Security+ SY0-601 Certification Practice Exam

Prepare to Document means establishing the process you will use to document your network. Which of the following makes this documentation more useful? Identify the choke points on the network. Automate administration as much as possible. Identify who is responsible for each device. Have a printed hard copy kept in a secure location.

Have a printed hard copy kept in a secure location.

Most equipment is cooled by bringing cold air in the front and ducting the heat out of the back. What is the term for where the heat is sent in this type of scenario? Hot aisle Cold aisle Front aisle Back aisle

Hot aisle

Which of the following is a network virtualization solution provided by Microsoft? VirtualBox Hyper-V VMware Citrix

Hyper-V

You want to protect data on hard drives for users with laptops. You want the drive to be encrypted, and you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the system should not boot if a change is detected in any of the boot files. What should you do? Have each user encrypt user files with EFS. Implement BitLocker without a TPM. Have each user encrypt the entire volume with EFS. Implement BitLocker with a TPM.

Implement BitLocker without a TPM.

Which of the following items would be implemented at the Network layer of the security model? Wireless networks Network plans Firewalls using ACLs Penetration testing

Penetration testing

Which of the following functions does a single quote (') perform in an SQL injection? Indicates that everything after the single quote is a comment Indicates that the comment has ended and data is being entered Indicates that code is ending and a comment is being entered Indicates that data has ended and a command is beginning

Indicates that data has ended and a command is beginning

Which of the following tools allows the user to set security rules for an instance of an application that interacts with one organization and different security rules for an instance of the application when interacting with another organization? Integration Replication Instance awareness Encryption

Instance awareness

Which of the following is considered a major problem with instant messaging applications? Loss of productivity Transfer of text and files Real-time communication Freely available for use

Loss of productivity

Which of the following BEST describes zero-trust security? Only devices that pass authentication are trusted. Only devices that pass authorization are trusted. Only devices that pass both authentication and authorization are trusted. All devices are trusted.

Only devices that pass both authentication and authorization are trusted.

You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use? OVAL Network mapper Port scanner Ping scanner

Network mapper

Which of the following are backed up during an incremental backup? Only files that have changed since the last full backup. Only files that have changed since the last full or differential backup. Only files that have changed since the last full or incremental backup. Only files that are new since the last full or incremental backup.

Only files that have changed since the last full or incremental backup.

Which of the following can make passwords useless on a router? Using the MD5 hashing algorithm to encrypt the password Not controlling physical access to the router Storing the router configuration file in a secure location Using SSH to remotely connect to a router

Not controlling physical access to the router

Which of the following standards relates to the use of credit cards? PCI DSS PoLP Financial audit SOX

PCI DSS

Which ISO publication lays out guidelines for selecting and implementing security controls? 31000 27002 27701 27001

27002

You have been asked to implement a RAID 5 solution for your network. What is the minimum number of hard disks that can be used to configure RAID 5? 2 3 4 5 6

3

You are adding switches to your network to support additional VLANs. Unfortunately, the new switches are from a different vendor than the current switches. Which standard do you need to ensure that the switches are supported? 802.11 802.1Q 802.1x 802.3

802.1Q

Which of the following cloud storage access services acts as a gatekeeper, extending an organization's security policies into the cloud storage infrastructure? A web service application programming interface A cloud storage gateway A cloud-access security broker A co-located cloud computer service

A cloud-access security broker

Users in the sales department perform many of their daily tasks, such as emailing and creating sales presentations, on their personal tablets. The chief information officer worries that one of these users might also use their tablet to steal sensitive information from the organization's network. Your job is to implement a solution that prevents insiders from accessing sensitive information stored on the organization's network from their personal devices while still giving them access to the internet. Which of the following should you implement? A guest wireless network that is isolated from your organization's production network A mobile device management (MDM) infrastructure A Network Access Control (NAC) solution An Acceptable Use Policy (AUP)

A guest wireless network that is isolated from your organization's production network

Which of the following describes a configuration baseline? A collection of security settings that can be automatically applied to a device A list of common security settings that a group or all devices share The minimum services required for a server to function A set of performance statistics that identifies normal operating performance

A list of common security settings that a group or all devices share

What does the netstat -a command show? All connected hosts All listening sockets All listening and non-listening sockets All network users

All listening and non-listening sockets

Which of the following happens by default when you create a new ACL on a router? All traffic is blocked. All traffic is permitted. The ACL is ignored until applied. ACLs are not created on a router.

All traffic is blocked.

What is the average number of times that a specific risk is likely to be realized in a single year? Estimated maximum downtime Annualized rate of occurrence Exposure factor Annualized loss expectancy

Annualized rate of occurrence

How often should change-control management be implemented? Any time a production system is altered. At regular intervals throughout the year. Only when changes are made that affect senior management. Only when a production system is altered greatly.

Any time a production system is altered.

Some users report that frequent system crashes have started happening on their workstations. Upon further investigation, you notice that these users all have the same application installed that has been recently updated. Where would you go to conduct a root cause analysis? Security log Network log Application log Firewall log

Application log

Which access control model is based on assigning attributes to objects and using Boolean logic to grant access based on the attributes of the subject? Mandatory Access Control (MAC) Role-Based Access Control (RBAC) Attribute-Based Access Control (ABAC) Rule-Based Access Control

Attribute-Based Access Control (ABAC)

A recreation of historical events is made possible through which of the following? Incident reports Audits Audit trails Penetration testing

Audit trails

Which of the following is an important aspect of evidence-gathering? Back up all log files and audit trails. Purge transaction logs. Restore damaged data from backup media. Monitor user access to compromised systems.

Back up all log files and audit trails.

You have been hired as part of the team that manages an organization's network defense. Which security team are you working on? Red White Blue Purple

Blue

Which of the following sends unsolicited business cards and messages to a Bluetooth device? Slamming Bluejacking Bluebugging Bluesnarfing

Bluejacking

A collection of zombie computers have been set up to collect personal information. Which type of malware do the zombie computers represent? Trojan horse Logic bomb Spyware Botnet

Botnet

You are using a password attack that tests every possible keystroke for each single key in a password until the correct one is found. Which of the following technical password attacks are you using? Password sniffing Pass-the-hash attack Brute force attack Keylogger

Brute force attack

Which of the following functions are performed by proxies? (Select two.) Cache web pages Give users the ability to participate in real-time, text-based internet discussions Filter unwanted emails Block employees from accessing certain websites Store client files

Cache web pages Block employees from accessing certain websites

What is the most important element related to evidence in addition to the evidence itself? Photographs of the crime scene Chain of custody document Completeness Witness testimony

Chain of custody document

A user copies files from her desktop computer to a USB flash device and puts the device into her pocket. Which of the following security risks is most pressing? Non-repudiation Confidentiality Availability Integrity

Confidentiality

Which of the following are often identified as the three main goals of security? (Select three.) Assets Confidentiality Availability Policies Integrity Employees Non-repudiation

Confidentiality Availability Integrity

You are running a packet sniffer on your workstation so you can identify the types of traffic on your network. You expect to see all the traffic on the network, but the packet sniffer only seems to be capturing frames that are addressed to the network interface on your workstation. Which of the following must you configure in order to see all of the network traffic? Configure the network interface to use promiscuous mode. Configure the network interface to use port mirroring mode. Configure the network interface to enable logging. Configure the network interface to use protocol analysis mode.

Configure the network interface to use promiscuous mode.

You have detected and identified a security event. What's the first step you should complete? Isolation Segmentation Playbook Containment

Containment

You manage an Active Directory domain. All users in the domain have a standard set of internet options configured by a GPO linked to the domain, but you want users in the Administrators OU to have a different set of internet options. What should you do? Create a GPO computer policy for the Administrators OU. Create a GPO user policy for the Administrators OU. Create a Local Group Policy on the computers used by members of the Administrators OU. Create a GPO user policy for the domain.

Create a GPO user policy for the Administrators OU.

What is the primary function of the IKE Protocol used with IPsec? Create a security association between communicating partners. Encrypt packet contents. Ensure dynamic key rotation and select initialization vectors (IVs). Provide both authentication and encryption. Provide authentication services.

Create a security association between communicating partners.

An attacker uses an exploit to push a modified hosts file to client systems. This hosts file redirects traffic from legitimate tax preparation sites to malicious sites to gather personal and financial information. Which kind of exploit has been used in this scenario? Man-in-the-middle Reconnaissance DNS poisoning Domain name kiting

DNS poisoning

When you dispose of a computer or sell used hardware, it is crucial that none of the data on the hard disks can be recovered. Which of the following actions can you take to ensure that no data is recoverable? Damage the hard disks so badly that all data remanence is gone. Encrypt all data on the hard disks. Reformat all the hard disks in the computer. Delete all files from all the hard disks in the computer.

Damage the hard disks so badly that all data remanence is gone.

In which phase of the Microsoft Intune application life cycle would you assign an app to users and/or devices you manage and monitor them on the Azure portal? Configure Protect Deploy Add

Deploy

What is the most obvious means of providing non-repudiation in a cryptography system? Digital signatures Shared secret keys Public keys Hashing values

Digital signatures

When you inform an employee that he or she is being terminated, which of the following is the most important activity? Disable his or her network access Allow him or her to collect their personal items Allow him or her to complete their current work projects Give him or her two weeks' notice

Disable his or her network access

Which of the following is a common social engineering attack? Using a sniffer to capture network traffic Distributing false information about an organization's financial status Distributing hoax virus-information emails Logging on with stolen credentials

Distributing hoax virus-information emails

You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled? Social engineering Dumpster diving Shoulder surfing Password guessing

Dumpster diving

You want to know which protocols are being used on your network. You'd like to monitor network traffic and sort traffic by protocol. Which tool should you use? Port scanner Packet sniffer IPS Throughput tester IDS

Packet sniffer

Which type of firewall protects against packets coming from certain IP addresses? Application layer Packet-filtering Stateful Circuit-level

Packet-filtering

Your organization is having a third party come in and perform an audit on the financial records. You want to ensure that the auditor has access to the data they need while keeping the customers' data secure. To accomplish this goal, you plan to implement a mask that replaces the client names and account numbers with fictional data. Which masking method are you implementing? Dynamic Encryption Static Tokenization

Dynamic

Which EAP implementation is MOST secure? EAP-MD5 LEAP EAP-FAST EAP-TLS

EAP-TLS Extensible Authentication Protocol - Transport Layer Security

Change control should be used to oversee and manage changes over which aspect of an organization? IT hardware and software Physical environment Personnel and policies Every aspect

Every aspect

Which of the following terms is used to describe an event in which a person who should be allowed access is denied access to a system? False negative Error rate False positive False acceptance

False negative

In your role as a security analyst, you ran a vulnerability scan, and several vulnerabilities were reported. Upon further inspection, none of the vulnerabilities actually existed. Which type of result is this? False negative True positive True negative False positive

False positive

Which type of reconnaissance is dumpster diving? Active Passive Packet sniffing OSINT

Passive no active modification/querying is involved

You are part of a committee that is meeting to define how Network Access Control (NAC) should be implemented in the organization. Which step in the NAC process is this? Define Plan Review Apply

Plan

You assign access permissions so that users can only access the resources required to accomplish their specific work tasks. Which security principle are you complying with? Cross-training Job rotation Need to know Principle of least privilege

Principle of least privilege

Which of the following is an example of privilege escalation? Separation of duties Privilege creep Mandatory vacations Principle of least privilege

Privilege creep

A relatively new employee in the data entry cubical farm was assigned a user account similar to the other data entry employees' accounts. However, audit logs have shown that this user account has been used to change ACLs on several confidential files and has accessed data in restricted areas. This situation indicates which of the following has occurred? Physical security Social engineering External attack Privilege escalation

Privilege escalation

You want to identify traffic that is generated and sent through a network by a specific application running on a device. Which tool should you use? Certifier Protocol analyzer Multimeter Toner probe TDR

Protocol analyzer

!= or <> refers to Not Equal in which scripting language? Bash PuTTY Python PowerShell

Python

Which of the following drive configurations is fault tolerant? Disk striping RAID 5 Expanded volume set RAID 0

RAID 5

Which of the following can be classified as a stream cipher? Blowfish AES Twofish RC4

RC4

An attacker is attempting to crack a system's password by matching the password hash to a hash in a large table of hashes he or she has. Which type of attack is the attacker using? Brute force Rainbow RIPEMD Cracking

Rainbow

Which of the following password attacks uses preconfigured matrices of hashed dictionary words? Rainbow table attack Hybrid attack Dictionary attack Brute-force attack

Rainbow table attack

A type of malware that prevents the system from being used until the victim pays the attacker money is known as what? Fileless virus Remote Access Trojan (RAT) Ransomware Denial-of-service attack (DoS attack)

Ransomware

In which phase of an attack does the attacker gather information about the target? Reconnaissance Exploit the system Breach the system Escalating privileges

Reconnaissance

After a security event that involves a breach of physical security, what is the term used for the new measures, incident review, and repairs meant to stop a future incident from occurring? Detection Recovery Prevention Data breach

Recovery

Which of the following terms describes the actual time required to successfully recover operations in the event of an incident? Recovery point objective (RPO) Mean time to repair (MTTR) Recovery time objective (RTO) Maximum tolerable downtime (MTD)

Recovery time objective (RTO)

What is the primary security feature that can be designed into a network's infrastructure to protect and support availability? Redundancy Switches instead of hubs Periodic backups Fiber optic cables

Redundancy

Which of the following is a disadvantage of software defined networking (SDN)? SDN creates centralized management. SDN standards are still being developed. SDN facilitates communication between hardware from different vendors. SDN gathers network information and statistics.

SDN standards are still being developed.

As a security analyst, you are looking for a platform to compile all your security data generated by different endpoints. Which tool would you use? MAM SOAR GDPR MDM

SOAR a platform to compile security data generated by different security endpoints

You have physically added a wireless access point to your network and installed a wireless networking card in two laptops that run Windows. Neither laptop can find the network. You have come to the conclusion that you must manually configure the access point (AP). Which of the following values uniquely identifies the network AP? SSID Channel WEP PS

SSID

Which protocol does HTTPS use to offer greater security in web transactions? Kerberos IPsec SSL Telnet

SSL

SSL (Secure Sockets Layer) operates at which layer of the OSI model? Session Application Transport Presentation

Session

Which of the following best describes shoulder surfing? Guessing someone's password because it is so common or simple. Someone nearby watching you enter your password on your computer and recording it. Giving someone you trust your username and account password. Finding someone's password in the trash can and using it to access their account.

Someone nearby watching you enter your password on your computer and recording it.

If an SMTP server is not properly and securely configured, it can be hijacked and used maliciously as an SMTP relay agent. Which activity could result if this happens? Salami attack Spamming Virus hoax Data diddling

Spamming

Which of the following are characteristics of a circuit-level gateway? (Select two.) Stateless Filters based on sessions Filters IP address and port Stateful Filters based on URL

Stateful Filters based on sessions

The government and military use the following information classification system:UnclassifiedSensitive But UnclassifiedConfidentialSecretTop SecretDrag each classification on the left to the appropriate description on the right. Drag UnclassifiedSensitive But Unclassified Confidential SecretTop Secret Drop The lowest level of classified information used by the military. Release of this information could cause damage to military efforts. If this information is released, it poses grave consequences to national security. This information can be accessed by the public and poses no security threat. If this information is disclosed, it could cause some harm, but not a national disaster If this information is disclosed, it could cause severe and permanent damage to military actions.

The lowest level of classified information used by the military. Release of this information could cause damage to military efforts. Confidential If this information is released, it poses grave consequences to national security. Top Secret This information can be accessed by the public and poses no security threat. Unclassified If this information is disclosed, it could cause some harm, but not a national disaster. Sensitive But Unclassified If this information is disclosed, it could cause severe and permanent damage to military actions. Secret

What is the purpose of audit trails? To detect security-violating events. To restore systems to normal operations. To correct system problems. To prevent security breaches.

To detect security-violating events.

Which of the following types of auditing verifies that systems are utilized appropriately and in accordance with written organizational policies? Financial audit PoLP Internal audit Usage audit

Usage audit

Your LDAP directory-services solution uses simple authentication. What should you always do when using simple authentication? Use IPsec and certificates Use SSL Use Kerberos Add SASL and use TLS

Use SSL

Which security mechanism uses a unique list that meets the following specifications: The list is embedded directly in the object itself. The list defines which subjects have access to certain objects. The list specifies the level or type of access allowed to certain objects. Conditional access Hashing User ACL Mandatory access control

User ACL

Which of the following is a privilege or action that can be taken on a system? User rights SACL Permissions DACL

User rights

Which of the following is an example of protocol-based network virtualization? VFA VMM vSwitch VLAN

VLAN

Which of the following lets you make phone calls over a packet-switched network? VoIP SCADA FPGA RTOS

VoIP

Which of the following is the BEST example of the principle of least privilege? Lenny has been given access to files that he does not need for his job. Wanda has been given access to the files that she needs for her job. Jill has been given access to all of the files on one server. Mary has been given access to all of the file servers.

Wanda has been given access to the files that she needs for her job.

A wireless access point configured to use Wired Equivalent Privacy (WEP) is an example of which kind of vulnerability? Unpatched software Default settings Zero-day exploit Weak security configurations

Weak security configurations

You need to check network connectivity from your computer to a remote computer. Which of the following tools would be the BEST option to use? nmap ping route tracert

ping