×

Quiz Session - Attempts With Random Questions

CompTIA Security+ (SY0-701) Exam Questions

Page 8 of 50

141.

Which of the following password policies may involve a list of approved special characters for a password?

  • Password complexity

  • Password length

  • Password history

  • Password resemblance

Correct answer: Password complexity

  • Password complexity rules commonly mandate a combination of uppercase and lowercase letters, numbers, and special characters.
  • Password length rules improve security by exponentially increasing the space of possible passwords.
  • Password history stores the previous X password hashes to ensure that a user doesn't reuse the same password. Password reuse policies ensure that a user doesn't use any of the previous X passwords when setting a new password.
  • Password resemblance refers to preventing users from setting a new password that is different from but similar to a past one. For example, changing Password!1 to Password!2. This is difficult to safely enforce because it requires access to the plaintext versions of a user's past passwords.

142.

A company wants to implement new security updates while minimizing disruptions to business processes during the update. What should they use to accomplish this?

  • Maintenance window

  • Backout plan

  • Standard operating procedure

  • Impact analysis

Correct answer: Maintenance window

A maintenance window is a scheduled time for implementing fixes. This lets users know when there will be downtime, and it can be scheduled during off-peak hours.

A backout plan is used when a change does not go according to plan. Standard operating procedures are used to inform users about how they should use a system on a day-to-day basis. An impact analysis examines the effects that a change can have on other systems.

143.

An organization is calculating the loss that would occur if one of their servers failed. They are currently looking at the financial losses that would be felt, and determined it to be around $10,000. 

What type of assessment have they conducted?

  • Impact

  • Exposure factor

  • ALE

  • ARO

Correct answer: Impact

An impact analysis often results in a monetary value that shows the consequences of an outage. This factor allows organizations to determine how much to spend on controls to mitigate risks to this asset.

The exposure factor is a percentage of an asset's value likely to be affected. The annualized loss expectancy (ALE) is the total expected losses per year. The annualized rate of occurrence (ARO) is the number of items lost annually.

144.

An incident has been handled, and the administrators have documented the vulnerability, incident response, and any remaining damages. With this completed, the organization wants to discuss the incident and make sure it does not occur again. 

What is this phase?

  • Lessons Learned

  • Eradication

  • Containment

  • Recovery

Correct answer: Lessons Learned

Lessons Learned is the final phase of the incident response process. In this phase, the scenario should be reviewed and analyzed after the incident has been completely resolved and functionality restored. It is imperative to determine the cause of the incident, how to prevent it, and the potential impact it had on the environment overall. Thorough documentation should be made of all steps and tasks completed in order to better recover in the future.

Eradication is the phase when artifacts from the incident are removed. Containment is the phase when a threat is isolated so it cannot prevent further damage. Recovery is the phase when a system is returned to normal operations.

145.

What is a specific advantage of using IaC when moving an application to a live environment?

  • Ease of deployment

  • Risk transference

  • Patch availability

  • Availability

Correct answer: Ease of deployment

Ease of deployment is essential, especially if a solution is complex. Ease of deployment can be achieved when using infrastructure at code (IaC) because it is scripted and also avoids human errors.

Risk transference involves using a third party to handle an organization's risky activity. Patch availability refers to having a system to automatically patch systems. Availability is the concept of having data or a system available at all times.

146.

Which of the following statements accurately describes a security concern with IoT devices?

  • They often include weak default settings

  • They typically rely on insecure RTUs and PLCs

  • They usually run on an RTOS that prioritizes multi-tasking

  • They regularly use FDE to store data

Correct answer: They often include weak default settings

IoT devices have many restraints due to their low power, network reliability, and limited processing capabilities. Issues include weak default settings, lack of network security, exposed services, lack of encryption, insecure data storage, lack of patches, and vendor data-handling procedures.

SCADA systems use PLCs and RTUs. Embedded systems use an RTOS to improve responsiveness. FDE is used to fully encrypt a hard drive.

147.

A user wants to download a popular piece of music software to play music at work. They unknowingly misspell the domain name of the site and are sent to a malicious site that provides infected software for download. 

What type of attack is used to trick users into thinking that they are downloading from an official site when they misspell a domain name?

  • Typosquatting

  • Smishing

  • Watering hole

  • Pretexting

Correct answer: Typosquatting

Typosquatting, also called URL hijacking, is a form of cybersquatting which relies on mistakes made by internet users when inputting a website address into a web browser. Hackers register misspelled trademarked domain names to trick users who accidentally type the wrong name into their browsers. For instance, a hacker could register "Adabe.com" so users who misspell "Adobe.com" are redirected to a malicious site.

Smishing is sending text messages as part of a phishing scam. A watering hole attack involves compromising a site that users frequently visit. Pretexting involves creating a scenario before attempting a social engineering attack.

148.

A global company has a customer information database that needs to be available at all times. If the main database server fails, they need a secondary server that will take over with all the same data as the main server. 

What type of backup architecture should they use in this situation?

  • Replication

  • Journaling

  • Snapshot

  • Incremental

Correct answer: Replication

Replication involves having a clone of data that can be used at a moment's notice. This is needed for failover situations.

Journaling backs up each transaction, but the transactions need to be applied before the backup can be used. A snapshot is a copy of a virtual machine at a given point in time. Incremental backups are part of a daily backup strategy that only backs up files that have changed.

149.

Which component of a zero trust cybersecurity architecture is responsible for making decisions in the control plane?

  • Policy-driven access control

  • Policy administrator

  • Policy enforcement point

  • Adaptive identity

Correct answer: Policy-driven access control

Policy-driven access control is performed by the policy engine in the control plane of a zero trust cybersecurity model. These policies define such things as access rights, permissions, and responses to various scenarios. The policy administrator consults the policy engine for decisions on access requests before relaying the result to the data plane.

The policy administrator consults the policy engine for decisions on access requests. The policy enforcement point accepts access requests from subjects in the data plane. Adaptive identity takes context into account when granting access rights.

150.

There are reports that a server on the network has been compromised and may be sending malicious traffic over the network to other devices to further the attack. The administrators want to view the network traffic so that they can get an idea of what to expect.

Which of the following would the administrators want to use in order to view traffic on the network?

  • Protocol analyzer

  • Wi-Fi analyzer

  • NetFlow analyzer

  • Network mapper

Correct answer: Protocol analyzer

Protocol analyzers are also called sniffers. They intercept network traffic and allow an administrator or a hacker to view packet data. Data cannot be read if it's encrypted. The ability to see the traffic on the network should not be underestimated, especially during instances of troubleshooting and locating potentially malicious activity. It enables a view of the streaming traffic in real time, which is not offered by many switches or routers unless they are high-end. Items such as plaintext passwords being transmitted over the network, potential sources of flood attacks, and more can be discovered.

A Wi-Fi analyzer gives information about wireless networks. A NetFlow analyzer is a tool from Cisco that analyzes traffic between network devices. A network mapper is a tool for enumerating the devices on a network.

151.

An iris scan is an example of which of the following types of locks?

  • Biometric

  • Cipher

  • Physical

  • Cable

Correct answer: Biometric

Biometric locks use a "something you are" factor for authentication (fingerprint, iris scanning, etc.). They use infrared imaging to recognize unique patterns in a user's eyes. 

A cipher lock is a particular type of electronic lock that requires the user to enter a PIN. Physical locks use keys or combinations. A cable lock is used to prevent a laptop or similar device from being stolen.

152.

A company has a VLAN that they would like to directly connect to a cloud VPC. What type of solution could aid in that?

  • Transit gateway

  • STP

  • Forward proxy

  • NGFW

Correct answer: Transit gateway

A transit gateway is an interface between an on-premises network and your organization's network in the cloud. This allows for a hybrid cloud strategy.

Spanning Tree Protocol (STP) is used to prevent loops in Ethernet networks. A forward proxy is an intermediary between a client and a server on the Internet. A next-generation firewall (NGFW) is an advanced firewall with features such as intrusion protection and application awareness.

153.

A security analyst is performing an audit on the security posture of the organization. They are evaluating various elements such as security awareness training, contingency planning, disaster recovery plans, and risk assessments. 

Which control type are they auditing?

  • Managerial

  • Technical

  • Physical

  • Operational

Correct answer: Managerial

Managerial controls incorporate methods mandated by organizational policies or other guidelines. The primary stakeholders are executives and management, as they are those most likely to seek out risk determinations and reduce them with process changes. This can include items such as requirements to complete certain assessments, job rotation, segregation of duties, mandatory vacations, and more.

Technical security controls include firewalls and access control lists. Physical security controls include fences and door locks. Operational security controls include log monitoring and vulnerability assessments.

154.

Which of the following categories of controls is exemplified by using firewalls and encryption?

  • Technical

  • Operational

  • Physical

  • Managerial

Correct answer: Technical

Security controls can be classified into three categories, including:

  • Managerial: Managerial/administrative controls are policies, procedures, or guidelines. An organization's managerial controls are developed first and used as the basis for designing and implementing other security controls.
  • Operational: Operational controls help an organization maintain normal operations. Backups or a policy stating that a system should be regularly reset are examples of operational controls.
  • Technical: Technical/logical controls implement access management for a particular resource. Firewalls, passwords, encryption, and group policies are all examples of technical controls.
  • Physical: Physical controls help to manage or prevent physical access to an organization's building, systems, etc. Fences, locked doors, etc. are examples of physical controls.

155.

Which of the following techniques is difficult to perform effectively since it involves stripping all PII from a user's record?

  • Anonymization

  • Data minimization

  • Data masking

  • Tokenization

Correct answer: Anonymization

Anonymization removes personally identifiable information (PII) from a dataset. An organization can use a few different privacy-enhancing technologies to protect sensitive data, including:

  • Data Minimization: Data minimization involves collecting and storing only sensitive data that the organization actually needs. This is the most effective method of protecting sensitive data because an organization can't breach/leak data it doesn't have.
  • Data Masking: Data masking involves replacing sensitive data with non-sensitive characters. For example, receipts commonly have all but the last four digits of a credit card number masked with asterisks/dots.
  • Tokenization: Tokenization replaces sensitive data with a non-sensitive token that can be used on systems that don't actually need the original data. A lookup table mapping tokens to data is kept to look up the original data when needed.
  • Anonymization: Anonymization totally removes personally identifiable information (PII) from a user's records. However, true anonymization is difficult to achieve since data may be deanonymized using external data sources.
  • Pseudo-Anonymization: Pseudo-anonymization is when PII is replaced by a random token.

156.

An organization is rolling out a DLP system, and they have already configured it on the network. They want to ensure that all the gaps are covered, so they run it on all servers and computers in the environment. 

What type of DLP system runs on every server and computer on the network to avoid data leakage from each system?

  • Endpoint

  • Dissolvable agent

  • Network

  • Remediation

Correct answer: Endpoint

Endpoint systems run on individual client and server computers. They control data leakage and alert an administrator if an attempted confidentiality breach occurs. They can sometimes take too many resources, in which case a network-based DLP is preferred.

A dissolvable agent is used with NAC. A network DLP is positioned at points on a network where data must travel through to exit. A remediation server is used with NAC.

157.

Which of the following access control models involves clearance and classification levels?

  • MAC

  • DAC

  • RBAC

  • ABAC

Correct answer: MAC

Mandatory access control (MAC) is when every resource is given a classification label, and every entity is assigned a certain clearance level. This is the form of access control used by the government and military (e.g., Classified, Secret, and Top Secret).

Discretionary access control (DAC) is when the owner of a particular resource configures access controls for it. This is the default access control model for most operating systems. Role-based access control (RBAC) defines roles for different entities and assigns permissions to a role. A user's permissions are then determined when they are assigned a role. Attribute-based access control (ABAC) manages access by assigning attributes to entities and defining rules using these attributes to manage access.

158.

Some control goals deal with an event after it occurs, but there are a few that work before the event has happened. Controls such as cable locks, hardware locks, and warning signs act to discourage the threat. 

Which of the following control types would these be examples of?

  • Deterrent

  • Corrective

  • Detective

  • Compensating

Correct answer: Deterrent

Deterrent controls act to discourage a threat before it has an opportunity to create a security incident. For example, cable locks and hardware locks discourage opportunistic thieves from taking advantage of unsecured hardware and locations. Security guards are also an excellent example because simply having one posted in a location is a significant deterrent to potential threats.

Corrective controls fix issues that have already occurred. Detective controls identify events that have occurred. Compensating controls mitigate risks that were made as exceptions to security policies.

159.

The owner of Smith Roofing has voiced concern that their workstation users might be able to install any application and potentially introduce malware. There are only a few applications that each user needs in order to fulfill their job duties.

What type of solution would meet their requirements and be the easiest to implement?

  • Allow list

  • Block list

  • Host-based firewall

  • Content filters

Correct answer: Allow list

An application allow list gives administrators the ability to specify a list of applications that can be used on a system. This prevents users from installing applications that could be malicious. It also limits some malware's ability to silently install malicious software on the system.

A block list requires more work because it must be updated regularly. A host-based firewall filters packets. A content filter blocks users from visiting certain sites.

160.

A company relies on a third-party vendor for cloud services. What can they request from the vendor to gain an insight into their security controls and risk management?

  • Evidence of internal audits

  • Vulnerability scan

  • Service level agreement

  • Risk register

Correct answer: Evidence of internal audits

The vendor should be conducting internal audits that they have reports of that they can share with potential customers. Reviewing these audits can give a client assurance that their vendor takes security practices seriously.

A vulnerability scan only shows technical weaknesses in a network. A service level agreement (SLA) is a contract that specifies the services a provider offers to a customer. A risk register is a detailed list of risks that are tracked and monitored within an organization.

×