×

Quiz Session - Attempts With Random Questions

CompTIA Security+ (SY0-701) Exam Questions

Page 6 of 50

101.

Which of the following is the MOST volatile memory location?

  • CPU cache

  • RAM

  • Swap file

  • Hard disk

Correct answer: CPU cache

The forensic order of volatility specifies the order in which evidence should be collected. In order from most to least vulnerable, sources of evidence are:

  • CPU cache: CPU cache and registers are continually changing, and it is very difficult to capture this information for forensic purposes.
  • Random Access Memory (RAM): RAM contains recently-used data, which may include documents, passwords, etc. Tools such as dd or FTK imager can be used to collect this evidence.
  • Swap File/Page File: Swap memory is on the mass storage drive but is used to temporarily hold data that would otherwise be in RAM if it could fit.
  • Hard disk: The hard disk is the main storage for the system and includes documents, programs, etc.
  • Logs on remote systems (network): Remote log files may include information on the system's network activity.
  • Optical disks (DVDs): DVDs can be used to store data in extremely non-volatile memory.

102.

A news organization needs to provide centralized authentication for their VPN connections, as many of their reporters connect from around the globe. What can they use that provides centralized authentication of dial-up and VPN connections for a network?

  • RADIUS

  • RIPEMD

  • RBAC

  • RTOS

Correct answer: RADIUS

Remote Authentication Dial-In User Service (RADIUS) provides centralized administration of dial-up, VPN, and wireless authentication and can be used with EAP and 802.1x.

RIPEMD is a cryptographic hash function. Role-based access control (RBAC) is used to control access to resources. A real-time operating system (RTOS) is a streamlined operating system for specific functions.

103.

Which of the following regulations defines data security controls for EU citizens' personal data?

  • GDPR

  • ISO/IEC 27002

  • HIPAA

  • PCI DSS

Correct answer: GDPR

Numerous regulations, standards, and laws govern the protection of personally identifiable information (PII) and cybersecurity. Some common examples include:

  • ISO/IEC 27002: The International Standards Organization (ISO)/International Electrotechnical Commission (IEC) 27002 (originally 17799) standard describes information security management best practices. Information security management is broken into domains, including (but not limited to) Risk Assessment, Security Policies, and Asset Protection.
  • Health Insurance Portability and Accountability Act (HIPAA): HIPAA is a US regulation designed to ensure the privacy of protected health information (PHI).
  • General Data Protection Regulation (GDPR): The GDPR is an EU regulation that protects the PII of European citizens. It implemented rules for protecting PII and provided certain rights for citizens. GDPR inspired many later rules such as the CCPA.
  • Payment Card Industry Data Security Standard (PCI DSS): PCI DSS was developed by the major credit card brands to ensure the protection of consumers' financial information and protect against financial fraud.

104.

Which tool allows a Windows administrator to control settings of systems on a network using Active Directory?

  • Group Policy

  • Task Manager

  • MDM

  • SCADA

Correct answer: Group Policy

Group Policy allows for applying security settings across Windows systems that are using Active Directory. This gives centralized control over large-scale deployments.

Task Manager is used to view system resource usage. MDM is used to manage mobile devices. SCADA is used to control industrial equipment.

105.

As a security analyst, you have been tasked with performing a vulnerability scan against the organization's network. Of the following tools, which would NOT achieve this?

  • Autopsy

  • Nessus

  • OpenVAS

  • Nexpose

Correct answer: Autopsy

Nessus, Nexpose, and OpenVAS are all examples of vulnerability scanners that could be used to test for vulnerabilities in an organization's network. 

Autopsy is a tool that can be used along with The Sleuth Kit for forensic analysis. Autopsy is not a vulnerability scanner.

106.

Which of the following backup types occurs directly after each change is made?

  • Replication

  • Full

  • Incremental

  • Snapshot

Correct answer: Replication

Data replication ensures that any change is backed up in real time. This is ideal for mission-critical transactions that need to be confirmed before they are considered complete.

A full backup copies all files at once. An incremental backup backs up files that have the archive bit set. A snapshot captures the full state of a system.

107.

A software development company that operates solely in the U.S. has a data breach. What dictates their legal responsibilities for disclosure of this event?

  • Individual states

  • Federal government

  • GDPR

  • GLBA

Correct answer: Individual states

In the United States, each state has its own laws with different requirements. There is no law at the federal level for dealing with data breaches that applies to all industries.

The federal government in the United States only regulates data breaches for specific industries, such as healthcare. The GDPR's jurisdiction is in the European Union. The GLBA is a regulation used for financial institutions.

108.

An insurance agency has many traveling salespeople who carry sensitive information on their laptops. The company is concerned that if a traveling salesperson's username and password were compromised, an attacker would be able to gain access to the network. 

What is a security measure they can use to protect the network if a hacker gets access to a username and password?

  • Multifactor authentication

  • WEP

  • Single sign-on

  • Key stretching

Correct answer: Multifactor authentication

Multifactor authentication requires two steps before a user can access the network. First, the user enters a username and password. Then they need a token or key, usually sent to their phone or computer, to complete the authentication. This eliminates the ability of a hacker to access the network with stolen credentials.

WEP is an obsolete wireless security protocol. Single sign-on is an authentication method that lets a user access multiple systems with one set of credentials. Key stretching is a technique to make passwords stronger.

109.

An administrator needs to keep a user from deleting any of their email files after an incident. What term describes the actions of the administrator in this situation?

  • Legal hold

  • Chain of custody

  • Acquisition

  • Quarantine

Correct answer: Legal hold

A legal hold describes a situation where evidence must be held. The Federal Rules of Civil Procedure (FRCP) requires organizations to put information under a legal hold if they reasonably anticipate any litigation or government investigation.

A chain of custody is a document that keeps track of evidence. Acquisition refers to gathering evidence from a compromised system. A quarantine is an isolated area in a system.

110.

Which of the following vectors can be used to attack systems protected by an air gap?

  • Removable media

  • Phishing

  • Supply chain

  • Social media

Correct answer: Removable media

Removable media is a vector that can be used to attack air-gapped systems, which are physically disconnected from an outside network.

Phishing attacks (including spear phishing, whaling, invoice scams, etc.) may use email or other messaging systems as a vector. Supply chain attacks exploit an organization via its relationships with suppliers, vendors, and other service providers. Social media may be a vector used to collect information about a target and potentially send them a malicious link.

111.

Which of the following situations can be addressed by using honeyfiles?

  • A company wants to know when a system is breached

  • A company wants to have their administrative interface to a system located on a separate network

  • A company wants to block malicious sites based on their domain names

  • A company wants to monitor if any system files have changed

Correct answer: A company wants to know when a system is breached

Honeyfiles are files that are intended to be attractive to attackers. If a honeyfile is discovered to have been exfiltrated, it shows that the system has been breached.

Out-of-band management is used when a company wants to have their administrative interface to a system located on a separate network. DNS filtering is used when a company wants to block malicious sites based on domain names. File integrity monitors are used when a company wants to monitor if any system files have changed.

112.

An auditor is analyzing the IT infrastructure of a small U.S. medical company that handles patient records. How will the company's industry impact the analysis?

  • The company will need to protect personal health information

  • The company will need to provide whistleblower protection

  • The company will need to report financial statements to regulators

  • The company will need to share its corporate governance structure

Correct answer: The company will need to protect personal health information

Companies that work with patient data need to be aware of HIPAA regulations. This means they have to have safeguards in place to protect personal healthcare information.

Providing whistleblower protection, reporting financial statements to regulators, and sharing its corporate governance structure are needed by publicly traded corporations to meet SOX requirements.

113.

In which of the following environments is quality assurance (QA) on an application typically performed?

  • Test

  • Development

  • Staging

  • Production

Correct answer: Test

The four main types of environments for secure software development include:

  • Development: The development environment is where the code is written.
  • Test: The test environment is used to verify the code's correctness, security, performance, etc., and is where quality assurance (QA) is performed.
  • Staging: The staging environment emulates the real-world deployment environment and is used to verify that a solution will work within an organization's infrastructure.
  • Production: The production environment is the real-world environment where the solution is deployed.

114.

Which technical implication is related to changes when there are legacy applications involved?

  • Lack of vendor support

  • Software added to deny lists

  • Inability to put software in an allow list

  • Security lapses during application restarts

Correct answer: Lack of vendor support

Legacy applications are older applications that may not be supported by vendors anymore. That means they may not have patches for new security vulnerabilities.

Legacy applications are not directly related to allow or deny lists. Security lapses can occur when any services or applications are restarted.

115.

Acme Inc. has been encountering issues with hacker intrusions on their network, and they want to ensure that it doesn't happen again. They have improved their firewalls and perimeter security, but they want to make sure that they can identify attacks as they happen. 

What type of system should they use to detect malicious network activity?

  • IDS

  • WAF

  • Forward proxy

  • Reverse proxy

Correct answer: IDS

An intrusion detection system (IDS) attempts to detect malicious network activity by monitoring network traffic. It detects rogue machines, including desktops and mobile devices. It can also detect network sniffers.

A web application firewall (WAF) focuses on protecting a web application. A forward proxy accepts requests from clients and sends them to the correct servers. A reverse proxy is placed in front of servers for load balancing and caching.

116.

As a part of effective security governance, a company must rapidly evolve to meet the changing challenges and opportunities in their business sector at a global level. For instance, textile manufacturers need to keep up-to-date with the latest fashions. 

Which aspect of corporate governance does this concern belong to?

  • Industry

  • Legal

  • Regulatory

  • Local

Correct answer: Industry

Companies need to stay aware of changes in their industry. Failure to adapt can make a company lose its competitiveness.

The legal aspect refers to being lawful in things such as contracts and intellectual property. The regulatory aspect refers to following governmental regulations and guidelines. The local aspect refers to meeting requirements for specific geographical areas.

117.

An administrator notices that users of Android devices have manually installed APK files without using the official app store. Which term describes this practice?

  • Sideloading

  • Jailbreaking

  • Rooting

  • Counterfeiting

Correct answer: Sideloading

Sideloading is the process of installing apps on a device from a source other than the official app store. This has a higher potential of exposing the device to malware.

Rooting is the term for gaining administrative access to a device. Jailbreaking is an example of rooting on iOS devices. Counterfeiting is the process of illegally creating goods that look like a genuine product.

118.

A company wants to give their users the freedom to install any extra applications they feel that they need to be more productive. However, there are a few applications they do not want users to install because they may impact productivity. 

What type of solution should they implement for this?

  • Block list

  • Allow list

  • Quarantine

  • Isolation

Correct answer: Block list

An application block list/deny list specifies the applications that are not permitted to run on an endpoint. These lists can be difficult to keep up to date as cybercriminals evolve their malware. For example, blocklists are less effective against zero-day threats and polymorphic malware.

An application allow list/approved list specifies the applications that are permitted to run on an endpoint. These lists must be kept up to date as the organization uses new applications and can cause issues if a legitimate application is excluded from the list. Endpoint security solutions commonly have quarantine functionality to prevent suspicious, malicious, or infected files from causing damage to an endpoint. Quarantining refers to disconnecting a system from the network rather than managing the risk posed by a particular application.

119.

Which of the following is an acquisition tool that can be used when conducting digital forensics?

  • FTK Imager

  • Task Manager

  • Event Viewer

  • Top

Correct answer: FTK Imager

Acquisition tools focus on creating exact, bit-by-bit copies of devices. FTK Imager is used to acquire drive images for analysis in FTK or Autopsy. 

Task Manager is a Windows utility used to provide information about running applications and processes. Event Viewer is used to view and analyze system events. Top is a command-line utility in Linux for information about processes and resource usage.

120.

Which of the following types of certificates is used as proof that a certificate owner is a legitimate business?

  • EV

  • DV

  • Wildcard

  • SAN

Correct answer: EV

Extended Validation (EV) certificates perform additional validation of a certificate owner, such as checking that it is a legitimate business.

Wildcard certificates validate an entire domain rather than a specific URL. This runs the risk that a rogue URL could be created and validated using the wildcard certificate. Subject alternative name (SAN) certificates can support multiple different common names, enabling the same server to support multiple URLs. A domain validation (DV) certificate is used to prove the identity of a website using SSL/TLS.

×