Security+ SY0-701 Domain 1: General Security Concepts
Which of the following BEST describes the domain controller component of Active Directory?
A domain controller is a server that holds a copy of the Active Directory database that can be written to and is responsible for copying changes to Active Directory between the domain controllers.
A private key has been stolen. Which action should you take to deal with this crisis?
Add the digital certificate to the CRL
You are a cybersecurity expert implementing a zero trust model in a large organization. You are tasked with designing the control and data planes. Which of the following strategies should you prioritize and why?
Balance your focus between the control and data planes, ensuring both are optimized for security and efficiency.
John, a software developer, is working on a project that involves creating a proprietary algorithm for his company. He wants to ensure that even if someone gets access to the source code, they would have a hard time understanding the logic and purpose of the code. Which secure coding concept should John use?
Code obfuscation
Which of the following was the first big use of blockchain cryptography process?
Cryptocurrency
Which of the following encryption mechanisms offers the least security because of weak keys?
DES
Which of the following is a limitation of using a DNS sinkhole as a cybersecurity measure?
DNS sinkholes are ineffective if the malware uses a public DNS server or its own DNS server.
Which type of control is used to discourage malicious actors from attempting to breach a network?
Deterrent
The cybersecurity team at a multinational corporation is collaborating with the facilities department to design a new data center. The team seeks to integrate top-tier physical security controls into the site layout to maximize protection against potential threats. The discussions revolve around the BEST strategies to ensure the safety of the data center. When designing the physical security controls for the site layout of the new data center, which strategy would be MOST effective in deterring unauthorized access and providing a comprehensive security layer?
Establishing a security perimeter with layered access controls
Which of the following types of encryption is specifically designed to allow data to be worked on without decrypting it first?
Homomorphic encryption
You want to protect data on hard drives for users with laptops. You want the drive to be encrypted, and you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the system should not boot if a change is detected in any of the boot files. What should you do?
Implement BitLocker with a TPM.
Which of the following statements about hybrid cryptosystems is true?
In hybrid cryptosystems, the public key is used to encrypt the symmetric key which is then used for data encryption.
You are a security analyst at a large organization. Your organization uses a third-party certificate authority (CA) for its public key infrastructure (PKI). One day, you receive a certificate signing request (CSR) from a new department in your organization. The CSR contains a public key and the department's information. However, you notice that the department's information does not match the information in the organization's official records. What should you do?
Investigate the discrepancy and verify the department's information before forwarding the CSR to the third-party CA.
Match each Active Directory term on the left with its corresponding definition on the right.
Logical organization of resources- Organizational Unit Collection of network resources- Domain Collection of related domain trees- Forest Network resource in the directory- Object Group of related domains- Tree
You have placed a File Transfer Protocol (FTP) server in your DMZ behind your firewall. The FTP server will distribute software updates and demonstration versions of your products. However, users report that they are unable to access the FTP server. What should you do to enable access?
Open ports 20 and 21 for outbound connections.
An attacker is attempting to crack a system's password by matching the password hash to a hash in a large table of hashes he or she has. Which type of attack is the attacker using?
Rainbow
You are a cybersecurity analyst at a large corporation. The company has recently received a series of suspicious emails containing encrypted messages. You suspect that the messages are using a combination of substitution and transposition algorithms for encryption. The most recent message reads: "HLOOLELWRD". Which of the following steps would you take to decrypt this message?
Rearrange the letters in blocks of two.
You are the head of the cybersecurity team at a large corporation. You notice an increase in network traffic that appears to be legitimate but is causing a slowdown in your systems. Upon further inspection, you find that the traffic patterns vary each time, making it difficult to distinguish from normal traffic. What type of security challenge are you MOST likely facing?
Sophisticated attack
A company finds that employees are accessing streaming websites that are not being monitored for malware or viruses. Which type of control can the network administrator implement to protect the system and keep the employees from viewing unapproved sites?
Technical
You are a system administrator at a software company. You have been tasked with verifying the integrity of a large software update file that has been downloaded from the internet. The software provider has provided a SHA256 hash of the file for verification purposes. You decide to use the Get-FileHash command in PowerShell to calculate the hash of the downloaded file. Which of the following scenarios best demonstrates the correct use of the Get-FileHash command for this purpose?
You use the Get-FileHash command to calculate the hash of the downloaded file and compare it with the hash provided by the software provider. If the hashes match, you assume the file has not been tampered with.
