Security+ Terms 701 Practice Test #2

You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from internet-based attacks. Which solution should you use? Proxy server Network-based firewall Host-based firewall VPN concentrator

A host based firewall A host-based firewall inspects traffic received by a host. Use a host-based firewall to protect against attacks when there is no network-based firewall, such as when you connect to the internet from a public location.

You have conducted a risk analysis to protect a key company asset. You identify the following values: Asset value = 400 Exposure factor = 75 Annualized rate of occurrence (ARO) = .25 Countermeasure A has a cost of 320 and protects the asset for four years. Countermeasure B has an annual cost of 85. An insurance policy to protect the asset has an annual premium of 90. What should you do? Accept the risk or find another countermeasure. Implement countermeasure A. Implement countermeasure B. Purchase the insurance policy.

Accept the risk or find another countermeasure. In this scenario, you should either accept the risk or find a cheaper countermeasure. The cost of either countermeasure or the insurance policy exceeds the annualized loss expectancy (ALE) of the asset. The ALE = the asset value (400) x the exposure factor (.75) x the ARO (.25) = 75. Based on these calculations, you would expect an annual loss of 75.

You are the office manager of a small financial credit business. Your company handles personal financial information for clients seeking small loans over the internet. You are aware of your obligation to secure clients records, but the budget is an issue for your company. Which item would provide the BEST security for this situation? Firewall on your gateway server to the internet Network access control system All-in-one security appliance Proxy server with access controls

All-in-one security appliance Explanation An all-in-one security appliance would provide the best overall protection. All-in-one security appliances take up the least amount of space and require the least amount of technical assistance for setup and maintenance.

Which of the following is an example of a preventative control type? Intrusion detection systems Network monitoring applications An advanced network appliance Real-time monitoring alerts

An advanced network appliance The easiest prevention control is an advanced network appliance, which is sometimes called an adaptive security appliance (ASA).

Which of the following are advantages of virtualization? (Select two.) Reduced utilization of hardware resources Redundancy of hardware components for fault tolerance Improved host-based attack detection Easy migration of systems to different hardware Centralized administration

Easy migration of systems to different hardware Centralized administration Explanation Virtualization allows a single physical machine (known as the host operating system) to run multiple virtual machines (known as guest operating systems). The virtual machines appear to be self-contained and autonomous systems. Advantages of virtualization include: Server consolidation The ability to migrate systems between different hardware Centralized management of multiple systems Increase utilization of hardware resources Isolation of systems and applications

You want to implement an access control list in which only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access. Which of the following methods of access control should the access list use? Implicit allow, explicit deny Explicit allow, implicit deny Implicit allow, implicit deny Explicit allow, explicit deny

Explicit allow, implicit deny The access list should use explicit allow--users who are allowed access are specifically identified. The access list should also use implicit deny--users who are not explicitly allowed access are denied access.

A company's IT department has noticed irregularities in network usage and resource allocation. Which tool would be MOST beneficial in identifying patterns in network traffic, detecting anomalies, and visualizing network connections? Network monitor Heartbeat message Flow collector SNMP trap

Flow collector Flow collectors record metadata and statistics about network traffic, thereby identifying trends and patterns, detecting anomalies, and providing visualization tools that simplify the interpretation of traffic data.

A tech company is developing a new software product. The development team is distributed across different locations and needs to securely access and work on specific systems located in the company's main office. The team members need to establish secure communication channels between their individual devices and the specific systems in the office. Which remote access architecture would be the most suitable for this scenario? Site-to-site VPN topology Client-to-site VPN technology Virtual network computing (VNC) Host-to-host tunnel topology

Host-to-host tunnel topology Explanation Host-to-host tunnel topology is the correct answer. In a host-to-host tunnel topology, individual devices establish a secure tunnel between each other over a public network. This type of VPN is typically used for secure communication between specific hosts or endpoints, which is exactly what the team members need in this scenario. Client-to-site VPN technology is typically used when individual users need to securely connect to a private network from a remote location. In this scenario, the team members need to establish secure communication channels with specific systems, not the entire network. A site-to-site VPN topology is used to connect two or more geographically separate networks over a public network such as the Internet. This is typically used by businesses with multiple branch offices or organizations that must securely connect with external partners, not for secure communication between specific hosts or endpoints.

As the head of the IT department in your organization, you have noticed an increase in the number of phishing attempts targeting your employees. You have implemented several measures to combat this, but the attempts continue to rise. Which of the following strategies would be the most effective in addressing this issue? Install more advanced antivirus software on all company computers. Increase the frequency of system-wide password changes. Implement a stricter internet usage policy and block access to all non-work-related websites. Conduct regular phishing simulations to test employee awareness and response.

Conduct regular phishing simulations to test employee awareness and response. Explanation Conducting regular phishing simulations is the most effective strategy. This approach not only tests the current level of employee awareness but also provides a practical, hands-on learning experience for employees. It allows you to identify who is most at risk and tailor your training accordingly. This method directly addresses the issue and helps to improve the overall security posture of the organization.

What is the primary goal of the containment phase of cybersecurity incident management during an incident response lifecycle? (Select two.) Reintegrate the system into the business process it supports with the cause of the incident eradicated. Remove all traces of the incident from affected systems. Limit the immediate impact of the incident while securing data and notifying stakeholders. Analyze the incident and responses to identify whether procedures or systems could be improved. Notify stakeholders and identify other reporting requirements.

Containment focuses on: Limiting immediate impact of the incident from spreading further and minimizing its impact on both data and business operations. The necessity of notifying stakeholders and identifying other reporting requirements.

As a cybersecurity expert, you are tasked with advising a company on best practices for managing browser data to maintain security and privacy. Which of the following is the MOST crucial step to take? Regularly update the browser. Use incognito mode for all browsing. Clear your private data regularly. Only visit HTTPS websites.

Correct Answer: Clear your private data regularly. Clearing your private data regularly is the correct answer. Regularly clearing private data, such as browsing history, cookies, cached images, and files, can help prevent unauthorized access to this information and protect user privacy.

When evaluating privacy laws, what provides a comprehensive overview of the types of handled data? Data inventories Due diligence Attestation and acknowledgment Data retention

Data Inventories Data inventories provide a comprehensive overview of the types of handled data, the purposes for processing, the legal basis, and the recipients of the data to ensure transparency and accountability.

Planning to store data from various global branches, an international company is assessing the legal and regulatory compliance requirements for data storage and usage. What should the organization consider in its analysis of government requirements? Data transfer rules Geographic restrictions Data sovereignty Local privacy laws

Data sovereignty Data sovereignty is the concept that data is subject to the laws and governance structures within the nation the company collects data. Complying with data sovereignty laws is crucial for an international company storing data from different locations.

You are the chief information officer (CIO) of a large corporation. Your company has been relying on a single vendor for its entire IT infrastructure for the past five years. Recently, this vendor has been facing financial difficulties and there are rumors of a potential bankruptcy. What should be your immediate course of action? Start diversifying your vendor portfolio to ensure business resilience. Negotiate lower prices with the current vendor due to their financial difficulties. Ignore the rumors and continue business as usual. Immediately switch to another vendor to avoid potential disruptions.

Start diversifying your vendor portfolio to ensure business resilience. Diversifying your vendor portfolio ensures business resilience is the best choice. It mitigates the risk associated with vendor lock-in and ensures that your company's operations are not solely reliant on one vendor's products or services. If a vendor stops doing business, goes bankrupt, or experiences a significant disruption, having alternatives helps maintain business continuity.

Which of the following are features of an application-level gateway? (Select two.) Stops each packet at the firewall for inspection Reassembles entire messages Uses access control lists Verifies that packets are properly sequenced Allows only valid packets within approved sessions

Stops each packet at the firewall for inspection Reassembles entire messages Application-level gateways: Operate up to OSL Layer 7 (Application layer) Stop each packet at the firewall for inspection (no IP forwarding) Inspect encrypted packets, such as an SSL inspection Examine the entire content that is sent (not just individual packets) Understand or interface with the application-layer protocol Can filter based on user, group, and data (such as URLs within an HTTP request) Is the slowest form of firewall protection because entire messages are reassembled at the Application layer

A new hire has just joined the IT department of a large organization. The human resources (HR) department assigns the employee an initial set of credentials for accessing the company network. However, the new hire requires additional access to other systems within the company network. Given this context, which of the following represents the MOST accurate example of implementing the principle of least privilege in this organization? The IT department grants full admin rights to the new hire after their first request. The IT department waits for a request from HR before granting any access to the new hire. The IT department provides access to only a specific system requested by the new hire. The IT department automatically grants the new hire access to all systems upon joining.

The IT department provides access to only a specific system requested by the new hire. Explanation The principle of least privilege states that users should only have access to the resources necessary for their job roles.

Which of the following is a bare-metal hypervisor that runs directly on server hardware without requiring an additional underlying operating system and is primarily used for data center virtualization? VMware Fusion VMware Horizon VMware ESXi VMware Workstation

VMware ESXi is correct because it is a bare-metal hypervisor that runs directly on server hardware without requiring an additional underlying operating system. It is primarily used for data center virtualization.

In the process of obtaining a digital certificate, which entity may a certificate authority rely on to perform the validation of the certificate signing request (CSR)? Online Certificate Status Protocol Certificate revocation list Registration authority Root authority

Registration authority Registration authority is the correct answer. Registration authority (RA) is an entity that is certified by a root certificate authority and is authorized to issue certificates for specific uses only. The RA can perform the validation of the certificate signing request (CSR) on behalf of the certificate authority.

Which of the following is a disadvantage of Software Defined Networking (SDN)? SDN standards are still being developed. SDN facilitates communication between hardware from different vendors. SDN gathers network information and statistics. SDN creates centralized management.

SDN standards are still being developed. Some of the disadvantages of SDN include: Still a newer technology Lack of vendor support Standards are still being developed Centralized control opens a new target for security threats

Which type of group can be used for controlling access to objects? Security Distribution DACL Authorization

Security Only security groups can be used for controlling access to objects.

In a multinational corporation, employees across various departments regularly access many cloud-based applications to fulfill their tasks efficiently. The company's security team is grappling with managing user credentials securely and efficiently across these diverse platforms. They are actively looking to improve user authentication and streamline access to these applications while ensuring robust security measures are in place. In this scenario, what technology should the company implement to enable single sign-on (SSO) capabilities and ensure secure authentication across its diverse cloud-based applications? Remote Authentication Dial-In User Service (RADIUS) Security Assertion Markup Language (SAML) Lightweight Directory Access Protocol (LDAP) Virtual private network (VPN)

Security Assertion Markup Language (SAML) Security Assertion Markup Language (SAML) enables secure SSO across various applications by exchanging authentication and authorization data between parties through an extensible markup language (XML)-based protocol.

Which of the following roles would be MOST likely to use a protocol analyzer to identify frames that might cause errors? Standard user Network administrator Malicious hacker Security operations team

Security operations team The network security operations (SecOps) team can use a protocol analyzer during a vulnerability assessment. The protocol analyzer can help the SecOps team to: Identify frames that might cause errors. For example, the network administrator can:Determine which flags are set in a TCP handshake.Detect any malformed or fragmented packets. This would indicate that someone is trying to get around the firewall. Discover passwords and other sensitive data being sent in cleartext. Find any open network ports that should not be open.

A router on the border of your network detects a packet with a source address that is from an internal client, but the packet was received on the internet-facing interface. This is an example of which form of attack? Spamming Spoofing Sniffing Snooping

Spoofing Explanation This is an example of spoofing. Spoofing is the act of changing or falsifying information in order to mislead or re-direct traffic. In this scenario, a packet received on the inbound interface cannot receive a valid packet with a stated source that is from the internal network.

You manage information systems for a large co-location data center. Networked environmental controls are used to manage the temperature within the data center. These controls use embedded smart technology that allows them to be managed over an internet connection using a mobile device app. You are concerned about the security of these devices. What can you do to increase their security posture? (Select two.) Install anti-malware software on each device. Enroll each device in a mobile device management (MDM) system. Install the latest firmware updates from the device manufacturer. Verify that your network's existing security infrastructure is working properly. Rely on the device manufacturer to maintain device security with automated firmware updates.

Install the latest firmware updates from the device manufacturer. Verify that your network's existing security infrastructure is working properly. Since you generally have little or no control over the embedded technology within smart environmental control devices, they are referred to as static environments. As a result, there is typically very little you can do to increase the security posture for these types of devices. For environmental controls, you may be able to perform the following, depending upon the device manufacturer: Install the latest firmware updates from the device manufacturer. Verify that your network's existing security infrastructure is working properly. Because these devices operate in a static environment, you typically can't install third-party software on them, including anti-malware scanners or mobile device management (MDM) agents.

As a network administrator for a tech startup, you are tasked with improving the efficiency of a single system that runs multiple applications. The system is currently experiencing performance issues due to the applications competing for network resources. Which type of network virtualization would be the most appropriate solution in this scenario? Virtual Local Area Network (VLAN) Internal network virtualization Virtual Private Network (VPN) External network virtualization

Internal Network Virtualization Internal network virtualization is correct. This type of virtualization configures a single system with software containers, or pseudo-interfaces, to emulate a physical network with software. This can improve a single system's efficiency by isolating applications to separate containers or pseudo-interfaces, thus reducing competition for network resources.

A cyber team implements new hardening techniques after a data loss prevention (DLP) audit revealed increased data exfiltration. What is a tenet of host-based firewalls? It describes software tools that monitor and protect individual hosts. It provides controls for incoming and outgoing network traffic. It uses signature-based detection and anomaly detection. It requires deploying and configuring specialized software agents.

It provides controls for incoming and outgoing network traffic. Host-based firewalls provide controls for incoming and outgoing network traffic and are essential for detecting potential attacks. An important technique for using them when hardening endpoints involves implementing default-deny policies to block all traffic unless explicitly allowed.

In a company, different departments actively access various cloud-based applications and services to perform their tasks efficiently. The company's security team has concerns about the growing complexity and risks of managing user credentials across multiple platforms. To address this concern proactively, the team implements a modern authentication solution that actively provides single sign-on (SSO) capabilities, ensuring enhanced user convenience and security. In this scenario, which technology should the organization proactively employ for federation and enabling SSO capabilities effectively across the diverse range of cloud-based applications? Open Authorization (OAuth) Role-based access control (RBAC) Lightweight Directory Access Protocol (LDAP) Public key infrastructure (PKI)

Open Authorization (OAuth) In this scenario, the organization uses Open Authorization (OAuth) for federation, allowing secure authorization and delegation of user access to third-party applications without exposing user credentials.

A growing e-commerce company wants to implement a strategy that evenly distributes incoming traffic across multiple servers without constantly monitoring server loads or making adjustments based on real-time conditions. Which strategy should this company implement to manage load distribution in this manner? Active load balancing Passive load balancing Active Server Pages Active Directory

Passive load balancing Explanation Passive load balancing distributes client requests evenly across servers without considering their current loads. This method aligns with the company's desire to manage load distribution without constantly monitoring real-time conditions.

As a digital forensics investigator, you are tasked with investigating a potential data breach in your organization. You suspect that a sophisticated malware has infiltrated the system and is deleting its traces from the hard drive after executing its operations. Which of the following steps would be the MOST effective in capturing the evidence of this malware's activity? Running a full system antivirus scan. Conducting a network traffic analysis. Checking the system's event logs. Performing a system memory dump.

Performing a system memory dump. Explanation Performing a system memory dump is the correct answer. A system memory dump involves capturing the contents of the system's RAM. Since the suspected malware is running and then deleting its traces, its activities would be present in the system memory. A memory dump would provide a snapshot of the system's state at a particular point in time, including the activities of all running processes, which would provide the necessary evidence.