CompTIA Security+ Final Assessment (40)
A primary target for a hacker gaining access to a network is user passwords. Consider the file locations where Windows and Linux each store passwords and determine which of the following is NOT used for password storage.
%SystemRoot%\System32\Drivers\etc\hosts
An organization requires that a file transfer occurs on a nightly basis from an internal system to a third-party server. IT for both organizations agree on using FTPS. Which configurations does IT need to put in place for proper file transfers? (Select all that apply.)
A. Configure the use of port 990 C. Negotiate a tunnel prior to any exchanged commands
Identify the type of attack where malware forces a legitimate process to load a malicious link library.
A. DLL injection
Evaluate which of the following solutions would most effectively mitigate vulnerabilities that might arise when outsourcing code development.
A. Have one vendor develop the code, and a different vendor perform vulnerability and penetration testing.
An attacker compromises a confidential database at a retailer. Investigators discover that unauthorized ad hoc changes to the system were to blame. How do the investigators describe the attack vector in a follow-up report? (Select all that apply.)
A.Configuration drift D. Shadow IT
A hacker gains access to a database of usernames for a target company and then begins combining common, weak passwords with each username to attempt authentication. The hacker conducts what type of attack?
A.Password spraying
A systems administrator realizes the need to scale a server for high availability purposes. Which approaches does the administrator utilize to scale out the system? (Select all that apply.)
Add an additional CPU Add additional RAM
A business is setting up new network devices. Compare the permissions allocated to each account and determine which type of account is most appropriate for the installation of device drivers.
Administrator/Root account
A power outage disrupts a medium-sized business, and the company must restore systems from backups. If the business can resume normal operations from a backup made two days ago, what metric does this scenario represent?
Recovery Point Objective (RPO)
While preparing a disaster recovery plan, management at a company considers how far back it can allow for the loss of data. Which metric does management use to describe this business essential data in terms of recovery?
Recovery point objective
Compare the advantages and disadvantages of certificate revocation versus suspension and select the scenario that presents the best argument for certificate revocation.
A banking website's private key may have been compromised.
A new IT administrator accidently causes a fire in the IT closet at a small company. Consider the disaster types and conclude which types this event might classify as. (Select all that apply.)
Man-made Internal
An organization considers installing fingerprint scanners at a busy entry control point to a secure area. What concerns might arise with the use of this technology? (Select all that apply.).
Fingerprint scanning is relatively easy to spoof. Surfaces must be clean and dry.
Which statement describes a key distinction between an intentional and unintentional threat actor?
B. An intentional threat actor has intent and motivation to attack; whereas, an unintentional threat actor acts out of negligence.
A security team uses passive scanning to gather information and data related to a suspected rogue system on a network. By using passive scanning, what type of information does the team gather?
B. Indirect evidence
Select the correct simulation of a Virtual Desktop Infrastructure (VDI) deployment.
C. A company replaces all desktop computers with thin clients the employees use to log into VMs stored on the company server.
After several users call to report dropped network connections on a local wireless network, a security analyst scans network logs and discovers that multiple unauthorized devices were connecting to the network and overwhelming it via a smartphone tethered to the network, which provided a backdoor for unauthorized access. How would this device be classified?
C. A rogue access point (AP)
A junior engineer suspects there is a breached system based on an alert received from a software monitor. The use of the alert provides which information to the engineer?
C. IoC
An organization hires a pen tester. The tester achieves a connection to a perimeter server. Which technique allows the tester to bypass a network boundary from this advantage?
C. Pivoting
An end-user has enabled cookies for several e-commerce websites and has started receiving targeted ads. The ads do not trouble the user until, when trying to access an e-commerce site, the user gets several pop-up ads that automatically redirect the user to suspicious sites the user did not intend to visit. What is the most likely explanation for this phenomenon?
C. Spyware has infected the user's computer.
During a cyber incident response exercise, a blue team takes steps to ensure the company and its affiliates can still use network systems while managing a simulated threat in real-time. Based on knowledge of incident response procedures, what stage of the incident response process is the blue team practicing?
Containment
A new security technician is tasked with sanitizing data on solid state drives (SSD). The technician first uses a degaussing magnet, and then pulverizes the drives with a hammer. What is the likely result of this sanitization attempt?
Degaussing fails to destroy media on the SSD, and pulverization by hammer may leave a significant amount of data recoverable.
A server operates an intrusion detection system (IDS) that enables a system administrator to verify that key system files match authorized versions. This illustrates what IDS implementation and feature?
Host-based intrusion detection system (HIDS) with file integrity monitoring (FIM)
Compare the components found in a virtual platform and select the options that accurately differentiate between them. (Select all that apply.)
Hypervisors are Virtual Machine Monitors (VMM) and guest operating systems are Virtual Machines (VM). Hypervisors facilitate interactions with the computer hardware and computers are the platform that hosts the virtual environment.
What phases of the Incident Response Process involves determining if an attack happened and mitigating its effects? (Select all that apply.)
Identification Containment
Which of the following statements illustrates an advantage that a self-encrypting drive (SED) offers over full disk encryption (FDE)?
In a self-encrypting drive (SED), the drive controller, rather than the operating system (OS), controls cryptographic functions.
A software engineer develops an application that includes routines to check whether user input meets conformity standards to reduce the application's potential attack surface. The engineer conducts which secure coding technique?
Input validation
A web server receives data from an application. It appears that passing this data causes an issue that evolves into an overflow at the destination. What process on the receiving server should be investigated?
Input validation
Compare and contrast methods used by Kerberos and Public Key Infrastructure (PKI) to authenticate users and identify the true statement.
Kerberos uses timestamps and PKI does not.
Management at a financial firm assembles an incident response team. This team is responsible for handling certain aspects of recovery and remediation following a security incident. Which roles are appropriate to include on the team? (Select all that apply.)
Legal HR PR
The IT director at a financial institution grants account permissions using an access control list (ACL). This illustrates what type of security control?
Preventative
A guard station deploys a new security device to use to access a classified data station. The installation technician tests the device's sensitivity to speed and pressure. Which type of behavioral technology is the technician testing for?
Signature recognition
What exploitation method targets near field communication (NFC) devices?
Skimming
A security information and event management (SIEM) handler's dashboard provides graphical representations of user profile trends. The graphic contrasts standard user activity with administrative user activity and flags activity that deviates from these clusters. This graphical representation utilizes which trend analysis methodology?
Statistical deviation analysis
An engineer implements a security solution to protect a domain. The engineer decides on DNS Security Extensions (DNSSEC) to prevent spoofing. Which features does the engineer rely on for protection? (Select all that apply.)
Zone Signing Key RRset package Key Signing Key
A technology firm suffers a large-scale data breach, and the company suspects a disgruntled former IT staff member orchestrated the breach to exfiltrate proprietary data. During the forensic investigation, a hard disk was not signed out when handled. Examine the scenario and determine what issue this oversight is most likely to cause in the investigative process.
The chain of custody is under question.
An employee suspected of storing illicit content on a company computer discovers a plan to investigate, so the employee tries to hide evidence of wrongdoing. The employee deletes the illicit files and attempts to overwrite them. If a forensics investigation can discover the lost files, which statement best describes how?
The forensics investigator can retrieve fragments of deleted or overwritten files.
After a break-in at a government laboratory, some proprietary information was stolen and leaked. Which statement best summarizes how the laboratory can implement security controls to prevent future breaches?
The laboratory needs to take corrective action and should implement both physical and preventative controls in the future.
A company follows a bring your own device (BYOD) mobile implementation. What is an ideal solution the company can use to overcome some of the security risks involved with employee-supplied devices?
Virtual desktop infrastructure (VDI)
Which statements describe why devices on an enterprise network should disable Wi-Fi tethering? (Select all that apply.)
Wi-Fi tethering functionality can circumvent data loss prevention measures. Wi-Fi tethering functionality can circumvent web content filtering policies