×

Quiz Session - Attempts With Random Questions

CompTIA Security+ (SY0-701) Exam Questions

Page 7 of 50

121.

The process of embedding secret messages has a rather long history. One method is to provide a seemingly normal communication that actually has secret information hidden within. 

What is the term given to the science of writing hidden messages?

  • Steganography

  • Salting

  • Encryption

  • Key stretching

Correct answer: Steganography

Steganography is the science of hiding a secret message within an ordinary message, and the extraction of it at its destination. Steganography goes a step further than cryptography by hiding an encrypted message so that no one suspects it exists. Ideally, anyone scanning the data will fail to know it contains encrypted data.

Salting involves adding data to a password to make it stronger. Cryptography uses ciphertext, which does not look like normal communication. Key stretching is a technique to make keys harder to attack with brute force.

122.

An administrator is providing a class for their users to educate them on how to better secure the organization and make security-conscious decisions. They are discussing password length and complexity. 

How strong would a six-character password be considered, with one capital letter and the rest lowercase?

  • Weak

  • Medium

  • Strong

  • Very strong

Correct answer: Weak

Weak passwords have fewer than eight characters and don't have any special characters or numbers. These passwords should be avoided. A password should contain upper and lowercase letters, special characters, and numbers. It should also not contain common words that the organization may use, such as the user's name or the company name, or any details such as birth dates.

123.

A company has many distributed offices that need to connect remotely. They want the network that connects the offices to have high availability and utilize various connectivity services to improve its performance, agility, and cost-effectiveness. 

What type of solution should they use for this?

  • SD-WAN

  • NAC

  • VLAN

  • HTTPS

Correct answer: SD-WAN

A software-defined wide area network (SD-WAN) uses SDN principles to improve wide area network connections. It can utilize technologies such as 4G, 5G, and MPLS.

NAC is used to determine if systems should be allowed to connect to a network. A VLAN is a logically segmented network. HTTPS is used for secure connections between a web client and a server.

124.

A DLP system notices that a regular user account has started trying to access numerous sensitive files. What category of IoC is being triggered?

  • Blocked content

  • Account lockout

  • Concurrent session usage

  • Impossible travel

Correct answer: Blocked content

Blocked content is one category for indicators of compromise (IoC). If an account is suddenly trying to access numerous resources, then the account may have been compromised by an attacker.

Account lockout is an IoC that can occur if too many failed login attempts occur. Concurrent session usage is an IoC if the number of users suddenly spikes. Impossible travel can be an IoC if the user appears to log in from two separate geographic locations.

125.

Which type of testing is done on an application as it is running?

  • Dynamic analysis

  • Static analysis

  • Tabletop

  • Source code

Correct answer: Dynamic analysis

Dynamic analysis is a type of application testing that is performed on a running application. These types of tests are usually automated as they cover a wide range of different issues related to creating secure applications.

Static analysis is done on an application while it is not running. A tabletop exercise involves discussions with participants in a penetration test. Source code analysis is another term for static analysis.

126.

Which type of attack opens a backdoor into a system, which an attacker can use to connect to the system at a later time?

  • RAT

  • Spyware

  • Keylogger

  • Logic bomb

Correct answer: RAT

A remote access Trojan (RAT) is malware that gets installed on a victim's workstation, typically by clicking on an infected email attachment. It allows the attacker to connect to the infected machine and potentially attack other systems on the network.

Spyware is malware that is designed to steal information from a target. A keylogger is malware that records keystrokes. A logic bomb is malware that executes at a certain time or after a certain action.

127.

Training videos hosted on the corporate intranet are BEST described by which of the following?

  • Computer-based training

  • Role-based training

  • Gamification

  • Capture the flag

Correct answer: Computer-based training

Cybersecurity awareness training can be delivered in various ways. Some methods to be aware of include the following:

  • Gamification creates rewards and incentives for security training, such as rewarding the person who completes training first or has the best score for reporting phishing emails in a month or quarter.
  • Capture the flag exercises set challenges for a user and set flags that they collect to prove that they completed them. These are commonly used when training security personnel on various skill sets.
  • Phishing campaigns or simulations involve sending fake phishing emails to users to evaluate the effectiveness of phishing training and to train them on the latest phishing tactics and threats.
  • Computer-based training (CBT) involves self-study tools such as videos available on the corporate intranet.
  • Role-based training tailors training to an employee's role. For example, financial employees may have a phishing focus, while developers may be trained on common software vulnerabilities.

128.

A trainer is explaining the various cryptographic topics that might be covered in the CompTIA exam. They’re talking about a cipher that always uses a key of 13. For example, to encrypt a message, you count 13 characters past each plaintext letter. To decrypt the message, you trace back 13 characters in the alphabet from the ciphertext. 

This is an example of which of the following?

  • Substitution cipher

  • Polyalphabetic substitution

  • Transposition cipher

  • Enigma machine

Correct answer: Substitution cipher

A substitution cipher works on a fixed system to swap plaintext with ciphertext. Because these systems use the same key and algorithm, they are not true forms of encryption. They are more a form of obfuscation, making the plaintext unclear or difficult to understand.

Polyalphabetic substitution uses multiple substitution alphabets for the same message. A transposition cipher scrambles letters in a certain manner. An enigma machine was a tool created during World War II to encrypt messages.

129.

Which data type is considered to be non-human readable?

  • Binary code

  • Audio

  • Images

  • Text

Correct answer: Binary code

Regulated data can be classified as either human-readable or non-human-readable. Non-human-readable data includes data that has been encrypted or is in machine language or binary code.

Audio, images, and text are examples of human-readable data.

130.

Which type of device is typically hardened through the use of firewalls, antivirus software, and security policies?

  • Workstation

  • Switch

  • Smartphone

  • Router

Correct answer: Workstation

Workstations require extensive hardening techniques because they are complex and users interact with the data on them on a regular basis. Typical hardening techniques include installing antivirus protection, using host-based firewalls, and having extensive security policies.

Switches and routers do not require antivirus software as they operate at lower levels of the OSI model. Smartphones are more controlled environments and do not generally need firewalls or antivirus software.

131.

An auditor is comparing a financial company's security processes to established industry standards. What activity are they involved in?

  • Gap analysis

  • Risk analysis

  • Impact analysis

  • Dynamic analysis

Correct answer: Gap analysis

A gap analysis looks at an organization's security controls and compares them to industry standards. Areas where the organization does not implement any controls are called gaps.

A risk analysis identifies any threats to an organization's systems or business processes. An impact analysis examines the effect of a system being taken offline. A dynamic analysis examines code while it is running.

132.

An administrator is evaluating their organization's risk. They have just determined the amount of risk still remaining after accounting for all controls. What type of risk have they just determined?

  • Residual risk

  • Inherent risk

  • Avoided risk

  • Exempted risk

Correct answer: Residual risk

Residual risk is the amount of risk remaining after accounting for all controls. It's important to consider that adding controls to risks may result in the creation of additional, unintended risks.

Inherent risk is risk before controls are applied. Risk avoidance is when an activity is abstained from because it is too risky. Exempted risk is when a risk control is allowed to be broken due to unique circumstances.

133.

Several developers are working on an application at Smith Industries, and they want to add a few more developers to assist with the workload. The developers are complaining that they are unable to see what changes other users are making, and they are also unsure whether the code has been updated recently. 

Which of the following would be MOST appropriate to help with this issue?

  • Version control

  • Waterfall development method

  • Public key infrastructure

  • Secure enclave

Correct answer: Version control

This scenario is a perfect situation for version control implementation. Version control enables the tracking of individual modifications and updates by having the document checked out by an individual developer who notates what has been changed upon check-in. In addition to being able to see what changes are being made, this also enables the ability to roll back code to specific points as necessary if any issues are encountered.

The waterfall development method is a software development technique that is characterized by being non-iterative. Public key infrastructure is a method of asymmetrical encryption. Secure Enclave is a protected computing environment on Apple devices.

134.

Which technique offers the BEST protection against polymorphic malware?

  • Allow list

  • Block list

  • Deny list

  • Revocation list

Correct answer: Allow list

Polymorphic malware changes its signature to avoid detection. An approved list will only allow specified applications to run, so it is the most restrictive. 

An application blocklist/deny list specifies the applications that are not permitted to run on an endpoint. These lists can be difficult to keep up to date as cybercriminals evolve their malware. Revocation lists are used with digital certificates.

135.

A user is visiting a website using the HTTPS protocol. Which type of certificate are they MOST likely using to verify the authenticity of the website?

  • DV

  • EV

  • SAN

  • Wildcard

Correct answer: DV

Domain Validation (DV) certificates are used to prove the identity of a website using SSL/TLS in an HTTPS session. They are the simplest and most common types of certificates.

Wildcard certificates validate an entire domain rather than a specific URL. Subject Alternative Name (SAN) certificates can support multiple different common names, enabling the same server to support multiple URLs. Extended Validation (EV) certificates perform additional validation of a certificate owner, such as checking that it is a legitimate business.

136.

A contractor inadvertently causing a power outage that takes down a company's servers is an example of what?

  • Internal threat

  • Shadow IT

  • APT

  • Unskilled attacker

Correct answer: Internal threat

Internal threats can be employees, contractors, or business partners that have the ability to attack a system. This can be intentional for various motivations, or it can be inadvertent due to poor oversight.

Shadow IT is the installation of technological solutions without formal approval from the IT department. An advanced persistent threat (APT) is a focused, long-term threat from a well-financed opponent. An unskilled attacker refers to attackers that utilize off-the-shelf hacking tools.

137.

Which of the following protocols can be used to encrypt the content and attachments for an email message?

  • S/MIME

  • SMTPS

  • IMAPS

  • POP3S

Correct answer: S/MIME

Secure Multipurpose Internet Mail Extensions (S/MIME) allow email messages to be encrypted. 

SMTPS, POP3S, and IMAPS are email protocols that use SSL/TLS to encrypt the connection, not the email's content.

138.

Which of the following RAID levels requires a minimum of four disk drives with drives added in pairs, but is capable of mirroring and striping data?

  • 10

  • 5

  • 1

  • 0

Correct answer: 10

RAID level 10 uses striping with parity. Data is striped across multiple disks. If one disk fails, the others can be used as failover.

Raid 5 is striping and parity. Raid 1 is mirroring. Raid 0 is striping.

139.

Which of the following cloud security controls may be necessary to ensure that a company can meet its SLAs?

  • High availability

  • Permissions

  • Encryption

  • Replication

Correct answer: High availability

For cloud storage, main cloud security controls include:

  • High Availability: Cloud service providers can replicate data or functionality across zones, ensuring availability despite the potential for outages in a particular zone. This might be essential for companies with service level agreements (SLAs) regarding the availability of their services.
  • Permissions: Cloud storage can have access controls, which limit who can access the data, reducing the risk of data breaches, ransomware, etc. This can be helpful for companies looking to implement zero trust or reduce their attack surface in the cloud.
  • Encryption: Data can be encrypted in the cloud, reducing the risk of data breaches and enforcing permissions.
  • Replication: Data replication across zones helps to prevent data loss and ensure high availability.

140.

A message shows up on an Android device asking if a login attempt to your account was made by you. Which form of OTP is this likely using?

  • Push notification

  • SMS-based

  • TOTP

  • HOTP

Correct answer: Push notification

One-time passwords are commonly used for multi-factor authentication and can be delivered in various ways. While SMS-based OTPs are one of the most common options, they are also considered insecure due to the potential for them to be intercepted or read from the lock screen of a phone. OTPs can also be delivered to smartphones via push notifications (Google's "Was This You?" pop-up) or via a phone call where the code is read to the recipient.

OTPs can also be generated independently by the server and an authenticator app installed on a user's device. Two methods for doing so include:

  • TOTP: With time-based OTPs (TOTP), the server and authenticator app generate a new code every few seconds. Since they use the same algorithm, they should always be in sync.
  • HOTP: With HOTP, the OTP changes with each successful authentication attempt. Its name derives from the fact that it uses the Hash-Based Message Authentication Code (HMAC) algorithm.
×