CompTIA Security+ Guide 8

A company currently uses passwords for logging in to company-owned devices and wants to add a second authentication factor. Per corporate policy, users are not allowed to have smartphones at their desks. Which of the following would meet these requirements? A. Smart card B. PIN code C. Knowledge-based question D. Secret key

A

A company wants to pragmatically grant access to users who have the same job. Which of the following access controls should the company most likely use? A. Role-based B. Need-to-know C. Mandatory D. Discretionary

A

A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops. No known indicators of compromise have been found on the network. Which of the following should the team do first to secure the environment? A. Contain the impacted hosts. B. Add the malware to the application blocklist. C. Segment the core database server. D. Implement firewall rules to block outbound beaconing.

A

A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality? A. SSO B. LEAP C. MFA D. PEAP

A

A security analyst is assessing several company firewalls. Which of the following tools would the analyst most likely use to generate custom packets to use during the assessment? A. hping B. Wireshark C. PowerShell D. netstat

A

A systems administrator is auditing all company servers to ensure they meet the minimum security baseline. While auditing a Linux server, the systems administrator in etc and shadow file observes file has permissions beyond the baseline recommendation. Which of the following commands should the systems administrator use to resolve this issue? A. chmod B. grep C. dd D. passwd

A

An administrator receives the following network requirements for a data integration with a third-party vendor: #722 Which of the following is the most appropriate response for the administrator to send? A. FTP is an insecure protocol and should not be used. B. Port 8080 is a non-standard port and should be blocked. C. SSH protocol version 1 is obsolete and should not be used. D. Certificate stapling on port 443 is a security risk that should be mitigated.

A

An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned, one of the batch jobs failed and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring? A. Job rotation B. Retention C. Outsourcing D. Separation of duties

A

Which of the following is a common source of unintentional corporate credential leakage in cloud environments? A. Code repositories B. Dark web C. Threat feeds D. State actors E. Vulnerability databases

A

Which of the following is a reason why a forensic specialist would create a plan to preserve data after an incident and prioritize the sequence for performing forensic analysis? A. Order of volatility B. Preservation of event logs C. Chain of custody D. Compliance with legal hold

A

Which of the following are common VoIP-associated vulnerabilities? (Choose two). A. SPIM B. Vishing C. VLAN hopping D. Phishing E. DHCP snooping F. Tailgating

AB

A security team received the following requirements for a new BYOD program that will allow employees to use personal smartphones to access business email:• Sensitive customer data must be safeguarded.• Documents from managed sources should not be opened in unmanaged destinations.• Sharing of managed documents must be disabled.• Employees should not be able to download emailed images to their devices.• Personal photos and contact lists must be kept private.• IT must be able to remove data from lost/stolen devices or when an employee no longer works for the company.Which of the following are the best features to enable to meet these requirements? (Choose two.) A. Remote wipe B. VPN connection C. Biometric authentication D. Device location tracking E. Geofencing F. Application approve list G. Containerization

AG

A hosting provider needs to prove that its security controls have been in place over the last six months and have sufficiently protected customer data. Which of the following would provide the best proof that the hosting provider has met the requirements? A. NIST CSF B. SOC 2 Type 2 report C. CIS Top 20 compliance reports D. Vulnerability report

B

A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system. Which of the following would detect this behavior? A. Implementing encryption B. Monitoring outbound traffic C. Using default settings D. Closing all open ports

B

A privileged user at a company stole several proprietary documents from a server. The user also went into the log files and deleted all records of the incident. The systems administrator has just informed investigators that other log files are available for review. Which of the following did the administrator most likely configure that will assist the investigators? A. Memory dumps B. The syslog server C. The application logs D. The log retention policy

B

A recent vulnerability scan revealed multiple servers have non-standard ports open for applications that are no longer in use. The security team is working to ensure all devices are patched and hardened. Which of the following would the security team perform to ensure the task is completed with minimal impact to production? A. Enable HIDS on all servers and endpoints. B. Disable unnecessary services. C. Configure the deny list appropriately on the NGFW. D. Ensure the antivirus is up to date.

B

A security engineer is working to address the growing risks that shadow IT services are introducing to the organization. The organization has taken a cloud-first approach and does not have an on-premises IT infrastructure. Which of the following would best secure the organization? A. Upgrading to a next-generation firewall B. Deploying an appropriate in-line CASB solution C. Conducting user training on software policies D. Configuring double key encryption in SaaS platforms

B

A security team has been alerted to a flood of incoming emails that have various subject lines and are addressed to multiple email inboxes. Each email contains a URL shortener link that is redirecting to a dead domain. Which of the following is the best step for the security team to take? A. Create a blocklist for all subject lines. B. Send the dead domain to a DNS sinkhole. C. Quarantine all emails received and notify all employees. D. Block the URL shortener domain in the web proxy.

B

A software company adopted the following processes before releasing software to production:• Peer review • Static code scanning • Signing A considerable number of vulnerabilities are still being detected when code is executed on production. Which of the following security tools can improve vulnerability detection on this environment? A. File integrity monitoring for the source code B. Dynamic code analysis tool C. Encrypted code repository D. Endpoint detection and response solution

B

An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given all the developer's documentation about the internal architecture. Which of the following best represents the type of testing that will occur? A. Bug bounty B. White-box C. Black-box D. Gray-box

B

Following a recent security breach, an analyst discovered that user permissions were added when joining another part of the organization but were not removed from existing groups. Which of the following policies would help to correct these issues in the future? A. Service accounts B. Account audits C. Password complexity D. Lockout policy

B

In a rush to meet an end-of-year business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective. Which of the following BEST describes the security engineer's response? A. Risk tolerance B. Risk acceptance C. Risk importance D. Risk appetite

B

Which of the following would be best suited for constantly changing environments? A. RTOS B. Containers C. Embedded systems D. SCADA

B

A company is designing the layout of a new data center so it will have an optimal environmental temperature. Which of the following must be included? (Choose two.) A. An air gap B. A cold aisle C. Removable doors D. A hot aisle E. An IoT thermostat F. A humidity monitor

BD

The following IP information was provided to internal auditors to help assess organizational security: #704 Which of the following tools would most likely be used to perform network reconnaissance and help understand what is accessible to all users? (Choose two.) A. ipconfig B. ping C. chmod D. netstat E. traceroute F. route

BE

A company's public-facing website, https://www.organization.com, has an IP address of 166.18.75.6. However, over the past hour the SOC has received reports of the site's homepage displaying incorrect information. A quick nslookup search shows https://www.organization.com is pointing to 151.191.122.115. Which of the following is occurring? A. DoS attack B. ARP poisoning C. DNS spoofing D. NXDOMAIN attack

C

A new company wants to avoid channel interference when building a WLAN. The company needs to know the radio frequency behavior, identify dead zones, and determine the best place for access points. Which of the following should be done first? A. Configure heat maps. B. Utilize captive portals. C. Conduct a site survey. D. Install Wi-Fi analyzers.

C

A newly identified network access vulnerability has been found in the OS of legacy IoT devices. Which of the following would best mitigate this vulnerability quickly? A. Insurance B. Patching C. Segmentation D. Replacement

C

A security administrator received an alert for a user account with the following log activity: #749 Which of the following best describes the trigger for the alert the administrator received? A. Number of failed log-in attempts B. Geolocation C. Impossible travel time D. Time-based log-in attempt

C

An employee receives an email stating the employee won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm employee's identity before sending the prize. Which of the following best describes this type of email? A. Spear phishing B. Whaling C. Phishing D. Vishing

C

In which of the following scenarios is tokenization the best privacy technique to use? A. Providing pseudo-anonymization for social media user accounts B. Serving as a second factor for authentication requests C. Enabling established customers to safely store credit card information D. Masking personal information inside databases by segmenting data

C

Which of the following describes the exploitation of an interactive process to gain access to restricted areas? A. Persistence B. Port scanning C. Privilege escalation D. Pharming

C

A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would best detect the presence of a rootkit in the future? A. FDE B. NIDS C. EDR D. DLP

C (Endpoint Detection and Response)

A certificate vendor notified a company that recently invalidated certificates may need to be updated. Which of the following mechanisms should a security administrator use to determine whether the certificates installed on the company's machines need to be updated? A. SCEP B. OCSP C. CSR D. CRL

D

A company wants to reconfigure an existing wireless infrastructure. The company needs to ensure the projected WAP placement will provide proper signal strength to all workstations. Which of the following should the company use to best fulfill the requirements? A. Network diagram B. WPS C. 802.1X D. Heat map

D

A local business was the source of multiple instances of credit card theft. Investigators found that most payments at this business were made at self-service kiosks. Which of the following is the most likely cause of the exposed credit card Information? A. Insider threat B. RAT C. Backdoor D. Skimming E. NFC attack

D

A penetration-testing firm is working with a local community bank to create a proposal that best fits the needs of the bank. The bank's information security manager would like the penetration test to resemble a real attack scenario, but it cannot afford the hours required by the penetration-testing firm. Which of the following would best address the bank's desired scenario and budget? A. Engage the penetration-testing firm's rea-team services to fully mimic possible attackers. B. Give the penetration tester data diagrams of core banking applications in a known-environment test. C. Limit the scope of the penetration test to only the system that is used for teller workstations. D. Provide limited networking details in a partially known-environment test to reduce reconnaissance efforts.

D

A security analyst is reviewing SIEM logs during an ongoing attack and notices the following: #708 Which of the following best describes the type of attack? A. SQLi B. CSRF C. API attacks D. Directory traversal

D

A security team created a document that details the order in which critical systems should be brought back online after a major outage. Which of the following documents did the team create? A. Communication plan B. Incident response plan C. Data retention policy D. Disaster recovery plan

D

An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC's memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack? A. Privilege escalation B. Buffer overflow C. SQL injection D. Pass-the-hash

D

An organization is building a single virtual environment that will host customer applications and data that require availability at all times. The data center that is hosting the environment will provide generator power and ISP services. Which of the following is the best solution to support the organization's requirement? A. NIC teaming B. Cloud backups C. A load balancer appliance D. UPS

D

Local guidelines require that all information systems meet a minimum security baseline to be compliant. Which of the following can security administrators use to assess their system configurations against the baseline? A. SOAR playbook B. Security control matrix C. Risk management framework D. Benchmarks

D

The Chief Technology Officer of a local college would like visitors to utilize the school's Wi-Fi but must be able to associate potential malicious activity to a specific person. Which of the following would best allow this objective to be met? A. Requiring all new. on-site visitors to configure their devices to use WPS B. Implementing a new SSID for every event hosted by the college that has visitors C. Creating a unique PSK for every visitor when they arrive at the reception area D. Deploying a captive portal to capture visitors' MAC addresses and names

D

The local administrator account for a company's VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have prevented this from happening? A. Using least privilege B. Changing the default password C. Assigning individual user IDs D. Implementing multifactor authentication

D

Which of the following ensures an organization can continue to do business with minimal interruption in the event of a major disaster? A. Business recovery plan B. Incident response plan C. Communication plan D. Continuity of operations plan

D

Which of the following is most likely associated with introducing vulnerabilities on a corporate network by the deployment of unapproved software? A. Hacktivists B. Script kiddies C. Competitors D. Shadow IT

D

A security analyst needs to harden access to a network. One of the requirements is to authenticate users with smart cards. Which of the following should the analyst enable to best meet this requirement? A. CHAP B. PEAP C. MS-CHAPv2 D. EAP-TLS

D (Extensible Authentication Protocol-Transport Layer Security)

Which of the following are the most likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company's final software releases? (Choose two). A. Certificate mismatch B. Use of penetration-testing utilities C. Weak passwords D. Included third-party libraries E. Vendors/supply chain F. Outdated anti-malware software

DE

A security administrator manages five on-site APs. Each AP uses different channels on a 5GHz network. The administrator notices that another access point with the same corporate SSID on an overlapping channel was created. Which of the following attacks most likely occurred? A. Jamming B. NFC attacks C. Disassociation D. Bluesnarfing E. Evil twin

E