intrusion detection systems (IDSs) are used to alert an organization of suspicious activities. They do not perform other functions such as actively responding to an event.

Quarantines are used to separate infected systems or applications. Reporting refers to generating structured reports for the purpose of turning events into actionable intelligence. Scanning involves the systematic probing of systems on a network.

65.

HR employees need to send personal and sensitive information to an employee for review. The information is regulated for privacy, and the HR resources need to ensure that only the recipient is able to open and view the information after authentication. 

What can they use to encrypt the message into an unreadable form?

  • A cipher

  • A token

  • An index

  • A counter

Correct answer: A cipher

In cryptography, a cipher is an algorithm for performing encryption or decryption—a series of well-defined steps that can be followed as a procedure. It is also sometimes used to refer to the encrypted text message itself, although, in that case, the term "ciphertext" is preferred.

A token is used to replace sensitive data with a value that can later be replaced. An index is a data structure that increases data retrieval operations. A counter is a value that increments after each iteration.

66.

A new HR employee receives a call from an individual who introduces himself as the president of HR. He requests personal information on several employees who are reportedly getting fired. The HR employee provides the information before it is discovered that this was a targeted attempt. 

What type of attack was this?

  • Social engineering

  • SQL injection

  • Brute force

  • Piggybacking

Correct answer: Social engineering

Social engineering is the act of manipulating users into revealing confidential information or performing other actions detrimental to themselves. An example is a hacker pretending to be from IT and calling an employee to coax her into giving him a username and password.

A SQL injection inserts database commands. A brute force attack tries to crack a password. Piggybacking is an unauthorized user using an authorized connection.

67.

An attacker has in mind a valuable account that they want to crack the password for. They employ a list of words that are commonly used in passwords, along with common names and other words. These words and phrases allow the software to operate much faster than when it generates random strings dynamically. 

What type of attack are they using to crack the password?

  • Dictionary

  • Brute force

  • Spraying

  • Guessing

Correct answer: Dictionary

A dictionary attack uses a prearranged list of likely words to guess a password. The attacker goes through the list word by word until they can guess the password and gain access to the system. Account lockouts help fight these attacks.

A brute force attack uses all combinations of characters to crack a password. A spraying attack uses a few common or likely passwords on a long list of accounts. Guessing involves knowing personal information about the target to use as a starting point for guessing their password.

68.

Which attribute of a digital certificate allows for specifying additional domains that are protected by the certificate?

  • SAN

  • CN

  • Public key

  • Validity period

Correct answer: SAN

A digital certificate has many attributes defined by the X.509 standard. The subject alternative name (SAN) allows for multiple DNS names supported by a single certificate.

The common name (CN) attribute contains the certificate owner. The public key attribute contains the actual public key used for secure communications. The validity period shows the dates that the certificate is valid.

69.

Which of the following types of exercises involves talking through responses to a simulated security incident?

  • Tabletop

  • Journaling

  • Failover

  • Simulation

Correct answer: Tabletop

In a tabletop exercise, a group engages in a discussion in which they are presented with a scenario and talk through how they would respond based on relevant plans and procedures.

Journaling is a backup type that keeps track of every transaction. A failover test evaluates how a backup site or system responds. In a simulation, participants actually perform their roles, and certain systems may be brought offline to simulate outages.

70.

Virtual desktops or cybersecurity solutions offered as a service are examples of which of the following cloud computing models?

  • XaaS

  • SaaS

  • PaaS

  • IaaS

Correct answer: XaaS

Anything as a Service (XaaS) refers to the fact that anything can be hosted in the cloud and offered as a service. Security services and Desktop as a Service (DaaS) offerings can fall into this category.

Software as a Service (SaaS) is a model in which a cloud provider develops and offers a fully managed solution to customers. Examples include Gmail and Office 365. Platform as a Service (PaaS) is a model in which the cloud provider manages an environment where customers can create applications. Examples include hosted development environments, web servers, and databases. Infrastructure as a Service (IaaS) is a model in which the cloud provider manages an environment where the customer can deploy and operate their own virtual machines (VMs). Amazon's EC2 is an example of IaaS.

71.

Which process is used to ensure that data is retained long enough to keep a business in compliance with legal requirements?

  • Archiving

  • Reporting

  • Scanning

  • Alerting

Correct answer: Archiving

Archiving is required in various industries to stay in compliance with government regulations. This includes the retention of data such as emails and forensic evidence from security breaches.

Reporting is the transformation of monitored information into actionable intelligence for management. Scanning is the active probing of systems on a network. Alerting is the notifying of suspicious activity.

72.

Which indicator of attack often occurs when an attacker brute-forces login attempts?

  • Account lockout

  • Resource consumption

  • Missing logs

  • Blocked content

Correct answer: Account lockout

Brute-force login attempts or incorrect password tries can result in an account lockout. Authentication systems should be configured to lock out accounts after a certain amount of failed attempts.

Resource consumption can occur when log files fill up, bandwidth is consumed, or cryptojacking occurs. Missing logs occur after a system has been exploited. Blocked content can occur if an attacker is attempting to access the content.

73.

An attacker is investigating a website and suspects that it does not sanitize its inputs. They enter the following into the username field:

John Smith') or true--

After they hit enter, the application lets them log in.

Which of the following BEST describes the attack in this scenario?

  • SQL injection

  • Cross-site request forgery

  • Credential replay

  • Privilege escalation

Correct answer: SQL injection

One of the primary vulnerabilities to be aware of when dealing with SQL databases is the SQL injection. While the database itself is not vulnerable to attack, the web application that interfaces with the SQL database can be. This makes practices such as input sanitization important to ensure that attackers are not able to bypass logins or extract user or customer information.

Cross-site request forgery involves tricking a user into performing actions on a site they are authenticated on. A credential replay steals user credentials to gain access to a system at a later time. Privilege escalation involves exploiting a vulnerability in an application to gain administrative access to the system.

74.

An administrator wants to ensure that if any system configuration files on their web servers are modified, they will be instantly notified. What type of solution should they implement?

  • File integrity monitoring

  • DLP

  • NAC

  • Antivirus

Correct answer: File integrity monitoring

File integrity monitoring is used to detect if any specified files have been changed. It takes a baseline of files and sends notifications immediately if there are any changes.

Data loss prevention (DLP) is a system to keep data from being exfiltrated. Network access control (NAC) is used to ensure that devices that connect to a network meet certain requirements. Antivirus programs check for malware that may not alter critical system files.

75.

A software development company is identifying their risks. They find that they are using a PaaS solution for application development from a provider that serves many other clients. Which category of risk does this belong to?

  • Multiparty

  • Legacy systems

  • Software compliance/licensing

  • IP theft

Correct answer: Multiparty

Risk can be classified in a few different ways. Multiparty risks are commonly external because they originate from an organization's relationships with other organizations.

Legacy systems may not be supported by vendors and may contain outdated software or hardware. As a result, they are more likely to contain exploitable vulnerabilities. Software compliance/licensing issues can arise if an organization doesn't keep track of its software usage and purchases insufficient licenses. Also, software commonly includes third-party libraries, which may have associated licenses that an organization may not be aware of or compliant with. An organization's intellectual property can be stolen by an internal or external party. Encryption and access control are common controls for protecting against IP theft.

76.

An attacker is carrying out a birthday attack on a weak hash algorithm they discovered on a victim's network in order to decrypt the password. Which of the following does the birthday attack exploit?

  • Hash collision

  • Chosen plain text

  • Known plain text

  • Related key

Correct answer: Hash collision

A hash collision is an event that appears when the hashing algorithm ends up creating a hash value that is the same for different passwords. This can permit an attacker access despite not having the correct password. Birthday attacks can be mitigated by increasing the hash bit length, which increases the number of hashes that can be generated.

A chosen plain text attack involves an attacker having ciphertexts corresponding to plain texts they have chosen. A known plain text attack involves the attacker knowing some plain text along with the corresponding ciphertext. A related key attack involves an attacker having ciphertext encrypted under two different keys.

77.

Which type of attack does not get installed directly onto a system, but runs only in memory?

  • Fileless

  • Spyware

  • Backdoor

  • Rootkit

Correct answer: Fileless

A fileless virus does not install any files onto a system. It may be associated with another program, so that every time that program is run, it gets loaded into memory. It can be very difficult for antivirus software to find and clear away this type of virus.

Spyware is used to gather information from a target. A backdoor grants an attacker a way to enter the system at a later point in time. A rootkit gives an attacker administrative access to a system.

78.

Which of the following is a common attack used to fraudulently obtain private information through methods such as email?

  • Phishing

  • DDoS

  • Brute force

  • Pretexting

Correct answer: Phishing

Phishing is the attempt to fraudulently obtain private information. A phisher masquerades as someone else and sends the victim a request for information using methods such as email.

A DDoS is an attack that sends excessive traffic. Brute force is used to crack passwords. Pretexting is used to create a situation before using an impersonation attack.

79.

Continuity-of-operations planning is an extremely critical element of business impact planning and covers the restoration of mission-critical functions within the organization. Primarily, a recovery site is an alternative location where operations can take place and which serves as a failover in the event of a catastrophe at the main site. 

Of the following types of redundant sites, which is a nearly complete duplicate of the main site and costs the most to maintain?

  • Hot site

  • Warm site

  • Cold site

  • Gray site

Correct answer: Hot site

A hot site is a near-duplicate of an organization's original site. It can be up and running within minutes should an outage occur. Computers and phones are up and ready, and a simulated server room is installed.

A warm site has infrastructure in place, but not the data. A cold site has space, power, and network connectivity but lacks systems and data. Gray sites are not a part of resiliency planning.

80.

What is an advantage of using agent-based collection methods for network monitoring?

  • Lower bandwidth usage

  • Simplicity of deployment

  • Reduced resource consumption

  • Non-intrusive monitoring

Correct answer: Lower bandwidth usage

Agent-based collection involves software programs on the endpoints that need to be monitored. This can reduce the amount of traffic sent compared to agentless collection because data is only sent when needed.

Agent-based collection is more complex because the agents on each system have to be maintained. Running agents on each system is more resource-intensive and takes away from resources that should be devoted to the device's main purpose. Agent-based is an intrusive monitoring style.

×