CompTia Sec+ Part 7
Q676 A security consultant is setting up a new electronic messaging platform and wants to ensure the platform supports message integrity validation. Which of the following protocols should the consultant recommend? A. S/MIME B. DNSSEC C. RADIUS D. 802.11x
Correct Answer: A Section: (none) Answer:
Q705 Which of the following can occur when a scanning tool cannot authenticate to a server and has to rely on limited information obtained from service banners? A. False positive B. Passive reconnaissance C. Access violation D. Privilege escalation
Correct Answer: A Section: (none) Answer:
Q706 A systems administrator needs to integrate multiple IoT and small embedded devices into the company's wireless network securely. Which of the following should the administrator implement to ensure low-power and legacy devices can connect to the wireless network? A. WPS B. WPA C. EAP-FAST D. 802.1X
Correct Answer: A Section: (none) Answer:
Q668 A company is executing a strategy to encrypt and sign all proprietary data in transit. The company recently deployed PKI services to support this strategy. Which of the following protocols supports the strategy and employs certificates generated by the PKI? (Choose three.) A. S/MIME B. TLS C. HTTP-Digest D. SAML E. SIP F. IPSec G. Kerberos
Correct Answer: ABC Section: (none) Answer:
Q611 After a security assessment was performed on the enterprise network, it was discovered that: 1. Configuration changes have been made by users without the consent of IT. 2. Network congestion has increased due to the use of social media. 3. Users are accessing file folders and network shares that are beyond the scope of their need to know. Which of the following BEST describe the vulnerabilities that exist in this environment? (Choose two.) A. Poorly trained users B. Misconfigured WAP settings C. Undocumented assets D. Improperly configured accounts E. Vulnerable business processes
Correct Answer: AD Section: (none) Answer:
Q615 An analyst is currently looking at the following output: <img src="SY0-501.prepaway.premium.exam.1071q-226_178.jpg" width="380" height="153"> Which of the following security issues has been discovered based on the output? A. Insider threat B. License compliance violation C. Unauthorized software D. Misconfigured admin permissions
Correct Answer: B Section: (none) Answer:
Q634 Which of the following is used to encrypt web application data? A. MD5 B. AES C. SHA D. DHA
Correct Answer: B Section: (none) Answer:
Q640 Which of the following access management concepts is MOST closely associated with the use of a password or PIN?? A. Authorization B. Authentication C. Accounting D. Identification
Correct Answer: B Section: (none) Answer:
Q626 Confidential corporate data was recently stolen by an attacker who exploited data transport protections. Which of the following vulnerabilities is the MOST likely cause of this data breach? A. Resource exhaustion on VPN concentrators B. Weak SSL cipher strength C. Improper input handling on FTP site D. Race condition on packet inspection firewall
Correct Answer: C Section: (none) Answer:
Q635 Which of the following uses tokens between the identity provider and the service provider to authenticate and authorize users to resources? A. RADIUS B. SSH C. OAuth D. MSCHAP
Correct Answer: C Section: (none) Answer:
Q646 Which of the following methods is used by internal security teams to assess the security of internally developed applications? A. Active reconnaissance B. Pivoting C. White box testing D. Persistence
Correct Answer: C Section: (none) Answer:
Q652 A security analyst identified an SQL injection attack. Which of the following is the FIRST step in remediating the vulnerability? A. Implement stored procedures. B. Implement proper error handling. C. Implement input validations. D. Implement a WAF.
Correct Answer: C Section: (none) Answer:
Q672 A systems administrator is configuring a new network switch for TACACS+ management and authentication. Which of the following must be configured to provide authentication between the switch and the TACACS+ server? A. 802.1X B. SSH C. Shared secret D. SNMPv3 E. CHAP
Correct Answer: C Section: (none) Answer:
Q692 A network technician is setting up a new branch for a company. The users at the new branch will need to access resources securely as if they were at the main location. Which of the following networking concepts would BEST accomplish this? A. Virtual network segmentation B. Physical network segmentation C. Site-to-site VPN D. Out-of-band access E. Logical VLANs
Correct Answer: C Section: (none) Answer:
Q693 A water utility company has seen a dramatic increase in the number of water pumps burning out. A malicious actor was attacking the company and is responsible for the increase. Which of the following systems has the attacker compromised? A. DMZ B. RTOS C. SCADA D. IoT
Correct Answer: C Section: (none) Answer:
Q674 A security, who is analyzing the security of the company's web server, receives the following output: <img src="SY0-501.prepaway.premium.exam.1071q-247_202.jpg" width="675" height="248"> Which of the following is the issue? A. Code signing B. Stored procedures C. Access violations D. Unencrypted credentials
Correct Answer: D Section: (none) Answer:
Q698 Which of the following terms BEST describes an exploitable vulnerability that exists but has not been publicly disclosed yet? A. Design weakness B. Zero-day C. Logic bomb D. Trojan
Correct Answer: B Section: (none) Answer:
Q644 An audit found that an organization needs to implement job rotation to be compliant with regulatory requirements. To prevent unauthorized access to systems after an individual changes roles or departments, which of the following should the organization implement? A. Permission auditing and review B. Exit interviews C. Offboarding D. Multifactor authentication
Correct Answer: A Section: (none) Answer:
Q656 A company is performing an analysis of the corporate enterprise network with the intent of identifying any one system, person, function, or service that, when neutralized, will cause or cascade disproportionate damage to the company's revenue, referrals, and reputation. Which of the following an element of the BIA that this action is addressing? A. Identification of critical systems B. Single point of failure C. Value assessment D. Risk register
Correct Answer: A Section: (none) Answer:
Q660 In a lessons learned report, it is suspected that a well-organized, well-funded, and extremely sophisticated group of attackers may have been responsible for a breach at a nuclear facility. Which of the following describes the type of actors that may have been implicated? A. Nation state B. Hacktivist C. Insider D. Competitor
Correct Answer: A Section: (none) Answer:
Q621 A systems administrator has been assigned to create accounts for summer interns. The interns are only authorized to be in the facility and operate computers under close supervision. They must also leave the facility at designated times each day. However, the interns can access intern file folders without supervision. Which of the following represents the BEST way to configure the accounts? (Choose two.) A. Implement time-of-day restrictions. B. Modify archived data. C. Access executive shared portals. D. Create privileged accounts. E. Enforce least privilege.
Correct Answer: AD Section: (none) Answer:
Q616 A company has purchased a new SaaS application and is in the process of configuring it to meet the company's needs. The director of security has requested that the SaaS application be integrated into the company's IAM processes. Which of the following configurations should the security administrator set up in order to complete this request? A. LDAP B. RADIUS C. SAML D. NTLM
Correct Answer: B Section: (none) Answer:
Q641 An organization employee resigns without giving adequate notice. The following day, it is determined that the employee is still in possession of several company-owned mobile devices. Which of the following could have reduced the risk of this occurring? (Choose two.) A. Proper offboarding procedures B. Acceptable use policies C. Non-disclosure agreements D. Exit interviews E. Background checks F. Separation of duties
Correct Answer: AD Section: (none) Answer:
Q609 A corporation is concerned that, if a mobile device is lost, any sensitive information on the device could be accessed by third parties. Which of the following would BEST prevent this from happening? A. Initiate remote wiping on lost mobile devices B. Use FDE and require PINs on all mobile devices C. Use geolocation to track lost devices D. Require biometric logins on all mobile devices
Correct Answer: A Section: (none) Answer:
Q610 Ann, a security analyst, wants to implement a secure exchange of email. Which of the following is the BEST option for Ann to implement? A. PGP B. HTTPS C. WPA D. TLS
Correct Answer: A Section: (none) Answer:
Q613 During a recent audit, several undocumented and unpatched devices were discovered on the internal network. Which of the following can be done to prevent similar occurrences? A. Run weekly vulnerability scans and remediate any missing patches on all company devices B. Implement rogue system detection and configure automated alerts for new devices C. Install DLP controls and prevent the use of USB drives on devices D. Configure the WAPs to use NAC and refuse connections that do not pass the health check
Correct Answer: A Section: (none) Answer:
Q618 A company recently updated its website to increase sales. The new website uses PHP forms for leads and provides a directory with sales staff and their phone numbers. A systems administrator is concerned with the new website and provides the following log to support the concern: <img src="SY0-501.prepaway.premium.exam.1071q-227_179.jpg" width="604" height="116"> Which of the following is the systems administrator MOST likely to suggest to the Chief Information Security Officer (CISO) based on the above? A. Changing the account standard naming convention B. Implementing account lockouts C. Discontinuing the use of privileged accounts D. Increasing the minimum password length from eight to ten characters
Correct Answer: A Section: (none) Answer:
Q622 An attachment that was emailed to finance employees contained an embedded message. The security administrator investigates and finds the intent was to conceal the embedded information from public view. Which of the following BEST describes this type of message? A. Obfuscation B. Steganography C. Diffusion D. BCRYPT
Correct Answer: A Section: (none) Answer:
Q627 A member of the human resources department received the following email message after sending an email containing benefit and tax information to a candidate: "Your message has been quarantined for the following policy violation: external potential_PII. Please contact the IT security administrator for further details". Which of the following BEST describes why this message was received? A. The DLP system flagged the message. B. The mail gateway prevented the message from being sent to personal email addresses. C. The company firewall blocked the recipient's IP address. D. The file integrity check failed for the attached files.
Correct Answer: A Section: (none) Answer:
Q628 A security analyst is checking log files and finds the following entries: <img src="SY0-501.prepaway.premium.exam.1071q-230_180.jpg" width="675" height="275"> Which of the following is MOST likely happening? A. A hacker attempted to pivot using the web server interface. B. A potential hacker could be banner grabbing to determine what architecture is being used. C. The DNS is misconfigured for the server's IP address. D. A server is experiencing a DoS, and the request is timing out.
Correct Answer: A Section: (none) Answer:
Q629 After discovering the /etc/shadow file had been rewritten, a security administrator noticed an application insecurely creating files in / tmp. Which of the following vulnerabilities has MOST likely been exploited? A. Privilege escalation B. Resource exhaustion C. Memory leak D. Pointer dereference
Correct Answer: A Section: (none) Answer:
Q638 A user needs to transmit confidential information to a third party. Which of the following should be used to encrypt the message? A. AES B. SHA-2 C. SSL D. RSA
Correct Answer: A Section: (none) Answer:
Q642 Which of the following differentiates ARP poisoning from a MAC spoofing attack? A. ARP poisoning uses unsolicited ARP replies. B. ARP poisoning overflows a switch's CAM table. C. MAC spoofing uses DHCPOFFER/DHCPACK packets. D. MAC spoofing can be performed across multiple routers.
Correct Answer: A Section: (none) Answer:
Q663 A security administrator wants to implement least privilege access for a network share that stores sensitive company data. The organization is particularly concerned with the integrity of data and implementing discretionary access control. The following controls are available: Read = A user can read the content of an existing file. <img src="SY0-501.prepaway.premium.exam.1071q-242_197.jpg" width="10" height="7"> Write = A user can modify the content of an existing file and delete an existing file. <img src="SY0-501.prepaway.premium.exam.1071q-242_198.jpg" width="10" height="7"> Create = A user can create a new file and place data within the file. <img src="SY0-501.prepaway.premium.exam.1071q-242_199.jpg" width="10" height="7"> A missing control means the user does not have that access. Which of the following configurations provides the appropriate control to support the organization/s requirements? A. Owners: Read, Write, Create Group Members: Read, Write Others: Read, Create B. Owners: Write, Create Group Members: Read, Write, Create Others: Read C. Owners: Read, Write Group Members: Read, Create Others: Read, Create D. Owners: Write, Create Group Members: Read, Create Others: Read, Write, Create
Correct Answer: A Section: (none) Answer:
Q666 Which of the following strategies helps reduce risk if a rollback is needed when upgrading a critical system platform? A. Non-persistent configuration B. Continuous monitoring C. Firmware updates D. Fault tolerance
Correct Answer: A Section: (none) Answer:
Q669 A security specialist is notified about a certificate warning that users receive when using a new internal website. After being given the URL from one of the users and seeing the warning, the security specialist inspects the certificate and realizes it has been issued to the IP address, which is how the developers reach the site. Which of the following would BEST resolve the issue? A. OSCP B. OID C. PEM D. SAN
Correct Answer: A Section: (none) Answer:
Q670 Joe, an employee, asks a coworker how long ago Ann started working at the help desk. The coworker expresses surprise since nobody named Ann works at the help desk. Joe mentions that Ann called several people in the customer service department to help reset their passwords over the phone due to unspecified "server issues". Which of the following has occurred? A. Social engineering B. Whaling C. Watering hole attack D. Password cracking
Correct Answer: A Section: (none) Answer:
Q675 Which of the following is an example of resource exhaustion? A. A penetration tester requests every available IP address from a DHCP server. B. An SQL injection attack returns confidential data back to the browser. C. Server CPU utilization peaks at 100% during the reboot process. D. System requirements for a new software package recommend having 12GB of RAM, but only 8GB are available.
Correct Answer: A Section: (none) Answer:
Q679 A company wishes to move all of its services and applications to a cloud provider but wants to maintain full control of the deployment, access, and provisions of its services to its users. Which of the following BEST represents the required cloud deployment model? A. SaaS B. IaaS C. MaaS D. Hybrid E. Private
Correct Answer: A Section: (none) Answer:
Q682 A security technician has been given the task of preserving emails that are potentially involved in a dispute between a company and a contractor. Which of the following BEST describes this forensic concept? A. Legal hold B. Chain of custody C. Order of volatility D. Data acquisition
Correct Answer: A Section: (none) Answer:
Q684 Which of the following enables sniffing attacks against a switched network? A. ARP poisoning B. IGMP snooping C. IP spoofing D. SYN flooding
Correct Answer: A Section: (none) Answer:
Q685 A company wants to ensure users are only logging into the system from their laptops when they are on site. Which of the following would assist with this? A. Geofencing B. Smart cards C. Biometrics D. Tokens
Correct Answer: A Section: (none) Answer:
Q687 Which of the following is being used when a malicious actor searches various social media websites to find information about a company's system administrators and help desk staff? A. Passive reconnaissance B. Initial exploitation C. Vulnerability scanning D. Social engineering
Correct Answer: A Section: (none) Answer:
Q688 Given the following requirements: Help to ensure non-repudiation <img src="SY0-501.prepaway.premium.exam.1071q-251_205.jpg" width="10" height="7"> Capture motion in various formats <img src="SY0-501.prepaway.premium.exam.1071q-251_206.jpg" width="10" height="7"> Which of the following physical controls BEST matches the above descriptions? A. Camera B. Mantrap C. Security guard D. Motion sensor
Correct Answer: A Section: (none) Answer:
Q696 A company is performing an analysis of which corporate units are most likely to cause revenue loss in the event the unit is unable to operate. Which of the following is an element of the BIA that this action is addressing? A. Critical system inventory B. Single point of failure C. Continuity of operations D. Mission-essential functions
Correct Answer: A Section: (none) Answer:
Q697 A company has critical systems that are hosted on an end-of-life OS. To maintain operations and mitigate potential vulnerabilities, which of the following BEST accomplishes this objective? A. Use application whitelisting. B. Employ patch management. C. Disable the default administrator account. D. Implement full-disk encryption.
Correct Answer: A Section: (none) Answer:
Q699 A company's IT staff is given the task of securely disposing of 100 server HDDs. The security team informs the IT staff that the data must not be accessible by a third party after disposal. Which of the following is the MOST time-efficient method to achieve this goal? A. Use a degausser to sanitize the drives. B. Remove the platters from the HDDs and shred them. C. Perform a quick format of the HDD drives. D. Use software to zero fill all of the hard drives.
Correct Answer: A Section: (none) Answer:
Q703 Which of the following control types would a backup of server data provide in case of a system issue? A. Corrective B. Deterrent C. Preventive D. Detective
Correct Answer: A Section: (none) Answer:
Q649 A user is unable to open a file that has a grayed-out icon with a lock. The user receives a pop-up message indicating that payment must be sent in Bitcoin to unlock the file. Later in the day, other users in the organization lose the ability to open files on the server. Which of the following has MOST likely occurred? (Choose three.) A. Crypto-malware B. Adware C. Botnet attack D. Virus E. Ransomware F. Backdoor G. DDoS attack
Correct Answer: ADE Section: (none) Answer:
Q619 A company hired a firm to test the security posture of its database servers and determine if any vulnerabilities can be exploited. The company provided limited imformation pertaining to the infrastructure and database server. Which of the following forms of testing does this BEST describe? A. Black box B. Gray box C. White box D. Vulnerability scanning
Correct Answer: B Section: (none) Answer:
Q620 When considering IoT systems, which of the following represents the GREATEST ongoing risk after a vulnerability has been discovered? A. Difficult-to-update firmware B. Tight integration to existing systems C. IP address exhaustion D. Not using industry standards
Correct Answer: B Section: (none) Answer:
Q623 If two employees are encrypting traffic between them using a single encryption key, which of the following algorithms are they using? A. RSA B. 3DES C. DSA D. SHA-2
Correct Answer: B Section: (none) Answer:
Q630 A security analyst is specifying requirements for a wireless network. The analyst must explain the security features provided by various architecture choices. Which of the following is provided by PEAP, EAP-TLS, and EAP-TTLS? A. Key rotation B. Mutual authentication C. Secure hashing D. Certificate pinning
Correct Answer: B Section: (none) Answer:
Q632 A staff member contacts the help desk because the staff member's device is currently experiencing the following symptoms: Long delays when launching applications <img src="SY0-501.prepaway.premium.exam.1071q-231_181.jpg" width="10" height="7"> Timeout errors when loading some websites <img src="SY0-501.prepaway.premium.exam.1071q-231_182.jpg" width="10" height="7"> Errors when attempting to open local Word documents and photo files <img src="SY0-501.prepaway.premium.exam.1071q-231_183.jpg" width="10" height="7"> Pop-up messages in the task bar stating that antivirus is out-of-date <img src="SY0-501.prepaway.premium.exam.1071q-231_184.jpg" width="10" height="7"> VPN connection that keeps timing out, causing the device to lose connectivity <img src="SY0-501.prepaway.premium.exam.1071q-231_185.jpg" width="10" height="7"> Which of the following BEST describes the root cause of these symptoms? A. The user has disabled the antivirus software on the device, and the hostchecker for the VPN is preventing access. B. The device is infected with crypto-malware, and the files on the device are being encrypted. C. The proxy server for accessing websites has a rootkit installed, and this is causing connectivity issues. D. A patch has been incorrectly applied to the device and is causing issues with the wireless adapter on the device.
Correct Answer: B Section: (none) Answer:
Q645 A company has just completed a vulnerability scan of its servers. A legacy application that monitors the HVAC system in the datacenter presents several challenges, as the application vendor is no longer in business. Which of the following secure network architecture concepts would BEST protect the other company servers if the legacy server were to be exploited? A. Virtualization B. Air gap C. VLAN D. Extranet
Correct Answer: B Section: (none) Answer:
Q655 Which of the following needs to be performed during a forensics investigation to ensure the data contained in a drive image has not been compromised? A. Follow the proper chain of custody procedures. B. Compare the image hash to the original hash. C. Ensure a legal hold has been placed on the image. D. Verify the time offset on the image file.
Correct Answer: B Section: (none) Answer:
Q658 An office recently completed digitizing all its paper records. Joe, the data custodian, has been tasked with the disposal of the paper files, which include: Intellectual property <img src="SY0-501.prepaway.premium.exam.1071q-240_192.jpg" width="10" height="7"> Payroll records <img src="SY0-501.prepaway.premium.exam.1071q-240_193.jpg" width="10" height="7"> Financial information <img src="SY0-501.prepaway.premium.exam.1071q-240_194.jpg" width="10" height="7"> Drug screening results <img src="SY0-501.prepaway.premium.exam.1071q-240_195.jpg" width="10" height="7"> Which of the following is the BEST way to dispose of these items? A. Schredding B. Pulping C. Deidentifying D. Recycling
Correct Answer: B Section: (none) Answer:
Q659 Upon learning about a user who has reused the same password for the past several years, a security specialist reviews the logs. The following is an extraction of the report after the most recent password change requirement: <img src="SY0-501.prepaway.premium.exam.1071q-241_196.jpg" width="654" height="567"> Which of the following security controls is the user's behavior targeting? A. Password expiration B. Password history C. Password complexity D. Password reuse
Correct Answer: B Section: (none) Answer:
Q661 A security administrator is analyzing a user report in which the computer exhibits odd network-related outages. The administrator, however, does not see any suspicious processes running. A prior technician's notes indicate the machine has been remediated twice, but the system still exhibits odd behavior. Files were deleted from the system recently. Which of the following is the MOST likely cause of this behavior? A. Crypto-malware B. Rootkit C. Logic bomb D. Session hijacking
Correct Answer: B Section: (none) Answer:
Q667 A security administrator is creating a risk assessment with regard to how to harden internal communications in transit between servers. Which of the following should the administrator recommend in the report? A. Configure IPSec in transport mode. B. Configure server-based PKI certificates. C. Configure the GRE tunnel. D. Configure a site-to-site tunnel.
Correct Answer: B Section: (none) Answer:
Q673 A security analyst monitors the syslog server and notices the following: <img src="SY0-501.prepaway.premium.exam.1071q-246_201.jpg" width="675" height="185"> A. Memory leak B. Buffer overflow C. Null pointer deference D. Integer overflow
Correct Answer: B Section: (none) Answer:
Q677 Datacenter employees have been battling alarms in a datacenter that has been experiencing hotter than normal temperatures. The server racks are designed so all 48 rack units are in use, and servers are installed in any manner in which the technician can get them installed. Which of the following practices would BEST alleviate the heat issues and keep costs low? A. Utilize exhaust fans. B. Use hot and cold aisles. C. Airgap the racks. D. Use a secondary AC unit.
Correct Answer: B Section: (none) Answer:
Q689 Which of the following is a random value appended to a credential that makes the credential less susceptible to compromise when hashed? A. Nonce B. Salt C. OTP D. Block cipher E. IV
Correct Answer: B Section: (none) Answer:
Q702 The Chief Executive Officer (CEO) received an email from the Chief Financial Officer (CFO), asking the CEO to send financial details. The CEO thought it was strange that the CFO would ask for the financial details via email. The email address was correct in the "From" section of the email. The CEO clicked the form and sent the financial information as requested. Which of the following caused the incident? A. Domain hijacking B. SPF not enabled C. MX records rerouted D. Malicious insider
Correct Answer: B Section: (none) Answer:
Q650 A security administrator is configuring a RADIUS server for wireless authentication. The configuration must ensure client credentials are encrypted end-to-end between the client and the authenticator. Which of the following protocols should be configured on the RADIUS server? (Choose two.) A. PAP B. MSCHAP C. PEAP D. NTLM E. SAML
Correct Answer: BC Section: (none) Answer:
Q637 Which of the following are considered to be "something you do"? (Choose two.) A. Iris scan B. Handwriting C. CAC card D. Gait E. PIN F. Fingerprint
Correct Answer: BD Section: (none) Answer:
Q614 A company needs to implement a system that only lets a visitor use the company's network infrastructure if the visitor accepts the AUP. Which of the following should the company use? A. WiFi-protected setup B. Password authentication protocol C. Captive portal D. RADIUS
Correct Answer: C Section: (none) Answer:
Q617 An organization wants to implement a method to correct risks at the system/application layer. Which of the following is the BEST method to accomplish this goal? A. IDS/IPS B. IP tunneling C. Web application firewall D. Patch management
Correct Answer: C Section: (none) Answer:
Q625 A security administrator needs to configure remote access to a file share so it can only be accessed between the hours of 9:00 a.m. and 5:00 p.m. Files in the share can only be accessed by members of the same department as the data owner. Users should only be able to create files with approved extensions, which may differ by department. Which of the following access controls would be the MOST appropriate for this situation? A. RBAC B. MAC C. ABAC D. DAC
Correct Answer: C Section: (none) Answer:
Q636 A company has won an important government contract. Several employees have been transferred from their existing projects to support a new contract. Some of the employees who have transferred will be working long hours and still need access to their project information to transition work to their replacements. Which of the following should be implemented to validate that the appropriate offboarding process has been followed? A. Separation of duties B. Time-of-day restrictions C. Permission auditing D. Mandatory access control
Correct Answer: C Section: (none) Answer:
Q651 A security engineer implements multiple technical measures to secure an enterprise network. The engineer also works with the Chief Information Officer (CIO) to implement policies to govern user behavior. Which of the following strategies is the security engineer executing? A. Baselining B. Mandatory access control C. Control diversity D. System hardening
Correct Answer: C Section: (none) Answer:
Q654 Which of the following types of security testing is the MOST cost-effective approach used to analyze existing code and identity areas that require patching? A. Black box B. Gray box C. White box D. Red team E. Blue team
Correct Answer: C Section: (none) Answer:
Q657 An analyst generates the following color-coded table shown in the exhibit to help explain the risk of potential incidents in the company. The vertical axis indicates the likelihood of an incident, while the horizontal axis indicates the impact. <img src="SY0-501.prepaway.premium.exam.1071q-239_191.jpg" width="556" height="146"> Which of the following is this table an example of? A. Internal threat assessment B. Privacy impact assessment C. Qualitative risk assessment D. Supply chain assessment
Correct Answer: C Section: (none) Answer:
Q664 After reports of slow internet connectivity, a technician reviews the following logs from a server's host-based firewall: <img src="SY0-501.prepaway.premium.exam.1071q-243_200.jpg" width="675" height="226"> Which of the following can the technician conclude after reviewing the above logs? A. The server is under a DDoS attack from multiple geographic locations. B. The server is compromised, and is attacking multiple hosts on the Internet. C. The server is under an IP spoofing resource exhaustion attack. D. The server is unable to complete the TCP three-way handshake and send the last ACK.
Correct Answer: C Section: (none) Answer:
Q665 A company utilizes 802.11 for all client connectivity within a facility. Users in one part of the building are reporting they are unable to access company resources when connected to the company SSID. Which of the following should the security administrator use to assess connectivity? A. Sniffer B. Honeypot C. Routing tables D. Wireless scanner
Correct Answer: C Section: (none) Answer:
Q680 A systems administrator has created network file shares for each department with associated security groups for each role within the organization. Which of the following security concepts is the systems administrator implementing? A. Separation of duties B. Permission auditing C. Least privilege D. Standard naming conversation
Correct Answer: C Section: (none) Answer:
Q686 During a penetration test, the tester performs a preliminary scan for any responsive hosts. Which of the following BEST explains why the tester is doing this? A. To determine if the network routes are improperly forwarding request packets B. To identify the total number of hosts and determine if the network can be victimized by a DoS attack C. To identify servers for subsequent scans and further investigation D. To identify the unresponsive hosts and determine if those could be used as zombies in a follow-up scan.
Correct Answer: C Section: (none) Answer:
Q694 An organization's Chief Executive Officer (CEO) directs a newly hired computer technician to install an OS on the CEO's personal laptop. The technician performs the installation, and a software audit later in the month indicates a violation of the EULA occurred as a result. Which of the following would address this violation going forward? A. Security configuration baseline B. Separation of duties C. AUP D. NDA
Correct Answer: C Section: (none) Answer:
Q695 Which of the following attackers generally possesses minimal technical knowledge to perform advanced attacks and uses widely available tools as well as publicly available information? A. Hacktivist B. White hat hacker C. Script kiddle D. Penetration tester
Correct Answer: C Section: (none) Answer:
Q707 When backing up a database server to LTO tape drives, the following backup schedule is used. Backups take one hour to complete: <img src="SY0-501.prepaway.premium.exam.1071q-257_211.jpg" width="341" height="172"> On Friday at 9:00 p.m., there is a RAID failure on the database server. The data must be restored from backup. Which of the following is the number of backup tapes that will be needed to complete this operation? A. 1 B. 2 C. 3 D. 4 E. 6
Correct Answer: C Section: (none) Answer:
Q690 An organization has hired a new remote workforce. Many new employees are reporting that they are unable to access the shared network resources while traveling. They need to be able to travel to and from different locations on a weekly basis. Shared offices are retained at the headquarters location. The remote workforce will have identical file and system access requirements, and must also be able to log in to the headquarters location remotely. Which of the following BEST represent how the remote employees should have been set up initially? (Choose two.) A. User-based access control B. Shared accounts C. Group-based access control D. Mapped drives E. Individual accounts F. Location-based policies
Correct Answer: CE Section: (none) Answer:
Q700 A company has migrated to two-factor authentication for accessing the corporate network, VPN, and SSO. Several legacy applications cannot support multifactor authentication and must continue to use usernames and passwords. Which of the following should be implemented to ensure the legacy applications are as secure as possible while ensuring functionality? (Choose two.) A. Privileged accounts B. Password reuse restrictions C. Password complexity requirements D. Password recovery E. Account disablement
Correct Answer: CE Section: (none) Answer:
Q608 A penetration testing team deploys a specifically crafted payload to a web server, which results in opening a new session as the web server daemon. This session has full read/write access to the file system and the admin console. Which of the following BEST describes the attack? A. Domain hijacking B. Injection C. Buffer overflow D. Privilege escalation
Correct Answer: D Section: (none) Answer:
Q612 A security administrator wants to determine if a company's web servers have the latest operating system and application patches installed. Which of the following types of vulnerability scans should be conducted? A. Non-credentialed B. Passive C. Port D. Credentialed E. Red team F. Active
Correct Answer: D Section: (none) Answer:
Q624 An organization hosts a public-facing website that contains a login page for users who are registered and authorized to access a secure, non-public section of the site. That non-public site hosts information that requires multifactor authentication for access. Which of the following access management approaches would be the BEST practice for the organization? A. Username/password with TOTP B. Username/password with pattern matching C. Username/password with a PIN D. Username/password with a CAPTCHA
Correct Answer: D Section: (none) Answer:
Q631 A company is planning to build an internal website that allows for access to outside contracts and partners. A majority of the content will only be available to internal employees with the option to share. Which of the following concepts is MOST appropriate? A. VPN B. Proxy C. DMZ D. Extranet
Correct Answer: D Section: (none) Answer:
Q633 A small organization has implemented a rogue system detection solution. Which of the following BEST explains the organization's intent? A. To identify weak ciphers being used on the network B. To identify assets on the network that are subject to resource exhaustion C. To identify end-of-life systems still in use on the network D. To identify assets that are not authorized for use on the network
Correct Answer: D Section: (none) Answer:
Q639 A security analyst believes an employee's workstation has been compromised. The analyst reviews the system logs, but does not find any attempted logins. The analyst then runs the diff command, comparing the C:\Windows\System32 directory and the installed cache directory. The analyst finds a series of files that look suspicious. One of the files contains the following commands: <img src="SY0-501.prepaway.premium.exam.1071q-234_186.jpg" width="557" height="125"> Which of the following types of malware was used? A. Worm B. Spyware C. Logic bomb D. Backdoor
Correct Answer: D Section: (none) Answer:
Q643 A security administrator has completed a monthly review of DNS server query logs. The administrator notices continuous name resolution attempts from a large number of internal hosts to a single Internet addressable domain name. The security administrator then correlated those logs with the establishment of persistent TCP connections out to this domain. The connections seem to be carrying on the order of kilobytes of data per week. Which of the following is the MOST likely explanation for this anomaly? A. An attacker is exfiltrating large amounts of proprietary company data. B. Employees are playing multiplayer computer games. C. A worm is attempting to spread to other hosts via SMB exploits. D. Internal hosts have become members of a botnet.
Correct Answer: D Section: (none) Answer:
Q647 A company wants to implement a wireless network with the following requirements: All wireless users will have a unique credential. <img src="SY0-501.prepaway.premium.exam.1071q-236_187.jpg" width="10" height="7"> User certificates will not be required for authentication. <img src="SY0-501.prepaway.premium.exam.1071q-236_188.jpg" width="10" height="7"> The company's AAA infrastructure must be utilized. <img src="SY0-501.prepaway.premium.exam.1071q-236_189.jpg" width="10" height="7"> Local hosts should not store authentication tokens. <img src="SY0-501.prepaway.premium.exam.1071q-236_190.jpg" width="10" height="7"> Which of the following should be used in the design to meet the requirements? A. EAP-TLS B. WPS C. PSK D. PEAP
Correct Answer: D Section: (none) Answer:
Q648 A technician has discovered a crypto-virus infection on a workstation that has access to sensitive remote resources. Which of the following is the immediate NEXT step the technician should take? A. Determine the source of the virus that has infected the workstation. B. Sanitize the workstation's internal drive. C. Reimage the workstation for normal operation. D. Disable the network connections on the workstation.
Correct Answer: D Section: (none) Answer:
Q653 Joe, a contractor, is hired by a firm to perform a penetration test against the firm's infrastructure. When conducting the scan, he receives only the network diagram and the network list to scan against the network. Which of the following scan types is Joe performing? A. Authenticated B. White box C. Automated D. Gray box
Correct Answer: D Section: (none) Answer:
Q662 Joe, a member of the sales team, recently logged into the company servers after midnight local time to download the daily lead form before his coworkers did. Management has asked the security team to provide a method for detecting this type of behavior without impeding the access for sales employee as they travel overseas. Which of the following would be the BEST method to achieve this objective? A. Configure time-of-day restrictions for the sales staff. B. Install DLP software on the devices used by sales employees. C. Implement a filter on the mail gateway that prevents the lead form from being emailed. D. Create an automated alert on the SIEM for anomalous sales team activity.
Correct Answer: D Section: (none) Answer:
Q671 Hacktivists are most commonly motivated by: A. curiosity B. notoriety C. financial gain D. political cause
Correct Answer: D Section: (none) Answer:
Q678 When accessing a popular website, a user receives a warming that the certificate for the website is not valid. Upon investigation, it was noted that the certificate is not revoked and the website is working fine for other users. Which of the following is the MOST likely cause for this? A. The certificate is corrupted on the server. B. The certificate was deleted from the local cache. C. The user needs to restart the machine. D. The system date on the user's device is out of sync.
Correct Answer: D Section: (none) Answer:
Q681 A technician has installed a new AAA server, which will be used by the network team to control access to a company's routers and switches. The technician completes the configuration by adding the network team members to the NETWORK_TEAM group, and then adding the NETWORK_TEAM group to the appropriate ALLOW_ACCESS access list. Only members of the network team should have access to the company's routers and switches. <img src="SY0-501.prepaway.premium.exam.1071q-249_203.jpg" width="261" height="243"> Members of the network team successfully test their ability to log on to various network devices configured to use the AAA server. Weeks later, an auditor asks to review the following access log sample: <img src="SY0-501.prepaway.premium.exam.1071q-249_204.jpg" width="428" height="151"> Which of the following should the auditor recommend based on the above information? A. Configure the ALLOW_ACCESS group logic to use AND rather than OR. B. Move the NETWORK_TEAM group to the top of the ALLOW_ACCESS access list. C. Disable groups nesting for the ALLOW_ACCESS group in the AAA server. D. Remove the DOMAIN_USERS group from ALLOW_ACCESS group.
Correct Answer: D Section: (none) Answer:
Q683 Which of the following outcomes is a result of proper error-handling procedures in secure code? A. Execution continues with no notice or logging of the error condition. B. Minor fault conditions result in the system stopping to preserve state. C. The program runs through to completion with no detectable impact or output. D. All fault conditions are logged and do not result in a program crash.
Correct Answer: D Section: (none) Answer:
Q691 A salesperson often uses a USB drive to save and move files from a corporate laptop. The coprorate laptop was recently updated, and now the files on the USB are read-only. Which of the following was recently added to the laptop? A. Antivirus software B. File integrity check C. HIPS D. DLP
Correct Answer: D Section: (none) Answer:
Q701 Two companies are enabling TLS on their respective email gateways to secure communications over the Internet. Which of the following cryptography concepts is being implemented? A. Perfect forward secrecy B. Ephemeral keys C. Domain validation D. Data in transit
Correct Answer: D Section: (none) Answer:
Q704 A recent penetration test revealed several issues with a public-facing website used by customers. The testers were able to: Enter long lines of code and special characters <img src="SY0-501.prepaway.premium.exam.1071q-256_207.jpg" width="10" height="7"> Crash the system <img src="SY0-501.prepaway.premium.exam.1071q-256_208.jpg" width="10" height="7"> Gain unauthorized access to the internal application server <img src="SY0-501.prepaway.premium.exam.1071q-256_209.jpg" width="10" height="7"> Map the internal network <img src="SY0-501.prepaway.premium.exam.1071q-256_210.jpg" width="10" height="7"> The development team has stated they will need to rewrite a significant portion of the code used, and it will take more than a year to deliver the finished product. Which of the following would be the BEST solution to introduce in the interim? A. Content fileting B. WAF C. TLS D. IPS/IDS E. UTM
Correct Answer: E Section: (none) Answer: