COMPTIA SEC+ Practice Exam 2
During a security audit, you discovered that customer service employees have been sending unencrypted confidential information to their personal email accounts via email. What technology could you employ to detect these occurrences in the future and send an automated alert to the security team?
DLP - data loss prevention
Your organization has recently suffered a data breach due to a server being exploited. As a part of the remediation efforts, the company wants to ensure that the default administrator password on each of the 1250 workstations on the network is changed. What is the easiest way to perform this password change requirement?
Deploy a new group policy
Which of the following is an example of an authentication factor that includes somewhere you are?
GPS Location
Which of the protocols listed is NOT likely to trigger a vulnerability scan alert when used to support a virtual private network (VPN)?
IPsec
What kind of attack is an example of IP spoofing?
Man in the middle
You are applying for a job at a cybersecurity firm. The application requests you enter your social security number, date of birth, and email address to conduct a background check as part of the hiring process. Which of the following types of information has you been asked to provide?
PII
Which of the following is considered a form of regulated data?
PII - Personal Identifiable Information
Which of the following is not considered an authentication factor?
Something you want
Which of the following cryptographic algorithms is classified as symmetric?
Standard symmetric encryption algorithms include RC4, AES, DES, 3DES, QUAD, Blowfish, Two-fish
Which of the following policies should contain the requirements for removing a user's access when an employee is terminated?
account management policy
You conducted a security scan and found that port 389 is being used when connecting to LDAP for user authentication instead of port 636. The security scanning software recommends that you remediate this by changing user authentication to port to 636 wherever possible. What should you do?
change all devices and servers that support it to port 636 since encrypted services run by default on port 636
Which of the following elements is LEAST likely to be included in an organization's data retention policy?
classification of information
Barbara received a phone call from a colleague asking why she sent him an email with lewd and unusual content. Barbara doesn't remember sending the email to the colleague. What is Barbara MOST likely the victim of?
hijacked e-mail - also known as email compromise
Which type of threat actor can accidentally or inadvertently cause a security incident in your organization?
insider threat
Which of the following biometric authentication factors relies on matching patterns on the eye's surface using near-infrared imaging?
iris scan
(Sample Simulation - On the real exam for this type of question, you might receive a list of attack vectors and targets. Based on these, you would select the type of attack that occurred.) (1) An attacker has been collecting credit card details by calling victims and using false pretexts to trick them. (2) An attacker sends out to 100,000 random email addresses. In the email the attacker sent, it claims that "Your Bank of America account is locked out. Please click here to reset your password." What types of attacks have occurred in (1) and (2)?
(1) Vishing (2) Phishing
Which of the following is the MOST secure wireless security and encryption protocol?
WPA2
You are working as a security analyst and are reviewing the logs from a Linux server. Based on the portion of the logs displayed here, what type of malware might have been installed on the server? Based on the output provided, what type of malware may have been installed on this user's computer?
logic bomb
Recently, you discovered an unauthorized device during a search of your corporate network. The device provides nearby wireless hosts to access the corporate network's resources. What type of attack is being utilized?
rogue-access point
Which cloud computing concept is BEST described as focusing on the replacement of applications and programs on a customer's workstation with cloud-based resources?
SaaS - Software as a Service
(Sample Simulation - On the real exam for this type of question, you would have to rearrange the ports into the proper order by dragging and dropping them into place.) Using the image provided, place the port numbers in the correct order with their associated protocols: SCP POP3 SNMP Telnet
22, 110, 161, 23
Your company recently suffered a small data breach caused by an employee emailing themselves a copy of the current customer's names, account numbers, and credit card limits. You are determined that something like this shall never happen again. Which of the following logical security concepts should you implement to prevent a trusted insider from stealing your corporate data?
DLP - Data loss prevention
Richard attempted to visit a website and received a DNS response from the DNS cache server pointing to the wrong IP address. Which of the following attacks has occurred?
DNS Poisoning
Which of the following biometric authentication factors uses an infrared light shone into the eye to identify the pattern of blood vessels?
retinal scan
You have just finished running a vulnerability scan of the network and are reviewing the results. The first result in the report shows the following vulnerability: cat results.txt Vulnerability scanning results IP: 192.168.2.51 Service: MySQL Version: 3.1.7 Details: versions 3.0 Recommendation: Upgrade MySql You log into the MySQL server and verify that you are currently running version 3.5.3. Based on the item shown on the image, what best describes how you should categorize this finding?
false positive
Tierra works as a cybersecurity analyst for a large multi-national oil and gas company. She responds to an incident at her company in which their public-facing web server has been defaced with the words, "Killers of the Arctic." She believes this was done in response to her company's latest oil drilling project in the Arctic Circle. Which threat actor is most likely to blame for the website defacement?
hacktivist
Dion Training has an open wireless network called "InstructorDemos" for its instructors to use during class, but they do not want any students connecting to this wireless network. The instructors need the "InstructorDemos" network to remain open since some of their IoT devices used during course demonstrations do not support encryption. Based on the requirements provided, which of the following configuration settings should you use to satisfy the instructor's requirements and prevent students from using the "InstructorDemos" network?
mac filtering
What tool can be used as an exploitation framework during your penetration tests?
metasploit
When you are managing a risk, what is considered an acceptable option?
mitigate it
What popular open-source port scanning tool is commonly used for host discovery and service identification?
nmap
You just received an email from Bob, your investment banker, stating that he completed the wire transfer of $10,000 to your bank account in Vietnam. The problem is, you do not have a bank account in Vietnam!, so you immediately call Bob to ask what happened. Bob explains that he received an email from you requesting the transfer. You insist you never sent that email to Bob initiating this wire transfer. What aspect of PKI could be used to BEST ensure that a sender actually sent a particular email message and avoid this type of situation?
non-repudiation
During a penetration test of your company's network, the assessor came across a spreadsheet with the passwords being used for several of the servers. Four of the passwords recovered are listed below. Which one is the weakest password and should be changed FIRST to increase the password's complexity?
pa55w0rd
A penetration tester hired by a bank began searching for the bank's IP ranges by performing lookups on the bank's DNS servers, reading news articles online about the bank, monitoring what times the bank's employees came into and left work, searching job postings (with a special focus on the bank's information technology jobs), and even searching the corporate office of the bank's dumpster. Based on this description, what portion of the penetration test is being conducted?
passive information gathering
Which of the following password policies defines the number of previous passwords that cannot be reused when resetting a user's password?
password history
An organization wants to get an external attacker's perspective on their security status. Which of the following services should they purchase?
penetration test
Which of the following is a common attack model of an APT attack?
quietly gathers information from comprised systems
Frank and John have started a secret club together. They want to ensure that when they send messages to each other, they are truly unbreakable. What encryption key would provide the STRONGEST and MOST secure encryption?
randomized one time used pad
Fail To Pass Systems has just been the victim of another embarrassing data breach. Their database administrator needed to work from home this weekend, so he downloaded the corporate database to his work laptop. On his way home, he left the laptop in an Uber, and a few days later, the data was posted on the internet. Which of the following mitigations would have provided the greatest protection against this data breach?
require data at rest encryption on all endpoints
A penetration tester has been hired to conduct an assessment, but the company wants to exclude social engineering from the list of authorized activities. Which of the following documents would include this limitation?
rules of engagement
Which type of personnel control is being implemented if Kirsten must receive and inventory any items that her coworker, Bob, orders?
separation of duties
An attacker uses the nslookup interactive mode to locate information on a Domain Name Service (DNS). What command should they type to request the appropriate records for only name servers?
set type=ns
What technique is most effective in determining whether or not increasing end-user security training would benefit the organization during your technical assessment of their network?
social engineering
Aymen is creating a procedure for the remediation of vulnerabilities discovered within his organization. He wants to ensure that any vendor patches are tested before deploying them into the production environment. What type of environment should his organization establish?
staging
Which of the following types of remote access technologies should NOT be used in a network due to its lack of security?
telnet
An electronics store was recently the victim of a robbery where an employee was injured, and some property was stolen. The store's IT department hired an external supplier to expand its network to include a physical access control system. The system has video surveillance, intruder alarms, and remotely monitored locks using an appliance-based system. Which of the following long-term cybersecurity risks might occur based on these actions?
these devices should be isolated from the rest of the enterprise network
Which of the following features is supported by Kerberos but not by RADIUS and Diameter?
tickets used to identify authenticated users
A user has reported that their workstation is running very slowly. A technician begins to investigate the issue and notices a lot of unknown processes running in the background. The technician determines that the user has recently downloaded a new application from the internet and may have become infected with malware. Which of the following types of infections does the workstation MOST likely have?
trojan
Jennifer decided that the licensing cost for a piece of video editing software was too expensive. Instead, she decided to download a keygen program to generate her own license key and install a pirated version of the editing software. After she runs the keygen, a license key is created, but her system performance becomes very sluggish, and her antimalware suite begins to display numerous alerts. Which type of malware might her computer be infected with?
trojan
Karen lives in an area that is prone to hurricanes and other extreme weather conditions. She asks you to recommend an electrical conditioning device that will prevent her files from being corrupted if the building's power is unstable or lost. Additionally, she would like the computer to maintain power for up to an hour of uptime to allow for a graceful shutdown of her programs and computer. Which of the following should you recommend?
uninterruptible power supply
You have been investigating how a malicious actor could exfiltrate confidential data from a web server to a remote host. After an in-depth forensic review, you determine that a rootkit's installation had modified the web server's BIOS. After removing the rootkit and reflash the BIOS to a known good image, what should you do to prevent the malicious actor from affecting the BIOS again?
utilize secure boot
A new security appliance was installed on a network as part of a managed service deployment. The vendor controls the appliance, and the IT team cannot log in or configure it. The IT team is concerned about the appliance receiving the necessary updates. Which of the following mitigations should be performed to minimize the concern for the appliance and updates?
vulnerability scanning
Your company just launched a new invoicing website for use by your five largest vendors. You are the cybersecurity analyst and have been receiving numerous phone calls that the webpage is timing out, and the website overall is performing slowly. You have noticed that the website received three million requests in just 24 hours, and the service has now become unavailable for use. What do you recommend should be implemented to restore and maintain the availability of the new invoicing system?
whitelisting
Dion Training wants to reduce the management and administrative costs of using multiple digital certificates for all of their subdomains of diontraining.com. Which of the following solutions would allow the company to use one digital certificate for all of its subdomains?
wildc ards
A computer was recently infected with a piece of malware. Without any user intervention, the malware is now spreading throughout the corporate network and infecting other computers that it finds. Which type of malware MOST likely infected these computers?
worm
Ted, a file server administrator, has noticed that a large number of sensitive files have been transferred from a corporate workstation to an IP address outside of the local area network. Ted looks up the IP address and determines that it is located in a foreign country. Ted contacts his company's security analyst, who verifies that the workstation's anti-malware solution is up-to-date, and the network's firewall is properly configured. What type of attack most likely occurred to allow the exfiltration of the files from the workstation?
zero-day
During which incident response phase is the preservation of evidence performed?
containment, eradication, recovery
(Sample Simulation - On the real exam for this type of question, you would have to fill in the blanks by dragging and dropping them into place.) Using the image provided, select four security features that you should use to best protect your servers in the data center. This can include physical, logical, or administrative protections. Server in the Data Center
FM-200, Biometric locks, Mantrap, Antivirus
Which of the following security controls provides Windows system administrators with an efficient way to deploy system configuration settings across many devices?
GPO - Group Policy Object
To improve the Dion Training corporate network's security, a security administrator wants to update the configuration of their wireless network to have IPSec built into the protocol by default. Additionally, the security administrator would like for NAT to no longer be required for extending the number of IP addresses available. What protocol should the administrator implement on the wireless network to achieve their goals?
IPv6
You have been asked to assist with an investigation into a malicious user's activities. Unfortunately, your organization did not have full packet capture available for the time period of the suspected activities. Instead, you have received netflow data that contains statistics and information about the network traffic during that time period. Which of the following best represents the type of data you can obtain from this netflow data to support the investigation?
Metadata
Which of the following cryptographic algorithms is classified as asymmetric?
Standard asymmetric encryption algorithms include RSA, Diffie-Hellman, ECC, El Gamal, and DSA ECC - Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. As a public-key cryptosystem, it relies on an asymmetric algorithm.
Your organization has recently been the target of a spearphishing campaign. You have identified the website associated with the link in the spearphishing emails and want to block it. Which of the following techniques would be the MOST effective in this situation?
URL Filtering
A small doctor's office has asked you to configure their network to use the highest levels of wireless security and desktop authentication. The office only uses cloud-based SaaS applications to store their patient's sensitive data. Which TWO of the following protocols or authentication methods should you implement for the BEST security?
WPA2 & Multifactor
A cybersecurity analyst is working at a college that wants to increase its network's security by implementing vulnerability scans of centrally managed workstations, student laptops, and faculty laptops. Any proposed solution must scale up and down as new students and faculty use the network. Additionally, the analyst wants to minimize the number of false positives to ensure accuracy in their results. The chosen solution must also be centrally-managed through an enterprise console. Which of the following scanning topologies would be BEST able to meet these requirements?
active scanning engine installed on the enterprise console
(Sample Simulation - On the real exam for this type of question, you would receive 3-5 pictures and be asked to drag and drop them into place next to the correct term.) How would you appropriately categorize the authentication method being displayed here? (hint: a fingerprint scan on a cellphone)
biometric authentication
Dion Training has contracted a software development firm to create a bulk file upload utility for its website. During a requirements planning meeting, the developers asked what type of encryption is required for the project. After some discussion, Jason decides that the file upload tool should use a cipher capable of encrypting 8 bits of data at a time before transmitting the files from the web developer's workstation to the webserver. What of the following should be selected to meet this security requirement?
block cipher
Dion Training has set up a lab consisting of 12 laptops for students to use outside of normal classroom hours. The instructor is worried that a student may try to steal one of the laptops. Which of the following physical security measures should be used to ensure the laptop is not stolen or moved out of the lab environment?
cable locks
You have been asked to provide some training to Dion Training's system administrators about the importance of proper patching of a system before deployment. To demonstrate the effects of deploying a new system without patching it first, you ask the system administrators to provide you with an image of a brand-new server they plan to deploy. How should you deploy the image to demonstrate the vulnerabilities that are being exposed while maintaining the security of the corporate network?
deploy the system image within a virtual machine, ensure it is in an isolated sandbox environment, then scan for vulnerabilities
A cybersecurity analyst is reviewing the logs of a Citrix NetScaler Gateway running on a FreeBSD 8.4 server and saw the following output: -=-=-=-=--=-=-=-=--=-=-=-=--=-=-=-=--=-=-=-=--=-=-=-=--=-=-=-=- 10.1.1.1 - - [10/Jan/2020:13:23:51 +0000] "POST /vpn/../vpns/portal/scripts/newbm.pl HTTP/1.1" 200 143 "https://10.1.1.2/" "USERAGENT " 10.1.1.1 - - [10/Jan/2020:13:23:53 +0000] "GET /vpn/../vpns/portal/backdoor.xml HTTP/1.1" 200 941 "-" "USERAGENT" 10.1.1.1 - - [10/Jan/2020:16:12:31 +0000] "POST /vpns/portal/scripts/newbm.pl HTTP/1.1" 200 143 "https://10.1.1.2/" "USERAGENT" -=-=-=-=--=-=-=-=--=-=-=-=--=-=-=-=--=-=-=-=--=-=-=-=--=-=-=-=- What type of attack was most likely being attempted by the attacker?
directory traversal
A business owner's smartphone contains a lot of her customer's PII. Unfortunately, the business owner refuses to set up the phone to automatically wipe the data if the phone is lost or stolen because the data is precious. Based on the business owner's refusal to allow automatic wiping of the data, which of the following is the next BEST method of securing the phone?
enable fingerprint lock on the device
You have been hired as a cybersecurity analyst for a privately-owned bank. Which of the following regulations would have the greatest impact on your bank's cybersecurity program?
GLBA - Gramm-Leach-Bliley Act
During a penetration test, you find a hash value related to malware associated with an APT. What best describes what you have found?
indicator of compromise
A password is an example of which of the following authentication factors?
something you know
(Sample Simulation - On the real exam for this type of question, you would receive 3-5 pictures and be asked to drag and drop them into place next to the correct term.) How would you appropriately categorize the authentication method being displayed here? (Note: the hardware token is being by itself used for authentication.) (Key Fob)
One-time password authentication
(Sample Simulation - On the real exam for this type of question, you would be required to drag and drop the authentication factor into the spot for the correct category.) How would you appropriately categorize the authentication method being displayed here? Authentication Factors Something you know --> ? Something you have --> ? Something you are --> ? Something you do --> ? Somewhere you are --> ?
PIN (passcode), Smart Card (item), Fingerprint (Biometrics), Signature (write), GPS coordinates (location)
Which cloud computing concept is BEST described as focusing on replacing the hardware and software required when creating and testing new applications and programs from a customer's environment with cloud-based resources?
PaaS - Platform as a Service
Your company has decided to move all of its data into the cloud. Your company is small and has decided to purchase some on-demand cloud storage resources from a commercial provider (such as Google Drive) as its primary cloud storage solution. Which of the following types of clouds is your company using?
Public
Which type of media sanitization would you classify degaussing as?
Purging
When your credit card data is written to the customer invoicing system at Dion Training, the first 12 digits are replaced with an x before storing the data. Which of the following privacy methods is being used?
data masking
You have been asked to scan your company's website using the OWASP ZAP tool. When you perform the scan, you received the following warning: "The AUTOCOMPLETE output is not disabled in HTML FORM/INPUT containing password type input. Passwords may be stored in browsers and retrieved." You begin to investigate further by reviewing a portion of the HTML code from the website that is listed below: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- <form action="authenticate.php"> Enter your username: <BR> <input type="text" name="user" value="" autofocus><BR> Enter your Password: <BR> <input type="password" name="pass" value="" maxlength="32"><BR> <input type="submit" value="submit"> </form> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Based on your analysis, which of the following actions should you take?
You tell the developer to review their code and implement a bug/code fix
(Sample Simulation - On the real exam for this type of question, you would have access to the log files to determine which server on a network might have been affected, and then choose the appropriate actions.) A cybersecurity analyst has determined that an attack has occurred against your company's network. Fortunately, your company uses a good logging system with a centralized Syslog server, so all the logs are available, collected, and stored properly. According to the cybersecurity analyst, the logs indicate that the database server was the only company server on the network that appears to have been attacked. The network is a critical production network for your organization. Therefore, you have been asked to choose the LEAST disruptive actions on the network while performing the appropriate incident response actions. Which actions do you recommend as part of the response efforts? Conduct a system restore of the database server, image the hard drive, and maintain the chain of custody
capture network traffic using a sniffer,
A hacker successfully modified the sale price of items purchased through your company's web site. During the investigation that followed, the security analyst has verified the web server, and the Oracle database was not compromised directly. The analyst also found no attacks that could have caused this during their log verification of the Intrusion Detection System (IDS). What is the most likely method that the attacker used to change the items' sale price?
changing hidden form values
Following a root cause analysis of an edge router's unexpected failure, a cybersecurity analyst discovered that the system administrator had purchased the device from an unauthorized reseller. The analyst suspects that the router may be a counterfeit device. Which of the following controls would have been most effective in preventing this issue?
conduct supply chain management training
You walked up behind a penetration tester in your organization and saw the following output on their Kali Linux terminal: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- [ATTEMPT] target 192.168.1.142 - login "root" - pass "abcde" 1 of 10 [ATTEMPT] target 192.168.1.142 - login "root" - pass "efghi" 2 of 10 [ATTEMPT] target 192.168.1.142 - login "root" - pass "12345" 3 of 10 [ATTEMPT] target 192.168.1.142 - login "root" - pass "67890" 4 of 10 [ATTEMPT] target 192.168.1.142 - login "root" - pass "a1b2c" 5 of 10 [ATTEMPT] target 192.168.1.142 - login "user" - pass "abcde" 6 of 10 [ATTEMPT] target 192.168.1.142 - login "user" - pass "efghi" 7 of 10 [ATTEMPT] target 192.168.1.142 - login "user" - pass "12345" 8 of 10 [ATTEMPT] target 192.168.1.142 - login "user" - pass "67890" 9 of 10 [ATTEMPT] target 192.168.1.142 - login "user" - pass "a1b2c" 10 of 10 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- What type of test is the penetration tester currently conducting?
conducting bute force login attempt of a remote service on 192.168.1.142
Hilda needs a cost-effective backup solution that would allow for the restoration of data within a 24 hour RPO. The disaster recovery plan requires that backups occur during a specific timeframe each week, and then the backups should be transported to an off-site facility for storage. What strategy should Hilda choose to BEST meet these requirements?
create a daily incremental backup to tape
Which of the following vulnerability scans would provide the best results if you want to determine if the target's configuration settings are correct?
credential scan