CompTIA Security+

Directory traversal

A cybersecurity analyst is reviewing the logs of a proxy server and saw the following URL, http://test.diontraining.com/../../../../etc/shadow. What type of attack has likely occurred?

Password spraying

A cybersecurity analyst is reviewing the logs of an authentication server and saw the following output: -=-=-=-=--=-=-=-=--=-=-=-=--=-=-=-=--=-=-=-=--=-=-=-=--=-=-=-=- [443] [https-get-form] host: diontraining.com login: admin password: P@$$w0rd! [443] [https-get-form] host: diontraining.com login: admin password: C0mpT1@P@$$w0rd [443] [https-get-form] host: diontraining.com login: root password: P@$$w0rd! [443] [https-get-form] host: diontraining.com login: root password: C0mpT1@P@$$w0rd [443] [https-get-form] host: diontraining.com login: dion password: P@$$w0rd! [443] [https-get-form] host: diontraining.com login: dion password: C0mpT1@P@$$w0rd [443] [https-get-form] host: diontraining.com login: jason password: P@$$w0rd! [443] [https-get-form] host: diontraining.com login: jason password: C0mpT1@P@$$w0rd -=-=-=-=--=-=-=-=--=-=-=-=--=-=-=-=--=-=-=-=--=-=-=-=--=-=-=-=- What type of attack was most likely being attempted by the attacker?

Cryptographic erase

A financial services company wants to donate some old hard drives from their servers to a local charity. Still, they are concerned about the possibility of residual data being left on the drives. Which of the following secure disposal methods would you recommend the company use?

Backups should be conducted to a cloud-based storage solution

A small business recently experienced a catastrophic data loss due to flooding from a recent hurricane. The customer had no backups, and all of the hardware associated with the small business was destroyed during the flooding. As part of the rebuilding process, the small business contracts with your company to help create a disaster recovery plan to ensure this never reoccurs again. Which of the following recommendations should you include as part of the disaster recovery plan?

False positive

A vulnerability scanner has reported that a vulnerability exists in the system. Upon validating the report, the analyst determines that this reported vulnerability does not exist on the system. What is the proper term for this situation?

SSH

An analyst just completed a port scan and received the following results of open ports: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- TCP: 80 TCP: 110 TCP: 443 TCP: 1433 TCP: 3306 TCP: 3389 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Based on these scan results, which of the following services are NOT currently operating?

The attack widely fragmented the image across the host file system

An attacker has compromised a virtualized server. You are conducting forensic analysis as part of the recovery effort but found that the attacker deleted a virtual machine image as part of their malicious activity. Which of the following challenges do you now have to overcome as part of the recovery and remediation efforts?

Netcat will listen on port 8080 and output anything received to a remote connection on 192.168.1.76 port 443

An attacker has issued the following command: nc -l -p 8080 | nc 192.168.1.76 443. Based on this command, what will occur?

The attachment is using a double file extension to mask its identity

An employee contacts the service desk because they cannot open an attachment they receive in their email. The service desk agent conducts a screen sharing session with the user and investigates the issue. The agent notices that the attached file is named Invoice1043.pdf, and a black pop-up window appears and then disappears quickly when the attachment was double-clicked. Which of the following is most likely causing this issue?

Acceptance

An internet marketing company decided that they didn't want to follow the rules for GDPR because it would create too much work for them. They wanted to buy insurance, but no insurance company would write them a policy to cover any fines received. They considered how much the fines might be and decided to ignore the regulation and its requirements. Which of the following risk strategies did the company choose?

An uncredentialed scan of the network was performed

As a cybersecurity analyst conducting vulnerability scans, you have just completed your first scan of an enterprise network comprising over 10,000 workstations. As you examine your findings, you note that you have less than 1 critical finding per 100 workstations. Which of the following statement does BEST explain these results?

His email account requires multi-factor authentication

Chris just downloaded a new third-party email client for his smartphone. When Chris attempts to log in to his email with his username and password, the email client generates an error messaging stating that "Invalid credentials" were entered. Chris assumes he must have forgotten his password, so he resets his email username and password and then reenters them into the email client. Again, Chris receives an "Invalid credentials" error. What is MOST likely causing the "Invalid credentials" error regarding Chris's email client?

Implement NAC

Dion Training allows its visiting business partners from CompTIA to use an available Ethernet port in their conference room to establish a VPN connection back to the CompTIA internal network. The CompTIA employees should obtain internet access from the Ethernet port in the conference room, but nowhere else in the building. Additionally, if a Dion Training employee uses the same Ethernet port in the conference room, they should access Dion Training's secure internal network. Which of the following technologies would allow you to configure this port and support both requirements?

$7,500

Dion Training has a $15,000 server that has frequently been crashing. Over the past 12 months, the server has crashed 10 times, requiring the server to be rebooted to recover from the crash. Each time, this has resulted in a 5% loss of functionality or data. Based on this information, what is the Annual Loss Expectancy (ALE) for this server?

MAC Filtering

Dion Training has an open wireless network called "InstructorDemos" for its instructors to use during class, but they do not want any students connecting to this wireless network. The instructors need the "InstructorDemos" network to remain open since some of their IoT devices used during course demonstrations do not support encryption. Based on the requirements provided, which of the following configuration settings should you use to satisfy the instructor's requirements and prevent students from using the "InstructorDemos" network?

Brute force attack

Dion Training has applied a new Group Policy to all student accounts that will lock out any account in which the student enters their password incorrectly 3 times in a row. Once the account is locked out, the student must wait 15 minutes before they can attempt to log in again. What type of attack is this mitigation strategy trying to prevent?

Longer MTBF of hardware due to lower operating temperatures

Dion Training is building a new data center. The group designing the facility has decided to provide additional HVAC capacity to ensure the data center maintains a consistently low temperature. Which of the following is the most likely benefit that will be achieved by increasing the designed HVAC capacity?

Detterent

Dion Training's offices utilize an open concept floor plan. They are concerned that a visitor might attempt to steal an external hard drive and carry it out of the building. To mitigate this risk, the security department has recommended installing security cameras clearly visible to both employees and visitors. What type of security control do these cameras represent?

Preparation

During which phase of the incident response process does an organization assemble an incident response toolkit?

Conduct secure supply chain management training

Following a root cause analysis of an edge router's unexpected failure, a cybersecurity analyst discovered that the system administrator had purchased the device from an unauthorized reseller. The analyst suspects that the router may be a counterfeit device. Which of the following controls would have been most effective in preventing this issue?

Biometric authentication

How would you appropriately categorize the authentication method being displayed here?

Hping

If you cannot ping a target because you are receiving no response or a response that states the destination is unreachable, then ICMP may be disabled on the remote end. If you wanted to elicit a response from a host using TCP, what tool would you use?

Contact the service desk or incident response team to determine what to do next

James, a programmer at Apple Computers, is surfing the internet on his lunch break. He comes across a rumor site focused on providing details of the upcoming iPhone being released in a few months. James knows that Apple likes to keep its product details a secret until it is publicly announced. As James is looking over the website, he sees a blog post with an embedded picture of a PDF containing detailed specifications for the next iPhone and labeled "Proprietary Information - Internal Use Only." The new iPhone is still several months away from release. What should James do next?

DNS blackholing

Joseph would like to prevent hosts from connecting to known malware distribution domains. What type of solution should be used without deploying endpoint protection software or an IPS system?

Uninterruptible power supply

Karen lives in an area that is prone to hurricanes and other extreme weather conditions. She asks you to recommend an electrical conditioning device that will prevent her files from being corrupted if the building's power is unstable or lost. Additionally, she would like the computer to maintain power for up to an hour of uptime to allow for a graceful shutdown of her programs and computer. Which of the following should you recommend?

MD5 or SHA1 hash digest of the file

Keith wants to validate the application file that he downloaded from the vendor of the application. Which of the following should he compare against the file to verify the integrity of the downloaded application?

22, 110, 161, 23

List the correct port numbers for the following protocols. SCP, POP3 SNMP, Telnet

Single-factor

Maria is trying to log in to her company's webmail and is asked to enter her username and password. Which type of authentication method is Maria using?

Password expiration

Marta's organization is concerned with the vulnerability of a user's account being vulnerable for an extended period of time if their password was compromised. Which of the following controls should be configured as part of their password policy to minimize this vulnerability?

MSSP

Nicole's organization does not have the budget or staff to conduct 24/7 security monitoring of their network. To supplement her team, she contracts with a managed SOC service. Which of the following services or providers would be best suited for this role?

DENY TCP ANY HOST 71.168.10.45 EQ 3389

Review the following packet captured at your NIDS: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 23:12:23.154234 IP 86.18.10.3:54326 > 71.168.10.45:3389 Flags [P.], Seq 1834:1245, ack1, win 511, options [nop,nop, TS val 263451334 erc 482862734, length 125 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- After reviewing the packet above, you discovered there is an unauthorized service running on the host. Which of the following ACL entries should be implemented to prevent further access to the unauthorized service while maintaining full access to the approved services running on this host?

Logic Bomb

The Security Operations Center Director for Dion Training received a pop-up message on his workstation that said, "You will regret firing me; just wait until Christmas!" He suspects the message came from a disgruntled former employee who may have set up a piece of software to create this pop-up on his machine. The director is now concerned that other code might be lurking within the network that could negatively affect Christmas. He directs his team of cybersecurity analysts to begin searching the network for this suspicious code. What type of malware should they be searching for?

Leaked personal files

The paparazzi have found copies of pictures of a celebrity's new baby online. The celebrity states they were never publicly released but were uploaded to their cloud provider's automated photo backup. Which of the following threats was the celebrity MOST likely a victim of?

TFTP = 69 SMTP = 25 HTTP = 80 DNS = 53

Using the image provided, place the port numbers in the correct order with their associated protocols

802.1x

What access control model will a network switch utilize if it requires multilayer switches to use authentication via RADIUS/TACACS+?

3389, 1701, 389, 88

What are the port numbers for the following protocols? RDP, L2TP, LDAP, Kerberos

Directing traffic to internal services if the contents of the traffic comply with the policy

What is a reverse proxy commonly used for?

Threat hunting

What is the utilization of insights gained from threat research and threat modeling to proactively discover evidence of adversarial TTPs within a network or system called?

Adversary

What role does the red team perform during a tabletop exercise (TTX)?

Social engineering

What technique is most effective in determining whether or not increasing end-user security training would benefit the organization during your technical assessment of their network?

Metasploit

What tool can be used as an exploitation framework during your penetration tests?

Worm

What type of malicious application does not require user intervention or another application to act as a host to replicate?

APT

What type of threat actor is highly funded and often backed by nation-states?

Data masking

When your credit card data is written to the customer invoicing system at Dion Training, the first 12 digits are replaced with an x before storing the data. Which of the following privacy methods is being used?

Lockheed Martin cyber kill chain

Which analysis framework makes no allowance for an adversary retreat in its analysis?

FISMA

Which law requires government agencies and other organizations that operate systems on behalf of government agencies to comply with security standards?

SQL Injection

Which of the following attacks would most likely be used to create an inadvertent disclosure of information from an organization's database?

TOTP

Which of the following authentication mechanisms involves receiving a one-time use shared secret password, usually through a token-based key fob or smartphone app, that automatically expires after a short period of time (for example, 60 seconds)?

PGP

Which of the following cryptographic algorithms is classified as asymmetric?

Data owner

Which of the following is a senior role with the ultimate responsibility for maintaining confidentiality, integrity, and availability in a system?

VPN

Which of the following is not normally part of an endpoint security suite?

WEP

Which of the following is the LEAST secure wireless security and encryption protocol?

Faulty input validation

Which of the following is the leading cause for cross-site scripting, SQL injection, and XML injection attacks?

Lessons learned report

Which of the following items represents a document that includes detailed information on when an incident was detected, how impactful the incident was, how it was remediated, the effectiveness of the incident response, and any identified gaps that might require improvement?

Vulnerability

Which of the following must be combined with a threat to create risk?

Spear phishing

Which of the following types of attacks occurs when an attacker attempts to gain confidential information or login credentials by sending targeted emails to a specific set of recipients within an organization?

Vishing

Which of the following types of attacks occurs when an attacker calls up people over the phone and attempts to trick them into providing their credit card information?

Spamming

Which of the following types of attacks occurs when an attacker sends unsolicited messages over Facebook messenger?

Cloud services

Which of the following types of digital forensic investigations is most challenging due to the on-demand nature of the analyzed assets?

telnet

Which of the following types of remote access technologies should NOT be used in a network due to its lack of security?

Password style

Which of the following would NOT be included in a company's password policy?

Patching

Which of the following would NOT be useful in defending against a zero-day threat?

RP

Which party in a federation provides services to members of the federation?

Proximity cards

Which type of authentication method is commonly used with physical access control systems and relies upon RFID devices embedded into a token?

Passive

Which type of monitoring would utilize a network tap?

Separation of duties

Which type of personnel control is being implemented if Kirsten must receive and inventory any items that her coworker, Bob, orders?

Zero-day attacks

Which type of threat will patches NOT effectively combat as a security control?

Single quote

You are performing a web application security test, notice that the site is dynamic, and must be using a back-end database. You decide you want to determine if the site is susceptible to a SQL injection. What is the first character that you should attempt to use in breaking a valid SQL request?

A malicious inbound TCP packet

You are reviewing a rule within your organization's IDS. You see the following output: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any msg: "BROWSER-IE Microsoft Internet Explorer CacheSize exploit attempt"; flow: to_client,established; file_data; content:"recordset"; offset:14; depth:9; content:".CacheSize"; distance:0; within:100; pcre:"/CacheSize\s*=\s*/"; byte_test:10,>,0x3ffffffe,0,relative,string; max-detect-ips drop, service http; reference:cve,2016-8077; classtype: attempted-user; sid:65535;rev:1; -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Based on this rule, which of the following malicious packets would this IDS alert on?

Require authentication on wake-up

You have been asked to install a computer in a public workspace. Only an authorized user should use the computer. Which of the following security requirements should you implement to prevent unauthorized users from accessing the network with this computer?

Mandatory vacation policy

You have been asked to write a new security policy to reduce the risk of employees working together to steal information from the Dion Training corporate network. Which of the following policies should you create to counter this threat?

Utilize secure boot

You have been investigating how a malicious actor could exfiltrate confidential data from a web server to a remote host. After an in-depth forensic review, you determine that a rootkit's installation had modified the web server's BIOS. After removing the rootkit and reflash the BIOS to a known good image, what should you do to prevent the malicious actor from affecting the BIOS again?

Whitelisting

You have been investigating how a malicious actor could exfiltrate confidential data from a web server to a remote host. After an in-depth forensic review, you determine that a rootkit's installation had modified the web server's BIOS. After removing the rootkit and reflash the BIOS to a known good image, what should you do to prevent the malicious actor from affecting the BIOS again?

23

You have just finished running an nmap scan on a server are see the following output: -=-=-=-=-=-=--=-=-=-=-=-=--=-=-=-=-=-=--=-=-=-=-=-=- # nmap diontraining.com Starting Nmap ( http://nmap.org ) Nmap scan report for diontraining.com (64.13.134.52) Not shown: 996 filtered ports PORT STATE 22/tcp open 23/tcp open 53/tcp open 443/tcp open Nmap done: 1 IP address (1 host up) scanned in 2.56 seconds -=-=-=-=-=-=--=-=-=-=-=-=--=-=-=-=-=-=--=-=-=-=-=-=- Based on the output above, which of the following ports listed as open represents the most significant security vulnerability to your network?

Honeypot

You have just received some unusual alerts on your SIEM dashboard and want to collect the payload associated with it. Which of the following should you implement to effectively collect these malicious payloads that the attackers are sending towards your systems without impacting your organization's normal business operations?

SaaS

You have signed up for a web-based appointment scheduling application to help you manage your new IT technical support business. What type of solution would this be categorized as?

Community cloud

You work for a bank interested in moving some of its operations to the cloud, but it is worried about security. You recently discovered an organization called CloudBank that was formed by 15 local banks as a way for them to build a secure cloud-based environment that can be accessed by the 15 member banks. Which cloud model BEST describes the cloud created by CloudBank?

There was a privacy violation since the customer's explicitly gave permission to use the email address as an identifier and did not consent to receiving marketing emails

Your company explicitly obtains permission from its customers to use their email address as an account identifier in its CRM. Max, who works at the marketing department in the company's German headquarters, just emailed all their customers to let them know about a new sales promotion this weekend. Which of the following privacy violations has occurred, if any?

443

Your company just installed a new webserver within your DMZ. You have been asked to open up the port for secure web browsing on the firewall. Which port should you set as open to allow users to access this new server?