CompTIA Security+ CE
Input validation
A developer writes code for a new application, and wants to ensure protective countermeasures against the execution of SQL injection attacks. What secure coding technique will provide this?
Signature-based
An administrator deploys a basic network intrusion detection (NID) device to identify common patterns of attacks. What detection method does this device use?
ACL
An administrator navigates to the Windows Firewall with Advanced Security. The inbound rules show a custom rule, which assigned the action, "Allow the connection" to all programs, all protocols, and all ports with a scope of 192.168.0.0/24. This is an example of what type of security setting?
Geographical dispersal
An application requires continuity of operations within a 24 hour period due to the command and control capabilities it maintains. The failover site must be physically separated from the program office and be available within the required timeframe with live data. Which of the following redundancy solutions best meets the failover requirement?
-A rainbow table -A dictionary word
An attacker can exploit a weakness in a password protocol to calculate the hash of a password. Which of the following can the attacker match the hash to, as a means to obtain the password? (Select all that apply.)
Cross-site scripting (XSS)
An attacker discovered an input validation vulnerability on a website, crafted a URL with additional HTML code, and emailed the link to a victim. The victim unknowingly defaced (vandalized) the web site after clicking on the malicious URL. No other malicious operations occurred outside of the web application's root directory. This scenario is describing which type of attack?
DLL injection
An attacker escalated privileges to a local administrator and used code refactoring to evade antivirus detection. The attacker then allowed one process to attach to another and forced the operating system to load a malicious binary package. What did the attacker successfully perform?
A buffer overflow
An attacker gained remote access to a user's computer by exploiting a vulnerability in a piece of software on the device. The attacker sent data that was too large for an area of memory that the application reserved to store expected data. What type of vulnerability did the attacker exploit?
A Remote Access Trojan (RAT)
An attacker installs Trojan malware that can execute remote backdoor commands, such as the ability to upload files and install software to a victim PC. What type of Trojan malware is this?
-Computer Bots, -Command & Control
An attacker is planning to setup a backdoor that will infect a set of specific computers at an organization, to inflict a set of other intrusion attacks remotely. Which of the following will support the attackers' plan? (Select all that apply.)
Application attack
An attacker is preparing to perform what type of attack when the target vulnerabilities include headers and payloads of specific application protocols?
Cross-site Request Forgery (XSRF)
An attacker modified the HTML code of a legitimate password-change web form, then hosted the .html file on the attacker's web server. The attacker then emailed a URL link of the hosted file to a real user of the web page. Once the user clicked the link, it changed the user's password to a value the attacker set. Based on this information, what type of attack is the website vulnerable to?
Server-side request forgery
An attacker submitted a modified uniform resource locator (URL) link to a website that eventually established connections to back-end databases and exposed internal service configurations. The attacker did not hijack a user to perform this attack. This describes which of the following types of attacks?
Bluesnarfing
An attacker used an exploit to steal information from a mobile device, which allowed the attacker to circumvent the authentication process. The mobile device is vulnerable to which of the following attacks?
-Boost the signal -Locate the offending radio source and disable it.
An attacker used an illegal access point (AP) with a very strong signal near a wireless network. If the attacker performed a jamming attack, which of the following would mitigate this type of network disruption? (Select all that apply.)
-DNS Security Extensions
An authoritative server for a zone creates a Resource Records Set (RRSet) signed with a zone signing key. From the following Domain Name System (DNS) traits and functions, what does this scenario demonstrate?
Offline
An aviation tracking system maintains flight records for equipment and personnel. The system is a critical command and control system that must maintain an availability rate of 99% for key parameter performance. The cloud service provider (CSP) guarantees a failover to multiple zones if an outage occurs. In addition to the multi-zonal cloud failover, what backup solution would allow the system to maintain data locally?
Replay attack
An intruder monitors an admin's unsecure connection to a server and finds some required data, like a cookie file, that legitimately establishes a session with a web server. Knowing the admin's logon credentials, what type of attack can the intruder perform with the cookie file?
-A solution that is known as zone-redundant storage. -Access is available if a single data center is destroyed. -NOT Safeguards data in the event of an outage covering a large area -NOT Replicas are often located in separate fault domains.
An organization moves its data to the cloud. Engineers utilize regional replication to protect data. Review the descriptions and conclude which ones apply to this configuration. (Select all that apply.)
SRTP
An organization uses a Session Initiation Protocol (SIP) endpoint for establishing communications with remote branch offices. Which of the following protocols will provide encryption for streaming data during the call?
A shim
By compromising a Windows XP application that ran on a Windows 10 machine, an attacker installed persistent malware on a victim computer with local administrator privileges. What should the attacker add to the registry, along with its files added to the system folder, to execute this malware?
Spyware infected the computers.
End-users at an organization contact the cybersecurity department. After downloading a file, they are being redirected to shopping websites they did not intend to navigate to, and built-in webcams turn on. The security team confirms the issue as malicious, and notes modified DNS (Domain Name System) queries that go to nefarious websites hosting malware. What most likely happened to the users' computers?
Use 802.1p header.
Users are reporting jittery video communication during routine video conferences. What can a system administrator implement to improve video quality and overall use of the network bandwidth?
LDAP injection
Using an open connection to a small company's network, an attacker submitted arbitrary queries on port 389 to the domain controllers. The attacker initiated the query from a client computer. What type of injection attack did the attacker perform?
-Determine where to place access points -Survey a site for signal strength NOT Restrict SSID overlap NOT Stop electromagnetic interference
What are the benefits of using Wi-Fi heat maps for wireless networks? (Select all that apply.)
NOT Configure active/passive settings.
What can a system administrator configure on two load balanced servers to achieve a round-robin configuration?
Provide secure access to DMZ servers.
What is a jump server commonly used for?
Skimming
What type of attack is occurring when a counterfeit card reader is in use?
Python script
A Linux systems admin reported a suspicious .py file that ran on a daily schedule after business hours. The file includes shellcode that would automate Application Programming Interface (API) calls to a web application to get information. What type of script is executing this shellcode?
Tunnel Transport
A Transport Layer Security (TLS) Virtual Private Network (VPN) requires a remote access server listening on port 443 to encrypt traffic with a client machine. An IPSec (Internet Protocol Security) VPN can deliver traffic in two modes. One mode encrypts only the payload of the IP packet. The other mode encrypts the whole IP packet (header and payload). These two modes describe which of the following? (Select all that apply.)
Configure VPC endpoint interface.
A cloud administrator connects two separate cloud server instances on Amazon Web Services (AWS). How does the administrator configure the instances with private IP addresses without using an Internet gateway?
Split segments between VPCs
A cloud customer prefers separating storage resources that hold different sets of data in virtual private clouds (VPCs). One of those data sets must comply with Health Insurance Portability and Accountability Act (HIPAA) guidelines for patient data. How should the customer configure these VPCs to ensure the highest degree of network security?
Spike in API calls 78% average error rate
A cloud service provider (CSP) dashboard provides a view of all applicable logs for cloud resources and services. When examining the application programming interface (API) logs, the cloud engineer sees some odd metrics. Which of the following are examples that the engineer would have concerns for? (Select all that apply.)
Revert to known state
A company has implemented a Virtual Desktop Infrastructure (VDI) where the user's desktop operates as a Virtual Machine (VM) on a centralized server. When users log off the machine, any changes made at the VM level are not saved. Which means for ensuring non-persistence has been implemented?
NOT Load balancer
A company hosts internal web servers between two firewalls: one firewall at the edge network and another near the internal gateways. These web servers provide multiple services to employees on the road. A recent security audit advised the company to find ways to further secure connections between remote clients and these internal web servers. Which of the following will satisfy the security advice?
NOT The provider must update the firmware and security patches of physical servers. NOT The company must establish separation of duties mechanisms. The provider is responsible for the availability of the software.
A company is looking into integrating on-premise services and cloud services with a cloud service provider (CSP) using an Infrastructure as a Service (IaaS) plan. As a cloud architect works on architectural design, which of the following statements would NOT apply in this case?
Message authentication Block source routed packets NOT SNMP trap collections NOT IPv6 on clients
A company is renovating a new office space and is updating all Cisco routers. The up-to-date Internetwork Operating System (IOS) will provide the best protection from zero-day exploits. What other options could a network administrator configure for route security? (Select all that apply.)
SAN
A company requires a means of managing storage centrally and the ability to share the storage with multiple hosts where users can access data quickly, with little to no latency. Which of the following storage architectures would best meet the company's needs?
Allow list
A company set up controls to allow only a specific set of software and tools to install on workstations. A user navigates to a software library to make a selection. What type of method prevents installation of software that is not a part of a library?
CASB NOT IaaS
A company would like to deploy a software service to monitor traffic and enforce security policies in their cloud environment. What tool should the company consider using?
UPS
A data center needs to ensure that data is not lost at the system level in the event of a blackout. Servers must stay operable for at least an eight-hour window as part of the response and recovery controls implemented. Which redundancy effort should be put in place to ensure the data remains available?
-Uses lightweight shellcode -Uses low observable characteristic attacks
A fileless malicious software can replicate between processes in memory on a local host or over network shares. What other behaviors and techniques would classify malware as fileless rather than a normal virus? (Select all that apply.)
Domain Name System (DNS) client cache poisoning
A hacker corrupted the name:IP records held on the HOSTS file on a client, to divert traffic for a legitimate domain to a malicious IP address. What type of attack did the hacker perform?
Password spraying attack
A hacker is trying to gain remote access to a company computer by trying brute force password attacks using a few common passwords in conjunction with multiple usernames. What specific type of password attack is the hacker most likely performing?
Hardware root of trust
A laptop arrives at the company technology lab with a private key embedded, providing full disk encryption. When matched with a public key, what does this system provide?
CASB
A large firm requires better control over mobile users' access to business applications in the cloud. This will require single-sign on and support for different device types. What solution should the company consider using?
Network
A low level distributed denial of service (DDoS) attack that involves SYN or SYN/ACK flooding describes what type of attack?
By using VBA code
A malicious actor is preparing a script to run with an Excel spreadsheet as soon as the target opens the file. The script includes a few macros designed to secretly gather and send information to a remote server. How is the malicious actor accomplishing this task?
A Man-in-the-Middle attack
A malicious user sniffed credentials exchanged between two computers by intercepting communications between them. What type of attack did the attacker execute?
NAS
A network administrator is installing a device that uses Redundant Array of Independent Disks (RAID) technologies for redundancy and provides employees remote access so that files can be accessed anywhere. The device does not require licensing and stores data at the file level. Which device is the employee likely installing in the infrastructure?
-Block TCP ports -Allow network protocols
A network administrator set up a stateless firewall using an open-source application running on a Linux virtual machine. The immediate benefit to this setup is that it was easy to set up quickly with basic rules. What other reasons may have influenced the administrator's decision to deploy a stateless, rather than a stateful, firewall? (Select all that apply.)
Broadcast storms
A network engineer is plugging in new patch cables and wants to prevent inadvertent disruptions to the network while doing so. What will the engineer prevent if Spanning Tree Protocol (STP) is configured on the switches?
A rogue access point (AP)
A security analyst's scans and network logs show that unauthorized devices are connecting to the network. After tracing this down, the analyst discovered a tethered smartphone creating a backdoor to gain access to the network. Which of the following describes this device?
PowerShell script
A security engineer examined some suspicious error logs on a Windows server that showed attempts to run shellcode to a web application. The shellcode showed multiple lines beginning with Invoke-Command. What type of script is the suspicious code trying to run?
-Pass the hash -Replay attack
A security engineer implemented once-only tokens and timestamping sessions. What type of attacks can this type of security prevent? (Select all that apply.)
A worm
A security operations center (SOC) analyst investigates the propagation of a memory-resident virus across the network and notices a rapid consumption of network bandwidth, causing a Denial of Service (DoS). What type of virus is this?
Prevent malicious traffic between VMs Protection from zero day attacks
A small organization operates several virtual servers in a single host environment. The physical network utilizes a physical firewall with NIDS for security. What would be the benefits of installing a Host Intrusion Prevention System (HIPS) at the end points? (Select all that apply.)
Control diversity
A startup company adds a firewall, an IDS, and a HIPS to its infrastructure. At the end of the week, they will install HVAC in the server room. The company has scheduled penetration testing every month. Which type of layered security does this represent?
Managed PDUs
A system engineer can monitor and control voltage factors in a data center. The engineer can make critical decisions on the center's energy consumption and load balancing. Which device is the engineer likely using to make these decisions?
Vendor diversity
A system engineer enhances the security of a network by adding firewalls to both the external network and the internal company network. The firewalls are products of two separate companies. This is an example of what type of security control practice?
Take a snapshot of the server before installing on the server.
A system engineer has tested a new application in the lab, and wants to deploy the application on a production server. The server is a virtual machine that processes and stores live data for company employees. Which of the following is the BEST approach for deploying the new application on the server?
-NOT Disk -NOT NAS -NOT SAN -Must be Tape
A system engineer is researching backup solutions that are inexpensive and can store large amounts of data offline. The backup solution must be portable and maintainable for a certain length of time defined in the company's backup recovery plan. Which of the following is the best backup solution?
NOT Stores additional data with hash
A tokenization process is a substitute for encryption when securing a database. What does tokenization do?
PUP (potentially unwanted program)
A user purchased a laptop from a local computer shop. After powering on the laptop for the first time, the user noticed a few programs like Norton Antivirus asking for permission to install. How would an IT security specialist classify these programs?
The user installed Trojan horse malware.
A user used an administrator account to download and install a software application. After the user launched the .exe extension installer file, the user experienced frequent crashes, slow computer performance, and strange services running when turning on the computer. What most likely happened to cause these issues?
HTTP Strict Transport Security (HSTS) Content Security Policy (CSP) Cache-Control
A web administrator notices a few security vulnerabilities that need to be addressed on the company Intranet site. The portal must force a secure browsing connection, mitigate script injection, and prevent caching on shared client devices. Determine the secure options to set on the web server's response headers. (Select all that apply.)
Revealing database server configuration
A web application's code prevents the output of any type of information when an error occurs during a request. The development team cited security reasons as to why they developed the application in this way. What sort of security issues did the team have concerns about in this case?
LDAPS
A web server will utilize a directory protocol to enable users to authenticate with domain credentials. A certificate will be issued to the server to setup a secure tunnel. Which protocol is ideal for this situation?
NOT Set up perimeter DMZ.
Cloud engineers are considering network segmentation options that will provide the most security between services on the cloud platform. Which of the following would ensure this type of network security is within the cloud? (Select all that apply.)
-Regional replication -High availability NOT Next-generation secure web gateway NOT Microsegmentation
Cloud service providers make services available around the world through a variety of methods. The concept of a zone assumes what type of service level? (Select all that apply.)
Establish a guest zone Upload files using SSH Use configuration templates
Consider the principles of web server hardening and determine which actions a system administrator should take when deploying a new server. (Select all that apply.)
Next-generation secure web gateway
Determine a solution that can combine with a cloud access security broker (CASB) to provide a wholly cloud-hosted platform for client access?
Race condition
Developers found a "time of check to time of use" (TOCTTOU) vulnerability in their application. The vulnerability made it possible to change temporary data created within the app before the app uses the data later. This vulnerability is taking advantage of what process in the application?
A logic bomb
During an internal investigation, a security specialist discovered a malicious backdoor script on a system administrator's machine that executes if the admin's account becomes disabled. What type of malware did the specialist discover?
-WPA2, and not WPA, supports an encryption algorithm based on the Advanced Encryption Standard (AES) instead of the version of RC4 "patched" with the Temporal Key Integrity Protocol (TKIP). -WPA2, and not WPA, uses the Advanced Encryption Standard (AES) cipher with 128-bit keys.
Evaluate and select the differences between WPA and WPA2. (Select all that apply.)
-Domain reputation -URL redirections
External hackers have some access to a company's website and made some changes. Customers have submitted multiple complaints via email for wrong orders and inappropriate images on the website. The Chief Information Officer (CIO) is now worried about the distribution of malware. The company should prepare for which of the following other issues or concerns? (Select all that apply.)
Development
Following a secure deployment methodology for custom applications, early code testing would run in which type of environment?
Clone it.
How can an attacker make unauthorized use of acquired user and account details from a user's smart card?
-NOT "The operating system" -NOT "Software"
How can the lack of logic statement tests on memory location variables be detrimental to software in development?
-Launch a Distributed Denial of Service (DDoS) attack -Establish a connection with a Command and Control server -Launch a mass-mail spam attack
If a user's computer becomes infected with a botnet, which of the following can this compromise allow the attacker to do? (Select all that apply.)
Have up-to-date backups.
If a user's device becomes infected with crypto-malware, which of the following is the best way to mitigate this compromise?
Resource policies
If managed improperly, which of the following would be most detrimental to access management of cloud-based storage resources?
Directory services
Implementing Lightweight Directory Access Protocol Secure (LDAPS) on a web server secures direct queries to which of the following?
Provision SSO access.
Management has set up a feed or subscription service to inform users on regular updates to the network and its various systems and services. The feed is only accessible from the internal network. What else can systems administrators do to limit the service to internal access?
-Source routing -Route injection -Software Exploits NOT Traffic Blocking
Select the vulnerabilities that can influence routing. (Select all that apply.)
HTML5
Systems administrators want to set up a way for remote administration from home. Rather than installing a software agent, the solution should use an underlying technology that is available to an application, such as a web browser. Which option would best support these requirements?
Disk encryption
The IT team has purchased a few devices that are compatible with the Trusted Computing Group Security Subsystem Class called Opal. Which of these device specifications will take advantage of Opal's security features?
S/MIME
The administrator in an exchange server needs to send digitally signed and encrypted messages. What should the administrator use?
-Key Discovery -Improper error handling
The latest web application, using default settings, is currently accepting application programming interface (API) calls over HyperText Transfer Protocol (HTTP). The environment has a moderate key management system. Even with basic server security, the API connection is vulnerable to which of the following? (Select all that apply.)
Refactoring
Through what method can malware evade antivirus software detection, so that the software no longer identifies the malware by its signature?
Layer 7
When implementing a native-cloud firewall, which layer of the Open Systems Interconnection (OSI) model will require the most processing capacity to filter traffic based on content?
Scalability
When workload heavily increased, a company maintained service performance by manually installing an additional load balanced server. What feature of the IT architecture allowed this to occur?
RAID-10
Which Redundant Array of Independent Disks (RAID) combines mirroring and striping and is the better option for mission critical applications?
A rainbow table attack
Which of the following attacks do security professionals expose themselves to, if they do not salt passwords with a random value?
-Resource exhaustion -Denial of service (DoS) -Amplification
Which of the following conditions are results of a SYN (synchronize) flood attack? (Select all that apply.)
NOT Normalization
Which of the following practices would help mitigate mistaken assumptions of applying coding techniques that will secure the code of an internal application for a company?
FTPES
Which of the following protocols would secure file transfer services for an internal network?
Measured Boot
Which of the following would secure an endpoint and provide attestation signed by a trusted platform module (TPM)?
-WPA3 -SAE
Which wireless configuration provides the most up-to-date and secure way of connecting wireless devices to an office or home network? (Select all that apply.)
IV attacks
Wi-Fi Protected Access (WPA) fixes critical vulnerabilities in the earlier wired equivalent privacy (WEP) standard. Understanding that WPA uses a combination of an RC4 stream cipher and Temporal Key Integrity Protocol (TKIP), this makes a wireless access point NOT vulnerable to which of the following attacks when related to encrypted wireless packets?
